Category Archives: Legal & Security

Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Positive Technologies experts have analysed illegal marketplaces on the dark web and found a flood of interest in accessing corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. “Access for sale” on the darkweb is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

Continue reading Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

ThreatPost logo

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

Continue reading Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Dark web scammers exploit Covid-19 fear and doubt

“They’re exploiting the fear, uncertainty and doubt people are experiencing during the pandemic, and using the anxiety and desperation to get people to buy things or click on things they wouldn’t have otherwise,” says Morgan Wright, a former senior adviser to the US Department of State anti-terrorism assistance programme.

Continue reading Dark web scammers exploit Covid-19 fear and doubt

China’s Military Is Tied to Debilitating New Cyberattack Tool

On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of the premier of Western Australia’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.

Continue reading China’s Military Is Tied to Debilitating New Cyberattack Tool

.LA Second Most Abused TLD, Enters Chart Top 20 With A Bullet In Q1: Spamhaus

The ccTLD for the Lao People’s Democratic Republic, which has gained a second home in Los Angeles, became the TLD with the second most botnet Command and Control (C&C) domains on the Spamhaus chart of most abused TLDs in its first appearance on the top 20 chart.

As usual, .com was the most abused top-level domain with 3,291 abusive domain names registered out of its 145.4 million and 45% of the top-level botnet C&C domains. There were 1,151 abusive domains for .la followed by .pw (Palau – 575) and then .xyz (278), these being the only TLDs with more than 200 abusive registrations.

For .pw and .xyz, these two TLDs have appeared in the Top 20 for over a year, although there was a significant increase in the number of botnet C&C domain registrations associated with these TLDs in Q1 2020, placing them at third and fourth respectively.

In the first quarter of 2020, Spamhaus Malware Labs also identified a total number of 2,738 new botnet Command and Controllers (C&Cs). Out of these, 2,014 (average 671 per month) were under the direct control of miscreants i.e. as a result of a fraudulent sign-up. That’s a decrease of 57% compared to Q4 2019. This, Spamhaus notes, is welcome news for internet users, following the significant increases throughout 2019.

The reason for this decrease, Spamhaus notes, is currently unproven. They believe “it could be partially related to a VPN provider who refuses to take action on abuse reports and is failing to shut down traffic from existing botnet C&Cs. If botnet C&Cs, which have been detected and reported, are allowed to continue to operate, there is no reason why miscreants should spin up new ones.”

When it comes registrars Namecheap continues to be the favourite place for malware authors to register their botnet C&C domains. For Internet Service Providers (ISPs) hosting botnet C&Cs Cloudflare came out top and while it does not directly host any content, it provides services to botnet operators, masking the actual location of the botnet controller and protecting it from DDoS attacks. Compared to Q4 2019, there was little change in the hosting provider landscape. The usual suspects were still present in Top Twenty, including Cloudflare (US), Google (US), OVH (FR) and Hetzner (DE). It would appear that these big players in the Cloud hosting market did little to improve the situation.

The report has a spotlight on the Raccoon Stealer malware. At the end of 2019 Raccoon Stealer was a newcomer on the cyber threat landscape. This Spamhaus notes is piece of malware usually delivered to the end-user through spam campaigns, dropper, or exploit kits by malware that is already present on the victim’s machine. Raccoon Stealer is a credential and information stealer that runs on MS Windows. However, it is also being used by threat actors to install additional malware. What makes Raccoon Stealer rather unique is where its botnet C&Cs are hosted: on the Google Cloud.

You can download the 2020 Q1 Botnet Threat Report as PDF.

17,000 Coronavirus-Related Domains Registered In First 2 Weeks Of April; 23% Malicious Or Suspicious: Check Point

There have been 68,000 coronavirus-related domains registered since the beginning of the Coronavirus outbreak in January 2020 with an escalation in the number of coronavirus-related domains being registered since mid-February according to Check Point Research. In the past two weeks (since 2 April), there have been almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact) with 2% found to be malicious and another 21% suspicious.

And with the pandemic now reaching almost every corner of the globe, many governments have announced economic stimulus packages, and as Check Point Research note on their recent glob post, “where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.”

To take advantage of these stimulus packages, Check Point Research found 4,305 domains relating to new stimulus/relief packages have been registered since January with a total of 2081 new domains registered (38 malicious; 583 suspicious) in March and 473 (18 malicious, 73 suspicious) in the first week of April.

Check Point Research also observed a major increase in the week starting 16 March “during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks.”

“These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

Check Point Research has also observed a rise in “scam websites that use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

For more information, or to see the Check Point Research blog post in full, go to: https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/