Cisco Security

MARCH 11, 2021

After examining topics such as the MITRE ATT&CK framework , LOLBins , and others, this release will look at DNS traffic to malicious sites. We’ll also look at malicious DNS activity—the number of queries malicious sites receive. Organizations and malicious DNS activity. Overview of analysis. Cryptomining.

DNS 61

DNS Phishing Ransomware Internet 61

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. tmp 2>&1″ Stealing cryptocurrency. Malware infection.

Cryptocurrency 131

Cryptocurrency Malware Accountability Banking 131

Krebs on Security

MARCH 9, 2023

The site’s true WHOIS registration records have always been hidden by privacy protection services, but there are plenty of clues in historical Domain Name System (DNS) records for WorldWiredLabs that point in the same direction. A review of DNS records for both printschoolmedia[.]org DNS records for worldwiredlabs[.]com

DNS 258

DNS Cybercrime Passwords Accountability 258

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 278

Hacking Social Engineering Phishing Scams 278

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” concludes the analysis.”

DNS 125

DNS Cryptocurrency Internet Internet 125

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org The ark-x2[.]org

Scams 201

Scams Cryptocurrency Media Hacking 201

Security Affairs

NOVEMBER 24, 2020

Crooks were able to trick GoDaddy staff into handing over control of crypto-biz domain names in a classic DNS hijacking attack. Crooks were able to hijack traffic and email to various cryptocurrency-related websites as a result of a DNS hijacking attack on domains managed by GoDaddy. SecurityAffairs – hacking, DNS hijacking).

Social Engineering 99

Social Engineering Engineering DNS Data breaches 99

Security Affairs

JUNE 4, 2020

Hackers hijacked one of the domains of the Japanese cryptocurrency exchange Coincheck and used it for spear-phishing attacks. The Japanese cryptocurrency exchange Coincheck announced that threat actors have accessed their account at the Oname.com domain registrar and hijacked one of its domain names. NS ???????????? awsdns-61[.]org

Accountability 91

Accountability Phishing DNS Cryptocurrency 91

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 106

Antivirus Cryptocurrency Malware Software 106

eSecurity Planet

FEBRUARY 19, 2024

The vulnerability, CVE-2020-3259 , was first discovered in May 2020. Akira also has potential ties to Conti, another ransomware group, through cryptocurrency transactions, according to Unit 42. February 19, 2024 ExpressVPN Split Tunneling Disabled after Discovered Vulnerability Type of vulnerability: DNS traffic leak.

VPN 111

VPN DNS Ransomware Software 111

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Malware 108

Malware DNS Cryptocurrency Internet 108

Security Affairs

JANUARY 19, 2021

The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands. CVE-2020-7961 – Java unmarshalling flaw via JSONWS in Liferay Portal (in versions prior to 7.2.1 CE GA2) (disclosed on March 20, 2020).

DDOS 137

DDOS DNS Malware Internet 137

Krebs on Security

MARCH 28, 2021

I first heard about the domain in December 2020, when a reader told me how his entire network had been hijacked by a cryptocurrency mining botnet that called home to it. I’d been doxed via DNS. “This morning, I noticed a fan making excessive noise on a server in my homelab,” the reader said.

Hacking 357

Hacking Cybercrime DNS Antivirus 357

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

Cryptocurrency 116

Cryptocurrency Cybercrime DNS Malware 116

Security Affairs

MARCH 17, 2022

The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S. The Trickbot operation has switched to using MikroTik routers as C&C servers since 2020. Microsoft has analyzed how the malware compromised MikroTik routers and developed a tool to detect signs of compromise. Pierluigi Paganini.

Malware 118

Malware DNS Passwords Ransomware 118

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. Comparative number of DDoS attacks, Q1 and Q2 2021, and Q2 2020.

DDOS 134

DDOS DNS IoT Marketing 134

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). Patched.netyyk.

DNS 144

DNS Antivirus Malware Encryption 144

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. Botnet operators used Redis server scanners to find installs that could be compromised to mine cryptocurrencies. . ” continues the report.

Backups 107

Backups Cryptocurrency DNS Malware 107

SecureList

FEBRUARY 10, 2022

In some cases, DNS amplification was also used. The botnet can also install proxy servers on infected devices, mine cryptocurrency and conduct DDoS attacks. Let’s look at the figures: Comparative number of DDoS attacks, Q3 and Q4 2021, and Q4 2020. Q4 2020 data is taken as 100% ( download ). fold increase.

DDOS 110

DDOS Cryptocurrency Marketing Accountability 110

SecureList

SEPTEMBER 26, 2022

RedLine Stealer has been known since early 2020 and developed through 2021. RedLine’s main purpose is to steal credentials and information from browsers, in addition to stealing credit card details and cryptocurrency wallets from the compromised machine. Screen with cryptocurrency addresses from Generic.ClipBanker binary.

Malware 114

Malware Cryptocurrency Passwords Software 114

CyberSecurity Insiders

JANUARY 25, 2022

.–( BUSINESS WIRE )– CSC , a world leader in business, legal, tax, and domain security, today announced key findings from its new report, which found that nearly 500,000 web domains were registered since January 2020 containing key COVID-related terms. To access the full report and additional details, visit our website.

Artificial Intelligence 52

Artificial Intelligence Phishing Technology DNS 52

Fox IT

JUNE 29, 2022

Flubot banking malware families are in the wild since at least the period between late 2020 and the first quarter of 2022. Based on reports from other researchers, Flubot samples were first found in the wild between November and December of 2020. in December 2020. In this new version, they introduced DNS-over-HTTPs (DoH).

Banking 97

Banking Malware DNS Encryption 97

CyberSecurity Insiders

SEPTEMBER 21, 2021

The campaign uses multiple shell/batch scripts, new open source tools, a cryptocurrency miner, the TeamTNT IRC bot, and more. TeamTNT has been one of the most active threat groups since mid 2020. Windows component – Set up a cryptocurrency miner. Exfil Domain in DNS Query. Background. See figure 6.). See figure 7).

Cryptocurrency 84

Cryptocurrency Malware Passwords Authentication 84

The Last Watchdog

OCTOBER 19, 2021

Yet Bitcoin, Ethereum and other cryptocurrencies are mere pieces of the puzzle. Users can create bridges and share part of their file systems with others without relying on any centralized databases or lookup systems like DNS, for example. On the technology front, blockchain systems signal the type of shifts that need to fully unfold.

Internet 223

Internet Internet Cryptocurrency Software 223

SecureList

JANUARY 28, 2021

2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. What does all this mean for privacy? What does all this mean for privacy? How are governments and enterprises going to react to this in 2021?

Marketing 68

Marketing Data collection Government Encryption 68

SecureList

DECEMBER 1, 2023

The version of Free Download Manager installed by the infected package was released on January 24, 2020. They mention the dates 20200126 (January 26, 2020) and 20200127 (January 27, 2020). Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org org domain.

Malware 98

Malware Ransomware Encryption Energy and Utilities 98

SecureList

AUGUST 30, 2023

A DLL with this name was used in recent deployments of a backdoor that we dubbed Gopuram , which we had been tracking since 2020. While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus.

Malware 78

Malware Spyware Cryptocurrency Government 78

SecureList

MAY 1, 2023

Among the identified companies, there were major tech portals like Facebook, TikTok and Google, marketplaces such as Amazon and Steam, lots of banks from all over the world, from Australia to Russia, cryptocurrency and delivery services. ” These points make a lot of sense.

Phishing 117

Phishing DNS Cybersecurity Internet 117

SecureList

APRIL 27, 2022

The supporting infrastructure for this operation overlaps with an operation described in a report published by Cisco Talos in September 2021, which discusses a campaign targeting government personnel in India using Netwire and Warzone (aka AveMaria RAT) dating back to the end of 2020. in June 2021.

Malware 135

Malware Firmware Government Phishing 135

eSecurity Planet

FEBRUARY 16, 2021

With over 600,000 devices, this botnet exposed just how vulnerable IoT devices could be and led to the IoT Cybersecurity Improvement Act of 2020. A strain of keylogger malware dubbed LokiBot notably increased in 2020. In 2016, the Mirai botnet attack left most of the eastern U.S. with no internet. Browser Hijacker. RAM Scraper.

Malware 104

Malware Adware Spyware Antivirus 104