As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques.
In first-of-its-kind research, Rapid7’s Dr. Stuart Millar, in collaboration with Kumar Shashwat, Francis Hahn and Prof. Xinming Ou, at the University of South Florida, studied the use of AI large language models (LLMs) to detect botnets’ use of TLS encryption by analyzing embedding similarities to weed out botnets within a sea of benign TLS certificates.
Read more…
Source: Rapid7
Related:
- FBI Agents’ Call And Text Logs Potentially Stolen In Data Breach
January 23, 2025
The FBI has raised alarm that hackers who breached AT&T’s system last year may have stolen months of agents’ call and text logs, which could potentially lead to the identities of anonymous informants connected to investigations. While the hackers did not access the content of conversations, the stolen call log metadata—records of who called whom, when ...
- N.B. Liquor stopped attempted cyber attack, CEO says
January 23, 2025
N.B. Liquor CEO Lori Stickles says the company’s security systems worked as intended during an attempted cyber attack this month. “We got the alert, we were able to basically put a choke hold on it by shutting our system down proactively,” Stickles said in an interview Thursday. Stickles was unable to provide details on how the ...
- Dangerous new botnet targets webcams, routers across the world
January 22, 2025
Cybersecurity researchers from the Qualys Threat Research Unit have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to build out a botnet. In a technical analysis, Qualys said the attackers were mostly exploiting CVE-2017-17215 and CVE-2024-7029, seeking to compromise AVTECH IP cameras, and Huawei HG532 routers. The botnet is essentially Mirai, although ...
- 7-Zip bug could allow a bypass of a Windows security feature – update now
January 22, 2025
A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...
- Conduent confirms outage was due to a cybersecurity incident
January 22, 2025
U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related ...
- Odds & Ends: Unraveling the Surebet Playbook
January 22, 2025
The global sports betting market has seen explosive growth in recent years, fueled by the rise of online gambling platforms, increased internet access and penetration, and the legalization of betting in numerous countries. As of 2023, research showed that the global sports betting market was valued at around $92.1 billion, with projections suggesting it could ...