Tag Archives: Compromised

Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain

  • ESET Research has released its deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing – Ebury group with their malware and botnet.
  • Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.
  • Ebury actors have been pursuing monetization activities subsequent to our 2014 publication on Operation Windigo, including the spread of spam, web traffic redirections, and credential stealing.
  • Additionally, ESET has confirmed that operators are also involved in cryptocurrency heists.
  • In many cases, Ebury operators were able to gain full access to large servers of ISPs and well-known hosting providers.

BRATISLAVA, Slovakia,


Source link

Raft of Australian companies compromised in hosting service hack

Raft of Australian companies compromised in hosting service hack

The Black Basta ransomware gang has posted details of a hack affecting nearly a dozen Australian organisations.

A ransomware gang has posted dozens of Australian passports and driver’s licenses to the dark web after apparently compromising a cloud-based hosting service.

The Black Basta gang has not disclosed who the hosting service is, however, referring to the victim only as “hvd.host”.

What the gang has shared, however, is a list of mostly Australian businesses whose data the gang is threatening to publish if a ransom isn’t paid by March 9. Thirteen companies are listed by the gang.

Black Basta listed the companies by their websites as…


Source link

Trend Micro Research Finds Both On-Premise and Cloud-based Servers Compromised by Criminal Underground

DALLAS, Sept. 1, 2020 /PRNewswire/ — Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today released research that states organizations’ on-premise and cloud-based servers are compromised, abused and rented out as part of a sophisticated criminal monetization lifecycle.

The findings come from the second of a three-part report series looking at how the underground hosting market operates. The findings show that cryptocurrency mining activity should be the indicator for IT security teams to be on high alert.

While cryptomining may not cause disruption or financial losses on its own, mining software is usually deployed to monetize compromised servers that are sitting idle while criminals plot larger money-making schemes. These include exfiltrating…


Source link