Qihoo 360 Archives – Gridinsoft Blog

The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets

Vladimir Krasnogolovy — Mon, 31 Oct 2022 09:44:49 +0000

Qihoo 360 (360 Netlab) experts have warned about the emergence of an updated version of the Fodcha botnet, which embeds ransom demands directly into DDoS packets and has new infrastructure hiding functionality.

Let me remind you that the Fodcha botnet was discovered in the spring of this year, and even experts reported that the threat was growing rapidly and replenished with new bots, including routers, DRVs, and vulnerable servers.

Let me remind you that we also wrote that Google Stops Glupteba Botnet and Sues Two Russians, and also that TeamTNT mining botnet was infected over 50,000 systems in three months.

If in April of this year, Fodcha attacked about 100 targets daily, now, according to the researchers, the botnet has grown significantly, and the average number of targets per day has increased to 1000. The updated Fodcha peaked on October 11, 2022, attacking 1396 targets at once per day. Confirmed botnet attacks include:

DDoS attack on a healthcare organization that lasted from June 7 to 8, 2022;
DDoS attack on the communications infrastructure of an unnamed company in September 2022;
A 1TB/s DDoS attack against a well-known cloud service provider on September 21, 2022.

Currently, the botnet uses 42 C&C domains for the daily work of 60,000 active bots, which are capable of generating attacks with a capacity of up to 1 Tb / s.

Most of Fodcha’s targets are located in China and the US. Still, the botnet can be safely called international, as it has infected systems in Europe, Australia, Japan, Russia, Brazil, and Canada.

Analysts believe that Fodcha operators make money by renting out their botnets to other attackers who want to carry out DDoS attacks. Moreover, the new version of Fodcha is also engaged in extortion: to stop the attacks, demanding a ransom from the victims in the Monero cryptocurrency.

Fodcha demands a ransom starting from 10 XMR (Monero), about $1,500. Interestingly, the demands are embedded in the botnet’s DDoS packets, where the attackers warn that the attacks will continue until the payment is made.

The researcher’s report also notes that the botnet now uses encryption to communicate with the control server, making it difficult to analyze malware and the potential destruction of its infrastructure by information security specialists.

The post The Updated Fodcha Botnet Reaches a Capacity of 1 Tb / s and Demands a Ransom Directly in DDoS Packets appeared first on Gridinsoft Blog.

In 2020, Google paid cybersecurity experts $6.7 million

Vladimir Krasnogolovy — Fri, 05 Feb 2021 16:03:28 +0000

During the year, Google paid out 6.7 million to cybersecurity experts and published statistics on bug bounty programs for 2020.

It turned out that during this time, researchers from 62 countries of the world discovered 662 vulnerabilities in Google products.

This is the largest payout in all the years of vulnerability bounty programs, even exceeding the $6,500,000 the company spent in 2019.calculated Google.

The majority of payments cybersecurity experts received for errors that were found within the Chrome VRP (Vulnerabilities Rewards Program) program: more than $2,100,000 for 300 vulnerabilities found in the Google browser. This is 83% more than in 2019.

Another important part of the company’s program is the bug bounty initiative for Android. The researchers earned about $1,740,000 from vulnerabilities in the code of the mobile operating system, and another $270,000 brought to them errors in popular and widely used applications from the Google Play Store.

The company’s report also lists the following interesting figures for 2020:

The Android 11 preview bonus was over $50,000 and was applied to 11 reports. This allowed Google to fix a number of issues prior to the official release of Android 11.
Qihoo 360’s 360 Alpha Lab research team owns a record eight exploits (30% of the total) for a variety of vulnerabilities. Alpha Lab recently demonstrated a one-click remote root access exploit targeting the latest Android devices. Researchers are still in the lead as they received a record $161,337 payout for their 2019 exploit (plus another $40,000 in Chrome VRP).
Another unnamed researcher presented two exploits in 2020 and is now also fighting for the first place, as the total amount of rewards he earned is approaching $400,000.

Under the Google research grants program, cybersecurity researchers received about $400,000. For example, more than 180 experts received grants and eventually sent 200 bug reports, which resulted in the discovery of 100 confirmed bugs in Google products and the open-source ecosystem.

As I said, Google analysts studied the 0-day vulnerabilities they discovered in 2020, and concluded that almost a quarter of the problems are new variations of already known bugs that had previously received patches.

The post In 2020, Google paid cybersecurity experts $6.7 million appeared first on Gridinsoft Blog.

Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products

Vladimir Krasnogolovy — Wed, 12 Feb 2020 16:07:39 +0000

Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems.

Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the attackers had already used for “limited targeted attacks.”

The problem received the identifier CVE-2020-0674 and was associated with a vulnerability in the Firefox browser, which also became known in January. Apparently, the mentioned “limited attacks” were part of a larger hacker campaign, which also included attacks on users of Firefox.

“The problem was related to the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site”, – Microsoft specialists describe this sensational vulnerability.

After an official patch has been released for CVE-2020-0674, Microsoft reported that Google Analytics Group and Chinese experts from Qihoo 360 originally detected the problem.

While Google did not publish any information about the operation of the bug, Qihoo 360 reports that the problem is associated with hacker’s band DarkHotel, which many researchers link with North Korea.

Information about four more vulnerabilities that received patches this month was publicly disclosed before release of fixes (however, any of these problems was used for attacks): these are two privilege escalation errors in Windows Installer (CVE-2020-0683 and CVE-2020 -0686), Secure Boot bypass (CVE-2020-0689), and information disclosure vulnerability in Edge and IE browsers (CVE-2020-0706).

“Most of the critical problems this month are RCE vulnerabilities and bugs related to the violation of the integrity of information in memory. The Chakra scripting engine, the Media Foundation component and LNK files received corrections for such defects”, – say the experts.

Separately, it is worth highlighting the problems found in Remote Desktop: two RCE vulnerabilities allowed remote execution of arbitrary code on the client side (CVE-2020-0681 and CVE-2020-0734).

Additionally, another problem of remote execution of arbitrary code (CVE-2020-0688) was fixed in Exchange. It could be exploited using malicious emails.

Let me remind you that no patches will help Windows 7 users, farewell system updates were for the last time released in January and the company no longer supports them for free.

Recently, however, the Free Software Foundation called on Microsoft to open Windows 7 code for the free-war support, but it is unlikely that the vendor will take this offer.

The post Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products appeared first on Gridinsoft Blog.