Recent spam campaigns from Emotet featured sextortion content very similar to emails previously sent by the Necurs botnet. However, Emotet spam ended up netting 10 times the amount that a comparable Necurs campaign did — within a matter of six hours. Why was Emotet so much more successful with the same type of ploy? Two factors played into this. First, Emote

Emotet is one of the most persistent and dangerous cyberthreats around today. According to the latest statistics, there are over 30,000 variants of this botnet, which was first seen as a banking Trojan back in 2014. Last year, Emotet represented 45% of the URLs that were used to download malware. According to Any.Run, a public service that allows interaction

by Aliakbar Zahravi  We recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the

The second day is over. Here is my daily wrap-up. Today was a national strike day in France and a lot of problems were expected with public transports. However, the organization provided buses to help attendees to travel between the city center and the venue. Great service as always

Reference Amnesia / Radiation botnet samples targeting Remote Code Execution in CCTV DVR 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet2016-08-11 CyberX Radiation IoT Cybersecurity campaignDownload             Other malwareDownload. Email me if you need the password (see

By Feike Hacquebord, Cedric Pernet, and Kenney Lu The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narr

By Jaromir Horejsi and Joseph C. Chen (Threat Researchers) We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequen

Exactly one week ago, Emotet, one of the most dangerous threats to organizations in the last year, resumed its malicious spam campaigns after several months of inactivity. Based on our telemetry, we can see that the botnet started becoming chatty with its command and control servers (C2), about a week or so before the spam came through. Figure 1: Communic

After a fairly long hiatus that lasted nearly four months, Emotet is back with an active spam distribution campaign. For a few weeks, there were signs that the botnet was setting its gears in motion again, as we observed command and control (C2) server activity. But this morning, the Trojan started pumping out spam, a clear indication it’s ready to jum

A group of researchers has conducted a rigorous comprehensive characterization of this DDoS attacks and of countermeasures to mitigate the associated risks. Denial of Service (DoS) attacks have been around about as long as computers have been network connected. A website’s purpose is to accept connections from the Internet and return information. A bad

The CSE CybSec Z-Lab Malware Lab spotted a new botnet, dubbed Wonder botnet, while it was investigating malicious code in the dark web. While investigating the malicious code in the dark web, ZLab experts discovered a “NetflixAccountGenerator.exe” that promises to generate a premium account for Netflix services for free. Unfortunately, the software downloade

Operators behind Locky ransomware campaigns have switched to new attack techniques to evade detection leveraging the DDE protocol. Security experts are continuing to observe the Locky ransomware spreading via spam campaigns that rely on the Necurs botnet. Now operators behind Locky ransomware campaigns have switched to new attack techniques to evade detectio

Security researchers with Trend Micro discovered a backdoor dubbed SYSCON that uses an FTP server for command and control (C&C) purposes. The SYSCON backdoor is spreading through tainted documents that refer North Korea and target individuals connected to the Red Cross and the World Health Organization. The use of an FTP server as C&C is uncommon fo

According to Imperva DDoS report, over 75% of targets were hit multiple times in Q2 2017, while the percentage was only 43.2% in the same period of 2016. Imperva published the Global DDoS Threat Landscape for Q2 2017, the report shows an increase in the amount of persistent application layer DDoS attack over a one-year period. According to Imperva, over 75%

Experts from security firm ESET discovered cyber criminals exploiting Microsoft Servers to mine Monero and already earned $63,000 in 3 Months. Mining cryptocurrencies is a profitable business, but it is also expensive because it needs significant investment in computing power. Crooks are using malicious code that steals computing resources of victims’