123Movies Streaming Website
According to experts from Deepfield Networks, who analyze network traffic, the shutdown of Megaupload was a big loss for the Internet. A loss in the literal sense of the word: in the first hours after the special operation on January 19, traffic in the World Wide Web decreased by 2-3%. Further consequences of the closure of one of the largest traffic generators are listed in the new report «Post-Megaupload filesharing», which was published by Deepfield Networks.
Before the arrest of the staff and servers of Megaupload, its share in the file-hosting market ranged from 30% to 40%. This is not that much, because file hosting by itself cannot even come close to the traffic from streaming and video services such as Netflix. So, at the end of 2011, video services generated 53.6% of all Internet traffic in North America, web surfing — 16.6%, and file-sharing was only in third place with 14.3%.
Note that in Europe the share of file sharing is much higher because many of the American video services do not work here so that users have much less opportunity to get legal content.
So, in the first days after the closure of Megaupload, experts drew attention to an unusual jump in the traffic of file-hosting sites.
Experts from Deepfield Networks confirm this observation and say that file-sharing traffic has been redistributed to other hosts, although many of them have made changes to their rules for posting pirated content, fearing to repeat the fate of Megaupload, and some services have completely closed the service for publishing files in the public domain. as Filesonic.
So what happened to the traffic?
The day before the arrest, the MegaVideo service was the largest file hosting on the Internet with 34.1% of traffic, followed by Filesonic with 19.1%.
The next day, when Megaupload ceased to exist, and Filesonic allowed only those files that you yourself uploaded to download from the site, the market changed significantly. 123Movies took the first place with a traffic share of 27.5%, NovaMov and MediaFire took the second and third places. Green on the graph shows traffic to sites, and red — traffic in the data centers where these sites are located.
Deepfield Networks experts analyzed the picture of network traffic in the data centers of seven hosting companies, which serve more than 80% of all file-sharing traffic on the Internet. Most of these data centers are located in Europe. Thus, after the closure of Megaupload with its American servers, file-sharing traffic largely migrated to Europe, which negatively affected the efficiency of the entire global network infrastructure...
As you can see from the diagrams, a significant part of the traffic went from the American data centers Carpathia Hosting to the European company Leaseweb with data centers in the Netherlands and other European countries. For Megaupload, more than 1000 servers and 25 petabytes of data were involved at Carpathia Hosting facilities, and another 700 Megaupload servers were hosted on Leaseweb.
Earlier this month, the Emotet botnet, which did not submit «signs of life» from February 2020, returned to duty with a new spam campaign. After observing the malware, cybersecurity specialists reported that the botnet had changed its main payload and is now distributing the QakBot (QBot) banking Trojan, which replaced the usual TrickBot botnet.
However, now unknown well-wishers are successfully sabotaging the botnet. Starting July 21, 2020, they replace Emotet payloads with animated GIFs, effectively preventing victims from getting infected. It is not yet clear who exactly is behind this action; it can be either competing hack groups or an unknown information security specialist.
Researchers from the group were the first to notice the strange activity. Cryptolaemus, which have been closely monitoring botnet activity for several years and are trying to counteract it. According to them, currently, about a quarter of all Emotet payloads are replaced with GIFs.’ kami, which caused a significant decrease in botnet activity.
What happens is directly related to how Emotet functions
For example, the botnet sends its potential victim's spam containing attachments or links leading to malicious Office files. If you open such a file and enable macros, the actual payload will be downloaded from the remote source to the user's machine.
The fact is that the botnet places such payloads mainly on hacked WordPress-based sites, which are accessed by Emotet operators through web shells. Moreover, cybersecurity experts have already discovered that cybercriminals use open source solutions for these purposes, and also use the same password for all web shells, thereby putting their infrastructure at risk..
Apparently, now someone managed to find out the same password, which is the same for all web shelves, and did not fail to use it. These «good samaritans» replace Emotet payloads on hacked WordPress sites with animated GIFs. Over the past three days, unknown people have replaced Emotet payloads with different GIFs’kami. The files are usually taken from Imgur or Giphy.
This week, the manufacturer of wearable electronics and navigation equipment, Garmin, was forced to temporarily disable a number of services. It looks like a ransomware attack was to blame, and the ransomware affected the company's internal network and some production systems...
Garmin is currently conducting large-scale «renovation work», to deal with the aftermath of an attack. Because of this, the official website, Garmin Connect user data synchronization service, aviation database service, as well as some production lines in Asia were temporarily disabled.
Call centers have also been affected by the outage, according to official reports posted on the company's website and Twitter, rendering the company unable to answer calls, emails, and online chats...
ZDNet reports that the incident caused many problems for the company's customers, as most of them regularly use Garmin Connect to synchronize their runs and cycling data with the company's servers..
However, problems with wearable devices – far from the worst thing that happened. Journalists write that the suspension of the flyGarmin service looks much more serious. This web service supports the company's line of aviation navigation equipment. And now that it is not working, the pilots have lost the ability to load aviation databases into the navigation systems of their aircraft. The fact is that in accordance with the requirements of the US Federal Aviation Administration, pilots are required to work only with an updated version of the OBD.. In addition, the Garmin Pilot app, which is used for scheduling and planning flights, is also temporarily unavailable...
Garmin representatives refused to confirm to reporters that the sudden shutdown of services was caused precisely by the ransomware attack while citing an ongoing investigation..
However, ZDNet writes that several Garmin employees have already shared the details of the attack on social networks, and they all call the incident a ransomware attack. Some employees associate this incident with a new ransomware WastedLocker, which appeared in the first half of this year. The journalists failed to confirm or deny these data, so at the moment – this is just a theory.
Meanwhile, the Taiwanese edition of iThome shared with readers an internal letter from Garmin, which states that the company's IT staff has been urgently dispatched to its Taiwanese factories, where July 24 and July 25 are scheduled «repairs». The Taiwanese edition's own sources also associate this incident with a certain «virus».
Experts «Kaspersky Labs» discovered a series of attacks by the North Korean hack group Lazarus (aka HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, and APT38) on Windows, Linux, and macOS devices. It turned out that at least since the spring of 2018, the group led operations using the advanced MATA framework.
The peculiarity of this framework lies in its multiplatform: it can attack a device regardless of which operating system it is running on (Windows, Linux, or macOS).
Researchers note that multiplatform malware tools — a rarity, since their development requires significant investments. Accordingly, they are not created for one-time use, but for long-term use. So, the MATA framework was spotted in attacks aimed at stealing company databases and infecting corporate networks with ransomware.
MATA consists of a loader program, a program for post-infection process management (orchestrator), as well as plugins.
Components of the Windows version of MATA
According to researchers, among the victims of MATA are organizations located in Poland, Germany, Turkey, South Korea, Japan, and India (including an unnamed software manufacturer, trading company, and Internet service provider).
However, the attackers do not intend to focus only on the listed countries. For example, this month Lazarus attacks in Russia were detected, during which the Manuscript backdoor was used. This tool has overlapped with MATA in the logic of working with the C&C server and the internal naming of components.
«After examining this series of attacks, we conclude that the Lazarus group is ready to invest heavily in tool development and that it is looking for victims around the world. Typically, attackers create malware for Linux and macOS if they already have enough tools to attack Windows devices. This approach is typical of mature APT groups. We believe that the authors of the MATA framework will improve it and implement attacks with anchoring to IoT devices in the corporate network, and remind organizations to strengthen data protection, since information — still the key and most valuable resource, which is most often the target of such attacks», — says Yuri Namestnikov, head of the Russian research center «Kaspersky Labs».
Watch online for free 123Movies websites: