image
In 2021, the threat of ransomware has loomed large. In many ways, it’s exactly what cybersecurity experts expected (and predicted) after the major cyber attacks of 2020—including hospital ransomware attacks on a healthcare industry hard-hit by both ransomware and Covid-19. But in other ways, this surge is unprecedented. Because of our DNS filtering technology at DNSFilter, we are able to identify trends in malware and phishing domains on our network. Over the last year, we’ve seen traffic to domains categorized as malware rise and fall. Stepping back and looking at domain traffic to malware domains so far in 2021, we noticed a few spikes in traffic. Including a brief spike between January and February that coincided with the Silver Sparrow ransomware attack. Here, we’ll examine a few periods of time that had high traffic to malware domains on the DNSFilter network. Starting the year with a surge in malware traffic: Silver Sparrow and more In mid-February, the Silver Sparrow malware was detected on 30,000 Mac computers. This malware used installer packages leveraging the macOS Installer JavaScript API, which is unlike other malicious macOS installers that use pre-install or post-install scripts. The network component of this malware launched to execute a shell script that then downloaded a JSON file to disk from their C2 checking every hour. Silver Sparrow made liberal use of AWS S3 bucket infrastructure for distribution. On our network, malicious queries to related Silver…

Source