germany - X-Industry - Red Sky Alliance2024-03-28T10:09:56Zhttps://redskyalliance.org/xindustry/feed/tag/germanyAuchtung !!https://redskyalliance.org/xindustry/auchtung2024-03-06T12:55:00.000Z2024-03-06T12:55:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12397806069,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12397806069,RESIZE_400x{{/staticFileLink}}" width="215" alt="12397806069?profile=RESIZE_400x" /></a>Russia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles.</p>
<p>The 38-minute conversation, which took place on 19 February 2024, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comrades in uniform.” The intercepted conversation reportedly took place using Webex, a consumer-grade web conferencing software, rather than on a secured military system.</p>
<p>It features the head of the German air force, LT GEN Ingo Gerhartz, discussing preparations and methods to supply Taurus missiles to Ukraine, and then support the Ukrainian Armed Forces in using the missiles, while observing that the federal Chancellor Olaf Scholz is continuing to block the move.<a href="#_ftn1">[1]</a> Scholz has argued that the air-launched missiles, which have a range of around 500 km, about the distance from Ukraine’s border to Moscow, could escalate the conflict and risk Germany becoming directly involved in the war. The chancellor’s position is a cause of division in his three-party coalition government, with his coalition partners repeatedly arguing in favor of providing the Taurus missiles.</p>
<p>According to the material published by Simonyan, the Bundeswehr has considered several steps to insulate Germany from the repercussions of Ukraine using the cruise missiles, referencing controls that the British and French have in place when supplying their own Storm Shadow and Scalp-EG cruise missiles. Among the claims attributed to Gerhartz were that there were British personnel deployed to Ukraine. The British Ministry of Defense declined to comment on the matter.</p>
<p>It is not clear whether all of the conversation published by Simonyan, who has a history of spreading falsehoods, is authentic. A spokesperson for the German ministry of defense said, "According to our assessment, a conversation in the air force division was intercepted. We are currently unable to say for certain whether changes were made to the recorded or transcribed version that is circulating on social media.”</p>
<p>While the leak is likely to amplify divisions in Berlin and raise embarrassing questions about the security of German military communications, the relatively overt nature of the information operation could potentially encourage solidarity among those being targeted.</p>
<p>Boris Pistorius, Germany’s defense minister, said on 3 March, “The incident is much more than just the interception and publication of a conversation. It is part of an information war that Putin is waging. It is a hybrid disinformation attack. It is about division. It is about undermining our unity.”</p>
<p>Following the leak, the Russian foreign ministry said it “demanded an explanation from Germany” without stating what it was demanding an explanation about.</p>
<p>This article is presented at no charge for educational and informational purposes only.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/</li>
<li>Website: https://www. redskyalliance. com/</li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/german-air-force-conversation-leaked-russia/">https://therecord.media/german-air-force-conversation-leaked-russia/</a></p></div>Bangladesh Electionshttps://redskyalliance.org/xindustry/bangladesh-elections2024-01-12T14:55:00.000Z2024-01-12T14:55:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12356665288,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12356665288,RESIZE_400x{{/staticFileLink}}" width="250" alt="12356665288?profile=RESIZE_400x" /></a>An official at the Bangladesh Election Commission has claimed that a cyber-attack “from Ukraine and Germany” caused an election information app to crash as voters went to the polls on 8 January. There has not been an allegation that the incident affected votes in the country, where incumbent Prime Minister Sheikh Hasina secured her fourth straight term in office after a record low turnout, as reported by BBC News.</p>
<p>Hasina, who has held power since 2009, is currently the longest-serving female head of government in the world. Her government has faced criticism from the international community, including the United Nations, amid allegations of human rights abuses and extrajudicial killings. “Her long reign in power has been marked by arrests of opposition leaders, crackdowns on free speech and suppression of dissent,” as Reuters reported.</p>
<p>The country’s main opposition, the Bangladesh Nationalist Party (BNP), boycotted the general election on the grounds that the vote would be rigged. BBC News reported that while official figures for Sunday’s vote put turnout at around 40%, critics have claimed even that figure may be inflated. Bangladesh has about 120 million eligible voters.<a href="#_ftn1">[1]</a></p>
<p>Mohammed Jahangir Alam, the Election Commission’s official secretary, told journalists on Sunday that the election app had been “slowed down from Ukraine and Germany,” without specifying the nature of the cyberattack. “Our team has been working round the clock to fix the issue. Although the app is functioning slowly, it’s still working,” said Alam. The app, Smart Election Management BD, was not essential for voting. It provided “historical and current data on electoral candidates and associate parties” alongside updates on how many votes had been cast.</p>
<p>Although not formally confirmed, the incident as described by Alam may have been a distributed denial of service (DDoS) attack, an unsophisticated type of cyber nuisance that works by flooding targeted network resources with junk requests, making them unreachable.</p>
<p>The nature of the attack was not disclosed; however it is not possible to spoof the source IP address in an application-layer DDoS that is sending HTTP requests to the target server.</p>
<p>Cloudflare, which has historically included Germany and Ukraine among the largest sources of DDoS traffic, although both accounted for far less traffic than China and the United States, said this “usually indicates the presence of botnets operating from within the country's borders.”</p>
<p>Allegations of foreign interference - Prior to the election, both of the main political parties have made claims and counter-claims about foreign states attempting to influence the vote. Thousands of BNP activists have been arrested following rallies that turned violent, something which the party alleged was instigated by government provocateurs. Arrest warrants are outstanding for many of the party’s senior figures, some of whom live in exile.</p>
<p><a href="{{#staticFileLink}}12356665492,RESIZE_400x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}12356665492,RESIZE_400x{{/staticFileLink}}" width="388" alt="12356665492?profile=RESIZE_400x" /></a>The BNP accused Russian foreign ministry spokeswoman Maria Zakharova of interference after she claimed that the party’s rallies were being sponsored by the US government in a bid to secure Bangladesh’s support for the US Indo-Pacific strategy. The chief commissioner at the Bangladesh Election Commission has also alleged that “Western nations, including the US, are trying to influence the course and results of the general elections in Bangladesh.”</p>
<p>Following the 8 January vote, Andrei Shutoff, a Russian election observer, reportedly warned: “In case the USA is not satisfied with the results of the people’s vote, attempts to further destabilize the situation in Bangladesh along the lines of the Arab Spring are likely.”</p>
<p>See Election Integrity: <a href="https://redskyalliance.org/xindustry/beware-of-info-manipulation-tactics-for-2022-midterm-elections">https://redskyalliance.org/xindustry/beware-of-info-manipulation-tactics-for-2022-midterm-elections</a></p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/bangladesh-election-information-app-alleged-cyberattack/">https://therecord.media/bangladesh-election-information-app-alleged-cyberattack/</a></p></div>Doppelgänger Doubling Downhttps://redskyalliance.org/xindustry/doppelganger-doubling-down2023-12-08T14:00:00.000Z2023-12-08T14:00:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12309889482,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12309889482,RESIZE_400x{{/staticFileLink}}" width="250" alt="12309889482?profile=RESIZE_400x" /></a>Researchers have tracked more activity by an influence campaign linked to Russia that spreads disinformation and propaganda in the US, Germany and Ukraine through a vast network of social media accounts and fake websites.</p>
<p>The campaign, attributed to the Russia-linked influence operation network called Doppelgänger, has been active since at least May 2022. The US tech company Meta previously referred to Doppelgänger as the “largest” and “most aggressively persistent” malign network sponsored by Russia.<a href="#_ftn1">[1]</a></p>
<p>Researchers are currently tracking over 2,000 inauthentic social media accounts associated with Dopplegänger, but say the actual number could be even higher. According to Insikt, the impact of Doppelgänger's activity on users in Germany, Ukraine, and the US is limited. “Despite the campaign’s high volume, we did not identify any significant engagement from authentic social media users,” researchers said in a report published earlier this week. “Viewership and other engagement metrics reshares, likes, and replies were negligible across the network.”</p>
<p>And yet, Doppelgänger’s activity is worth paying attention to, researchers said, as its operators are constantly improving their tools and tactics and are “willing to invest in extra measures to evade detection.” Meta warned last week that foreign groups are looking to expand their influence operations as 2024 is an important year for elections around the world. Insikt did not specify which social media networks the Doppelgänger operation used.</p>
<p>Fake tales of decline - In the campaign analyzed by Insikt, Doppelgänger focused on three targets: Ukraine, Germany and the US. In an operation against Ukraine, a Russia-linked threat actor created over 800 social media accounts that shared links to fake articles impersonating multiple reputable Ukrainian news organizations. These articles “spread narratives undermining Ukraine’s military strength, political stability, and international relationships with Ukraine’s Western allies.” For example, some of them suggested that the US prioritizes the war in Israel more than the one in Ukraine or sowed doubts about Ukraine’s ability to win the war.</p>
<p>In a campaign that targeted Germany and the US, a Russian network operator created fake news outlets producing propaganda content, which was then shared on social media, the researchers said.</p>
<p>Unlike impersonating existing Western news sources, as commonly seen with Doppelgänger so far, these outlets appear to be an attempt to create seemingly new and original sources, researchers said. “This evolving approach likely aims to establish a long-term influence network by evading detection efforts to identify inauthentic impersonators.”</p>
<p>The campaign’s goal in Germany was to share fake narratives of “Germany’s domestic decline due to migration, economic policies, and continued support for Ukraine,” Insikt said.</p>
<p>In the US, the threat actor promoted hostile articles criticizing the LGBTQ+ movement (which was recently outlawed in Russia) and raised doubts about U.S. military competence. One of the fake websites linked to Doppelgänger produced election-related content, which was likely generated by artificial intelligence (AI). “This campaign likely intends to exploit US societal and political divisions ahead of the 2024 US election,” researchers said.</p>
<p>Kremlin-approved tactics - Influence operations like Doppelgänger are common tactics used by Russia as part of its information warfare.</p>
<p>Doppelgänger was previously linked to two Russian companies: Structura National Technologies and Social Design Agency, whose clients include several Russian government agencies, local government entities, state-owned enterprises and private companies. Both companies were sanctioned by the European Union in August for their involvement in Doppelgänger.</p>
<p>In November, the US government also linked these two entities to a disinformation campaign across Latin America aimed at undermining support for Ukraine and discrediting the US and NATO. </p>
<p>In its previous campaigns, Doppelgänger also targeted the US and seven European countries, with a specific focus on Germany and France. The network’s most common tactic is the impersonation of media outlets or political organizations, such as the French Ministry of Public Affairs, the German Ministry of the Interior, and the North Atlantic Treaty Organization (NATO). </p>
<p>The network’s evolution indicates that it can “have long-term societal impacts,” while the likely use of generative AI to create written content demonstrates “the evolving use of AI in Russian information warfare campaigns. As the popularity of generative AI grows, malign influence actors, including Doppelgänger, will very likely increasingly leverage AI to produce scalable influence content,” researchers said.</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We can help provide cyber insurance through Cysurance. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/doppelganger-influence-operation-new-activity/">https://therecord.media/doppelganger-influence-operation-new-activity/</a></p></div>288 - Bustedhttps://redskyalliance.org/xindustry/288-busted2023-05-07T18:10:00.000Z2023-05-07T18:10:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11063043680,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11063043680,RESIZE_400x{{/staticFileLink}}" alt="11063043680?profile=RESIZE_400x" width="250" /></a>Europol reveals German law enforcement was behind the ‘Monopoly Market’ takedown. Europol announced on 2 May 2023 that 288 suspects involved in drug trafficking on the Darknet marketplace “Monopoly Market” have been arrested globally following an unannounced takedown in December 2021. The announcement is the first confirmation that Monopoly Market’s disappearance was the result of law enforcement action.</p>
<p>Users across multiple forums had previously expressed concerns about being victims of an exit scam, where marketplace administrators simply disappear with customers’ funds. Europol said German authorities seized Monopoly Market’s infrastructure more than two years ago, allowing the agency to create intelligence packages that were shared with international partners across Europe as well as in the United States and Brazil.<a href="#_ftn1">[1]</a></p>
<p>It is not clear which German authorities were behind the seizure, although Europol described it as happening alongside the seizure of the Hydra marketplace’s infrastructure. Unlike in the Hydra takedown, however, law enforcement did not replace Monopoly Market’s darknet site with a splash page.</p>
<p>The change in investigative tactics netted a record number of arrests for the operation, beating the 150 arrested following the takedown of DarkMarket, and 179 following the takedown of Wall Street Market.</p>
<p>A spokesperson from the general prosecutor's office in Frankfurt, Germany said, “There was no press release at the time the marketplace was shut down in December 2021, as (foreign) investigations were still pending, which should not be jeopardized by a statement.”</p>
<p>In a 2 May news conference, US officials framed the operation within the Biden administration's broader effort to crack down on illegal fentanyl distribution. The pills sold on Darknet marketplaces are often counterfeit and laced with a powerful opioid, the US Attorney General said. He acknowledged that no single operation against Darknet markets will stop the underground economy, but he said law enforcement agencies have noticed that taking out a market does “disrupt the situation for some time. “There is a bit of a Whac-a-Mole problem here, and we are whacking as hard as we can,” he reiterated. “We are getting more and more sophisticated and more and more capable of finding both the perpetrators and the victims and the customers.”</p>
<p>Beyond arrests and seizures of servers, it’s important for governments to warn people about the dangers of buying illegal drugs online, said an FBI Deputy Director. “We're really focused on reaching out to potential victims and better informing them and bringing awareness to the public so that people can put themselves in the best position to protect their own lives,” he said.</p>
<p><u>Number of SpecTor arrests</u>:</p>
<ul>
<li><em>United States: 153</em></li>
<li><em>United Kingdom: 55</em></li>
<li><em>Germany: 52</em></li>
<li><em>The Netherlands: 10</em></li>
<li><em>Austria: 9</em></li>
<li><em>France: 5</em></li>
<li><em>Switzerland: 2</em></li>
<li><em>Poland: 1</em></li>
<li><em>Brazil: 1</em></li>
</ul>
<p><a href="{{#staticFileLink}}11063044062,RESIZE_1200x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}11063044062,RESIZE_584x{{/staticFileLink}}" alt="11063044062?profile=RESIZE_584x" width="500" /></a>US and Europol officials noted that online drug dealers often use multiple venues. “The vendors arrested as a result of the police action against Monopoly Market were also active on other illicit marketplaces, further impeding the trade of drugs and illicit goods on the dark web,” Europol said.</p>
<p>Europol reported the operation seized more than €50.8 million ($53.4 million) in cash and virtual currencies, as well as 850kg of drugs, including over 258 kg of amphetamines, 43kg of cocaine, 43kg of MDMA and over 10 kg of LSD and ecstasy pills, alongside 117 firearms. It added that several of the suspects were considered “high-value targets” by police, and that investigations to identify additional people behind dark web accounts were still ongoing.</p>
<p>Law enforcement agencies labeled the sweep as Operation SpecTor, after the Tor browser that allows access to the dark web. The DarkMarket operation was called DarkHunTor and the Wall Street Market operation was dubbed DisrupTor.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://therecord.media/monopoly-market-arrests-germany-takedown/">https://therecord.media/monopoly-market-arrests-germany-takedown/</a></p></div>Achtung: Bitmarck Hithttps://redskyalliance.org/xindustry/achtung-bitmarck-hit2023-05-06T13:20:00.000Z2023-05-06T13:20:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11056466471,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11056466471,RESIZE_400x{{/staticFileLink}}" alt="11056466471?profile=RESIZE_400x" width="250" /></a>The German IT service provider BITMARCK announced on 30 April it had taken all its systems offline due to a cyberattack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK. The company immediately reported the incident to the responsible authorities.<a href="#_ftn1">[1]</a></p>
<p>The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts.</p>
<p>“BITMARCK has identified a cyber-attack. Our early warning systems have reported an attack on BITMARCK’s internal systems. As part of our security protocol, BITMARCK then took customer and internal systems offline and carried out an impact analysis,” reads the announcement published by the company. “BITMARCK is currently taking systems back online step by step in accordance with a structured, security and priority-oriented process.”</p>
<p>The company excludes data breaches, as it pointed out that the patient data stored in the EHR was and is never endangered by the attack.</p>
<p>The service provider’s statement said that the services that are already available or will be available shortly include the digital processing of electronic certificates of incapacity for work (eAU) and access to the electronic patient file (ePA).</p>
<p>The bad news is the disruptions are not ended and will likely cause considerable restrictions in day-to-day business for the foreseeable future.</p>
<p>“BITMARCK and the statutory health insurance companies plan and carry out the necessary measures under the proviso that essential services are impaired as little as possible. Whenever possible, alternative procedures will be made available.” concludes the statement. “We very much regret the inconvenience caused to our customers, service providers and insured persons and are working to restore the systems as quickly as possible.”</p>
<p>In January, Bitmarck suffered a data breach that impacted more than 300,000 insurance policyholders.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://securityaffairs.com/145568/hacking/bitmarck-cyberattack.html">https://securityaffairs.com/145568/hacking/bitmarck-cyberattack.html</a></p></div>Achtung! Cyber Bust in Germanyhttps://redskyalliance.org/xindustry/achtung-cyber-bust-in-germany2023-03-14T11:40:00.000Z2023-03-14T11:40:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10997026087,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10997026087,RESIZE_400x{{/staticFileLink}}" alt="10997026087?profile=RESIZE_400x" width="250" /></a>North Rhine-Westphalia Polizei reported on 06 March 2023, that they have disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years, raking in millions of euros and US Dollars. Working with law enforcement partners including Europol, the US FBI and authorities in Ukraine, police in Duesseldorf said they were able to identify 11 individuals linked to a group that has operated in various guises since at least 2010.</p>
<p>The gang allegedly behind the ransomware, known as DoppelPaymer, appears tied to Evil Corp, a Russia-based syndicate engaged in online bank theft well before ransomware became a global scourge.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/russian-evil-corp-criminals-possibly-evolved-into-cyber-spies">https://redskyalliance.org/xindustry/russian-evil-corp-criminals-possibly-evolved-into-cyber-spies</a></p>
<p>Among its most prominent victims were Britain’s National Health Service (NHS) and Duesseldorf University Hospital, whose computers were infected with DoppelPaymer in 2020. A woman who needed urgent treatment died after she had to be taken to another city for medical treatment.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/nhs-under-constant-attack">https://redskyalliance.org/xindustry/nhs-under-constant-attack</a></p>
<p>Ransomware is the world’s most disruptive cybercrime. Gangs mostly based in Russia break into networks and steal sensitive information before activating malware that scrambles data. The criminals demand payment in exchange for decryption keys and a promise not to dump the stolen data online. In a 2020 alert, the FBI said DoppelPaymer had been used since late 2019 to target critical industries worldwide including healthcare, emergency services and education, with six and seven figure ransoms routinely demanded.</p>
<p>An analyst stated DoppelPaymer has published data stolen from about 200 companies, including in the US defense sector, which resisted payment. DoppelPaymer’s suspected connection through Evil Corp to the Russian FSB, the successor to its infamous KGB spy agency, “the bust could provide law enforcement with some exceptionally valuable intel,” the German police said.<a href="#_ftn1">[1]</a></p>
<p>The chief of the cybercrime department with North Rhine-Westphalia state police, said at least 601 victims have been identified worldwide, including 37 in Germany. Europol said victims in the United States paid out at least 40 million euros (US$42.5 million) to the gang between May 2019 and March 2021 to release important data that was electronically locked using the malware. The group specialized in “big game hunting,” he said, and ran a professional recruitment operation, luring new members with the promise of paid vacation and asking applicants to submit references for past cybercrimes. Police agencies conducted simultaneous raids in Germany and Ukraine on 28 February 2023, seizing evidence and detaining several suspects. Three additional suspects could not be apprehended as they were beyond the reach of European law enforcement, the plice said.</p>
<p>German police identified the fugitives as Russian citizens Igor Turashev, 41, and Irina Zemlyanikina, 36, and 31-year-old Igor Garshin, who was born in Russia but whose nationality was not immediately known. Turashev is wanted by US authorities since late 2019 in connection with cyberattacks carried out using a predecessor to DoppelPaymer, known as BitPaymer, that is linked to Evil Corp. The US government offered a US$5 million reward in 2019 for information leading to the capture of its alleged leader, Maxim Yakubets.</p>
<p>Source: <a href="https://www.msn.com/en-ie/news/world/germany-%E2%80%93-hacker-group-responsible-for-more-than-600-attacks-worldwide-identified/ar-AA18jXec">Germany – Hacker group responsible for more than 600 attacks worldwide identified (msn.com)</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://redskyalliance.org/main/search/search?q=doppelpaymer">https://redskyalliance.org/main/search/search?q=doppelpaymer</a></p></div>Hospitals are in the Scopehttps://redskyalliance.org/xindustry/hospitals-are-in-the-scope2023-01-01T17:30:00.000Z2023-01-01T17:30:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10921891279,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10921891279,RESIZE_400x{{/staticFileLink}}" alt="10921891279?profile=RESIZE_400x" width="250" /></a>Hospitals on the front line of cyberattacks are increasingly strained under the often deadly conditions created by such hacks. Capitalizing on the chaos of the COVID-19 pandemic, cyber criminals frequently shut down hospital networks at a time when they were overwhelmed, leading to limited emergency services, canceled surgeries, and a spike in deaths. Hackers used to treat hospitals as ‘off limits.’ Not the case anymore.</p>
<p>Cyber-attacks have long been viewed as less lethal than missile strikes, but as cyber strikes hit hospitals and take lives, the calculus for how to respond could be changing. The national adviser for cybersecurity and risk at the American Hospital Association, recently said that it's time "to view these types of attacks, ransomware attacks on hospitals, as threat-to-life crimes, not financial crimes." Some of the most common strikes against medical facilities, ransomware attacks occur when hackers encrypt networks and demand payment to unlock them.<a href="#_ftn1">[1]</a> Mortality rates increased after a ransomware attack at a quarter of the 600 healthcare facilities surveyed in a 2021 study from Proofpoint and the Ponemon Institute.</p>
<p>A ransomware attack in 2020 forced a Düsseldorf, Germany, hospital to close its emergency department, and a patient died in an ambulance while being sent to another hospital. Red Sky Alliance has previously reported on this and other life threating cyber-attacks in 2021 and 2022.</p>
<p>A woman sued an Alabama hospital in 2020 after the death of her infant, claiming that doctors did not perform necessary pre-birth testing due to a cyberattack at the hospital. The baby was subsequently born with the umbilical cord around its neck, which led to brain damage and the baby's death a few months later, she argued.</p>
<p>Cyberattacks against hospitals have also been on the rise. "Unfortunately, 2022 appears to be another record year in terms of the volume of attacks against US healthcare and the volume of sensitive patient information which has been either stolen or compromised by these foreign-based cyber adversaries," the AHA said.</p>
<p>While most of the damage from US cyberattacks is still to individuals' data or businesses' profits, the federal government has a list of 16 "critical infrastructure" categories, where a cyber strike could cause a major breakdown in civilian services, including healthcare.</p>
<p>The Biden Administration stated it plans to make hospital cybersecurity a priority in 2023. More politics or real criminal statutes. Speaking on condition of anonymity, a senior administration official said that actions could include issuing executive orders to mandate healthcare cybersecurity standards or supporting legislation on the topic. "Hospitals are a very targeted sector … it's something we're significantly concerned about," the official said.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/ </li>
<li>Website: https://www. wapacklabs. com/ </li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.newsmax.com/newsfront/cyberattack-hospitals-ransomware/2022/12/28/id/1102215/">https://www.newsmax.com/newsfront/cyberattack-hospitals-ransomware/2022/12/28/id/1102215/</a></p></div>Achtung - DIHKhttps://redskyalliance.org/xindustry/achtung-dihk2022-08-08T15:01:21.000Z2022-08-08T15:01:21.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10756233674,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10756233674,RESIZE_400x{{/staticFileLink}}" width="250" alt="10756233674?profile=RESIZE_400x" /></a>“Due to a possible cyberattack, the German Chambers of Industry and Commerce (DIHK) has shut down its IT system as a precautionary measure for security reasons. We are currently working intensively on a solution and defense. After testing, the IT systems are successively started up so that the services for companies are then available again,” it said last week. DIHK said it would inform the public as soon as the security of their systems had been fully restored.<a href="#_ftn1">[1]</a></p>
<p>“We will inform you on this website and other channels which applications are functional again. As soon as the security of our systems has been fully restored, you will, of course, also be informed,” DIHK said last week. </p>
<p>The DIHK’s chief executive described the cyberattack as massive. “Unfortunately, a serious IT security incident occurred yesterday (4 August). The DIHK organization was subjected to a massive cyber-attack. As a security measure, all Internet connections were blocked immediately,” he said on LinkedIn. “As a result, the website of the IHK Mittleres Ruhrgebiet cannot be reached, and the communication channels via telephone and e-mail have been switched off. Accordingly, digital services are currently not available.” He could not say for how long the measures would be necessary.</p>
<p>The attack, which appears to be a ransomware incident, was having downstream effects on the 79 local arms of the organization. The DIHK offices in Frankfurt, Cologne, Berlin, Lippe and more released statements online confirming that their phone systems were back up and running but that other systems were still down.</p>
<p><em>Update: Wir sind leider weiterhin nicht via Mail erreichbar, auch die Internetseite ist down. Aber: Telefonisch sind wir erreichbar. Die zentrale Rufnummer lautet 0221-1640 0. Auch vor Ort sind wir persönlich erreichbar, in Zentrale und Geschäftsstellen. </em><em>— IHK Köln (@ihkkoeln) August 5, 2022</em></p>
<p>Attacks on German organizations have increased over the last year. In April, the LockBit ransomware group attacked popular German library service Onleihe. The same month, German wind farm operator Deutsche Windtechnik was hit by a cyberattack, while German wind turbine maker Nordex was forced to shut down its IT systems across multiple locations and business units after it was hit with a cyberattack in March. Not long before, a cyberattack on satellite communications company Viasat caused the malfunction of 5,800 Enercon wind turbines in Germany. Oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls, suffered a cyberattack that crippled their loading and unloading systems in February. The attacks forced Shell to reroute oil supplies to other depots.<a href="#_ftn2">[2]</a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://cybernews.com/news/german-chambers-of-industry-and-commerce-hit-by-a-massive-cyberattack/">https://cybernews.com/news/german-chambers-of-industry-and-commerce-hit-by-a-massive-cyberattack/</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://therecord.media/massive-cyberattack-hits-german-chambers-of-industry-and-commerce/">https://therecord.media/massive-cyberattack-hits-german-chambers-of-industry-and-commerce/</a></p></div>German Arrest Warrantshttps://redskyalliance.org/xindustry/german-arrest-warrants2022-07-29T14:11:21.000Z2022-07-29T14:11:21.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10732911664,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10732911664,RESIZE_400x{{/staticFileLink}}" width="250" alt="10732911664?profile=RESIZE_400x" /></a>In the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies. Specifically, the hackers sought out electricity and water supply systems. After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.</p>
<p>This state backed hacker is said to belong to a hacker group that IT security companies call “Berserk Bear” or “Dragonfly.” The US Department of Justice (DOJ) currently assumes that these hackers work for the Russian secret service FSB, more precisely for the “Center 16” department, which is based in Moscow. According to an indictment by DOJ, these hackers intended to enable the Russian government to “interrupt and damage important power generation facilities if desired.” </p>
<p>A German non-public arrest warrant: Pawel A. is held responsible for hacking the network of Netcom BW in the summer of 2017. In September 2021, more than four years later, the German Attorney General in Karlsruhe obtained an arrest warrant. To this day it is not officially public. </p>
<p>Victim company Netcom BW belongs to the EnBW power group and provides the fiber optic expansion as well as routing important internal data for EnBW about the power supply via a specially secured network. The hackers managed to access the Internet traffic via a vulnerability in the routers from Netcom BW. <a href="#_ftn1">[1]</a></p>
<p>EnBW stated that the hackers had previously attacked an external service provider, “Its infrastructure was compromised as a result.” The hackers then gained access to the management system of Netcom BW’s public telecommunications network via a maintenance access. “The EnBW electricity and gas network control was never affected, as this is managed in a separate, specially secured network,” said the company. Since the attack, Netcom BW has been regularly checked and certified by independent bodies, and EnBW has “expanded its cyber defense capabilities.” EnBW is encouraged that the investigations were successful: “If there should be a conviction, we would of course be very interested in finding out something about the motivation and goals of the attacker.”</p>
<p>E.On also in hackers target: these hackers were also targeting the electricity company E.On. Of interest, they had prepared a 35-page document that appeared to be an internal document from a consulting firm. The document is titled: “Assessment of the long-term investment needs of the decentralized E.On power grids.” As soon as a user opens the document, an unnoticed attempt is made to send their login data to a server that the hackers control. The bad actors allegedly used this guide to log into other services that this user uses, for example the e-mail inbox. IT security experts explain this as ‘spear phishing.’ When asked, E.On declined to comment. The consulting firm confirms that there was “an attack on a holding company” in the summer of 2017. </p>
<p>Since the outbreak of the Russian war against Ukraine, German security authorities have been warning of cyber-attacks on its power grid. At a conference at the end of June 2022, the Vice President of the Federal Intelligence Service, said: “We must be aware that Russia is in our networks.” Such access to the network would be procured at an early stage. “Let’s assume that’s prepared,” he said. “Berserk Bear” is considered among experts as the Russian hacking group whose tasking is to target electric grids. </p>
<p>As many know - In December 2015, hackers carried out an extensive attack on the power supply in Ukraine. The IT systems of several substations were infected with malware called “Black Energy” and shut down. More than 200,000 people were affected, and the power went out for up to six hours. The group “Sandworm” was identified as responsible for the attack. According to European security authorities, Sandworm was associated with the Russian secret service, or GRU.</p>
<p>Mandiant has been observing the “Berserk Bear” group for years: “One of our biggest concerns is that the hackers will be able to permanently establish themselves in the compromised networks and later gain this access if the time has come to use it for destructive attacks.” Analysts emphasizes that there is currently no evidence of this. She points out that the hackers are currently primarily spying on office networks and not industrial plants. This would require completely new tools and in-depth expertise.</p>
<p>Activities monitored by the German Office for the Protection of the Constitution: It is unclear how many corporate networks the hackers from “Berserk Bear” were able to penetrate. Only companies that belong to the critical infrastructures have to report such incidents. This authority managed to monitor at least part of the incoming and outgoing Internet traffic of the hackers. Because one of the servers that the hackers utilized is in Germany.</p>
<p>In addition to phishing attacks, the hackers from “Berserk Bear” also hacked into strategically relevant websites and cleverly rebuilt them to steal confidential information, especially login data. This affected both the website of a company that designs websites for energy suppliers and the website of a company that offers software in this area. Calculations by this group indicates that many website visitors of these specialized companies (like electric companies) are likely to be active in the area of critical infrastructures and therefore attractive targets for espionage. Both companies were apparently unaware that their sites had been hacked. The German Attorney General in this matter still has not commented on the investigation. The Russian embassy is also not talking</p>
<p><a href="#_ftnref1">[1]</a> <a href="https://globeecho.com/news/europe/germany/german-arrest-warrant-against-russian-power-grid-hackers/">https://globeecho.com/news/europe/germany/german-arrest-warrant-against-russian-power-grid-hackers/</a></p></div>Identifying Ransomware Operatorshttps://redskyalliance.org/xindustry/identifying-ransomware-operators2022-07-19T18:00:00.000Z2022-07-19T18:00:00.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10653827693,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10653827693,RESIZE_400x{{/staticFileLink}}" alt="10653827693?profile=RESIZE_400x" width="250" /></a>Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites. The actors use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks. These groups also use the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations.<a href="#_ftn1">[1]</a></p>
<p>But by taking advantage of the threat actors' operational security missteps and other techniques, investigators recently disclosed that they could identify TOR hidden services hosted on public IP addresses, some of which are previously unknown infrastructure associated with DarkAngels, Snatch, Quantum, and Nokoyawa ransomware groups.</p>
<p>While ransomware groups are known to rely on the dark web to conceal their illicit activities ranging from leaking stolen data to negotiating payments with victims, investigators disclosed that they were able to identify "public IP addresses hosting the same threat actor infrastructure as those on the dark web. The methods used to identify the public internet IPs involved matching threat actors' [self-signed] TLS certificate serial numbers and page elements with those indexed on the public internet.</p>
<p>In addition, TLS certificate matching, a second method employed to uncover the adversaries' clear web infrastructures, entailed checking the favicons associated with the darknet websites against the public internet using web crawlers like Shodan. In the case of Nokoyawa, a new Windows ransomware strain that appeared earlier this year and shares substantial code similarities with Karma, the site hosted on the TOR hidden service was found to harbor a directory traversal flaw that enabled the researchers to access the "/var/log/auth.log" file used to capture user logins.</p>
<p>The findings demonstrate that not only are the criminal actors' leak sites accessible for any user on the internet, other infrastructure components, including identifying server data, were left exposed, effectively making it possible to obtain the login locations used to administer the ransomware servers. Further analysis of the successful root user logins showed that they originated from two IP addresses, 5.230.29[.]12 and 176.119.0[.]195, the former of which belongs to GHOSTnet GmbH, a hosting provider that offers Virtual Private Server (VPS) services.</p>
<p>176.119.0[.]195 belongs to AS58271, listed under the name Tyatkova Oksana Valerievna. The operator possibly forgot to use the German-based VPS for obfuscation and logged into a session with this web server directly from their true location at 176.119.0[.]195.</p>
<p>The development comes as the emerging Black Basta ransomware operators expanded their attack arsenal by using QakBot for initial access and lateral movement and taking advantage of the PrintNightmare vulnerability (CVE-2021-34527) to conduct privileged file operations.</p>
<p>See: <a href="https://redskyalliance.org/xindustry/black-basta">https://redskyalliance.org/xindustry/black-basta</a></p>
<p>The LockBit ransomware gang recently announced the release of LockBit 3.0 with the message "Make Ransomware Great Again!," in addition to launching their own Bug Bounty program, offering rewards ranging between $1,000 and $1 million for identifying security flaws and "brilliant ideas" to improve its software. The release of LockBit 3.0 with the introduction of a bug bounty program is a formal invitation to cybercriminals to help assist the group in its quest to remain at the top," Satnam Narang, senior staff research engineer at Tenable, said in a statement. "A key focus of the bug bounty program is defensive measures: Preventing security researchers and law enforcement from finding bugs in its leak sites or ransomware, identifying ways that members, including the affiliate program boss, could be doxed, as well as finding bugs within the messaging software used by the group for internal communications and the Tor network itself."</p>
<p>See: <a href="https://redskyalliance.org/xindustry/emerging-ransomware-groups-replace-old-favorites">https://redskyalliance.org/xindustry/emerging-ransomware-groups-replace-old-favorites</a></p>
<p>The threat of being doxed or identified signals that law enforcement efforts are clearly a great concern for groups like LockBit. Finally, the group is planning to offer Zcash as a payment option, which is significant as Zcash is harder to trace than Bitcoin, making it harder for researchers to keep tabs on the group's activity.</p>
<p>It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. No government can stop these attacks except for the counties sponsoring or benefitting from the ransom payments.</p>
<p>The following is what Red Sky Alliance recommends:</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data backup and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication-company-wide.</li>
<li>For USA readers, join and become active in your local Infragard chapter; there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services, and devices to be used by all at-home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications directed at your domains. RedXray service is $500 a month and provides threat intelligence on ten (10) cyber threat categories, including Keyloggers, without having to connect to your network.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html">https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html</a></p></div>Auto Schott Blockchain Auto Financinghttps://redskyalliance.org/xindustry/auto-schott-blockchain-auto-financing2022-02-07T19:57:53.000Z2022-02-07T19:57:53.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}10079212455,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10079212455,RESIZE_400x{{/staticFileLink}}" width="250" alt="10079212455?profile=RESIZE_400x" /></a>German car dealers and distributors have found a new use for blockchains: acquiring and financing their customers quickly and with less paperwork than traditional bank loans. Using Ethereum smart contracts – computer protocols that facilitate, verify or enforce the negotiation of an agreement – dealerships can provide their clients with immediate access to fiat currencies through dealer credit applications. But this family-owned dealership has embraced the blockchain by incorporating cryptocurrency into its auto finance services. The result? Shortening closing times on car loans using virtual money that’s seen a 1,400 per cent rise in value since January 2017.</p>
<p>How did Auto Dealers Start to Provide Financing with Blockchain? Auto Schott is not alone. Auto dealers looking to provide financing for their customers are exploring blockchain technology, which serves as the backbone for digital currencies like Bitcoin and Etherium, to speed up transactions that now take days or even weeks. Some even see the potential to develop smart contracts that let dealers finance their customers without the need for banks as middlemen. “We see a lot of potential for this technology to speed up transactions and bring added security,” said the general manager at Auto Schott in Mainz. “It’s an opportunity we want to explore.”</p>
<p>Schott is among about 50 exhibitors at the Auto finance & blockchain conference in Frankfurt last May. The event was cosponsored by PwC and Blockchain-Lab.de, a German research group exploring potential applications for blockchain technology. A blockchain is essentially an automatically synchronizing ledger of digital events that can be programmed to record virtually anything of value with the highest level of security.<a href="#_ftn1">[1]</a></p>
<p>When examining the idea of using blockchain for car financing, one dealer said the thought was “a bit like asking if you should use a laptop for your bookkeeping.” But dealer interest has grown as banks and start-ups have validated the concept. Learn more here at bitcoineras.com/. “Blockchain is an interesting technology, but several hurdles remain before it is standardized,” said the Auto Schott’s finance director, who is looking for ways to speed up financing transactions.</p>
<p>Fast Transactions Work for Dealer Financing. There are many benefits of using blockchain technology when it comes to auto financing for dealers, according to the head of the Automotive & Transportation Practice at PwC. “Using blockchain can provide dealers with real-time financing transactions that are secure and trustworthy,” he said. Because blockchain uses cryptography to record transactions, it can save dealers time by reducing paperwork and proving the authenticity of a transaction from start to finish. In addition, blockchain technology is more cost-efficient as banks don’t have to play as significant a role in the process. It could potentially allow dealers to finance their customers without banks. “Banks charge fees of around 1.5 per cent for car financing, so going without them would be huge cost savings,” said Kevin Hanley, a senior researcher at Blockchain-Lab.de. “From the dealers’ perspective, blockchain is a way to circumvent their role as middlemen and provide financing themselves.”</p>
<p>In theory, lower transaction costs from blockchain could also translate to lower car prices for consumers. Lower prices, of course, could stimulate the overall car market and help German automakers stay competitive in a global environment where new players like Tesla are shaking up the industry.</p>
<p>Germany is leading in Blockchain auto financing. Blockchain technology seems to be an option for car dealers, and the big question is which country will lead this? In Germany, blockchain has been incorporated into internet finance, the Internet of Things, and retailing sectors, and it appears that the automotive industry will also take advantage of blockchain technology. The main area where blockchain will be beneficial is in finance transactions, especially with cryptocurrencies on the rise and interest by car dealers, which should provide some incentives for them to look into this option. The impact of blockchain on the automotive sector is unclear, but it is certainly a trend that we’ll all have to observe if you are interested in blockchain technology.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> Weekly Cyber Intelligence Briefings:</p>
<p> REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://roboticsandautomationnews.com/2022/02/04/blockchain-and-smart-contracts-have-german-auto-dealers-on-the-fast-track-to-financing/48987/">https://roboticsandautomationnews.com/2022/02/04/blockchain-and-smart-contracts-have-german-auto-dealers-on-the-fast-track-to-financing/48987/</a></p></div>DE: Ein Überblick über die Cybersicherheit in Deutschlandhttps://redskyalliance.org/xindustry/de-ein-uberblick-uber-die-cybersicherheit-in-deutschland2021-07-17T02:46:20.000Z2021-07-17T02:46:20.000ZDavide Emanuele Saturnohttps://redskyalliance.org/members/DavideEmanueleSaturno<div><p><a href="{{#staticFileLink}}9259840279,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9259840279,RESIZE_400x{{/staticFileLink}}" alt="9259840279?profile=RESIZE_400x" width="250" /></a>Die Zahl der registrierten Cyberkriminalität steigt im deutschen Cyberspace weiter an, wobei sich Cyberkriminelle zunehmend auf "größere Beute" konzentrieren. Die Zahl der DDoS-Attacken nimmt weiter zu, ebenso deren Intensität. Die Täter sind global vernetzt und agieren mit zunehmender Geschicklichkeit und Professionalität. Die Dark-Web-Underground-Economy wächst und stellt eine kriminelle, globale Parallelökonomie dar, die primär auf finanziellen Profit aus ist. Haupttreiber des Profits ist nach wie vor Ransomware, die die größte Bedrohung für öffentliche Einrichtungen und Wirtschaftsunternehmen darstellt.</p><p> </p><p>Hier der ganze Artikel: <a href="{{#staticFileLink}}9292260456,original{{/staticFileLink}}">IR-21-186-001-GERMANY-DE.docx</a></p></div>A Look at Germany’s Cyber Securityhttps://redskyalliance.org/xindustry/a-look-at-germany-s-cyber-security2021-07-14T22:54:45.000Z2021-07-14T22:54:45.000ZDavide Emanuele Saturnohttps://redskyalliance.org/members/DavideEmanueleSaturno<div><p><a href="{{#staticFileLink}}9249231500,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9249231500,RESIZE_400x{{/staticFileLink}}" width="250" alt="9249231500?profile=RESIZE_400x" /></a>The number of recorded cybercrimes continues to rise in the German cyberspace, with cybercriminals focusing increasingly on “larger prey.” The number of DDoS attacks continues to rise, as is their intensity. The perpetrators are globally networked and are acting with increasing skill and professionalism. The dark web underground economy is growing and represents a criminal, global parallel economy, which is primarily seeking financial profit. The main driver of profit is still Ransomware, posing the greatest threat to public institutions and commercial enterprises.</p><p> </p><p>Read the full report here: <a href="{{#staticFileLink}}9249235863,original{{/staticFileLink}}">IR-21-186-001-GERMANY.pdf</a></p></div>