DDoS & Security Reports Blog

The Arbor Networks ASERT team blog

  • Change All Your Passwords, Right Now!

    by Steinthor Bjarnason, Senior ASERT Security Analyst & Roland Dobbins, ASERT Principal Engineer CloudFlare are probably best known as a DDoS mitigation service provider, but they also operate one...

    Read Article
  • Additional Insights on Shamoon2

    Additional Insights on Shamoon2

    IBM analysts recently unveiled a first look at how threat actors may have placed Shamoon2 malware on systems in Saudi Arabia. Researchers showcased a potential malware lifecycle which started with...

    Read Article
  • Flokibot Invades PoS: Trouble in Brazil

    Flokibot Invades PoS: Trouble in Brazil

    Introduction Threat actors salivate at the thought of an increased volume of credit and debit card transactions flowing through endpoints they have compromised with card-stealing malware. While...

    Read Article
  • Non-Government Organization in Support of Government Hopes

    Red Team analysis is the process of viewing a situation from the perspective of an adversary thus providing insights beyond those that might otherwise be limited by normative biases. This blog...

    Read Article
  • Dismantling a Nuclear Bot

    Dismantling a Nuclear Bot

    A recent tweet mentioned that a new banking malware called “Nuclear Bot” has started to appear for sale on underground marketplaces. Its price starts around $2500 which is more than double the...

    Read Article
  • Dismantling a Nuclear Bot

    Dismantling a Nuclear Bot

    A recent tweet mentioned that a new banking malware called “Nuclear Bot” has started to appear for sale on underground marketplaces. Its price starts around $2500 which is more than double the...

    Read Article
  • On the Economics, Propagation, and Mitigation of Mirai

    By Kirk Soluk and Roland Dobbins In late November of 2016, a new Mirai variant emerged that leveraged a propagation mechanism different from the Telnet-based brute forcing mechanism originally...

    Read Article
  • Analysis of CryptFile2 Ransomware Server

    Download ASERT Threat Intelligence Report 2016-06 here This report describes several elements of a ransomware staging system using the Nemucod malware to deliver CryptFile2 (aka Hydracrypt.A and...

    Read Article
  • Diving Into Buhtrap Banking Trojan Activity

    Cyphort recently published an article about the Buhtrap banking trojan [https://www.cyphort.com/banking-malware-buhtrap-caught-action/], targeting users of Russian and Ukrainian banks as reported...

    Read Article
  • FlokiBot: A Flock of Bots?

    In early October, Flashpoint released an analysis of an underground forum advertisement for a new malware family known as FlokiBot. It took some time before a sample was found in the wild, but a...

    Read Article
  • Flying Dragon Eye: Uyghur Themed Threat Activity

    DOWNLOAD FULL REPORT HERE DOWNLOAD INDICATORS OF COMPROMISE (IOCs) HERE This paper documents attempted exploitation activity aimed at Uyghur interests outside of China. Exploitation is being...

    Read Article
  • Mirai IoT Botnet Description and DDoS Attack Mitigation

    Authors:  Roland Dobbins & Steinthor Bjarnason Since its inception in August of 2016, the Mirai ‘Internet-of-Things’ (IoT) botnet, comprised largely of internet-enabled digital video recorders...

    Read Article
  • TrickBot Banker Insights

    TrickBot Banker Insights

    A new banking trojan, TrickBot, has seemingly risen from the ashes left behind by the November 2015 takedown of Dyreza/Dyre infrastructure and the arrests of threat actors identified by Russian...

    Read Article
  • Annual Security Survey – Call for Participation

    It’s that time again! Arbor Networks is opening its 12th annual Worldwide Infrastructure Security Report survey. Findings from this survey are compiled and analyzed to provide insights on a...

    Read Article
  • On DNS and DDoS

    On DNS and DDoS

    The global DNS infrastructure provides the critical function of mapping seeming random sets of numbers in IP addresses (like 1.1.1.1) to a name that an Internet consumer may recognize (like...

    Read Article
  • The Great DGA of Sphinx

    The Great DGA of Sphinx

    This post takes a quick look at Sphinx’s domain generation algorithm (DGA). Sphinx, another Zeus-based banking trojan variant, has been around circa August 2015. The DGA domains are used as a...

    Read Article
  • Panda Banker’s Future DGA

    Panda Banker’s Future DGA

    Since we last visited the Panda Bankers at the malware zoo, two new versions have emerged: 2.2.6 and 2.2.7. While sifting through the encrypted strings of the latest version, two interesting ones...

    Read Article
  • Rio Olympics Take the Gold for 540gb/sec Sustained DDoS Attacks!

    Rio Olympics Take the Gold for 540gb/sec Sustained DDoS Attacks!

    by Roland Dobbins, Principal Engineer & Kleber Carriello, Senior Consulting Engineer When organizing a huge, high-profile event like the Olympics, there are always chances for things to go wrong –...

    Read Article
  • Who Let the Pandas Out? Zeus, Zeus, Zeus, Zeus

    Who Let the Pandas Out? Zeus, Zeus, Zeus, Zeus

    A few months ago Proofpoint released a blog post about a new banking trojan called Panda Banker. They credit Fox-IT with the discovery and both companies indicate that it is another variant based...

    Read Article
  • The Mad Max DGA

    The Mad Max DGA

    This post describes a domain generation algorithm (DGA) used by the “Mad Max” malware family. Mad Max is a targeted trojan, and we plan to post a follow-up article that documents our findings...

    Read Article
  • loading
    Loading More...