Phorpiex-Powered BitRansomware Targets APAC Universities

By: Jason Zhang, Stefano Ortolani – VMware Threat Analysis Unit

BitRansomware (also known as DCryptSoft or Readme) is a — you guessed it — ransomware program that first surfaced in July 2020. Initially targeting English-speaking users¹ this threat actor recently expanded its attack to the APAC region, focusing in particular on universities in Japan and Hong Kong.

The BitRansomware malware encrypts victims’ files and then appends the suffix .ReadMe to each filename. Like the Nemty ransomware attack we reported on earlier this year², the BitRansomware attack was delivered via a massive email campaign carried out again by the Phorpiex botnet^3,4. The malspam campaign distributed a swarm of ZIP archive files containing ransomware downloaders in malicious executables.

In this blog post, we detail some of VMware NSX’s telemetry around the magnitude of the BitRansomware campaign, and we then provide a brief overview of the most distinctive aspects of the attack.

The Spam Campaign

The chart below shows the detection timeline of the campaign as it affected some of our customers in the APAC region. As we can see, the campaign started on November 3, and peaked at over 28,000 email instances on November 4 before Continue reading

Expanding Docker’s Developer Preview Program

Back in April, we did a limited launch of a Desktop Developer Preview Program, an early access program set up to enable Docker power-users to test, experiment with and provide feedback on new unreleased features on Docker Desktop. The aim was to empower the community to work in lock-step with Docker engineers and help shape our product roadmap.

For this first phase of the program, we limited the program to a small cohort of community members to test the waters and gather learnings as we planned to roll-out a full-fledged program later in the year. 

Today, we’re thrilled to announce the official launch of the program, renaming it the Docker Developer Preview Program and broadening its scope to also include Docker Engine on Linux. 

What are the benefits of joining the program?

First and foremost, this is an opportunity for anyone in the community to help shape and improve the experience of millions of Docker users around the world. As a member, you get direct access to the people who are building our products everyday: our engineering team, product managers, community leads etc… Through the program’s private Slack channel, you get to share your feedback, tell us Continue reading

FRR

docker run --rm -d --privileged --name frr sflow/frr

docker exec frr vtysh -c "show running-config"

Building configuration...

Current configuration:
!
frr version 7.5_git
frr defaults traditional
hostname ed9e435c6f3d
no ipv6 forwarding
log stdout
!
router bgp 65000
 bgp router-id 0.0.0.1
 neighbor 192.168.65.2 remote-as 65001
 neighbor 192.168.65.2 port 1179
 neighbor 192.168.65.2 ebgp-multihop 255
 neighbor 192.168.65.2 timers connect 10
 !
 address-family ipv4 unicast
  neighbor 192.168.65.2 route-map ALLOW-ALL in
  neighbor 192.168.65.2 route-map ALLOW-ALL out
 exit-address-family
 !
 address-family ipv4 flowspec
  neighbor 192.168.65.2 activate
  neighbor 192.168.65.2 route-map ALLOW-ALL in
  neighbor 192.168.65.2 route-map ALLOW-ALL out
 exit-address-family
 !
 address-family ipv6 unicast
  neighbor 192.168.65. Continue reading

Connecting Indigenous Communities: An Urgent Call for Inclusivity, Ownership, and Affordability

In October, we held the 2020 edition of Indigenous Connectivity Summit (ICS). Over the last four years, this summit has become a hallmark event for Indigenous network operators, leaders, community members, and others to come together to discuss the unique opportunities and challenges Indigenous communities face when campaigning for quality and affordable Internet access, and to build relationships with like-minded communities across North America.

In addition to the summit itself, for six weeks prior to the event participants in the ICS Policy and Advocacy training program led the development of a set of policy recommendations. These were then elaborated on, reviewed, and endorsed by summit participants, and they will now help both the Internet Society and the Indigenous communities who created them to advocate for policies that will help the United States and Canada move closer to digital equity.

We know that these recommendations really do make a difference. In 2019, our policy recommendations and organized advocacy efforts affected real change. The Federal Communications Commission in the U.S. was about to launch a spectrum auction and include a Tribal Priority Window so Indigenous communities could apply for the rights to the airwaves over their lands. The Tribal Priority Window Continue reading

Pluribus Rings Out 2020 on a High Note: DCS Awards’ ‘Edge Computing Innovation of the Year’

Taking The Pulse Of The Core HPC Market

Since a big chunk of the IBM HPC team moved over to Lenovo as part of the System x division being acquired by Lenovo back in late 2014, which coincided when we started The Next Platform, we have made a habit of talking to Scott Tease, executive director of high performance computing at Lenovo to take the pulse of the volume segment of the HPC space. …

Taking The Pulse Of The Core HPC Market was written by Timothy Prickett Morgan at The Next Platform.

HPC Does A Cannonball Into HPE’s GreenLake

Peter Ungaro, senior vice president and general manager of HPC and mission critical solutions at Hewlett Packard Enterprise and longtime CEO of supercomputer Cray before HPE bought the company for $1.3 billion in 2019, spoke with The Next Platform earlier this year about the dawning exascale era the world is about to step into. …

HPC Does A Cannonball Into HPE’s GreenLake was written by Jeffrey Burt at The Next Platform.

Announcing Workplace Records for Cloudflare for Teams

We wanted to close out Privacy & Compliance Week by talking about something universal and certain: taxes. Businesses worldwide pay employment taxes based on where their employees do work. For most businesses and in normal times, where employees do work has been relatively easy to determine: it's where they come into the office. But 2020 has made everything more complicated, even taxes.

As businesses worldwide have shifted to remote work, employees have been working from "home" — wherever that may be. Some employees have taken this opportunity to venture further from where they usually are, sometimes crossing state and national borders.

In a lot of ways, it's gone better than expected. We're proud of helping provide technology solutions like Cloudflare for Teams that allow employees to work from anywhere and ensure they still have a fast, secure connection to their corporate resources. But increasingly we've been hearing from the heads of the finance, legal, and HR departments of our customers with a concern: "If I don't know where my employees are, I have no idea where I need to pay taxes."

Today we're announcing the beta of a new feature for Cloudflare for Teams to help solve this problem: Continue reading

2021 Will Be the Year of Data Center Resiliency: Plan Now

IPv6 Buzz 066: Is IPv6 Baked Enough?

IPv6 Buzz 066: Is IPv6 Baked Enough?

Today's IPv6 Buzz podcast tackles the question of IPv6 maturity, how much change we might expect to the protocol going forward, the standards process, and more. Our guest is Russ White, Infrastructure Architect at Juniper Networks. Russ is an author, speaker, and chairs two IETF working groups.

The post IPv6 Buzz 066: Is IPv6 Baked Enough? appeared first on Packet Pushers.

Introduction to Ansible Builder

Hello and welcome to another introductory Ansible blog post, where we'll be covering a new command-line interface (CLI) tool, Ansible Builder. Please note that this article will cover some intermediate-level topics such as containers (Ansible Builder uses Podman by default), virtual environments, and Ansible Content Collections. If you have some familiarity with those topics, then read on to find out what Ansible Builder is, why it was developed, and how to use it. 

This project is currently in development upstream on GitHub and is not yet part of the Red Hat Ansible Automation Platform product.  As with all Red Hat software, our code is open and we have an open source development model for our enterprise software.  The goal of this blog post is to show the current status of this initiative, and start getting the community and customers comfortable with our methodologies, thought process, and concept of Execution Environments.  Feedback on this upstream project can be provided on GitHub via comments and issues, or provided via the various methods listed on our website.  There is also a great talk on AnsibleFest.com, titled “Creating and Using Ansible Execution Environments,” available on-demand, which Continue reading

Introduction to Ansible Builder

Hello and welcome to another introductory Ansible blog post, where we'll be covering a new command-line interface (CLI) tool, Ansible Builder. Please note that this article will cover some intermediate-level topics such as containers (Ansible Builder uses Podman by default), virtual environments, and Ansible Content Collections. If you have some familiarity with those topics, then read on to find out what Ansible Builder is, why it was developed, and how to use it. 

This project is currently in development upstream on GitHub and is not yet part of the Red Hat Ansible Automation Platform product.  As with all Red Hat software, our code is open and we have an open source development model for our enterprise software.  The goal of this blog post is to show the current status of this initiative, and start getting the community and customers comfortable with our methodologies, thought process, and concept of Execution Environments.  Feedback on this upstream project can be provided on GitHub via comments and issues, or provided via the various methods listed on our website.  There is also a great talk on AnsibleFest.com, titled “Creating and Using Ansible Execution Environments,” available on-demand, which Continue reading

Cloudflare Certifications

At Cloudflare, we prioritize initiatives that improve the security and privacy of our products and services. The security organization believes trust and transparency are foundational principles that are ingrained in what we build, the policies we set, and the data we protect. Many of our enterprise customers have stringent regulatory compliance obligations and require their cloud service providers like ourselves to provide assurance that we meet and exceed industry security standards. In the last couple of years, we’ve decided to invest in ways to make the evaluation of our security posture easier. We did so not only by obtaining recognized security certifications and reports in an aggressive timeline, but we also built a team that partners with our customers to provide transparency into our security and privacy practices.

Security Certifications & Reports

We understand the importance of providing transparency into our security processes, controls, and how our customers can continuously rely on them to operate effectively. Cloudflare complies with and supports the following standards:

SOC-2 Type II / SOC 3 (Service Organizations Controls) - Cloudflare maintains SOC reports that include the security, confidentiality, and availability trust principles. The SOC-2 report provides assurance that our products and underlying infrastructure are secure Continue reading

Learning Networking Fundamentals at University?

One of my readers sent me this interesting question:

It begs the question in how far graduated students with a degree in computer science or applied IT infrastructure courses (on university or college level or equivalent) are actually aware of networking fundamentals. I work for a vendor independent networking firm and a lot of my new colleagues are college graduates. Positively, they are very well versed in automation, scripting and other programming skills, but I never asked them what actually happens when a packet traverses a network. I wonder what the result would be…

I can tell you what the result would be in my days: blank stares and confusion. I “enjoyed” a half-year course in computer networking that focused exclusively on history of networking and academic view of layering, and whatever I know about networking I learned after finishing my studies.

Learning Networking Fundamentals at University?

One of my readers sent me this interesting question:

It begs the question in how far graduated students with a degree in computer science or applied IT infrastructure courses (on university or college level or equivalent) are actually aware of networking fundamentals. I work for a vendor independent networking firm and a lot of my new colleagues are college graduates. Positively, they are very well versed in automation, scripting and other programming skills, but I never asked them what actually happens when a packet traverses a network. I wonder what the result would be…

I can tell you what the result would be in my days: blank stares and confusion. I “enjoyed” a half-year course in computer networking that focused exclusively on history of networking and academic view of layering, and whatever I know about networking I learned after finishing my studies.