Malware has become an industry segment and professional developers are found to exchange, steal each other’s code and engage in collaborations. Attacks are multi-layer with diverse sophisticated software apps taking over different jobs along the attack chain from initial compromise to ultimate data exfiltration or encryption. The specific tools for each stage are highly specialized and can often be rented as a service such as Malware as a Service (MaaS0), including customer support and subscript
Cyber threat investigators believe the infamous TrickBot malware has reached its limits, but its development team appears to have been “acquired” by the Conti ransomware gang, which has been thriving amid recent crackdowns. TrickBot has been around since 2016. It was initially a banking trojan designed to steal financial data, but it evolved into a modular stealer that could target a wide range of information. See: https://redskyalliance.org/xindustry/trickbot-has-learned-more-tricks
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these extra protections have been applied to injections used in the process of online banking fraud TrickBot'
The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021. Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have
The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure. The advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021. Emotet is believed to have originated in the Ukraine is also known as Heodo which was first detected in 2014. See: https://redskyalliance.org/xindustry/this-may-be-the-end-of-emotet
Most of the victims d
Activity Summary - Week Ending 10 September 2021:
- Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
- Analysts identified 1,034 new IP addresses participating in various Botnets
- 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
- Sality Malware Variant seen 42252 times this past week
- Hive Ransomware Alert
- STRRAT RAT
- FIN7 again
- Microsoft and $20 billion in Cyber Security
- South Korea and TrickBot Arrest
- To SOAR, or to SIEM
Supply chain networks have for some time been driven by technology over the years and have evolved accordingly. The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.
With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them. So, what is the best way to p
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as
Attacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets. Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to
Last October 2020, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather threatening: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities. This was only reconnaissance, Trickbot was not infecting the SPI flash chip on which UEFI firmware resides, but the discovery is significant.
UEFI (Unified Extensible Firmware Interfa
The cybercriminal-controlled botnet known as TrickBot has become a public enemy number one (again) for the cybersecurity community. It has survived takedown attempts by Microsoft, analysts from leading cybersecurity firms, and even US Cyber Command. It now appears that the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.
The security firms AdvIntel and Eclypsium revealed that t
Despite attempted to stop the criminal hacking group responsible for managing the Trickbot trojan, they continue malicious activities by introducing new versions that make this malware more difficult terminate. Trickbot now can offer other malware with Access-as-a Service capabilities (AaaS). Many cyber threat attacks start with a successful phishing campaign. This allows for the Trickbot malware trojan to be used as a pathway for ransomware infections and Denial-of-Service Attacks (DDoS atta
Activity Summary - Week Ending 13 November 2020:
- Red Sky Alliance observed 67 unique email accounts compromised with Keyloggers
- Analysts identified 42,222 connections from new unique IP addresses
- 2,563 new IP addresses were observed Participating in various Botnets
- Hezbollah is the Top Threat actor this week targeting Israel, US, Lebanon, Syria and Iran
- TrickBot and BazarLoader
- Ransomware blocks electronic Stadium Entrances
- A UK Premier League soccer club's Managing Director was H
American toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations. Founded in 1945 and headquartered in El Segundo, California, Mattel is one of the largest toy sellers in terms of revenue, with its operations divided into three segments, namely North America, International, and American Girl. Mattel sells products such as Barbie, Fisher-Price, Monster High, American Girl, Polly Pocket, and Hot Wheels in 150 countries, an
The number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.
Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o
US Cyber Command, Microsoft, and Europol are attacking Trickbot's malicious infrastructure, ahead of the elections. It won't stop hackers from adapting but is expected to create breathing space during the elections. Check out these slides if you missed the webinar on October 21, 2020 to find out more:
Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet to help protect the November 3rd US Presidential election and stop the global spread of ransomware and other malware. The botnet has been used to distribute a variety of malicious code, including the Ryuk ransomware variant, which the US government has cited as a potential threat vector against the election.
Microsoft obtained a court order from the US District Court, East
Cyber threat researchers have examined security incidents over the past several years that appear to connect North Korea's Lazarus Group with Russian speaking attackers. A recent analysis has examined reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.
In a summary of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to
Cyber-criminal and using the Corona Virus pandemic to spread the TrickBot malware. These underhanded hackers are sending fake emails designed to look like notifications from the US Department of Labor concerning changes to the Family and Medical Leave Act (FMLA), which can provide up to 12 weeks of unpaid leave for employees who are ill or need to care for someone with a serious medical condition. Benefits from FMLA increased in March 2020 when US President Trump signed the Families First Coro
Cyber threat analysts recently uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components. TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, browsers and installed network apps. The malware has also evolved to send sp
Note: this page contains paid content.
Please, subscribe to get an access.