2015, DNS, Internet and Malware - Cyber Security Informer

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Microsoft said that XorDDoS continues to home on Linux-based systems, demonstrating a significant pivot in malware targets. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

Explained: Domain fronting

Malwarebytes

DECEMBER 1, 2023

The list includes Amazon (banned in 2018), Google (2018), Microsoft (2022), and Cloudflare (2015). For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name. For a “normal” connection to a website, a Domian Name System (DNS) finds the IP address for the requested domain name.

DNS

DNS Internet Internet Encryption

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Security experts from Qihoo 360 NetLab spotted GhostDNS, a malware that already infected over 100K+ devices and targets 70+ different types of routers. Security experts from Qihoo 360 NetLab have uncovered an ongoing hacking campaign that leverages the GhostDNS malware. ” reads the analysis published by the experts.

DNS

DNS Malware Firmware Phishing

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Banking

Banking Malware Advertising DNS

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS DNS Advertising

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications. .”

DNS

DNS Banking Advertising IoT

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Security Affairs newsletter Round 273

Security Affairs

JULY 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Advertising Surveillance Malware

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

Krebs on Security

JANUARY 8, 2024

As detailed in my 2014 book, Spam Nation , Spamdot was home to crooks controlling some of the world’s nastiest botnets, global malware contagions that went by exotic names like Rustock , Cutwail , Mega-D , Festi , Waledac , and Grum. I can not provide DNS for u, only domains. w s, icamis[.]ru ru , and icamis[.]biz.

Cybercrime

Cybercrime Banking Computers and Electronics DDOS

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. “ Malware then guesses routers’ passwords , which new research from Avast shows are often weak. ” reads a blog post published by Avast.

DNS

DNS Passwords Advertising Banking

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker. Brute Force – using hard coded credentials With this list, the malware tries connecting to other network devices using Telnet. ” continues the analysis.

DDOS

DDOS DNS Malware Internet

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks, the recent mass scanning activity represents a change in the modus operandi of the group. “This report aims to shed light on some of Pawn Storm’s attacks that did not use malware in the initial stages. ” continues the report.

Phishing

Phishing Accountability Advertising DNS

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

DDoS protection services provider Radware warns the Hoaxcalls Internet of Things (IoT) botnet has expanded the list of targeted devices, the experts also noticed that the operators implemented new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods.

DDOS

DDOS IoT Advertising DNS

Here's Why Your Static Website Needs HTTPS

Troy Hunt

JULY 12, 2018

In one of many robust internet debates (as is prone to happen on Twitter), the discussion turned to the value proposition of HTTPS on a static website. For example, check out how it's used when embedded in the TXT record of a DNS entry which is then loaded into a WHOIS service which doesn't properly output encode the results.

DNS

DNS Wireless Risk Banking

DeathStalker targets legal entities with new Janicab variant

SecureList

DECEMBER 8, 2022

Just to clarify, the subheading isn’t a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers (DDRs). Janicab was first introduced in 2013 as malware able to run on MacOS and Windows operating systems.

Malware

Malware DNS Engineering Internet

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

“To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

McAfee

SEPTEMBER 14, 2021

A special thanks to our Professional Services’ IR team, ShadowServer , for historical context on C2 domains, and Thomas Roccia /Leandro Velasco for malware analysis support. McAfee customers are protected from the malware/tools described in this blog. The malware also decrypts and injects the payload in memory.

Malware

Malware DNS Accountability Manufacturing

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware DNS Advertising

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. “For data gathering, we played the role of a casual attacker with modest resources, scanning the internet for exposed MQTT brokers and CoAP hosts.

IoT

IoT Internet Internet Advertising

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Germany and the Netherlands agreded to build TEN, the first ever joint military internet. Germany and the Netherlands agreed to build TEN, the first ever joint military internet. Cryptomining Campaign involves Golang malware to target Linux servers. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH).

Scams

Scams Spyware DNS Advertising

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The attackers were using brute-force attacks (using the root:admin credential) on SSH servers to distribute the malware. ” continues the analysis.

IoT

IoT DDOS Architecture Malware

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

However, all the original files were replaced by a copy of the malware. The VictoryGate botnet used only subdomains registered at the dynamic DNS provider No-IP to control infected devices. “This will prevent new victims from downloading secondary payloads from the internet.

Advertising

Advertising DNS Malware Hacking

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites.

DNS

DNS Advertising Firewall Mobile

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

Even a device that is reaching outbound to the internet could be attacked and taken over. “ According to Shodan , there are over 808K SonicWall firewalls connected to the Internet, representing a similar number of networks that these devices defend.” ” reads the report published by Armis Labs. Pierluigi Paganini.

Risk

Risk IoT Firewall DNS

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Adam Levin

JULY 8, 2020

A whopping 97 percent failed to use DNSSEC , a domain security protocol designed to address core vulnerabilities in the foundations of the internet itself. Many of these faux-Zoom sites were used to distribute malware under the guise of links to online meetings. A Prime Target for Hackers. All of these can be extinction-level events.

Hacking

Hacking Retail Cyber Insurance Authentication

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 233,000 instances, most of them located in the United States, France and Germany. SecurityAffairs – Roboto botnet , malware).

DDOS

DDOS System Administration Advertising DNS

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem. Registry key created by malware. Figure 2: Complete malware implant folder. Example of execution of the malware. Technical Analysis.

Banking

Banking Malware Internet Internet

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini. SecurityAffairs – LinkSys, Data leak).

Wireless

Wireless IoT DNS Advertising

DeftTorero: tactics, techniques and procedures of intrusions revealed

SecureList

OCTOBER 3, 2022

This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Display DNS resolver cache. The table below illustrates some changes made by the malware author. Delimiter used for malware configuration variables. cmd.exе /c sеt. New Pattern.

Backups

Backups Malware Engineering Passwords

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

Necurs botnet is currently the second largest spam botnet , it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware , the Scarab ransomware , and the Dridex banking Trojan. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DNS

DNS Banking Advertising Ransomware

Security Affairs newsletter Round 192 – News of the week

Security Affairs

DECEMBER 16, 2018

A new Mac malware combines a backdoor and a crypto-miner. Hackers defaced Linux.org with DNS hijack. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. WordPress botnet composed of +20k installs targets other sites. Duke-Cohan sentenced to three years in prison due to false bomb threats and DDoS.

DNS

DNS Advertising DDOS Government

APT trends report Q1 2021

SecureList

APRIL 27, 2021

In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. This campaign made use of a previously unknown malware family we dubbed FourteenHi.

Malware

Malware Spyware Government Social Engineering

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

1988 — The Morris Worm — Robert Morris creates what would be known as the first worm on the Internet. After being released in 2003, he uses WiFi to commit attacks, program malware and steal credit card information. 2015 — Anthem — Anthem reports theft of personal information on up to 78.8 billion dollars in damages.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Some Zyxel devices can be hacked via DNS requests. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Experts devised advanced SMS phishing attacks against modern Android-based phones. JSWorm: The 4th Version of the Infamous Ransomware. Creator of multiple IoT botnets, including Satori, pleaded guilty.

IoT

IoT Data breaches DNS Advertising

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

Don Duncan, security engineer at NuData Security, told eSecurity Planet by email that POS systems are often dangerously easy to penetrate with malware , including the following (among many others): Dexter was discovered by Seculert (now Radware) researchers in 2012. vSkimmer malware, a successor to Dexter, dates back to 2013.

Retail

Retail Encryption Malware Artificial Intelligence

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

Too many times turned into fully-featured malware implants by unethical hackers and cyber criminals. Exploring the malware code, we detected multiple evidence indication of the possible belonging malware family: LimeRAT. Figure 9: The persistence mechanisms of the malware. Technical Analysis. C2 retrieval.

Malware

Malware Advertising DNS Antivirus

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Massive increase in XorDDoS Linux malware in last six months

Webinars

Trending Sources

Explained: Domain fronting

Webinars

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

New Russian Language Malspam is delivering Redaman Banking Malware

Spying on satellite internet comms with a $300 listening station

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Trend Micro observed notable malware activity associated with the Momentum Botnet

TrickBot operators employ Linux variants in attacks after recent takedown

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs newsletter Round 273

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

The Muncy malware is on the rise

For nearly a year, Brazilian users have been targeted with router attacks

Microsoft July 2020 Security Updates address 123 vulnerabilities

FreakOut botnet target 3 recent flaws to compromise Linux devices

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Here's Why Your Static Website Needs HTTPS

DeathStalker targets legal entities with new Janicab variant

GALLIUM Threat Group targets global telcos, Microsoft warns

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

New Ttint IoT botnet exploits two zero-days in Tenda routers

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs newsletter Round 221 – News of the week

Chalubo, a new IoT botnet emerges in the threat landscape

Previously undetected VictoryGate Botnet already infected 35,000 devices

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Why 83 Percent of Large Companies Are Vulnerable to This Basic Domain Hack

Roboto, a new P2P botnet targets Linux Webmin servers

Analyzing a Danabot Paylaod that is targeting Italy

Dozens of Linksys router models leak data useful for hackers

DeftTorero: tactics, techniques and procedures of intrusions revealed

Necurs Botnet adopts a new strategy to evade detection

Security Affairs newsletter Round 192 – News of the week

APT trends report Q1 2021

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Top SD-WAN Solutions for Enterprise Security

Security Affairs newsletter Round 230

Black Hat USA 2023 NOC: Network Assurance

Point-of-Sale (POS) Security Measures for 2021

LimeRAT spreads in the wild

Stay Connected