Another day, another Canadian institution hacked. This recent attack was against two Children’s Aid Societies in Ontario who were hit with ransomware. Hackers have no shame.
Another day, another Canadian institution hacked. This recent attack was against two Children’s Aid Societies in Ontario who were hit with ransomware. Hackers have no shame.
One organization ended up paying $5,000 while the other escaped without paying ransom—after incurring an estimated $100,000 in recovery costs (thankfully they were insured).
These recent incidents are a stark reminder that, to a hacker, data is data, and organizations of all types are a target.
On that happy note, let’s take a look at the top 10 domains/threats that we blocked via D-Zone DNS Firewall last week. We aren’t suggesting that the ransomware above used a click-vector to initiate the hack, but use it to continue to underscore the threats out there.
|
Domain Name |
Category |
Threat Type |
|
ns5.wowrack.com |
BLOCK |
Mirai |
|
ns6.wowrack.com |
BLOCK |
Mirai |
|
xkiller.no-ip.info |
BLOCK |
Bifrose |
|
superyou.zapto.org |
BLOCK |
Spybot |
|
pixeldgarui.xyz |
BLOCK |
Malware Call Home |
|
redwassheptal.com |
BLOCK |
Malware Call Home |
|
peer.pickeklosarske.ru |
BLOCK |
Palevo |
|
juice.losmibracala.org |
BLOCK |
Palevo |
|
jebena.ananikolic.su |
BLOCK |
Palevo |
|
losmibracala.org |
BLOCK |
Palevo |
At the top of the podium is perennial top 10 player(s), Mirai. The bronze medal went to a new entrant to the list, Bifrose. Bifrose is commonly downloaded from the internet along with other programs and provides a backdoor to allow a remote user to gain control of an infected system. Some variants have rootkit capabilities. For those who don’t know, when you see the word rootkit you generally need to worry because it is a form of malware that is more difficult to find and remove. Traditionally, the best advice is to execute a low-level format and re-install. I highly recommend this technique as, like polio, this kind of infection may be rare today (because of technical reasons) but if you’re affected it can be a serious problem.
The second new entrant to the top 10 list is Spybot. It is one of the largest family of worms that perform malicious actions on windows machines. This is not to be confused with the popular Spybot search and destroy tool. The malware is generally contracted through file sharing and it works by modifying the registry to run when the computer is booted. From here it can allow access to the infected machine to perform a wide variety of bad things – including key logging.
Malware Call Home and Palevo fill out the rest of the top 10, the former is malware already on the network attempting to talk to command and control servers while the latter is one of the worst pieces of malware out there.
As you can see, malware is constantly evolving, and hackers don’t pick favourites. Safe surfing and make sure you add more layers to your defence!
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.
