The malware uses the following icons to disguise its EXE files as PDF and RAR executables. The attacker then sends malicious code to the target via email, tricking the victim into executing it. In this way, an attack is successfully launched via social engineering. 阅读全文 “Petya — Technologically Challenging and Imaginative Ransomware” »
On the evening of June 27, 2017, multiple enterprises were attacked by ransomware, hence service interruption was caused. The first infections were identified in Ukraine. Since then, it has spread to many countries, including Brazil, Germany, Russia, and the US. This event had such an extensive and significant impact that technical support personnel of NSFOCUS paid close attention to it, and captured and analyzed the sample immediately. 阅读全文 “Petya Variant Sample Technical Analysis” »
In this report, we present a multi-dimensional analysis of DDoS attack data and botnet data and summarize and analyze typical attack events in 2016, revealing threats of DDoS attacks and the overall threat trend in 2016.
On March 37, Zhiniang Peng and Chen Wu disclosed the Internet Information Services (IIS) 6.0 WebDAV remote code execution vulnerability, which has been assigned CVE-2017-7269 and CNNVD-201703-1151. This vulnerability, which could cause buffer overflows, is associated with the ScStoragePathFromUrl function in the WebDAV service in IIS 6.0 in Microsoft Windows Server 2003 R2. 阅读全文 “Microsoft Windows Server 2003 R2 IIS 6.0 Remote Code Execution Technical Analysis and Solution” »
IBM’s X-Force security team recently discovered an updated version of Dridex, called Dridex v4. Dridex is one of the most popular banking trojans. It was first spotted in 2014 when it was viewed as the successor of GameOver ZeuS (GoZ) because it uses GoZ-related techniques. An important improvement in Dridex v4 is that it evades detection antivirus software by introducing the AtomBoming technique for malicious code injection. 阅读全文 “Dridex Banking Malware Sample Technical Analysis and Solution” »
Over 34,000 vulnerable MongoDB databases were hit by a ransom attack. Data were erased from these databases and ransoms were requested for returning data. Then on Jan 18th 2017, several hundreds of ElasticSearch servers were hit by a ransom attack within a few hours. 阅读全文 “ElasticSearch Hit by Ransom Attack” »
Ukrenergo, a major energy provider in Ukraine, experienced a power failure on the night of December 17, 2016, which involved the automatic control system of the “North” substation in New Petrivtsi close to Kiev. The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas. 阅读全文 “Power Outage Caused by the Cyber Attack on Ukrenergo Technical Analysis and Solution” »