DNS, Technology and Telecommunications - Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS.

DNS

DNS Internet Internet Government

Sunburst: connecting the dots in the DNS requests

SecureList

DECEMBER 18, 2020

In the initial phases, the Sunburst malware talks to the C&C server by sending encoded DNS requests. These requests contain information about the infected computer; if the attackers deem it interesting enough, the DNS response includes a CNAME record pointing to a second level C&C server. Low-level details. avsvmcloud[.]com”

DNS

DNS Telecommunications Malware Encryption

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

Lyceum group reborn

SecureList

OCTOBER 18, 2021

As in the older DanBot instances, both variants supported similar custom C&C protocols tunneled over DNS or HTTP. Our investigation into Lyceum has shown that the group has evolved its arsenal over the years and shifted its usage from the previously documented.NET malware to new versions, written in C++.

DNS

DNS Telecommunications Malware Accountability

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Sandworm (aka BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST). The researchers observed C2 infrastructure relying on dynamic DNS domains masquerading as Ukrainian telecommunication service providers.

Ransomware

Ransomware Telecommunications DNS Hacking

What are Common Types of Social Engineering Attacks?

eSecurity Planet

JULY 29, 2021

Vishing attacks are also similar to phishing and smishing, but these attacks target VoIP and telecommunications services rather than text-based mediums. Usually this is accomplished either by deploying malware that changes the target computer’s host files, or by using a technique known as DNS cache poisoning. Pretexting.

Social Engineering

Social Engineering Engineering Phishing DNS

Lyceum APT made the headlines with attacks in Middle East

Security Affairs

AUGUST 27, 2019

reported that Hexane is targeting organizations in the oil and gas industry and telecommunication providers. A superficial analysis of the document content might conclude that this document was intended for individuals working with industrial control systems (ICS) or operational technology (OT).” Security experts at Dragos Inc.

DNS

DNS Penetration Testing Passwords Social Engineering

What is a Managed Security Service Provider? MSSPs Explained

eSecurity Planet

AUGUST 22, 2023

History of MSSPs As internet service providers (ISPs) and telecommunications companies (telecoms) began offering commercial access to the internet in the late 1990s, they began to also offer firewall appliances and associated managed services. assets (endpoints, servers, IoT, routers, etc.), Outsourcing U.S. companies may trust U.S.

Telecommunications

Telecommunications Firewall Penetration Testing Cybersecurity

Canadian Police Raid ‘Orcus RAT’ Author

Krebs on Security

APRIL 2, 2019

As first detailed by KrebsOnSecurity in July 2016 , Orcus is the brainchild of John “Armada” Rezvesz , a Toronto resident who until recently maintained and sold the RAT under the company name Orcus Technologies. In an “official press release” posted to pastebin.com on Mar.

Advertising

Advertising Malware Marketing Software

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to the DNS data analysis, this name was used to register at least two domains, which were created using the email from the phishing kit. The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB.

Cybercrime

Cybercrime Phishing Banking Telecommunications

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. T1094) mainly developed using DNS resolutions (which is actually one of the main characteristic of the attacker group).

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

How to Stop DDoS Attacks: Prevention & Response

eSecurity Planet

SEPTEMBER 3, 2022

For example, the 2016 DDoS attack on the Dyn managed domain name service (DNS) caused the DNS service to fail to respond to legitimate DNS inquiries and effectively shut down major sites such as PayPal, Spotify, Twitter, Yelp, and many others. Also read: How to Secure DNS. Types of DDoS Attacks. Harden infrastructure.

DDOS

DDOS DNS Firewall Internet

How we protect our users against the Sunburst backdoor

SecureList

DECEMBER 23, 2020

Several publicly available data sets, such as the one from John Bambenek, include DNS requests encoding the victim names. The attackers showed a deep understanding and knowledge of Office365, Azure, Exchange, Powershell and leveraged it in many creative ways to constantly monitor and extract e-mails from their true victims’ systems.

Malware

Malware Telecommunications DNS Government

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

. “The Internet Corporation for Assigned Names and Numbers ( ICANN ) believes that there is an ongoing and significant risk to key parts of the Domain Name System ( DNS ) infrastructure. “They are going after the internet infrastructure itself,” ICANN chief technology officer David Conrad told AFP. Pierluigi Paganini.

Internet

Internet Internet DNS Telecommunications

APT34: Glimpse project

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

DNS

DNS Computers and Electronics Penetration Testing Government

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

We found the affected domains span across different types of organizations (including information technology, public administration, education, and finance and insurance etc.) Data ingestion through DNS logs are also helpful, but it might not capture the signals if the attacker utilizes public DNS such as Google DNS (8.8.8.8)

DNS

DNS Education Malware Telecommunications

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

SaveBreach reported SolarWinds was “using [an] unencrypted plain FTP server for their Downloads server in the age of global CDN technologies.” The National Telecommunications and Information Administration (NTIA) offers the concept of a Software Bill of Materials (SBOM) to address this problem. Mail DNS controls.

Software

Software Malware Authentication Penetration Testing

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. The most common objective of such attacks is cyberespionage and disruption of major telecommunications companies’ work. The telecommunications sector: Are providers ready for 5G?

Banking

Banking Telecommunications Marketing Internet

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

Every so often, a technology comes along that seems to perfectly capture the zeitgeist : representing all that is both promising and troubling about the future. Advances in the use of polymers revolutionized everything from food packaging to electronics, telecommunication and medicine. When it comes to what can you do today?

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Best Network Monitoring Tools for 2022

eSecurity Planet

JANUARY 26, 2022

Assembled by Broadcom subsidiary CA Technologies, DX NetOps offers network visibility and actionable intelligence for monitoring digital user experiences. Spun off from the telecommunications vendor JDS Uniphase in 2015, Viavi Solutions is a newer name, but it has four-plus decades of IT services experience. Catchpoint Features.

Marketing

Marketing DDOS Threat Detection DNS

Iranian Threat Actors: Preliminary Analysis

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors.”

Computers and Electronics

Computers and Electronics Penetration Testing Malware Government

APT trends report Q1 2021

SecureList

APRIL 27, 2021

Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. The victims we observed were all high-profile Tunisian organizations, such as telecommunications or aviation companies.

Malware

Malware Spyware Government Social Engineering

Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Sunburst: connecting the dots in the DNS requests

Trending Sources

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Lyceum group reborn

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

What are Common Types of Social Engineering Attacks?

Lyceum APT made the headlines with attacks in Middle East

What is a Managed Security Service Provider? MSSPs Explained

Canadian Police Raid ‘Orcus RAT’ Author

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

OilRig APT group: the evolution of attack techniques over time

How to Stop DDoS Attacks: Prevention & Response

How we protect our users against the Sunburst backdoor

ICANN warns of large-scale attacks on Internet infrastructure

APT34: Glimpse project

Iran-linked APT34: Analyzing the webmask project

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

Guarding Against Solorigate TTPs

Group-IB presents its annual report on global threats to stability in cyberspace

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Best Network Monitoring Tools for 2022

Iranian Threat Actors: Preliminary Analysis

APT trends report Q1 2021

Stay Connected