blackcat (8)

12213058659?profile=RESIZE_400xMicrosoft spokesmen disclosed on 17 August 2023 that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.  "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X (formerly Twitter).  "This Bla

12213037664?profile=RESIZE_400x

A known ransomware group on 21 August 2023 started publishing data allegedly stolen from the systems of Japanese watchmaking company Seiko https://www.seikowatches.com.  Seiko revealed on 10 August 2023 that it had identified a possible data breach on 28 July 2023, with someone gaining access to at least one server.  An investigation showed that some information may have been compromised.   “The Company and all our Group companies kindly ask our customers and business partners to contact us imm

11147306681?profile=RESIZE_400x

Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files.  We’ll give an overview here on what the term “partial encryption” means.  It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate.  From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part

11029684500?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), on 07 April 2023 added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands on the underlying system.  The flaws were fixed in a patch released by Veritas in March 2021.

10740900057?profile=RESIZE_400xEncevo Group, an energy corporation based in Luxembourg, is dealing with an ongoing cyberattack by ransomware-as-a-service gang BlackCat.  Some digital services are still disrupted 12 days after the attack began, but the company says that energy supply has not been affected.  BlackCat is believed by researchers to retain hackers of DarkSide, the now-defunct ransomware group that attacked US gas provider Colonial Pipeline in 2021. 

Encevo Group cyberattack: In a dark web blog post on 29 July, Bla

10448389092?profile=RESIZE_400x

 

There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

10266909088?profile=RESIZE_400xRansomware is a constant thorn in the side of cyber security professionals worldwide.  Hive Ransomware stormed onto the scene in June of 2021 and in their first six months, from June to December of 2021 they managed to compromise 355 companies.  The group made headlines for targeting IT, real estate, and healthcare organizations, prompting an FBI Alert sharing the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the group in late August.

Recently the

9936355054?profile=RESIZE_400xActivity Summary - Week Ending on 22 December 2021:

  • Red Sky Alliance identified 30,069 connections from new IP’s checking in with our Sinkholes
  • dauction.ru Still has Issues after 4 weeks !
  • Analysts identified 5,039 new IP addresses participating in various Botnets
  • Log4j Vulnerability
  • BlackCat
  • AgentTesla Additions
  • Iran Hackers
  • Cyber and Medical Devices
  • Attacking K-12 School Apps
  • Cyber Port Protection
  • Finite Recruitment

Link to full report: IR-21-356-001_weekly356.pdf