Researchers are still using lessons from VPNFilter to track threats one year later
It’s a been a year since private security researchers worked with the FBI to dismantle a 500,000-router-strong botnet that loomed over Ukraine. Now, lessons learned in that takedown of the “VPNFilter” botnet are still reverberating today in the cybersecurity community, informing defenders about other sets of malicious activity, said Martin Lee, a manager at Cisco Talos, the threat intelligence team that helped uncover the botnet. Lee pointed to the so-called Sea Turtle domain name system hijacking campaign, which Talos detailed last month. Like VPNFilter, the Sea Turtle activity was an example of a state-sponsored attacker abusing internet infrastructure at scale to steal credentials. Data gathered from the VPNFilter investigation, combined with the lesson that state-sponsored actors are wiling to subvert core internet infrastructure, has driven home the fact that attackers can exploit critical devices at scale in a way that few people had fully appreciated. “Essentially, [the Sea Turtle perpetrator] is a threat actor trying to do […]
The post Researchers are still using lessons from VPNFilter to track threats one year later appeared first on CyberScoop.
Continue reading Researchers are still using lessons from VPNFilter to track threats one year later