As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques.
In first-of-its-kind research, Rapid7’s Dr. Stuart Millar, in collaboration with Kumar Shashwat, Francis Hahn and Prof. Xinming Ou, at the University of South Florida, studied the use of AI large language models (LLMs) to detect botnets’ use of TLS encryption by analyzing embedding similarities to weed out botnets within a sea of benign TLS certificates.
Read more…
Source: Rapid7
Related:
- UK National Crime Agency officer charged following alleged Bitcoin theft
March 13, 2025
An officer from the National Crime Agency (NCA) has been charged after the alleged theft of Bitcoin. Paul Chowles, 42, from Bristol, is charged with 15 offences relating to the alleged theft of 50 Bitcoin during an investigation into online organised crime, a spokeswoman for Merseyside Police said. According to the force, the cryptocurrency was worth ...
- Cisco Releases Security Advisories for Cisco IOS XR Software
March 13, 2025
Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system. CVE-2025-20138 is an ‘improper neutralization of special elements used in an OS Command’ vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated, remote attacker ...
- Head Mare and Twelve join forces to attack Russian entities
March 13, 2025
In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. kaspersky investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. This ...
- #StopRansomware: Medusa Ransomware
March 12, 2025
Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile ...
- Squid Werewolf cyber spies masquerade as recruiters
March 12, 2025
Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an industrial organization. A detailed analysis revealed that the attack had been carried out by Squid Werewolf ...
- Apple Releases Security Updates for Multiple Products
March 12, 2025
Apple has released security updates to address an exploited vulnerability in multiple Apple products. CVE-2025-24201 is an ‘out-of-bounds write’ vulnerability that could allow an attacker with maliciously crafted web content to break out of Web Content sandbox. The security update addressing CVE-2025-24201 is a supplementary fix for an exploited vulnerability that was addressed in iOS 17.2. ...