The gain popularity of the concept of cryptomining which generates revenue with various threat actor which have been attempting to do illegitimate mining activities which used for their victim’s infrastructure, along with several other parallel malicious activities. Recently a malware was used in targeting the victims for crypto mining as well as DDoS attacks.

Whole Campaigns

Palo Alto Network the unit 42 team said that they are identified with the two versions of the lucifer malware which took advantage of known vulnerabilities for infiltrating and performing malicious activities on target systems.

• The Self-propagating Hybrid malware variant which dubbed lucifer, leverages known vulnerabilities that spread and perform malicious activities on the platform such as cryptojacking and Distributed denial-of-service (DDoS)attacks.
• The Lucifer Malware where we are talking about are targeting the Rejetto Http File Server (CVE-2017-6287), Microsoft Window (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464), Oracle Weblogic (CVE-2017-10271) Apache Struts (CVE-2017-9791), ThinkPHP RCE (CVE-2018-20062) and Laravel Framework (CVE-2019-9081)
• The Brute force which can attack the credentials, the malware dropped XMRIg Miner for crypto-jacking Monero and exploited EternalBlue, EternalRomance, and DoublePulsar backdoor-exploits against vulnerable targets for internet infections.

Cryptojacking Campaigns

Cryptojacking is on the rise and hackers are frequently using and coming with this to compromise computer resources and for the crypto-mining.

• A Monero cryptocurrency-mining campaign called Blue Mockingbird which exploited a deserialization vulnerability (CVE-2019-18935) in unpatched versions of Telerik UI for the ASP .Net. It deployed the XNRig Monero-mining Payload in a dynamic-link library form on windows systems. ( Happens In May 2020)
• The Victory Gate Botnet used USB Drivers In Propagation mechanism which deployed auto and XNRig on infected machines for Crypto Mining.

What We Need 

We need to stay safe while applying any updates and patches for all the deployed software, firmware, and operating systems as soon as you can do. The User should use the Browser extensions to the block crypto miners across the web which are used for trusted ad-blocker and detect to block the malicious crypto-mining code embedded in online ads,

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

You can Also read Articles :

Thousands of Printers Exposed Online leaking WiFi SSIDs

New Ransomware Attacks: Android Devices are under threat

The post Lucifer Malware : Windows Vulnerabilities for Cryptomining appeared first on Vednam.

A teenager who is around 22-years has been caught and sentenced for more than a year in prison for the development of Mirai Botnet variants that compromised thousands of devices all over the world.

The Man named “ Kenneth Curran Schuchman” from Vancouver was sentenced for 13 months in the prison after pleading guilty to creating and operating the Satori, Masuta, and Tsunami Botnets. The Botnets are considered “ Successors” to Mirai as they use the same source code and infamous botnet.

Schuchman added additional features to the botnets over time, so that they even grew more “complex and effective “ according to the Department of Justice (DoJ) on Thursday.

The man behind the attack uses the botnets to facilitate DDoS attacks which occur when multiple computers reacting in unison flood and target the computers with information to prevent them from being able to access the internet as DoJ mentioned.

Two of Schuman’s criminal associates have also been charged for their involvement in the development and operating of these botnets which can conduct distributed denial of service (DDoS) attacks as according to DoJ.

The Associates are Aaron Sterritt who is a U.K national and Logan Shwydiuk as Canadian national.

He engaged in a criminal botnet and involve from at least August 2017 that time he both rented out the internet-of-things (IoT) botnets and operated them himself. After that following his arrest in August 2018 as they continued to engage in criminal botnet activity which violet several other conditions of his pretrial release, as DoJ mention.

Satori was first identified by the checkpoint researcher in November 201. In December 2017 the researcher at Qihoo 360 Netlab said Satori had infected more than 280,000 Ip addresses in just 12 hours of time and had gained control over 500,000 to 700,000 IoT devices.

In December 2017, the research team identified a vulnerability in a Huawei home router model that was being exploited which spread Satori Ikiru.

In 2018, the researchers then linked the hacker behind Satori botnet as the same one behind another botnet family.

In 2016 the DDoS attack targeted DNS Providers and caused several damages to many websites in which –Twitter, Spotify, and Netflix have been affected for an hour.

The Mirari variants continue to affect companies like DNS providers, the financial sector, and enterprise companies.

The Botnet activities are still continuing with the IoT devices and hit the market and DDoS attacks Grow. On June 21, The Akami Said that it may mitigate the largest packets per second (PPS) and that was DDoS attack ever been recorded. The attack generates 809 Million packets per second (MppS) which targets a large number of banks in Europe.

Found this article informative? Follow Vednam on Facebook, Twitter, Mix, Tumbler, and Linkedin to know more exclusive content we post.

The post Botnet Satori creator arrested poisoned for 13 months appeared first on Vednam.

DDoS attacks are basically done for different purposes but the most used is the DDoS attack can cause a webpage to become unavailable when receiving thousands of traffic at a specific time.

When our team followed up the last security reports from different firms, news, and portal we came to the conclusion that DDoS attacks are being doubled during the pandemic time which makes records of attacks

These attacks are effectively done by the attacker using several things related to the COVID-19 or the pandemic.

The cyber attacker and the group of hackers know well and take advantage of coronavirus to evolve the efficiency of DDoS Attack.

What actually happens when you attacked by DDoS the consumption of resources in computers like bandwidth,memory Space, alteration of the configuration and data theft may harm the physical network components…etc

What is a DDoS attack?

A DDoS attack is an attack that can compromise the website, server, services, and infrastructure which has the main purpose to disable and make a site, server, etc by sending false and fake traffic that engages the website server and let them down for a while.

The result of such an attack is to serve the site and forcefully process the excessive amount of false requests and make the site inaccessible to the simple user.

Types of DDoS attacks?

There are three forms of the DDoS attack and here is the list below :

• Volume-Based Attacks: This attack uses high traffic to flood the network with bandwidth and make a site, server, service, or infrastructure unavailable.

• Application-Based Attacks:  This attack is considered as the most sophisticated and critical form of harm to the web application.
• Protocol-Based Attacks: An attack focuses on exploiting the resources to the server which makes users unavailable during attacks.

DDoS Attacks Rage during the Pandemic Period 

According to the reports, the more work from home culture generated the more DDoS attack Rise at peak. Everything was related to the COVID-19 and due to which the world faced quarantine living and the situation has changed in the work culture of all sectors. The average growth in DDoS attack is 25 percent in 2020 but it doesn’t affect everyone equally, as the attacks on the educational resources and official website of the towns and cities have increased threefold compared to the same period of the last year.

From the report of security companies, it was mentioned that the number of attacks campaigns are run to the school and cities company.

This was also said by the security personnel that the attacks have increased two times as compared to the quarter of previous years.

This all focuses on the single point that the Cyber attackers are always taking advantage of any situation. During the pandemic time, the most targeted ransomware attacks are on the health organization and according to the reports, the situation will get worse.

How do they do the DDoS attacks? 

There are two types of logically divided DDoS attacks: the first: Attack on the network layer and the second is the application layer part of the server.

When the attack happens on the network layer that means the server communication channels are flooded by the Cyber attacker. If the Communication channel is the one who is only responsible for the amount of the data that the server is able to receive.

When the Flow of data is in the form of traffic then the server is unable to respond and execute the data that made the site unavailable for the whole visitor.

In this scenario, the attackers are able to make the resources for the visitors and they can easily access them but during the attack, there are too many requests that the server got failure and stop responding that happens during the DDoS attacks. Even sometimes DDoS attacks can increase the utilization of Processor and RAM and that can freeze the response rate.

How to Prevent DDoS Attacks?

First, you get connected with the cyber experts and discuss the situation. If they recommend any tools to use then go for it and use it on the server. You can manage it also by

1. Time to time monitors your server bandwidth utilization
2. Check the risk factor
3. If any issues found get contact with the expert and use the recommendation.

If you feel any suggestions. Please! Drop down to the comments section. Thank you

The post DDos Attacks- Affect During the Corona virus Pandemic appeared first on Vednam.

According to the multiple reports, the Minneapolis PD Site as well as the parent city of Minneapolis site are not accessible online due to some hacktivists taking the website down.

Till Sunday, the sites were still experiencing the access problems and this was confirmed because the visitor had to clear the “captcha” verification. This happens when a site faces a Distributed denial of services(DDoS) attack then the internet security firm Cloudflare automatically active this function to check whether the user a human or a bot. This function is also designed to render an internet service unusable by flooding it with bogus traffic.

A site except the Minneapolis Police department has separate sites insidempd.com is not affected by the attacks.

On May 28, a warning video released from the anonymous group ” They will exposing many crimes to the world and this time the brutal killing of George Floyd – that was mainly the small part of the wrongful death but there are a list of cases which are basically done without the law”

The Video is watched around more than 1.8 million times and this video is also trending on twitter using #anonymous hashtag but after a few hours, twitter started deleting the videos.

The @latestanonnews twitter handle, claimed to run the multiple anons but they don’t take credit for the outrages of the Minneapolis Police Department and government sites, but when we follow the footprint the retweets of others suggest those were the result of an attack carried by the group.

The post Anonymous Hacktivist Group hacked the Minneapolis PD Website Down appeared first on Vednam.

DDoS attack on ESET

From the sources, ESET researcher Lukas revealed details about an android app that used to target the ESET website with DDoS attacks.

The app appeared  “updates for android which seems like a new update. The main thing it was linked with a website i-updater.com that was really fascinating. It seems that it is not harmful and that may cause thousands of downloads.”

According to ESET analysis, the malicious app has an inbuilt ability to load and execute malicious JS on the target device. This may really not happen it appeared online in late 2019. Hence, it was avoided by the google play store’s security.

What really it effect

As the result came, it turned the devices of all its users into its “botnet”.The interesting part is that it displayed the ads on the devices which helps to hide app icons and in between the app start downloading malicious javascript from the attacker’s server to run on user’s devices.

However, the availability to execute JS is what the attackers used to wages a DDoS attack

“The DDoS attack starts with the machines who compromised while receiving a command to load the vulnerable script that specifies the targeted domain. When the script is loaded, the machine starts making requests to the targeted domain.”

This all happens till they don’t reach the ESET website, the team of ESET detected the source behind the attack.

Take Down the App

After finding the threat, the ESET team got in touch with Google who eventually removed the app from the play store. The researcher also checks the website i-updater.com remained up as it was not malicious. When the team checks the website it appeared as a blank page. The site is fully cleaned and no traces are found of threat and malicious script.

Conclusions came after that the attacker may go underground and rebuild the site in a new manner.

The post ESET Website under DDoS attack by Malicious Android App appeared first on Vednam.

DDoS attacks not always involved in a data breach and credential theft. When you talk along with the victim’s perspective DDoS attacks can cause almost irreparable damages. The DDoS attack is similar to the other cyber attacks but it caused devastating effects to targets. From attacking individuals as well as targeting large organizations’ infrastructure. cybercriminals have leveraged DDoS attacks in their own ways.

High Security will not do anything if DDoS attacks are evolving with more malicious and larger radius targets.

How DDoS Attacks Evolve?

Every time the botnets are used for conducting DDoS attacks on various web apps, attackers simply scan your vulnerable devices and take over them secretly. Attackers use infected devices(Like smartphones and PCs) to create barriers between malicious traffic and victim machines.

Let’s know the list of some recent trends depicting DDoS Evolution.

IoT has been targeted by Botnets

These days people are focusing on IoTs and they forget to understand that DDoS attackers target their IoT Devices with gadgets connected to the internet other than PCs and mobile phones. Attackers may target Tubelights, bulb, fridge, microwave anything that can be operated and maintained by IoTs; they get access to all devices without the knowledge of the owner and turn all devices into infected bots to create a botnet. 

The most used tool in the DDoS attack is the “Torii” botnet which has wage persistence with a greater range of IoT devices.

Power of Denial-of-Service Attacks

The Evolution of DDoS attack is the target impact These types of attacks have emerged to become advanced persistent Denial-of-service(APDoS). The DDoS protection tool sometimes fails against APDoS attacks.

Through APDoS attacks, the attackers target the core IT applications of the target organizations, such as databases and servers. With such attacks, hackers can also come to attack the ISPs and cloud services.

What happens if it is integrated with Machine Learning and AI?

If you put aside the IoTs, attackers are also looking for ways to do DDoS attacks including machine learning and artificial intelligence. If this happens means AI and ML are included with DDoS attacks then it may be difficult to handle DDoS attacks.

Methods to Prevent DDoS attack 

After all achievements and evolution, If an organization wants to Stop DDoS attack they need to take some precautions that may be helpful.

• Implementing IT security measures from the basic Stage.
• The Role of Web Application Firewall (WAF) is undeniable. A WAF helps to block irrelevant requests to avoid DDos Attacks.
• Using CDN that supports DDoS protections just as Cloudflare.
• Keep eyes on the new information related to the DDoS attack that can help you to prepare before attacks.
• The organization may hire the fully managed security offering included in the cloud WAF product AppTrana from the interface. A group of Experts helps to manage the structure and prepare a protection barrier before Attacks.

Know about the North Korea attacks

The post How DDoS attack effect organization in 2020 ? appeared first on Vednam.