February 2020

How PHP’s Labyrinth Weaponized WordPress Themes for Profit

New findings from Prevailion’s Tailored Intelligence team indicate the rapid expansion of a series of supply chain attacks that transform installations of the popular Wordpress content management system into hosts for a malicious advertising network. More than 20,000 web servers have been identified to be compromised in this campaign. WordPress has grown to become the backbone of 60% of content management systems, comprising 34% of all websites on the internet. This widespread user base and the ease in which a website can be personalized without knowledge of coding has created a fertile...

Free, trojanized WordPress themes lead to widespread compromise of web servers

Press

Over 20,000 web servers (and who knows how many websites) have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. ...

WordPress botnet deploys anti-adblocker script to make sure its spammy ads are profitable

Press

A threat actor that has infected more than 20,000 WordPress sites by running the same trick for at least three years: distributing trojanized versions of premium WordPress themes and plugins. ...

Indicators of Compromise are Dead — Introducing Evidence of Compromise

Context

The mission of Evidence of Compromise is simple: empower companies to audit and continuously monitor the security of their supply chains to an unprecedented degree, with the possibility of even predicting future breaches based on this real-time intelligence. Current methods of cyber risk management, incident response and risk modeling have failed to keep up with the growing sophistication and speed of cyber adversaries, which range from organized criminal groups to state-sponsored hackers. As geopolitical tensions increase around the world, they are accelerating the overall risk for the financial sector, as this industry remains...

The Impact of 5G to Consumers and Businesses: Will More Breaches Occur?

Press

5G is the next generation cellular network that will offer faster data speeds, less latency (lag time) and less interruption, said Karim Hijazi, CEO of Prevailion, a cyber intelligence company headquartered in Columbia, Maryland. ...

Prevailion Debuts New Global Cyber Infection Quarterly Report

Press

The Apex Report for Q4 2019 provides a snapshot of the top 10 industry sectors, including finance, healthcare and manufacturing, as well as a geographic breakdown across all major regions. ...

The Triune Threat: MasterMana Returns

Tailored Intelligence

Prevailion’s Tailored Intelligence team has discovered new campaigns associated with the Gorgon Group, suspected Pakistani based actors, who previously operated the MasterMana botnet. While this group relied upon an amalgamation of multiple open-source and commercially available tools, they have proven themselves to be highly capable. By utilizing various 3rd party websites and services, they are able to bypass common network defense mechanisms. Recently they have added new capabilities to evade host-based detection through encoding payloads and renaming file extensions. In some cases, they took a more audacious approach by incapacitating the Windows...

What is Evidence of Compromise?

Context

Evidence of Compromise (EoC) is a collection of forensic data that points to a confirmed malicious attack on a commercial, industrial or government network. ...

TA505 phishing campaign uses HTML redirectors to spread info stealer

Press

The cybercriminal group TA505 has reportedly changed up its tactics again, now engaging in phishing campaigns that leverage attachments with HTML redirectors in order to deliver Excel documents containing malware ...

How PHP’s Labyrinth Weaponized WordPress Themes for Profit

Free, trojanized WordPress themes lead to widespread compromise of web servers

WordPress botnet deploys anti-adblocker script to make sure its spammy ads are profitable

Indicators of Compromise are Dead — Introducing Evidence of Compromise

The Impact of 5G to Consumers and Businesses: Will More Breaches Occur?

Prevailion Debuts New Global Cyber Infection Quarterly Report

The Triune Threat: MasterMana Returns

What is Evidence of Compromise?

TA505 phishing campaign uses HTML redirectors to spread info stealer

Contact Us

Recent Insights

Hackers linked to Iran target WHO staff emails during coronavirus – sources

Marriott Attacked via Third-Party Vector, Exposing Info on 5.2 Million Customers

Third-Party Cyber Defense: A New Level of Control & Visibility by Tracking the Adversary

Prevailion CEO: Cyberattacks on Healthcare Won’t be Tolerated

About Prevailion