Cryptocurrency, DDOS and DNS - Cyber Security Informer

DDoS attacks in Q4 2020

SecureList

FEBRUARY 16, 2021

The DTLS (Datagram Transport Layer Security) protocol is used to establish secure connections over UDP, through which most DNS queries, as well as audio and video traffic, are sent. While the resource was down, cryptocurrency newbies were invited to download a copy of Bitcoin Core via a torrenting service.

DDOS

DDOS Cryptocurrency Marketing Internet

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing

Phishing Cryptocurrency DDOS Internet

Feds Charge Three in Mass Seizure of Attack-for-hire Services

Krebs on Security

DECEMBER 20, 2018

The seizure notice appearing on the homepage this week of more than a dozen popular “booter” or “stresser” DDoS-for-hire Web sites. They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. bullstresser[.]net.

DNS

DNS Computers and Electronics Government Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

DNS

DNS Cryptocurrency Malware Internet

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Penetration Testing

JUNE 9, 2025

Key tactics included: Obfuscation using ScatterBrain and ScatterBee Use of DLL hijacking DNS-over-HTTPS (DoH) for C2 communication Exploitation of vulnerable enterprise infrastructure (e.g., These implants exfiltrated sensitive files such as certificates and cryptocurrency keys via a custom PowerShell exfiltration script.

Penetration Testing

Penetration Testing Advertising Cybersecurity DNS

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

The attacks aimed at compromising the tarted systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaign. Supports UDP and TCP packets, but also application layer protocols such as HTTP, DNS, SSDP, and SNMP Protocol packing support created by the attacker.

DDOS

DDOS DNS Malware Internet

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs.

Malware

Malware DNS Cryptocurrency Internet

Security Affairs newsletter Round 385

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3

Cryptocurrency

Cryptocurrency Data breaches DNS DDOS

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. DDoS: Overwhelming the Network. In the age-old denial of service (DDoS) attack, a fleet of attacker devices can overwhelm an organization’s web server, thus blocking access to legitimate users.

Cybersecurity

Cybersecurity Cryptocurrency Technology Energy and Utilities

Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns

Security Affairs

JANUARY 5, 2022

“Microsoft has observed rapid uptake of the vulnerability into existing botnets like Mirai, existing campaigns previously targeting vulnerable Elasticsearch systems to deploy cryptocurrency miners, and activity deploying the Tsunami backdoor to Linux systems. ” continues Microsoft.

Malware

Malware DNS DDOS Cryptocurrency

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

IoT

IoT DNS Antivirus DDOS

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). Malware actor publishes the address of the Bot-A in DNS (or using any other public channel). Another malware Bot-B resolves the address of Bot-A using DNS (or using any other public channel). Server-X asks the bot to start the TCP server.

Malware

Malware DNS Encryption Banking

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing

Phishing Spyware Firmware Malware

DDoS attacks in Q2 2021

SecureList

JULY 28, 2021

For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. The bug was named TsuNAME.

DDOS

DDOS DNS IoT Marketing

DDoS attacks in Q4 2021

SecureList

FEBRUARY 10, 2022

Q4 2021 saw the appearance of several new DDoS botnets. In October, the botnet was upgraded with DDoS functionality. This is further evidence that the same botnets are often used for mining and DDoS. In some cases, DNS amplification was also used. The channel was created in June and went live in August 2021.

DDOS

DDOS Cryptocurrency Marketing Accountability

Double-Your-Crypto Scams Share Crypto Scam Host

Krebs on Security

APRIL 11, 2022

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. The ark-x2[.]org

Scams

Scams Cryptocurrency Media Hacking

A week in security (April 12 – 18)

Malwarebytes

APRIL 19, 2021

Source: TechRadar) Cryptocurrency rewards platform Celsius Network disclosed a security breach exposing customer information that led to a phishing attack. Other cybersecurity news: An update to the Covid-19 NHS track and trace mobile app was blocked over privacy and security concerns.

Artificial Intelligence

Artificial Intelligence Scams DDOS DNS

Types of Malware & Best Malware Protection Practices

eSecurity Planet

FEBRUARY 16, 2021

Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” DDoS trojan. See DDoS for reference.

Malware

Malware Adware Spyware Antivirus

APT trends report Q1 2022

SecureList

APRIL 27, 2022

Subsequently, DDoS attacks hit several government websites. This application contains a legitimate program called DeFi Wallet, that saves and manages a cryptocurrency wallet, but also implants a malicious file when executed. We recently discovered a Trojanized DeFi application, compiled in November 2021.

Malware

Malware Firmware Government Phishing

IT threat evolution in Q3 2022. Non-mobile statistics

SecureList

NOVEMBER 18, 2022

Finally, it is worth mentioning the CVE-2022-34724 vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited. In particular, researchers found Operation In(ter)ception , a campaign operated by North Korean Lazarus group, which targets macOS users looking for cryptocurrency jobs.

Mobile

Mobile Malware Ransomware IoT

Cyber Security Informer

DDoS attacks in Q4 2020

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Trending Sources

Feds Charge Three in Mass Seizure of Attack-for-hire Services

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

FreakOut botnet target 3 recent flaws to compromise Linux devices

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs newsletter Round 385

The State of Blockchain Applications in Cybersecurity

Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns

Security Affairs newsletter Round 364 by Pierluigi Paganini

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

IT threat evolution Q1 2022

DDoS attacks in Q2 2021

DDoS attacks in Q4 2021

Double-Your-Crypto Scams Share Crypto Scam Host

A week in security (April 12 – 18)

Types of Malware & Best Malware Protection Practices

APT trends report Q1 2022

IT threat evolution in Q3 2022. Non-mobile statistics

Stay Connected