Security News

Ransomware criminals have posted trophy pictures on their Tor blog after attacking the police force for US capital Washington DC. The Metropolitan Police Department said it was "Aware of unauthorised access on our server" and had engaged the FBI to investigate, according to BleepingComputer. Babuk, a relatively new ransomware gang, claimed credit for the attack and claimed to have stolen 250GB of files from the force.

A recently observed malware botnet targeting Linux systems is employing many of the emerging techniques among cyber-criminals, such as the use of Tor proxies, legitimate DevOps tools, and the removal of competing malware, according to new research from anti-malware vendor Trend Micro. The researchers say the malware is capable of downloading all of the files it needs from the Tor anonymity network, including post-infection scripts and legitimate, essential binaries that might be missing from the environment, such as ss, ps, and curl.

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. In order to evade detection, Gafgyt tor uses Tor to hide its command-and-control communications, and encrypts sensitive strings in the samples.

Files appearing to originate from Qualys were dumped online this afternoon on the Tor blog of the Clop criminal extortionists. Ransomware gang specialist Brett Callow, of infosec biz Emsisoft, told The Register: "Entities that have had dealings with Qualys should be on high alert."

Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits. Onion domains visited by the browser to whatever DNS servers the software was configured to use for non-Tor websites, allowing whoever operates those DNS servers - or anyone who can snoop on the queries in transit - to figure out the kinds of hidden services frequented by an individual user.

Brave Browser is fixing a privacy issue that leaks the Tor onion URL addresses you visit to your locally configured DNS server, exposing the dark web websites you visit. To access Tor onion URLs, Brave added a 'Private Window with Tor' mode that acts as a proxy to the Tor network.

UPDATE. Hot on the heels of the Emotet takedown announced Wednesday, the NetWalker ransomware has also been partially disrupted by an international police action. The Department of Justice said Wednesday that it has brought charges "Against a Canadian national in relation to NetWalker ransomware attacks," while also seizing around $454,500 in cryptocurrency from ransom payments made by three separate victims.

Researchers at Sophos noticed recently that the operators of multiple ransomware families have been using a backdoor named SystemBC, which provides attackers a connection to compromised devices and which uses the Tor anonymity network to hide command and control communications. Designed with support for the execution of commands and to allow adversaries to download and execute scripts, executables, and DLLs, the backdoor is continuously evolving, with recent samples having switched from creating a SOCKS5 proxy to using the Tor network for communication purposes.

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. The SystemBC RAT has since expanded the breadth of its toolset with new characteristics that allow it to use a Tor connection to encrypt and conceal the destination of C2 communications, thus providing attackers with a persistent backdoor to launch other attacks.

The Tor Project, the research-education nonprofit organization that maintains software for the Tor anonymity network, has announced a membership program to secure funding that will allow them to "Be more agile" when it comes to software development. "Because we are a software development organization, relying only on grant funding, forces us into a development model that is slow and archaic. We can never execute solutions immediately in an agile way or experiment quickly with possible paths. We want to change that so we can respond to issues and start projects faster. And we can do that by increasing the number and amount of unrestricted contributions to the Tor Project."