Cybercrime, Information Security and IoT

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. The IoT device was running a lightweight Linux OS, that was the perfect target for Akiras Linux ransomware variant. ” reads the report published by the S-RM team.

Ransomware

Ransomware IoT Encryption Passwords

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity! But that action did not name any defendants.

Cybercrime

Cybercrime Advertising IoT Malware

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. Pierluigi Paganini.

IoT

IoT Firmware Malware Wireless

Spotlight on Cybersecurity Leaders: Richard Staynings

SecureWorld News

JANUARY 6, 2025

He has advised numerous government and industry leaders on their healthcare security strategy and defensive posture, and has served as a subject matter expert on government Committees of Inquiry into some of the highest profile healthcare breaches. This year, cybercrime is expected to cost $10.3 Today, Cybercrime Inc.

Cybersecurity

Cybersecurity Cybercrime Healthcare Government

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. ” reads the report published by Cado Security.

IoT

IoT Architecture Malware Hacking

Creator of multiple IoT botnets, including Satori, pleaded guilty

Security Affairs

SEPTEMBER 4, 2019

Kenneth Currin Schuchman (21) from Vancouver, Washington pleaded guilty to creating and operating multiple DDoS IoT botnet , including Satori. Kenneth Currin Schuchman (21) from Vancouver, Washington, aka Nexus Zeta, pleaded guilty to creating and operating multiple DDoS IoT botnets. SecurityAffairs – Satori, cybercrime).

IoT

IoT DDOS Internet Internet

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs

JULY 29, 2019

Ransomware continues to be a profitable business for the cybercrime ecosystem and the recent wave of attacks against US municipalities demonstrates it. The report also states that experts observed a spike in the number of cyberattacks against IoT devices carried out by IoT malware. million IoT attacks. Pierluigi Paganini.

IoT

IoT Encryption Malware Advertising

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 16, 2025

CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies Elon Musk blames a massive cyberattack for the X outages Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577 RansomHouse gang claims the hack of (..)

Spyware

Spyware Cybercrime Ransomware IoT

New Mirai botnet targets tens of flaws in popular IoT devices

Security Affairs

JUNE 22, 2023

Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. “The widespread adoption of IoT devices has become a ubiquitous trend. However, the persistent security concerns surrounding these devices cannot be ignored.

IoT

IoT Malware Encryption DDOS

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. reads the report published by Black Lotus Labs.

Architecture

Architecture Internet Internet Malware

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Security Affairs

JANUARY 21, 2025

The ShellScript is loaded onto IoT devices such as IP cameras, and network devices, revealing that the Murdoc Botnet specifically targets IoT devices via this mechanism, leveraging C2 servers for new Mirai variant propagation. The Qualys Threat Research Unit discovered over 500 samples containing ELF files and ShellScript files.

IoT

IoT Malware Hacking Cybercrime

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Security Affairs

FEBRUARY 16, 2023

During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022.

IoT

IoT DDOS Encryption Malware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

Security Affairs

MARCH 12, 2025

“IoT devices have been constantly targeted by threat actors for multiple reasons” concludes the report. “Proactive identification and management of IoT devices within an organizations network remain essential for mitigating risk and ensuring the resilience of critical infrastructure.”

IoT

IoT Malware Encryption DDOS

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

A new variant of TheMoon malware infected thousands of outdated small office and home office (SOHO) routers and IoT devices worldwide. The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices.

IoT

IoT Cybercrime Internet Internet

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

Apart from the electronic toothbrush mess, the Internet of Things (IoT) are privileged targets for many threat actors. Some cases underscore the urgency of securing our smart homes. IoT devices, such as smart fridges, smart meters, or thermostats, are often designed with connectivity in mind, but lack of security.

DDOS

DDOS IoT Media Internet

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 8, 2025

TB of data allegedly stolen from Tata Technologies New Eleven11bot botnet infected +86K IoT devices Polish Space Agency POLSA disconnected its network following a cyberattack U.S.

Data breaches

Data breaches Hacking Artificial Intelligence Cybercrime

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. SocksEscort began in 2009 as “ super-socks[.]com com , segate[.]org

Malware

Malware VPN Internet Internet

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems. “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Healthcare

Healthcare Ransomware Cybercrime Advertising

Dutch police warn customers of a popular DDoS booter service

Security Affairs

OCTOBER 13, 2021

In October 2019, a joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof hosting service. SecurityAffairs – hacking, cybercrime). Pierluigi Paganini.

DDOS

DDOS Cybercrime IoT Hacking

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector.

IoT

IoT Firmware Internet Internet

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” .” reads the analysis published by Akamai.

Manufacturing

Manufacturing Malware Firmware IoT

Dutch police shut down bulletproof service hosting tens of DDoS botnets

Security Affairs

OCTOBER 3, 2019

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks. The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. ” continues the statement. Pierluigi Paganini.

DDOS

DDOS IoT Cybercrime Advertising

Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet.

Security Affairs

JULY 23, 2021

The IoT botnet was tracked as the “Russian2015” because it was using the domain Russian2015.ru. SecurityAffairs – hacking, cybercrime). appeared first on Security Affairs. The Estonian national Pavel Tsurkan has pleaded guilty in a United States court to two counts of computer fraud and abuse. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics IoT Cybercrime Internet

Conti Ransomware hit 16 US health and emergency Services, said FBI

Security Affairs

MAY 22, 2021

Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider. The list of victims of the group includes IoT chip maker Advantech , and Broward County Public Schools (BCPS) , and Ireland’s Health Service Executive.

Ransomware

Ransomware Healthcare Cyber Attacks Cybercrime

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

ransomware builder used by multiple threat actors Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software Cybercrime Unpacking the MOVEit Breach: Statistics and Analysis Cl0p Ups The Ante With Massive MOVEit Transfer Supply-Chain Exploit FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown U.S.

Social Engineering

Social Engineering Data breaches Spyware Malware

Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros

Security Boulevard

MARCH 7, 2025

Those stats come from ISACAs Tech Workplace and Culture 2025 report, which is based on a survey of about 7,700 of its members who work in IT areas such as information security, governance, assurance, data privacy and risk management.

Cybersecurity

Cybersecurity Scams CSO Risk

Conti ransomware demanded $20M ransom to Ireland Health Service Executive

Security Affairs

MAY 16, 2021

Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider. The list of victims of the group includes IoT chip maker Advantech , and Broward County Public Schools (BCPS). Since August 2020, the group has launched its leak site to threaten its victim to release the stolen data.

Ransomware

Ransomware IoT Cybercrime Media

Ukrainian police dismantled a bot farm involved in multiple spam campaigns

Security Affairs

OCTOBER 3, 2019

Cybercrime is a prolific business, criminal organizations continues to make profits with illegal activities in the cyberspace, but police are ready to contrast them. The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. . “Cyber ??

Cybercrime

Cybercrime VPN Advertising Accountability

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Security Affairs

NOVEMBER 15, 2021

The botnet included Internet of Things (IoT) devices and GitLab instances. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices and unpatched GitLab instances.” “This was a multi-vector attack combining DNS amplification attacks and UDP floods.

DDOS

DDOS DNS IoT Internet

Who is behind the Mozi Botnet kill switch?

Security Affairs

NOVEMBER 2, 2023

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extended the list of targets.

IoT

IoT Manufacturing Malware Hacking

Top cybersecurity Predictions for 2020

Security Affairs

DECEMBER 27, 2019

Threat actors behind ransomware campaigns will switch tactics, leveraging access to organizations available for sale in the cybercrime underground. In 2020, the number of attacks associated with Advanced Persistent Threat actors that haven’t been previously identified by the security researchers will increase. the Mirai bot).

Cybersecurity

Cybersecurity IoT Ransomware Advertising

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware

Malware Architecture IoT Ransomware

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. Adopt a comprehensive IoT security solution. The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The Enemybot botnet employs several methods to spread and targets other IoT devices. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Malware

Malware DDOS IoT Cybercrime

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Security Affairs

SEPTEMBER 22, 2024

Protect Your Crypto: Understanding the Ongoing Global Malware Attacks and What We Are Doing to Stop Them CISA warns of Windows flaw used in infostealer malware attacks Exotic SambaSpy is now dancing with Italian users Loki: a new private agent for the popular Mythic framework Microsoft: US Healthcare Sector Targeted by INC Ransomware Affiliate Gleaming (..)

Malware

Malware IoT Healthcare Cryptocurrency

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The researchers attribute the botnet to the cybercrime group Keksec which focuses on DDoS-based extortion. The Enemybot botnet employs several methods to spread and targets other IoT devices. The botnet targets multiple architectures, including arm, bsd, x64, and x86. Upon installing the threat, the bot drops a file in /tmp/.pwned

DDOS

DDOS Architecture Malware Cybercrime

New RapperBot Campaign targets game servers with DDoS attacks

Security Affairs

NOVEMBER 16, 2022

Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT botnet in August, and reported that it is active since mid-June 2022. The list of hardcoded credentials is composed of default credentials associated with IoT devices. ” continues the report. ” the researchers conclude. Pierluigi Paganini.

DDOS

DDOS IoT Malware Architecture

Experts spotted a new stealthy Linux malware dubbed Shikitega

Security Affairs

SEPTEMBER 7, 2022

A new Linux malware dubbed Shikitega leverages a multi-stage infection chain to target endpoints and IoT devices. Researchers from AT&T Alien Labs discovered a new piece of stealthy Linux malware, dubbed Shikitega, that targets endpoints and IoT devices.

Malware

Malware IoT Cryptocurrency Engineering

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. zip” or “Tracking###.zip”

DNS

DNS Malware Firmware Authentication

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs

SEPTEMBER 29, 2024

How the Necro Trojan infiltrated Google Play, again Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware “Marko Polo” Navigates Uncharted Waters With Infostealer Empire Octo2: European Banks Already Under Attack by New Malware Variant Infostealer malware bypasses Chrome’s new cookie-theft defenses AI-Generated Malware Found in the Wild (..)

Malware

Malware Social Engineering IoT Scams

Developer of DDoS Mirai based botnets sentenced to prison

Security Affairs

JUNE 26, 2020

. “According to court documents, the botnets were initially based largely on the source code previously developed by other individuals to create the Mirai botnet;” In September 2019, Schuchman pleaded guilty to creating and operating multiple DDoS IoT botnets.

DDOS

DDOS IoT Advertising Internet

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. Now researchers from Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT have monitored a new evolution of the threat that extent the list of targets. .

IoT

IoT DNS Manufacturing Firmware

Akira ransomware gang used an unsecured webcam to bypass EDR

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Trending Sources

BotenaGo botnet targets millions of IoT devices using 33 exploits

Spotlight on Cybersecurity Leaders: Richard Staynings

New P2PInfect bot targets routers and IoT devices

Creator of multiple IoT botnets, including Satori, pleaded guilty

Updated Kmsdx botnet targets IoT devices

Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION

New Mirai botnet targets tens of flaws in popular IoT devices

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers

Mirai V3G4 botnet exploits 13 flaws to target IoT devices

Interview With a Crypto Scam Investment Spammer

New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

TheMoon bot infected 40,000 devices in January and February

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Who and What is Behind the Malware Proxy Service SocksEscort?

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Dutch police warn customers of a popular DDoS booter service

Realtek SDK flaws exploited to deliver Mirai bot variant

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Dutch police shut down bulletproof service hosting tens of DDoS botnets

Estonian hacker Pavel Tsurkan pleads guilty for operating a proxy botnet.

Conti Ransomware hit 16 US health and emergency Services, said FBI

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros

Conti ransomware demanded $20M ransom to Ireland Health Service Executive

Ukrainian police dismantled a bot farm involved in multiple spam campaigns

Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Who is behind the Mozi Botnet kill switch?

Top cybersecurity Predictions for 2020

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 35

A new Zerobot variant spreads by exploiting Apache flaws

EnemyBot malware adds new exploits to target CMS servers and Android devices

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 12

Enemybot, a new DDoS botnet appears in the threat landscape

New RapperBot Campaign targets game servers with DDoS attacks

Experts spotted a new stealthy Linux malware dubbed Shikitega

MikroTik botnet relies on DNS misconfiguration to spread malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Developer of DDoS Mirai based botnets sentenced to prison

Mozi P2P Botnet also targets Netgear, Huawei, and ZTE devices

Stay Connected