X-Industry

The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.

The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]

Since mid-2021, TrendMicro analysts have been investigating a threat actor called Earth Lusca (EL) that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes.  This group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 rese

Activity Summary - Week Ending on 21 January 2022:

• Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
• Microsoft IP hit again
• Analysts identified 4,093 new IP addresses participating in various Botnets
• SysJoker Backdoor
• Konni Campaign
• Take Down of VPNLab.net
• Russia shuts down REvil, huh?
• Brookings Blog on Russia
• SilverTerrier sent to the Kennel
• China and the Olympics
• Up-Date on Ukraine Hit

Link to full report: IR-22-021-001_weekly021.pdf

The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021.  Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan.  Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.  While ransom demands have ranged from $10,000 to $500,000, Diavol actors have

Cybersecurity is more than meets the eye.  Proper security contains several layers, including adequate training and technology, to meet HIPAA compliance guidelines. Healthcare organizations are responsible for implementing robust cybersecurity strategies to prevent cyberattacks.  The healthcare industry claims to prioritize cybersecurity efforts, yet 18% of organizations allocate only 1-2% of their IT budgets to cybersecurity.  Covered entities who choose not to prioritize proper cybersecurity l

In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet.  It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.”  A worldwide race to create or acquire cyber weapons was then just taking shape. 

Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites.  Posted

In the US, 5G services are planned for launch beginning 19 January 2022 using frequencies in a radio spectrum called the C-band.  These frequencies can be close to those used by radar altimeters, an important piece of safety equipment in aircraft.  Because the proposed 5G deployment involves a new combination of power levels, frequencies, proximity to flight operations, and other factors, the US Federal Aviation Administration (FAA) will impose restrictions on flight operations using certain typ

The Sygnia’s Incident Response team recently discovered a threat group conducting financial theft by subtly stealing millions of dollars from financial and commerce companies’ systems, all the while hiding in plain sight.  The criminal group operates inside the victims’ networks for months while studying their financial systems and injecting fraudulent transactions into regular activity.

Titled Elephant Beetle or TG2003, the cyber threat group does not develop new zero-day exploits to commit fin

Activity Summary - Week Ending on 14 January 2022:

• Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
• Microsoft IP’s in UK and N. Ireland hit
• Analysts identified 1,435 new IP addresses participating in various Botnets
• Rook Ransomware
• More Log4j
• Ukraine Cyber Bust
• UK NHS
• Who’s Winning?
• Google Docs
• The Electric Grid’s Hot Wires
• BLM suing LAPD

Link to full report: IR-22-014-001_weekly014.pdf

At the onset of the global pandemic, the UK’s Cambridge Cybercrime Centre observed a significant increase in murderous fantasies expressed online within the incel community.  An ‘incel’ is a member of an online subculture of people who define themselves as unable to get a romantic or sexual partner despite desiring one.  The level of online activity, as well as the tone, had grown increasingly threatening.  Fortunately, that level of violent ideation settled down over time but now has resurfacin

ONUS, the Vietnamese crypto trading platform, recently experienced an attack stemming from the Log4j vulnerability (CVE-2021-44228).[1] ONUS allows users to trade crypto currencies through their app which is available for iOS and Android. The organization has grown significantly in the past 18 months since the app’s launch in March of 2020, with a large portion of users in Vietnam, Nigeria, and the Philippines.[2]

Financial organizations and crypto platforms in particular are juicy targets for a

Considering the sensitive information it holds, it is no wonder that the financial services industry continues to be one of the most targeted critical infrastructure sectors by current cyber-criminals.  Recent societal and technological changes during 2021 have made matters worse.

The ongoing COVID-19 pandemic has created a ripe target field for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening

A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance:  https://www.brightcove.com   According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected real-estate-related sites.  At least 100 of them were successfully infected.

A full list of affected websites can be found here:
https://github.com/pan-unit42/iocs/blob/master/Skimmer

Mailing Malware.  You just can’t make this up: but the oldest cyber threat tactic is back again.   A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI.  The USB drives contain so-called 'BadUSB' attacks.  They were sent in the mail through the US Postal Service and United Parcel Service.  One type contained a message impersonating the US Department of Health and Human Ser

Activity Summary - Week Ending on 7 January 2022:

• Red Sky Alliance identified 25,112 connections from new IP’s checking in with our Sinkholes
• 227.12[.]174 x 182
• Analysts identified 1,148 new IP addresses participating in various Botnets
• (5) Ransomware Attack Techniques
• CVE-2021-42278 and CVE-2021-42287
• Lapsus$
• Omicrom Scams
• ONUS Attacked by a Log4j Version
• Insider Threats
• Walmart, Part II
• Sunrise Movement

Link to full report: IR-22-007-001_weekly007.pdf

Our friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies.  A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.

The APT is named Tardigrade and was publicly announced on 22 November 2021.  As with any

Cyber security investigators have reported that replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases in 2022.  The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original singular victim or may choose to cherry-pick from the most valuable potential targets.  This can save cy

US Department of Agriculture (USDA) analysts have reported that China, with less than 20% of the world's population has managed to stockpile more than half of the globe's corn and other grains, leading to steep price increases across the planet and dropping more countries into famine.  COFCO Group, a major Chinese state-owned food processor, runs one of China's largest food stockpiling bases, at the port of Dalian, in the northeastern part of the country.  It stores beans and grains gathered fr

When Facebook changed its name to “Meta Platforms” in October 2021,[1] the word ‘metaverse’ moved from the domain of techno geeks to the mainstream.  There is no single definition of the metaverse, which is a portmanteau word combining ‘meta’ meaning ‘beyond/after’ in Greek, and ‘universe’.  It is a hypothesized iteration of the internet.  The most common description of the metaverse is a virtual-reality space or an alternative economy or world in which users can interact with other users within

Humanoid robot called “Jia Jia” was created by a team of engineers from the University of Science and Technology of China and was presented at a conference in Shanghai at the beginning of 2017.  Jia Jia can hold a simple conversation and make specific facial expressions when asked, and her creator believes the eerily lifelike robot heralds a future of cyborg labor in China. This was five years ago and was billed as China’s first human-like robot.  2022 - The Brave New World is in full force.

Ji