2020, DNS, Firmware and Malware - Cyber Security Informer

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. Introduction. Affected devices. an evil maid attack scenario).

Firmware

Firmware DNS Malware Technology

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Malwarebytes

JUNE 30, 2022

The so-called ZuoRAT campaign, which very likely started in 2020, is so sophisticated that the researchers suspect that there is a state sponsored threat actor behind it. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. DNS hijacking. SOHO routers.

DNS

DNS Malware Small Business Firmware

Sunburst: connecting the dots in the DNS requests

SecureList

DECEMBER 18, 2020

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. For instance, before making the first internet connection to its C2s, the Sunburst malware lies dormant for a long period, of up to two weeks, which prevents an easy detection of this behavior in sandboxes. avsvmcloud[.]com”

DNS

DNS Telecommunications Malware Encryption

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” When the botnet was first detected in 2019, experts noticed it was exploiting the Tenda zero-day flaw tracked as CVE-2020-10987.

IoT

IoT Firmware DNS Advertising

Dell Wyse ThinOS flaws allow hacking think clients

Security Affairs

DECEMBER 21, 2020

Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files. Both CVE-2020-29492 and CVE-2020-29491 reside in the ThinOS operating system that runs on Dell Wyse thin clients.

Hacking

Hacking Firmware DNS Healthcare

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

On 2020-01-02, CNCERT reported that “the number of Bot node IP addresses associated with this botnet exceeds 5 million. Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control.

Architecture

Architecture DDOS Advertising DNS

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Botnet based on Medusa, working since 2020. Our advantages: 1. Tested, tried.

IoT

IoT DDOS Passwords Malware

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

The PyInstaller module for Windows contains a script named “Guard” Interestingly, this malware was developed for both Windows and macOS operating systems. The malware tries to spread to other hosts on the network by infecting USB drives. After this, they were tricked into downloading previously unknown malware.

Malware

Malware Banking Energy and Utilities Accountability

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

In Q4 2020, Citrix ADC (application delivery controller) devices became one such tool, when perpetrators abused their DTLS interface. The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent.

DDOS

DDOS Cryptocurrency Marketing Internet

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Malware, short for “malicious software,” is any unwanted software on your computer that, more often than not, is designed to inflict damage. Since the early days of computing, a wide range of malware types with varying functions have emerged. Best Practices to Defend Against Malware. Jump ahead: Adware. RAM scraper.

Malware

Malware Adware Spyware Antivirus

APT trends report Q1 2022

SecureList

APRIL 27, 2022

Disclaimer: when referring to APT groups as Russian-speaking, Chinese-speaking or other-“speaking” languages, we refer to various artefacts used by the groups (such as malware debugging strings, comments found in scripts, etc.) On February 23, ESET published a tweet announcing new wiper malware targeting Ukraine.

Malware

Malware Firmware Government Phishing

The Biggest Lessons about Vulnerabilities at RSAC 2021

eSecurity Planet

MAY 28, 2021

Malware detection has long been a game of signature detection. With ML and artificial intelligence (AI) using thousands of strains to train algorithms, one would surmise that the ability to detect malware is only improving. Hackers are using the same ML and AI technology to avoid using recognized malware. Current Target: VBOS.

Software

Software DNS Firmware VPN

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Government Surveillance Spyware

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

The vendor reports show that most attackers want credentials, most malware development is in credential-stealing software, and the market for stolen credentials is booming: Cisco: Found 54% of organizations experienced a cybersecurity incident; and of those incidents, 54% involved phishing and 37% involved credentials stuffing.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cyber Security Informer

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

ZuoRAT is a sophisticated malware that mainly targets SOHO routers

Trending Sources

Sunburst: connecting the dots in the DNS requests

New Ttint IoT botnet exploits two zero-days in Tenda routers

Dell Wyse ThinOS flaws allow hacking think clients

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Overview of IoT threats in 2023

IT threat evolution Q3 2021

DDoS attacks in Q4 2020

Types of Malware & Best Malware Protection Practices

APT trends report Q1 2022

The Biggest Lessons about Vulnerabilities at RSAC 2021

APT trends report Q3 2021

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Top SD-WAN Solutions for Enterprise Security

Stay Connected