Cyber News Rundown: DemonBot Rising
DemonBot Botnet Gaining Traction
DemonBot, while not the most sophisticated botnet discovered to date, has seen a significant rise in usage over the last week. With the ability to take control of Hadoop cloud frameworks, DemonBot has been using the platform to carry out DDoS attacks across the globe. By exploiting Hadoop’s resource management functionality, the infection can quickly spread itself and allows for remote code execution on affected servers.
Cyber Attack Leaves Pakistani Bank Under Scrutiny
Bank Islami, one of the largest banks in Pakistan, announced that an unusual attack had occurred involving local cards used far outside of the country’s borders. While the bank was quick to return the funds removed from customer’s accounts, the remainder of the malicious transactions processed internationally have the bank being on the hook for nearly $6 million in phony withdrawals, mainly in the US and Brazil. Unfortunately, due to a lack of information regarding the malicious transactions, several other top banks in the country were forced to temporarily restrict international purchases to protect their own clients.
UK Industrial Credentials for Sale
Researchers recently discovered the credentials for over 600,000 individuals, all closely tied to construction or building firms, available for sale on the dark web. Presently it appears that the credentials were all compromised during breaches involving third-parties users would have given corporate email into, rather than specific breaches for the industry group. Fortunately, it appears there haven’t been any related breaches thus far, though this type of data could lead to additional sensitive information being stolen.
Ransomware Demands RDP Access to Encrypted System
A new ransomware variant has been making an unusual request from its victims: allowing remote desktop access in order to decrypt their files. Dubbed CommonRansom, due to the appended extension on the encrypted files, the variant also demands a 0.1 Bitcoin payment before making the request for administrator credentials to the victim’s computer. Even though this variant isn’t widespread, it does appear to be using a similar Bitcoin wallet as other infections, as 65 Bitcoins were recently sent from the designated wallet.
USGS Auditors Find Porn-related Malware on Government Network
Following a recent audit of the US Geological Survey, agency inspectors discovered Russian malwarecirculating the internal network and were able to trace it back to one employee who had visited over 9,000 pornographic websites from his government-issued computer. The employee was also found to be