Tag Archive for: Detection

10 Botnet Detection and Removal Best Practices

/in


If your device suddenly behaves like a re-animated zombie, you might be under a Botnet attack.

Also known as a zombie army, these attacks involve hijacking internet-connected devices infected with malware, controlled remotely by a single hacker. The scale of these attacks is immense, as demonstrated by a cyber assault that exploited 1.5 million connected cameras to overwhelm and take down a journalist’s website.

As the IoT market grows exponentially, reaching 75.4 billion devices by 2025, the need for robust botnet detection and removal becomes critical for digital safety.

How Does a Botnet Attack Work?

A botnet functions as a network of compromised devices, each under the control of a malicious actor. Typically, these devices become infected unknowingly through activities like visiting a malicious website, where malware is automatically downloaded without the user’s awareness. Once compromised, a device becomes part of the botnet, essentially a collective of hijacked devices.

The lifecycle of a botnet involves several key stages:

Infection

The process begins with the initial infection of individual devices. This can occur through various means, such as users unknowingly downloading malware from malicious websites, falling victim to phishing schemes, or exploiting vulnerabilities in software. 

One prevalent method involves the mass sending of phishing emails to target systems. These phishing schemes can be challenging to detect, even for vigilant users and advanced alert systems. The insidious nature of malware lies in its ability to infiltrate devices, unpack viruses, and take control, often without the user’s knowledge.

Propagation

Once a device is infected, it becomes part of the botnet and can be used to propagate the malware further. This can involve exploiting known software vulnerabilities, enabling the botnet to rapidly expand its reach by infecting other vulnerable devices.

Command and Control (C2)

The botmaster establishes control over the compromised devices through a command-and-control server (C2). This server serves as the central hub for communication between the botmaster and the infected devices. The botmaster can issue commands to the entire botnet or…

Source…

xorbot: A Stealthy Botnet Family That Defies Detection

/in


I. Background of xorbot

In November 2023, NSFOCUS Global Threat Hunting System detected that a type of elf file was being widely distributed and accompanied by a large amount of suspected encrypted outbound communication traffic. However, the detection rate of mainstream antivirus engines on this file was close to zero, which aroused our curiosity. After further manual analysis, we identified a novel botnet family with strong occultness. Given that the family uses multiple rounds of xor operations in encryption and decryption algorithms, NSFOCUS Research Labs named the Trojan xorbot.

Unlike a large number of botnet families secondary developed based on open source code, xorbot was built from scratch with a brand-new architecture. Developers attached great importance to the concealment of Trojan horses and even sacrificed propagation efficiency for better concealment effect. The latest version of Trojan horse added a large amount of garbage codes on the basis of the initial version, which increased the file volume by more than 30 times. On the traffic side, it also took painstaking efforts to randomly generate data sent during the initial online interaction stage, and introduced encryption and decryption algorithms to encrypt and store key information, thus invalidating the method of detecting character features in communication traffic.

II. Sample Analysis of xorbot

Version change

Shortly after the initial propagation version of xorbot, which first appeared in November 2023 with a file size around 30 KB, NSFOCUS Global Threat Hunting System detected another variant of the Trojan that soared nearly 30-fold to close to 1200 KB.

Figure 1 Comparison of file sizes in different versions of xorbot

Through further analysis, we confirm that the xorbot Trojan communicates in the new version by introducing _libc_connect() and _libc_recv() series functions of the libc library, but the core function modules remain unchanged.

Figure 2 xorbot core function module

Trojan developers have added a large amount of invalid code to mask malicious branches, making the current antivirus engine detection rate close to zero. Although junk code can oversize files and affect their propagation…

Source…

AI, Hybrid Cloud, Ransomware Detection, and the Enduring Role of Hard Disk Drives in Data Storage Evolution

/in


Scality, a global leader in reliable, secure, and sustainable data storage software, shared its annual data storage predictions for 2024. With the use of generative AI skyrocketing and cyberattacks continuing to infect organizations, ongoing demands to decrease IT complexity with secure, efficient solutions will dominate IT budgets into the new year. In addition, perennial data storage management challenges — growing data volumes, tight budgets, skills shortages, complicated IT installations, and increasing cyber threats — will persist.

While these are standard assumptions, this year, Scality focused its predictions on the ongoing conversations led by customers and thought leaders in the data storage industry.

Giorgio Regni, CTO at Scality, said, “We’ve had some interesting industry debates with thought leaders this past year, including the potential death of the hard disk drive (HDD), the role on-premises data storage can play to help advance data management and AI, and, finally, what it really takes to protect data from ransomware. This year’s predictions play off all of these themes.”

Recommended AI News: Riding on the Generative AI Hype, CDP Needs a New Definition in 2024

AIThority Predictions Series 2024 bannerHDDs will live on, despite predictions of a premature death
Some all-flash vendors prognosticate the end of spinning disk (HDD) media in the coming years. While flash media and solid state drives (SSDs) have clear benefits when it comes to latency, are making major strides in density, and the cost per GB is declining, we see HDDs holding a 3-5x density/cost advantage over high-density SSDs through 2028.

Therefore, the current call for HDD end-of-life is akin to the tape-is-dead arguments from 20 years ago. In a similar way, HDDs will likely survive for the foreseeable future as they continue to provide workload-specific value.  

End users will discover the value of unstructured data for AI
The meteoric rise of large language models (LLMs) over the past year highlights the incredible potential they hold for organizations of all sizes and industries. They primarily leverage structured, or text-based, training data. In the coming year, businesses will discover the value of their vast troves…

Source…

Nutanix Strengthens Cyber Resilience With Accelerated Ransomware Detection And Recovery

/in


(MENAFN– Mid-East)

Nutanix Data Lens can detect threats within 20 minutes and delivers 1-click recovery

Adds support for Nutanix Objects, increases visibility of data across the hybrid multicloud.

DUBAI, UAE– Nutanix (NASDAQ: NTNX), a leader in hybrid multicloud computing, today announced new features in the Nutanix Cloud Platform to strengthen organizations’ cyber resilience against ransomware attacks on unstructured data. These new features, available today in Nutanix Data Lens and Nutanix Unified Storage solutions, enable organizations to detect a threat, defend from further damage and begin a 1-click recovery process within 20 minutes of exposure. The features build on the strength of Nutanix Cloud Platform to protect and secure customers’ most sensitive data across clouds.

Ransomware is a top priority for CIOs and CISOs globally, yet 93% of organizations report they need to be better prepared according to the Enterprise Cloud Index. Speed of detection is more critical now that the average ransomware attack duration accelerated 94% as threat actors become more efficient at breaching, exfiltrating, and enacting a ransomware payload compromising data. Fast data recovery is also essential since recovery can typically take days or even weeks, and incomplete recovery can impact operations long after the attack is over.

“Rapid detection and rapid recovery are two of the most critical elements in successful ransomware planning, yet remain a challenge for many organizations especially as they manage data across multiple clouds,” said Scott Sinclair, Practice Director with the Enterprise Strategy Group.“Nutanix Data Lens and Nutanix Unified Storage, Nutanix Cloud Platform now provides a 20-min detection window and 1-click recovery, with cyber resilience integrated at the unstructured data layer to simplify cyber resilience while accelerating both detection and recovery.”

Nutanix Data Lens is a SaaS-based data security solution that helps proactively assess and mitigate unstructured data security and compliance risks by identifying anomalous activity and auditing user behavior. New capabilities include:

  • Ransomware Detection and…

Source…