Phorpiex-Powered BitRansomware Targets APAC Universities

By: Jason Zhang, Stefano Ortolani – VMware Threat Analysis Unit

BitRansomware (also known as DCryptSoft or Readme) is a — you guessed it — ransomware program that first surfaced in July 2020. Initially targeting English-speaking users¹ this threat actor recently expanded its attack to the APAC region, focusing in particular on universities in Japan and Hong Kong.

The BitRansomware malware encrypts victims’ files and then appends the suffix .ReadMe to each filename. Like the Nemty ransomware attack we reported on earlier this year², the BitRansomware attack was delivered via a massive email campaign carried out again by the Phorpiex botnet^3,4. The malspam campaign distributed a swarm of ZIP archive files containing ransomware downloaders in malicious executables.

In this blog post, we detail some of VMware NSX’s telemetry around the magnitude of the BitRansomware campaign, and we then provide a brief overview of the most distinctive aspects of the attack.

The Spam Campaign

The chart below shows the detection timeline of the campaign as it affected some of our customers in the APAC region. As we can see, the campaign started on November 3, and peaked at over 28,000 email instances on November 4 before Continue reading

FRR

docker run --rm -d --privileged --name frr sflow/frr

docker exec frr vtysh -c "show running-config"

Building configuration...

Current configuration:
!
frr version 7.5_git
frr defaults traditional
hostname ed9e435c6f3d
no ipv6 forwarding
log stdout
!
router bgp 65000
 bgp router-id 0.0.0.1
 neighbor 192.168.65.2 remote-as 65001
 neighbor 192.168.65.2 port 1179
 neighbor 192.168.65.2 ebgp-multihop 255
 neighbor 192.168.65.2 timers connect 10
 !
 address-family ipv4 unicast
  neighbor 192.168.65.2 route-map ALLOW-ALL in
  neighbor 192.168.65.2 route-map ALLOW-ALL out
 exit-address-family
 !
 address-family ipv4 flowspec
  neighbor 192.168.65.2 activate
  neighbor 192.168.65.2 route-map ALLOW-ALL in
  neighbor 192.168.65.2 route-map ALLOW-ALL out
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor 192.168.65. Continue reading

Connecting Indigenous Communities: An Urgent Call for Inclusivity, Ownership, and Affordability

In October, we held the 2020 edition of Indigenous Connectivity Summit (ICS). Over the last four years, this summit has become a hallmark event for Indigenous network operators, leaders, community members, and others to come together to discuss the unique opportunities and challenges Indigenous communities face when campaigning for quality and affordable Internet access, and to build relationships with like-minded communities across North America.

In addition to the summit itself, for six weeks prior to the event participants in the ICS Policy and Advocacy training program led the development of a set of policy recommendations. These were then elaborated on, reviewed, and endorsed by summit participants, and they will now help both the Internet Society and the Indigenous communities who created them to advocate for policies that will help the United States and Canada move closer to digital equity.

We know that these recommendations really do make a difference. In 2019, our policy recommendations and organized advocacy efforts affected real change. The Federal Communications Commission in the U.S. was about to launch a spectrum auction and include a Tribal Priority Window so Indigenous communities could apply for the rights to the airwaves over their lands. The Tribal Priority Window Continue reading

Pluribus Rings Out 2020 on a High Note: DCS Awards’ ‘Edge Computing Innovation of the Year’

Announcing Workplace Records for Cloudflare for Teams

We wanted to close out Privacy & Compliance Week by talking about something universal and certain: taxes. Businesses worldwide pay employment taxes based on where their employees do work. For most businesses and in normal times, where employees do work has been relatively easy to determine: it's where they come into the office. But 2020 has made everything more complicated, even taxes.

As businesses worldwide have shifted to remote work, employees have been working from "home" — wherever that may be. Some employees have taken this opportunity to venture further from where they usually are, sometimes crossing state and national borders.

In a lot of ways, it's gone better than expected. We're proud of helping provide technology solutions like Cloudflare for Teams that allow employees to work from anywhere and ensure they still have a fast, secure connection to their corporate resources. But increasingly we've been hearing from the heads of the finance, legal, and HR departments of our customers with a concern: "If I don't know where my employees are, I have no idea where I need to pay taxes."

Today we're announcing the beta of a new feature for Cloudflare for Teams to help solve this problem: Continue reading

2021 Will Be the Year of Data Center Resiliency: Plan Now

IPv6 Buzz 066: Is IPv6 Baked Enough?

Today's IPv6 Buzz podcast tackles the question of IPv6 maturity, how much change we might expect to the protocol going forward, the standards process, and more. Our guest is Russ White, Infrastructure Architect at Juniper Networks. Russ is an author, speaker, and chairs two IETF working groups.

The post IPv6 Buzz 066: Is IPv6 Baked Enough? appeared first on Packet Pushers.

IPv6 Buzz 066: Is IPv6 Baked Enough?

Cloudflare Certifications

At Cloudflare, we prioritize initiatives that improve the security and privacy of our products and services. The security organization believes trust and transparency are foundational principles that are ingrained in what we build, the policies we set, and the data we protect. Many of our enterprise customers have stringent regulatory compliance obligations and require their cloud service providers like ourselves to provide assurance that we meet and exceed industry security standards. In the last couple of years, we’ve decided to invest in ways to make the evaluation of our security posture easier. We did so not only by obtaining recognized security certifications and reports in an aggressive timeline, but we also built a team that partners with our customers to provide transparency into our security and privacy practices.

Security Certifications & Reports

We understand the importance of providing transparency into our security processes, controls, and how our customers can continuously rely on them to operate effectively. Cloudflare complies with and supports the following standards:

SOC-2 Type II / SOC 3 (Service Organizations Controls) - Cloudflare maintains SOC reports that include the security, confidentiality, and availability trust principles. The SOC-2 report provides assurance that our products and underlying infrastructure are secure Continue reading

Learning Networking Fundamentals at University?

One of my readers sent me this interesting question:

It begs the question in how far graduated students with a degree in computer science or applied IT infrastructure courses (on university or college level or equivalent) are actually aware of networking fundamentals. I work for a vendor independent networking firm and a lot of my new colleagues are college graduates. Positively, they are very well versed in automation, scripting and other programming skills, but I never asked them what actually happens when a packet traverses a network. I wonder what the result would be…

I can tell you what the result would be in my days: blank stares and confusion. I “enjoyed” a half-year course in computer networking that focused exclusively on history of networking and academic view of layering, and whatever I know about networking I learned after finishing my studies.

Learning Networking Fundamentals at University?

One of my readers sent me this interesting question:

It begs the question in how far graduated students with a degree in computer science or applied IT infrastructure courses (on university or college level or equivalent) are actually aware of networking fundamentals. I work for a vendor independent networking firm and a lot of my new colleagues are college graduates. Positively, they are very well versed in automation, scripting and other programming skills, but I never asked them what actually happens when a packet traverses a network. I wonder what the result would be…

I can tell you what the result would be in my days: blank stares and confusion. I “enjoyed” a half-year course in computer networking that focused exclusively on history of networking and academic view of layering, and whatever I know about networking I learned after finishing my studies.

Docker CLI Cheat Sheet

5G-frequency auction prompts $2 billion in bids on the first day

Licenses for premium wireless bandwidth sought by service providers to build out high-performance 5G networks is being auctioned off by the Federal Communications Commission, potentially grossing up to $50 billion and enabling features that enterprises desire most. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The spectrum on the block is a piece of what’s known as the C-band, specifically the 280MHz-wide swath of it from 3.7GHz to 3.98GHz. It provides wider channels that support faster connections and lower latency than other ranges available to carriers, analysts say.To read this article in full, please click here