A wave of fileless malware is reported to have infected more than one hundred forty banks in forty countries. A bank's security team noticed Meterpreter code inside a domain controller's physical memory. Kaspersky researchers investigated and found PowerShell scripts within Windows registries. The attackers, apparently criminals, not state actors, extracted privileged credentials with the goal of compromising systems that control ATMs. Fileless attacks, which embed their code in legitimate tools already present in the victim's environment, are notably more difficult to detect than more traditional malware infestations.
Mirai has been modified into a version capable of spreading across Windows-based systems. According to Dr. Web, which discovered the variant, this new variety doesn't rope Windows systems into botnets. Rather, it propagates through Windows systems until it finds a vulnerable Linux device, which it then incorporates into a botnet. Observers expects to see new distributed denial-of-service attacks as Mirai and other tools continue to become commodities accessible to more criminals.
Ransomware remains the other popular criminal caper. Trend Micro reports that Remote Desktop Protocol brute force attacks are being used to distribute CRYSIS ransomware. SANS has an analysis of the distribution of CryptoShield through the RIG exploit kit.
More VC and M&A news: Forcepoint buys Imperva's Skyfence, Accenture acquires Endgame's Federal business, and both Exabeam and HackerOne receive substantial investments.
A US Federal grand jury yesterday released its indictment of former NSA contractor Harold Martin: twenty counts of willfull retention of sensitive information. Affected agencies include NSA, CYBERCOM, DoD, NRO, and CIA.