LockBit 3.0 Ransomware Case Study: A Huge Cybersecurity Risk

In this article, we will analyze Lockbit 3.0 ransomware cases and determine how attacks similar to these cases can be prevented. What is LockBit 3.0 Ransomware? LockBit 3.0 (also known as Lockbit Black) is a ransomware created by the cybercrime syndicate LockBit. September 2019 marked the beginning where this ransomware was used, with the 3.0 [...]

By |2022-09-26T10:25:28+09:00September 23rd, 2022|0 Comments

Cloud Attack Surfaces: Detecting Active AWS Assets Left Unattended

Plenty of vulnerable default welcome pages can be found on a cloud attack surface. Software engineers who understand AWS cloud characteristics or users who have encountered AWS' default welcome pages can detect neglected systems in a default welcome page state using Open Source Intelligence (OSINT) searches. Furthermore, it is not necessary to know specific product names [...]

By |2022-09-27T10:59:54+09:00August 30th, 2022|Tags: , |1 Comment

Default welcome page exposure: A Significant Security Risk

Default welcome page exposure describes blank preference web pages left neglected on the attack surface. They are most commonly encountered at the beginning stages of installing and running systems, and are used to perform setup tasks. How Hackers Exploit Exposed Default Welcome Page It should be noted that there are more default welcome page systems [...]

By |2022-08-25T17:49:09+09:00August 24th, 2022|Tags: , |2 Comments

K-Pop Deepfake Porn Sites: Sneaky Criminals Hiding Real IP Address with Cloudflare

Deepfake is an image synthesis technology that utilizes AI. It is a collective term for frame-by-frame synthesis of a person in an existing image or a video with another person's likeness through deep-learning. Deepfakes have been used in different ways, such as creating a parody of a movie scene by replacing an actor with your [...]

By |2022-08-12T14:48:21+09:00August 4th, 2022|Tags: , , |3 Comments

DDoS Attack Case Study: 20 Hours of Unprovoked Aggression

Recently, there was a GET Flooding Attack-type DDoS attack case on a web services company for about 20 hours. Various attack traffics were detected on the login page which caused serious load on the server and ended up paralyzing the entire login function. The CIP team was provided with data at the time of the DDoS [...]

API Key, a Key to Credential Leakage & Manipulation

Upon searching for Django web applications with enabled Debug Mode on Criminal IP (https://www.criminalip.io/), Database (hereinafter referred to as DB) accounts information and API Keys of more than 3,100 applications were found to be exposed on the internet. This implies that hackers are able to pocket corporate's personal information and confidential documents without hassles. The [...]

Cryptojacking : Your Device is Mining Crypto Behind Your Back

Cryptojacking, a compound word for Cryptocurrency and Hijacking, is a cybercrime where an attacker uses malicious links to lure victims into a website that loads cryptomining Javascript, infects their computers, and then uses their resources to mine cryptocurrency. The number of secretly installed malicious mining codes has been rapidly increasing and, as a result, corporates [...]

By |2022-08-04T18:13:32+09:00June 24th, 2022|Tags: , , , , , |3 Comments

Criminal IP Analysis Report on Overlooked Multi-Function Printer Vulnerability

How would you feel if your personal information like ID and resume were on the internet? Today, using an internet-connected multi-function printer (hereinafter referred to as MFP) to scan different types of important personal information and send them by email has become a norm for both individuals and enterprises. Since these files should never be [...]

Criminal IP Analysis Report on Zero-Day Vulnerability in Atlassian Confluence

According to Volexity 1), a cybersecurity company in Washington, DC, a webshell was discovered in Atlassian Confluence server during an incident response investigation. Volexity observed it as an Atlassian Confluence-related issue and generated an exploit code. However, the company later determined that it was a zero-day vulnerability that could execute remote code even after [...]

Criminal IP Analysis Report on Recent Hidden Malicious Code Sites on a Chinese HFS HTTP File Servers

NAS has become an increasingly common way to handle files and backup storage. As usage increases, NAS security issues, particularly with QNAP and Synology products, are frequently spotted. In addition to its vulnerabilities with CVE ID, critical NAS data is exposed to the internet defenselessly, making it easy to be leaked by simple attacks that [...]

Go to Top