New Jenkins Campaign Hides Malware, Kills Competing Crypto-Miners

Article / Jul 16, 2018

By liron segal

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations.

Tackling Gootkit's Traps

Article / Jul 11, 2018

By julia karpin

Gootkit malware uses misleading code to hinder manual research and automated analysis.

Snooping on Tor from Your Load Balancer

Blog / Jul 3, 2018

By david holmes

An F5 Labs researcher snoops on Tor exit node traffic from a load balancer. What he finds will shock you. SHOCK YOU.

BackSwap Defrauds Online Banking Customers Using Hidden Input Fields

Article / Jun 29, 2018

By ruby cohen doron voolf

BackSwap demonstrates unique behavior in its manipulation of user input fields and its handling of International Bank Account Numbers (IBANs).

New Struts 2 Campaign Compiles Its Own C# Downloader, Leverages a User Profile Page as Its C&C Server

Article / Jun 23, 2018

By liron segal

Attackers continue to find new and creative ways to carry out malicious crypto-mining operations, employing multiple exploits in a single campaign.

New Campaign Targeting Apache Struts 2, WebLogic Deploys Malware Using VBScript

Article / Jun 21, 2018

By liron segal

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

Russian Attacks Against Singapore Spike During Trump-Kim Summit

Blog / Jun 15, 2018

By sara boddy justin shattuck

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and…

Drupalgeddon 2 Highlights the Need for AppSecOps

Blog / May 11, 2018

By lori macvittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

Blog / May 4, 2018

By sara boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

The 2017 TLS Telemetry Report

Report / Apr 23, 2018

By david holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

Article / Apr 12, 2018

By andrey shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Know the Risks to Your Critical Apps and Defend Against Them

Blog / Apr 10, 2018

By ray pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

/ Apr 3, 2018

By david holmes

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

Article / Mar 28, 2018

By andrey shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

When Information Security is a Matter of Public Safety

Blog / Mar 22, 2018

By ray pompon sara boddy debbie walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

Report / Mar 13, 2018

By sara boddy justin shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Threat Modeling the Internet of Things: Modeling Reaper

/ Mar 9, 2018

By david holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

Article / Mar 8, 2018

By andrey shalnev

The rTorrent XML-RPC function configuration error targeted to mine Monero in February was also targeted in January in a campaign to spoof user-agents for RIAA and NYU.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

Blog / Mar 2, 2018

By sara boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

Article / Feb 28, 2018

By andrey shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

Beware of Attackers Stealing Your Computing Power for their Cryptomining Operations

Blog / Feb 15, 2018

By travis kreikemeier

As the black-market price for stolen data declines, attackers turn to cryptojacking schemes to maximize their profits—all at your expense.

The Email that Could Steal Your Life Savings and Leave You Homeless

Blog / Feb 8, 2018

By debbie walkowski david holmes

Real estate scams are big business for attackers. Be on the lookout for this one, which can leave home buyers destitute if not caught in time.

Thingbots and Reapers and Cryptominers—Oh, My! F5 Labs’ First Year in Review

Blog / Jan 25, 2018 (MODIFIED: Jan 31, 2018)

By debbie walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)

By doron voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots

Blog / Jan 10, 2018 (MODIFIED: Jan 15, 2018)

By lori macvittie

Every week, another bug, vulnerability, or exploit is released—we need a multi-layered security strategy to deal with threats like Spectre and Meltdown.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

Blog / Jan 4, 2018 (MODIFIED: Jan 18, 2018)

By david holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

New Python-Based Crypto-Miner Botnet Flying Under the Radar

Article / Jan 3, 2018 (MODIFIED: Jan 25, 2018)

By maxim zavodchik liron segal aaron brailsford

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

BrickerBot: Do “Good Intentions” Justify the Means—or Deliver Meaningful Results?

Blog / Dec 28, 2017 (MODIFIED: Jan 16, 2018)

By justin shattuck

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Follow us on social media.