Security Alerts & News
by Tymoteusz A. Góral

History
#828 Wekby APT gang using DNS tunneling for command and control
Palo Alto Networks is reporting a shift in malware tactics used by the APT group Wekby that has added a rare but effective new tool to its bag of tricks. The security firm reported on Tuesday that over the past week, Wekby attackers are turning to the technique known as DNS tunneling in lieu of more conventional HTTP delivery of command and controls for remote access control of infected computer networks.

Researchers discovered the change in strategy while monitoring an undisclosed U.S.-based high-tech firm targeted by the gang. Palo Alto Networks call the DNS tunneling malware pisloader, adding it has existed for some time but is seldom used. The use of the DNS-based attacks differs from the Wekby’s go-to malware HTTPBrowser, which is still used widely by the group, according to Ryan Olson, researcher at Palo Alto Networks Unit 42 team.
Read more
#828 Wekby APT gang using DNS tunneling for command and control
#827 Skimmers found at Walmart: a closer Look
#826 APT groups finding success with patched Microsoft flaw
#825 Major DNS (NS1) provider hit by mysterious, focused DDoS attack
#824 Scary and fascinating: The future of big data
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12