CryptXXX Ransomware Spread Through SoakSoak Botnet: Two Big Actors As One

CryptXXX and SoakSoak are huge threats individually.

Share this:

One Email: Countless Phishing Domains

We often analyze indictors of phishing-related compromise from techhelplist.com. These lists contain a large number of indicators, usually not all related to one campaign, but to countless ones that have already spread before the lists were updated.

Share this:

DGA Updates

wood-cube-473703_1280.jpg

In December, we introduced a target list of more than 20 malware family DGAs provided by our friends over at 360 Research Team. Continuing their great work, we are happy to integrate 7 new malware DGAs:

Share this:

The “TelePort Crew” Evolves from Carbanak

The "Digital Plagiarist" campaign, dubbed by researchers at the tr1adx team, was run by the "TelePort Crew” and appears to be an evolution of the Carbanak cybercrime group. This group is infamous for a large-scale campaign against banks, leading to the 2015 theft of hundreds of millions of dollars and the Carbanak/Anunak malware that targets point of sale machines.

Share this:

Sure, Just a Threat Feed Works. Like Biden Without Ray-Bans.

 

Sure, just any old threat feed will do. Like those one-size-fits-all “I Heart NY” shirts in Times Square. Just like Chipotle without guac (if you’re obsessed with both Chipotle and guac, like me) or Caesar salad with no… dressing. Laverne without Shirley, Biden without Ray-Bans, or maybe the internet without a politically topical meme. I’m going somewhere with this…. I promise.

Share this:

Bi-weekly Security Update

Bi-weekly Security Update

Malicious content identified and inserted:

  • IPs – 960
  • Domains – 1653

Share this:

How much would you pay in bitcoin to watch that cat video?

Where do security professionals draw the line between protecting their company’s network, and delivering a free-range internet experience for their fellow employees? This quandary came up at ThreatSTOP recently, spurred by a support request we received from a customer who posed this very question to himself, his peers, and to us. It got us thinking, and made us wonder what the consensus is among security professionals who constantly wrestle with balancing the scales of security and user friction.

Share this:

Switcher Android Malware - The Road From Android App to Hijacking DNS Server

One of the most recent campaigns highlighting the importance of router security is Mirai (The botnet that had large scale attacks by infected IoT devices). Even before this, reports emphasized the importance and vulnerability of these devices. For example, Report by Malware Researcher Kafeine revealed the use of an exploit kit aimed to exploit routers. This method showed Google Chrome users were redirected to a malicious server that loaded code designed to determine router models. (While changing the DNS servers configured to the router)

Share this:

Crime As a Service: The Gritty Details & How to Prevent It

 

“Crime as a Service” (CaaS): It’s not just a recently ramped up buzzword, it has actual backing and won't quietly fade into the night anytime soon. It’s a service that has the potential to mature into a larger organizational unit, which is telling of the cyber security issues we’ll be up against in the future.

Share this:

Paul mockapetris at namescon 2017

Come see the inventor himself, Paul Mockapetris, deliver the keynote presentation at NamesCon 2017:

Share this:

Why Switch When You Can Keep the Service You Trust? Infoblox ActiveTrust vs. ThreatSTOP DNS Firewall Service

 

Received a notice from Infoblox lately?

If you’re a DNS Legacy Firewall customer, you’ve probably gotten a warning to migrate to ActiveTrust by end of January….. or else. However, that’s not the case. The Threat Intelligence/RPZ Feed you’ve been utilizing with Infoblox is a ThreatSTOP powered service and it’s still operational. We’ve also been developing and improving our product, now offering our new, Next Generation DNS Firewall Service to active subscribers without any added charges.   

Share this:

Bi-weekly Security Update 12/21-1/3

Malicious content identified and inserted:

  • IPs – 1625
  • Domains – 4562

Target lists updated:

  • TSCritical (Domains and IPs)
  • TSRansomware (Domains and IPs)
  • TSPhishing (Domains and IPs) – New Targets added!
  • TSBanking (Domains and IPs) – New Targets added!

Share this: