Daily Archives: July 5, 2019

Threat Roundup for June 28 to July 5

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 28 and July 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More at Talosintelligence.com

 

Reference
TRU07050219 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Hacked forensic firm pays ransom after malware attack

Largest private provider Eurofins hands over undisclosed fee to regain control of systems

Britain’s largest private forensics provider has paid a ransom to hackers after its IT systems were brought to a standstill by a cyber-attack, it has been reported.

Eurofins, which is thought to carry out about half of all private forensic analysis, was targeted in a ransomware attack on 2 June, which the company described at the time as “highly sophisticated”. Three weeks later the company said its operations were “returning to normal”, but did not disclose whether or not a ransom had been paid.

Continue reading...

Episode 530 – Why You Should Not Pay The Ransom From Ransomware

The past few weeks two cities in Florida were hit by ransomware and they eventually paid the ransom. This episode talks about the danger of doing that and what you can do to help prevent damage from a ransomware attack.  Be aware, be safe. Become A Patron! Patreon Page *** Support the podcast with a […]

The post Episode 530 – Why You Should Not Pay The Ransom From Ransomware appeared first on Security In Five.

DDoS attacks – Protection is better than cure

Estimated reading time: 3 minutes

DDoS Attacks on Rise…. 

As per recent cyber security reports, there has been a rise in DDoS attacks in Q1 2019, with number of attacks lasting more than an hour. Many researchers believe that cyber attackers who had been doing DDoS attacks for monetary gain, had focused their attention on income sources like crypto mining. The decrease in crypto mining activity has once again led to increase in DDoS attacks.

What are DoS and DDoS Attacks? 

denial of service (DoS) attack is a strategy in which unknown zombie aims to prevent others from accessing web server, web application or cloud service, by flooding them with service requests from single origin, rendering target internet service inaccessible.

On the other hand, distributed denial of service (DDoS) attack is a DoS attack from multiple sources on different networks disrupting any service like mobile application API’s, web pages, email services or DNS services. 

Why DDoS Attacks? 

Attacker might be doing these attacks for fun, to slow down competitor business, public votes, monetary gains or other income sources like crypto mining etc. DDoS attacks can even cover up for stealing valuable data from victims.

Types of DDoS Attacks? 

Basic DDoS attacks include UDP Flood, SYN Flood, ICMP (Ping) flood, DHCP starvation attack, Ping of Death attack.

UDP Flood 

Flooding random ports on remote host with UDP packets. Victim continuously check for application listening on that port when no application found, victim replies with ICMP destination unreachable repeatedly. Hence resulting in victim resources exhaustion, leading to inaccessibility.

SYN Flood 

Flooding SYN requests or even spoofing SYN requests for which no ACK will be received. Victim waits for acknowledgement from flooder for each request binding resources until new connection can be made then resulting in denial of service.

ICMP (PING) Flood 

Flooding ICMP Echo Request packets without waiting for replies. Victim keep on generating ICMP Reply Packets for each request leading to exhaustion of both incoming and outgoing bandwidth, leading to system slowdown.

Ping of Death Attack 

Flooding of malformed or malicious pings. Victim ends up with IP packet exceeding 65,535 bytes when reassembled. This results in overflow of memory buffers allocated for packet ending up in denial of service for legitimate packets.

DHCP Starvation attack 

Flooding DHCP Discover Packets to DHCP servers with intent of exhausting all IP addresses that can be allocated by DHCP server, resulting in denial of service for legitimate network users.

Business Impact of DDoS attacks… 

Generating DDoS attacks is not much expensive but then it can have huge impact on business. Imagine a service down for 24 hours; in addition to financial loss, company’s reputation is also at risk. In 2015, BBC’s server was flooded with traffic of 602 Gbps leading to collapse of BBC’s sites and content services provided by BBC’s server [1][2]. There are many more countless examples. IT administrator contact 3rd Party vendor to resolve this issue. Delay in controlling DDoS attack circumstances may lead competitor to quickly step in. 

So, isn’t protection against DDoS attacks better than cure? 

Day by day internet speeds are increasing, our application server could be attacked by hackers with high volume connections, which results in denial of service scenarios. We need to protect them from DoS and DDoS attack. So, what’s the solution?

Protect your application servers with Seqrite UTM, a gateway security solution.  

SEQRITE UTM (Unified Threat Management) has excellent Gateway Security Solution against DDoS attacks. It provides protection against DoS/DDoS attacks for SYN Flood, ICMP/ICMPv6 Flood and UDP Flood. 

For more information visit:  https://www.seqrite.com/seqrite-utm

References 

1.http://www.csoonline.com/article/3020292/cyber-attacks-espionage/ddos-attack-on-bbc-may-have-been-biggest-in-history.html 

2.https://www.cyberdefensehub.com/famous-ddos-attacks/

The post DDoS attacks – Protection is better than cure appeared first on Seqrite Blog.

Weekly Update 146

Weekly Update 146

After a very non-stop Cyber Week in Israel, I'm back in Oslo working through the endless emails and other logistics related to Project Svalbard. In my haste this week, I put out a really poorly worded tweet which I've tried to clarify in this week's video. On more positive news, the Austrian government came on board HIBP and my MVP status got renewed for the 9th time. I also wanted to talk this week about some of the stats from HIBP I've been preparing as part of the acquisition. There's a bunch of really interesting numbers in there (for me at least) and rather than just keeping them locked away in an information memorandum, I thought I'd share them with everyone in this week's update.

Weekly Update 146
Weekly Update 146
Weekly Update 146

References

  1. The Austrian government is now using HIBP to monitor all gov domains across the country (they join the UK, Australia and Spain in utilising this free service)
  2. My MVP status has been renewed, now going into year 9! (this program has been a real defining part of my career)
  3. Shape Security is sponsoring my blog this week (Captcha is no longer enough, they're talking about how Shape Connect blocks automation & improves security instantly, with a 30 minute implementation)

Cloudbric Listed on Bitsdaq Exchange, the Trading Platform Powered by Bittrex

Cloudbric’s cryptocurrency CLB was recently listed on the global exchange Bitsdaq on July 4 and began trading on the platform July 5. 

Bitsdaq was launched as a digital asset trading platform that leverages Bittrex’s cutting-edge technology to provide customers a secure, advanced and reliable platform and extensive selection of digital tokens.

Recently, Bitsdaq listed seven new projects including Cloudbric’s to promote quality projects in the second half of 2019. Cloudbric’s trading pair CLB/BTC will be exclusively offered in Bitsaq. Meanwhile, other trading paids such as CLB/ETH will be available in the near future. 

The Bitsdaq App received a positive response within two weeks of its official launch. The app is available on both Android and iOS conveniently allowing users to trade CLB: 

Cloudbric has been diligently began preparing to launch a personal security app during 3Q following the launch of their partner Klaytn’s mainnet, orchestrated by KakaoTalk’s blockchain subsidiary Ground X. The app will provide a type of cryptocurrency asset verification service to individual users.

The app will first be available for free at its launch to emphasize the importance of cryptocurrency asset protection. It’s also part of Cloudbric’s mission to help in creating a secure blockchain ecosystem.

 


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Cloudbric Listed on Bitsdaq Exchange, the Trading Platform Powered by Bittrex appeared first on Cloudbric.