CYREN Security Blog




Virus Bulletin: Keeping Up with the Stegoloader Trojan

by John Callon

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

As CYREN’s GlobalView security cloud churns through billions of pieces of information every day, our researchers are busy examining how certain threats work in order to make the whole automated system continuously smarter.

Certain threats we find represent marked “advances" in intrusion techniques. A deep dive on the mechanics of one notable recent “advance" was published today by Virus Bulletin. Lordian Mosuela, one of our anti-malware experts, walks through a new development in the notorious history of the Stegoloader trojan, which was initially detected by CYREN last year as W32/Gatak and is used principally as a distribution vehicle for malware which steals sensitive information or installs the scourge of the moment, ransomware. 

The attention-grabbing aspect of this is a new method used to evade detection, giving us a “next gen” Stegoloader. The academic term of art for this new class of hiding technique is “digital steganography,” but we can just call it sinister and sneaky.

The article serves as another reminder that the cybercriminal enterprises behind these “products” are smart and sophisticated, and evolve their wares constantly as a market response. As Lordian notes, we are in an arms race, to which we at CYREN are applying not only massive cloud computing and big data heuristics, but some good old-fashioned sleuthing as well.

Malware Newsmakers of 2015

by Avi Turiel

Filed under Malware Analysis, Security Research & Analysis.

New and Old Malware are Showing Increasing Sophistication - Further Insights from CYREN's 2016 Cyberthreat Report

With as many as one million new malware threats being released each day, it comes as no surprise that many of these viruses are advanced and targeted. CYREN examined the various malware threats that appeared during 2015 and discovered some interesting trends, some new creations, and a few fashion makeovers.

CYREN's 2016 Cyberthreat Report: Malware Increases - But Phishing Explodes

by Simone Leyendecker

Filed under Email Security, Malware Analysis, Phishing, Security Research & Analysis, Spam.

The statistics about Android, phishing, malware and spam, published in CYREN's 2016 Cyberthreat Report, show a 55% annual increase in phishing and a steady upswing for malware in 2015. CYREN tracked 3.96 million active phishing URLs in 2015.

Not an April Fools’ Day Joke: Locky Ransomware

by Maharlito Aquino

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Locky is a new form of ransomware which has made headlines by holding three hospitals’ data hostage recently and encrypts a broad range of document and media formats before displaying ransom screens to infected users with payment instructions. A typical decrypt ransom is around $200 per infected system, with the Hollywood Presbyterian Medical Center in Los Angeles paying the equivalent of $17,000 in Bitcoin.  

Introducing CYREN's 2016 Cyberthreat Report

by Lior Kohavi

In this year's annual report, CYREN presents a series of notable threats, breaches, and cybercrime statistics detected by CYREN over the course of the last twelve months.

Using the power of automation and big data, CYREN rapidly identified and mitigated each of these threats, halting significant and powerful breaches with the potential to do irreparable damage to major global organizations.