Tag: Cybercrime

F5 security researchers analyzed the Ramnit banking trojan campaign that was active over the holiday season and discovered it’s not much of a banking trojan anymore. 64% of its targets were retail eCommerce sites, including Amazon.com, Best Buy, Forever 21, Gap, Zara, Carter’s, OshKosh B’gosh, Macy’s, Victoria’s Secret, H&M, Overstock.com, Toys“R”Us, Zappos, and many others.…

Read More

We’re celebrating our one-year anniversary here at F5 Labs, the application threat intelligence division of F5! Although F5 researchers have been providing threat-related, F5-specific guidance to our customers for many years through DevCentral, the time was right a year ago today to launch a dedicated website that provides the general public with vendor-neutral, application-focused, actionable…

Read More

Email attachment containing wire transfer instructions   Many buyers, in their eagerness to follow instructions to the letter so they can get into their new homes quickly, have followed similar wiring instructions and found themselves not only without a new home but stripped of their entire life savings—stolen by scammers. It nearly happened to Brown…

Read More

Every day, your web servers are increasingly being scanned—and likely attacked—by adversaries attempting to gain access to your infrastructure. Between 2015 and 2017, our data partner, Loryka, observed these types of scans grow from 200 per minute to as much as 2,000 per minute. These kinds of attackers are professionals; they do this for a…

Read More

Last week, a malware campaign targeting Jenkins automation servers was reported by CheckPoint researchers.1 The attackers exploited a deserialization vulnerability2 in Jenkin’s bidirectional channel (CVE-2017-1000353)3 to deploy Monero cryptomining malware that generated an estimated profit of $3 million. Following this disclosure, F5 researchers observed what appears to be the same threat actor group, as they…

Read More

One thing to consider about the Q1 2018 data is that it’s only one quarter in comparison to the annual averages of 2016 and 2017, and that Q1 typically receives the least number of attacks of any quarter. If attacks against North America decline in Q2, as they have done the past 2 years, the…

Read More

F5 threat researchers detected attackers actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability and deploying a Monero (XMR) crypto-miner operation. The rTorrent client misconfiguration vulnerabilities include: No authentication required for XML-RPC communication Sensitive XML-RPC method is allowed (direct OS command execution) Attackers are actively exploiting this vulnerability in the wild by scanning…

Read More

The security community was just taking a breather because we hadn’t seen a massive DDoS attack since the Mirai thingbot took down Dyn in October 2016 with a 1.2 terabit per second DDoS attack. Yesterday, that world record attack was broken when GitHub was hit with a 1.3 terabit per second DDoS attack.1 This attack…

Read More

Last week, F5 threat researchers spotted a Monero (XMR) crypto-mining campaign that was taking advantage of a user configuration vulnerability in the rTorrent client, specifically misconfigured XML-RPC functionality. This misconfiguration vulnerability in rTorrent allows an unauthenticated user to execute methods in the rTorrent client using HTTP requests. After deeper analysis of the attack logs, F5…

Read More

Figure 1: Cost of confidential data breach – F5 Ponemon security survey   What do breach costs consist of? They can include anything from incident response investigation costs, remediation costs, reputation damage, loss of sales, operational downtime, and compliance penalties. Another significant cost that hasn’t historically been a major contributor to breach costs but is…

Read More