Since the APT28 group’s emergence in 2007, Bitdefender has become familiar with the backdoors used to compromise Windows and Linux targets, such as Coreshell, Jhuhugit and Azzy for the former OS or Fysbis for the latter. This year we have been able to finally isolate the Mac OS X counterpart - the XAgent modular backdoor. This whitepaper describes our journey in dissecting the backdoor and documenting it piece by piece.
Bitdefender detected and blocked an ongoing cyber-espionage campaign against Romanian institutions and other foreign targets.
When it comes to persistent Internet pests, spam is a veteran. Seemingly innocent, this old threat now delivers one of the newest, and most dangerous payloads yet – crypto ransomware. READ MORE
The new Petya ransomware seems to have been built with speed in mind, as to expedite the encryption process. While traditional ransomware encrypts files one by one, Petya encrypts the location containing all information about disk files, such as size, permissions, and data content, essentially preventing users from accessing all their data. Bitdefender was able to analyze the Petya ransomware and offer potential victims a tool that intercepts the encryption process and offers the decryption key, free of charge. Most importantly, the tool needs to be installed prior to being infected - not afterwards – in order to perform its function correctly.
Ransomware has been plaguing Windows PC for the past couple of years, but recently it seems to have developed platform-agnostic capabilities and has moved towards Linux and Android. While not yet as advanced as its Windows counterpart, Android ransomware can still cause massive headaches, disruptions and financial losses. Bitdefender Android telemetry shows the Android.Trojan.Slocker ransomware family ranked first in UK, German and Australian charts, based on the number of devices that reported it. Android ransomware could be considered more important than it's PC counterpart because mobile devices have access to and store a lot of personal and even corporate data that's usually not backed up. Losing that data or simply being denied access to it could be irreversible and users would be far more inclined to pay to recover their contacts, conversations, pictures and documents.
Bitdefender believes the IoT can reach its full potential only if interactions between users, devices, applications and the cloud are authentic and secure. In this light, researchers from Bitdefender Labs examined four Internet-connected consumer devices and found several common vulnerabilities. The analysis reveals that current authentication mechanisms of internet-connected devices can easily be bypassed to expose smart households and their inhabitants to privacy theft.
Biological viruses try to adapt to their surroundings to survive. Some fail, but some thrive, even spreading to become an epic epidemic. Cyber-threats are no different. In 2015, ransomware caused $350 million in damage, living up to its reputation as the most significant menace targeting Internet users and organizations to date. A study Bitdefender conducted in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim's perspective on data loss through crypto-ransomware. What motivates victims to pay up? How much do they value their data? What role does antivirus protection play in the problem-solving equation? READ MORE
The discovery of Stuxnet in the nuclear processing plant in Natanz, Iran laid the ground for a new family of cyber-attacks: advanced persistent threats. Although the term has since become highly popular, state-sponsored cyber-intelligence operations have been carried out since long before the advent of Stuxnet or Flamer; less known advanced persistent threats such as APT28 (or Sofacy) have been covertly running in Europe since 2007. To connect the dots between an identified attack and the state actor(s) behind it, companies like Bitdefender look for solid evidence inside the APT code or in the used communication infrastructure. The following report is a technical investigation of some particularities in the APT28 payload implementation that allowed us to link the threat to its operators.