Collaborate Disseminate
Dear blog readers,I’ve recently came across to a high-profile study entitled “Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence” which is actually including my personal blog and is referencing me as a … Continue reading Dancho Danchev’s Blog – Accepting Conference Invitations!
A trio of operations meant to disrupt ransomware outfits in recent months — two of which came to light this week — could have lasting impacts even if they stop short of ending the threat, security experts say. Researchers are still sizing up the effects of recent busts of the Emotet and NetWalker gangs, but those operations have the potential to be more potent than last fall’s maneuvers against the TrickBot ransomware. In research out Friday, Menlo Security — echoing similar conclusions from other cyber firms — said it saw signs of TrickBot recovering, but the rebound has amounted to just a “trickle.” U.S. Cyber Command and Microsoft had led separate efforts to disrupt the hacking infrastructure of TrickBot, a massive army of zombified computers. The fear was that the botnet could be used to carry out ransomware attacks afflicting the November elections. This week’s two operations might be more promising […]
The post Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? appeared first on CyberScoop.
Continue reading Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?
A coordinated effort has captured the command-and-control servers of the Emotet botnet:
Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware regular themes include invoices, shipping notices and information about COVID-19.
Those behind the Emotet lease their army of infected machines out to other cyber criminals as a gateway for additional malware attacks, including …
U.S. and European law enforcement agencies said Wednesday they had seized control of the computing infrastructure used by Emotet, a botnet of infected machines that has been one of the most pervasive cybercrime threats over the last six years. Through the police and the courts, investigators from Ukraine to Germany to the U.S. took aim at the hundreds of computer servers that Emotet has used globally to defraud victims of millions through extortion and data theft. The investigators “gained control of the infrastructure and took it down from the inside,” Europol, the European Union’s law enforcement agency, said in a statement. “The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. A video posted by Ukrainian police shows officers raiding an apartment and confiscating computer equipment as part of the Emotet bust. It’s a big blow to a botnet that has haunted the internet for years. […]
The post US, European police say they’ve disrupted the notorious Emotet botnet appeared first on CyberScoop.
Continue reading US, European police say they’ve disrupted the notorious Emotet botnet
The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. Continue reading Cyberattacks on Healthcare Spike 45% Since November
It has recently became evident that the Solarwinds enterprise which is basically an IT monitoring and management tool suffered a major backdoor attack where malicious attackers managed to obtain access to and actually backdoor a decent portion of Solar… Continue reading Exposing the Solarwinds Malware Campaign – An OSINT Analysis
Surprise, surprise! The U.S DoJ has recently released a detailed “Legal Considerations when Gathering Online Cyber Threat Intelligence” guide which aims to educate security practitioners on their way to gather threat intelligence and how to actually ut… Continue reading U.S Justice Department Releases “Legal Considerations when Gathering Online Cyber Threat Intelligence” – Where’s the Meat?
Dear blog readers,I’ve decided a diverse portfolio of fast flux name servers which basically act as a bulletproof botnet C&C communication technique allowing the cybercriminals behind the campaigns to increase the average time for which their campa… Continue reading Exposing a “Fast-Flux” Name Server Based Rogue Fraudulent and Malicious Online Infrastructure – An Analysis
Dear blog readers,I’ve decided to share a massive and diverse portfolio of rogue and potentially malicious domains portfolio utilized by cybercriminals while participating in a blackhat SEO tax forms themed rogue and malicious software serving campaign… Continue reading Exposing a Massive and Diverse Portfolio of “Tax Forms” Themed Malware and Blackhat SEO Serving Domains
Dear blog readers,In this post I’ve decided to share a diverse portfolio of fraudulent and malicious name servers circa 2008 that are known to have participated in various rogue and malicious software serving campaigns. Sample portfolio of rogue fraudu… Continue reading Exposing a Diverse Portfolio of Malicious and Fraudulent Name Servers – An Analysis