Month: February 2017

Does a Dropbear DDoS in the Woods?

February 28, 2017

Author: Guy Rosefelt – Dir, PM Threat Intelligence & Web Security Recently, NSFOCUS has seen some interesting DDoS behavior.  Since Q4 of last year, there has been a rise in SSL/VPN and SSH based DDoS attacks.  Most people would not equate VPN or SSH as a viable mechanism for what is usually considered a volumetric […]

Enhanced Threat Awareness Proposition

February 24, 2017

Author: Cody Mercer, Senior Intelligence Threat Researcher Network threat attack vectors continually advance in diversity and complexity. Attacks supplied through advanced persistent threats (APT) now spread very quickly and on a larger scale. Various IOT devices and other assets to include mobile/hand-held devices, desktops, bare-metal networks, web applications, and social networks are all vulnerable to […]

Anatomy of An Attack – DNS Amplification

February 9, 2017

Author: Vann Abernethy, Field CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.  The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of open recursive DNS servers.  The […]

Shamoon 2: Back On the Prowl

February 8, 2017

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on Monday, January 23, 2017 for […]

Understanding Ransomware: An Overview

February 8, 2017

Author: Stephen Gates, Chief Research Intelligence Analyst Ransomware: The Human Touch As a security professional, I often get asked about the latest threats. Most consumers don’t understand the difference between viruses, worms, Trojans, spyware, adware, scareware, malvertising, phishing, etc. Sometimes, even those of us in the field see it all as malware. Basically, it’s all malicious […]

JTB Breach Leaks 7.93 Million Customer Related Records

February 8, 2017

Executive Summary JTB Corp. (JTB), a well-known travel agency in Japan announced on June 14, 2016 that it had experienced a massive data leak upon an attack targeting its servers. Initial reports indicate that 7.93 million people using JTB to book trips may have had their personal booking data exposed. The leaked data contained sensitive […]

Threat Intelligence 2017 Predictions Report

Reporting

February 7, 2017

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Executive Summary Looking back on 2016, there were a few key predictions that ended up becoming a reality. While many organizations have been reassuring themselves for years, saying: “Who would launch a DDoS attack against us?” – they ended up falling victim […]

2016 Q3 Report on DDoS Situation and Trends

February 7, 2017

Sources of Data NSFOCUS collects data from all of their DDoS Protection Solutions deployed worldwide that are being managed by their managed service offering. The botnets that are used across the world can be tracked by NSFOCUS, and those details are used to formulate many of the attack trends shown in this report. NSFOCUS is […]

Overview & Analysis of a Threat Intelligence Ecosystem

Threat Analysis

February 6, 2017

Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective parties. Cultivate a security data […]

Thwarting 100,000+ Attacks on the G20 Summit, The NSFOCUS Experience

February 6, 2017

In September 2016, prominent world leaders representing the top 20 global economies gathered together in Hangzhou, China to kick off the 11th meeting of Group of Twenty (G20). This year marked the first time that the event was hosted in China and as a result, securing the Summit’s cyber assets and associated networks quickly became […]

Search

Subscribe to the NSFOCUS Blog