Dec 15, 2022Ravie LakshmananCyber Attack / DDoS-for-Hire The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller … [Read more...] about FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms
Domains
New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains
A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control (C2) infrastructure. "Because of the uncertainty of Bitcoin transactions, this technique is more unpredictable than using the common time-generated [domain generation algorithms], and thus more … [Read more...] about New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains
Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups
Google's Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, … [Read more...] about Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups
Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these … [Read more...] about Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly."The idea is simple and consists of using characters that look the same in order to dupe users," … [Read more...] about Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon