Top IT Security Bloggers

Arbor Networks
  • Lojack Becomes a Double-Agent

    Arbor Networks
    Executive Summary ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains.  The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity.  Fancy Bear actors typically choose […]
  • Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files

    Arbor Networks
    Overview ASERT recently identified a campaign targeting commercial manufacturing  in the US and potentially Europe in late 2017.   The threat actors used phishing and downloader(s) to install a Remote Access Trojan (RAT) ASERT calls InnaputRAT on the target’s machine.  The RAT contained a series of […]
  • Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files

    Arbor Networks
    Overview ASERT recently identified a campaign targeting commercial manufacturing  in the US and potentially Europe in late 2017.   The threat actors used phishing and downloader(s) to install a Remote Access Trojan (RAT) ASERT calls InnaputRAT on the target’s machine.  The RAT contained a series of […]
  • Panda Banker Zeros in on Japanese Targets

    Arbor Networks
    Key Findings A threat actor using the well-known banking malware Panda Banker (a.k.a Zeus Panda, PandaBot) has started targeting financial institutions in Japan. Based on our data and analysis this is the first time that we have seen Panda Banker injects targeting Japanese organizations. It […]
  • Donot Team Leverages New Modular Malware Framework in South Asia

    Arbor Networks
    Authors: Dennis Schwarz and Jill Sopko Special thanks to Richard Hummel and Hardik Modi for their contributions on this post. Key Findings ASERT discovered a new modular malware framework, we call yty, that focuses on file collection, screenshots, and keylogging. We believe the threat actors, Donot […]
  • NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us

    Arbor Networks
    Last week, after Akamai confirmed a 1.3Tbps DDoS attack against Github. I published a blog that looked at the last five years of reflection/amplification attack innovation. I hope that it provides a helpful backgrounder on how we got here, to the terabit attack era, because […]
  • 1 Terabit DDoS Attacks Become a Reality; Reflecting on Five Years of Reflections

    Arbor Networks
    Special thanks to Hardik Modi, Steve Siadak and Roland Dobbins for their contributions on this post. Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For […]
  • memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations

    Arbor Networks
    ASERT Threat Summary: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations Date/Time: 27022018 1645UTC Title/Number: memcached Reflection/Amplification Description and DDoS Attack Mitigation Recommendations – February 2018 – v1.3. Severity: Critical Distribution: TLP WHITE (see <https://www.us-cert.gov/tlp>) Categories: Availability Authors: Roland Dobbins & Steinthor Bjarnason Contributors: Luan Nguyen, […]
  • Musical Chairs Playing Tetris

    Arbor Networks
    Introduction ASERT has discovered new command-and-control infrastructure controlled by the APT actors behind the Musical Chairs campaign.  The security research community has associated these actors with significant campaigns in the past, including the pivotal Night Dragon campaign reported on by McAfee in 2011.  The actors […]
  • The ARC of Satori

    Arbor Networks
    Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]