May 26, SecurityWeek – (International) “Wekby” group uses DNS requests for C&C communications. Security researchers from Palo Alto Networks discovered that an advanced persistent threat (APT) group named Wekby, APT 18, Dynamite Panda, and TG-0416, was using the “pisloader” malware to infiltrate a system via Domain Name System (DNS) requests for command & control (C&C) communications, which allows the malware to bypass security products. The “pisloader” malware was believed to be a variant of the HTTPBrowser, a remote access trojan (RAT). Source
May 26, Help Net Security – (International) DNS provider NS1 hit with multi-faceted DDoS attacks. The CEO of NS1 reported that during the week of May 16 the company experienced dozens of large distributed denial-of-service (DDoS) attacks including simple volumetric attacks, complex direct Domain Name System (DNS) lookup attacks, and attacks against the company’s upstream network providers. The motive behind the attacks is unknown, but the attacks were seen targeting the DNS, content delivery network (CDN), and Internet infrastructure industries in Europe, U.S., and Asia. Source
May 26, Softpedia – (International) Hackers prefer file upload, XSS, and SQLi bugs when attacking WordPress sites. Check Point released a report that analyzed telemetry data from its security products and attacks against WordPress plugins which revealed that attackers were using automated scripts to scan WordPress Web sites for vulnerabilities to exploit payloads and use the collected information to create a security status report and compromise the Web sites. Attackers compromised the Web sites with malicious redirects, sending visitors to exploit kit (EK) sites, and leveraged File Upload vulnerabilities. Source
May 25, Softpedia – (International) FBI: Ransomware complaints doubled in 2015. The FBI’s Internet Crime Complaint Center (IC3) released its 2015 Internet Crime Report which revealed that during 2015, the FBI recorded 2,453 ransomware complaints and estimated that the recorded infections caused over $1.6 million in damages to the victims. Reports by Enigma Software and Kaspersky found that ransomware campaigns grew with a 14 percent increase from year-to-year. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report