CYBER ADAPT DETECTION CAPABILITIES
Delivering Industry Leading Cybersecurity Detection Solutions
Here at CyberadAPT we leave no stone unturned when it comes to providing the most up to date and relevant detections in the ever-evolving threat landscape. That means we source detections from a variety of sources including reputable 3rd parties, open source feeds, dark web investigations, machine learning, and through emerging threat research and custom detection writing. Utilizing these sources we are able to achieve advanced detection capability via anomaly detection, heuristics, and behavioral analytics which allow our platform to catch even zero day threats early on in the threat life cycle. Below you will find some examples of the types of threats Cyber AdAPT is APT to detect in your environment.
Trojans and Viruses
A type of malicious code or software that looks legitimate but can take control of your computer. A trojan is designed to damage, disrupt, steal or in general inflict some other harmful action on your data or network. A computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
Microsoft Tech Support Scam Landing Pages
Tech support scams are an industry-wide issue where scammers use scare tactics to trick users into paying for unnecessary technical support services that supposedly fix contrived device, platform, or software problems.
Wordpress Plugin Cross-Site Scripting
Cross-site scripting (XSS) is a security vulnerability typically found in web applications. It allows an attacker to execute potentially malicious script code in the website visitor’s browser.
FakeAV Landing Pages
Fake Anti-Virus (AV) software masquerades as a legitimate security product with the goal of deceiving victims into paying registration fees to seemingly remove malware from their device. Analysis of 240 million web pages collected by Google’s malware detection infrastructure over a 13 month period discovered over 11,000 domains involved in Fake AV distribution.
Exploits and Malware
An exploit is code or a program that exploits a weakness in an application or system. Malware is malicious software used in activity such as corrupting a system, demanding ransom, or steeling sensitive data.
Exploit kits are automated tools popular with cybercriminals to silently exploit vulnerabilities on victim's machines while they are browsing. The goal is to download and execute some type of malware. Nuclear is an exploit kit that checks for vulnerabilities in operating systems, web browsers, and browser plugins to allow them to launch an exploit specific to the identified vulnerability.
Underminer is an exploit kit used by cybercriminals to infect systems with a cryptocurrency mining malware called Hidden Mellifera. Underminer uses RSA encryption to protect its exploit code and deter traffic from being replayed allowing it to hide its malicious content. Underminer represents the persistence and continued evolution of exploit kits despite not being the go-to tool for cyber criminals.
What makes SunDown a particulary relevant threat is its capability of fileless malware infection. This is possible through its use of a PowerShell loader. The upgraded loader in this new version is now capable of collecting a profile of the victim’s environment and sending the information to the exploit kit server.
An exploit kit such as Rig usually starts off with a threat actor compromising a website to inject a malicious script/code that eventually redirects would-be victims to the exploit kit’s landing page.
Magnitude gained increased public attention after the kit was used in an advertising attack on Yahoo. Criminals purchased ad space on Yahoo, and used the ads to redirect visitors to domains hosting the Magnitude landing page. From there, the kit would attempt to exploit vulnerabilities in Java in order to deliver malware.
The Fallout exploit kit, first spotted in February by team nao sec, continues to infect users by weaponizing itself with various exploits hosted on GitHub. Most notably, it has been using the recent Flash Player exploit, CVE-2018-15982.
The Hunter exploit kit attempts to exploit victim's who visit malicious websites with various vulnerabilities found in Microsoft, Oracle, and Adobe. The Hunter exploit kit comes with a lower price tag than previously well-known EKs. This low-end tool with potential for high return makes it very attractive to cyber criminals looking to capitalize on known vulnerabilities.
Malicious software designed to block access to a computer system until a sum of money is paid.
CryptoWall is a highly destructive piece of ransomware on Microsoft Windows that takes the user's data hostage with RSA-2048 encryption.
TeslaCrypt was a ransomware trojan. It is now defunct, and its master key was released by the developers.
The VegaLocker malware strain has provided the base for new ransomware-as-a-service (RaaS) Buran which is taking on competitors through discounted rates.
Chimera ransomware is distributed via malicious Dropbox links in phishing campaigns. When installed, it encrypts both local and network files. Chimera also attempts extortion on its victims.
The WannaCry ransomware attack was a May 2017 worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated through EternalBlue, an exploit developed by the United States National Security Agency (NSA) for older Windows systems.
Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting.
First observed in January of 2018, GandCrab ransomware is a type of malware that encrypts victims’ files and demands ransom payment in order to regain access to their data. GandCrab targets consumers and businesses with PCs running Microsoft Windows.
Cryptocurrency mining, or cryptomining, is a process in which transactions for various forms of cryptocurrency are verified and added to the blockchain digital ledger. In the malware world, one of the more prevalent current threats is mining botnet infections, in which user systems mine for cryptocurrency without the owners' knowledge and funds are channeled to the botnet master.
A Trojan.BitCoinMiner is a computer infection that silently runs on your computer while using your CPU or GPU resources to mine for digital currencies. As the value of cryptocurrencies, such as Bitcoin, rise, more and more criminals want to use your computer's resources to mine for them and generate revenue.
Primecoin Miner is a client used for distributed payment processing in a digital currency network. Unauthorised installations of Primecoin Miner can be used by remote attackers to earn commission for processing transactions.
A cybersecurity firm has discovered a new strain of Monero mining malware, which contains code that hides the miner from Task Manager.
XMRig is an open sourced Monero CPU Miner that was released in May 2017. Later, it was modified by threat actors to mine Monero cryptocurrency. This miner exploits vulnerable Windows, IIS, and Linux servers to mine Monero.
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices.