2016, Hacking, Internet and Malware - Cyber Security Informer

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. as a media sharing device on a local network that was somehow exposed to the Internet. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

If you operate a cybercrime business that relies on disseminating malicious software, you probably also spend a good deal of time trying to disguise or “crypt” your malware so that it appears benign to antivirus and security products. This story explores the history and identity behind Cryptor[.]biz WHO RUNS CRYPTOR[.]BIZ?

Malware

Malware Antivirus Cybercrime Hacking

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. 2016 sales thread on Exploit. One of Megatraffer’s ads on an English-language cybercrime forum. “Why do I need a certificate?

Malware

Malware Cybercrime Software Antivirus

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

OCTOBER 20, 2021

We also review what pushed cybercriminals to transform their operations into the now well-known malware-as-a-service model — the use of cloud servers, the decreasing relevance of custom malware and the subsequent emergence of small, agile teams. This browser attack chain, popular in 2016, is no longer possible.

Cybercrime

Cybercrime Banking Malware Ransomware

The Olympics: a timeline of scams, hacks, and malware

Malwarebytes

JULY 28, 2021

And while actual, measurable cyberrattacks and hacks surrounding The Olympics did not truly get rolling until 2008 in Beijing, The Olympic games have traditionally been quite the target for malicious acts of all kinds, dating back years. remember Sydney being referred to as “The Internet Olympics”. People getting up to mischief?

Scams

Scams Hacking Malware Mobile

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

DDoS attacks involve flooding a target Web site with so much junk Internet traffic that it can no longer accommodate legitimate visitors. But that 2016 story came on the heels of an exclusive about the hacking of vDOS — at the time the world’s most popular and powerful DDoS-for-hire service.

DDOS

DDOS System Administration Internet Internet

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet

Internet Internet Passwords Malware

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Moobot botnet has been active since at least 2016, it also includes other routers and virtual private servers (VPS). “Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. ” reported Trend Micro. ” concludes the report.

Phishing

Phishing Cryptocurrency Internet Internet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. The infamous Locky ransomware was first spotted in the wild in February 2016. The first viable Mac ransomware called KeRanger was spotted in the spring of 2016.

Ransomware

Ransomware Hacking Encryption Penetration Testing

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

IoT

IoT DDOS Internet Internet

WikiLeaks: Many Internet Connected Devices Have Vulnerabilities

SiteLock

AUGUST 27, 2021

A series of internal CIA documents released Tuesday by WikiLeaks serve as a reminder that any computer, smartphone or other devices connected to the internet is vulnerable to compromise. The scale of the program was so massive that by 2016, its hackers had utilized more code than what is currently used to run Facebook.

Internet

Internet Internet Hacking IoT

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

Upon compromising the IP camera, an attacker can also use the hacked device to access internal networks posing a risk to the infrastructure that use the devices. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. SecurityAffairs – hacking, Hikvision). Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The source code of the infamous Dharma ransomware is now available for sale on two Russian-language hacking forums. The source code of one of the most profitable ransomware families, the Dharma ransomware , is up for sale on two Russian-language hacking forums. SecurityAffairs – Dharma ransomware, malware). Pierluigi Paganini.

Ransomware

Ransomware Hacking Advertising Malware

Meet the Administrators of the RSOCKS Proxy Botnet

Krebs on Security

JUNE 22, 2022

last week said they dismantled the “ RSOCKS ” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. ” In 2016, Deniskloster.com featured a post celebrating three years in operation.

Advertising

Advertising Cybercrime System Administration Hacking

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. RSOCKS, circa 2016. A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime

Cybercrime Advertising IoT Malware

Microsoft: Two New 0-Day Flaws in Exchange Server

Krebs on Security

OCTOBER 1, 2022

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. ” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

Hacking

Hacking Passwords Internet Internet

Microsoft Issues Emergency Fix for IE Zero Day

Krebs on Security

DECEMBER 19, 2018

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Internet

Internet Internet Engineering Software

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

Cybercriminals and nation-state actors exploit numerous vulnerabilities for malicious activities, including malware campaigns and cyber espionage operations. “Around 45,000 Microsoft Exchange servers in Germany can currently be accessed from the Internet without restrictions. ” reads the alert published by the BSI.

Information Security

Information Security Internet Internet Healthcare

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Security Affairs

OCTOBER 3, 2020

Facebook shared details about a long-running ad-fraud campaign that’s been ongoing since 2016 targeting Facebook users with SilentFade malware. The social network giant revealed that malware has a Chinese origin and allowed hackers to siphon $4 million from users’ advertising accounts. SecurityAffairs – hacking, Facebook).

Malware

Malware Advertising Accountability Authentication

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

Security Affairs

JULY 11, 2020

A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. SecurityAffairs – hacking, cybercrime).

Hacking

Hacking Cybercrime Data breaches Advertising

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” SecurityAffairs – hacking, EnemyBot). The Enemybot botnet borrows the code from the Gafgyt bot and re-used some codes from the infamous Mirai botnet.

Malware

Malware DDOS IoT Cybercrime

New MATA Multi-platform malware framework linked to NK Lazarus APT

Security Affairs

JULY 23, 2020

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Malware

Malware Ransomware Advertising Encryption

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

FEBRUARY 3, 2022

The trouble is, there’s little to stop criminals from leveraging newly registered or hacked LinkedIn business accounts to create their own ad campaigns using Slinks. Way back in 2016, security firm Fortinet blogged about LinkedIn’s redirect being used to promote phishing sites and online pharmacies.

Phishing

Phishing Marketing Scams Accountability

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

Security Affairs

SEPTEMBER 21, 2019

The bad side of all of these adventure is, now I have my research materials scattering around all over the internet during these past three years (smile). Windows related malware posts. Linux related malware posts. Mac OSX related malware posts. Other malware reports. SecurityAffairs – MalwareMustDie, malware).

Malware

Malware Advertising Security Awareness Media

The Link Between AWM Proxy & the Glupteba Botnet

Krebs on Security

JUNE 28, 2022

On December 7, 2021, Google announced it was suing two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. But on Dec.

Passwords

Passwords Malware Internet Internet

BotenaGo strikes again – malware source code uploaded to GitHub

CyberSecurity Insiders

JANUARY 26, 2022

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” Key takeaways: BotenaGo malware source code is now available to any malicious hacker or malware developer.

Malware

Malware IoT Authentication Antivirus

$10M Is Yours If You Can Get This Guy to Leave Russia

Krebs on Security

MAY 4, 2023

” In February 2005, Nordex posted to Mazafaka that he was in the market for hacked bank accounts, and offered 50 percent of the take. That Bankir account was registered from the Internet address 193.27.237.66 com account created from that same Internet address under the username “Polkas.” Image: Migalki.net.

Marketing

Marketing Cybercrime Accountability Cryptocurrency

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Security Affairs

APRIL 13, 2022

. “ZLoader is made up of computing devices in businesses, hospitals, schools, and homes around the world and is run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.” SecurityAffairs – hacking, ZLoader malware). Pierluigi Paganini.

Banking

Banking Malware Telecommunications Antivirus

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

JANUARY 22, 2019

Experts at Cisco Talos and other security firms quickly drew parallels between the two mass spam campaigns, pointing to a significant overlap in Russia-based Internet addresses used to send the junk emails. Large-scale spam campaigns often are conducted using newly-registered or hacked email addresses, and/or throwaway domains.

DNS

DNS Internet Internet Computers and Electronics

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned.

Advertising

Advertising Antivirus Software Malware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com)

IoT

IoT DDOS Malware Firmware

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. The cyberespionage group has been active since at least 2016, according to the CrowdStrike researchers it is using a very sophisticated toolset.

Telecommunications

Telecommunications Mobile Hacking Architecture

911 Proxy Service Implodes After Disclosing Breach

Krebs on Security

JULY 29, 2022

re is was one of the original “residential proxy” networks, which allow someone to rent a residential IP address to use as a relay for his/her Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web. A cached copy of flashupdate[.]net

Cybercrime

Cybercrime Software VPN Backups

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware. Upon compromising the IP camera, an attacker can also use the hacked device to access internal networks posing a risk to the infrastructure that uses the devices.

Firmware

Firmware DDOS Malware IoT

Successful operations against Russian Sandworm and Strontium groups targeting Ukraine revealed

Malwarebytes

APRIL 8, 2022

On Wednesday, the DOJ announced that it had disrupted GRU’s control over thousands of internet-connected firewall devices compromised by the Russian Sandworm group. It has been held responsible for destroying entire Ukrainian networks, triggering blackouts by targeting electrical utilities, and releasing the NotPetya malware.

Malware

Malware Internet Internet Government

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

Security Affairs

DECEMBER 1, 2022

ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerability in Adobe Flash Player to deliver malware to South Korean users. Kaspersky first documented the operations of the group in 2016. ” continues the report. .

Accountability

Accountability Malware Cyber Attacks Media

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Microsoft releases Hafnium patch for defunct edition of Exchange

SC Magazine

MARCH 9, 2021

Following widespread hacking from the Hafnium group and, perhaps, other groups , Microsoft is now offering the same patch for the no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions. Patches for Exchange Servers 2010, 2013, 2016 and 2019 can be downloaded here. Microsoft).

Media

Media Malware Hacking Internet

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Samide and other experts say what’s coming next is very likely to be a series of varied attacks as combatants on all sides leverage footholds gained from ongoing intelligence gathering and malware planting. It’s notable that hacks to gain access to, and maintain control of, industrial control systems are a recurring theme in cyber warfare.

Energy and Utilities

Energy and Utilities Malware Hacking Passwords

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

Krebs on Security

OCTOBER 26, 2018

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University , his former alma mater. After the Sept.

DDOS

DDOS Government Malware Internet

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

Launched in 2013, Microleaves is a service that allows customers to route their Internet traffic through PCs in virtually any country or city around the globe. Microleaves works by changing each customer’s Internet Protocol (IP) address every five to ten minutes. ” A teaser from Irish Tech News. “Online[.]io

Advertising

Advertising Software Computers and Electronics Internet

Router security in 2021

SecureList

JUNE 8, 2022

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Moreover, most of these routers had the name HACKED-ROUTER-HELP-SOS-DEFAULT-PASSWORD, indicating they had already been compromised.

DDOS

DDOS Passwords IoT Firmware

Giving a Face to the Malware Proxy Service ‘Faceless’

Why Malware Crypting Services Deserve More Scrutiny

Trending Sources

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

The Olympics: a timeline of scams, hacks, and malware

DDoS Mitigation Firm Founder Admits to DDoS

A Deep Dive Into the Residential Proxy Service ‘911’

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Russia-linked APT28 and crooks are still using the Moobot botnet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

WikiLeaks: Many Internet Connected Devices Have Vulnerabilities

Over 80,000 Hikvision cameras can be easily hacked

Source code of Dharma ransomware now surfacing on public hacking forums

Meet the Administrators of the RSOCKS Proxy Botnet

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Issues Emergency Fix for IE Zero Day

German BSI warns of 17,000 unpatched Microsoft Exchange servers

SILENTFADE a long-running malware campaign targeted Facebook AD platform

Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty

EnemyBot malware adds new exploits to target CMS servers and Android devices

New MATA Multi-platform malware framework linked to NK Lazarus APT

How Phishers Are Slinking Their Links Into LinkedIn

MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019)

The Link Between AWM Proxy & the Glupteba Botnet

BotenaGo strikes again – malware source code uploaded to GitHub

$10M Is Yours If You Can Get This Guy to Leave Russia

Microsoft has taken legal and technical action to dismantle the Zloader botnet

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Who’s Behind the RevCode WebMonitor RAT?

A new Zerobot variant spreads by exploiting Apache flaws

China-linked LightBasin group accessed calling records from telcos worldwide

911 Proxy Service Implodes After Disclosing Breach

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Successful operations against Russian Sandworm and Strontium groups targeting Ukraine revealed

North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea

BotenaGo botnet targets millions of IoT devices using 33 exploits

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Microsoft releases Hafnium patch for defunct edition of Exchange

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

Breach Exposes Users of Microleaves Proxy Service

Router security in 2021

Stay Connected