Treasury Crypto Security Sanction Blocks Exchange Favored by Ransomware Actors

The U.S. government sanctioned the cryptocurrency exchange SUEX for moving money for ransomware actors. In essence, that means U.S. citizens and corporate entities are banned from using it. The statement, released in September, is part of a wider effort to boost crypto security and “disrupt criminal networks and currency exchanges”. The First Crypto Security Sanction […]

The post Treasury Crypto Security Sanction Blocks Exchange Favored by Ransomware Actors appeared first on Security Intelligence.

Continue reading Treasury Crypto Security Sanction Blocks Exchange Favored by Ransomware Actors

Hacked Website Threat Report – 2019

The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works dilig… Continue reading Hacked Website Threat Report – 2019

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to deliver the blackmail threat to the victim.
Blackmail At… Continue reading Fake French Police Sextortion Scam

What is Cryptocurrency Mining Malware?

Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are.
What is Cryptocurrency?
Cryptocurrency is best thought of as digital currency  and it only exis… Continue reading What is Cryptocurrency Mining Malware?

Cryptomining Dropper and Cronjob Creator

Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU, which is not unusual when a cryptominer process is running without any throttling.
Below is an example … Continue reading Cryptomining Dropper and Cronjob Creator

ThinkPHP 5.x Remote Code Execution

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia.
If you keep track of your site’s activity, the following log may look familiar:
POST: /index.php?s=captcha HTTP/1.1
D… Continue reading ThinkPHP 5.x Remote Code Execution

Malware Campaigns Sharing Network Resources: r00ts.ninja

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the var… Continue reading Malware Campaigns Sharing Network Resources: r00ts.ninja

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers. In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux … Continue reading Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends

After a two-quarter lull in the action, malware activity resurged in the third quarter of the year, especially on the business front. Continue reading ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends