Posts tagged Botnets

5 min Cryptocurrency

Blockchain Blunders: Exposing Digital Pickpockets in the Ethereum Ecosystem

(Many thanks to Jon Hart and Bob Rudis for their contributions to this post.) Port 8545 appeared on our radar as one of the top 20 most talkative ports of June 2018. Intrigued by its popularity, we began to examine data related to connections to port 8545, and consequently uncovered an Ocean’s 8-scale heist. Data from our Heisenberg honeypot network [https://opendata.rapid7.com/heisenberg.cowrie/] shows that activity on port 8545 has remained at a steady level since May 2018. Interestingly, in

4 min Project Sonar

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown [/author/rebekah-brown/] & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos [https://www.cisco.com/c/en/us/products/security/talos.html] group has published some significant new research [https://blog.talosintelligence.com/2018/06/vpnfilter-update.html] on a new malware family called VPNFilter. VPNFilter targets and compromises networking devices to monitor the traffic that goes through them. The mal

3 min Botnets

Election Day: Tracking the Mirai Botnet

by Bob Rudis [/author/bob-rudis/], Tod Beardsley [/author/tod-beardsley], Derek Abdine & Rapid7 Labs Team What do I need to know? Over the last several days, the traffic generated by the Mirai family of botnets [/2016/10/25/mirai-faq-when-iot-attacks] has changed. We've been tracking the ramp-up and draw-down patterns of Mirai botnet members and have seen the peaks associated with each reported large scale and micro attack since the DDoS attack against Dyn, Inc. We've tracked over 360,000 uniqu

4 min Botnets

Mirai FAQ: When IoT Attacks

Update: Following the attack on Dyn back in October, there is some speculation over whether a similar Mirai-style attack could be leveraged to influence the election. This feels like FUD to me; there doesn't seem to be a mechanism to knock out one critical service to kick over enough state and county election websites, Dyn-style, to make such an attack practical. It could potentially be feasible if it turns out that a lot of city, county, and state websites are sharing one unique upstream resour

1 min Breach Response News

Cyber security around the world - 7/4/14 - Germany

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in Germany where officials have found the second mass user account hacking this year… Germany Last week German officials confirmed that 18 million email address and passwords were hacked [http://www.dw.de/german-officials-confirm-18-million-emails-and-passwords-stolen/a-17542815] in a mass dat

4 min Malware

Botnets and the War on Bitcoin

If you've been reading the most recent news from the interwebs, you probably heard that Bitcoin is on a rollercoaster. If you're not familiar with it, Bitcoin is a global online currency, the cash of the Internet. It has no central regulator and no authority: it's a decentralized system where technology is in control. Bitcoins are generated by the people part of its network. Generating, or better "mining", Bitcoins requires your computer to perform an expensive cryptographic computation that,

15 min Malware

Skynet, a Tor-powered botnet straight from Reddit

While wandering through the dark alleys of the Internet we encountered an unusual malware artifact, something that we never observed before that gave us fun while we meticulously dissected it until late night. The more we spent time looking at it, the more it started to look unusually familiar. As a matter of fact it turned out being the exact same botnet that an audacious Reddit user of possible German origin named “throwaway236236” described in a very popular I Am A thread you can read here [

2 min Botnets

Buttinsky: Hello World

Thanks to Rapid7 [http://www.rapid7.com/]'s funding and technical support via the Magnificent 7 [https://community.rapid7.com/community/open_source/magnificent7] program we will be able to work on a framework for botnet command and control monitoring for the next year. The motivation behind this project is based on the fact that botnet analysis is often neglected due to the lack of proper open source tools. But this is about to change. Both developers have previously build their own, very speci