Media Coverage

Researchers have severed a link between criminals running the ElTest malware distribution network and computers they infected with ransomware and banking trojans. Researchers at Proofpoint, abuse.ch and brilliantit.com have “sinkholed” ElTest, breaking a large network of legitimate but compromised websites that was capable of conducting two million redirects per day to various exploit kits. The attacks targeted Chrome desktop and Chrome on Android, Internet Explorer, and Firefox browsers.  Abuse.ch is alerting national CERTs around the world while ShadowServer is informing network operators.

What are you doing to prepare for the next “scanning malware” and “Internet Worm?

Shadowserver has been running Internet-wide scans on a handful of UDP services to identify servers that could be potentially abused. Shadowserver data currently has the best source of information on how the use of UDP services, particularly UPnP, has evolved over the years, Moore says.

This week the National Crime Agency (NCA), the police, and a range of partners across industry and the public sector are providing help to the public and small businesses in guarding against cybercrime. The NCA is producing customised intelligence reports in conjunction with  the UK’s Computer Emergency Response Team (CERT-UK) and the Shadowserver Foundation to be distributed by regional police forces to local businesses. These reports will inform businesses of the threats on their systems and how to subscribe to live threat update feeds.

Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks. Here’s the world at-a-glance, from our friends at Shadowserver.org.

As of 2018-03-17 ( Morning Update), more attack using the memcached reflection vector have been unleashed on the Internet. As shared by  Akamai Technologies “memcached-fueled 1.3 Tbps Attacks,” the application factors are “Internet Impacting.” Mitigation and Remediation Efforts are reducing the number of potential memcached reflectors. Please keep up the good work.

Your staff took every security precaution and still got infected! The infection was quickly caught (thanks to public benefit “outside in” – 3rd party monitoring). Yet, the lost time, productivity, and cost (hard drives being replaced) is not what your organization needs. What if there was a way to use the DNS infrastructure for something more than an address to name translation tool?

Several security companies this week released new research into how hijacking computers is turning real profits for cybercriminals. In fact, three cryptocurrency mining applications – Coinhive, Crytoloot and Rocks – are now among the top 10 malware families even though the code itself isn’t malware, according to Check Point Software. The company estimates that 55 percent of businesses have been affected by cryptocurrency mining applications.

The community of open source threat intelligence feeds has grown over time. We have new sources being offered all the time. Many companies offer freemium services to entice the usage of their paid services.  There are community projects which aggregate data from new sources of threat intelligence. We also have an emerging market of companies who pull all this and other data into Threat Intelligence solutions. Finally, there are security companies who offer their threat intelligence as a community service. The result is a massive amount of information.  The following is maintained for the participants of the Operator’s Security Toolkit program.