Research & Reports

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

December 25, 2017 | Adeline Zhang

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the WLS middleware host via a […]

IcedID Banking Trojan Sample Technical Analysis and Solution

December 1, 2017 | Adeline Zhang

IcedID Banking Trojan Sample Technical Analysis and Solution Date of Release: November 17, 2017 Overview Recently, the IBM X-Force research team discovered a brand new banking Trojan dubbed IcedID. This Trojan was first found spreading in the wild in September 2017, mainly targeting systems used in the financial sectors of US. According to X-Force research, […]

BadRabbit Sample Analysis and Recommended Solution

November 2, 2017 | Adeline Zhang

Overview A new type of ransomware was detected on October 24, when it had not been even half a year from the extensive breakout of the notorious ransomware Petya and WannaCry. This ransomware dubbed BadRabbit has been distributed in a number of European countries, including Russia, Ukraine, Bulgaria, Turkey, and Germany, and is now found […]

Technical Analysis Report on Rowdy, A New Type of IoT Malware Exploiting STBs

October 19, 2017 | Devika Jain

In August 2017, NSFOCUS’s DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer’s network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we found that the attack had […]

Past and Present of Underground Network Industry

October 19, 2017 | Adeline Zhang

The underground network industry has a long history and extensive coverage. What happened throughout its history? This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures. Overview What is Underground Industry? Underground industry is a general name for a wide variety of behaviors which, using the […]

A Step Further — Demystifying XSS

October 17, 2017 | Adeline Zhang

Here is a comprehensive tutorial on cross-site scripting (XSS) attacks, ranging from entry to practice. Overview Note that XSS attacks are classified according to different angles in the preceding figure, but not simply classified into reflective XSS, stored XSS, and DOM-based XSS. In essence, XSS is injection of HTML code and JavaScript code. This kind […]

IP Reputation Analysis Report – August 2017

October 3, 2017 | NSFOCUS

Executive Overview There was a 34.06% increase in number of IP addresses globally in the NSFOCUS IP Reputation databases this month compared to both the beginning of the year and post WannaCry and Petya (33.17% through July). Globally the number of Botnets did not change significantly. However, the overall percentage of Botnets compared to other […]

Phantom Squad – DDoS Threat

September 26, 2017 | Adeline Zhang

Overview It appears that the new syndicate of the Armada Collective referred to as the Phantom Squad is planning to launch a global DDoS attack on September 30th.  Below you will find a screenshot of the mass spear-phishing email that has been distributed to many organization and companies around the world. They are currently asking […]

Joao Malware Analysis

August 31, 2017 | Adeline Zhang

Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim’s machine information to the attacker, including the operating […]

H1 2017 Cybersecurity Insights

August 29, 2017 | Devika Jain

Overview This year a significant amount of security events such as WannaCry, Petya, and NotPetya occurred adversely affecting a wide variety of social and economic activities. To mitigate threats brought by such events IT and security teams have spared no effort in combating against such attacks for the security and protection of their organizations. It […]