The ransomware-as-a-service operation known as Cerber is earning at least $200,000 per month via ransoms paid by victims, says Check Point Software Technologies' Gadi Naveh. In an audio interview, he explains that bitcoins and high levels of automation are key to the operation's success.
As investigations into the distributed denial-of-service attack on Singaporean ISP StarHub continue, experts believe that the scale of IoT infections - needed to launch attacks of such severity - and the circumstances perpetuating it are the bigger problems.
A potentially explosive story suggests that there were secret communications between Russia and U.S. presidential candidate Donald Trump's business. But computer security experts have dismissed the report, saying it's based on a flawed interpretation of technical information.
This year, the annual Black Hat Europe conference decamps from Amsterdam to London. What's in store? Everything from mobile ransomware and quantum-resistant crypto to "ego markets" and how to turn Belkin IoT devices into launch pads for DDoS attacks.
The Shadow Brokers - the group that released what are purported to be hacking tools tied to the NSA - returns with what it claims to be a list of exploit-staging servers used by the U.S. intelligence agency to stage its cyber-attack and surveillance operations.
In a sign that investigators are paying more attention to disrupting stresser/booter services, script-kiddie-friendly Hack Forums recently announced that it will be shutting down its related Server Stress Testing forum.
After 10 days of Microsoft not issuing an advisory or fix for a zero-day flaw found by Google that's being actively exploited in the wild, Google publicly revealed details of the flaw. But Microsoft says that puts its users at further risk.
Australia's largest-ever known data leak wasn't caused by hackers. Instead, a contractor mistakenly posted a database of blood donor information on a public website, showing how a simple mistake can have deep repercussions.
We were promised flying cars. Instead, we get malware-infected CCTVs serving as remote launch pads for digital attacks that help criminals earn cryptocurrency by crashing large parts of the internet. But new defenses offer promise for blunting such attacks.
An evaluation of new U.S. government guidance to prevent the hacking of automotive computers and electronics leads the latest ISMG Security Report. Also, IBM takes responsibility for the impact of a DDoS attack and a preview of the ISMG Healthcare Security Summit.
On the heels of the massive DDoS attack that disrupted DNS services provided by Dyn, Singaporean ISP StarHub's DNS services were likewise targeted. The ISP has blamed customer-owned IoT devices for the attack, but it has not named the malware involved.
The malware-infected IoT army that disrupted domain name server provider Dyn was composed of, at most, 100,000 devices, the company estimates in an after-action report. But claims that the attacks peaked at 1.2 Tbps remain unconfirmed.
Chinese manufacturer Xiongmai will recall up to 10,000 webcams in the wake of the IoT-powered DDoS attacks that pummeled DNS provider Dyn. But information security experts say that only a more resilient internet will blunt future attacks.
IBM is blaming subcontractors for failing to block DDoS attacks that disrupted Australia's largest-ever online census in early August. But as the project's chief contractor, IBM is now in compensation negotiations with the government.