October 26, 2020
Botnets have evolved to use weak passwords, exploits, and phishing emails as major propagation and intrusion means. Dormant attackers that are seeking opportunities to do wrong tend to exploit vulnerabilities during the time between vulnerability disclosure and remediation. Botnet hackers often exploit newly revealed vulnerabilities to infect new targets to enlarge their attack surface quickly. We can see that hackers attach much significance to vulnerability exploitation.(more…)
October 19, 2020
Five Major APT Groups In 2019, NSFOCUS Security Labs tracked and delved into five major APT groups: BITTER, OceanLotus, MuddyWater, APT34, and FIN7. The following sections illustrate the latest developments of these APT groups by explaining how they optimize attack chains, refine attack methods, and sharpen RAT tools. BITTER BITTER is an attack group with […]
October 12, 2020
New Trends of APT Groups
Here are three trends that shaped APT groups in 2019:
Firstly, mobile devices became common constituents of the attack surface. In 2019, MuddyWater developed malicious files against Android platforms, heading towards mobile devices. Google’s Project Zero team revealed five exploit chains deployed in the wild to attack iOS systems and noted that these exploit chains, relying on 0-day vulnerabilities, could be easily used by APT groups to target multiple iOS versions.(more…)
October 5, 2020
At present, Mirai is among the biggest IoT botnet families which have the most variants and infect the most devices to impose the most extensive impact. In 2019, NSFOCUS Security Labs captured 10,635 Mirai samples in total (excluding the repetitive malware arising from cross compilation), identified 1660 C&C addresses, and detected more than 40 exploits.(more…)
September 28, 2020
This chapter describes active botnet families under long-term tracking of and other families newly captured by NSFOCUS Security Labs, from the perspectives of their background, activity, and association with other families.
Malware in the GoBrut family, written in Go, made its debut in early 2019, in a bid to detect services on a target website and obtain the login user name and password via brute force attacks. The GoBrut family emerged during an epoch characterized by poor security of website management frameworks (like Magento, WordPress, and Drupal) and ubiquitous weak passwords. After obtaining the user name and password of the target website, the attacker can log in to the website to gain shell privileges for further malicious operations.(more…)
September 21, 2020
Overall, malware on mobile platforms, though evolving in the same way as those on PC, has a complex composition.
In 2019, ad apps still dominated the list of malware threatening the security of Android users. Potentially dangerous software involving sensitive operations also made up a large proportion. Agent programs launching attacks via remote code execution, thanks to the inherent nature of Android, were another type of mobile threats at the top of the list. In addition, it becomes quite common to use dropper or downloader to drop malicious payloads, but the scale is yet to be as large as those released by PCs. High-risk threats, such as spyware, banking Trojans, and ransomware, were small in number, but most of them had been around for some time and some even for years.(more…)
September 14, 2020
For many years, large grey software supply chains on the Internet have been showing their own prowess for self-promotion. A specific piece of software is often bundled with unnecessary software, even malware, during the download and installation.(more…)
September 7, 2020
In 2019, banking Trojans frequently launched attacks via the multilevel free technology, posing a severe threat to enterprises and public sectors. Spam was still the main propagation method. Attackers collected a great number of email addresses against which they launched phishing attacks. In 2019,
NSFOCUS Security Labs captured and tracked such banking Trojans as Emotet, TrickBot, LokiBot, Gozi, and QakBot.
August 31, 2020
The first nine months of 2019 saw sharp rise in the market prices of cryptocurrencies dominated by Bitcoin. Despite a fall in the fourth quarter, the prices remained high. Meanwhile, cryptojacking malware became active with the rise of cryptocurrency prices.(more…)