Tag: Threats
While analyzing this script which downloads and executes the cryptominer, F5 researchers found that the code is sophisticated, well obfuscated, and long—about 200 lines versus the typical 20 or so lines. The authors clearly put a lot of time and attention into every step, from developing the malware dropper to creating the executable JAR file…
Read MoreFurther analysis on this sample was not conducted. F5 Labs has reported extensively on the Mirai botnet, IoT landscape, and some of its variants. For a detailed breakdown on current Mirai botnets seen in the threat landscape, the Hunt for IoT Research Series publishes current threat data. Conclusion All of the vulnerabilities targeted this month…
Read MoreIntro The F5 Application Protection Report podcast returns for 2019! Last year, F5 Labs researchers examined the entire landscape of threats facing applications, and offered guidance on how to protect them. This year, they followed up with another research series that examined how both apps and threats are changing, and what security practitioners can do…
Read MoreUse of Cyber Deception to Influence Voters Rather than directly manipulate votes, cyber attackers are now finding success in misleading the voters themselves. Once again, social engineering triumphs over technology. The key to this tactic is simple, and cyberwarfare researcher The Grugq said it best, “People will believe what their computers tell them is reality.”…
Read MoreIntroduction Welcome to F5 Labs’ third annual report on phishing and fraud. Once again, we’re bringing you data from our partner Webroot® as well as the F5 Security Operations Center. Phishing continues to be a major source of profit for cyber-criminals, and a big hassle for cyber-defenders. In the F5 Labs 2019 Application Protection Report,…
Read MoreA vulnerable FortiGate SSL VPN server responds to this request with contents of the sslpvpn_websession file, which contains the username and password of a user. This information can be used or sold to threat actors in order to compile brute force and credential stuffing lists. While reconnaissance campaigns do not actively exploit systems, they enable…
Read MoreViewed in this way, our research illuminates some interesting aspects of the current state of security. In 2018, to the extent that new attack techniques and approaches emerged, it was largely in response to changes in how organizations design, create, and manage applications. The context that makes old attack techniques like injection and phishing newly…
Read MoreIP Addresses Attacking the Middle East Compared to Other Regions We looked at the volume of attack traffic Middle Eastern systems received per IP address and compared that to other regions of the world. Attack traffic destined for Middle Eastern systems had little overlap with the rest of the world except for a handful of…
Read MoreAttacks Types of Top Attacking IP Addresses Of the top 50 IP addresses attacking systems in the U.S., the most IP addresses were assigned in the U.S. (40%). The remainder of the top 50 attacking IP addresses were geographically distributed around the globe with 14% coming from South Korea, 6% each coming from Russia and…
Read MoreThe script uses random function and variable names to avoid detection by antivirus engines. It also contains another Base64-encoded payload. The threat actor uses .Net APIs to call the Windows API. For example, the script uses the .NET API to find address of VirtualAlloc function exported by kernel32.dll. It then marshals the shellcode by using…
Read MoreRecent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’