swinog October 2016

swinog@lists.swinog.ch

20 participants
13 discussions

E-Mail Hacks
by Mike Kellenberger 08 Oct '16

08 Oct '16

Hi all I might be slightly off-topic here, because it's not a network issue, but it might be of interest to some of you anyway and maybe you've had customers which were affected as well. I don't know if this ploy is new, but after having two customers affected within one week, I suspect it is. The customer receives an e-mail with an invoice from his supplier, which he trusts and has worked with in the past. Shortly after this e-mail he receives another e-mail from the same sender and in the exact same layout stating that the company has a new bank account and that this account should be used. The second e-mail is forged of course. We haven't beeen able to find out where the original mail gets captured (most likely on the suppliers client, because in one case, more than one customer of the supplier was affected). The fraudulent bank account was in UK in both cases, in one case the amount was around CHF 6K, where the UK authorities did not get active, in the second case it was a 6 digit amount... That case is still ongoing. The fraudulent bank account was already closed again in both cases when the customer realized that his transaction had gone to the wrong account (usually after the supplier asked if the money had not been transferred yet). Have you had similar cases? Regards, Mike -- Mike Kellenberger | Escapenet GmbH www.escapenet.ch +41 52 235 0700/04 Skype mikek70atwork

5 4

DDOS >1Tbps - Swiss-wide (regional) BGP propagation?!
by Fredy Kuenzler 03 Oct '16

03 Oct '16

Since we see >1Tbps DDOS attacs in the wild, I suppose out-of-the-box DDOS mitigation suppliers have lost this race. There is no operator in Switzerland which can handle 1Tbps DDOS attacks. When we saw DDOS against digitec.ch and others earlier this year, I was a bit surprised that none of the so called "experts" proposed regional BGP propagation as a remedy. Given that e-commerce such as digitec.ch is assumingly making 99.9% of the revenue within Switzerland, their prefix doesn't need to reachable from all over the world. If the prefix of a Swiss e-commerce would be reachable from Swiss broadband providers only, the DDOS is mitigated, as the vast majority of the botnet is lacking a route to the targeted victim IP address. To achieve this I think we need a collaborative community effort setting up a common procedure and define a BGP communitiy with the effect "do not announce beyond Switzerland". An e-commerce should be able to hit the button injecting this defined BGP community when under attack (or permanently, of course). I suppose to make this idea a success we need to have all major operators in Switzerland on board (3303, 6730, 6830) and I suppose the smaller operators will follow in their own interest to avoid blackholes. Anyone? I think it's good if a somewhat "neutral body" with decent BGP knowledge could take the lead for such a working group, maybe SWITCH or SwissIX? -- Fredy Kuenzler --------------------- Fiber7. No Limits. https://www.fiber7.ch --------------------- Init7 (Switzerland) Ltd. AS13030 St.-Georgen-Strasse 70 CH-8400 Winterthur Skype: flyingpotato Phone: +41 44 315 4400 Fax: +41 44 315 4401 Twitter: @init7 / @kuenzler http://www.init7.net/

9 14

Krebs: Source Code for IoT Botnet ‘Mirai’ Released
by Jeroen Massar 01 Oct '16

01 Oct '16

https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-releas… And now the script kiddies have their hands on it... Enjoy that Internet... Greets, Jeroen

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog October 2016