SUBSCRIBE NOW
IN THIS ISSUE
PIPELINE RESOURCES

Funded Threats: The Fuel for Malware Evolution


This threat actor gained special attention due to the sheer number of persistent and aggressive attacks.

To become even more profitable while continuing to avoid detection, operators of crimeware, like ransomware, are hiring and funding their own professional development teams to create new variants and tactics.

Ransomware encrypts users’ files—targeting everything from financial files to family photos—and provides the keys for decryption only after users pay a “ransom".

Ransomware targets everyone from large companies to law enforcement to individual users. Ransomware is a multi-vector threat delivered to victims in nearly every possible way. All major exploit kits are now delivering some ransomware variant. Spam is also a common attack vector with a significant amount of spam campaigns leveraging attachments delivering ransomware variants such as CryptoWall, TeslaCrypt, and CTB-Locker.

The ransom demanded by these threat actors is not exorbitant. Usually, a payment between $300 and $500 is required to decrypt the files.

Why such a modest fee?

Adversaries who deploy ransomware have done their market research to determine the ideal price point. The idea is that the ransom is viewed by the victim as a “nuisance fee", and it will not make it worth their time to contact law enforcement. And users are paying up.

Recently, there have been a number of customized campaigns that were designed to compromise specific groups of users, such as online gamers. In addition, some ransomware authors have also created variants in uncommon languages like Icelandic to make sure that users in areas where those languages are predominantly spoken do not ignore the ransomware message.

Users can protect themselves from ransomware by backing up their most valuable files and keeping them isolated, or “air gapped” from the network. Users should also realize that their system could be at risk even after they pay a ransom and decrypt their files. Almost all ransomware is multi-vector. The malware may have been dropped by another piece of malware, which means the initial infection vector must still be resolved before the system can be considered clean.

SSH Psychos

In June of 2014, our researchers identified a threat actor conducting a widespread brute force attack out of isolated networks in Hong Kong. A brute force attack is a large dictionary-based trial-and-error search of a key space using usernames and passwords. The threat actor used a dictionary of over 300,000 passwords, some of which were quite complex, in attempts to compromise the root account.

SSH - Brute Force Attack

Once the system was compromised, a separate network at a shared hosting provider in the United States would reach out to the system, login, and place a DDoS client on the machine.

This threat actor gained special attention due to the sheer number of persistent and aggressive attacks. Our threat researchers collaborated with Level-3 Communications and was able to determine this threat was responsible for a third of the Internet’s backbone traffic for SSH.



FEATURED SPONSOR:

Latest Updates





Subscribe to our YouTube Channel