Tag: botnet
Microsoft 365 accounts are being compromised worldwide
A vast botnet of over 130,000 compromised devices is now attacking Microsoft 365 accounts worldwide. A botnet is a network of computing devices that have been surreptitiously taken over by hackers and are being controlled remotely without the owners’ knowledge. Microsoft 365 accounts are suffering from ‘password spray attacks’ by the botnet. This involves mass attempts to use large numbers of common passwords to infiltrate users’ Microsoft accounts, targeting basic authentication procedures and thereby bypassing multi-factor authentication.
Game over for European criminal botnet networks
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system. Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
Officials Take Down the “911 S5 botnet” – May 30th
A US-led law enforcement sting operation against the global '911 S5 botnet' network was a major success. The 911 S5 botnet network of millions of compromised Windows computers was used to facilitate cyber-attacks, fraud, and child exploitation, among other illicit activities.
Millions of emails distributing LockBit ransomware
Affiliates of the infamous ransomware group LockBit have launched a potentially devastating new weaponized email tactic designed to cause maximum disruption to millions of companies in the US and around the world. At the end of April this year, researchers at cybersecurity firm Proofpoint began to observe high-volume ransomware campaigns sending out millions of fraudulent emails over a one-week period, facilitated by the Phorpiex botnet. In all cases, email messages purported to come from “Jenny Green” with the email address Jenny@gsd[.]com. These contained an attached ZIP file capable of downloading the LockBit Black ransomware payload from Phorpiex botnet infrastructure.
‘Brute force’ cyber-attacks continue to escalate
Cybersecurity firm Okta reports a spike in ‘brute-force’ credential-stuffing attacks over the last month. This follows earlier reports of a spike in ‘brute force’ credential-stuffing attacks reported last week. Increasingly sophisticated ‘brute force’ attacks use trial and error techniques to crack passwords, login credentials, and encryption keys. New life is now also being breathed into what is essentially an old hacking technique, with widely available software using artificial intelligence (AI) that can carry out large numbers of attempts automatically.
Critical infrastructure under increased attack
France-based Schneider Electric became the latest utility company to succumb to a ransomware attack on January 17, when some of its business divisions serving several critical industries were taken down. Although access to the system was eventually re-opened on January 31st, the incident underlines the growing seriousness of cyber-attacks aimed at the West’s critical infrastructure. Schnieder Electric has an annual turnover of over 42 billion and employs over 150,000 people. The ransomware attack on Schneider Electric coincides with news that, in the US, the Federal Bureau of Investigation (FBI) has recently neutralized a botnet controlled by a Chinese threat group. The White House had previously authorized the FBI to take down the botnet after federal agencies and private sector researchers had accused cyberespionage gang Volt Typhoon of a major campaign aimed at a wide range of the US’s critical infrastructure.
New Android malware, MMRat, can unlock phones – August 31st
In today's roundup; a Chinese cyberespionage group deploys malware, new Android malware, MMRat, unlocks phones, and DreamBus malware targets RocketMS servers.