X-Industry

Ransomware has been one of the hottest topics in cybersecurity during the last year. Some researchers are labeling it the "perfect storm."  A storm made more severe by the pandemic, with so many employees working remotely, exacerbating the risk of ransomware. However, there are other contributing factors to the rise in ransomware the world witnessed in 2020.

The Royal United Services Institute for Defense and Security Studies (RUSI), a British defense and security think tank, has released a repo

Purple Fox is the name of a malware downloader, a malicious program that proliferates other programs of this type.  This malware is used to infect systems with cryptocurrency mining programs.  Purple Fox can cause serious damage and must be uninstalled immediately.  An example of malware that could be installed through Purple Fox is ransomware.  These programs encrypt files and prevent victims from accessing them unless ransoms are paid or confidential information is disclosed and offered for sa

Researchers have dissected some of the attacks involving the Hades ransomware and published information on both the malware itself and the tactics, techniques and procedures (TTPs) employed by its operators.  Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid.  Hades was named

Security researchers have linked a late 2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten.

See this article

The campaign is named BadBlood, because of its medical focus and the history of tensions between Iran and Israel–aimed to steal credentials of professionals specializing in genetic, neurology and oncology research

A San Diego-based artificial intelligence and data science company that helps lenders predict the trustworthiness of loan application information, recently published research detailing increased levels of attempted loan fraud in 2020, which the company believes could continue through 2021.  “The analysis and outlook from Point Predictive (PP) is essential reading to be prepared. For Elite Acceptance, the crucial trends to get ahead of are the dealer implications, such as a sale price inflation o

IcedID, also known as Bokbot is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. It is typically proliferated using another trojan called Emotet, which is often distributed using spam email campaigns. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

Microsoft is warni

Activity Summary - Week Ending 16 April 2021:

• Red Sky Alliance observed 58 new unique email accounts compromised with Keyloggers
• Analysts identified 30,373 connections from new unique IP addresses
• 3,512 new IP addresses participating in various Botnets were Observed
• Security Researcher under Attack
• CISA’s New Tool – Aviary
• FormBook Malware
• State Sponsored APT
• Lazarus and Vyvera
• TiT-for-TaT is Never Good
• Myanmar and Taiwan Protests

Link to full report: IR-21-106-001_weekly_106.pdf

The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis

Researchers have discovered a new information-stealing Trojan, which targets Android devices with a blitz of data-exfiltration capabilities from collecting browser searches to recording audio and phone calls.   While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this clever new malicious app masquerades itself as a System Update application to take control of compromised devices.

"The spyware creates a notificati

A recent article from the University of Boston provides a very refreshing article about cyber technology helping the deaf.  The words “joke” and “ruin” might not rhyme in English - but, thanks to a new, interactive database of American Sign Language (ASL), called ASL-LEX 2.0[1], we can now see that these two words do in fact rhyme in ASL.

“In ASL, each word has five linguistic parameters: handshape, movement, location, palm orientation, and non-manual signs.  Rhymes involve repetition based on o

The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place.  The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely.  Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working

LinkedIn is a great portal to increase your professional network and there are actors who really want to connect with you and your connections.  Remember, people often look at mutual connections before accepting some on they do not know personally.  A casual acceptance can lend credibility to hackers’ requests to connect.

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineerin

Organizations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organizations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four

Computers need hardware, like semiconductors (chips).  Modern cars need computers and thus chips.  Subaru announced it will shut down one of its Japanese factories for more than two weeks because of the ongoing shortage of semiconductors.  The international car company will close its Yajima plant in Gunma, Japan.  The auto shut down is scheduled to begin between 10 April 2021 and the scheduled Japanese holiday of Golden Week, 29 April.  Operations will not resume until 10 May.  The factory build

Activity Summary - Week Ending 9 April 2021:

• Red Sky Alliance identified 34,654 connections from new unique IP Addresses
• Analysts identified 2,753 new IP addresses participating in various Botnets
• Vacar Auto Electronics Co. is Keylogged
• Babydraco Webshells
• RemRAT Botnet
• April 15^th is Coming - US IRS scams
• Accellion and UC
• Brown University under attack
• EU Government Institutions
• PLA Shanghai Police – Hacked files

Link to full report: IR-21-099-001_weekly_099_FINAL.pdf

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said.  Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT)known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."  More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and

US Lawmakers and security experts have expressed disappointment that US President Joe Biden’s $2.25 trillion infrastructure plan does not include funding to protect vital facilities against the growing threat of cyberattacks.  This infrastructure package failed to provide money to defend critical systems, such as the US power grid, against hackers, according to media sources last week.  “Any critical infrastructure modernization must take cybersecurity into account from the start,” said the OT d

Activity Summary - Week Ending 2 April 2021:

• Red Sky Alliance identified 34,034 connections from new unique IP addresses
• Analysts identified 3,876 new IP addresses participating in various Botnets
• 20 new unique email accounts compromised with Keyloggers were observed this week
• Soccer player’s name Berat Can Sonmez is being used to lure Victims
• EggShell Malware
• New US-IRS Phishing Campaign
• WordPress Vulnerabilities
• ClearURL and Goggle
• Honeywell and Molson Coors Attacked
• Manufacturing IT & OT
• Cyb