Introduction Ten months ago we asked a rhetorical question: will losses from cryptocurrency exchange hacks hit one billion dollars in 2018? Indeed, they did. Cryptocurrency theft is growing both in terms of frequency of attacks and breadth of targets. Attackers aren’t just cryptojacking and targeting exchanges. According to endpoint security provider Carbon Black, $1.1 billion…
Read MoreWe’re finishing up our series on what to do when your organization tells you they want to roll out a mobile app. In part one, we asked lots of questions so we could do a thorough risk and requirements analysis. In part two, we used that information to define security requirements and ensure that we…
Read MoreDuring June and July, F5 researchers first noticed Trickbot campaigns aimed at a smaller set of geographically oriented targets and did not use redirection attacks—a divergence from previous Trickbot characteristics. In this research, we compared two different target configurations, one older, more “traditional” configuration that uses redirection, and a new Trickbot configuration that does not…
Read MoreWhile analyzing this script which downloads and executes the cryptominer, F5 researchers found that the code is sophisticated, well obfuscated, and long—about 200 lines versus the typical 20 or so lines. The authors clearly put a lot of time and attention into every step, from developing the malware dropper to creating the executable JAR file…
Read MoreIn many organizations, building and securing apps has typically been a siloed affair. The product owner, the network engineer, the developer and the security engineer all come from different teams. And all too often, these teams become fiefdoms that believe their focus is the company’s primary objective. Today with Agile and DevOps moving faster and…
Read MoreFurther analysis on this sample was not conducted. F5 Labs has reported extensively on the Mirai botnet, IoT landscape, and some of its variants. For a detailed breakdown on current Mirai botnets seen in the threat landscape, the Hunt for IoT Research Series publishes current threat data. Conclusion All of the vulnerabilities targeted this month…
Read More
I know for a fact that Microsoft really does take security seriously, and most of the company is moving in the right direction. That said, the security problems revealed in the CSRB report are shocking and completely unacceptable for a technology company with the size, control, and power of Microsoft. Remember, too, that after intense…
Read MoreIntro The F5 Application Protection Report podcast returns for 2019! Last year, F5 Labs researchers examined the entire landscape of threats facing applications, and offered guidance on how to protect them. This year, they followed up with another research series that examined how both apps and threats are changing, and what security practitioners can do…
Read MoreSecurity in the cloud has always followed a shared responsibility model. What the provider manages, the provider secures. What the customer deploys, the customer secures. Generally speaking, if you have no control over it in the cloud, then the onus of securing it is on the provider. Serverless, which is kind of like a SaaS-hosted…
Read MoreUse of Cyber Deception to Influence Voters Rather than directly manipulate votes, cyber attackers are now finding success in misleading the voters themselves. Once again, social engineering triumphs over technology. The key to this tactic is simple, and cyberwarfare researcher The Grugq said it best, “People will believe what their computers tell them is reality.”…
Read More