Tag Archives: swiss

Criminal multitool LilithBot arrives on malware-as-a-service scene

Bespoke botnet up for grabs from outfit praised for, er, customer service A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.…

Follow this link:
Criminal multitool LilithBot arrives on malware-as-a-service scene

Group claiming to be the Armada Collective threatens DDoS attack

Cybercriminals claiming to be the Armada Collective have sent out extortion emails threatening independent and small businesses with DDoS attacks. A group of cybercriminals which claim to be the infamous Armada Collective are threatening independent and small business websites worldwide with a huge Distributed Denial of Service (DDoS) attack, should they fail to pay the bitcoin ransoms requested by email. It is still unclear if these cybercriminals are the real deal or are just pretending to be to scare possible victims into paying a ransom to prevent a DDoS attack that could threaten their businesses. The actual Armada Collective gained infamy last year after extorting money from a number of Swiss firms, several Thai banks and even ProtonMail which provides encrypted webmail. The emails sent out to businesses around the globe inform users that their security is poor and that the group will launch a DDoS attack on their networks using the Cerber ransomware and anywhere from 10-300 Gigabytes per second (Gbps) of attack power. However, anyone who received and email from the group can prevent the attack by paying one bitcoin which is equivalent to $606. If the ransom is not paid before they attack though, the price will go up significantly to 20 bitcoins to put an end to the DDoS attacks. The group has also been kind enough to provide users who are unfamiliar with bitcoin all the information necessary on how to download a personal bitcoin wallet such as Multibit or Xapo. They are also informed on how to set up a bitcoin wallet of their choosing online. It is quite possible that the group’s email demands could be fake and any user who received the email should contact their local authorities, but under no circumstance should they pay the ransom. Source: http://www.itproportal.com/news/group-claiming-to-be-the-armada-collective-threatens-ddos-attacks/

Taken from:
Group claiming to be the Armada Collective threatens DDoS attack

?The top 5 least-wanted malware in any corporate IT infrastructure

Ask a group of people to define malware, and you’re likely to get a range of different answers. The term has become a catch-all description for a broad collection of different cyber threats that keep IT managers awake at night. Categories falling under the malware banner include viruses and worms, adware, bots, Trojans and root kits. Each category is different but all can cause disruption and loss if not detected and quickly removed. Of the malware types in the wild, the top five are: 1. Remote Access Trojans (RATs) RATS comprise malicious code that usually arrives hidden in an email attachment or as part of a downloaded file such as a game. Once the file is open, the RAT installs itself on the victim’s computer where it can sit unnoticed until being remotely trigged. RATs provide attackers with a back door that gives them administrative control over the target computer. This can then be used to steal data files, access other computers on the network or cause disruption to business processes. One of the first examples, dubbed Beast, first appeared in the early 2000s. It was able to kill running anti-virus software and install a key logger that could monitor for password and credit card details. Sometimes it would even take a photo using the target computer’s web cam and send it back to the attacker. 2. Botnets Some liken botnets to a computerised ‘zombie army’ as they comprise a group of computers that have been infected by a backdoor Trojan. Botnets have similar features to a RAT, however their key difference is that they are a group of computers being controlled at the same time. Botnets have been described as a Swiss Army knife for attackers. Linked to a command-and-control channel, they can be instructed to forward transmissions including spam or viruses to other computers in the internet. They can also be used to initiate distributed denial of service (DDoS) attacks similar to the one suspected to have disrupted the Australian census. Some attackers even rent their botnets out to other criminals who want to distribute their own malware or cause problems for legitimate websites or services. 3. Browser-based malware This type of malware targets a user’s web browser and involves the installation of a Trojan capable of modifying web transactions as they occur in real time. The benefit for malware of being in a browser is that it enables it to avoid certain types of security protection such as packet sniffing. Some examples of the malware generate fake pop-up windows when they know a user is visiting a banking web site. The windows request credit card details and passwords which are then sent back to the attacker. Security experts estimate that there have been around 50 million hosts infected by browser-based malware and estimated financial losses have topped $1 billion. 4. Point-of-sale (POS) Malware This is a specialised type of malware that seeks out computers specifically used for taking payments in retail outlets. The malware is designed to infect the computer to which POS terminals are attached and monitor it for credit card details. One example, called Backoff, appeared in late 2013 and managed to infect more than 1000 businesses including the large US-based retailer Dairy Queen. 5. Ransomware This category of malware is designed to take over a computer and make it or the data stored on it unusable. The code usually encrypts data and then the attacker demands payment from the user before providing the encryption key. One of the more prevalent ransomware versions is called Locky and appeared in early 2016. It has already infected a large number of individuals, companies and public facilities such as hospitals. While early examples used poor encryption techniques, ransomware has quickly evolved to the point where many varieties now use industry-standard 256-bit encryption which is effectively impossible to crack without the private key. The best anti-malware steps to take While the impact of a malware infection can be significant for individuals or an organisations, there are steps that can be taken to reduce the likelihood of infection. They include: General awareness It’s important for users to be aware of the threats that malware brings. Staff should be educated about phishing attacks and to be cautious when downloading files or opening attachments from unfamiliar parties. Regular backups Regular back-ups of critical data are a vital part of any security strategy. In larger organisations, a global share drive can be created in which all important files should be stored. This drive can then be backed up as often as is needed. Copies of backups should also be kept offline as an additional layer of protection.   Defence in depth In a complex IT infrastructure, there should be multiple layers of security designed to stop attacks. While no single defence can protect completely, creating a defence in depth strategy will ensure systems and data are as secure as they can be. Layered protection should range from firewalls and anti-virus software through to network intrusion and advanced persistent threat tools. By taking a comprehensive and multi-layered approach to security, organisations can reduce the likelihood they will fall victim to malware attacks and avoid the disruptive and potentially costly problems they can cause. Source: http://www.cso.com.au/article/605901/top-5-least-wanted-malware-any-corporate-it-infrastructure/

View original post here:
?The top 5 least-wanted malware in any corporate IT infrastructure

Crypto e-mail provider ProtonMail pays ransom to stop DDoS attack, attack continues

Switzerland-based end-to-end encrypted e-mail provider ProtonMail has been on the receiving end of a heavy DDoS attack since Tuesday, November 3, and unavailable to its users for hours on end. Pro…

Continued here:
Crypto e-mail provider ProtonMail pays ransom to stop DDoS attack, attack continues

Emoticons blast three security holes in Pidgin :-(

Dump docs on users’ disks using only ASCII art (°O°) Cisco researchers have reported a trio of vulnerabilities in popular instant messaging client Pidgin that allow for denial of service by way of emoticon abuse and remote arbitrary file creation.…

Read the article:
Emoticons blast three security holes in Pidgin 🙁

Microsoft borks botnet takedown in Citadel snafu

Stupid Redmond kicked over our honeypots, wail white hats Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners.…

Read the original:
Microsoft borks botnet takedown in Citadel snafu