Category Archives: DDoS

28th August updates – AVIEN Resources

Updates to Cryptocurrency/Crypto-mining News and Resources

Bleeping Computer: Atlas Quantum Cryptocurrency Investment Platform Suffers Data Breach – “Atlas Quantum said the hacker (or hackers) did not steal any funds from users’ accounts.”

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Meltdown/Spectre and other chip-related resources

The Register: Linux 4.19 lets you declare your trust in AMD, IBM and Intel – “Wave the the CPU trust flag if you’re feeling safe enough….When random number generation is insufficiently random, encryption based on such numbers can be broken with less effort.”

Updates to Specific Ransomware Families and Types

Security Boulevard: Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack – “This is borne out by Akamai Technologies’ Summer 2018 Internet Security/Web Attack Report.

Updates to Tech support scams resource page

Link to Chainmailcheck article below.

Updates to Chain Mail Check

William Tsing for Malwarebytes: Green card scams: preying on the desperate – Green card scams are far from new. Though in fact this site does actually indicate in the small print that its usefulness to someone wanting to improve their chances of getting a green card via the diversity visa lottery is going to be very limited indeed. But Tsing makes the interesting point that the scam site looks more authentic than the real site because it provides more information, and compares it to “what we see with legitimate tech support and tech support scammers. An official entity does a poor job communicating with its constituency, and that creates a vacuum that scammers are all too eager to fill.” Seems an entirely valid point.

I talked about the issue of inadequate tech support in an article for ESET – Tech support scams and the call of the void – The importance of providing the best possible after-sales service to customers. That article was sparked off by a useful article on the Security Boulevard site by Christopher Burgess on When Scammers Fill the Tech Support Void.

Updates to Mac Virus

Tomáš Foltýn for ESET: Why now could be a good time to fortify your Android defenses
“Stop us if you’ve heard this before: avoid installing apps from outside Google Play. But what if you’re itching to battle it out in Fortnite?”

Follow-up article- interview with Lukáš Štefanko, who says I hope other app developers don’t follow Epic‘s example – “After Epic Games shunned Google Play, debates about threats faced by Android users have taken on a whole new tenor. Joining us to add his voice to the mix is ESET Malware Researcher Lukáš Štefanko”

My own view is slightly (but only slightly) different, as discussed in my MacVirus article: Fortnite and Android: an Epic disagreement

David Harley

Advertisements

Memcached,DDoS, RDoS, DDoS-for-Bitcoin

Catalin Cimpanu for Bleeping Computer: Some Memcached DDoS Attackers Are Asking for a Ransom Demand in Monero. Basically, more on the Memcached story but with a little background on earlier DDoS for ransom attacks.

Cimpanu says that “according to Daniel Smith, a Radware security researcher who spoke with Bleeping Computer, paying the Monero ransom won’t help … because attackers have used the same Monero address for multiple DDoS attacks against different targets.”

Link added to Specific Ransomware Families and Types.

Here are the links again for the Brian Krebs (et al) story I flagged yesterday:

  • Brian Krebs: Powerful New DDoS Method Adds Extortion
    “Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power … Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks.” Cites:

    • Akamai: MEMCACHED-FUELED 1.3 TBPS ATTACKS
    • Experts from Cybereason and other sources. According to Krebs, Cybereason have seen Memcached attacks where the payload is a demand for 50 XMR (Monero).

David Harley

March 3rd 2018 resources update

Updates to Specific Ransomware Families and Types:

David Harley

Linux malware found in screensaver


http://linux.slashdot.org/article.pl?sid=09/12/09/2215253

I hate to say I told you so…actually, that’s not true. In this case, it was sadly obvious that it would happen, but the general attitude of the whole OS/Free Software crowd is still to claim the earth is flat when it comes to Malware.
Interested readers might like to Google my EICAR paper from 2002 called “The Emperor’s New Clothes: Linux and the myth of a virus free operating system”.

There I discussed that the very thing that makes the OSS model work is also its greatest weakness, there’s little control, little QA, and 99% of the time proletariat downloading a package won’t check it (nor would most be competent to), so it’s very easy to insert malware. It’s very likely there is a lot more malware out there lurking in small fringe packages such as the one mentioned in the OMGUbuntu article.
The fact is that with the rise ofthe netbook, Linux becomes a more desirable platform to attack, and at the moment, it’s way too easy. After all, who needs anti-malware software on Linux?

The Zombie Perspective

Nice article by Dennis Fisher on “The Root of the Botnet Epidemic” at

http://threatpost.com/en_us/blogs/root-botnet-epidemic-113009.

Starting from a historical overview of the situation around the turn of the century, with the first DDoS attacks, Mafiaboy, trinoo, stachedraht and all that, with copious quotes from Joe Stewart and Jose Nazario.

Should be an interesting series.

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://dharley.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/