Media Coverage

Sergey Yarets, also known as Ar3s, a hacker arrested last year for running an instance of the Andromeda botnet, was released by Belarusian authorities with nothing more than a slap on the wrist. Authorities dropped all charged after Yarets cooperated with investigators, and after he handed over all the profits he made from renting the Andromeda botnet to other cybercriminals. The sum accounted to around 11,000 Belarusian rubles (~$5,400).

In an amusingly told, but ultimately worrying presentation Mirko Manske, first detective chief inspector from the German Federal Criminal Police Office detailed how he – and a cast of what seemed like thousands, tracked down and ultimately incarcerated the cyber-criminal who caused telecom services to crash for 1.2 million Deutsche Telekom users.

Everyone is talking about VPNFilter, but there is little information to know if my customers, my staff, or my own home is at risk? How do can I get plugged in? Understanding if you are at risk would be helpful to know if you need to drop everything and fix it now, fix it this weekend, or not worry about a fix.

The Justice Department announced Wednesday that it had seized an internet domain that’s at the center of a Kremlin-backed hacking campaign, largely thwarting the potential weaponization of a network of more than half a million web-connected devices across the globe, experts say. The network of infected devices, or botnet, was one of the largest of its kind, cybersecurity experts say, and capable of intelligence gathering as well as disruptive denial-of-service attacks, which could have cut off internet access to hundreds of thousands of people. The Shadowserver Foundation, will work to scrub and restore them, the Justice Department said.

If you’ve been reading the news lately, you might have seen headlines like “FBI to America: Reboot Your Routers, Right Now” or “F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware”. These headlines can be pretty alarming, and you may find yourself thinking, “things must be pretty bad if the FBI is putting out such an urgent warning.”

The FBI is urging small businesses and households to immediately reboot routers following Cisco’s report that 500,000 infected devices could be destroyed with a single command.

The FBI has seized control of a key domain used to control routers infected with  ‘VPNFilter’ malware that US and Ukraine has attributed to Kremlin-backed hackers. The Justice Department on Wednesday announced the seizure of a single domain, toknowall[.]com, which served as part of the command and control infrastructure used by VPNFilter, the router malware revealed by Cisco’s Talos Intelligence on Wednesday.  The FBI on Tuesday convinced a magistrate to issue a seizure warrant ordering domain registrar Verisign to hand control of the web address to the FBI. The seized domain allows the FBI to capture the IP addresses of infected routers. Non-profit security group, The Shadowserver Foundation, will distribute the IP addresses to various CERTs and ISPs in the US and abroad.

Researchers have severed a link between criminals running the ElTest malware distribution network and computers they infected with ransomware and banking trojans. Researchers at Proofpoint, abuse.ch and brilliantit.com have “sinkholed” ElTest, breaking a large network of legitimate but compromised websites that was capable of conducting two million redirects per day to various exploit kits. The attacks targeted Chrome desktop and Chrome on Android, Internet Explorer, and Firefox browsers.  Abuse.ch is alerting national CERTs around the world while ShadowServer is informing network operators.

What are you doing to prepare for the next “scanning malware” and “Internet Worm?