Media Coverage

Several security companies this week released new research into how hijacking computers is turning real profits for cybercriminals. In fact, three cryptocurrency mining applications – Coinhive, Crytoloot and Rocks – are now among the top 10 malware families even though the code itself isn’t malware, according to Check Point Software. The company estimates that 55 percent of businesses have been affected by cryptocurrency mining applications.

The community of open source threat intelligence feeds has grown over time. We have new sources being offered all the time. Many companies offer freemium services to entice the usage of their paid services.  There are community projects which aggregate data from new sources of threat intelligence. We also have an emerging market of companies who pull all this and other data into Threat Intelligence solutions. Finally, there are security companies who offer their threat intelligence as a community service. The result is a massive amount of information.  The following is maintained for the participants of the Operator’s Security Toolkit program.

FBI Anchorage in Alaska just showed its appreciation on Twitter to Qihoo 360, the leading Chinese cybersecurity company providing anti-virus solutions, for its role in cracking three local cyber crime cases involving significant DDOS attacks. Local FBI has tweeted out an appreciation note, saying that “#FBIAnchorage would like to thank our business partners in this case: 360.CN, AT&T, Dyn, Paterva, Paypal and ShadowServer.”

The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the “Internet Chemotherapy” project in November 2016.

An international contingent of law-enforcement agencies on Friday dismantled the massive Andromeda malware botnet, sinkholing around 1,500 malicious domains and arresting a suspect in Belarus.

Andromeda has been active at least since 2011, and was notorious for infecting computers around the globe to form a botnet. With the help of partners—including the FBI, Microsoft, and others—Europol intercepted the internet traffic between Andromeda-infected computers and the command servers to which the malware was communicating. All that traffic was then “sinkholed” and redirected to servers under the investigators’ control, giving law enforcement a detailed view of the malware’s activities. “Andromeda was also sometimes used to download up to 80 other malware families onto infected victim computers,” according to The Shadowserver Foundation, a group of security experts that also helped dismantle the Andromeda botnet.

The Justice Department announced Monday that it had successfully targeted a man prosecutors called “one of the world’s most notorious criminal spammers,” a Russian hacker known as Peter Yuryevich Levashov, also known as Peter Severa, or “Peter of the North.” Levashov had long run the Kelihos botnet, a global network of infected computers that collectively flooded email inboxes worldwide with spam, stole banking credentials from infected users, and spread malware across the internet.

Last month, KrebsOnSecurity identified U.K. citizen Daniel Kaye as the likely real-life identity behind a hacker responsible for clumsily wielding a powerful botnet built on Mirai, a malware strain that enslaves poorly secured Internet of Things (IoT) devices for use in large-scale online attacks. Today, a German court issued a suspended sentence for Kaye, who now faces cybercrime charges in the United Kingdom.

Grasso described to the crowd how it took the efforts of the FBI, German federal police, Ukrainian law enforcement, U.S. CERT, ShadowServer and other companies to bring down Avalanche.

BLACK HAT USA – Las Vegas – Tom Grasso, unit chief of the FBI’s cyber division, took the Black Hat stage to discuss the processes and partnerships leading up to the massive Avalanche takedown in December 2016.