Net Concepts with Aaron Wagner

Ep. 7 The evolution of recent Cyber attacks and why they are changing


Introducing Hendrick Naranjo from Synchronoss Technologies as our newest co-host. Hendrick is an up and coming cyber security expert and was an important part of my team building a security program. This is his very first podcast so this will be a short and to the point podcast. Thank you and stay tuned for excellent content headed your way!

Ransomware gangs add DDoS attacks to their extortion arsenal

Things you can do?

https://www.cloudflare.com/ddos/

Lower your risk (offload email, lower the value off the data)

Avoid being attacked in the first place! Take the steps to protect your company.

Enforce remote access IP limits

https://www.bleepingcomputer.com/news/security/ransomware-gangs-add-ddos-attacks-to-their-extortion-arsenal/

New service checks if your email was used in Emotet attacks

“When infected, Emotet will steal a victim's email and transmit it back to servers under the attacker's control. These emails will then be used as part of future spamming campaigns to make the malicious spam look legitimate.

Over time, the Emotet trojan will download and install other malware such as TrickBot and QakBot on an infected user's computer. These trojans are known to lead to ransomware attacks by the operators of Ryuk, Conti, and ProLock.”

https://www.haveibeenemotet.com/

It is important to note the compound nature of ransomware attacks lately.

https://www.bleepingcomputer.com/news/security/new-service-checks-if-your-email-was-used-in-emotet-attacks/

Spammers add random text to shortened links to evade detection

But, the structure of the hardcoded URLs includes a gibberish "userinfo" part right before the domain name, to give off the impression these are different URLs.

Therefore, for example, if an enterprise security product was previously blocking the malicious link https://j[.]mp/kassaasdskdd it isn't clear if the product would also interpret something like https://nonsensical-text@j[.]mp/kassaasdskdd in the same manner and block it too.

https://www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/

All Episodes