Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 1)
September 19, 2022
Overview Recently, NSFOCUS Security Labs observed a series of phishing activities against European countries. Those activities mainly targeted online gambling platforms as well as active online trading behaviors, aiming to steal transaction credentials of service providers and customers for illegal profits. The in-depth analysis revealed that it was a continuation of recent attacks staged by […]
NSFOCUS Case Study on Protection Against Carpet-Bombing Attacks
September 16, 2022
Introduction According to the H1 2022 NSFOCUS Global DDoS Attack Landscape report released on 6 Sept 2022, DDoS attacks made a surprising 205% increase compared with the first half of 2021. When it comes to the carpet-bombing attacks prevalent in recent years, more than 100,000 IP addresses on hundreds of network segments were hit by […]
Microsoft’s September security update for multiple high-risk product vulnerabilities
September 15, 2022
Overview On September 14, NSFOCUS CERT detected that Microsoft released the September security update patch, which fixed 63 security issues, involving widely used products such as Windows TCP/IP, .NET Framework, Windows Print Spooler Components, and Windows LDAP. Including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s […]
Configuring Collaboration Between NTA and ADS
September 15, 2022
This document describes how to configure collaboration between ADS and NTA. NTA offers network monitoring and DDoS attack detection. If a DDoS attack is detected, NTA starts collaboration with ADS according to pre-defined rules to notify ADS. Then ADS starts the traffic diversion mechanism to divert suspicious traffic from the router or switch to ADS. […]
Viewing BGP Status of ADS and Troubleshooting
September 14, 2022
Viewing the BGP neighbor status of ADS Choose Diversion & Injection > Diversion Route > BGP Route. In the Route Daemon list, click the Neighbor Status button in the Operation column to view the status of a specified BGP route, as shown in the screenshot below. The displayed page shows the information of BGP neighbors. […]
Large-scale DDoS Attacks Target Many Critical Industries as Election Approaches in Brazil
September 13, 2022
1. Background As early as 2016, a report from BitSight, an American cybersecurity ratings company, showed that Brazil is one of the riskiest countries to do business in. According to the cyber threat report released by SonicWALL, Brazil suffered more than 33 million intrusion attempts in 2021, and suffered ransomware attacks second only to the […]
IndoSec 2022
September 7, 2022
IndoSec was held at Hotel Mulia Senayan at Jakarta, Indonesia on September 6 and 7, 2022. We joined this event and showcased our hybrid DDoS mitigation solutions. Indonesia, the country with the fourth-fastest growth in internet users in the world, faces both great opportunities and significant threats as digital technology and the internet advance. The […]
NSFOCUS Report: DDoS Attacks Skyrocketed by 205% in H1 2022
September 6, 2022
Santa Clara, Calif. September 6, 2022 – NSFOCUS, a global network and cyber security leader, today released NSFOCUS Global DDoS Landscape Report for the first half of 2022. Compared to the first half of 2021, DDoS attacks has a sharp increase of 205% year over year. Terabit attacks are not rare anymore. From April this year, […]
Investigation Report on New APT Organization MurenShark: Torpedoes Fired to Turkish Navy [2]
September 2, 2022
Part 1: Investigation Report on New APT Organization MurenShark: Torpedoes Fired to Turkish Navy [1] Characteristics of Attack Tactics Use compromised sites: MurenShark tends to use compromised sites as the file server and the C&C server in the attack process. As shown in the last chapter, the organization used the Near East University site (Yakın […]
Investigation Report on New APT Organization MurenShark: Torpedoes Fired to Turkish Navy [1]
September 2, 2022
Overview In 2022 Q2, NSFOCUS Security Labs detected a series of cyberattacks against Turkey. After analysis, the researchers confirmed that this round of attacks originated from Actor210426, a new threat entity identified by NSFOCUS Security Labs in April 2021. Through the clues of behavior pattern, attack method, attack tool, attack target and so on, NSFOCUS […]
