Ransomware, to this day, is one of the major threats to individual users seen on a daily basis in the form of Malspam. Recently, researcher Brad Duncan published to malware-traffic-analysis.net a report on a piece of Ransomware called Mole. Distributed by Malspam that spoofs United States Postal Service (USPS) status updates, the malware gains privilege escalation and encrypts user data.

Another attack wave directed at Israeli Organizations was reported by Morphisec and Palo Alto Networks on April 27^th. OilRig was initially discovered in May 2016, after two attack waves targeting financial institutions and technology organizations in Saudi Arabia were detected. OilRig is attributed to an Iranian APT cyber group, its namesake stemming from the Farsi word "Nafti," (Oily) also hardcoded into a number of analyzed malware samples discovered in 2016.

Internet-based advertising has been in wide use since the early 21st century. Its popularity grew in 2010 with the development of programmatic advertising. (Also referred to as automated advertainment) Here, you pay per ad view, which can be maliciously misused by counting machines and bots as actual viewers. Additional types of malicious use include accumulating web traffic and selling it to web traffic brokers, or engaging this traffic in semi-malicious programs like PUP. (Potentially Unwanted Programs)

GitHub is a platform used to share any type of code. For this reason, it’s an important part of research and information sharing within the cyber security field. Because it’s a part of this environment, it’s inevitable that malicious actors will try to infect users’ platforms with malware.

EITest is a campaign initially discovered in 2014 by Malwarebytes. It distributes malware (that uses iframes) through a flash file on a compromised site, followed by exploitation through an Exploit Kit. In the past, this campaign was used to distribute malware including Cerber, CryptoMix, CryptoShield, Gootkit and the Chthonic banking Trojan, all using various types of Exploit Kits.

CryptXXX and SoakSoak are huge threats individually.

We often analyze indictors of phishing-related compromise from techhelplist.com. These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

One of the most recent campaigns highlighting the importance of router security is Mirai (The botnet that had large scale attacks by infected IoT devices). Even before this, reports emphasized the importance and vulnerability of these devices. For example, Report by Malware Researcher Kafeine revealed the use of an exploit kit aimed to exploit routers. This method showed Google Chrome users were redirected to a malicious server that loaded code designed to determine router models. (While changing the DNS servers configured to the router)

The evolving threats targeted at mobile devices and the increasing number of campaigns targeted at financial institutions have joined forces and become a double threat in what have become known as the  The Emmental campaign.