Retrospective: NHS, ransomware and technical debt
May 31, 2017
By: Ed Daniel, Solution Engineer EMEA, NSFOCUS
On May 15th, the NHS (UK’s National Health Service) suffered its single worst disruption to service in the history of the organisation. The disruption was due to a type of malicious software, known as ransomware, with the purpose of attempting to extort money from victims by encrypting their data, and offering to decrypt that data for a fee, a ransom no less, or lose that data forever. (more…)
Anti-DDoS and Threat Intel – The Perfect Recipe
May 18, 2017
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
As the world connects more-and-more technologies to the Internet, the growth of IP addresses in use will increase significantly; primarily being consumed by IoT. These technologies offer some of the greatest advantages; capable of improving nearly every walk of life. In addition, rogue IoT devices are fully capable of becoming one of the Internet’s greatest menaces. The Internet has always been based upon availability. Take that away, and the Internet is pretty much impractical; without the ability to transfer data due to a DDoS-induced outage. (more…)
Solving the DDoS Problem – One Summit at a Time
April 8, 2017
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
It’s no secret that DDoS attacks are on the rise. Statistic-after-statistic, report-after-report, all say the same thing about DDoS. However, who are the companies that have perfected the technology, tactics, techniques, and procedures used in front-lines to defeat DDoS attacks every day? NSFOCUS is one such company that has chosen to position themselves in the crossfire, between DDoS attackers and their often-unprepared victims. (more…)
Threat Intelligence – You’re Purchasing the Process
February 6, 2017
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS
Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what organizations believe they are receiving for their money. Organizations are beginning to learn about the notions of strategic and tactical TI. One provides longer-term, pragmatic analysis, alerts, and reports; while the other provides short-term, more-actionable data and informational feeds. Both have tremendous value to organizations who want to gain more insight into the cyber-threat landscape they face daily. However, is TI more than just data? (more…)
“Shifu” Banking Trojan – Technical Analysis and Recommendations
January 27, 2017
By: NSFOCUS Security Labs
Overview
The banking Trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and re-emerged in Britain compromising 10 banks on September 22, 2015. On January 6, 2017, Palo Alto Networks issued an article indicating that the author of this Trojan re-engineered the exploit in 2016. Specifically, this Trojan at its early stage obtained system privileges of the attacked host by exploiting the vulnerability CVE-2015-0003, but now achieves its purpose by leveraging the Windows privilege escalation vulnerability CVE-2016-0167. (more…)
ElasticSearch Hit by Ransom Attack
January 26, 2017
By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS
Overview
During the week of January 21, 2017, over 34,000 vulnerable MongoDB databases fell victim to a ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for return of the data. Moreover, on January 18th, 2017, several hundred ElasticSearch servers were hit by a ransom attack within a few hours, and data housed on those servers were erased with ransom demands. The methods that were used to attack the ElasticSearch servers where extremely similar to the exploit that was used in the MongoDB attack. Security researcher Niall Merrigan (who had been following up the MongoDB database compromise) stated, “till now, over 2711 ElasticSearch servers have been attacked.” Many of the victims reside in the USA, with a few outliers in Europe, China, and Singapore. (more…)
Subscribe to Newsletter
Recent Posts
-
Retrospective: NHS, ransomware and technical debt
by Bruce Lupin
- Anti-DDoS and Threat Intel – The Perfect Recipe
- Solving the DDoS Problem – One Summit at a Time
- Threat Intelligence – You’re Purchasing the Process
-
“Shifu” Banking Trojan – Technical Analysis and Recommendations
by NSFOCUS
Archives
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- July 2015
- April 2015
- November 2014
- October 2014