X-Industry

Activity Summary - Week Ending 2 July 2021:

• Red Sky Alliance identified 19,270 connections from new unique IP addresses
• Analysts identified 2,543 new IP addresses participating in various Botnets
• 13 unique email accounts compromised with keyloggers were Observed
• Netfilter
• PJobRAT Spyware
• Mirai Knockoffs
• Salvation Army Hit
• Conti & Canada
• DragonForce / Israeli Banking
• Fancy Lazarus attempts an attack on German Banks - Denied

Link to full report: IR-21-183-001_weekly_183_FINAL.pdf

In the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant.  Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction.  The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emerg

For ransomware actors, innovation is a key to success, as crime gangs look for new ways to dupe people and make crypto-locking malware even more lucrative.  Some hacking groups have started cold-calling victims to inform them that their systems have been hit by ransomware and request a ransom to resolve the situation.  An old, yet tried and true use of chicanery.  Sometime old schemes become new schemes.  This is just the latest in a long line of shakedown tactics, which include not just using c

The past few months have seen a new ransomware variant emerge that is being distributed by the TrickBot malware. The appearance of this new ransomware, named Conti, corresponded with an observed decrease in Ryuk deployments. This suggested that Conti is the “successor” of Ryuk. Some media outlets have also reported that Conti was an evolved version of Ryuk, suggesting that it has evolved from the RYUK source code. While this may have been true for very early samples, a Red Sky analysis of recent