Business

Securing IoT, Not a Mission Impossible

At the McAfee MPOWER Cybersecurity Summit in Las Vegas on Oct. 18, I had the privilege of sharing the stage with Dr. Alissa Johnson, Xerox VP & Chief Information Security Officer (CISO) to discuss how those responsible for cybersecurity must consider threats to the IoT landscape as mission-critical components to their security strategy. I asked …

McAfee Labs

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

This post was researched and written by Christiaan Beek, Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which initially infected targets in Russia and the Ukraine. We are also investigating reports of infected systems in Germany, Turkey, and Bulgaria and will provide updates …

Business, Consumer, Executive Perspectives, McAfee Labs

NoMoreRansom – One year on!

One year on. It is fair to say that the No More Ransom project not only exceeded our expectations, but simply blew these initial expectations out of the water. A collaboration between six partners (McAfee, EC3, Dutch Police, Kaspersky Lab, AWS and Barracuda) has now grown to include more than 100 partners across the public and private sector. We often hear people talk about Public-Private Partnerships, but here is a true example of that commitment in action.

Executive Perspectives, McAfee Labs, Neutralize Threats, Technical How To

An Analysis of the WannaCry Ransomware Outbreak

Charles McFarland was a coauthor of this blog. Over the course of Friday, May 12 we received multiple reports of organizations across multiple verticals being victim to a ransomware attack. By Friday afternoon, McAfee’s Global Threat Intelligence system was updated to identify all known WannaCry samples and the company had delivered DAT signature updates to …

McAfee Labs

Mirai Botnet Creates Army of IoT Orcs

This post was based on analysis by Yashashree Gund and RaviKant Tiwari. There is a lot of speculation in the news about surveillance from home appliances, personal electronics, or other Internet of Things (IoT) devices. Although some statements may be hyperbole, we know that these devices, in homes and offices, are being compromised and used …

Business

Are Printers Becoming Yet Another IoT-Based Threat?

Over the past couple of months, a lot has been written about the Mirai botnet that was targeting vulnerable devices connected to the Internet. And based on the embedded password list, we can determine that the targets were diverse– from IP-camera’s, DVR’s, TV receivers, routers to printers. Printers? Yes, printers. Over the years, these devices …

Business, McAfee Labs

CHIPSEC Support Against Vault 7 Disclosure Scanning

Following recent WikiLeaks Vault 7 disclosures, including details regarding firmware vulnerabilities, there has been significant concern regarding the integrity of devices and operating systems used within society. As part of our commitment to provide technology that can preserve the integrity of devices we rely upon, we have developed a simple module for the CHIPSEC framework …

Business

UPDATE: Over 1000 InterContinental Hotels Become the Subject of Major Credit Card Breach

Update 4/25: The InterContinental Hotels Group has recently released data stating that now point-of-sale servers at more than 1,000 of its properties were compromised with the malware used to steal customer debit and credit card data. The article has been updated to reflect these new numbers. Original Story The InterContinental Hotels Group has found themselves dealing …

McAfee Labs

Spotlight on Shamoon

Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a further 15 disk-wiping Shamoon incidents …

Cloud Security

MongoDB Databases Hit by Wave of Data Extortion

During the past couple of weeks an attacker with the alias Harak1r1 has gone after MongoDB databases connected to the cloud. These old database instances were not protected by an administrator password, and were non-firewalled. Therefore, the attacker logged onto these databases, downloaded the content, then removed the content, and left a note demanding 0.2 …

McAfee Labs

Shamoon Rebooted in Middle East, Part 2

Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. The language of these three …

McAfee Labs

Shamoon Rebooted?

We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the usage of a wiper component that, once activated, destroyed the hard disks of infected machines. The initial infection vector for the recent attacks is …

McAfee Labs

‘McAfee Labs Threats Report’ Examines Whether Ransomware Is Coming to a Hospital Near You

Delivering uninterrupted services with immediate access to information is not an easy task. Doing it with legacy systems, a fragmented workforce, and inconsistent security is a monumental job. Unfortunately, this is the state of many hospitals, leading the criminal underground to their back doors. Ransomware attackers have shifted focus, moving from consumers to organizations with …

McAfee Labs

‘Wildfire’ Ransomware Extinguished by Tool From NoMoreRansom; Unlock Files for Free

McAfee and Kaspersky Lab, partners in the project NoMoreRansom, are pleased to announce today the availability of a decryption tool for victims of the Wildfire variant of ransomware. This tool is available following successful collaboration with the Dutch police and the European Cybercrime Centre. This strong public-private partnership has led to the seizure of criminal …

McAfee Labs

McAfee Teams With Industry, Law Enforcement to Thwart ‘Shade’ Ransomware

McAfee, Europol, Kaspersky Lab, and Dutch police have taken down the Shade ransomware botnet and captured encryption keys to unlock victims’ systems. Although we talk a great deal of the value of public-private partnerships in the fight against cybercrime, few events in the cybersecurity field are more inspiring than seeing such collaboration in action and scoring …