SecureList

FEBRUARY 7, 2022

We have been tracking Roaming Mantis since 2018, and published five blog posts about this campaign: Roaming Mantis uses DNS hijacking to infect Android smartphones. Roaming Mantis dabbles in mining and phishing multilingually. Link from smishing message redirects to Wroba or phishing page. Roaming Mantis, part III.

Phishing 86

Phishing DNS Mobile Malware 86

Security Boulevard

APRIL 26, 2022

In 2021, the main attack vector used by this threat actor was credential phishing attacks through emails, posing as Naver, the popular South Korean search engine and web portal. Some details about this campaign were published in this Korean blog, however they did not perform the threat attribution. Passive DNS data.

Phishing 52

Phishing DNS Cryptocurrency Accountability 52

SecureList

MAY 27, 2022

The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. In the second half of 2021, the most affected countries were France, Japan, India, China, Germany and South Korea. Territories affected by Roaming Mantis activity ( download ).

Phishing 110

Phishing Spyware Firmware Malware 110

Malwarebytes

SEPTEMBER 14, 2022

From industry tips and best practices to the latest Malwarebytes product releases and how-tos, our Business newsletter is chock-full of the best of our business blog. In fact, there were 50% more attack attempts per week on corporate networks globally in 2021 than in 2020. DNS filtering. Cloud scanning.

Technology 67

Technology DNS Cyber Insurance Insurance 67

Security Affairs

MAY 15, 2023

“Symantec researchers observed it being used in some activity in 2020 and 2021, as well as this more recent campaign, which continued into the first quarter of 2023. The attack chain employed in 2020 started with a phishing email with a lure based on the 37th ASEAN Summit. ” reads the analysis published by Symantec.

Encryption 83

Encryption DNS Phishing Malware 83

SecureList

SEPTEMBER 29, 2021

In March 2021, FireEye and Microsoft released additional information about the second-stage malware used during the campaign, Sunshuttle (aka GoldMax). Later in May 2021, Microsoft also attributed spear-phishing campaign impersonating a US-based organization to Nobelium. DNS hijacking. January 13-14, 2021.

DNS 105

DNS Malware Engineering Encryption 105

Malwarebytes

APRIL 19, 2021

We announced the release of the Malwarebytes SMB Cybersecurity Trust & Confidence Report 2021 , a first-of-its-kind survey of the hardworking IT professionals on the front lines of the fight against cyberthreats.

Artificial Intelligence 57

Artificial Intelligence Scams DDOS DNS 57

eSecurity Planet

DECEMBER 3, 2021

Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Facebook Plans on Backdooring WhatsApp [link] — Schneier Blog (@schneierblog) August 1, 2019. Also read: Top Endpoint Detection and Response (EDR) Solutions for 2021. — Eva (@evacide) October 4, 2021.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Webroot

MAY 25, 2021

Use hardened internal and external DNS servers by applying Domain Name System Security Extensions (DNSSEC), along with registry locking domains; looking at certificate validation; and implementing email authentication like DMARC, SPF and DKIM. Train your end users to avoid security risks.

Phishing 143

Phishing DNS Backups Cyber threats 143

Security Boulevard

JANUARY 20, 2022

In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. During our investigation we discovered that the campaign has been active since July 2021. 202 from 27-12-2021. Introduction. Threat attribution.

Accountability 118

Accountability DNS Phishing Architecture 118

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. 25+ Years of Black Hat (and some DNS stats), by Alejo Calaoagan. If there is a specific DNS attack that threatened the conference, we supported Black Hat in blocking it to protect the network.

DNS 75

DNS Wireless Malware Firewall 75

Cisco Security

DECEMBER 22, 2022

Cisco Umbrella : DNS visibility and security. The workflows create accounts in SecureX, Secure Malware Analytics (Threat Grid), Umbrella DNS and Meraki dashboard, all using SecureX Single Sign-On. That is, any DNS query from the Black Hat network that matches one of several predefined security categories. Integrating Security.

DNS 71

DNS Malware Accountability Wireless 71

Duo's Security Blog

JANUARY 28, 2022

This, in combination with network encryption, will lay a strong foundation against phishing and other common attack vectors. The memo emphasizes the importance of including cloud-based platforms, applications and systems in the agency zero trust strategy.

Authentication 52

Authentication Government DNS Encryption 52

SecureList

APRIL 27, 2022

We also identified two samples developed in December 2021 containing test strings and preceding revisions of the ransom note observed in Microsoft’s shared samples. One of the identified samples was compiled on December 28, 2021, suggesting that this destructive campaign had been planned for months. … ?????? ??????!!!

Malware 135

Malware Firmware Government Phishing 135

SecureList

APRIL 24, 2023

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Tomiris (Golang implant) Backdoor Golang Described in our original blog post. Some samples contain traces of Russian language.

Malware 96

Malware DNS Government Software 96

Cisco Security

MAY 12, 2022

Gamaredon often leverages malicious office files, distributed through spear phishing as the first stage of their attacks. 08/2020, 05/2021-02/2022. 07/2020-02/2021. Therefore, DNS and outgoing web traffic is crucial for its detection. Additionally, the usage of TLDs on domain creation seems to be rotating. Distribution.

Malware 104

Malware DNS DDOS Phishing 104

SecureList

JUNE 15, 2022

Phishing attacks on employees. 2TB of 2020-2021 data: credentials related to banking accounts and the most popular services. There is access data to 2-3 domains of that network, the total number is 3-4, I don’t know exactly, see the screenshot below for DNS servers! Blackmailer blog: auction price of stolen data.

VPN 97

VPN Accountability Ransomware Encryption 97