Retrospective: NHS, ransomware and technical debt

May 31, 2017

By: Ed Daniel, Solution Engineer, NSFOCUS

On May 15th, the NHS (UK’s National Health Service) suffered its single worst disruption to service in the history of the organisation. The disruption was due to a type of malicious software, known as ransomware, with the purpose of attempting to extort money from victims by encrypting their data, and offering to decrypt that data for a fee, a ransom no less, or lose that data forever. (more…)

Solving the DDoS Problem – One Summit at a Time

April 8, 2017

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

It’s no secret that DDoS attacks are on the rise. Statistic-after-statistic, report-after-report, all say the same thing about DDoS. However, who are the companies that have perfected the technology, tactics, techniques, and procedures used in front-lines to defeat DDoS attacks every day? NSFOCUS is one such company that has chosen to position themselves in the crossfire, between DDoS attackers and their often-unprepared victims. (more…)

Threat Intelligence – You’re Purchasing the Process

February 6, 2017

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what organizations believe they are receiving for their money. Organizations are beginning to learn about the notions of strategic and tactical TI. One provides longer-term, pragmatic analysis, alerts, and reports; while the other provides short-term, more-actionable data and informational feeds. Both have tremendous value to organizations who want to gain more insight into the cyber-threat landscape they face daily. However, is TI more than just data? (more…)

“Shifu” Banking Trojan – Technical Analysis and Recommendations

January 27, 2017

By: NSFOCUS Security Labs


The banking Trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and re-emerged in Britain compromising 10 banks on September 22, 2015. On January 6, 2017, Palo Alto Networks issued an article indicating that the author of this Trojan re-engineered the exploit in 2016. Specifically, this Trojan at its early stage obtained system privileges of the attacked host by exploiting the vulnerability CVE-2015-0003, but now achieves its purpose by leveraging the Windows privilege escalation vulnerability CVE-2016-0167. (more…)

ElasticSearch Hit by Ransom Attack

January 26, 2017

By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS


During the week of January 21, 2017, over 34,000 vulnerable MongoDB databases fell victim to a ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for return of the data. Moreover, on January 18th, 2017, several hundred ElasticSearch servers were hit by a ransom attack within a few hours, and data housed on those servers were erased with ransom demands. The methods that were used to attack the ElasticSearch servers where extremely similar to the exploit that was used in the MongoDB attack. Security researcher Niall Merrigan (who had been following up the MongoDB database compromise) stated, “till now, over 2711 ElasticSearch servers have been attacked.” Many of the victims reside in the USA, with a few outliers in Europe, China, and Singapore. (more…)

Gazing into our Crystal Ball – 2017 Cybersecurity Predictions

December 19, 2016

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

Cyber extortion and attacks can take many forms – from ransomware to DDoS shakedowns and data-dump blackmail, organizations all over the globe have been directly impacted by these campaigns in 2016. This year we saw the first DDoS attack exceeding 1Tbps in size and the proliferation of attacks by IoT botnets, among countless other new methods that hackers have perfected to gain entry into organizations and disrupt day-to-day business. If you thought 2016 was bad, you can expect 2017 to be even worse as sophisticated hackers set their sights on bigger targets and continue to evolve their practices. (more…)

Case Study: Thwarting 100,000+ Attacks on the G20 Summit, the NSFOCUS Experience

December 12, 2016

By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS

In September 2016, prominent world leaders representing the top 20 global economies gathered together in Hangzhou, China to kick off the 11th meeting of Group of Twenty (G20). This year marked the first time that the event was hosted in China and as a result, securing the Summit’s cyber assets and associated networks quickly became a top priority. To protect the world’s most visible heads of state from an increasing number of sophisticated hackers, there was a clear choice for the company that could handle the daunting task. (more…)

Threat Intelligence: What It Is and How to Use It Effectively

November 29, 2016

By: Anil Nandigam, Sr. Director, Product Marketing, NSFOCUS

In today’s cyber landscape, decision makers constantly question the value of their security investments, asking whether each dollar is helping secure the business. Meanwhile, cyber attackers are growing smarter and more capable every day. Today’s security teams often find themselves falling behind, left to analyze artifacts from the past to try to determine the future. As organizations work to bridge this gap, threat intelligence (TI) is growing in popularity, usefulness and applicability. In its simplest form, TI is the process of understanding the threats to an organization based on available data points. (more…)

Threat Intelligence – You can’t complete the picture, if you don’t have the missing piece.

October 11, 2016

Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS Over the last year, the cybersecurity industry has been abuzz about this new thing called “threat intelligence”. However, threat intelligence (intel) as a whole is not really that new. Threat intel was probably used in every military-like campaign going back to the rise of the great civilizations …read more

Advanced Persistent Threats – A Simple Analogy

August 1, 2016

Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS One of the things that amazes me the most is how the general population lacks a firm understanding of the cyber threats they face daily. Since few people outside of security circles have actually been trained in cyber security, the general lack of knowledge pertaining to cyber-attacks …read more