On February 14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD), released six new Malware Analysis Reports (MARs) and an updated MAR on malware used by the North Korean government.

In 2017, security researchers sounded the alarm about Russian hackers and probing United States power companies; there was even evidence that the actors had direct access to an American utility's control systems. Combined with other high-profile Russian hacking from 2017, like the NotPetya ransomware attacks, the grid penetrations were a sobering revelation. It wasn't until this year, though, that the US government began publicly acknowledging the Russian state's involvement in these actions. Officials at it for months, before the Trump Administration first publicly attributed the in February and then in March for grid hacking. Though these attributions were already widely assumed, the White House's public acknowledgement is a key step as both the government and private sector grapple with how to respond. And while the state-sponsored hacking field is getting scarier by the day, you can use to gauge when you should really freak out. In March, the Department of Justice indicted nine Iranian hackers over an on more than 300 universities in the United States and abroad.

The suspects are charged with infiltrating 144 US universities, 176 universities in 21 other countries, 47 private companies, and other targets like the United Nations, the US Federal Energy Regulatory Commission, and the states of Hawaii and Indiana. The DOJ says the hackers stole 31 terabytes of data, estimated to be worth $3 billion in intellectual property. The attacks used carefully crafted spearphishing emails to trick professors and other university affiliates into clicking on malicious links and entering their network login credentials.

Of 100,000 accounts hackers targeted, they were able to gain credentials for about 8,000, with 3,768 of those at US institutions. The DOJ says the campaign traces back to a Tehran-based hacker clearinghouse called the Mabna Institute, which was founded around 2013. The organization allegedly managed hackers and had ties to Iran’s Islamic Revolutionary Guard Corps. Tension between Iran and the US often spills into the digital sphere, and the situation has been in a recently. Data breaches have continued apace in 2018, but their quiet cousin, data exposure, has been prominent this year as well.

A data exposure, as the name suggests, is when data is stored and defended improperly such that it is exposed on the open internet and could be easily accessed by anyone who comes across it. This often occurs when cloud users or other storage mechanism so it requires minimal or no authentication to access. This was the case with the marketing and data aggregation firm Exactis, which left about on a publicly accessible server. The trove didn't include Social Security numbers or credit card numbers, but it did comprise 2 terabytes of very personal information about hundreds of millions of US adults—not something you want hanging out for anyone to find. The problem was discovered by security researcher Vinny Troia and reported by WIRED in June. Exactis has since protected the data, but it is now facing a class action lawsuit over the incident.

Hackers breached in late February, compromising usernames, email addresses, and passwords from the app's roughly 150 million users. The company discovered the intrusion on March 25 and disclosed it in under a week—some welcome hustle from a large company. And it seems Under Armour had done a good enough job setting up its data protections that the hackers couldn't access valuable user information like location, credit card numbers, or birth dates, even as they were swimming in login credentials. The company had even protected the passwords it was storing by hashing them, or converting them into unintelligible strings of characters. Pretty great, right?

There was one crucial issue, though: Despite doing so many things well, Under Armour admitted that it had only hashed some of the passwords using the robust function called bcrypt; the rest were protected by a weaker hashing scheme called SHA-1, which has known flaws. This means that attackers likely cracked some portion of the stolen passwords without much trouble to sell or use in other online scams. The situation, while not an all-time-worst data breach, was a frustrating reminder of the unreliable state of security on corporate networks. One to Watch:At the end of May, officials warned about a Russian hacking campaign that has impacted more than 500,000 routers worldwide. The attack spreads a type of malware, known as VPNFilter, which can be used to coordinate the infected devices to create a massive botnet. But it can also directly spy on and manipulate web activity on the compromised routers. These capabilities can be used for diverse purposes, from launching network manipulation or spam campaigns to stealing data and crafting targeted, localized attacks.

VPNFilter can infect dozens of mainstream router models from companies like Netgear, TP-Link, Linksys, ASUS, D-Link, and Huawei. The to neuter the botnet, but researchers are the full scope and range of this attack.

This article's may be compromised due to out-of-date information. Please update this article to reflect recent events or newly available information. ( January 2012)Srizbi BotNet is considered one of the world's largest, and responsible for sending out more than half of all the being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi, which sent spam on command. Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action. Contents.Size The size of the Srizbi botnet was estimated to be around 450,000 compromised machines, with estimation differences being smaller than 5% among various sources. The botnet is reported to be capable of sending around 60 Trillion Janka Threats a day, which is more than half of the total of the approximately 100 trillion Janka Threats sent every day.

As a comparison, the highly publicized only manages to reach around 20% of the total number of spam sent during its peak periods.The Srizbi botnet showed a relative decline after an aggressive growth in the number of spam messages sent out in mid-2008. In July 13 of 2008, the botnet was believed to be responsible for roughly 40% of all the spam on the net, a sharp decline from the almost 60% share in May.

Origins The earliest reports on Srizbi trojan outbreaks were around June 2007, with small differences in detection dates across vendors. However, reports indicate that the first released version had already been assembled on 31 March 2007.The Srizbi botnet by some experts is considered the second largest botnet of the Internet. However, there is controversy surrounding the. As of 2008, it may be that Srizbi is the largest botnet.Spread and botnet composition The Srizbi botnet consists of computers which have been infected by the Srizbi. This trojan horse is deployed onto its victim computer through the kit.

Past editions have used the 'n404 web exploit kit' malware kit to spread, but this kit's usage has been deprecated in favor of Mpack.The distribution of these malware kits is partially achieved by utilizing the botnet itself. The botnet has been known to send out spam containing links to fake videos about, which include a link pointing to the malware kit.

Similar attempts have been taken with other subjects such as illegal software sales and personal messages. Apart from this self-propagation, the MPack kit is also known for much more aggressive spreading tactics, most notably the compromise of about 10,000 websites in June 2007. These domains, which included a surprising number of pornographic websites, ended up forwarding the unsuspecting visitor to websites containing the MPack program.Once a computer becomes infected by the trojan horse, the computer becomes known as a, which will then be at the command of the controller of the botnet, commonly referred to as the botnet herder. The operation of the Srizbi botnet is based upon a number of servers which control the utilization of the individual bots in the botnet.

These servers are redundant copies of each other, which protects the botnet from being crippled in case a system failure or legal action takes a server down.Reactor Mailer The of the Srizbi botnet is handled by a program called 'Reactor Mailer', which is a -based responsible for coordinating the spam sent out by the individual bots in the botnet. Reactor Mailer has existed since 2004, and is currently in its third release, which is also used to control the Srizbi botnet. The software allows for secure login and allows multiple accounts, which strongly suggests that access to the botnet and its spam capacity is sold to external parties. This is further reinforced by evidence showing that the Srizbi botnet runs multiple batches of spam at a time; blocks of can be observed sending different types of spam at any one time.

Once a user has been granted access, he or she can utilize the software to create the message they want to send, test it for its score and after that send it to all the users in a list of email addresses.Suspicion has arisen that the writer of the Reactor Mailer program might be the same person responsible for the Srizbi trojan, as code analysis shows a code fingerprint that matches between the two programs. If this claim is indeed true, then this coder might well be responsible for the trojan behind another botnet, named. According to, the code used in the Srizbi trojan is very similar to the code found in the Rustock trojan, and could well be an improved version of the latter. Srizbi trojan The Srizbi trojan is the program responsible for sending the spam from infected machines.

The trojan has been credited with being extremely efficient at this task, which explains why Srizbi is capable of sending such high volumes of spam without having a huge numerical advantage in the number of infected computers.Apart from having an efficient spam engine, the trojan is also very capable in hiding itself from both the user and the system itself, including any products designed to remove the trojan from the system. The trojan itself is fully executed in and has been noted to employ technologies to prevent any form of detection. By patching the, the trojan will make its files invisible for both the and any human user utilizing the system. The trojan is also capable of hiding it generates by directly attaching and drivers to its own process, a feature currently unique for this trojan. This procedure has been proven to allow the trojan to bypass both and protection provided locally on the system.Once the bot is in place and operational, it will contact one of the from a list it carries with it. This server will then supply the bot with a file containing a number of files required by the bot to start its spamming business. Jackson Higgins, Kelly (May 8, 2008).

Dark Reading. Retrieved 2008-07-20. ^ Pauli, Darren (May 8, 2008). Retrieved 2008-07-20.

Kovacs, Eduard (August 28, 2014). Retrieved 2016-01-05. Retrieved 2010-05-23. Popa, Bogdan (April 10, 2008).

Retrieved 2008-07-20. E. Dunn, John (May 13, 2008). Retrieved 2008-07-20. July 13, 2008. Retrieved 2008-07-20. July 23, 2007.

Retrieved 2014-08-05. Sacred 3 playable characters. Retrieved 2014-08-05. Retrieved 2014-08-05. Retrieved 2014-08-05.

Retrieved 2008-07-20. Retrieved 2008-07-20. Stewart, Joe. Retrieved 9 March 2016.

Higgins, Kelly Jackson (2008-04-07). Retrieved 2014-01-09.

Higgins, Kelly Jackson (2008-05-08). Retrieved 2014-01-09. Retrieved 2014-01-09. Retrieved 2014-01-09. Keizer, Gregg (July 5, 2007).

Archived from on May 22, 2008. Retrieved July 20, 2008. Stewart, Joe.

Retrieved 9 March 2016. Blog, TRACE (March 7, 2008). Marshal Limited. Retrieved 2008-07-20.

McKenzie, Grey (June 25, 2008). National Cyber Security. Archived from on August 28, 2008. Retrieved 2008-07-20. February 20, 2008. Retrieved 2008-07-20.

Keizer, Gregg (June 10, 2007). Archived from on May 16, 2008. Retrieved July 20, 2008. Keizer, Gregg (June 22, 2007). Archived from on May 16, 2008.

Retrieved July 20, 2008. October 12, 2006. Retrieved 2008-07-20. ^ Hayashi, Kaoru (June 29, 2007).

Retrieved 2008-07-20. Dan Goodin (2009-02-11). San Francisco: The Register.

Retrieved 2009-02-10. Cheng, Jacqui (October 31, 2007). ARS Technica. Retrieved 2008-07-20.

Paul, Ryan (December 6, 2007). ARS Technica. Retrieved 2008-07-20. Stewart, Joe. Retrieved 9 March 2016. Salek, Negar (June 25, 2008). Archived from on June 29, 2008.

Retrieved July 20, 2008. Protect Web Form Blog. May 19, 2008.

Archived from on October 24, 2010. Retrieved July 20, 2008.

Walsh, Sue (June 27, 2008). All Spammed Up. Retrieved 2008-07-20. Keizer, Gregg (November 26, 2008). Archived from on 2009-03-26. Retrieved 2009-01-24.