Immunity Report 02/23

Immunity Security Highlights

2/2023

During February, all Immunity instances stopped almost 2 million threats.

Whalebone Immunity instances deployed in company networks stopped 1,912,061 threats during February. As January was weaker than the previous month, February is no different. Compared to the volume of threats from the previous month, the amount decreased by 19%.

1,635 devices safeguarded by Whalebone Immunity were protected from malicious communication with 2,333,087 unique domains. Without your protection, they might be abused and users’ sensitive data might have been stolen.

Coinminers are again getting more popular. Compared to the previous month, their activity increased massively by 368%. Coinminers are solving tough mathematical questions, which takes a lot of time and energy. Since hackers do not care about the electricity bills of their victims, the only factor there is for them is how much they can earn. It is more profitable to put their efforts elsewhere.

C&C domains are one of the few cathegories growing this monthy. We stopped 12,724 C&C communication attempts, growing by 1.6% since last month. These commandand-control centers attempt to enslave devices into networks of bots, i.e., botnets, and further take advantage of them for various malicious purposes. Users then experience that their internet connection and their devices get gradually slower, and their overall user experience is noticeably worse because of that. To make matters even worse, their devices might be and usually are used in harmful activities.

Spam domains are thrown in all directions in hopes that someone visits the link and gets tricked. The amount of spam is hard to predict, as can be seen in this month’s 49% decrease. Spam is one of the least sophisticated attack categories, nearly without any polish and with a worse click rate than what an average email marketing campaign. Yet, it is to remain here with us forever, because there is always someone who either accidentally clicks where they are not supposed to, or gets tricked, as we can see on the amount of blocked requests.

The impact of contemporary cyber threats can be severe. Your colleagues safeguarded by Whalebone Immunity can use the Internet without fear since they are protected at all times.

In total, 1,912,061 devices connected to company networks protected by Whalebone Immunity showed a security incident, but their activity was blocked, effectively disarming the threat.

Examples of threats from this month

Malware Mirai2 (also known as Mirai variant 2)

It is a type of malware that is used to create botnets consisting of infected Internet of Things (IoT) devices. It is a more advanced version of the original Mirai malware, which first appeared in 2016 and was responsible for a number of large-scale distributed denial-of-service (DDoS) attacks. This month we have blocked over 1,000 Mirai2 incidents.

Remote Access Trojan Agent Tesla

Tesla is an example of an advanced remote access trojan (RAT) that specializes in the theft and infiltration of sensitive information from infected machines. It can collect various types of data, including keystrokes and login credentials used in browsers and email clients used on infected machines. This threat has been blocked 280 times.

Marketplace scams — DPD and Zasilkovna

Popular shipping sites in the Czech Republic are routinely being impersonated by attackers who try to pry out personal data and passwords from the users who expect parcels. This month, multiple instances of someone trying to access fake DPD and Zasilkovna domains were blocked.

Whalebone

With