Author: Matthew Bing

Matthew Bing
Matthew Bing received his master’s in computer science from Grand Valley State University in 2000 where he studied intrusion detection and large-scale logging infrastructures. He then moved to Ann Arbor to work as a security engineer at Anzen Computing (which was later acquired by NFR Security). At NFR, Matt developed and implemented intrusion detection systems as a member of the Rapid Response Team. Matt joined the University of Michigan in 2004 where he led the design, rollout, and implementation of an IT security incident management program across campus. Over the years, Matt led the response to many incidents, including several high profile cases.

Mirai: Not Just For IoT Anymore

Executive Summary Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers. Like many IoT devices, unpatched Linux servers linger on the network, and are being abused at scale by attackers sending exploits to […]

Read more

Dipping Into The Honeypot

Executive Summary Brute-forcing factory default usernames and passwords remains a winning strategy for Internet of Things (IOT) botnet propagation. Botnet operators with the best list will produce the larger botnet and obtain superior firepower for launching DDoS attacks. IOT bots are indiscriminate – they will […]

Read more

A New Twist In SSDP Attacks

Arbor ASERT has uncovered a new class of SSDP abuse where naïve devices will respond to SSDP reflection/amplification attacks with a non-standard port. The resulting flood of UDP packets have ephemeral source and destination ports, making mitigation more difficult – a SSDP diffraction attack. This […]

Read more

The Lizard Brain of LizardStresser

LizardStresser is a botnet originally written by the infamous Lizard Squad DDoS group. The source code was released publicly in early 2015, an act that encouraged aspiring DDoS actors to build their own botnets. Arbor Networks’ ASERT group has been tracking LizardStresser activity and observed […]

Read more

The Best Of Both Worlds – Soraya

By Matt Bing & Dave Loftus Arbor Networks’ ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning “rich,” this malware uses memory scraping techniques similar to those found in Dexter to target point-of-sale terminals. […]

Read more

Fort Disco Bruteforce Campaign

In recent months, several researchers have highlighted an uptick in bruteforce password guessing attacks targeting blogging and content management systems. Arbor ASERT has been tracking a campaign we are calling Fort Disco that began in late May 2013 and is continuing. We’ve identified six related command-and-control (C&C) […]

Read more