tag:blogger.com,1999:blog-4503292949532760618.post6839287741438076360..comments2024-03-28T13:39:27.601-07:00Comments on DSHR's Blog: You Were WarnedDavid.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4503292949532760618.post-72353151132120970732017-04-13T17:26:46.403-07:002017-04-13T17:26:46.403-07:00Cerber continues to reap the benefits of a custome...Cerber continues to reap the benefits of a <a href="https://www.theregister.co.uk/2017/04/13/ransomware_trends/" rel="nofollow">customer-friendly business model and superb customer service</a>:<br /><br />"Cerber's control of the cybercrime market rose from 70 per cent market share in January to 87 per cent in March, according to the latest cybercrime tactics report by Malwarebytes Lab."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-13324864226610114152017-03-24T14:54:13.782-07:002017-03-24T14:54:13.782-07:00John Leyden at The Register points to a Kaspersky ...John Leyden at <i>The Register</i> points to <a href="http://www.theregister.co.uk/2017/03/24/ddos_attack_business_models/" rel="nofollow">a Kaspersky report</a> on DDoS service business models and pricing:<br /><br />"The DDoS attack business has advanced to the point that running an attack can cost as little as $7 an hour, while the targeted company can end up losing thousands, if not millions of dollars.<br /><br />Kaspersky Lab’s experts were also able to calculate that an attack using a cloud-based botnet of 1,000 desktops is likely to cost the providers about $7 per hour. These services typically retail for $25 an hour, allowing cybercrooks to pocket an estimated profit of around $18 per hour.<br /><br />Crooks operating DDoS services through black market websites often offer a sophisticated service featuring convenient payment and reports about attacks, according to a new study from Kaspersky Lab. In some cases, there is even a customer loyalty programme, with clients receiving rewards or bonus points for each attack.<br /><br />Attacks are priced based on their generation as well as the source of attack traffic, among other factors. For example, a botnet made up of popular IoT devices is cheaper than a botnet of servers."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-61242017812092763852017-02-06T12:38:09.323-08:002017-02-06T12:38:09.323-08:00The competition among ransomware providers is heat...The competition among ransomware providers is heating up. Cory Doctorow at <a href="https://boingboing.net/2017/02/06/classy-ransomware-criminals-se.html" rel="nofollow"><i>Boing Boing</i></a> points to Catalin Cimpanu's <a href="https://www.bleepingcomputer.com/news/security/spora-ransomware-sets-itself-apart-with-top-notch-pr-customer-support/" rel="nofollow"><i>Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support</i></a>:<br /><br />"The Spora ransomware is slowly making a name for itself as one of the most well-run ransomware operations on the market, with a very well-designed ransom payment portal, some solid customer support, and also efforts to improve the ransomware's reputation among victims.<br /><br /><a href="https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/" rel="nofollow">Discovered at the start of the year</a>, Spora distinguishes itself from similar threats by a few features, such as the option to work offline, and a ransom payment portal that uses "credits" to manage Bitcoin fees.<br /><br />...<br /><br />The thing that stood out for us in the beginning, and is still valid even today, is that the Spora gang pays a lot of attention to customer support.<br /><br />They provide help in both English and Russian and are very attentive not to escalate conversations with angry victims, always providing appropriate and timely responses to any inquiries."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-62183288077118329322016-10-26T10:10:07.378-07:002016-10-26T10:10:07.378-07:00Steve Herrod at Recode doesn't understand the ...<a href="http://www.recode.net/2016/10/24/13387188/connected-devices-hacking-internet-manufacturers-security" rel="nofollow">Steve Herrod at <i>Recode</i></a> doesn't understand the economics of the IoT when he writes:<br /><br />"Device manufacturers should be held accountable for their devices’ behaviors out in the wild. Without clear accountability, we’re going to continue shipping easy-to-use yet wildly vulnerable devices. Examples of manufacturer requirements should include:<br /><br />* An end to common default passwords. ...<br />* Impactful alerts for vulnerabilities. ...<br />* Self-patching software. ...<br />* Information sharing. ...<br /><br />Once upon a time, the prevailing idea was that stringent standards and regulation would stifle the promise of the internet. But as attacks like the ones against Dyn’s DNS service are illustrating, the promise of the internet might very well depend on them."<br /><br />These would be good but they all increase costs. These devices are built by the Chinese and bought by consumers. Its a low-margin business with uneducated consumers. And because of the huge numbers, you need to get extraordinarily high conformance. Just replacing 99% of the devices that are already out there would be close to impossible.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-90719160171244416252016-10-25T21:41:17.569-07:002016-10-25T21:41:17.569-07:00More details on the Dyn attack from Sean Gallagher...<a href="http://arstechnica.com/information-technology/2016/10/inside-the-machine-uprising-how-cameras-dvrs-took-down-parts-of-the-internet/" rel="nofollow">More details on the Dyn attack</a> from Sean Gallagher at <i>Ars Technica</i>:<br /><br />"The reason XiongMai's firmware is such an easy target for Mirai is that it includes a setup interface that is essentially a hard-coded "backdoor"—an unchangeable administrative username and password, common across entire lines of devices. While the user can set their own credentials, the default credentials are hard-coded into the firmware."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com