DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence

Distributed denial-of-service DDoS attacks dropped significantly at the end of 2020, down 31 percent in the fourth quarter, according to researchers. The reason? Cybercriminals have switched their efforts and their botnets to cryptomining. According to an analysis from Kaspersky published Tuesday...

Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins

A tiny-sized malware that packs a big punch has been targeting supercomputers, especially those used in academia and scientific enterprises. It allows initial access for a variety of follow-on attacks, including credential theft – and potentially data exfiltration or cryptomining. That’s accordin...

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers. The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers...

Linux Devices Under Attack by New FreakOut Malware

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service DDoS attacks and cryptomining. The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning,...

Rapid7 Labs’ 2020 Naughty List Summary Report to Santa

As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe. Needless to say, some source networks have been very naughty dare we use the word “again,” since these all seem to be repeat offenders. To...

Think-Tanks Under Attack by Foreign APTs, CISA Warns

The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...

Misconfigured Docker Servers Under Attack By Xanthe Malware

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems. Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a...

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Click to Register! Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with...

The Life Cycle of a Compromised (Cloud) Server

Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting see the first part here. As part of th...

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...

This Week in Security News: Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update and New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Microsoft’s largest-ever Patch Tuesday update including 129 CVEs. Also, read about a new Android Spyware dubbed ActionSpy. Read...

Kubernetes Falls to Cryptomining via Machine-Learning Framework

A unique cyberattack campaign that targets Kubeflow, a machine-learning toolkit for Kubernetes, has affected large swathes of container clusters, according to Microsoft. The Kubeflow open-source project is a popular framework for running machine-learning ML tasks in Kubernetes. According to an...

Poorly Secured Docker Image Comes Under Rapid Attack

In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it...

Self-Propagating Malware Targets Thousands of Docker Ports Per Day

The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. Thousands of container-compromise attempts are being observed every day as part of the campaign, according to Gal Singer, a...

Next-Gen Ransomware Packs a 'Human' Punch, Microsoft Warns

Researchers are warning that “human operated” ransomware campaigns are growing more sophisticated, adopting new infection tactics and lateral movement techniques that traditional defense teams aren’t equipped to handle. Researchers said that “auto-spreading” ransomware – like WannaCry and NotPety...

Fake Smart Factory Honeypot Highlights New Attack Threats

A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems ICS face with increased exposure to the internet...

Threat Source newsletter (Jan. 23, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Despite tensions starting to fizzle between the U.S. and Iran, people are still worried about cyber conflict. What would that even look...

Vivin Nets Thousands of Dollars Using Cryptomining Malware

A recently uncovered threat actor, dubbed Vivin, has made thousands of U.S. dollars through a large-scale cryptomining campaign. Vivin is unique due to its longevity — the threat actor has been active since at least 2017 — and researchers with Cisco Talos point to Vivin as a good example of why...

Breaking down a two-year run of Vivin’s cryptominers

News Summary There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. "Vivin" has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign. ...

INTERPOL Collaboration Reduces Cryptojacking by 78%

Cybercriminals are often seen as having the upper hand over the “white hat” community. After all, they’re anonymous, can launch attacks from virtually anywhere in the world, and usually have the element of surprise. But there’s one secret weapon the good guys have: Collaboration. That’s why Trend...