A new banking trojan, TrickBot, has seemingly risen from the ashes left behind by the November 2015 takedown of Dyreza/Dyre infrastructure and the arrests of threat actors identified by Russian authorities. Dyreza was used to target customers of over 1000 U.S. and U.K. banks and other […]
Read moreIt’s that time again! Arbor Networks is opening its 12th annual Worldwide Infrastructure Security Report survey. Findings from this survey are compiled and analyzed to provide insights on a comprehensive range of issues from threat detection and incident response to staffing, budgets and partner relationships. A copy […]
Read moreThe global DNS infrastructure provides the critical function of mapping seeming random sets of numbers in IP addresses (like 1.1.1.1) to a name that an Internet consumer may recognize (like www.myfavoritestore.com). To scale to a global level, the DNS system was designed as a multi-level reference network that would allow any user on the Internet to query a set of servers that will iteratively find where a specific domain is owned and get the name to IP address mapping from that location. To accomplish this, it is made up of root servers controlling top level domains such as .com, .gov, and .org, Global Top Level Domains (TLDs) controlling regional domains such as .br, .fr and .uk, authoritative servers controlling specific domains such as myfavoritestore.com and a very large group of recursive resolvers that end user systems connect to. A query from a user for a domain name would be sent to a recursive resolver and that resolver would work with the root, GTLD and varying levels of authoritative servers to track down the DNS authoritative server responsible for the domain from which it would receive a DNS reply. This is a very high level and simplified representation of the most common way that DNS is used.
Read moreWhen organizing a global, multi-week, high-profile event, there are always chances for things to go wrong – and, given human nature, we tend to simply accept it as a given when things go as planned, and to notice and highlight difficulties in execution. A great […]
Read moreDownload the full report here. The Corebot banking trojan was initially discovered and documented last year by researchers at Security Intelligence. Since then, it has evolved rapidly and, in terms of capabilities such as browser-based web injections, it is now similar to the dominant banking malware such as Zeus, […]
Read moreDownload the full report here. ASERT has been analyzing samples of a banking trojan targeting South Korean financial institutions. We call the banker “Big Bong” and provide, in this threat intelligence report, an in-depth behavioral analysis of the malware from builder to bot and from […]
Read moreThe full report “Uncovering the Seven Pointed Dagger: Discovery of the Trochilus RAT and Other Targeted Threats” can be downloaded here. Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these […]
Read moreClick here to download the full report. The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 […]
Read moreASERT provides a weekly threat bulletin for Arbor customers that highlights and analyzes the week’s top security events and provides other pertinent infosec material. Recently, we covered the public notification of a United Airlines breach by possible Chinese state-sponsored threat actors. In this blog, we offer an alternative hypothesis to the conclusions many have drawn regarding the motivation behind this and other recent attacks.
Read more