2019, DDOS, DNS and Malware - Cyber Security Informer

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Security Affairs

MAY 1, 2024

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide.

DNS

DNS Firewall DDOS Hacking

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). The DoH protocol was a new standard proposed in October 2018 and it is currently supported by several publicly available DNS servers. com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

Security experts recently found notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. Malware researchers from Trend Micro recently observed notable malware activity affecting devices running Linux that is associated with the Momentum Botnet. ” concludes the analysis.

Malware

Malware DDOS Advertising DNS

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks.

IoT

IoT DNS Manufacturing Firmware

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). ” The experts first analyzed the bot on November 21, 2019 after they received a sample from the security community. million devices.

Architecture

Architecture DDOS Advertising DNS

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

The experts are monitoring the Mirai-based botnet since November 2019 and observed it exploiting two Tenda router 0-day vulnerabilities to spread a Remote Access Trojan (RAT). ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware Advertising DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

“Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.” It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. SecurityAffairs – Roboto botnet , malware).

DDOS

DDOS Advertising System Administration DNS

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Netlab researchers infected more than 1.5

IoT

IoT DNS Manufacturing Passwords

Security Affairs newsletter Round 210 – News of the week

Security Affairs

APRIL 21, 2019

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks. Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise. CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor. Analyzing OilRigs malware that uses DNS Tunneling. Whatsapp, Instagram, Facebook down worldwide.

Computers and Electronics

Computers and Electronics Data breaches Advertising Spyware

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

Canadian police last week raided the residence of a Toronto software developer behind “ Orcus RAT ,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. An advertisement for Orcus RAT. In an “official press release” posted to pastebin.com on Mar. 2017 analysis of the RAT.

Advertising

Advertising Malware Marketing Software

Network Footprints of Gamaredon Group

Cisco Security

MAY 12, 2022

Threat actors picking sides [1], group members turning against each other [2], some people handing out DDoS tools [3], some people blending in to turn it into profit [4], and many other stories, proving that this new frontier is changing daily, and its direct impact is not limited to geographical boundaries. 02/2019-06/2020.

Malware

Malware DNS DDOS Phishing

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. In December, Canada’s Laurentian University reported a DDoS attack. In early October, a DDoS attack was reported by the PUBG Mobile team.

DDOS

DDOS Cryptocurrency Marketing Internet

How to Mitigate DDoS Attacks with Log Analytics

CyberSecurity Insiders

APRIL 30, 2021

Is your organization prepared to mitigate Distributed Denial of Service (DDoS) attacks against mission-critical cloud-based applications? A DDoS attack is a cyber attack that uses bots to flood the targeted server or application with junk traffic, exhausting its resources and disrupting service for real human users. Source: Testbytes.

DDOS

DDOS Cyber Attacks DNS Threat Detection

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware

Malware Adware Spyware Antivirus

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware

Malware Banking Energy and Utilities Accountability

Cloudflare One SASE Review & Features 2023

eSecurity Planet

SEPTEMBER 25, 2023

Cloudflare became a public company in 2019 when it listed under the stock symbol “NET” on the NYSE. The lowest tier of Cloudflare One provides support for 50 users maximum, 24 hours of activity logging, and up to three network locations for office-based DNS filtering.

DNS

DNS DDOS IoT Firewall

APT trends report Q1 2022

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) Subsequently, DDoS attacks hit several government websites.

Malware

Malware Firmware Government Phishing

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB, has analyzed key recent changes to the global cyberthreat landscape in the “Hi-Tech Crime Trends 2019/2020” report. According to Group-IB’s experts, the most frustrating trend of 2019 was the use of cyberweapons in military operations. As for 2019, it has become the year of covert military operations in cyberspace.

Banking

Banking Telecommunications Marketing Internet

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning.

Phishing

Phishing Spyware Firmware Malware

What is SASE? Secure Access Service Service Edge Explained

eSecurity Planet

AUGUST 11, 2023

SASE provides an edge security solution that addresses these challenges without the bottlenecks of traditional virtual private network (VPN) solutions. What Is SASE?

Firewall

Firewall IoT Technology Internet

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. — Ido Naor (@IdoNaor1) March 2, 2019. An Israeli website nagish[.]co[.]il

Ransomware

Ransomware Encryption Malware Cyber Attacks

Episode 161: 3 Years after Mirai, IoT DDoS Problem may get Worse

The Security Ledger

SEPTEMBER 9, 2019

Three years after the Mirai botnet launched some of the biggest denial of service attacks ever seen, DDoS is a bigger problem and ever. Three years after the Mirai botnet launched some of the biggest denial of service attacks ever seen, DDoS is a bigger problem and ever. In this podcast, we speak with Hardik Modi, the senior director.

DDOS

DDOS IoT Internet Internet

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

SI-LAB analyzed this malware and noticed that it does not use sophisticated techniques. Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. — Ido Naor (@IdoNaor1) March 2, 2019. An Israeli website nagish[.]co[.]il

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

After being released in 2003, he uses WiFi to commit attacks, program malware and steal credit card information. 2000 — Mafiaboy — 15-year-old Michael Calce, aka MafiaBoy, a Canadian high school student, unleashes a DDoS attack on several high-profile commercial websites including Amazon, CNN, eBay and Yahoo!

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Cyber Security Informer

Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Trending Sources

Trend Micro observed notable malware activity associated with the Momentum Botnet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

New Ttint IoT botnet exploits two zero-days in Tenda routers

Roboto, a new P2P botnet targets Linux Webmin servers

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs newsletter Round 210 – News of the week

Canadian Police Raid ‘Orcus RAT’ Author

Network Footprints of Gamaredon Group

DDoS attacks in Q4 2020

How to Mitigate DDoS Attacks with Log Analytics

Types of Malware & Best Malware Protection Practices

IT threat evolution Q3 2021

Cloudflare One SASE Review & Features 2023

APT trends report Q1 2022

Group-IB presents its annual report on global threats to stability in cyberspace

IT threat evolution Q1 2022

What is SASE? Secure Access Service Service Edge Explained

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Episode 161: 3 Years after Mirai, IoT DDoS Problem may get Worse

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Stay Connected