A botnet has been discovered that uses a hidden Tor IRC service for command and control. Although Tor tends to be on the slow side, the extra layers of anonymity make it significantly difficult and maybe even impossible to locate either the C&C servers, or the people running them.
All kinds of direct hack attacks probably occur over the Tor network. This use however, is interesting in that there currently is no known method for shutting them down. I expect that once a compromised server is found, researchers will begin looking for vulnerabilities on the hidden Tor services in the hopes of finding a vulnerability that exposes the actual IP information.
The article discusses how the bots are being used to mine bitcoins.
Either way, this is interesting, and probably will soon be the de facto way to run botnets.
Some news, views and musing about things going on in the Information Security World.
Thursday, December 13, 2012
Skynet Botnet Controlled Over Tor
Key Words:
0-day,
bitcoins,
botnet,
encryption,
forensics,
hacking,
onion routing,
tor
Wednesday, December 12, 2012
Ransom hackers encrypt medical centre's entire database
An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (US$4215) after blackmailers broke into the organisation’s servers and encrypted its entire patient database.
If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:
They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.
If crime doesn't pay, why is this clinic considering making it profitable? Paying ransom only perpetuates the problem. Instead they should be spending the money on securing their systems. The clinic should be asking themselves:
- Why should I make this crime profitable for the attacker?
- How do I know they will provide the password and instructions for decrypting the data?
- How do I know that if I decrypt the database, the data hasn't been tampered with?
- If I pay the ransom, what is to stop them from increasing the demand lest they publish the data online?
- What is a better plan for securing the systems and moving on?
They already lost once. If they don't bite the bullet and move on, they risk losing again and again. They would also be giving the attackers valuable incentives for attacking more sites.
Key Words:
data destruction,
encryption,
forensics,
hacking,
law,
password complexity,
passwords,
policy,
privacy,
security controls
Subscribe to:
Posts (Atom)