Hsinchu, Taiwan – October 7, 2020 – According to the H1, 2020 DDOS report released by Link11, Germany, the DDoS attack average in April, May and June is 97% higher than the same period in 2019, and reach to the peak of 108% in May this year. Since the beginning of the year, there’s a new way added on the DDoS attack, the DVRs exploit vulnerability becomes the attacking route, and it has been used for hundreds of times in Q2.
The “dark_nexus” bot is named by Bitdefender researchers. It is not a Windows malware this time. The Linux ELF format executables on IoT devices are their targets. That is, the possible victims may be routers (from Dasan Zhone, Dlink, and ASUS), video recorders and so on. There are 12 kinds of CPU architectures of embedded Linux are possible to be infected. The bots inside victims form the dark_nexus botnet. A message from the researches -
In 2019 December, IBM X-Force team published a report (https://www.ibm.com/downloads/cas/OAJ4VZNJ) detailing new variants of ZeroCleare: a data-destroying malware family attributed to Iran. According to the IBM X-Force report, there are several important points - The initial access IP address of this ZeroCleare is 193.111.152.13, which was associated with ITG13 in recent Oilrig/APT34 leaks, and as also reported by Palo Alto, was used to scan target networks and access accounts as early as the fall of 2018.
Introduction Many major media have reported this security event about New Orleans city including C/NET, BleepingComputer and others. From the information provided by these media, we are almost sure that the attacker is Ryuk ransomware. Figure 1 - C/NET news about New Orleans ransomware event Figure 2 - BleepingComputer news about New Orleans ransomware event Lionic’s Inspection on Ryuk Ransomware By our survey, the Ryuk ransomware is used mainly for targeted attacks, like enterprise or governmental organizations.
Hsinchu, Taiwan – November 18, 2019 – AegisLab reviewed several CVE (https://cve.mitre.org/) entries and found the following 2018 CVE Vulnerabilities are not fixed yet. The CIRCONTROL is notified by the email on Oct 15 but no response so far. AegisLab has done the obligation to report to CIRCONTROL one month before publishing security report. Actually CIRCONTROL should begin fixing these vulnerable devices since 2018 but they did not. The header of Lionic’s notifying email -
Copyright (c) 2019 - 2020, Lionic Corporation; all rights reserved.
