<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Fake DocuSign Invoice Phish Leads to GoDaddy Domain Briefly Redirected to Chinese IP

Like many security researchers, I not only run my own mail servers, but I generally do not have spam filtering on many of them so I can see the interesting attacks that come in. Then, dig into them as time allows. Yesterday, I got an interesting take on the ever-present invoice maldocs campaign, this time it was spoofing a DocuSign email suggesting I had an invoice to sign.

 

Read More

Share this:

Wondering About the Power of IP Reputation? Here’s a Prime Example.

ThreatSTOP recently had the ASN 64484 Jupiter 25 (also known as DMZHOST) brought to our attention as the source of some DDoS attacks. This AS is a fascinating one that has a single upstream (Quasi Networks – a hosting provider formerly and notoriously known as Ecatel) and announces just a single /24.

The single /24 is not, of itself, an indicator of badness. (ThreatSTOP’s AS also announces a single /24) However, it does suggest that the AS is not a major hosting provider since only about 250 separate unNATed hosts can be run on that network.

Read More

Share this:

An Inside Look at the Infrastructure Behind the Russian APT Gamaredon Group

Recently, fellow researcher Vitali Kremez took a look at some new binaries from the Gamaredon Group. This is a Russian state-sponsored group that has been active since about 2013. The malware specifically is the Pteranodon implant, which provides a variety of functions such as remote command execution, downloading and executing other files, and collecting system data. It was the subject of a recent CERT UA blog post here (note: this site is in Ukrainian).

Read More

Share this:

Multiple Government Entities Targeted with Massive DNS Attacks

Image via Technology Times

In recent weeks, reports have emerged that various government entities have been the target of DNS hijacking attacks. These attacks would redirect those attempting to interact with legitimate government sites and instead send them to malicious infrastructure who could engage in phishing attacks, email theft, or a wide variety of misconduct.

Read More

Share this:

How Malvertising Leads to Fake Flash Malware

It’s no secret that the pervasiveness of ad networks has greatly diminished the web browsing experience in recent years. With this has also come criminals and other miscreants who are using the drive for web advertising revenue to deliver malware.

Read More

Share this:

Why You Need to Block the Threat Factory. Not Just the Threats.

 

Cyber criminals will create roughly 100 million new malware variants over the next 12 months. Security vendors will respond with new malware signatures and behaviors to stop them, but thousands of companies will be victimized in the process, experiencing costly or catastrophic breaches. This isn’t new - it’s a cycle.

Read More

Share this:

Axim & ThreatSTOP Live Webcast: January 24. John Bambenek Talks Reducing Your Attack Surface with Threat Intelligence

Gathering and implementing threat intelligence is overwhelming, but it can be done in an extremely effective and uncomplicated way. John Bambenek, ThreatSTOP's VP of Security and Research, will talk about the threat landscape's new reality, where attackers are financially motivated pros, visibility into threats is limited and the attack surface has grown exponentially. (There have been 96M malware variants since 2016) With this, utilizing threat intelligence the right way (combined with modern packet capture) is essential to IT security and compliance.

Read More

Share this:

BrightTALK Webcast: December 13. John Bambenek Talks Predictions for 2019's Threat Landscape.

As part of BrightTALK's 2019 Trends and Predictions Webcast series, ThreatSTOP's VP of Security and Research, John Bambenek, is talking specifically about social engineering and phishing on this December 13th episode. Check out the details here:

Read More

Share this:

Searching for Cisco Umbrella Alternatives? Your Affordable Option for DNS Security with Advanced Reporting.

Looking for an affordable alternative to Cisco Umbrella Enterprise's high cost? ThreatSTOP comes with advanced reporting and security research tools out-of-the-box. See blocked threats, remediate client machines faster and check IOC’s. Here's a breakdown of how ThreatSTOP and Cisco line up.

Read More

Share this:

Over 120 Malicious Domains Discovered in Analysis on New Roaming Mantis Campaign

Since April of this year, news of a rapidly evolving crypto mining malware, dubbed Roaming Mantis, has hit the cyber news headlines. Roaming Mantis debuted with a DNS hijacking attack vector, infecting android running machines. Once installed, the malware redirected infected devices to phishing sites by spoofing legitimate applications, while using the stolen credentials to run a crypto mining script on PCs.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter