Antivirus is one of the main lines of defence when a user downloads a malicious file or an attacker has gained access to the computer and attempts to execute malware. Cybercriminals use various means to avoid an antivirus, using different tools and techniques depending on their type and functionalities. This article details the techniques commonly used, as well as the protective measures we should take to prevent attackers from executing malware on our computers.
The increase in industrial control systems and the shortcomings of those systems in cybersecurity measures have made such systems a preferred target of attacks. The number of tools designed to pose a threat to the OT sector has increased, and the use of the Incontroller tool is especially concerning.
Nobelium es la denominación de Microsoft para un grupo de atacantes que, según la atribución llevada a cabo por la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA) de Estados Unidos, pertenecen al Servicio de Inteligencia Exterior (SRV) de Rusia. Este grupo criminal es conocido por el ataque a la cadena de suministro de SolarWinds, y una campaña masiva de phishing haciéndose pasar por una empresa de desarrollo estadounidense.
Grandoreiro, also known as Delephant, is a banking trojan from South America, which has spread its operations to other regions, especially Europe, including Spain and Portugal. According to ESET researchers, it has been active since 2015, affecting countries in Latin America, mainly Brazil, where it was developed.
This post will analyse the vulnerabilities associated with Log4Shell, detected in the library Log4j, which is found in infinite software products both in technical and industrial fields. Although there have been other instances of more sophisticated vulnerabilities, the problem with this one is area of exposure.
The malicious code of the ransomware known as ‘Hive’ represents a threat to all users, as it implements encryption functionalities on the information in an infected computer, making simple recovery of the data impossible. This threat attempts to use extortion to recover the information, demanding a payment and threatening publication of part of the stolen information on a blog through the network Tor if the payment is not forthcoming.
Anatsa is a banking Trojan designed for Android devices that has become particularly relevant since its discovery in January 2021. Throughout the study, a detailed technical analysis of the threat is carried out using a sample of the malicious code in question to show how this malware behaves and the possibilities it offers.
Various studies with threat analysis or malware distribution campaigns affecting Spain and identified through incident management undertaken by INCIBE-CERT. The aim is to increase knowledge of the more technical details and characteristics of the threats so that organisations can implement appropriate detection and protection measures.