DDoS and The Internet of Things

In the last few days, we heard a lot about the Mirai Internet-of-Things botnet, which caused a DDoS attack against Dyn. But Mirai is a relatively small botnet because the majority […]

November 3, 2016 by Alex Burt

RIG Exploit Kit says “I Do”

Cyphort Labs discovered a new attack campaign that links to malicious exploits from hijacked DNS servers of personal wedding websites. Personal wedding websites are used to aid in planning and communicating important details for a […]

October 24, 2016 by Nick Bilogorskiy

Buhtrap Malware: What Every Bank’s Security Team Needs To Know

In our recent blog, we talked about the delivery of Buhtrap by using compromised website and a recent web exploit. On this blog, we will focus on the second stage […]

October 13, 2016 by Paul Kimayong

Banking Malware Buhtrap Caught in Action

What is Buhtrap? Buhtrap is a criminal cyber hacking group that targets financial institutions. As reported by Group-IB, Buhtrap has been active since 2014. From August 2015 to February 2016, it managed to conduct 13 successful attacks against […]

September 23, 2016 by Dhruval Gandhi

Trik: A Bot With A Lot Up Its Sleeve

  Over the past couple of months, Cyphort Labs identified a new version of Trik bot. Our in-the-wild Top Threats identification shows this bot to be one of the top […]

August 2, 2016 by Paul Kimayong

Infected Site Installs TeamViewer

On June 30, 2016, Cyphort Labs discovered an infection via malvertising on the website trendystyleshop.com. According to Domain Tools, the site was registered in February 2016 under namecheap.com. What draw […]

July 6, 2016 by Paul Kimayong

New Angler Campaign Hacks 19 Websites, including UltraVNC

Cyphort Labs crawler monitors top sites around the world 24×7 to find cases of malicious code served via drive-by exploits. The crawler recently found a new Angler campaign that uses bootstrapcdn.org redirector and sends users […]

May 17, 2016 by Nick Bilogorskiy

Psychcentral.com infected with Angler EK: Installs bedep, vawtrak and POS malware

 On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral about this infection as early as […]

November 2, 2015 by Paul Kimayong

Malvertising on Pace for a Record-Breaking Year

Cyphort Labs crawler monitors top sites in the world 24×7 to find cases of malicious code served via drive-by exploits. Most of the sites we see serving exploits are not compromised themselves, but redirect […]

May 9, 2016 by Nick Bilogorskiy

Teepr.com: Yet Another Top Alexa Site Spreading Ransomware

***Update on May 19, 2016*** On Friday May 13, Cyphort Labs noticed that teepr[.]com has fallen again victim of malvertising and is redirecting visitors to Angler. After successful infection, the […]

April 28, 2016 by Dhruval Gandhi

yourstory.com: Top Alexa Web Site Spreads Locky Ransomware

On Friday Apr 6 2016, at 07:18:59 PDT, Cyphort Labs discovered that yourstory.com was infected with an exploit kit and was serving Locky ransomware. In this drive-by infection, the malware was encrypting […]

April 18, 2016 by Dhruval Gandhi

Want to See the Fabric in Action?

Schedule a live demo at your convenience, and we’ll show you exactly how the Adaptive Detection Fabric can protect your organization.