A Microsoft Office 0-day vulnerability (CVE-2017-0199) that was disclosed just days ago is already being exploited by attackers associated with malware families such as Latentbot and WingBird. [Read More]
While malicious actors demanding ransoms is not new, the surge of organizations being targeted with fake extortion demands and empty threats is. Let’s look at how extortion campaigns are carried out through the “avenue of approach” lens.
Attackers have developed anti-VM analysis techniques to allow the malware to recognize when it is being run on a virtual machine and fail to execute, meaning the system or threat analytics cannot make a verdict determination or extract intelligence from the sample.