In Q4 2017 we found that the Necurs and Gamut botnets comprised 97% of spam botnet traffic. (See the McAfee Labs Threats Report, March 2018.) Necurs (at 60%) is currently the world’s largest spam botnet. The infected computers operate in a peer-to-peer model, with limited communication between the nodes and the control […]
Pourquoi vos smartphones intéressent tant les hackers ?
Les experts en sécurité constatent une bascule dans les cibles de prédilection des cybercriminels qui préfèrent s’en prendre aux smartphones plutôt qu’aux ordinateurs. On vous explique pourquoi. Votre smartphone vous connaît sans doute mieux que vous-même. Il sait en permanence où vous vous trouvez, il connaît toutes les personnes auxquelles […]
Cryptocurrency mining operations target Windows Server, Redis and Apache Solr servers online
Researchers from the ISC SANS group and the Anti-DDoS company Imperva discovered two distinct campaigns targeting Windows Server, Redis and Apache Solr servers online. Last week new mining campaigns targeted unpatched Windows Server, Apache Solr, and Redis servers, attackers attempted to install the cryptocurrency miner Coinminer. Two campaigns were spotted by researchers from the ISC […]
Governments rely on Sandvine network gear to deliver spyware and miners
According to Citizen Lab, some governments are using Sandvine network gear installed at internet service providers to deliver spyware and cryptocurrency miners. Researchers at human rights research group Citizen Lab have discovered that netizens in Turkey, Egypt and Syria who attempted to download legitimate Windows applications from official vendor websites (i.e. Avast […]
Turkish ISP Swapped Downloads of Popular Software with Spyware-Infected Apps
Türk Telekom, a Turkish Internet Service Provider (ISP), has deployed special hardware to intercept and alter Internet traffic, swapping legitimate software downloads with similar applications, but infected with spyware. A Citizen Lab report claims that Türk Telekom has deployed Sandvine PacketLogic middleboxes in five regions across the country. These devices […]
Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers
Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer). Two separate campaigns have been spotted, both very active this week. One by the Imperva crew, targeting Redis and Windows […]
The Week in Ransomware – March 9th 2018 – GandCrab and Qwerty
It has been a pretty slow ransomware week as most of the malware developers have started pushing cryptominers. We did see the continued distribution of the GnuPG based Qwerty Ransomware and a new variant of the GandCrab ransomware that makes it secure again. March 3rd 2018 New GlobeImposter discovered GrujaRS found a […]
Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files
A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victim’s files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted file’s name. It […]
Russian hackers stole 860,000 euros from 32 ATMs belonging to the Raiffeisen Romania in just one night
In just one night a Russian crime gang stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank. Cybercriminals stole 3.8 million slopes (860,000 euros) from 32 ATMs belonging to the Raiffeisen Romania bank using an infected RTF document. The criminal organization led by Dmitriy Kvasov operated […]
Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days
Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed. Chinese Qihoo 360’s Netlab, whose global DDoS monitoring service ‘DDosMon’ initially spotted the Memcached-based DDoS attacks, […]