<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:Ofir Ashman

Recent Posts

Is DNS the Key to DGA Protection?

Command and control servers (C2s) are a central part of malware campaigns - almost all malware families communicate with C2 servers to receive orders from the attackers controlling them. Threat actors go to great lengths to keep these servers up and running while law enforcement attempts to shut them down and security vendors strive to protect their customers from them. When C2 addresses were hard coded into malware it wouldn’t take long before the address was found, published and taken down or blocked. Today's reality is much more complex.

Read More

Share this:

6 Cybersecurity Mistakes Every Organization Should Avoid

 

All it takes is one mistake, one wrong click or weak password, one unpatched vulnerability, for a malicious threat actor to infiltrate your network. Once they are inside, the options are endless. Security can never be 100% airtight, but making sure you have strong armor at the frontline will critically minimize the attacks that have a chance of penetrating your network. How is this defense built? Most of the time, our mind jumps right to the tools – which technologies can we use to armor up? But effective security is much more than that – setting in place the right mindset, personnel, processes AND tools is the key to keeping your data secure. In this blog post, we will share critical mistakes that managers, IT teams and employees alike should be aware of in order to make the right choices and keep the company network safe.

Read More

Share this:

From Russia with Love: Selectel hosting some busy, bad IP addresses

In the past week we saw a massive surge in hits on customer logs coming from the IP 45.146.165[.]11. Our security research team checked it out, and found that it has been the launch pad for abnormally large amounts of traffic trying to reach customer machines. On one customer network alone they got over 2 million hits.

Read More

Share this:

MS EXCHANGE ATTACKS: BLOCK ANONYMOUS VPN SERVICES (AND THESE IOCS)

Until two weeks ago, thousands of Microsoft Exchange servers were under attack unknown to anyone. Since Microsoft and other researchers uncovered this severe cyber offensive against various U.S. institutions, organizations have been scrambling to patch the vulnerabilities used in the attack, understand the extent of potential damage, and ensure protection for next time (and there will be a next time). In this blog post, we'll explain how to do exactly that.

Read More

Share this:

New Gafgyt Botnet TOR Variant Targets D-Link and IoT Devices

The Gafgyt IoT botnet has been around for 7 years already, boasting many different variants over time. Also known as BASHLITE, this botnet has become notorious for launching DDoS attacks, making it almost as well-known as famous botnets such as Mirai in recent years. In 2018, two Gafgyt variants were detected, targeting Apache Struts and SonicWall vulnerabilities. Over the next year, Gafgyt started targeting vulnerable internet of things devices, wreaking havoc on gaming servers all over the world.

Read More

Share this:

Cybercrime Against Healthcare Soars During COVID-19

Healthcare has been one of the most severely impacted industries by the still-menacing COVID-19 virus. The sudden global pandemic created a surge in demand for clinical care, medical equipment, healthcare technologies and eventually - a solution. All of these and more rely on information technology. From making appointments and delivering healthcare to patients, to using internet-connected medical devices and developing vaccine research, COVID-19 response is vulnerable to cyber attacks on all levels. Being by far the most pressing issue today, it comes as no surprise that attackers are exploiting the difficult situation healthcare institutions are facing to wreak havoc and cash in on their struggle.

Read More

Share this:

New Silver Sparrow Malware Infects 30,000 Macs

The new macOS malware strain has infected almost 30,000 devices so far, running on Apple’s new M1 chips. Most instances were detected in the United States, United Kingdom, Canada, France and Germany, though it has been reported that Silver Sparrow has reached Macs in at least 153 countries.

Read More

Share this:

Preventing Phishing, Smishing and Vishing

When reading the names of these attacks out loud, we wouldn’t be surprised if the first thought that comes to mind is “how malicious can attacks with such cutesy names really be?”. Well, phishing is used as the attack vector for 95% of all targeted attacks against enterprise networks, and a single spear phishing attack results in an average loss of $1.6 million according to Security Boulevard. So yeah, phishing is quite a big deal.

But it’s not only classic email phishing that is causing a fuss. The FBI issued a warning last month about voice phishing attacks, also known as “vishing”. In their statement, the FBI shed light on a new wave of cybercriminals “taking advantage of changing environments and technology” during lockdown and other COVID-19 restrictions. In this blog post, we will explain how phishing works across different platforms, how to recognize the attacks and how to make sure you’re protected.

Read More

Share this:

How Long Does an IP Address Stay Infected?

One of the most interesting questions we get asked at TheatSTOP concerns how long an IP address remains bad once it has been identified as such. Each threat list treats its IPs slightly differently, so the answer is not completely straightforward and varies depending on which list the IP is on. Moreover, many lists do not display specific "first seen" or "last seen" data on each IP address, but rather simply list the currently active IPs (where “active” typically means that they have been identified as bad within the last week or so). Possibly worse for our questioners, some of the threat sources we use are distributed under terms that prohibit us from answering the question.

Read More

Share this:

ThreatSTOP's Hottest Content of the Year

Wondering what our readers were most interested in over the past year? Wonder no more! We've rounded up our most read articles of the year to save you time. Wrapping up the worldwide roller coaster that was 2020, we wish we were feeling a little more nostalgic. Covid-19 came in like a tornado and changed up our daily lives as we knew them. The security industry, accordingly, also had to change mindsets and processes to adjust to a new, distributed-access-focused reality.

The Best, according to you:

Read More

Share this:

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter