Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as "BTC", "ETH", "NFT", and "account information", which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information....
Category: DDoS Mitigation
NSFOCUS Appraised Maturity Level 5 of CMMI Development V2.0
We are very excited to announce that NSFOCUS has been appraised at Maturity Level 5 of the CMMI Institute’s Capability Maturity Model Integration (CMMI)® Version 2.0. CMMI is a proven set of global best practices that drives business performance through building and benchmarking key capabilities. It is an integrated framework of...
Reflection on Detection of Encrypted Malware Traffic
The Internet has become an indispensable part of our lives, and it is of vital importance to work out how to guarantee the security of users' sensitive information and privacy in cyberspace. Most of the Internet traffic is encrypted with Transport Layer Security (TLS), which cannot guarantee absolute security. Malware...
Cloud DPS – Optimization for a Managed Security Service Customer
Today DDoS attacks are continuing to increase in frequency, volume and duration to affect a business’s continuity and reputation. DDoS mitigation capability has become the top priority for CIO/CISOs in Enterprise, Internet content providers and government, while they may have to face the challenge of finding sufficient experienced security professionals...
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2
2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining...
A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1
Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on...
