회사소개

제품

안내

고객지원

Company

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

mainslide-img01

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main02

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main03

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main04

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

mainslide-img01

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main02

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main03

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

npcore-main04

APT Defense No.1 Leader

Network & Endpoint Security Professional Company

News & Notice more +

Title Date
4,540 Ransomware incidents in first-half... Triple last year

KISA's trend report…58% of malware is Ransomware

The Nayana incident, which paid $ 1.2 million, will increase hackers demanding money in second-half.

▲ The photo shows the Integrated Control Center of KISA on June 28 when PETYA Ransomware infection case was found. In the first half of this year, the number of Ransomware incidents reported to the Korea Internet & Security Agency (KISA) was 4, 540, which is more than triple that of last year. Ransomware is a malware that requires money for recovery after encrypting important files. According to the "Q2 Cyber ​​Threat Trend Report" published by KISA on the 19th, Ransomware demage reports increased 3.6 times from 990 in 1Q to 3,550 in 2Q. The number of reported demages in first-half is 4,540, which is 3.2 times higher than last year's 1,438 cases. In 2015, there were 770 cases. Because the impact of powerful Ransomware such as WannaCry and Petya was huge. 255 of 436 malwares collected in 2Q were Ransomware. Ransomware's share is 58.5%, up 14.5% from 1Q(44%). And it was the second most common type of malware, accounting for 30% (130), which was 17.3% more than the previous quarter. The information extortion type malware is mainly used to collect prior information for targeting attack such as APT (Advanced Persistent Threat). ▲ Source from KISA In 1Q, the advanced fake way via spear phishing (targeting type) emails and shortcut icons was used to distribute malware. In 2Q, large-scale distribution using Windows vulnerability (SMB) was popular. Attackers used various infiltration ways such as spreading malware distributed itself using the latest vulnerabilities, and attacking the server directly. Meanwhile, hacker's command control (C&C) servers were the most in US in 2Q. It seems because hackers used the US commercial cloud as the C&C server. Russia and China followed US.. The number of high-risk vulnerabilities identified in Q2 reached 1,110, nearing double 671 in 1Q. The company that had the most vulnerabilities was Google accounting for 11% of the total. Among the 126 Google vulnerabilities, 119 vulnerabilities were related to mobile OS, Android. Microsoft (8%), Adobe (7%) and Apple (6%) followed Google. KISA predicted that APT attacks and malware distribution will be very popular in 3Q based on the information collected by information extortion type malware because of the surge of information extortion type malware in 2Q. Web hosting company Nanyana, demaged by Ransomware, paid $ 1.2 million to hackers, so KISA worried the cases that hackers demand money will increase. KISA said, "We should pay special attention to internal network security management to prevent malware such as Petya Ransomware spread to the internal network from infecting. Please keep security updates of the OS and software up to date and periodically back up." [ Source : Yonhapnews Go, Hyun Sil okko@yna.co.kr | 2017.07.19 | http://www.yonhapnews.co.kr/bulletin/2017/07/19/0200000000AKR20170719176300017.HTML ]
2017.07.19
'Jigsaw Ransomware', produced in Korea, was found...Can be spread by RaaS type
A variant Ransomeware of Jigsaw that displays a clown mask image of the horror movie 'Saw' and deletes the encrypted file over certain time and requires a Bitcoin for the user, has been found. As the Ransomware is estimated to be made by Korean developers, we should care about RaaS (service type of Ransomware) spread, which is specialized in Korean IT environment. This Ransomware, found by the EST Security Response Center (ESRC) on July 19, is similar to existing Jigsaw Ransomware in almost character excepting the display of the clown mask image. 109293_157435_2632.jpg ▲ Notice written in Korean According to ESRC, if this Ransomware succeed to infect, it displays a message on the PC screen and shows notice in Korean and dialogue type line by line and threatens to pay Bitcoin for decryption, similar to the movie 'Saw's scene that the criminal threatened hostage showing the message on TV. In addition, this Ransomware displays the sentence "Hey, let's start the game." and threatens to delete a hundred files repeatedly every 48 hours. This feature is the same as the movie's contents. 109293_157434_2632.jpg ▲ Korean(Hangul) included in source code The notice was made in perfect spoken Korean using interjection and emoticons, as the result of source code analysis, much Korean was found in annotation and folder path, etc., so it's estimated that Korean developer participated in development directly. However, until the time of the Ransomware analysis, the actual file encryption did not proceed, and various manufactural errors (bugs) were found, so this Ransomware seems to be a sample made for testing. Ransomware is becoming a new source of revenue for cyber attackers, and Ransomware attacks targeting S.Korea, the most wired country in the world, are increasing day by day. It is estimated that now Korean developer, familiar with the Korean circumstances, jumped on the Ransomware attack through this Ransomware, so a more advanced attack using Korean users' psychology and the characteristic can emerge in the future. [ Source : KINEWS Park, Geun Mo  | suhor@kinews.net | 2017.07.19 | http://www.kinews.net/news/articleView.html?idxno=109293 ]
2017.07.19
NPCore Signed Technical Distributor Contract with COREINFRA
▲ Han, Seung Chul, NPCore's CEO (left) and Kim, Jung Hoon, COREINFRA's CEO are taking a picture after signing a technical distributor contract. NPCore (CEO: Han, Seung Chul), an information security company, signed a technical distributor contract with COREINFRA (CEO : Kim, Jung Hoon), a telecom equipment consulting and maintenance company. COREINFRA will provide consulting and technical support for Zombie ZERO, an unknown APT / Ransomware dual defense solution based on behavior developed by NPCore with this distributor contract. NPCore, established in 2008, is specialized in APT and Ransomware defense solution and provides two-level defense against new/variant APT/Ransomware on network and endpoint. Existing security solutions (signature-based Anti-virus) cannot respond to APT (targeted attacking malware) and new / variant Ransomware such as WannaCry and Petya, and existing Sandbox technology is vulnerable to malware bypassing a virtual machine, new and variant Ransomware and attack through encryption section (SSL communication). To overcome these limitations, the importance of EDR (End Point Detection & Response) technology has been highlighted. In line with this, NPCore recently released 4 security products (▲ ZombieZERO EDR for APT, ▲ ZombieZERO EDR for Ransomware, ▲ ZombieZERO SECaaS (Security as a Service), ▲ ZombieZERO EDR for Server) for endpoints to provide network's security solutions against APT and Ransomware attacks as well as endpoint's security solutions, cloud type security solution and server's security solution. Kim, Jung Hoon, COREINFRA's CEO, said, "Through this contract, Zombie ZERO will become a important part of the cyber security business that responds to the APT and Ransomware attacks. I hope that Zombie ZERO combines with COREINFRA's consulting and technical support services efficiently and has a good synergy effect."
2017.07.18
NPCore invite you to 'RSA APJ 2017'!

NPCore invite you to 'RSA APJ 2017'!

This time, with APT & Ransomware defense products, NPCore will participate in the booth exhibition at the RSA APJ 2017 Conference in Marina Bay Sands, Singapore from July 26 to 28. If you are going to attend this conference, we'll be very grateful if you would stop by the E67 booth by referring to the conference's floor plan in the below. We attach a manual to guide you how to register as Free Visitor Pass for RSA APJ 2017 in advance. If you have any questions, please contact us anytime.
2017.07.13
Petya Ransomware similar to WannaCry attacks throughout the world again!
28hack1-master768.jpg ▲ Several companies have been affected by the Petya cyberattack, including, from left, Rosneft, the Russian energy giant; Merck, a pharmaceutical company; and Maersk, a shipping company. Left, Sergei Karpukhin/Reuters; center, Matt Rourke/Associated Press; right, Enrique Castro Sanchez/Agence France-Presse — Getty Images Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide. In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world, from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States, were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected. It was unclear who was behind this cyberattack, and the extent of its impact was still hard to gauge Tuesday. It started as an attack on Ukrainian government and business computer systems — an assault that appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union. The attack spread from there, causing collateral damage around the world. The outbreak was the latest and perhaps the most sophisticated in a series of attacks making use of dozens of hacking tools that were stolen from the National Security Agency and leaked online in April by a group called the Shadow Brokers. Like the WannaCry attacks in May, the latest global hacking took control of computers and demanded digital ransom from their owners to regain access. The new attack used the same National Security Agency hacking tool, Eternal Blue, that was used in the WannaCry episode, as well as two other methods to promote its spread, according to researchers at the computer security company Symantec. Petya Ransomware encrypts the Master Boot Record (MBR) area and force the system to reboot in a few minutes and the PC is not available. The National Security Agency has not acknowledged its tools were used in WannaCry or other attacks. But computer security specialists are demanding that the agency help the rest of the world defend against the weapons it created. “The N.S.A. needs to take a leadership role in working closely with security and operating system platform vendors such as Apple and Microsoft to address the plague that they’ve unleashed,” said Golan Ben-Oni, the global chief information officer at IDT, a Newark-based conglomerate hit by a separate attack in April that used the agency’s hacking tools. Mr. Ben-Oni warned federal officials that more serious attacks were probably on the horizon. The vulnerability in Windows software used by Eternal Blue was patched by Microsoft in March, but as the WannaCry attacks demonstrated, hundreds of thousands of groups around the world failed to properly install the fix. “Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president for security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.” Because the ransomware used at least two other ways to spread on Tuesday — including stealing victims’ credentials — even those who used the Microsoft patch could be vulnerable and potential targets for later attacks, according to researchers at F-Secure, a Finnish cybersecurity firm, and others. A Microsoft spokesman said the company’s latest antivirus software should protect against the attack. The Ukrainian government said several of its ministries, local banks and metro systems had been affected. A number of other European companies, including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency, also said they had been targeted. Ukrainian officials pointed a finger at Russia on Tuesday, although Russian companies were also affected. Home Credit bank, one of Russia’s top 50 lenders, was paralyzed, with all of its offices closed, according to the RBC news website. The attack also affected Evraz, a steel manufacturing and mining company that employs about 80,000 people, the RBC website reported. In the United States, the multinational law firm DLA Piper also reported being hit. Hospitals in Pennsylvania were being forced to cancel operations after the attack hit computers at Heritage Valley Health Systems, a Pennsylvania health care provider, and its hospitals in Beaver and Sewickley, Penn., and satellite locations across the state. The ransomware also hurt Australian branches of international companies. DLA Piper’s Australian offices warned clients that they were dealing with a “serious global cyber incident” and had disabled email as a precautionary measure. Local news reports said that in Hobart, Tasmania, on Tuesday evening, computers in a Cadbury chocolate factory, owned by Mondelez International, had displayed ransomware messages that demanded $300 in bitcoins. Qantas Airways’ booking system failed for a time on Tuesday, but the company said the breakdown was due to an unrelated hardware issue. The Australian government has urged companies to install security updates and isolate any infected computers from their networks. “This ransomware attack is a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches,” said Dan Tehan, the cybersecurity minister. “We are aware of the situation and monitoring it closely.” A National Security Agency spokesman referred questions about the attack to the Department of Homeland Security. “The Department of Homeland Security is monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners,” Scott McConnell, a department spokesman, said in a statement. Computer specialists said the ransomware was very similar to a virus that emerged last year called Petya. Petya means “Little Peter,” in Russian, leading some to speculate the name referred to Sergei Prokofiev’s 1936 symphony “Peter and the Wolf,” about a boy who captures a wolf. Reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley terminology for delivering software over the internet, according to the security firm Avast Threat Labs. That means anyone could launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment. That distribution method means that pinning down the people responsible for Tuesday’s attack could be difficult. The attack is “an improved and more lethal version of WannaCry,” said Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware when he created a kill switch that stopped the attacks. In just the last seven days, Mr. Suiche noted, WannaCry had tried to hit an additional 80,000 organizations but was prevented from executing attack code because of the kill switch. Petya does not have a kill switch. The hackers behind Petya demanded $300 worth of the cybercurrency Bitcoin to unlock victims’ machines. By Tuesday afternoon, online records showed that 30 victims had paid the ransom, although it was not clear whether they had regained access to their files. Other victims may be out of luck, after Posteo, the German email service provider, shut down the hackers’ email account. 28hack2-master675.png ▲ A screenshot of what appeared to be the ransomware affecting systems worldwide on Tuesday. The Ukrainian government posted the shot to its official Facebook page. In Ukraine, people turned up at post offices, A.T.M.s and airports to find blank computer screens, or signs about closures. At Kiev’s central post office, a few bewildered customers milled about, holding parcels and letters, looking at a sign that said, “Closed for technical reasons.” The hackers compromised Ukrainian accounting software mandated to be used in various industries in the country, including government agencies and banks, according to researchers at Cisco Talos, the security division of the computer networking company. That allowed them to unleash their ransomware when the software, which is also used in other countries, was updated. One Kiev resident, Tetiana Vasylieva, was forced to borrow money from a relative after failing to withdraw money at four automated teller machines. At one A.T.M. in Kiev belonging to the Ukrainian branch of the Austrian bank Raiffeisen, a message on the screen said the machine was not functioning. Ukraine’s Infrastructure Ministry, the postal service, the national railway company, and one of the country’s largest communications companies, Ukrtelecom, had been affected, Volodymyr Omelyan, the country’s infrastructure minister, said in a Facebook post. Officials for the metro system in Kiev said card payments could not be accepted. The national power grid company Kievenergo had to switch off all of its computers, but the situation was under control, according to the Interfax-Ukraine news agency. Metro Group, a German company that runs wholesale food stores, said its operations in Ukraine had been affected. At the Chernobyl plant, the computers affected by the attack collected data on radiation levels and were not connected to industrial systems at the site, where, although all reactors have been decommissioned, huge volumes of radioactive waste remain. Operators said radiation monitoring was being done manually. The growing fight against cyber-attacks has seen protection spending surge around the world, with the global cyber security market estimated to be worth some £94bn ($120bn) this year – more than 30 times its size just over a decade ago. [By NICOLE PERLROTH, MARK SCOTT and SHEERA FRENKEL of The New York Times  |  JUNE 27, 2017] An obvious defense is to install a Zombie ZERO that defends a new and variant Ransomware based on behavior. Zombie ZERO can defend the third Petya Ransomware against new and variant Ransomware without signatures. Existing antivirus can not prevent the upcoming Petya, a variant malware. For more information, please call +82-2-1544-5317 or visit www.npcore.com. Go to Ransomware Response Solution on Endpoint : ZombieZERO EDR for Ransomware
2017.06.28

Malicious behavior detect report more +