Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Darkweb. Show all posts
Technology
Dark Web Monitoring Darkweb data security Mozilla Firefox Online Privacy Technology

Mozilla Firefox's Premium Dark Web Monitoring Solution

 

Mozilla, renowned for its commitment to an open and secure internet, has recently made a strategic foray into unexplored realms with the introduction of a subscription-based dark web monitoring service. This bold move signifies the organization's dedication to empowering users in the ongoing battle for online privacy, allowing them to take proactive measures to secure their personal information from the covert corners of the internet. 

The dark web, notorious for being a hub for stolen data and illicit activities, prompted Mozilla to take a pioneering stance by providing users with a tool to monitor their personal data on this clandestine platform. This new service enables users to keep a vigilant eye on the dark web, receiving real-time alerts if any traces of their personal information, from email addresses to passwords, are detected. It acts as a digital sentinel, offering a robust defense mechanism against potential cyber threats. 

Mozilla's approach to dark web monitoring is distinctive due to its unwavering commitment to user privacy. The service is designed to ensure that users' sensitive information remains shielded throughout the monitoring process, setting it apart from other solutions in the market. This emphasis on privacy aligns with Mozilla's longstanding dedication to user rights and transparency. 

While the concept of dark web monitoring isn't entirely new, Mozilla's entry adds an extra layer of trust and credibility to the landscape. Given its track record in advocating for user rights and a secure online environment, the organization brings a sense of reliability to this evolving sector. The subscription-based model not only makes the service accessible to a broader audience but also positions it as a valuable tool for individuals looking to proactively protect their digital identities without incurring exorbitant costs. 

However, as with any innovative move, there are critics raising questions about the broader responsibility of tech companies in ensuring user safety. Some argue that features like dark web monitoring should be inherent in basic services rather than being monetized as an additional layer of protection. In response, Mozilla asserts that the subscription fee is crucial for sustaining ongoing monitoring efforts and upholding the service's integrity. 

Mozilla's venture into dark web monitoring represents a significant step towards empowering users to navigate the intricate landscape of online security. As the digital realm continues to evolve, the importance of proactive measures to counter cyber threats becomes increasingly evident. Mozilla's privacy-centric service, though met with scepticism by some, has the potential to redefine how users approach safeguarding their personal data in the enigmatic realm of the dark web. It not only adds a layer of security but also reinforces Mozilla's commitment to creating a safer and more secure online experience for all users.
Read more »
TrendMicro
Bitcoin Canti Conti CorvusInsurance Cyber Crime Cybersecurity Darkweb DigitalCurrency Elliptic Extortion Garantex Hackers Laundering Ransomware TrendMicro

Researchers: 'Black Basta' Group Rakes in Over $100 Million

 

A cyber extortion group believed to be an offshoot of the infamous Russian Conti hacker organization has reportedly amassed over $100 million since its emergence last year, according to a report published on Wednesday by digital currency tracking service Elliptic and Corvus Insurance.

The group, known as "Black Basta," has allegedly extorted at least $107 million in bitcoin, with a significant portion of the laundered ransom payments flowing to the sanctioned Russian cryptocurrency exchange Garantex, as revealed in the joint report. Attempts to contact Black Basta through its dark web site were unsuccessful. Garantex, which faced U.S. Treasury sanctions in April of the previous year, expressed support for global initiatives combatting cybercrime and urged information-sharing regarding the hackers' finances, pledging to block suspicious funds.

Elliptic co-founder Tom Robinson characterized Black Basta's substantial earnings as making it "one of the most profitable ransomware strains of all time." The researchers arrived at this figure by identifying known ransom payments linked to the group, tracing the laundering of digital currency, and discovering additional payments.

Robert McArdle, a cybercrime expert from security firm TrendMicro not involved in the report, deemed the reported Black Basta figure "certainly in a believable range for their operations."

The Elliptic-Corvus report also presented evidence linking Black Basta to the now-defunct Russian group "Canti." Conti, formerly a prominent ransomware gang, gained notoriety for coercing victims through data encryption, ransom demands, and threats to publish stolen information. 

The report suggests that individuals from Conti, following the dismantling of its leak site after Russia's invasion of Ukraine and the subsequent posting of U.S. bounties on its leadership, may have reorganized and rebranded, with Black Basta potentially being a manifestation of this restructuring.

"Conti was perhaps the most successful ransomware gang we've seen," remarked Robinson. The recent findings indicate that some individuals responsible for Conti's success might be replicating it with the Black Basta ransomware, he added.
Read more »
threats
Cyberattacks Cyberfraud Darkweb Data Breach data security Deception Exploitation Fabrication Leaks Misinformation Ransomware threats

Decoding Cybercriminals' Motives for Crafting Fake Data Leaks

 

Companies worldwide are facing an increasingly daunting challenge posed by data leaks, particularly due to the rise in ransomware and sophisticated cyberattacks. This predicament is further complicated by the emergence of fabricated data leaks. Instead of genuine breaches, threat actors are now resorting to creating fake leaks, aiming to exploit the situation.

The consequences of such falsified leaks are extensive, potentially tarnishing the reputation of the affected organizations. Even if the leaked data is eventually proven false, the initial spread of misinformation can lead to negative publicity.

The complexity of fake leaks warrants a closer examination, shedding light on how businesses can effectively tackle associated risks.

What Drives Cybercriminals to Fabricate Data Leaks?

Certain cybercriminal groups, like LockBit, Conti, Cl0p, and others, have gained significant attention, akin to celebrities or social media influencers. These groups operate on platforms like the Dark Web and other shadowy websites, and some even have their own presence on the X platform (formerly Twitter). Here, malicious actors publish details about victimized companies, attempting to extort ransom and setting deadlines for sensitive data release. This may include private business communications, corporate account login credentials, employee and client information. Moreover, cybercriminals may offer this data for sale, enticing other threat actors interested in using it for subsequent attacks.

Lesser-known cybercriminals also seek the spotlight, driving them to create fake leaks. These fabricated leaks generate hype, inducing a concerned reaction from targeted businesses, and also serve as a means to deceive fellow cybercriminals on the black market. Novice criminals are especially vulnerable to falling for this ploy.

Manipulating Databases for Deception: The Anatomy of Fake Leaks

Fake data leaks often materialize as parsed databases, involving the extraction of information from open sources without sensitive data. This process, known as internet parsing or web scraping, entails pulling text, images, links, and other data from websites. Threat actors employ parsing to gather data for malicious intent, including the creation of fake leaks.

In 2021, a prominent business networking platform encountered a similar case. Alleged user data was offered for sale on the Dark Web, but subsequent investigations revealed it was an aggregation of publicly accessible user profiles and website data, rather than a data breach. This incident garnered media attention and interest within the Dark Web community.

When offers arise on the Dark Web, claiming to provide leaked databases from popular social networks like LinkedIn, Facebook, or X, they are likely to be fake leaks containing information already publicly available. These databases may circulate for extended periods, occasionally sparking new publications and causing alarm among targeted firms.

According to Kaspersky Digital Footprint Intelligence, the Dark Web saw an average of 17 monthly posts about social media leaks from 2019 to mid-2021. However, this figure surged to an average of 65 monthly posts after a significant case in the summer of 2021. Many of these posts, as per their findings, may be reposts of the same database.

Old leaks, even genuine ones, can serve as the foundation for fake leaks. Presenting outdated data leaks as new creates the illusion of widespread cybercriminal access to sensitive information and ongoing cyberattacks. This strategy helps cybercriminals establish credibility among potential buyers and other actors within underground markets.

Similar instances occur frequently within the shadowy community, where old or unverified leaks resurface. Data that's several years old is repeatedly uploaded onto Dark Web forums, sometimes offered for free or a fee, masquerading as new leaks. This not only poses reputation risks but also compromises customer security.

Mitigating Fake Leaks: Business Guidelines

Faced with a fake leak, panic is a common response due to the ensuing public attention. Swift identification and response are paramount. Initial steps should include refraining from engaging with attackers and conducting a thorough investigation into the reported leak. Verification of the source, cross-referencing with internal data, and assessing information credibility are essential. Collecting evidence to confirm the attack and compromise is crucial.

For large businesses, including fake leaks, data breaches are a matter of "when," not "if." Transparency and preparation are key in addressing such substantial challenges. Developing a communication plan beforehand for interactions with clients, journalists, and government agencies is beneficial. 

Additionally, constant monitoring of the Dark Web enables detection of new posts about both fake and real leaks, as well as spikes in malicious activity. Due to the automation required for Dark Web monitoring and the potential lack of internal resources, external experts often manage this task.

Furthermore, comprehensive incident response plans, complete with designated teams, communication channels, and protocols, facilitate swift action if such cases arise.

In an era where data leaks continuously threaten businesses, proactive and swift measures are vital. By promptly identifying and addressing these incidents, conducting meticulous investigations, collaborating with cybersecurity experts, and working with law enforcement, companies can minimize risks, safeguard their reputation, and uphold customer trust.
Read more »
Ransomware Attacks.
Cyber Crime Darkweb Email Fraud Endpoint HP Ransomware Attacks.

HP's Defense From Emerging Cybercrime


Cybersecurity is constantly evolving, so cybercrime's scope and consequences have grown significantly over time. Cybersecurity is a concern in the workplace and at the highest levels of government given the rise of ransomware.

With defined supply chains and markets, the cybercrime business has undergone a major shift or one that is more professional and industrialized. According to HP's senior malware expert Alex Holland, cybercrime has grown to be a significant industry. On contrary, as per HP's study, the dark web is encouraging cybercriminals to cooperate, exchange goods, support one another's operations, and even profit from them.

Maintaining its staff throughout the epidemic and after it, with the advent of hybrid work, has been one of the urgent concerns in this transforming landscape, as far as firms are concerned. "That's generated a lot of issues for organizations because they need to set up their devices remotely, manage their devices remotely, and we realize that endpoint visibility - in terms of security and identifying threats - has been a concern for the enterprise. Enterprises must also be able to defend against and recover from such attacks, should the worst happen," Holland adds.

Additionally, there is a significant risk for organizations because of the blurring of the barriers between an employee's personal and professional lives. 71% of employees, as per research HP published in May, claim they use computers at home more frequently and to access more company data. Office workers are also increasingly utilizing their work devices for personal tasks, in fact, 70% of them admit to doing so, such as checking their emails.

"We notice that utilizing work devices—especially for risky tasks like opening webmail. Email is effectively a direct line into the organization, as we continually observe from the data we examine in my team. Once an endpoint has been taken over, an attacker is free to move about or do a lot of harm," Holland claims.

By incorporating security into hardware, which is reinforced by the Endpoint Security Controller hardware chip, Holland claims HP wants to combat these threats. This secure-by-design strategy depends on a solid framework and system integrity verification. The maker offers a wide range of security systems, including firmware security, memory virus detection, and isolating dangerous tasks. 

HP offers services to provide a firm's desired security configuration right off the manufacturing line, which is the opposite side of the issue when it comes to configuring devices before they are dispatched to employees.










Read more »
USA
Darkweb Data Breach FTC Have I Been Pwned Phishing Attacks Private Data USA

Owner of CafePress Penalized $500,000 for Hiding a Data Breach

 

CafePress's past owner Residual Pumpkin firm has been fined $500,000 by U.S. Federal Trade Commission (FTC) in their final order over a 2019 data breach that impacted 23 million customers.

CafePress is a US site that sells print-on-demand items like apparel, housewares, and kitchenware. Sellers can register on the website and upload their designs, and CafePress takes a percentage of every sale. 

Social Security numbers and password recovery responses were kept in plain text and for a longer period by the Residual Pumpkin firm. Additionally, the organization did not implement existing safeguards and react to security vulnerabilities. After several attacks on its servers, it attempted to hide the significant data breach carried on by its inadequate security protocols. 

A unanimous 5-0 vote accepted the FTC's order. The FTC has mandated that the corporations immediately implement multi-factor authentication of stored data and set an encryption key for all social security numbers, in addition to imposing fines on the businesses. 

As a result, the company's current owner PlanetArt, who acquired CafePress in 2020, has set up an alert system to notify all customers and vendors whose private information has been compromised.

Unknown attackers acquired access to files stored as SHA-1 hashes during a February 2019 breach of CafePress' servers, exploited, and later sold 23,205,290 CafePress users' personal information on the dark web. However, after receiving notifications via Troy Hunt's Have I Been Pwned service, several users became aware of the situation. The fact the users seemed to reset their passwords on checking in without being informed of the data breach was the only indication that something was wrong. 

Since some of its merchants' accounts had been hacked since at least January 2018, as per FTC's claim, CafePress was aware that it had vulnerabilities even before the 2019 incident.

Instead of letting users acknowledge the instances, CafePress terminated their accounts and assessed a $25 account closure fee to each of them. Before the 2019 security breach, the company's network was again affected by several malware infestations, and CafePress once again neglected to look into the attacks.
Read more »
Telegram
Atlas VPN Cyber Attacks Darkweb LAPSUS$ NVIDIA Sensitive Data Leak SIM Swapping T-Mobile Telegram

T-Mobile Reveals its Security Systems were Hacked via Lapsus$ Hackers

 

T-Mobile acknowledged on Friday it had been the subject of a security compromise in March when the LAPSUS$ mercenary group gained access to its networks. The admission occurred after investigative journalist Brian Krebs published internal chats from LAPSUS$'s key members, revealing the group had infiltrated the company many times in March previous to the arrest of its seven members. 

After analyzing hacked Telegram chat conversations between Lapsus$ gang members, independent investigative journalist Brian Krebs first exposed the incident. T-Mobile said in a statement the breach happened "a few weeks ago" so the "bad actor" accessed internal networks using stolen credentials. "There was no customer or government information or any similarly sensitive information on the systems accessed, and the company has no evidence of the intruder being able to get anything of value," he added.

The initial VPN credentials were allegedly obtained from illegal websites such as Russian Market in order to get control of T-Mobile staff accounts, enabling the threat actor to conduct SIM switching assaults at anytime. 

The conversations suggest how LAPSUS$ had hacked T-Slack Mobile's and Bitbucket accounts, enabling the latter to obtain over 30,000 source code repositories, in addition to getting key to an internal customer account management application called Atlas. In the short time since it first appeared on the threat scene, LAPSUS$ has been known for hacking Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, Okta, and Globant. 

T-Mobile has acknowledged six previous data breaches since 2018, including one in which hackers gained access to data linked to 3% of its members. T-Mobile acknowledged it had disclosed prepaid customers' data a year later, in 2019, and unknown threat actors had acquired access to T-Mobile workers' email accounts in March 2020. Hackers also acquired access to consumer private network information in December 2020, and attackers accessed an internal T-Mobile application without authorization in February 2021. 

According to a VICE investigation, T-Mobile, unsuccessfully, tried to prevent the stolen data from being posted online after paying the hackers $270,000 through a third-party firm in the aftermath of the August 2021 breach. After its stolen sensitive information turned up for sale on the dark web, the New York State Office of the Attorney General (NY OAG) alerted victims of T-August Mobile's data breach would face elevated identity theft risks. 

The City of London Police announced earlier this month as two of the seven adolescents arrested last month for alleged potential connections to the LAPSUS$ data extortion group, a 16-year-old, and a 17-year-old had been charged.
Read more »
Russian Hackers
Bank Cyber Security Cyber Crime Cyber Crime Report Dark Web Monitoring Darkweb Russian Hackers

Russian hacker created the RedLine program, which steals passwords and bank card data in browsers

The RedLine malware attacks browsers based on the Chromium engine — Chrome, Edge, Yandex.Browser and Opera, as well as on the basis of the Gecko engine - Mozilla Firefox and Netscape. RedLine steals saved passwords, bank card data, information about cryptocurrency wallets, cookies, system information, and other information from browsers.

Further, experiments showed that the program collects any sensitive information stored in browsers, and in addition allows you to control the computers of victims via the SOAP remote access protocol and hypothetically create botnets from them. The problem affects not only companies but also ordinary users.

The RedLine program appeared on the Russian darknet in February 2020. The announcement of its sale was posted by a Russian-speaking user with the nickname REDGlade.

The AhnLab ASEC report calls RedLine a serious cyber threat. ASEC discovered the program in 2021 when they were investigating the hacking of the network of an unnamed company. It turned out that access was carried out through a VPN service from an employee's computer infected with RedLine.

Attackers sell malware on the darknet and telegram for an average of $150-200. RedLine is distributed using phishing mailings with attached files in the format .doc, .xls, .rar, .exe. It is also uploaded to domains that disguise themselves as an online casino or, for example, the website of the Krupskaya Confectionery Factory.

It is worth noting that in December 2021, RedLine became the most popular program used in cyber attacks. Since the beginning of the month, more than 22 thousand attacks have been carried out with the help of RedLine.

Experts urged not to store credentials in browsers, suggesting instead to use a password manager and enable two-factor authentication wherever possible.

Read more »
Russian Hackers
Darkweb Data Breach Database Compromised Russian Hackers

Russian hackers have posted confidential British police data

The hacker group Clop, allegedly linked to Russia, put up for sale data stolen from the British police. This statement was made on Sunday by the Mail on Sunday newspaper.

According to the publication, information stolen by hackers can be bought on the darknet. The Mail on Sunday says that information from the Police national computer system (PNC), where information about 13 million British residents is stored, could have fallen into the hands of hackers.

"We are aware of the incident and we are working with our law enforcement partners to understand and limit the extent of its potential consequences," the Kingdom's National Cyber Security Center said.

The ransomware attack reportedly targeted the British IT company Dacoll, one of whose divisions provides remote access to PNC for 90% of UK police forces.

The company confirms that the incident happened on October 5, but claims that it was related only to the company's internal network and did not affect its clients or their systems. Meanwhile, the Mail on Sunday claims that information from Dacoll's customers was put up for sale after the company refused to pay a ransom to hackers, the amount of which was not disclosed.

British cybersecurity expert Philip Ingram said that the damage caused by such a data leak is immeasurable, as now there are serious questions about the security of solutions used by numerous public and private organizations.

It is worth noting that the Clop group has been actively using the malware family with the same name since the winter of 2019, demanding a ransom for the return of access to blocked data. Some companies specializing in protection against hackers have suggested that some of the members of the group live in Russia.

Read more »
Database Dumped
Darkweb Data Breach Database Breach Database Dumped

The number of Russian bank card sales on the darknet will decline, says Group-IB

Group-IB found out that carding is losing its appeal to cybercriminals. At the same time, sales of magnetic stripe content of bank cards and text data of bank cards decreased in Russia and the CIS, while the market for such data grew worldwide.

According to Hi-Tech Crime Trends Group-IB, the volume of the shadow carding market in Russia and the CIS has decreased by 77%. The number of bank card data posted for sale on the darknet and attributed to banks in Russia and the CIS decreased by 60%.

The market for text data of bank cards (number, expiration date, holder name, address, CVV) decreased by 44%.

A similar trend is typical for the global carding market: its volume decreased by 26%. Group-IB attributed this trend to a decrease in dump sales due to the closure of the largest cardshop Joker's Stash.

At the same time, in the global market, the amount of text data of bank cards in the shadow market increased by 36%.

Group-IB believes that the increase in the number of sold text data is associated with the increase in phishing during the pandemic. The company expects that the number of sales of bank cards will continue to gradually decline.

According to his experts, the activity of skimmers and online stores on the proliferation of these cards in Russia is declining. This is due to the development of banks, for example, introducing systems such as 3-D Secure. Moreover, such protection systems are not widespread in the world. This explains that the market for text data of bank cards has grown worldwide, while in Russia it has decreased.

Experts add that the share of Russian-language messages is growing on shadow forums: in order to minimize personal risks, hackers are trying to steal payment data from customers in other countries, which negatively affects global statistics.

Read more »
Zoom
Cybersecurity Darkweb Phishing Attack Zoom

Users May Risk Losing their Passwords on Dark Web For Sale


In April, Zoom became one of the many victims of the companies that lost their user data to the hackers. Zoom, which is one of the top online video conference platforms, lost more than half a million of account logins on the dark web. The leaked passwords could be bought either for free or for a minimal amount of money. Understandably, the users are blaming the Zoom company for losing its accounts, and they have every right to do so. It is, however, a part of much bigger trouble that includes hackers, some criminal niches on the Internet, and the fault of our own to set very weak user passwords.


How passwords end up on the dark web? 

 Every year, more than hundreds of millions of user accounts end up getting exposed to the dark web, either through malware or phishing attacks. According to a report by Privacy Rights Clearinghouse, a non for profit organization in California, around 11.6 Billion user accounts have been hacked since the year 2005. The hacked accounts are then either uploaded on hacker websites or posted on the dark web for sale.

These websites and dark web can be accessed only through a specific browser called Tor. "Then there's Tor, the darkest corner of the Internet. It's a collection of secret websites (ending in .onion) that require special software to access them. People use Tor so that their Web activity can't be traced -- it runs on a relay system that bounces signals among different Tor-enabled computers around the world," says Jose Pagliery from CNN Business.] The hackers use these purchased passwords and try logging in with them to several other websites until they are successful, a technique known as credential stuffing.

The hackers used credential stuffing to steal more than 500,000 Zoom user accounts and uploaded them later on the dark web. In response to this, Zoom spokesperson has confirmed that they suspect the hackers used credential stuffing to breach the accounts. "You can help prevent some of these attacks by banning the use of bad passwords, blocking legacy authentication, and training employees on phishing," says Microsoft's security website on "how to prevent your company from web attacks."
Read more »
hacker news
Bank Hacking Darknet Darkweb Data Breach Database Dumped hacker news

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.
Read more »
Darkweb
Bank Security Darknet Darkweb

Data of Bank customers in Russia are becoming more expensive on the Darknet


In the first half of 2019, the price of banking customer data has rapidly increased on the Darknet. Thus, the cost of obtaining data on cards or statements of operations increased by 3-7 times. At the beginning of the year, the client's account statement could be purchased for 2 thousand rubles ($ 32), now its cost can reach 15 thousand rubles ($ 238).

According to the Positive Technologies analyst Vadim Solovyov, data on ATMs used by the client appeared on many sites, their price is from 8 thousand ($ 127) to 15 thousand rubles ($ 238). He noted, rather, this information can be used in traditional criminal schemes, for example, so that the fraudster's call to the client sounded more reliable.

"If the cost has increased, it means that the methods of countering leaks in banks have significantly complicated the business of attackers", the Central Bank believes.

The Head of the Information Security Department of the Open-Bank Vladimir Zhuravlev associated the price increase with a change in the type of attacks on customers. According to him, earlier fraudsters often used technical means, such as Trojans, phishing links or skimming. Now 90% of the theft occurs using social engineering methods, where the availability of personal customer data is very helpful to the fraudster.

The Central Bank does not disclose official statistics on the theft of funds of individuals in the first half of the year. However, law enforcement officers recorded an increase in successful thefts from bank accounts. For example, in the Kurgan region, the number of crimes has doubled, in the Smolensk region has grown five times.

According to Stanislav Pavlunin, the Vice-President of Post-Bank, the Bank uses different approaches and methods to combat internal fraud, for example, photo and video shooting of monitor screens, as well as official documents, presentations containing confidential information is prohibited.

It is interesting to note that Sixgill analysts have prepared a report, according to which Russia took the last place in the number of stolen bank cards. The researchers see two reasons for such low rates: the first is a large percentage of Russian cybercriminals, and the second is the economic situation in Russia.
Read more »
Windows
Darkweb malware Windows

Mylobot Turns your PC into a Zombie system



Tom Nipravsky, a security researcher at Deep Instinct, discovered another 'never seen before' malware that could transform a Windows PC into a botnet. Named as 'Mylobot', this malware has developed from the 'Dark Web'. It was finished up in the wake of following its server that was additionally utilized by other malware from the dark web.

The powerful botnet is said to consolidate various noxious systems, generally including:

·       Anti-VM techniques
·       Anti-sandbox techniques
·       Anti-debugging techniques
·       Wrapping internal parts with an encrypted resource file
·       Code injection
·       Process hollowing (a technique where an attacker creates a new process in a suspended state and replaces its image with the one that is to be hidden)
·       Reflective EXE (executing EXE files directly from memory, without having them on disk)
·       A 14-day delay before accessing its C&C servers.

"On a daily basis we come across dozens of highly sophisticated samples, but this one is a unique collection of highly advanced techniques," says Arik Solomon, vice president of R&D at Deep Instinct. "Each of the techniques is known and used by a few malicious samples, but the combination is unique."

As indicated by the researcher, Mylobot likewise bears contrary to the botnet property. The reason, as indicated by the researcher, for this conduct being is, possibly to prevail upon the "opposition" on the dark web.

 “Part of this malware process is terminating and deleting instances of other malware. It checks for known folders that malware “lives” in (“Application Data” folder), and if a certain file is running – it immediately terminates it and deletes its file. It even aims for specific folders of other botnets such as DorkBot.”

The researchers say it's vital to take note that Mylobot was found in the wild, at a Level 1 communication and telecommunication equipment manufacturer and not in a proof-of-idea show.

Also, in conclusion the one thing they are extremely sure about is the modernity of the malware's creators as, according to ZDNet, the real author(s) of this malware are yet obscure, be that as it may, the malware utilizes a similar server which is connected to the scandalous Locky ransomware, Ramdo, and DorkBot.

Read more »
Subscribe to: Posts (Atom)