2014, DNS and Internet - Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

What Is DNS And Why Should Your Business Care?

Adam Levin

MARCH 21, 2019

Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. Today, less than 20% of DNS traffic is secured by DNSSEC, and only three percent of Fortune 1,000 companies have implemented it.

DNS

DNS Government Internet Internet

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Telecommunications Advertising

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

Russia successfully disconnected from the internet. Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. One of them is checking the integrity and security of the Internet as a result of external negative influences.”

Internet

Internet Internet DNS Surveillance

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. ” reported ZDNet.

Internet

Internet Internet DNS Cyber Attacks

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BitSight researchers found significant overlap in the Internet addresses used by those domains and a domain called BHproxies[.]com. The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. com on Mar.

Accountability

Accountability Advertising Marketing Malware

BIND DNS software includes a security feature that could be abused to cause DoS condition

Security Affairs

AUGUST 9, 2018

The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The “deny-answer-aliases” feature is was implemented to help recursive server operators protect users against DNS rebinding attacks.

DNS

DNS Software Advertising Internet

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS

DNS Malware Firmware Phishing

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising IoT

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime DNS

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

Security expert discovered a bug that affects million Kaspersky VPN users

Security Affairs

AUGUST 9, 2018

A security issue exists in Kaspersky VPN <=v1.4.0.216 which leaks your DNS Address even after you’re connected to any virtual server. What is a DNS leaks ? In this context, with the term “DNS leak” we indicate an unencrypted DNS query sent by your system OUTSIDE the established VPN tunnel.

VPN

VPN DNS Advertising Internet

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

“ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Experts at SEC Consult pointed out that by intercepting and manipulating internet traffic an attacker can alter the responses for FortiGuard Web Filter, AntiSpam and AntiVirus features.

Encryption

Encryption Antivirus DNS Advertising

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014.

Phishing

Phishing Accountability Advertising DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Security Affairs

MARCH 4, 2020

The NetBlocks internet observatory, which tracks disruptions and shutdowns, revealed that Iran has blocked access to the Farsi (Persian) language edition of the Wikipedia online encyclopedia since March 2nd, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported NetBlocks.

Government

Government DNS Advertising Media

Controversial law entered into effect in Russia this week

Security Affairs

NOVEMBER 3, 2019

This week a controversial law entered into effect in Russia, it would allow the government to cut internet traffic from the global Internet. This week a controversial law entered into effect in Russia, it would allow the Russian government to disconnect the country from the global Internet.

Internet

Internet Internet DNS Government

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot achieves persistence by modifying the ‘ rc’ files, then connect to command and control (C&C) server and to an internet relay chat (IRC) channel called #HellRoom to register itself and accept commands. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware DDOS DNS Advertising

Google Trust Services ACME API available to all users at no cost

Google Security

MAY 25, 2023

At Cloudflare, we believe encryption should be free for all; we pioneered that for all our customers back in 2014 when we included encryption for free in all our products. Their technical expertise guarantees they'll be able to scale to meet the needs of an increasingly encrypted Internet," says Matthew Prince, CEO, Cloudflare.

Encryption

Encryption Internet Internet DNS

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

“To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. “For data gathering, we played the role of a casual attacker with modest resources, scanning the internet for exposed MQTT brokers and CoAP hosts.

IoT

IoT Internet Internet Advertising

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). An attacker-controlled router can manipulate how your users resolve DNS hostnames to direct your users to malicious websites.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the security advisory.

DNS

DNS Passwords Authentication Wireless

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains. w s, icamis[.]ru ru , and icamis[.]biz.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

Even a device that is reaching outbound to the internet could be attacked and taken over. “ According to Shodan , there are over 808K SonicWall firewalls connected to the Internet, representing a similar number of networks that these devices defend.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Risk

Risk IoT Firewall DNS

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

. “ Redaman uses an application-defined hook procedure to monitor browser activity, specifically Chrome , Firefox, and Internet Explorer. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Malware Advertising DNS

Backdoored Webmin versions were available for download for over a year

Security Affairs

AUGUST 19, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 217,000 instances, most of them located in the United States, France and Germany.

Passwords

Passwords System Administration Advertising DNS

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom , was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com pleaded guilty to running LeakedSource[.]com

Hacking

Hacking Accountability Data breaches Marketing

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

guru’s registration records also are hidden, yet passive domain name system (DNS) records for both cryptor[.]biz Those records indicate the user Kerens registered on Verified in March 2009 from an Internet address in Novosibirsk, a city in the southern Siberian region of Russia. The registration records for the website Cryptor[.]biz

Malware

Malware Antivirus Cybercrime Hacking

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 233,000 instances, most of them located in the United States, France and Germany. ” reads the analysis. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. A DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost. Pierluigi Paganini. SecurityAffairs – SDUSD , data breach).

IoT

IoT Hacking DNS Authentication

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Wireless

Wireless IoT DNS Advertising

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Experts devised advanced SMS phishing attacks against modern Android-based phones. Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate botnet used only subdomains registered at the dynamic DNS provider No-IP to control infected devices. “This will prevent new victims from downloading secondary payloads from the internet. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising DNS Malware Hacking

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

What Is DNS And Why Should Your Business Care?

Trending Sources

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

NCSC report warns of DNS Hijacking Attacks

DHS issues emergency Directive to prevent DNS hijacking attacks

RuNet – Russia successfully concluded tests on its Internet infrastructure

Some Zyxel devices can be hacked via DNS requests

Russia is going to disconnect from the internet as part of a planned test

Spying on satellite internet comms with a $300 listening station

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Who’s Behind the Botnet-Based Service BHProxies?

BIND DNS software includes a security feature that could be abused to cause DoS condition

Massive increase in XorDDoS Linux malware in last six months

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

TrickBot operators employ Linux variants in attacks after recent takedown

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

For nearly a year, Brazilian users have been targeted with router attacks

Security expert discovered a bug that affects million Kaspersky VPN users

Some Fortinet products used hardcoded keys and weak encryption for communications

Microsoft July 2020 Security Updates address 123 vulnerabilities

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Russia-linked APT28 has been scanning vulnerable email servers in the last year

New Ttint IoT botnet exploits two zero-days in Tenda routers

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Controversial law entered into effect in Russia this week

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Trend Micro observed notable malware activity associated with the Momentum Botnet

Google Trust Services ACME API available to all users at no cost

GALLIUM Threat Group targets global telcos, Microsoft warns

M2M protocols can be abused to attack IoT and IIoT systems

Some models of Comba and D-Link WiFi routers leak admin credentials

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

New Russian Language Malspam is delivering Redaman Banking Malware

Backdoored Webmin versions were available for download for over a year

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Why Malware Crypting Services Deserve More Scrutiny

Roboto, a new P2P botnet targets Linux Webmin servers

Hacking the Twinkly IoT Christmas lights

Dozens of Linksys router models leak data useful for hackers

Security Affairs newsletter Round 230

Previously undetected VictoryGate Botnet already infected 35,000 devices

Stay Connected