Sources of Data NSFOCUS collects data from all of their DDoS Protection Solutions deployed worldwide that are being managed by their managed service offering. The botnets that are used across the world can be tracked by NSFOCUS, and those details are used to formulate many of the attack trends shown...
Categoria: Blog
Overview & Analysis of a Threat Intelligence Ecosystem
Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective...
Threat Intelligence – You’re Purchasing the Process
By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS Over the past year, the cyber security industry has changed significantly in the light of an innovative tool called “Threat Intelligence” (TI). Organizations of all sizes are beginning to gain understanding of the value of TI; however, there is some confusion concerning what...
“Shifu” Banking Trojan – Technical Analysis and Recommendations
By: NSFOCUS Security Labs Overview The banking Trojan "Shifu" was discovered by the IBM counter fraud platform in April, 2015. Built on the Shiz source code, this Trojan employs techniques adopted by multiple notorious Trojans such as Zeus, Gozi, and Dridex. This particular Trojan targeted 14 banks in Japan and...
ElasticSearch Hit by Ransom Attack
By: Dr. Richard Zhao, SVP of Global Threat Research, NSFOCUS Overview During the week of January 21, 2017, over 34,000 vulnerable MongoDB databases fell victim to a ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for return of the data....
ElasticSearch Hit by Ransom Attack
ElasticSearch Hit by Ransom Attack Overview Last week, over 34,000 vulnerable MongoDB databases fell victim to a recent ransom attack. Data residing on these databases was erased or encrypted and bitcoin payment was demanded in lieu for data return. Moreover, on Jan 18th 2017, several hundred ElasticSearch servers were hit...
