2014, DNS and Internet - Cyber Security Informer

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. federal civilian agencies to secure the login credentials for their Internet domain records. That changed on Jan.

DNS

DNS Internet Internet Government

What Is DNS And Why Should Your Business Care?

Adam Levin

MARCH 21, 2019

Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. Today, less than 20% of DNS traffic is secured by DNSSEC, and only three percent of Fortune 1,000 companies have implemented it.

DNS

DNS Government Internet Internet

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

FEBRUARY 24, 2019

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks.

Internet

Internet Internet DNS Telecommunications

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

Security Affairs

SEPTEMBER 23, 2020

Qurium analyzes the blocking implemented by four different operators in Belarus Belarus operators use their own infrastructure to implement the blocking Block techniques include transparent web proxies, injection of HTTP responses, stateless and stateful SSL DPI and fake DNS responses. Qurium forensics report: Internet blocking in Belarus.

Internet

Internet Internet DNS Advertising

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

DHS issues emergency Directive to prevent DNS hijacking attacks

Security Affairs

JANUARY 23, 2019

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e.gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.”.

DNS

DNS Government Advertising Telecommunications

NCSC report warns of DNS Hijacking Attacks

Security Affairs

JULY 14, 2019

The UK’s National Cyber Security Centre (NCSC) issued a security advisory to warn organizations of DNS hijacking attacks and provided recommendations this type of attack. In response to the numerous DNS hijacking attacks the UK’s National Cyber Security Centre (NCSC) issued an alert to warn organizations of this type of attack.

DNS

DNS Social Engineering Accountability Advertising

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

Spying on satellite internet comms with a $300 listening station

Security Affairs

AUGUST 10, 2020

An attacker could use $300 worth of off-the-shelf equipment to eavesdrop and intercept signals from satellite internet communications. The academic researcher James Pavur, speaking at Black Hat 2020 hacking conference , explained that satellite internet communications are susceptible to eavesdropping and signal interception.

Internet

Internet Internet Advertising Encryption

Russia is going to disconnect from the internet as part of a planned test

Security Affairs

FEBRUARY 16, 2019

Russia plans to disconnect the country from the internet as part of an experiment aimed at testing the response to cyber attacks that should isolate it. Russia plans to conduct the country from the Internet for a limited period of time to conduct a test aimed at assessing the security of its infrastructure. ” reported ZDNet.

Internet

Internet Internet DNS Cyber Attacks

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

BitSight researchers found significant overlap in the Internet addresses used by those domains and a domain called BHproxies[.]com. The account didn’t resume posting on the forum until April 2014. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014. com on Mar.

Accountability

Accountability Advertising Marketing Malware

Some Zyxel devices can be hacked via DNS requests

Security Affairs

SEPTEMBER 4, 2019

Experts at SEC Consult discovered several security issues in various Zyxel devices that allow to hack them via unauthenticated DNS requests. The first issue is an information disclosure flaw via unauthenticated external DNS requests that affect Zyxel devices from the USG, UAG, ATP, VPN and NXC series. Pierluigi Paganini.

DNS

DNS Hacking Firmware Wireless

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

Russia successfully disconnected from the internet. Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. One of them is checking the integrity and security of the Internet as a result of external negative influences.”

Internet

Internet Internet DNS Surveillance

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The mail account hostmaster@urlblocked.pw, published as contact details in DNS, bounces all incoming mails.

Internet

Internet Internet Telecommunications DNS

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS

DNS Malware Firmware Phishing

BIND DNS software includes a security feature that could be abused to cause DoS condition

Security Affairs

AUGUST 9, 2018

The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The “deny-answer-aliases” feature is was implemented to help recursive server operators protect users against DNS rebinding attacks.

DNS

DNS Software Advertising Internet

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

“ Fortinet products, including FortiGate and Forticlient regularly send information to Fortinet servers (DNS: guard.fortinet.com) on. Experts at SEC Consult pointed out that by intercepting and manipulating internet traffic an attacker can alter the responses for FortiGuard Web Filter, AntiSpam and AntiVirus features.

Encryption

Encryption Antivirus Advertising DNS

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Security Affairs

MARCH 4, 2020

The NetBlocks internet observatory, which tracks disruptions and shutdowns, revealed that Iran has blocked access to the Farsi (Persian) language edition of the Wikipedia online encyclopedia since March 2nd, 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reported NetBlocks.

Government

Government Advertising DNS Media

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The nation-state hackers are scanning the entire internet, in search of vulnerable webmail and Microsoft Exchange Autodiscover servers that expose TCP ports 445 and 1433. Trend Micro investigated waves of the APT28’s targeted credential phishing attacks and collected thousands of email samples sent out by the group since 2014.

Phishing

Phishing Accountability Advertising DNS

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”.

DDOS

DDOS IoT Internet Internet

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

DDoS protection services provider Radware warns the Hoaxcalls Internet of Things (IoT) botnet has expanded the list of targeted devices, the experts also noticed that the operators implemented new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods.

DDOS

DDOS IoT Advertising DNS

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD). Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. MMD believed the Linux Trojan originated in China.

Malware

Malware IoT DDOS DNS

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

Security Affairs

SEPTEMBER 21, 2019

In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789 at the time of the hack) as well as a large number of tokens. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Hacking

Hacking DNS Cryptocurrency Accountability

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising Malware

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the report.

IoT

IoT Firmware Advertising DNS

Security expert discovered a bug that affects million Kaspersky VPN users

Security Affairs

AUGUST 9, 2018

A security issue exists in Kaspersky VPN <=v1.4.0.216 which leaks your DNS Address even after you’re connected to any virtual server. What is a DNS leaks ? In this context, with the term “DNS leak” we indicate an unencrypted DNS query sent by your system OUTSIDE the established VPN tunnel.

VPN

VPN DNS Advertising Internet

Microsoft July 2020 Security Updates address 123 vulnerabilities

Security Affairs

JULY 15, 2020

Today we released an update for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions.

DNS

DNS Advertising Engineering Internet

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

Security Affairs

SEPTEMBER 4, 2019

In addition, we’re shooting for 7x24x365 uptime as we continue to scale with improved Web App Firewalls, Content Deliver Networks (CDNs) around the Globe, Faster and More Secure DNS and CyberDefenseMagazineBackup.com up and running as an array of live mirror sites. Pierluigi Paganini.

DNS

DNS Advertising Firewall Mobile

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. “For data gathering, we played the role of a casual attacker with modest resources, scanning the internet for exposed MQTT brokers and CoAP hosts.

IoT

IoT Internet Internet Advertising

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot achieves persistence by modifying the ‘ rc’ files, then connect to command and control (C&C) server and to an internet relay chat (IRC) channel called #HellRoom to register itself and accept commands. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Malware

Malware DDOS Advertising DNS

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

NOVEMBER 10, 2018

As such, it does not come as a surprise that people are becoming more and more concerned about their privacy on the Internet – and remaining anonymous is one of the best ways to protect it. A proxy acts as a middleman between you and the Internet. Now and then, we get to hear news about data breaches and cyber attacks.

VPN

VPN Internet Internet Small Business

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

A user reported that its D-Link DNS-320 device was infected by malicious code. The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

JANUARY 24, 2019

. “ Redaman uses an application-defined hook procedure to monitor browser activity, specifically Chrome , Firefox, and Internet Explorer. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Banking

Banking Malware Advertising DNS

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

Even a device that is reaching outbound to the internet could be attacked and taken over. “ According to Shodan , there are over 808K SonicWall firewalls connected to the Internet, representing a similar number of networks that these devices defend.” Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Risk

Risk IoT Firewall DNS

Some models of Comba and D-Link WiFi routers leak admin credentials

Security Affairs

SEPTEMBER 11, 2019

change DNS settings to hijack the traffic, perform MitM attacks). An attacker-controlled router can manipulate how your users resolve DNS hostnames to direct your users to malicious websites.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads the security advisory.

DNS

DNS Passwords Authentication Advertising

Netanyahu accuses Iran of cyber attacks carried out daily

Security Affairs

JANUARY 29, 2019

Early January, security experts at FireEye uncovered a DNS hijacking campaign that was targeting government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations in the Middle East, North Africa, North America and Europe. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Telecommunications Advertising DNS

The Bug Report – November Edition

McAfee

DECEMBER 1, 2021

CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.” Randori initially reported over 70,000 internet-accessible PAN firewalls running vulnerable versions of PAN-OS according to Shodan , which it later amended to 10,000. Your Cybersecurity Comic Relief . Why am I here? . What can I do?

DNS

DNS Firewall VPN Internet

What Is Sender Policy Framework? SPF Email Explained

eSecurity Planet

MAY 23, 2023

When an organization sets up SPF, it helps Internet Service Providers (ISPs), email security vendors, and other email providers to validate an organization’s email communication and distinguish authorized communications from spoofed emails or phishing attacks attempting to impersonate that domain.

DNS

DNS Phishing Authentication Internet

GALLIUM Threat Group targets global telcos, Microsoft warns

Security Affairs

DECEMBER 12, 2019

“To compromise targeted networks, GALLIUM target unpatched internet-facing services using publicly available exploits and have been known to target vulnerabilities in WildFly/JBoss.” The operators leverage on low cost and easy to replace infrastructure using dynamic-DNS domains and regularly reused hop points.

Telecommunications

Telecommunications DNS Malware Advertising

Controversial law entered into effect in Russia this week

Security Affairs

NOVEMBER 3, 2019

This week a controversial law entered into effect in Russia, it would allow the government to cut internet traffic from the global Internet. This week a controversial law entered into effect in Russia, it would allow the Russian government to disconnect the country from the global Internet.

Internet

Internet Internet DNS Government

Why Malware Crypting Services Deserve More Scrutiny

Krebs on Security

JUNE 21, 2023

guru’s registration records also are hidden, yet passive domain name system (DNS) records for both cryptor[.]biz Those records indicate the user Kerens registered on Verified in March 2009 from an Internet address in Novosibirsk, a city in the southern Siberian region of Russia. The registration records for the website Cryptor[.]biz

Malware

Malware Antivirus Cybercrime Hacking

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate botnet used only subdomains registered at the dynamic DNS provider No-IP to control infected devices. “This will prevent new victims from downloading secondary payloads from the internet. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising DNS Malware Hacking

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

What Is DNS And Why Should Your Business Care?

Trending Sources

ICANN warns of large-scale attacks on Internet infrastructure

HOW DO PROVIDERS IMPLEMENT INTERNET BLOCKING IN BELARUS?

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

DHS issues emergency Directive to prevent DNS hijacking attacks

NCSC report warns of DNS Hijacking Attacks

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Spying on satellite internet comms with a $300 listening station

Russia is going to disconnect from the internet as part of a planned test

Who’s Behind the Botnet-Based Service BHProxies?

Some Zyxel devices can be hacked via DNS requests

RuNet – Russia successfully concluded tests on its Internet infrastructure

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

BIND DNS software includes a security feature that could be abused to cause DoS condition

Some Fortinet products used hardcoded keys and weak encryption for communications

For nearly a year, Brazilian users have been targeted with router attacks

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Iranian government blocked Wikipedia Farsi due Coronavirus outbreak

Russia-linked APT28 has been scanning vulnerable email servers in the last year

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Massive increase in XorDDoS Linux malware in last six months

One of the hackers behind EtherDelta hack also involved in TalkTalk hack

TrickBot operators employ Linux variants in attacks after recent takedown

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security expert discovered a bug that affects million Kaspersky VPN users

Microsoft July 2020 Security Updates address 123 vulnerabilities

Cyber Defense Magazine – September 2019 has arrived. Enjoy it!

M2M protocols can be abused to attack IoT and IIoT systems

Trend Micro observed notable malware activity associated with the Momentum Botnet

VPN vs. proxy: which is better to stay anonymous online?

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

New Russian Language Malspam is delivering Redaman Banking Malware

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Some models of Comba and D-Link WiFi routers leak admin credentials

Netanyahu accuses Iran of cyber attacks carried out daily

The Bug Report – November Edition

What Is Sender Policy Framework? SPF Email Explained

GALLIUM Threat Group targets global telcos, Microsoft warns

Controversial law entered into effect in Russia this week

Why Malware Crypting Services Deserve More Scrutiny

Previously undetected VictoryGate Botnet already infected 35,000 devices

Stay Connected