What Is Cyberwar? First in a Series
The term cyberwar pops up almost every day in public media. Regardless of its wide use, the term has been poorly explained. What does it mean? What are the principles framing and governing it? How does...
View ArticleClik here to view.
Cybercrime ‘Highlights’ of First Quarter 2014
As a supplement to the next McAfee Labs Threats Report, which will appear next month, we offer this timeline of leading cybercrime events that made news in the first quarter of 2014. January 2: A...
View ArticleClik here to view.
‘Google’ Apps for Sports Betting Target Korean Users
Online scammers are always seeking to trick victims into paying money. Sports betting is a common lure for online scams to attract those who enjoy the thrill of gambling on sports. Usually these...
View ArticleClik here to view.
Targeted Attacks, Stolen Certificates, and the Shiqiang Gang
The trend of attackers using stolen digital certificates to disguise their malicious executables is on the rise. The Shiqiang group is known to employ spear-phishing attacks against nongovernmental...
View ArticleClik here to view.
Narrowing the Breach Discovery Gap
Verizon’s recent release of the 2014 Data Breach Investigations Report (DBIR) provided its usual valuable insights into the state and scale of cyberattacks. But those of us who spend our waking hours...
View ArticleTime to Limit the Cyber Arms Race
We are in the middle of the biggest arms race since the Cold War, one that could lead to cyberwar, which we discussed in a recent post. Massive amounts of money are globally put into building...
View ArticleClik here to view.
Necurs, Zbot Droppers Use Obfuscated Windows XP Detection to Bypass Automated...
McAfee Labs has recently come across a number of malware samples that drop Zbot and Necurs rootkits. These use a discreet technique to intentionally crash Windows XP. Interestingly, the malware...
View ArticleIE 0-Day, More Like Every Day
Well that did not take long. Only weeks after Microsoft issued the end of life for Windows XP, a vulnerability surfaces that is also reported as being used by a “known gang of malicious hackers.” Of...
View ArticleClik here to view.
Iranian Keylogger Marmoolak Enters via Backdoor
Targeted attacks have several stages, sometimes called the APT kill chain. At McAfee Labs we prefer the model described by Lockheed Martin: As part of the weaponizing phase, attackers often put a...
View ArticleInformation Operations an Integral Part of Cyberwarfare
Weapons and the skills to use them are not the only decisive elements in warfare. Rhetoric and imagery are important, too. They are essential for constructing the good and the bad, legitimatizing one’s...
View ArticleIt’s ‘Game Over’ for Zeus and CryptoLocker
Under Operation Tovar, global law enforcement—in conjunction with the private sector and McAfee—has launched an action to dismantle the Gameover Zeus and CryptoLocker infrastructure. Disrupting the...
View ArticleDeterrence in Cyberspace Helps Prevent Cyberwar
Deterrence is an important part of warfare, often the most effective form of defending. Therefore, in the next couple of years we expect to see states reveal some of their offensive cyber capabilities...
View ArticleClik here to view.
“Sous les Jupes des Filles” il y a des Arnaques
Comme souvent avec l’arrivée des beaux jours, l’actualité cinématographique en France est riche et les comédies françaises cartonnent en salle. En parallèle, la recherche de ces films en téléchargement...
View ArticleThinking About Next-Generation Security and Cyberwarfare
Taking the cyberwar challenge seriously requires thinking outside our comfortable technology or national security boxes. Unfortunately—regardless of the lip service many decision makers pay to...
View ArticleClik here to view.
A Glance Into the Neutrino Botnet
Lately, we have seen a number of communications through our automated framework from the Neutrino botnet. While analyzing this botnet, we found that it has a number of anti-debugging, anti-virtual...
View ArticleClik here to view.
GameOver Zeus/Cryptolocker: Am I Still Infected?
It has been two weeks since the announcement by multiple global law enforcement agencies regarding the takedown of the communications infrastructure for the Trojans GameOver Zeus and Cryptolocker....
View ArticleProduct Coverage and Mitigation for ICSA-14-178-01 (Havex/ICS-Focused Malware)
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed...
View ArticleOperation Dragonfly Imperils Industrial Protocol
Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about the Stuxnet malware. In 2009, this particular strain of malware caused...
View ArticleClik here to view.
CryptoWall Ransomware Built With RC4 Bricks
Last month many Internet users were suddenly forced to trade in Bitcoins. This was not for general purposes–they were paying to get their data back. Their systems had been hijacked by ransomware....
View ArticleClik here to view.
Dofoil Downloader Update Adds XOR-, RC4-Based Encryption
The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a...
View Article
