Tag: Malware
The most common initial vector for phishing attacks is the fraudulent email. A well-crafted phishing email entices the victim to click on a malicious link that then takes them to an attacker’s site. Once that happens, that site must appear to be as authentic as possible. Images, fonts, layout, styles, and even the URL will…
Read MoreWhat is Certificate Transparency? Certificate Transparency (CT) is a method for publicly logging, auditing, and monitoring the creation of new SSL/TLS (digital) certificates. Originally a concept from Google, CT is now an open standard under RFC 6962, albeit still an experimental one. Originally designed to enhance the veracity of Extended Validation (EV) certificates, many certificate…
Read MoreRecently, threat researchers from F5 Networks spotted a new campaign targeting Elasticsearch systems. It leverages an exploit from 2014 to spread several new malwares designed to deploy an XMR (Monero) mining operation. The campaign exploits a five-year-old vulnerability (CVE-2014-3120) in Elasticsearch systems running on both Windows and Linux platforms to mine XMR cryptocurrency. On Linux,…
Read MoreSecurity researchers at F5 Networks constantly monitor web traffic at various locations throughout the world. This allows us to detect “in the wild” malware, and to get an insight into the current threat landscape. Here’s an overview of what we saw in May 2019. Throughout the month of May, the team detected 10 new attack…
Read MoreCryptominers are frequently included in recent attack campaigns; if you would like to learn more about cryptominers, please check out some of our previous monthly attack campaign wrap-ups. Conclusion Campaigns aimed at mining cryptocurrency and targeting Oracle WebLogic continue to rise in popularity. This has been fueled in part by the zero-day vulnerability found in…
Read MoreAttacks Types of the Top Attacking IP Addresses The top 50 IP addresses attacking systems in Canada were geographically spread fairly evenly. Eight percent are assigned to South Korea, and closely following, with 7% are assigned in the U.S. Though smaller in number, the three Canadian IP addresses in the top attacking IP address list…
Read MoreMobile World Congress: cancelled due to Coronavirus. IBM and others pulled out of the RSA Conference for the same reason. Supply chains are in jeopardy, since so much technology is manufactured in China. It seems even we in the tech world can’t avoid getting pulled into the Coronavirus gravity well. While this pandemic isn’t hitting…
Read MoreCOVID-19, aka the Coronavirus, is really starting to worry people. It’s an unfamiliar, seemingly unnatural new threat dragging a lot of uncertain baggage with it. It has already caused global disruptions on both the macro- and micro-scale. All over the world, organizations and individuals are mobilizing response plans, and that’s a good thing. The U.S.…
Read MoreMirai is an IoT botnet (or thingbot) that F5 has discussed since 2016. It infamously took down large sections of the Internet in late 2016 and has remained active ever since. Its source code was released online in September 2016, allowing unskilled attackers to create a malicious botnet with relative ease. Mirai continues to target…
Read MoreHidden Malware, Crouching Ransom One reason ransomware can appear to strike so quickly is because you only notice it once it’s too late. “Just because they’re in your network doesn’t mean you’ll see them,” notes Peck. “Ransomware and attackers often linger long before the ransomware goes active and begins encrypting your data.” The ransomware may…
Read More