X-Industry

Activity Summary - Week Ending 23 April 2021:

• Analysts identified 2,512 new IP addresses participating in various Botnets
• Red Sky Alliance identified 51,165 connections from new unique IP Addresses
• 33 new unique email accounts Compromised with Keyloggers were Observed
• Rocke Group Leverages SSH Keys
• To Whitelist, or Not to Whitelist - Packity Networks
• Cars Driving Themselves
• The UN and Cars
• Digital Twin
• Miami FL Auto Dealer Hit
• GND gaining Speed in Governments

Link to full report: IR-21-113-001

The US government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations by sneaking malicious code into widely used software. 

The US National Counterintelligence and Security Center (NCSC) recently warned that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an e

Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout recently reported.  Collectively called NAME:WRECK and identified in the DNS implementations of FreeBSD, Nucleus NET, IPnet, and NetX, the flaws could also be abused to perform denial of service (DoS) attacks, to execute code remotely, or take devices offline.

Devices ranging from smartphones, aircraft

For the second time in two years, the contents of the darknet payment card marketplace Swarmshop have been removed and posted to a competing underground forum, Group-IB reports. The content includes data on more than 600,000 payment cards as well as administrator, seller and buyer information.

While underground hacker forums get hacked from time to time, cardshop breaches do not happen very often. In addition to buyers' and sellers' data, such breaches expose massive amounts of compromised payme

While ransomware and leaky or completely unprotected databases dominated headlines, e-skimmers quietly made a killing. A major e-skimming compromise was discovered on Macy's in which hackers captured the payment information of a number of online shoppers. The retailer was not alone. American Outdoor Brands, Puma, Ticketmaster UK, British Airways, Vision Direct, Newegg, and many, many others were also infected by e-skimmers.

The best way to avoid getting skinned by e-skimming is standard issue. E

Recently, one Discord network search turned up 20,000 virus results, researchers found.  Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware.

The pandemic-induced shift to remote work drove business processes onto these collaboration platforms in 2020, and predictably, 2021 has ushered in a new level cybercriminal exper

The following is an overview over the popular Dread mega forum and its various (sub)sections as well as identifying potential areas of concern for cyber security specialists and companies alike. High-potential targets as well as their means of communication are being discussed and traced (as reliably as possible). Being a mega forum, Dread hosts a variety of sub forums that distinguish themselves on several dimensions, such as topic (e.g. exchange of leaked data, hacking services, drugs, etc.)

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.  Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.  Joker is a malware Trojan that targets Android users. It was packaged in at least two dozen applications that were downloaded from Google Play store over 400,000 times. The main p

Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

Purple Fox is the name of a malware downloader, a malicious program that proliferates other programs of this type.  This malware is used to infect systems with cryptocurrency mining programs.  Purple Fox can cause serious damage and must be uninstalled immediately.  An example of malware that could be installed through Purple Fox is ransomware.  These programs encrypt files and prevent victims from accessing them unless ransoms are paid or confidential information is disclosed and offered for sa

Astro Locker Team is a relatively new ransomware group observed over the past few months. Evidence suggests this group may be a rebranding or spin-off of the Mount Locker ransomware team. Astro Locker Team follows the emerging trend of both encrypting victim’s files as well as threatening to publish them online in order to extort payment. Even companies who are not hit directly by this group risk losing sensitive data if a member of their supply chain hosts/stores sensitive data on the supply ch

Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators.  Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.  Hades was named

Security researchers have linked a late 2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten.

See this article

The campaign is named BadBlood, because of its medical focus and the history of tensions between Iran and Israel–aimed to steal credentials of professionals specializing in genetic, neurology and oncology research

A San Diego-based artificial intelligence and data science company that helps lenders predict the trustworthiness of loan application information, recently published research detailing increased levels of attempted loan fraud in 2020, which the company believes could continue through 2021.  “The analysis and outlook from Point Predictive (PP) is essential reading to be prepared. For Elite Acceptance, the crucial trends to get ahead of are the dealer implications, such as a sale price inflation o

IcedID, also known as Bokbot is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. It is typically proliferated using another trojan called Emotet, which is often distributed using spam email campaigns. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

Microsoft is warni

Activity Summary - Week Ending 16 April 2021:

• Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
• Analysts identified 30,373 connections from new unique IP addresses
• 3,512 new IP addresses participating in various Botnets were Observed
• Security Researcher under Attack
• CISA’s New Tool – Aviary
• FormBook Malware
• State Sponsored APT
• Lazarus and Vyvera
• TiT-for-TaT is Never Good
• Myanmar and Taiwan Protests

Link to full report: IR-21-106-001_weekly_106.pdf

The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis

Researchers have discovered a new information-stealing Trojan, which targets Android devices with a blitz of data-exfiltration capabilities from collecting browser searches to recording audio and phone calls.   While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this clever new malicious app masquerades itself as a System Update application to take control of compromised devices.

"The spyware creates a notificati

A recent article from the University of Boston provides a very refreshing article about cyber technology helping the deaf.  The words “joke” and “ruin” might not rhyme in English - but, thanks to a new, interactive database of American Sign Language (ASL), called ASL-LEX 2.0[1], we can now see that these two words do in fact rhyme in ASL.

“In ASL, each word has five linguistic parameters: handshape, movement, location, palm orientation, and non-manual signs.  Rhymes involve repetition based on o

The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place.  The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely.  Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working