Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 6 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

From zero-day exploits to rampant ‘ransomware’: how advanced targeted attacks evolved in Q2, 2017

by The Gurus
August 9, 2017
in Editor's News
Share on FacebookShare on Twitter

The second quarter of 2017 saw sophisticated threat actors unleash a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. Expert analysis of the last two suggests the code may have escaped into the wild before it was fully ready, an unusual situation for well-resourced attackers. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.
The months from April to end June witnessed significant developments in targeted attacks by, among others, Russian-, English-, Korean-, and Chinese-speaking threat actors. These developments have far-reaching implications for business IT security: sophisticated malicious activity is happening continuously almost everywhere in the world, increasing the risk of companies and non-commercial organisations becoming collateral damage in cyber warfare. The allegedly nation-state backed WannaCry and ExPetr destructive epidemics, whose victims included many companies and organisation across the globe, became the first but most likely not the last example of the new, dangerous trend.
Highlights in Q2, 2017 include:

  • Three Windows zero-day exploits being used in-the-wild by the Russian-speaking Sofacy and Turla threat actors. Sofacy, also known as APT28 or FancyBear, deployed the exploits against a range of European targets, including governmental and political organisations. The threat actor was also observed trying out some experimental tools, most notably against a French political party member in advance of the French national elections.
  • Gray Lambert – Kaspersky Lab has analysed the most advanced toolkit to date for the Lamberts group, a highly sophisticated and complex, English-speaking cyberespionage family. Two new related malware families were identified.
  • The WannaCry attack on 12 May and the ExPetr attack on 27 June. While very different in nature and targets, both were surprisingly ineffective as ‘ransomware’. For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction. Kaspersky Lab’s experts discovered further ties between the Lazarus group and WannaCry. The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.
  • ExPetr, targeting organisations in the Ukraine, Russia and elsewhere in Europe also appeared to be ransomware but turned out to be purely destructive. The motive behind the ExPetr attacks remains a mystery. Kaspersky Lab’s experts have established a low confidence link to the threat actor known as Black Energy.

“We have long maintained the importance of truly global threat intelligence to aid defenders of sensitive and critical networks. We continue to witness the development of overzealous attackers with no regard for the health of the Internet and those in vital institutions and businesses who rely on it on a daily basis. As cyberespionage, sabotage, and crime run rampant, it’s all the more important for defenders to band together and share cutting-edge knowledge to better defend against all threats,” said Juan Andres Guerrero-Saade, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.
The Q2 APT Trends report summarises the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.
For more information, please contact: [email protected]

FacebookTweetLinkedIn
Tags: cybersecurityKasperskyRansomwaretechwannacry
ShareTweet
Previous Post

Business Risk Profile: The Oil and Natural Gas Sector

Next Post

A ghost story – The haunting presence of an ex-employee

Recent News

Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023
UK Organisations lack clear path to achieve threat intelligence

UK Organisations lack clear path to achieve threat intelligence

June 6, 2023
A Roadmap for Becoming a Penetration Tester in 2023

A Roadmap for Becoming a Penetration Tester in 2023

May 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information