The Monday Media Wrap Up: AlphaBay, “Siren” Botnet, and New Phishing Techniques

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Articles from July 14-21

AlphaBay, Hansa Shut, but Drug Dealers Flock to Dark Web DreamMarket

NBC News | Tom Winter | July 20, 2017

The newfound popularity of DreamMarket highlights the whack-a-mole challenges of policing drugs sold online even as government officials touted the the death of the other two sites, AlphaBay and Hansa. The Drug Enforcement Administration and the Justice Department announced Thursday that AlphaBay — described as a major source of fentanyl and heroin that has been linked to overdose deaths — had been seized and closed down. “This is likely one of the most important criminal investigations of the year — taking down the largest dark net marketplace in history,” said Attorney General Jeff Sessions.

2 Leading Online Black Markets Are Shut Down by Authorities

The New York Times | Nathaniel Popper and Rebecca R. Ruiz | July 20, 2017

The American and European authorities said on Thursday that they had shut down two of the largest online black markets, AlphaBay and Hansa Market, and arrested their operators. AlphaBay, the largest so-called dark net market, was taken down in early July at the same time the authorities arrested the reported founder of the site, Alexandre Cazes, a Canadian man who was living in Bangkok. Mr. Cazes committed suicide in his jail cell shortly after he was arrested, the authorities said on Thursday. He was 25 years old. After AlphaBay went down, users streamed to one of its largest competitors, Hansa Market. But on Thursday, the Dutch national police announced that they had taken control of Hansa Market in June and had been operating the site since then, monitoring the vendors and customers and gathering identifying details on those involved in the 50,000 transactions that took place. Two men were arrested in Germany in June and accused of operating Hansa Market. When dark net markets are shut, their users typically move quickly to new markets. But on Thursday, news of the joint operation sent the community into a panic.

Russia says talks underway on joint U.S. cybersecurity unit

CBS News | Staff | July 20, 2017

A Russian official was quoted by the country’s government-run media on Thursday as saying Moscow and the U.S. government were in talks about establishing a joint cybersecurity unit — a prospect first raised, and then seemingly dismissed by President Trump after he met with Vladimir Putin. The RIA news agency said Russia’s special envoy on cybersecurity Andrey Krutskikh confirmed that talks were underway to create a bilateral working group, and acknowledging that it could create a “problem” for President Trump. Krutskikh was quoted as saying, “there is no need to dramatize the working process, it is undoubtedly difficult, taking into account the current American realities, but this is a problem rather of the U.S. administration, not ours.”

“Siren” botnet silenced after spamming Twitter users with porn links

SC Magazine | Bradley Barth | July 20, 2017

A social media botnet that spammed Twitter accounts with links to pornographic content sent out more than 8.5 million posts from 90,000 unique accounts before it was neutralized, according to a new report. The botnet, dubbed Siren (as in the seductive mythical creatures who lured sailors to their doom), generated one of the largest malicious campaigns ever recorded on a social network, according to social media security firm ZeroFOX, whose team uncovered the botnet. What’s more, ZeroFOX has linked this social media campaign to an email spam botnet operation that was reported on earlier this year by security researcher and blogger Brian Krebs.

APAC firms see clueless employees as biggest security threat

ZDNet | Eileen Yu | July 19, 2017

Nearly half of companies across five Asia-Pacific markets believe employees who are clueless about cybersecurity pose the biggest challenge, ranking them above external suppliers. Another 67 percent said it was extremely or somewhat likely that internal threat, such as employees downloading unauthorised attachments and software, was a cybersecurity risk for their organisation, according to survey findings released by Palo Alto Networks. The study polled 500 respondents in Singapore, China, India, Australia, and Hong Kong. Some 47 percent believed the lack of employee awareness was the biggest cybersecurity challenge for their organisation, compared to 36 percent who pointed to third-party service providers and suppliers and 31 percent who said cloud migration. Another 29 percent believed legacy IT systems were their company’s biggest cybersecurity challenge, while 25 percent pointed to the lack of management support.

Beware! New Phishing Attacks Disguised as Replies to Previously Asked Questions

Small Business Trends | Michael Guta | July 19, 2017

Cyber criminals have come up with yet another way to get you to open an email. This month’s Comodo Threat Intelligence Lab report has identified a new type of phishing email. According to Comodo, the new scam involves emails disguised as a reply to a previously asked request for information. The emails also appear to come from a legitimate contact or familiar brand, the report says. The particular phishing email campaign mentioned in the report occurred over a seven-hour period on July 6, 2017. And while it lasted less than a day, it was able to target 50 enterprise customers with thousands of users. The perpetrators of the attack used 585 different servers with IP addresses in North America, Europe, Australia and Turkey. Comodo says the speed and coordination to develop and deploy the attack shows a considerable level of sophistication and advance in phishing evolution. The emails have been designed to look authentic. And if you are busy, a quick glance might lead you to believe it is a legitimate request. But once you click on the link, you will be directed to a different site, which will deliver its remotely deployed malware payload.

San Francisco’s biggest public radio station has been battling ransomware for over a month

The Verge | Russell Brandom | July 18, 2017

For the last month, San Francisco’s KQED has been recovering from a massive ransomware attack, the station revealed today to The San Francisco Chronicle. The infection began on June 15th, but more than a month later, many crucial systems remain offline at the National Public Radio member-station. “It’s like we’ve been bombed back to 20 years ago, technology-wise,” one senior editor told the Chronicle. The initial damage from the attack was severe, locking hard drives, erasing prerecorded segments, and bringing down the station’s internal email server. The station’s online broadcast was offline for more than 12 hours, although the FM broadcast continued uninterrupted. The office Wi-Fi remained offline for several days. As systems recover, the station has been forced to print and manually distribute scripts. Broadcasters have also returned to timing segments with a stopwatch, without a more intricate content management system to generate timestamps. The ransomware was unusually expensive, demanding thousands of dollars for each encrypted file. As a result, the total decryption cost would have been tens of millions of dollars, far more than the station could afford. According to the station, no ransom was paid, and the office’s technical support staff have been left to work around the encrypted systems.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About DomainTools
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at
Promoted Content
The Distribution of Malicious Domains
In our previous reports, we profled malicious domains by describing patterns in theirregistration details: top level domain (TLD), free email provider, Whois privacy provider, andhosting location. In this edition, we compared the distributions of malicious domains vs neutraldomains across a measure of age (both of the domain and of the name server domain) anda measure of the entropy of the domain name. We also examined malicious domains acrossregistrars to fnd additional clues as to how and when these domains were registered.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?