X-Industry

Organizations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organizations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four

Computers need hardware, like semiconductors (chips).  Modern cars need computers and thus chips.  Subaru announced it will shut down one of its Japanese factories for more than two weeks because of the ongoing shortage of semiconductors.  The international car company will close its Yajima plant in Gunma, Japan.  The auto shut down is scheduled to begin between 10 April 2021 and the scheduled Japanese holiday of Golden Week, 29 April.  Operations will not resume until 10 May.  The factory build

Activity Summary - Week Ending 9 April 2021:

• Red Sky Alliance identified 34,654 connections from new unique IP Addresses
• Analysts identified 2,753 new IP addresses participating in various Botnets
• Vacar Auto Electronics Co. is Keylogged
• Babydraco Webshells
• RemRAT Botnet
• April 15^th is Coming - US IRS scams
• Accellion and UC
• Brown University under attack
• EU Government Institutions
• PLA Shanghai Police – Hacked files

Link to full report: IR-21-099-001_weekly_099_FINAL.pdf

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said.  Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT)known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."  More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and

US Lawmakers and security experts have expressed disappointment that US President Joe Biden’s $2.25 trillion infrastructure plan does not include funding to protect vital facilities against the growing threat of cyberattacks.  This infrastructure package failed to provide money to defend critical systems, such as the US power grid, against hackers, according to media sources last week.  “Any critical infrastructure modernization must take cybersecurity into account from the start,” said the OT d

Activity Summary - Week Ending 2 April 2021:

• Red Sky Alliance identified 34,034 connections from new unique IP addresses
• Analysts identified 3,876 new IP addresses participating in various Botnets
• 20 new unique email accounts compromised with Keyloggers were observed this week
• Soccer player’s name Berat Can Sonmez is being used to lure Victims
• EggShell Malware
• New US-IRS Phishing Campaign
• WordPress Vulnerabilities
• ClearURL and Goggle
• Honeywell and Molson Coors Attacked
• Manufacturing IT & OT
• Cyb

With the recent shipping stoppage in the Suez Canal, it became very apparent the transportation vulnerabilities in areas of constricted passages.  Preliminary reports indicate mechanical and weather errors caused the grounding; or was it?  Engine failure and heavy weather have both been cited as reasons behind merchant vessel (M/V) Ever Given’s grounding in the Suez Canal.  But neither are convincing and plain old navigation errors (humans) may be at the root of the casualty, report Lloyd's of L

Many countries are investing seriously in their 5G network, especially in Asia – China leading the way.  But beware: more connectivity through 5G networks also comes with increased cybersecurity threats.  As new technology links both the physical (OT) and virtual world (IT), 5G security risks will have wide security impacts.   To overcome these security challenges, researchers need to build security regimes that protect not only 5G infrastructure and services, but the applications and IoT device

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

A US Congressional Representative from the State of Washington recently reintroduced a bill that would create a nation-wide data privacy standard, to be enforced by the Federal Trade Commission (FTC), that in its latest version is intended to gather bipartisan support by addressing specific Republican concerns.  The Information Transparency and Personal Data Control Act, if passed, would replace a patchwork of current state laws and provide an influx of $350 million to the FTC’s budget to enforc

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and

Activity Summary - Week Ending 26 March 2021:

• Red Sky Alliance identified 26,343 connections from new unique IP addresses
• Analysts identified 2,393 new IP addresses participating in various Botnets
• 47 new unique email Accounts compromised with Keyloggers were Observed
• Go Daddy-East is Compromised
• Netbounce
• Clast82 Android Malware
• Google & WebView
• XcodeSpy
• Clubhouse app
• SkyGlobal
• WeChat hits

Link to full report: IR-21-085-001_weekly_085.pdf

Finally, you both deserve and earned that vacation trip to the Bahamas.  “I have loads of frequent flyer miles I have use and get there on the cheap.”  Or so you thought.  The cyberattack on SITA, a commonly used airline service provider, has compromised frequent-flyer data across many airline carriers.  SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry.  The company provides its services to around 400 members and 2,8

Recently, IBM X-Force threat intelligence has been observing a rise in Dridex Banking Trogan related network attacks that are being driven by the Cutwail botnet.  Also known as Pushdo or Pandex botnet.  Cutwail botnet is originally infected by Cutwail Trojan, a malware able to download and execute files. Cutwail is a famous spam bot widely used in large-scale spam campaigns. It also serves as a DDoS botnet sending SSL attacks. Dridex is delivered as a second-stage infector after an initial docum

Active since 2018, the actors behind Mespinoza ransomware, also known as the Protect Your Systems Amigo (PYSA) group are opportunistic attackers looking to earn a profit.  It is unclear where these threat actors are based, but unlike many of the other ransomware groups, PYSA actors are indiscriminate in their targeting of educational institutions, healthcare facilities, foster care, and more.  The group has joined the growing trend of leaking data, that has been stolen during a ransomware attack

I am not writing about Nim, the mathematical game of strategy, but I am concerned about another “Nim” and you do not want to lose this game. Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language.  Recently named "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape.  "Malware developer

It is difficult to stop supply chain attacks if partner accounts are compromised. What can you do when these attacks are indistinguishable from insider threats?  The current rash of financial fraud and supply chain attacks exploit a seemingly unsolvable vulnerability in your security strategy. Attackers exploit the fact that you must communicate with outside partners and vendors to thrive as a company or an institution.

As you interact with partners, the door to exploitation opens, specifically

Singapore is testing unmanned surface vessels with a locally developed, AI-driven navigation algorithm that could be used for maritime security operations in the congested but strategically important waters around the southeast Asian island nation.  Upon completion, the Republic of Singapore Navy is expected to then field four USVs in the role. The country’s defense ministry said this will add another layer of surveillance and operational response for its maritime borders.

The ministry added tha