Today, we will look at changes to the DNS settings in routers, Cerber ransomware, the order of countries according to the number of botnet clients in the Europe, Middle East and Africa, the next wave of attacks on the RDP, or the possible weakness of the Tor network.
Based on our findings, the attacker does not yet direct users to any fake versions of the site, however, it is likely to change in the future. Similar attacks are nothing new. In the past, we have been dealing with the aforementioned case, where the users connected via the infected router were redirected to the attacked copy of the Google Sites, where malicious software was being served as a pretext for downloading the FlashPlayer update. Similarly, in Poland, users were redirected to mBank's fake mockery page in one of these attacks.
The new Cerber ransomware option terminates the running processes of commonly used databases, such as MySQL, Oracle, or Microsoft SQL. The reason is to encrypt as much data as possible, while running processes would prevent encryption of database files. In order for the ransomware to terminate running processes, it must be run with the appropriate privilege.
Symantec conducted a survey to survey the number of computers in a particular country in the region of Europe, the Middle East and Africa as a member of a botnet. The first three places were in absolute numbers Turkey, Italy and Hungary. When counting the "density" of shoes, the first three positions are held by Hungary, Monaco and Andorra. Any device that is a member of the botnet has 17,492th Internet users. For example, in Hungary already mentioned, it is every 393nd user.
The Brazilian group of attackers focused on servers that are exposed to the Remote Desktop Protocol (RDP) on the Internet. In addition to brute force attacks, they also use vulnerabilities that the administrators did not pay for some reason. After a successful attack, the system launches a ransomware system that will encrypt most files.
Tor exit node operators should avoid using public DNS resolvers, such as Google or OpenDNS. Instead, they should use their ISP resolves or their own. This results from a newly published correlation attack that uses DNS to deanonymize Tor network users. At the moment, Google reviews about 40% of all DNS queries leaving the Tor network on its DNS resolves.
EUR 9 / Mo
EUR 135 / Mo