botnet (6)

Summary Beginning in August of 2017, a new cryptocurrency mining botnet, dubbed Smominru, started propagating via the recently leaked Eternal Blue exploit. Smominru, aka MyKings, is characterized by the targeting of Windows systems using WMI as a file-less persistence mechanism. As of March 2019, Smominru showed no signs of slowing down. Wapack Labs has identified approximately 316K victims connecting to Smominru infrastructure over a period of 6 days. This report provides a high-level overview…
Mikrotik is a Latvian router and is popular hardware product in many countries. Beginning in 2018, attackers began exploiting vulnerabilities for Mikrotik routers, as well as attempting brute force attacks. As a result, compromised Mikrotik routers have since been leveraged in a host of botnet related activities and fraud. Many of the compromised Mikrotik devices were also made into SOCKS or HTTP proxies and were reported in a number anonymous proxy lists. In March of 2019, Wapack Labs…
On 13 February 2019, Bank of Valletta (BOV) employees discovered the hackers' intrusion and temporarily shut down all BOV IT systems. Wapack Labs analysis shows a continued heightened risk for BOV - primarily due exposed plain text employees’ passwords, signs of botnet connections from the BOV networks, incoming malicious emails, to inherent industry targeting, and a shared IT infrastructure with a French shipping company
ProxyLTE, a supplier of US based mobile and home router proxies, has been identified as one component in a large-scale fraud, targeting a Wapack Labs’ client. ProxyLTE.com was created in late 2017, however associated malware was first observed in 2013. This report includes details on ProxyLTE malware and associated infrastructure.

2019 Cyber Security Threat and Vulnerability Predictions

This report outlines our predictions regarding cyber threats and vulnerabilities for 2019.  We base those on the trends Wapack Labs were observing during 2018.  The main topics are artificial intelligence, IoT and mobile, cryptocurrency cybercrime, APT activity, and eCommerce targeting.

  1. Smarter Computing: Swarm, AI and Quantum

Quantum Computing