Qihoo 360 Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 31 May 2024 00:59:27 +0000 en-US hourly 1 https://wordpress.org/?v=65901 200474804 The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets https://gridinsoft.com/blogs/updated-fodcha-botnet/ https://gridinsoft.com/blogs/updated-fodcha-botnet/#respond Mon, 31 Oct 2022 09:44:49 +0000 https://gridinsoft.com/blogs/?p=11493 Qihoo 360 (360 Netlab) experts have warned about the emergence of an updated version of the Fodcha botnet, which embeds ransom demands directly into DDoS packets and has new infrastructure hiding functionality. Let me remind you that the Fodcha botnet was discovered in the spring of this year, and even experts reported that the threat… Continue reading The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets

The post The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets appeared first on Gridinsoft Blog.

]]>
Qihoo 360 (360 Netlab) experts have warned about the emergence of an updated version of the Fodcha botnet, which embeds ransom demands directly into DDoS packets and has new infrastructure hiding functionality.

Let me remind you that the Fodcha botnet was discovered in the spring of this year, and even experts reported that the threat was growing rapidly and replenished with new bots, including routers, DRVs, and vulnerable servers.

Let me remind you that we also wrote that Google Stops Glupteba Botnet and Sues Two Russians, and also that TeamTNT mining botnet was infected over 50,000 systems in three months.

If in April of this year, Fodcha attacked about 100 targets daily, now, according to the researchers, the botnet has grown significantly, and the average number of targets per day has increased to 1000. The updated Fodcha peaked on October 11, 2022, attacking 1396 targets at once per day. Confirmed botnet attacks include:

  1. DDoS attack on a healthcare organization that lasted from June 7 to 8, 2022;
  2. DDoS attack on the communications infrastructure of an unnamed company in September 2022;
  3. A 1TB/s DDoS attack against a well-known cloud service provider on September 21, 2022.

Currently, the botnet uses 42 C&C domains for the daily work of 60,000 active bots, which are capable of generating attacks with a capacity of up to 1 Tb / s.

Updated Fodcha botnet

Most of Fodcha’s targets are located in China and the US. Still, the botnet can be safely called international, as it has infected systems in Europe, Australia, Japan, Russia, Brazil, and Canada.

Updated Fodcha botnet

Analysts believe that Fodcha operators make money by renting out their botnets to other attackers who want to carry out DDoS attacks. Moreover, the new version of Fodcha is also engaged in extortion: to stop the attacks, demanding a ransom from the victims in the Monero cryptocurrency.

The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets

Fodcha demands a ransom starting from 10 XMR (Monero), about $1,500. Interestingly, the demands are embedded in the botnet’s DDoS packets, where the attackers warn that the attacks will continue until the payment is made.

Updated Fodcha botnet

The researcher’s report also notes that the botnet now uses encryption to communicate with the control server, making it difficult to analyze malware and the potential destruction of its infrastructure by information security specialists.

The post The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/updated-fodcha-botnet/feed/ 0 11493
In 2020, Google paid cybersecurity experts $6.7 million https://gridinsoft.com/blogs/google-paid-cybersecurity-experts-7-million/ https://gridinsoft.com/blogs/google-paid-cybersecurity-experts-7-million/#respond Fri, 05 Feb 2021 16:03:28 +0000 https://blog.gridinsoft.com/?p=5076 During the year, Google paid out 6.7 million to cybersecurity experts and published statistics on bug bounty programs for 2020. It turned out that during this time, researchers from 62 countries of the world discovered 662 vulnerabilities in Google products. The majority of payments cybersecurity experts received for errors that were found within the Chrome… Continue reading In 2020, Google paid cybersecurity experts $6.7 million

The post In 2020, Google paid cybersecurity experts $6.7 million appeared first on Gridinsoft Blog.

]]>
During the year, Google paid out 6.7 million to cybersecurity experts and published statistics on bug bounty programs for 2020.

It turned out that during this time, researchers from 62 countries of the world discovered 662 vulnerabilities in Google products.

This is the largest payout in all the years of vulnerability bounty programs, even exceeding the $6,500,000 the company spent in 2019.calculated Google.

The majority of payments cybersecurity experts received for errors that were found within the Chrome VRP (Vulnerabilities Rewards Program) program: more than $2,100,000 for 300 vulnerabilities found in the Google browser. This is 83% more than in 2019.

Google paid cybersecurity experts

Another important part of the company’s program is the bug bounty initiative for Android. The researchers earned about $1,740,000 from vulnerabilities in the code of the mobile operating system, and another $270,000 brought to them errors in popular and widely used applications from the Google Play Store.

The company’s report also lists the following interesting figures for 2020:

  • The Android 11 preview bonus was over $50,000 and was applied to 11 reports. This allowed Google to fix a number of issues prior to the official release of Android 11.
  • Qihoo 360’s 360 Alpha Lab research team owns a record eight exploits (30% of the total) for a variety of vulnerabilities. Alpha Lab recently demonstrated a one-click remote root access exploit targeting the latest Android devices. Researchers are still in the lead as they received a record $161,337 payout for their 2019 exploit (plus another $40,000 in Chrome VRP).
  • Another unnamed researcher presented two exploits in 2020 and is now also fighting for the first place, as the total amount of rewards he earned is approaching $400,000.
  • Under the Google research grants program, cybersecurity researchers received about $400,000. For example, more than 180 experts received grants and eventually sent 200 bug reports, which resulted in the discovery of 100 confirmed bugs in Google products and the open-source ecosystem.

    As I said, Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches.

    The post In 2020, Google paid cybersecurity experts $6.7 million appeared first on Gridinsoft Blog.

    ]]> https://gridinsoft.com/blogs/google-paid-cybersecurity-experts-7-million/feed/ 0 5076 Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products https://gridinsoft.com/blogs/microsoft-fixed-0-day-vulnerability-in-internet-explorer-and-99-more-bugs-in-its-products/ https://gridinsoft.com/blogs/microsoft-fixed-0-day-vulnerability-in-internet-explorer-and-99-more-bugs-in-its-products/#respond Wed, 12 Feb 2020 16:07:39 +0000 https://blog.gridinsoft.com/?p=3451 Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems. Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the… Continue reading Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products

    The post Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products appeared first on Gridinsoft Blog.

    ]]>
    Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems.

    Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the attackers had already used for “limited targeted attacks.”

    The problem received the identifier CVE-2020-0674 and was associated with a vulnerability in the Firefox browser, which also became known in January. Apparently, the mentioned “limited attacks” were part of a larger hacker campaign, which also included attacks on users of Firefox.

    “The problem was related to the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site”, – Microsoft specialists describe this sensational vulnerability.

    After an official patch has been released for CVE-2020-0674, Microsoft reported that Google Analytics Group and Chinese experts from Qihoo 360 originally detected the problem.

    While Google did not publish any information about the operation of the bug, Qihoo 360 reports that the problem is associated with hacker’s band DarkHotel, which many researchers link with North Korea.

    Information about four more vulnerabilities that received patches this month was publicly disclosed before release of fixes (however, any of these problems was used for attacks): these are two privilege escalation errors in Windows Installer (CVE-2020-0683 and CVE-2020 -0686), Secure Boot bypass (CVE-2020-0689), and information disclosure vulnerability in Edge and IE browsers (CVE-2020-0706).

    “Most of the critical problems this month are RCE vulnerabilities and bugs related to the violation of the integrity of information in memory. The Chakra scripting engine, the Media Foundation component and LNK files received corrections for such defects”, – say the experts.

    Separately, it is worth highlighting the problems found in Remote Desktop: two RCE vulnerabilities allowed remote execution of arbitrary code on the client side (CVE-2020-0681 and CVE-2020-0734).

    Additionally, another problem of remote execution of arbitrary code (CVE-2020-0688) was fixed in Exchange. It could be exploited using malicious emails.

    Let me remind you that no patches will help Windows 7 users, farewell system updates were for the last time released in January and the company no longer supports them for free.

    Recently, however, the Free Software Foundation called on Microsoft to open Windows 7 code for the free-war support, but it is unlikely that the vendor will take this offer.

    The post Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/microsoft-fixed-0-day-vulnerability-in-internet-explorer-and-99-more-bugs-in-its-products/feed/ 0 3451