Tag: Cybercrime
We’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…
Read MoreEmail attachment containing wire transfer instructions Many buyers, in their eagerness to follow instructions to the letter so they can get into their new homes quickly, have followed similar wiring instructions and found themselves not only without a new home but stripped of their entire life savings—stolen by scammers. It nearly happened to Brown…
Read MoreEvery day, your web servers are increasingly being scanned—and likely attacked—by adversaries attempting to gain access to your infrastructure. Between 2015 and 2017, our data partner, Loryka, observed these types of scans grow from 200 per minute to as much as 2,000 per minute. These kinds of attackers are professionals; they do this for a…
Read MoreLast week, a malware campaign targeting Jenkins automation servers was reported by CheckPoint researchers.1 The attackers exploited a deserialization vulnerability2 in Jenkin’s bidirectional channel (CVE-2017-1000353)3 to deploy Monero cryptomining malware that generated an estimated profit of $3 million. Following this disclosure, F5 researchers observed what appears to be the same threat actor group, as they…
Read MoreOne thing to consider about the Q1 2018 data is that it’s only one quarter in comparison to the annual averages of 2016 and 2017, and that Q1 typically receives the least number of attacks of any quarter. If attacks against North America decline in Q2, as they have done the past 2 years, the…
Read MoreF5 threat researchers detected attackers actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability and deploying a Monero (XMR) crypto-miner operation. The rTorrent client misconfiguration vulnerabilities include: No authentication required for XML-RPC communication Sensitive XML-RPC method is allowed (direct OS command execution) Attackers are actively exploiting this vulnerability in the wild by scanning…
Read MoreThe security community was just taking a breather because we hadn’t seen a massive DDoS attack since the Mirai thingbot took down Dyn in October 2016 with a 1.2 terabit per second DDoS attack. Yesterday, that world record attack was broken when GitHub was hit with a 1.3 terabit per second DDoS attack.1 This attack…
Read MoreLast week, F5 threat researchers spotted a Monero (XMR) crypto-mining campaign that was taking advantage of a user configuration vulnerability in the rTorrent client, specifically misconfigured XML-RPC functionality. This misconfiguration vulnerability in rTorrent allows an unauthenticated user to execute methods in the rTorrent client using HTTP requests. After deeper analysis of the attack logs, F5…
Read MoreFigure 1: Cost of confidential data breach – F5 Ponemon security survey What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…
Read MoreAn advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security. It has a sophisticated C2 channel system and a Lua code execution environment (to deliver much more complicated attacks), and it comes prepackaged with 100 DNS open resolvers. Researchers are tracking Reaper, even…
Read More