Blog

Cloud DPS – Optimization for a Managed Security Service Customer

julho 27, 2021 | Jie Ji

Today DDoS attacks are continuing to increase in frequency, volume and duration to affect a business’s continuity and reputation. DDoS mitigation capability has become the top priority for CIO/CISOs in Enterprise, Internet content providers and government, while they may have to face the challenge of finding sufficient experienced security professionals to build, maintain and operate […]

SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) Threat Alert

julho 23, 2021 | Jie Ji

Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that SolarWinds released a security advisory fixing a remote code execution vulnerability (CVE-2021-35211). Microsoft reported to SolarWinds that they had discovered that the vulnerability was exploited in the wild and provided a proof of concept of the exploit. Unauthenticated, remote attackers could exploit this vulnerability to execute […]

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 2

julho 20, 2021 | Jie Ji

2. Encrypter: DP_Main 2.2 Self Copy and Automatic Running at Startup The program copies itself to %APPDATA%/DP/DP_Main.exe, and modifies the registry for automatic running at startup. 2.3 Deletion of Volume Shadow Backups The program uses CMD command parameters to delete volume shadow backups. 2.4 Upload of Encryption Information After obtaining disk information, the program begins […]

A Look into Source Code of Paradise Ransomware, a “Custom-Built” Virus – 1

julho 16, 2021 | Jie Ji

Event Overview Recently, NSFOCUS CERT, through ongoing monitoring, found that the source code of the Paradise ransomware was leaked. Since data encrypted by Paradise cannot be decrypted now, the source code, if widely spread over the Internet, may cause a lot of trouble. Paradise had its source code leaked on a Russian hacker forum on […]

Windows Print Spooler RCE Vulnerabilities (CVE-2021-1675/CVE-2021-34527) Mitigation Guide

julho 13, 2021 | Jie Ji

Overview On July 7, 2021, Beijing time, Microsoft released a security patch on the PrintNightmare vulnerability (CVE-2021-34527). NSFOCUS CERT recommends that users install this patch as soon as possible. On June 29, NSFOCUS CERT found that a security researcher published an exploit of the Windows Print Spooler remote code execution (RCE) vulnerability (PrintNightmare) on GitHub. […]

2020 DDoS Attack Landscape Report – 4

julho 8, 2021 | Jie Ji

Key Findings – 5 The Number of DDoS Attacks on Healthcare, Education, and Government Sectors Increased Significantly During the COVID-19 Pandemic The healthcare sector suffered more DDoS attacks during the COVID-19 pandemic than previous years. According to statistics2, the number of attacks in each month in 2020 H2 increased year on year, with March and […]

Case Study: A 400G DDoS Attack Event Captured By NSFOCUS in Hong Kong S.A.R.

julho 6, 2021 | Jie Ji

Event look back A NSFOCUS Cloud DPS customer with their servers located in Hong Kong SAR has encountered a series of mass DDoS attacks lasted for four (4) days, from June 20th to 24th. The attackers managed to create serval spikes including the biggest one reaching 399.2 Gbps and followed by another at 360 Gbps. […]

Recommendations on Protection Against Random Subdomain Attacks

julho 2, 2021 | Jie Ji

What is a Random Subdomain Attack? A Random subdomain attack is also known as a pseudo-random subdomain (PRSD) attack due to the use of pseudo-random algorithms. A PRSD attack is an approach of double attack against both DNS caching servers of Internet service providers (ISPs) and local authoritative servers of customers. During such an attack, […]

“Netfilter” malicious driver bypasses Microsoft’s signature system

junho 30, 2021 | Jie Ji

In June 2021, German computer security solutions software company G Data Software detected a malicious driver named “Netfilter”. Unexpectedly, the malicious driver bypassed and obtained Microsoft’s file signature. When Microsoft learned about it, it immediately added the signature of the malware to the security center of the Windows system for protection, and conducted an internal […]

2020 DDoS Attack Landscape Report – 3

junho 23, 2021 | Jie Ji

Key Findings – 4 DDoS Protection Techniques Need to Continue to Evolve with Emergence of New Attack Vectors NXNSAttack, a new vulnerability in DNS, can be exploited to launch massive DDoS attacks In May 2020, Israeli researchers reported a new DNS server vulnerability and dubbed it NXNSAttack. This vulnerability exists in DNS’s recursive resolution process. […]