Tag Archives: google

Mirai IoT Botnet Co-Authors Plead Guilty

December 13, 2017

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Reaper: Calm Before the IoT Security Storm?

October 23, 2017

It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks.

Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already.

Reaper isn’t attacking anyone yet. For the moment it is apparently content to gather gloom to itself from the darkest reaches of the Internet. But if history is any teacher, we are likely enjoying a period of false calm before another humbling IoT attack wave breaks.

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet

August 28, 2017

A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks.

Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat.

Flash Player is Dead, Long Live Flash Player!

August 2, 2017

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020.

Porn Spam Botnet Has Evil Twitter Twin

July 16, 2017

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of more than 80,000 automated female Twitter accounts has been pimping the same dating scheme and ginning up millions of clicks from Twitter users in the process.

Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday

May 9, 2017

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs.

Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.

How Google Took on Mirai, KrebsOnSecurity

February 3, 2017

The third week of September 2016 was a dark and stormy one for KrebsOnSecurity. Wave after wave of huge denial-of-service attacks flooded this site, forcing me to pull the plug on it until I could secure protection from further assault. The site resurfaced three days later under the aegis of Google’s Project Shield, an initiative which seeks to protect journalists and news sites from being censored by these crippling digital sieges.

Damian Menscher, a Google security engineer with whom I worked very closely on the migration to Project Shield, spoke publicly for the first time this week about the unique challenges involved in protecting a small site like this one from very large, sustained and constantly morphing attacks.

Akamai on the Record KrebsOnSecurity Attack

November 22, 2016

Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated.

The Democratization of Censorship

September 25, 2016

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it”. This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.

However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely powerful cyber weapons with transnational reach.