Black Hat – Windows isn’t the only mass casualty platform anymore

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars. In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. … More Black Hat – Windows isn’t the only mass casualty platform anymore

Industroyer2: Industroyer reloaded

This ICS-capable malware targets a Ukrainian energy company. Executive summary The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider. Key points: ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company The destructive actions were scheduled for 2022-04-08 but artefacts suggest that the attack had been planned … More Industroyer2: Industroyer reloaded

New Windows on ARM64 device? ESET protects both at work and at play

After the successful launch of its business-oriented siblings, ESET has extended its latest technology to home users/consumers and stands ready to protect their Windows on Arm-based devices with our award-wining full-featured products. Our development teams put a lot of effort into reengineering ESET’s already mature security technology for ARM-powered devices, which are increasingly used in both … More New Windows on ARM64 device? ESET protects both at work and at play

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor. ESET researchers have discovered a unique and previously undocumented loader for Windows binaries that, unlike other such loaders, runs as a server and executes received modules in memory. A loader is malicious code (a program) … More Wslink: Unique and undocumented malicious loader that runs as a server

ESET Research discovers ESPecter, a bootkit for cyberespionage

ESET researchers have discovered a previously undocumented real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which ESET has named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. ESPecter is the second discovery of a UEFI bootkit persisting on the ESP … More ESET Research discovers ESPecter, a bootkit for cyberespionage