Business, McAfee Labs

CHIPSEC Support Against Vault 7 Disclosure Scanning

Following recent WikiLeaks Vault 7 disclosures, including details regarding firmware vulnerabilities, there has been significant concern regarding the integrity of devices and operating systems used within society. As part of our commitment to provide technology that can preserve the integrity of devices we rely upon, we have developed a simple module for the CHIPSEC framework …

McAfee Labs

Spotlight on Shamoon

Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a further 15 disk-wiping Shamoon incidents …

Cloud Security

MongoDB Databases Hit by Wave of Data Extortion

During the past couple of weeks an attacker with the alias Harak1r1 has gone after MongoDB databases connected to the cloud. These old database instances were not protected by an administrator password, and were non-firewalled. Therefore, the attacker logged onto these databases, downloaded the content, then removed the content, and left a note demanding 0.2 …

McAfee Labs

Shamoon Rebooted in Middle East, Part 2

Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. The language of these three …

McAfee Labs

‘McAfee Labs Threats Report’ Examines Whether Ransomware Is Coming to a Hospital Near You

Delivering uninterrupted services with immediate access to information is not an easy task. Doing it with legacy systems, a fragmented workforce, and inconsistent security is a monumental job. Unfortunately, this is the state of many hospitals, leading the criminal underground to their back doors. Ransomware attackers have shifted focus, moving from consumers to organizations with …

McAfee Labs

‘Wildfire’ Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free

Intel Security and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of …

Executive Perspectives

Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks

Sometimes the impact of an attack can extend well beyond the attack itself. Intel Security’s five-year threats projection report predicted that ransomware would become a major growth area, given higher ransom “returns” achievable from organizations suffering the potential loss from paralyzed organizational systems. By Q1 of 2016, these predictions have already come true. From February …

McAfee Labs

Targeted Ransomware No Longer a Future Threat

This post was written by Christiaan Beek and Andrew Furtak. In 2015, Intel Security investigated a ransomware campaign that targeted the financial sector of a certain country. This was the first time we had observed ransomware targeting a particular sector. The infection vector in that case involved a phishing campaign directed at multiple financial institutions. …

McAfee Labs

Ransomware Targets Healthcare Sector

When we develop threats predictions at Intel Security, I personally like to conduct some proper research and base my statements on indicators of what we have seen in the field and what we believe will increase in the next six to 12 months. In the McAfee Labs 2016 Threats Predictions, we stated that ransomware would …

McAfee Labs

A Case of Mistaken Identity? The Role of BlackEnergy in Ukrainian Power Grid Disruption

Recent reports of electricity outages across the Ukraine has led to significant speculation regarding the specific malware that was used to disrupt supplies. Intel Security’s approach in understanding this event included making contact with the impacted organization to offer our support and, where possible, retrieving data in order to analyze the true nature of the …

McAfee Labs

Ransomware: an Insight to Financial Gain

This week, joint research on the CryptoWall Version 3 family was released by the Cyber Threat Alliance. In Lucrative Ransomware Attacks: Analysis of the CryptoWall Version 3 Threat, Intel Security along with the other member of the CTA, researched the elements in the CryptoWall lifecycle, represented in the following graphic: Source: Cyber Threat Alliance, Lucrative …

McAfee Labs

McAfee Cyber Defense Center Zooms In on Middle East

From McAfee’s first Cyber Defense Center (CDC) in Dubai, we closely monitor threats and activities in Europe and the Middle East. Since the Center’s official launch in September 2013, we have seen  quite a few interesting trends, especially in the Persian Gulf region. Many of the activities spotted are related to hacktivism, cybercrime, or regional …