Cybercrime, DDOS, Information Security and Malware

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

Several media reported that three million electric toothbrushes were compromised and recruited into a DDoS botnet. The Swiss newspaper Aargauer Zeitung first published the news of a DDoS attack, carried out on January 30, that involved three million compromised electric toothbrushes. Is it true? What the f is wrong with you people????

DDOS

DDOS IoT Media Internet

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Security Affairs

OCTOBER 9, 2023

A threat actor has leaked the source code for the first version of the HelloKitty ransomware on a Russian-speaking cybercrime forum. The availability of the source in the cybercrime ecosystem can allow threat actors to develop their own version of the Hello Kitty ransomware.

Cybercrime

Cybercrime Ransomware DDOS Encryption

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. The file poses as a tool required to bypass the DDoS verification.

DDOS

DDOS Malware Antivirus Firewall

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

Enemybot is a DDoS botnet that targeted several routers and web servers by exploiting known vulnerabilities. Researchers from Fortinet discovered a new DDoS botnet, tracked as Enemybot, that has targeted several routers and web servers by exploiting known vulnerabilities. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware

Malware VPN Internet Internet

Dutch police warn customers of a popular DDoS booter service

Security Affairs

OCTOBER 13, 2021

Dutch police warn customers of a distributed denial-of-service (DDoS) website of stopping using the service to avoid prosecution. Dutch police warn customers of a booter service, abused to carry out distributed denial-of-service (DDoS) attacks, of to stop using it to avoid prosecution. by carrying out DDoS attacks on March 19.

DDOS

DDOS Cybercrime IoT Hacking

HelloKitty ransomware gang also targets victims with DDoS attacks

Security Affairs

NOVEMBER 1, 2021

According to the alert, the ransomware gang is launching distributed denial-of-service (DDoS) attacks as part of its extortion activities. In some cases, if the victim does not respond quickly or does not pay the ransom, the threat actors will launch a Distributed Denial of Service (DDoS) attack on the victim company’s public facing website.”

DDOS

DDOS Ransomware Cybercrime Encryption

Hackers breached four prominent underground cybercrime forums

Security Affairs

MARCH 6, 2021

A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. No other information looked to be compromised in the attack.”

Cybercrime

Cybercrime DDOS Hacking Passwords

Diicot cybercrime gang expands its attack capabilities

Security Affairs

JUNE 19, 2023

Cado researchers recently detected an interesting attack pattern linked to an emerging cybercrime group tracked as Diicot (formerly, “Mexals”) and described in analyses published by Akamai and Bitdefender. Evidence collected by Cado suggests the deployment of a botnet having DDoS capabilities.

Cybercrime

Cybercrime DDOS Internet Internet

New evolving Abcbot DDoS botnet targets Linux systems

Security Affairs

NOVEMBER 13, 2021

Qihoo 360’s Netlab detailed a new evolving DDoS botnet called Abcbot with wormable capabilities that targets Linux systems. Researchers from Qihoo 360’s Netlab security team have spotted a new botnet, tracked as Abcbot, that targets Linux systems to launch distributed denial-of-service (DDoS) attacks.

DDOS

DDOS Malware Passwords Cryptocurrency

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

A Mirai-based DDoS botnet tracked as IZ1H9 has added thirteen new exploits to target routers from different vendors, including D-Link, Zyxel, and TP-Link. The botnet supports multiple DDoS attacks, including UDP, HTTP Flood, UDP Plain, and TCP SYN. “The exposure of vulnerable devices can result in severe security risks.

DDOS

DDOS Wireless Architecture IoT

Trickbot spreads malware through new distribution channels

Security Affairs

OCTOBER 16, 2021

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. ” concludes the report.

Malware

Malware Cybercrime DDOS Social Engineering

New Condi DDoS botnet targets TP-Link Wi-Fi routers

Security Affairs

JUNE 21, 2023

Researchers discovered a new strain of malware called Condi that targets TP-Link Archer AX21 (AX1800) Wi-Fi routers. Fortinet FortiGuard Labs Researchers discovered a new strain of malware called Condi that was observed exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers. ” concludes the report.”Thus,

DDOS

DDOS Malware Advertising Hacking

Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server

Security Affairs

OCTOBER 13, 2022

Cloudflare mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. Cloudflare announced it has mitigated a record distributed denial-of-service (DDoS) attack against Wynncraft, one of the largest Minecraft servers. The largest attack was a 2.5 ” continues the report.

DDOS

DDOS Threat Reports Hacking Cybercrime

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials. Akamai Security Research discovered a new evasive Golang-based malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak login credentials. ” Pierluigi Paganini.

DDOS

DDOS Malware Cryptocurrency Architecture

REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims

Security Affairs

MARCH 7, 2021

The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims to pay the ransom. Malware #Ransomware #REvil REvil Ransomware launched a service for contact to news media, companies for the best pressure at no cost, and DDoS (L3, L7) as a paid service.

DDOS

DDOS Ransomware Media Malware

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Security Affairs

JULY 8, 2022

The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. Since February, the Conti ransomware group has taken over TrickBot malware operation and also planned to replace it with BazarBackdoor malware. ” concludes IBM. ” concludes IBM.

Cybercrime

Cybercrime Malware DDOS Ransomware

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Security Affairs

MAY 9, 2023

A DDoS botnet dubbed AndoryuBot has been observed exploiting an RCE, tracked as CVE-2023-25717, in Ruckus access points. The activity is associated with a known DDoS botnet tracked as AndoryuBot that first appeared in February 2023. The bot supports multiple DDoS attack techniques and uses SOCKS5 proxies for C2 communications.

DDOS

DDOS Wireless Architecture Advertising

Cloudflare mitigated the largest ever volumetric DDoS attack to date

Security Affairs

AUGUST 20, 2021

Web infrastructure and website security company Cloudflare announced to have mitigated the largest ever volumetric DDoS attack to date. Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date.

DDOS

DDOS Telecommunications Internet Internet

New Wiper Malware HermeticWiper targets Ukrainian systems

Security Affairs

FEBRUARY 24, 2022

Cybersecurity experts discovered a new data wiper malware that was used in attacks against hundreds of machines in Ukraine. Researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine.

Malware

Malware DDOS Banking Government

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army , threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.”

DDOS

DDOS Digital transformation Malware Advertising

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

A man accused to have developed distributed denial of service (DDoS) botnets based on the Mirai botnet was sentenced to 13 months in federal prison. Schuchman compromised hundreds of thousands of IoT devices, including home routers and IP cameras, to create multiple DDoS IoT botnets that he rented to carry out the attacks.

DDOS

DDOS IoT Advertising Internet

Dutch police shut down bulletproof service hosting tens of DDoS botnets

Security Affairs

OCTOBER 3, 2019

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks. The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. over a period of one year. Pierluigi Paganini.

DDOS

DDOS IoT Cybercrime Advertising

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

NOVEMBER 15, 2021

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. SecurityAffairs – hacking, DDoS). Cloudflare, Inc.

DDOS

DDOS DNS IoT Internet

Security Service of Ukraine arrested a man operating a huge DDoS botnet

Security Affairs

OCTOBER 11, 2021

Ukrainian police arrested a cybercriminal who controlled a botnet composed of 100,000 devices that was available for rent to launch DDoS attacks. Security Service of Ukraine (SSU) has arrested a hacker who controlled a DDoS botnet composed of 100,000 devices that was available for rent. SecurityAffairs – hacking, cybercrime).

DDOS

DDOS Computers and Electronics Cybercrime Advertising

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

Security Affairs

SEPTEMBER 9, 2021

The massive DDoS attack that has been targeting the internet giant Yandex was powered b a completely new botnet tracked as M?ris. The record magnitude of the massive DDoS attack was also confirmed by the US company Cloudflare, which specializes in the protection against such kinds of attacks. technique for DDoS attacks.

DDOS

DDOS Internet Internet IoT

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware

Malware DDOS Cryptocurrency Firewall

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

Malware

Malware DDOS Architecture Financial Services

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The botnet was first discovered by Fortinet in March, the DDoS botnet targeted several routers and web servers by exploiting known vulnerabilities. The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. Experts pointed out that the malware is being actively developed.

Malware

Malware DDOS IoT Cybercrime

LilithBot Malware, a new MaaS offered by the Eternity Group

Security Affairs

OCTOBER 6, 2022

Researchers linked the threat actor behind the Eternity malware-as-a-service (MaaS) to a new malware strain called LilithBot. Zscaler researchers linked a recently discovered sample of a new malware called LilithBot to the Eternity group (aka EternityTeam; Eternity Project). ” reads the report published by Zscaler.

Malware

Malware DDOS Ransomware Cryptocurrency

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. ” reads the analysis published by AquaSec. Pierluigi Paganini.

Malware

Malware DDOS Architecture Cryptocurrency

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

Security Affairs

JUNE 25, 2023

Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix recently disclosed flaws in Apple devices VMware fixed five memory corruption issues in vCenter Server Fortinet fixes critical FortiNAC RCE, install updates asap More than a million GitHub repositories potentially vulnerable to RepoJacking New Mirai (..)

DDOS

DDOS Cybercrime Spyware Malware

New ShellBot bot targets poorly managed Linux SSH Servers

Security Affairs

MARCH 21, 2023

New ShellBot DDoS bot malware, aka PerlBot, is targeting poorly managed Linux SSH servers, ASEC researchers warn. AhnLab Security Emergency response Center (ASEC) discovered a new variant of the ShellBot malware that was employed in a campaign that targets poorly managed Linux SSH servers. and PowerBots (C) GohacK. .”

DDOS

DDOS Malware Passwords Accountability

Experts analyzed attacks against poorly managed Linux SSH servers

Security Affairs

DECEMBER 27, 2023

Researchers warn of attacks against poorly managed Linux SSH servers that mainly aim at installing DDoS bot and CoinMiner. Researchers at AhnLab Security Emergency Response Center (ASEC) are warning about attacks targeting poorly managed Linux SSH servers, primarily focused on installing DDoS bots and CoinMiners.

DDOS

DDOS Passwords Firewall Accountability

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Shortly after that, those same servers came under a sustained distributed denial-of-service (DDoS) attack. Chaput said whoever was behind the DDoS was definitely not using point-and-click DDoS tools, like a booter or stresser service. A DIRECT QUOT The domain quot[.]pw “Consider salaries in Russia,” Quotpw said.

Scams

Scams DDOS Cryptocurrency Accountability

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

Security Affairs

MAY 15, 2022

Researchers at cybersecurity firm Cyble analyzed a Tor website named named ‘Eternity Project’ that offers for sale a broad range of malware, including stealers, miners, ransomware, and DDoS Bots. The channel was used to share information about malware listings and updates. SecurityAffairs – hacking, malware).

Ransomware

Ransomware DDOS Cybercrime Malware

New Tsunami botnet targets Linux SSH servers

Security Affairs

JUNE 20, 2023

Researchers warn of an ongoing Tsunami DDoS botnet campaign targeting inadequately protected Linux SSH servers. Researchers from AhnLab Security Emergency response Center (ASEC) have uncovered an ongoing hacking campaign, aimed at poorly protected Linux SSH servers, to install the Tsunami DDoS botnet (aka Kaiten).

DDOS

DDOS Malware Passwords Accountability

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware

Malware Antivirus DDOS Hacking

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs

JUNE 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9 Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure A database containing data of +8.9

Data breaches

Data breaches DDOS Backups Firewall

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime

Cybercrime Malware Hacking Accountability

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks.

IoT

IoT DDOS Architecture Internet

Reading INTERPOL the African Cyberthreat Assessment Report 2021

Security Affairs

OCTOBER 30, 2021

INTERPOL published the African Cyberthreat Assessment Report 2021, a report that analyzes evolution of cybercrime in Africa. A new report published by INTERPOL, titled the African Cyberthreat Assessment Report 2021 , sheds the light on cybercrime in Africa. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybercrime

Cybercrime Scams DDOS Banking

MCCrash botnet targets private Minecraft servers, Microsoft warns

Security Affairs

DECEMBER 16, 2022

Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. ark—event[.]net

DDOS

DDOS IoT Malware Internet

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Security Affairs

JULY 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

DDOS

DDOS Hacking Spyware Surveillance

Unraveling the truth behind the DDoS attack from electric toothbrushes

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Webinars

Trending Sources

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Webinars

Enemybot, a new DDoS botnet appears in the threat landscape

Who and What is Behind the Malware Proxy Service SocksEscort?

Dutch police warn customers of a popular DDoS booter service

HelloKitty ransomware gang also targets victims with DDoS attacks

Hackers breached four prominent underground cybercrime forums

Diicot cybercrime gang expands its attack capabilities

New evolving Abcbot DDoS botnet targets Linux systems

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Trickbot spreads malware through new distribution channels

New Condi DDoS botnet targets TP-Link Wi-Fi routers

Cloudflare blocked a 2.5 Tbps DDoS attack aimed at the Minecraft server

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims

Russian Cybercrime Trickbot Group is systematically attacking Ukraine

Fortinet warns of a spike of the activity linked to AndoryuBot DDoS botnet

Cloudflare mitigated the largest ever volumetric DDoS attack to date

New Wiper Malware HermeticWiper targets Ukrainian systems

Crooks target Ukraine’s IT Army with a tainted DDoS tool

Developer of DDoS Mirai based botnets sentenced to prison

Dutch police shut down bulletproof service hosting tens of DDoS botnets

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Service of Ukraine arrested a man operating a huge DDoS botnet

A new botnet named M?ris is behind massive DDoS attack that hit Yandex

New shc Linux Malware used to deploy CoinMiner

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

EnemyBot malware adds new exploits to target CMS servers and Android devices

LilithBot Malware, a new MaaS offered by the Eternity Group

New Go-based Redigo malware targets Redis servers

Security Affairs newsletter Round 425 by Pierluigi Paganini – International edition

New ShellBot bot targets poorly managed Linux SSH Servers

Experts analyzed attacks against poorly managed Linux SSH servers

Interview With a Crypto Scam Investment Spammer

Eternity Project: You can pay $260 for a stealer and $490 for a ransomware

New Tsunami botnet targets Linux SSH servers

NetDooka framework distributed via a pay-per-install (PPI) malware service

Security Affairs newsletter Round 424 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Updated Kmsdx botnet targets IoT devices

Reading INTERPOL the African Cyberthreat Assessment Report 2021

MCCrash botnet targets private Minecraft servers, Microsoft warns

Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

Stay Connected