DNS

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

As all initial-access threats go, SocGholish is among the trickiest. It often comes disguised as software updates, deceiving victims into downloading a malicious payload that could eventually lead to more lethal cyber attacks. In fact, researchers at ReliaQuest found evidence that an initial SocGholish malware distribution was intended to deploy ransomware.

Profiling a Massive Portfolio of Domains Involved in Ransomware Campaigns

Security researcher Dancho Danchev discovered a portfolio of domains and IP addresses used by known threat actors in ransomware campaigns. The said portfolio consists of 62,763 domain names and 810 IP addresses. We analyzed a sample of these malicious properties using TIP and found that:

Verisign Domain Name Industry Brief: 350.4 Million Domain Name Registrations in Q4 2022

Today, Verisign released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2022 closed with 350.4 million domain name registrations across all top-level domains (TLDs), an increase of 0.5 million domain name registrations, or 0.1%, compared to the third quarter of 2022. Domain name registrations have increased by 8.7 million, or 2.6%, year over year.

The Fight Against Hive Ransomware May Not Be Done as Yet-Unidentified Artifacts Show

The Hive Ransomware Group has had more than 1,500 victims across more than 80 countries worldwide. They attacked hospitals, school districts, financial firms, and critical infrastructure until the U.S. Department of Justice (DOJ) disrupted their operations. Have we seen the fall of the group's entire infrastructure?

Workshop Report Published: State of the DNS in 2022

In November 2022, eco's topDNS Initiative invited about 30 experts, including representatives of three different Directorate Generals by the EU Commission, to a workshop in Brussels to work together on a secure future for the DNS (Domain Name System). The topDNS Initiative has now published its 28-page final report.

Catching Batloader Disguised as Legit Tools through Threat Vector Identification

Putting on a mask on malware has always worked to trick users into downloading them, and the threat actors behind Batloader banked on just that. Trend Micro researchers tracked and analyzed Batloader-related developments toward the end of 2022.

Tracing Connections to Rogue Software Spread through Google Search Ads

Taking control of victims' accounts is typically the end goal of many cybercriminals, and they never cease to come up with wily ways to do so. Bleeping Computer researchers recently spotted hackers spreading malware mayhem through Google search ads supposedly pointing to open-source software download sites.

Malware Persistence versus Early Detection: AutoIT and Dridex IoC Expansion Analysis

AutoIT-compiled malware and Dridex trace their roots to as far back as 2008 and 2014, respectively. As malware variants go, therefore, they've both had a long history and taken on various forms over time. But despite having been detected and consequently blocked with each new version, they're still alive and kicking -- a testament to their persistence.

Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them

Cyber espionage group Cloud Atlas has been trailing its sights on critical infrastructure operators in countries suffering from political conflict since its discovery in 2014. Aptly nicknamed "Inception," the group's tactic of going after nations with bigger problems than cybersecurity seems to be working, as evidenced by successful intrusions over the years.

The Ultimate Solution to DNS

The COVID -- 19 pandemic saw a surge in internet traffic by as much as 60%1.Because of the greater adoption of digital technology by businesses, and the need to support a hybrid onsite-offsite workforce that's persisted, we don't expect to see internet traffic slow down to what was once considered "normal."