I have been investigating an incident involving two EC2 instances on AWS that were infected with ransomware, cryptocurrency miners, and other types of malware. Sounds scary, right?! Well actually, the approaches that the attackers took to get onto the hosts do not appear to be that sophisticated, and this type of attack could occur in […]
Read More - Indicators of RDP Brute Force Attacks
The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there […]
In a past article, I explained how to auto-block hosts with a WatchGuard Firebox. Yesterday alone my logs showed over 100 IP addresses auto-blocked in one day on a Firebox used for testing purposes. The list included over 1000 blocked IP addresses. I also noticed the Firebox shows a limited number of blocked hosts so […]
WatchGuard’s Threat Lab (previously the LiveSecurity Threat Team) is a group of threat researchers committed to discovering and studying the latest malware and Internet attacks. The Threat Lab team uses data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide analysis and practical security advice about the top threats on the Internet.