Arbor Threat Intelligence

Arbor's Security Engineering & Response Team (ASERT) Blog
image description

IoT Exploits: Around The World In 120 Days

Executive Summary Internet of Things (IoT) botnets commonly propagate by exploiting vulnerabilities in IoT devices. Telemetry from our IoT honeypots show the number of exploit attempts originating from bots continues to increase. The vulnerabilities they leverage are old, but clearly not obsolete. The most common […]

Read more

CoAP Attacks In The Wild

Executive Summary Attackers have recently begun launching CoAP reflection/amplification DDoS attacks, a protocol primarily used today by mobile phones in China, but expected to grow with the explosion of Internet of Things (IoT) devices. As with any reflection/amplification attack, attackers begin by scanning for abusable […]

Read more

LoJax: Fancy since 2016

Executive Summary In May of last year, ASERT Researchers reported on LoJax, a double-agent leveraging legitimate software to phone home to malicious command and control (C2) servers. Since the publication of our research, we’ve monitored a number of new malware samples. We also conducted additional […]

Read more

Danabot’s Travels, A Global Perspective

Executive Summary First discovered in May of 2018, Danabot is a Delphi written banking trojan that has been under active development throughout the year. This malware’s early success can be attributed to its modular structure and mature distribution system. Throughout the year, NETSCOUT Threat Intelligence has observed the growth in distribution […]

Read more

STOLEN PENCIL Campaign Targets Academia

Executive Summary ASERT has learned of an APT campaign, possibly originating from DPRK, we are calling STOLEN PENCIL that is targeting academic institutions since at least May 2018. The ultimate motivation behind the attacks is unclear, but the threat actors are adept at scavenging for […]

Read more

Mirai: Not Just For IoT Anymore

Executive Summary Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers. Like many IoT devices, unpatched Linux servers linger on the network, and are being abused at scale by attackers sending exploits to […]

Read more

Dipping Into The Honeypot

Executive Summary Brute-forcing factory default usernames and passwords remains a winning strategy for Internet of Things (IOT) botnet propagation. Botnet operators with the best list will produce the larger botnet and obtain superior firepower for launching DDoS attacks. IOT bots are indiscriminate – they will […]

Read more

Tunneling Under the Sands

Executive Summary ASERT recently came across spear-phishing emails targeting the Office of the First Deputy Prime Minister of Bahrain. A similar campaign uncovered by Palo Alto’s Unit 42 found the activity distributing an updated variant of BONDUPDATER, a PowerShell-based Trojan, which they attribute to Iranian APT […]

Read more

Double the Infection, Double the Fun

Executive Summary Cobalt Group (aka TEMP.Metastrike), active since at least late 2016, have been suspected in attacks across dozens of countries. The group primarily targets financial organizations, often with the use of ATM malware. Researchers also believe they are responsible for a series of attacks […]

Read more