Archive for the ‘Botnet’ Category

FBI Mapping ‘Joanap Malware’ Victims to Disrupt the North Korean Botnet

January 31st, 2019
The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"—an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of

Posted in Botnet, Brambul malware, Cyber Attack, FBI, Hidden Cobra Hackers, Joanap botnet, Lazarus Group, malware, North Korea, North Korean hackers | Comments (0)

FBI, Air Force investigators mapped North Korean botnet to aid shutdown

January 31st, 2019
Stylized photograph of a suspicious character at a laptop.

Enlarge / Computer Hacker (credit: ilkaydede / iStock / GettyImages)

On January 30, the US Department of Justice announced that it, the Federal Bureau of Investigation, and the Air Force Office of Special Investigations were engaged in a campaign to "map and further disrupt" a botnet tied to North Korean intelligence activities detailed in an indictment unsealed last September. Search warrants obtained by the FBI and AFOSI allowed the agencies to essentially join the botnet, creating servers that mimicked the beacons of the malware.

"While the Joanap botnet was identified years ago and can be defeated with antivirus software," said United States Attorney Nick Hanna, "we identified numerous unprotected computers that hosted the malware underlying the botnet. The search warrants and court orders announced today as part of our efforts to eradicate this botnet are just one of the many tools we will use to prevent cybercriminals from using botnets to stage damaging computer intrusions.”

Joanap is a remote access tool (RAT) identified as part of "Hidden Cobra", the Department of Homeland Security designator for the North Korean hacking operation also known as the Lazarus Group. The same group has been tied to the WannaCry worm and the hacking of Sony Motion Pictures. Joanap's spread dates back to 2009, when it was distributed by Brambul, a Server Message Block (SMB) file-sharing protocol worm. Joanap and Brambul were recovered from computers of the victims of the campaigns listed in the indictment of Park Jin Hyok in September.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, Botnet, DOJ, FBI, hidden cobra, Lazarus Group, North Korea, Policy, usdoj | Comments (0)

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

January 17th, 2019
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

Posted in bank hacking, Botnet, Cyber Attack, ddos attack, hacker arrested, hacking news, malware, Ukraine, Ukrainian hacker | Comments (0)

Malware Hunter — Shodan’s new tool to find Malware C&C Servers

May 2nd, 2017

Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks.

But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and

Posted in Botnet, botnet detection, Cyber Attacks, DDoS, IoT Search Engine, Malware Hunter, Search engine, Shodan, Shodan search engine | Comments (0)

Discovery of 8,800 servers sends warning to Asian cybercriminals

April 27th, 2017

Move shows the importance of international co-operation to take down cybercrime at its roots

Posted in Botnet, DDoS, interpol, Law & order, ransomware | Comments (0)

To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does

April 19th, 2017

It should be noted that hacking a system for unauthorised access that does not belong to you is an illegal practice, no matter what’s the actual intention behind it.

Now I am pointing out this because reportedly someone, who has been labeled as a ‘vigilante hacker’ by media, is hacking into vulnerable ‘Internet of Things’ devices in order to supposedly secure them.

This is not the first time

Posted in Botnet, botnet network, Cyber Attack, hacking news, IoT botnet, iot devices, IoT Malware, mirai botnet, mirai malware | Comments (0)

Suspected Kelihos Botnet Operator Arrested in Spain

April 10th, 2017

Update (Tuesday, April 11): The arrest of a Russian man in Spain was apparently for his role in Kelihos botnet responsible for sending hundreds of millions of spam emails worldwide.

A Russian computer hacker and alleged spam kingpin was arrested in Barcelona, Spain, on Friday reportedly over suspicion of being involved in hacking attacks linked to alleged interference in last year’s United

Posted in Botnet, computer programmer, election hacking, hacker arrested, hacking news, presidential election, Programming, Russian hackers, Spam botnet, spamming, us election | Comments (0)

Fraudsters Using GiftGhostBot Botnet to Steal Gift Card Balances

March 25th, 2017

Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe.

Dubbed GiftGhostBot, the new botnet specialized in gift card fraud is an advanced persistent bot (APB) that has been spotted in the wild by cyber security firm Distil Networks.

Posted in Botnet, brute force attack, gift card cash, Gift Cards, gift cards vouchers, GiftGhostBot | Comments (0)

What Is a DDoS Attack and How Does It Work?

March 24th, 2017

Let’s do a little thought experiment: imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everything is moving smoothly at a crisp, legally-defined speed limit. Then, as you approach an entry ramp, more cars join. And then more, and more and more until all of the sudden traffic has slowed to a crawl, if that. That is what a Distributed Denial of Service (DDoS) attack is—a method where cybercriminals flood a network with so much traffic that it cannot operate or communicate as it normally would.

DDoS is a simple, effective and powerful technique that’s fueled by insecure devices and poor digital habits. It’s one of the more troubling areas in cybersecurity today simply because it’s incredibly difficult to prevent and mitigate. And it doesn’t matter how big or small a website is, either. For example, Dyn, a major service provider for popular websites, was knocked offline last October. Shortly before that attack, Brian Krebs, a popular cybersecurity journalist, suffered a massive attack on his site in retaliation of his reporting. He’s not the only journalist cybercriminals have targeted, either.

But preventing DDoS attacks from happening in the first is incredibly difficult because they’re fairly simple to create. All it takes to create a DDoS attack are two devices that coordinate to send fake traffic to a server or website. That’s it. Your laptop and your phone, for example, could form their own DDoS network (sometimes referred to as a botnet, but more on that in a minute) if you or a cybercriminal programmed them to cooperate. But two devices, even if they’re dedicating all of their processing power in an attack, aren’t enough to take down a website or server. But hundreds and thousands of devices are more than capable of taking down an entire service provider with their combined might.

To get to a network of that size, cybercriminals create what’s known as a “botnet,” a network of compromised devices that coordinate in order to achieve a particular task. Botnets don’t always have to be used in a DDoS attack, nor does a DDoS have to have a botnet to work, but more often than not they go together like Bonnie and Clyde. Cybercriminals create botnets through fairly typical means: tricking people into downloading malicious files and spreading malware.

But malware isn’t the only means of recruiting devices. Because a good deal of companies and consumers practice poor password hygiene, all a cybercriminal has to do is scan the internet for connected devices with known factory credentials or easy-to-guess passwords (“password,” for example). Once logged in, cybercriminals can easily infect and recruit the device into their cyber army.

For a good deal of the time, this cyber army lies dormant. It needs orders before it acts. This is where a specialized server called a command and control server (typically abbreviated as a “C2”) comes into play. When instructed, cybercriminals will order a C2 server to issue instructions to compromised devices. Those devices will then use a portion of their processing power to send fake traffic to a targeted server or website and, voila! A DDoS attack is born.

Because of its distributed nature, and the difficulty in discerning between legitimate and fake traffic, DDoS attacks are usually successful. They do not, however, constitute a “breach.” This is because DDoS attacks overwhelm a target to knock it offline—not to steal from it. Usually DDoS attacks will be deployed as a means of retaliation against a company or service, often for political reasons. Sometimes, however, cybercriminals will use DDoS attacks as a smokescreen for more serious compromises that may eventually lead to a full-blown breach.

Like I mentioned earlier, DDoS attacks are only possible because devices are so easily compromised. So how can you prevent your devices from participating in a DDoS attack? Well, here are a few things you can do:

  • Secure your router. Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you’ve already thrown out the instructions for your router and aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. And remember, protection can start within your router, too. Solutions such as McAfee Secure Home Platform, which is embedded within select routers, help you easily manage and protect your network.
  • Change default passwords on IoT devices. A lot of internet of things (IoT) devices, smart objects that connect to the internet for increased functionality and efficiency, come with default usernames and passwords. The very first thing you should do after taking your IoT device out of the box is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
  • Use comprehensive security. A lot of botnets are built on devices without any built-in security. Comprehensive security solutions, like McAfee LiveSafe™, can help secure your most important digital devices from known malware variants. If you don’t have a security suite protecting your devices, take the time to do your research and commit to a solution you trust.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

The post What Is a DDoS Attack and How Does It Work? appeared first on McAfee Blogs.

Posted in Botnet, Consumer Threat Notices, Internet of things | Comments (0)

Hackers threaten to take down Xbox Live and PSN on Christmas Day

December 24th, 2016

Bad news for gamers!

It’s once again the time when most of you will get new PlayStations and XBoxes that continue to be among the most popular gifts for Christmas, but possibilities are you’ll not be able to log into the online gaming console, just like what happens on every Christmas holidays.

On 2014 Christmas holidays, the notorious hacker group Lizard Squad knocked the PlayStation

Posted in Botnet, Christmas DDoS Attack, Cyber Attack, ddos attack, game hacking, Gaming Platform, sony playstation, XBox Live | Comments (0)