Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 2)
setembro 20, 2022
Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 1) Components Evilnum mainly used a new customized trojan in this operation. NSFOCUS Security Labs named it DarkMe based on the particular string in the trojan program. NSFOCUS Security Labs also discovered another new trojan program that had a close connection to this operation […]
Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 1)
setembro 19, 2022
Overview Recently, NSFOCUS Security Labs observed a series of phishing activities against European countries. Those activities mainly targeted online gambling platforms as well as active online trading behaviors, aiming to steal transaction credentials of service providers and customers for illegal profits. The in-depth analysis revealed that it was a continuation of recent attacks staged by […]
NSFOCUS Case Study on Protection Against Carpet-Bombing Attacks
setembro 16, 2022
Introduction According to the H1 2022 NSFOCUS Global DDoS Attack Landscape report released on 6 Sept 2022, DDoS attacks made a surprising 205% increase compared with the first half of 2021. When it comes to the carpet-bombing attacks prevalent in recent years, more than 100,000 IP addresses on hundreds of network segments were hit by […]
Microsoft’s September security update for multiple high-risk product vulnerabilities
setembro 15, 2022
Overview On September 14, NSFOCUS CERT detected that Microsoft released the September security update patch, which fixed 63 security issues, involving widely used products such as Windows TCP/IP, .NET Framework, Windows Print Spooler Components, and Windows LDAP. Including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s […]
Configuring Collaboration Between NTA and ADS
setembro 15, 2022
This document describes how to configure collaboration between ADS and NTA. NTA offers network monitoring and DDoS attack detection. If a DDoS attack is detected, NTA starts collaboration with ADS according to pre-defined rules to notify ADS. Then ADS starts the traffic diversion mechanism to divert suspicious traffic from the router or switch to ADS. […]
Viewing BGP Status of ADS and Troubleshooting
setembro 14, 2022
Viewing the BGP neighbor status of ADS Choose Diversion & Injection > Diversion Route > BGP Route. In the Route Daemon list, click the Neighbor Status button in the Operation column to view the status of a specified BGP route, as shown in the screenshot below. The displayed page shows the information of BGP neighbors. […]
Large-scale DDoS Attacks Target Many Critical Industries as Election Approaches in Brazil
setembro 13, 2022
1. Background As early as 2016, a report from BitSight, an American cybersecurity ratings company, showed that Brazil is one of the riskiest countries to do business in. According to the cyber threat report released by SonicWALL, Brazil suffered more than 33 million intrusion attempts in 2021, and suffered ransomware attacks second only to the […]
IndoSec 2022
setembro 7, 2022
IndoSec was held at Hotel Mulia Senayan at Jakarta, Indonesia on September 6 and 7, 2022. We joined this event and showcased our hybrid DDoS mitigation solutions. Indonesia, the country with the fourth-fastest growth in internet users in the world, faces both great opportunities and significant threats as digital technology and the internet advance. The […]
NSFOCUS Report: DDoS Attacks Skyrocketed by 205% in H1 2022
setembro 6, 2022
Santa Clara, Calif. September 6, 2022 – NSFOCUS, a global network and cyber security leader, today released NSFOCUS Global DDoS Landscape Report for the first half of 2022. Compared to the first half of 2021, DDoS attacks has a sharp increase of 205% year over year. Terabit attacks are not rare anymore. From April this year, […]
Investigation Report on New APT Organization MurenShark: Torpedoes Fired to Turkish Navy [2]
setembro 2, 2022
Part 1: Investigation Report on New APT Organization MurenShark: Torpedoes Fired to Turkish Navy [1] Characteristics of Attack Tactics Use compromised sites: MurenShark tends to use compromised sites as the file server and the C&C server in the attack process. As shown in the last chapter, the organization used the Near East University site (Yakın […]
