Akamai, Mirai, & The FBI

Through the end of 2016, and throughout 2017, multiple Mirai-based botnets targeted multiple Akamai customers. The very first Mirai attack against Akamai was a multi-day barrage, weighing in at a peak of 620/Gbps that sent shockwaves across the Internet. The same botnet would go on to conduct...

Botnets, Breaches, and the End of Defense in Depth: Our 2017 Cybersecurity Predictions in Review

As 2016 closed out, Imperva once again peered into its crystal ball. As usual, there was much to foretell regarding the ever-changing cybersecurity realm in 2017. We’ll be doing the same soon as we look ahead into 2018. But before we do, we like to assess how accurate we were against the...

Mirai IoT Botnet Co-Authors Plead Guilty

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video...

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court...

A state of constant uncertainty or uncertain constancy? Fast flux explained

Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux. In the context of...

A week in security (December 04 – December 10)

Last week on the blog, we looked at a RIG EK malware campaign, explored how children are being tangled up in money mule antics, took a walk through the world of Blockchain, and gave a rundown of what's involved when securing web applications. We also laid out the trials and tribulations of the...

The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers

Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...

Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit DCU, announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the...

Feds Shut Down 'Longest-Running' Andromeda Botnet

In a coordinated International cyber operation, Europol with the help of international law enforcement agencies has taken down what it called "one of the longest-running malware families in existence" known as Andromeda. Andromeda, also known as Win32/Gamarue, is an infamous HTTP-based modular...

Default Password 'QwestM0dem' for 'admin' Account

The account 'admin' on the remote host has the default password 'QwestM0dem'. A remote attacker can exploit this issue to gain administrative access to the affected system. Note that this username / password combination was found in the leaked source from the Mirai botnet. %NASLMINLEVEL 70300 C...

New Mirai Botnet Variant Found Targeting ZyXEL Devices In Argentina

While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai—the well known IoT botnet malware that wreaked havoc last year. Last week, researchers noticed an increase in traffic scanning ports 2323 a...

Newly Published Exploit Code Used to Spread Mirai Variant

Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...

PT-2017-4188

The Huawei HG532 router, including some customized versions, is affected by a remote code execution issue. An authenticated attacker can send malicious packets to port 37215 to launch attacks, potentially leading to the remote execution of arbitrary code. Meanwhile, researchers have discovered a...

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex...

This Holiday Season - Buy One IoT Device, Get Free CVEs

As the Internet of Things gains steam and continues to develop, so are adversaries and the threats affecting these systems. Companies throughout the world are busy deploying low cost Internet-connected computing devices aka the Internet of Things to solve business problems and improve our lives. ...

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hack...

DDoS attacks in Q3 2017

News Overview In the third quarter of 2017, the trends of the preceding quarters continued to develop further. The number of DDoS attacks in China, the United States, South Korea and Russia increased, which were reflected in the statistics we gathered for botnets. A sharp surge in the number more...

No Prison for Student who Developed Spam Botnet to Pay College Fee

By Carolina Sean Tiernan, 29 from Santa Clara, California was given 24 months probation This is a post from HackRead.com Read the original post: No Prison for Student who Developed Spam Botnet to Pay College Fee...

Telnet IoT Honeypot - Python Telnet Honeypot For Catching Botnet Binaries

This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet. Other than https://github.com/stamparm/hontel or https://github.com/micheloosterhof/cowrie examples, which provides...

Critical Infrastructure and Cyber Security

Before the recent natural disasters, I could describe to you how we as a community might recover after a cyberattack to our critical infrastructure, but it would be hard to imagine. Some may argue that it would be too extreme of a scenario to consider and that we would never get to the point wher...