ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
ElevenPaths Security and electronic signature for any enterprise ElevenPaths, Microsoft and Gradiant have collaborated to allow companies to benefit from an advanced platform for electronic signatures and digital certificate safekeeping, integrated with a cloud service for HSM...
ElevenPaths #CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack? A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution,...
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
ElevenPaths Monero says goodbye to the ASIC miners (at least for now) Last Friday, 6th April marked an important date for the community of Monero users and developers, as one of the cryptocurrencies led the defense of anonymity for its users. As already commented...
ElevenPaths Evrial, malware that steals Bitcoins using the clipboard… and the scammed scammers Evrial is the latest cryptocoin malware stealer, and uses the power to control the clipboard as its strongest bet to get “easy money”. Elevenpaths has took a deep...
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
ElevenPaths ElevenPaths #CyberTricks Last Thursday, November 30th, Cybersecurity Day was celebrated internationally. At ElevenPaths we continue with commemoration, so that we have collected some #CyberTricks from our experts (Chema Alonso, Pablo San...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
APTualizator (II): Deconstructing Necurs Rootkit and Tools for Detecting and Removing ItElevenPaths 18 February, 2020 This report has been drafted by Roberto Santos and Javier Rascón from the CSIRT-SCC (Security Cyberoperations Center) Research Team, in collaboration with ElevenPaths. At the end of June 2019, a big Spanish company was attacked and thousands of their computers were impacted. Such was the size of the attack that we were motivated to begin this investigation. In July 2019, we wrote an article on this issue: APTualizador (I). At that time we were struck because in a first quick analysis we observed that the sample downloaded the legitimate Windows security update KB3033929, although it did so from an unofficial server. In other words: it installed the legitimate file (signed by Microsoft) from an unofficial server. This second report will be focused on the technical aspects of the rootkit found. As a result of the investigation we identified this rootkit as a development of Necurs. This botnet (appeared in 2012) is one of the most persistent and largest in the world and it is estimated that it is made up of 6 million zombie computers −target computers around the world and controlled by attackers remotely. This report will consider in depth and from a technical perspective how malware manages to hide in the computer, analyzing the tools used and the code that controls this behavior. On the other hand, the communication protocol used is also analyzed. This has been modified since the first versions and IOCTL commands are no longer used. Instead, it is now based on reading / writing on Windows registry, turning the registry into a local covert channel. Our investigation ends with the release of two tools, NeCure and NeCsists, that allow detecting malware and disinfecting the machine. These tools have been developed after finding the means to exploit the techniques used by the attackers themselves, thanks to the study and analysis using reverse engineering techniques. Through this report, we have helped update the state of the art on the evolution of one of the most sophisticated rootkits so far. Conclusions and findings: An updated list including all functional commands that the rootkit may receive has been drawn. So far, only a very small number of them were known but if there were full lists, they were not updated. We have been able to develop tools that allow detection and disinfection. In addition, we make publicly available both this analysis and its source code. We show how Necurs has evolved into a business model of the type Malware as a Service that serves as an input vector for another malware and offers this service to other actors. Only this explains the existence of the keys that set a deadline and a maximum number of malware executions. Thanks to the comparison between blacklists (list of processes against which the rootkit protects itself) from previous and current versions, an active investigation work performed by attackers on the state of the art of antimalware solutions is drawn. Full report available here: The Telco Security Alliance Bolsters Threat Detection Capabilities Through Shared IntelligenceElevenPaths at RSA Conference 2020
Innovation and Laboratory Area in ElevenPaths CARMA: Our Free Research-Focused Set of Android Malware Samples Introducing CARMA, our free research-focused set of Android malware samples to enhance research into malware, adware and PUP detection.
Helene Aguirre Fake News and Cyberthreats in Times of Coronavirus Helene Aguirre tells you how cyberthreats never stop, even in the case of a global pandemic health alert.
SCC CyberThreats Service Covid-19. Threat and advice guide in cybersecurity Our experts from the SCC CyberThreats Service tell you about coronavirus risks related to misinformation and homeworking.
ElevenPaths CSAs 10 Tips for Secure Homeworking in Your Company We tell you ten measures you can take to make homeworking secure for your company, employees and customers.
ElevenPaths How to Detect and Protect Yourself from Phishing Attacks in Times of Coronavirus The overinformation caused by the huge amount of news we receive about coronavirus makes it harder to distinguish true from fake emails. This poses a great risk to people’s security, since it...
ElevenPaths Cybersecurity Trends Report for 2020 from ElevenPaths Discover the technologies and attacks that will most affect security in the coming months in this report.
