Deconstructing Defray777 Ransomware
Contributors: Sebastiano Mariani • Stefano Ortolani • Baibhav Singh • Giovanni Vigna • Jason Zhang • Brian Baskin • George Allen • Scott Knight
Recently, reports surfaced describing ransomware attacks targeting VMware ESXi servers. While many of these attacks were initially based upon credential theft, the goal was to unleash one of a series of ransomware families, including Defray777 and Darkside, to encrypt the files associated with virtualized hosts.
These families of ransomware are related to examples that the VMware Threat Research teams had seen previously in the wild. Specifically, based upon their ransom notes and file extensions, they appeared to be variants of the RansomEXX ransomware family. In the second half of 2020 these variants of ransomware, including Defray777, have been witnessed targeting both Windows and Linux systems.
These attacks also leveraged several ancillary tools such as downloaders, RATs, and exploitation tools to obtain initial access to a system and spread within the target network.
In the following, we provide a technical description of the Defray777 ransomware and a brief discussion of the other components that have been observed in combination with this malware sample.
What is Defray777?
The version of Defray777 analyzed here is a Linux-based, command-line driven ransomware attack that employs Continue reading
SuzieQ with Dinesh Dutt and Justin Pietsch
In this episode, we talk with Dinesh Dutt, former Cisco Fellow & Cumulus Chief Scientist, and Justin Pietsch, former AWS veteran, about SuzieQ. SuzieQ is an open source network observability platform they launched last year. We talk about the general problem space of network monitoring and how the industry needs better tools to understand operational state data.
Reference Links:
- https://github.com/netenglabs/suzieq
- https://suzieq.readthedocs.io/en/latest/
- https://elegantnetwork.github.io/index.html
Dinesh Dutt
Guest
Justin Pietsch
Guest
Jason Edelman
Host
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post SuzieQ with Dinesh Dutt and Justin Pietsch appeared first on Network Collective.
ARMs Race: Ampere Altra takes on the AWS Graviton2
Over three years ago, we embraced the ARM ecosystem after evaluating the Qualcomm Centriq. The Centriq and its Falkor cores delivered a significant reduction in power consumption while maintaining a comparable performance against the processor that was powering our server fleet at the time. By the time we completed porting our software stack to be compatible with ARM, Qualcomm decided to exit the server business. Since then, we have been waiting for another server-grade ARM processor with hopes to improve our power efficiencies across our global network, which now spans more than 200 cities in over 100 countries.
ARM has introduced the Neoverse N1 platform, the blueprint for creating power-efficient processors licensed to institutions that can customize the original design to meet their specific requirements. Ampere licensed the Neoverse N1 platform to create the Ampere Altra, a processor that allows companies that own and manage their own fleet of servers, like ourselves, to take advantage of the expanding ARM ecosystem. We have been working with Ampere to determine whether Altra is the right processor to power our first generation of ARM edge servers.
The AWS Graviton2 is the only other Neoverse N1-based processor publicly accessible, but only made Continue reading
Topology- and Congestion-Driven Load Balancing
When preparing an answer to an interesting idea left as a comment to my unequal-cost load balancing blog post, I realized I never described the difference between topology-based and congestion-driven load balancing.
To keep things simple, let’s start with an easy leaf-and-spine fabric:
About the March 8 & 9, 2021 Verkada camera hack
Cloudflare uses a vendor called Verkada for cameras in our offices in San Francisco, Austin, New York, London and Singapore. These cameras are used at the entrances, exits and main thoroughfares of our offices and have been part of maintaining the security of offices that have been closed for almost a year.
Yesterday, we were notified of a breach of Verkada that allowed a hacker to access Verkada’s internal support tools to manage those cameras remotely, as well as access them through a remote root shell. As soon as we were notified of the breach, we proceeded to shut down the cameras in all our office locations to prevent further access.
To be clear: this hack affected the cameras and nothing else. No customer data was accessed, no production systems, no databases, no encryption keys, nothing. Some press reports indicate that we use a facial recognition feature available in Verkada. This is not true. We do not.
Our internal systems follow the same Zero Trust model that we provide to our customers, and as such our corporate office networks are not implicitly trusted by our other locations or data centers. From a security point of view connecting from one of Continue reading
80/20 Rule For SaaS and IaaS
In this episode we discuss the 80/20 rule for SaaS and IaaS, what it is according to Vince, and why you should care. Is this a temporary phenomenon due to the pandemic and WFH or is it how we should view WAN traffic from now on? We’ll answer that question and more in this episode.
Reference Links:
Brandon Carroll
Host
Phil Gervasi
Host
Vince Berk
Host
The post 80/20 Rule For SaaS and IaaS appeared first on Network Collective.
Day Two Cloud 088: The Tech Recruiter – Friend Or Foe?
Our guest is Taylor Desseyn, Sr. Recruiter Advocate at Vaco. Taylor knows tech recruiting forwards and backwards. He gives us an insider's view of how recruiters look at you and how you should look at them to maximize the benefit of the relationship. Because it IS a relationship. And like any relationship, you need to work at it.Day Two Cloud 088: The Tech Recruiter – Friend Or Foe?
Our guest is Taylor Desseyn, Sr. Recruiter Advocate at Vaco. Taylor knows tech recruiting forwards and backwards. He gives us an insider's view of how recruiters look at you and how you should look at them to maximize the benefit of the relationship. Because it IS a relationship. And like any relationship, you need to work at it.
The post Day Two Cloud 088: The Tech Recruiter – Friend Or Foe? appeared first on Packet Pushers.
When Domain Names Speculators Become Too Big ?
What happens when easy money from domain speculation gets into running registrars ?
Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections
By Electronic Frontier Foundation, Mozilla, and The Internet Society
As people learn more about how companies like Google and Facebook track them online, they are taking steps to protect themselves. But there is one relatively unknown way that companies and bad actors can collect troves of data.
Internet Service Providers (ISPs) like Comcast, Verizon, and AT&T are your gateway to the Internet. These companies have complete, unfettered, and unregulated access to a constant stream of your browsing history that can build a profile that they can sell or otherwise use without your consent.
Last year, Comcast committed to a broad range of DNS privacy standards. Companies like Verizon, AT&T, and T-Mobile, which have a major market share of mobile broadband customers in the U.S., haven’t committed to the same basic protections, such as not tracking website traffic, deleting DNS logs, or refusing to sell users’ information. What’s more, these companies have a history of abusing customer data. AT&T, Sprint, and T-Mobile, sold customer location data to bounty hunters, and Verizon injected trackers bypassing user control.
Every single ISP should have a responsibility to protect the privacy of its users – and as mobile internet access continues Continue reading
“It Only Took 22 Years to Get an Education”
Note: This Post was written by Fish’s Mom, Dr Patricia Fishburne No one in my family had gone to college and, having married at 18, there seemed little likelihood that I would either. My husband, on the other hand, had... Read More ›
The post “It Only Took 22 Years to Get an Education” appeared first on Networking with FISH.
Azure Route Server: The Challenge
Imagine you decided to deploy an SD-WAN (or DMVPN) network and make an Azure region one of the sites in the new network because you already deployed some workloads in that region and would like to replace the VPN connectivity you’re using today with the new shiny expensive gadget.
Everyone told you to deploy two SD-WAN instances in the public cloud virtual network to be redundant, so this is what you deploy:
