Adeline Zhang

Blackmoon Banking Trojan Overview

June 2, 2017

Overview The Blackmoon Bank Trojan that was originally identified in 2016 has since re-surfaced. Recently, more than 150,000 bank accounts were compromised in South Korea and the Blackmoon Trojan has been identified as the culprit. A new 2017 version has hit the financial industry and employs a new framework model primarily targeting the online banking […]

Solving the DDoS Problem – One Summit at a Time

April 8, 2017

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

It’s no secret that DDoS attacks are on the rise. Statistic-after-statistic, report-after-report, all say the same thing about DDoS. However, who are the companies that have perfected the technology, tactics, techniques, and procedures used in front-lines to defeat DDoS attacks every day? NSFOCUS is one such company that has chosen to position themselves in the crossfire, between DDoS attackers and their often-unprepared victims. (more…)

Swearing Trojan Exploit Overview

April 3, 2017

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Overview A new mobile banking Trojan titled ‘Swearing Trojan’ has been discovered by Tencent Security and Checkpoint researchers. The odd name of the malware is in part attributed to the various Chinese swear words sparsely distributed in the source code. The primary attributes associated with the […]

Dridex – v4

March 23, 2017

Author: Cody Mercer – Senior Threat Intelligence Research Analyst Executive Overview A newly discovered modified version of Dridex, now termed ‘Dridex v4’, has been recognized in the wild in recent days. The upgraded version of the Dridex Trojan was at one time one of the most successful bank Trojans originally discovered in 2014 and has […]

Dahua Cameras Unauthorized Access Vulnerability Analysis & Solution

March 17, 2017

Overview Dahua Technology, a well-known security camera and digital video recorder (DVR) vendor in China, released firmware updates to address serious security vulnerabilities for several of their products. By exploiting this vulnerability an attacker can access the user database of a Dahua camera without needing administrative privileges and extract the user name and password hash. […]

StoneDrill – Shamoon & Shamoon 2.0 Variant

March 13, 2017

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Summary It would appear that a new variant titled ‘StoneDrill‘ has now hit the wild and conducts operations very similar to that of Shamoon 2.0 and Shamoon malware. Moreover, Kaspersky Labs has evaluated the source code and it appears to contain various source code line items […]

Apache Struts2 Remote Code Execution Vulnerability (S2-045)

March 9, 2017

Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details, visit the following link: https://cwiki.apache.org/confluence/display/WW/S2-045?from=timeline&isappinstalled=0 […]

Does a Dropbear DDoS in the Woods?

February 28, 2017

Author: Guy Rosefelt – Dir, PM Threat Intelligence & Web Security Recently, NSFOCUS has seen some interesting DDoS behavior.  Since Q4 of last year, there has been a rise in SSL/VPN and SSH based DDoS attacks.  Most people would not equate VPN or SSH as a viable mechanism for what is usually considered a volumetric […]

Enhanced Threat Awareness Proposition

February 24, 2017

Author: Cody Mercer, Senior Intelligence Threat Researcher Network threat attack vectors continually advance in diversity and complexity. Attacks supplied through advanced persistent threats (APT) now spread very quickly and on a larger scale. Various IOT devices and other assets to include mobile/hand-held devices, desktops, bare-metal networks, web applications, and social networks are all vulnerable to […]

Anatomy of An Attack – DNS Amplification

February 9, 2017

Author: Vann Abernethy, Field CTO Overview DNS amplification attacks ramp up the power of a botnet when targeting a victim.  The basic technique of a DNS amplification attack is to spoof the IP of the intended target and send a request for a large DNS zone file to any number of open recursive DNS servers.  The […]

Search

Subscribe to the NSFOCUS Blog