Catch of the Day

Here’s my catch of the day for you: Monday Jan 23 2017

Massive Twitter Botnet Discovered: We know this can’t be good.  Two researchers have found a huge but dormant Twitter botnet of 350,000 bots. Active, this could spread spam or malicious links, or be used to spread – gasp – fake news. The researchers claim to have found an even larger botnet of over 500K. Just think of the Mirai botnet and outages along the eastern seaboard. While details on that are not being released just yet, the Twitter botnet was apparently created in 2013 and stayed hidden til recently. The content consists of harmless quotes from Star Wars and no URLs are involved. The users attached to the bots seem believably human and unaggressive. The researchers are encouraging people to research these bots, and have created two Twitter accounts to report bots: @thatisabot and @website.

Locky Ransomware – Awaken the Kraken?:  2016 started with a ransomware bang and ended with a botnet boom. The pairing of ransomware and botnets should make anyone nervous. And the minds at Cisco are warning that we should expect a massive spam campaign with a return of the near-dormant Locky ransomware.   Locky was spread via the Necrus botnet, which had 500K devices under its control to deliver spam, which contained the unbreakable Locky payload. Researchers are seeing a subtle increase in attacks via Necrus and Locky this month. It is possible attackers are exercising caution rather than risk getting caught.  I say batten down those hatches.

How to Secure Your Bank – in 3 Easy Steps!: OK. It’s not that easy. But these are good principle for any organization to follow, including banks. After last year’s massive financial attacks and heists, and the return of Carbanak, financial organizations need to get their houses in order to face the year ahead. And it isn’t just the gold or currency that holds value in the vault. It’s all. That. Data. Those mainframes are no longer as segregated as they once were. And banks are more at risk of Advanced Persistent Threats and targeted attacks. Recommendations are to train everyone on security practices and awareness.  Then, make sure controls are in place and that people are aware of them. Finally, make sure that all outside parties, or trusted partners, understand and adhere to these rules to maximize security.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s