trickbot (16)

9553661087?profile=RESIZE_400xActivity Summary - Week Ending 10 September 2021:

  • Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
  • Analysts identified 1,034 new IP addresses participating in various Botnets
  • 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
  • Sality Malware Variant seen 42252 times this past week
  • Hive Ransomware Alert
  • STRRAT RAT
  • FIN7 again
  • Microsoft and $20 billion in Cyber Security
  • South Korea and TrickBot Arrest
  • To SOAR, or to SIEM

9404982272?profile=RESIZE_400xSupply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to p

8643112062?profile=RESIZE_400xA new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as

8467395687?profile=RESIZE_400xAttacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to

8399725677?profile=RESIZE_400xLast October 2020, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather threatening: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities.  This was only reconnaissance, Trickbot was not infecting the SPI flash chip on which UEFI firmware resides, but the discovery is significant.

UEFI (Unified Extensible Firmware Interfa

8263146099?profile=RESIZE_400xThe cybercriminal-controlled botnet known as TrickBot has become a public enemy number one (again) for the cybersecurity community. It has survived takedown attempts by Microsoft, analysts from leading cybersecurity firms, and even US Cyber Command. It now appears that the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.

The security firms AdvIntel and Eclypsium revealed that t

8226972266?profile=RESIZE_400xDespite attempted to stop the criminal hacking group responsible for managing the Trickbot trojan, they continue malicious activities by introducing new versions that make this malware more difficult terminate.  Trickbot now can offer other malware with Access-as-a Service capabilities (AaaS).  Many cyber threat attacks start with a successful phishing campaign.  This allows for the Trickbot malware trojan to be used as a pathway for ransomware infections and Denial-of-Service Attacks (DDoS atta

8157019075?profile=RESIZE_400xActivity Summary - Week Ending 13 November 2020:

  • Red Sky Alliance observed 67 unique email accounts compromised with Keyloggers
  • Analysts identified 42,222 connections from new unique IP addresses
  • 2,563 new IP addresses were observed Participating in various Botnets
  • Hezbollah is the Top Threat actor this week targeting Israel, US, Lebanon, Syria and Iran
  • TrickBot and BazarLoader
  • WatchBogMiner
  • Ransomware blocks electronic Stadium Entrances
  • A UK Premier League soccer club's Managing Director was H

8147870695?profile=RESIZE_400xAmerican toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations.  Founded in 1945 and headquartered in El Segundo, California, Mattel is one of the largest toy sellers in terms of revenue, with its operations divided into three segments, namely North America, International, and American Girl.  Mattel sells products such as Barbie, Fisher-Price, Monster High, American Girl, Polly Pocket, and Hot Wheels in 150 countries, an

8131297495?profile=RESIZE_400xThe number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o

8041648453?profile=RESIZE_400xMicrosoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet to help protect the November 3rd US Presidential election and stop the global spread of ransomware and other malware. The botnet has been used to distribute a variety of malicious code, including the Ryuk ransomware variant, which the US government has cited as a potential threat vector against the election. 

Microsoft obtained a court order from the US District Court, East

7993726679?profile=RESIZE_400xCyber threat researchers have examined security incidents over the past several years that appear to connect North Korea's Lazarus Group with Russian speaking attackers.  A recent analysis has examined reports from years of security incidents to pinpoint links between Lazarus Group, historically tied to North Korea, and Russian-speaking cybercriminals.

In a summary of his findings, Mark Arena, CEO of security firm Intel 471, holds two generally accepted assumptions: that Lazarus Group is tied to

5778302894?profile=RESIZE_400xCyber-criminal and using the Corona Virus pandemic to spread the TrickBot malware.  These underhanded hackers are sending fake emails designed to look like notifications from the US Department of Labor concerning changes to the Family and Medical Leave Act (FMLA), which can provide up to 12 weeks of unpaid leave for employees who are ill or need to care for someone with a serious medical condition.  Benefits from FMLA increased in March 2020 when US President Trump signed the Families First Coro

4247419524?profile=RESIZE_710xCyber threat analysts recently uncovered a new variant of the TrickBot malware that relies on new anti-analysis techniques, an updated method for downloading its payload as well as adopting minor changes to the integration of its components.  TrickBot is a module-based malware that, while first identified as a banking trojan, has gradually extended its functions to include collecting credentials from a victim’s emails, browsers and installed network apps.  The malware has also evolved to send sp

3187431567?profile=RESIZE_710xhttps://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

Our UK partners have share an important report on Ryuk Malware.

Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.

The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re