The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert on a new cybercrime group targeting organizations in the healthcare sector.
Called Daixin Team, the threat actor has been active since at least June 2022, targeting organizations in the US with ransomware based on leaked Babuk source code in September 2021, and also engaging in data theft and extortion. It has
Most businesses are surprised by how long a single cyberattack can take to carry out, from beginning to end. When the average dwell time of an intruder in an IT ecosystem has increased to more than 9 months; why malicious actors seem to be given the luxury of time.
To better understand how this all works, here is a brief review the five stages of a cyberattack.
Researchers found buried deep in a 61-page recent report by the U.S. Attorney General, the Biden Administration called for a dramatic expansion in the federal government’s ability to seize and keep cryptocurrency. If enacted, the proposed changes would bolster both criminal forfeiture, which requires a conviction to permanently confiscate property, as well as civil forfeiture, which does not require a conviction or even criminal charges to be filed. Notably, the report’s release was coupled wit
LinkedIn has become a popular destination for threat actors trying to communicate with people for a variety of purposes, such as distributing malware, cyberespionage, credential stealing, financial fraud, etc. One common approach to using LinkedIn by cyber criminals is to approach people using fake profile claiming to be a recruiter working at technology, defense, or media companies. The North Korean-sponsored group Lazarus often engaged in these kinds of activities in order to propagate malwa
As a young intelligence officer, if you had told me an adversary could act anonymously and alone, easily acquire the most advanced weaponry, disrupt or take down almost any “connected” target globally, and our ability to prevent these attacks was systemically flawed – I would have been astonished. As always, all adversaries integrate intention, capability, and opportunity. With cyber warfare, a breadth of adversaries and individuals can bring to bear all three by continuously aiming at the U.S
One of the oldest and most successful forms of banking malware has been repurposed into a backdoor trojan described as "significantly dangerous" and likely to be used for ransomware attacks. The new variant of Ursnif malware, also known as Gozi, has been detailed by researchers who suggest it has been purposefully built to power ransomware and data-theft attacks by using malicious Microsoft Office documents to get into users’ computers and requires macros to be activated.
Designed to steal ban
The US Transportation Security Administration (TSA) have announced a new cyber-security directive regulating designated passenger and freight railroad carriers. The announcement demonstrates the Biden Administration’s commitment to strengthen the cyber-security of US critical infrastructure. Building on the TSA’s work to strengthen defenses in other transportation modes, this security directive will further enhance cyber-security preparedness and resilience for the nation’s railroad operations
There have been some developments in the Ducktail phishing campaign. To begin our report, it seems reasonable to go over a little bit of history on Ducktail for those who might be unfamiliar. The Ducktail phishing campaign was first discovered and reported on in late July of 2022. Researchers at the firm WithSecure are credited with the discovery of the campaign. In terms of who is responsible, WithSecure’s report on this campaign indicated a high level of confidence in their belief that the
Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.” Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities. This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.
Link to full report: IR-22-295-001_weekly295.pdf
Fifteen percent of car dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue.
The 2022 State of Cybersecurity in the Dealership report from CDK Global Inc. surveyed business and IT executives at 201 car dealerships in the United States about their current cybersecurity posture. T
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc
Cyber threat investigators say do not let the ongoing "crypto winter" lull you into a false sense of cybersecurity. The phrase “crypto winter” likely came from the hit HBO series, “Game of Thrones.” In the series, the motto of the House of Stark was “Winter Is Coming.” It was considered a warning that lasting conflict could descend on the land of Westeros at any time. Similarly, an extended period of trouble may be settling over the crypto market. During this difficult time, you must remain
A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. operation systemsFortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product.
Last week, we reported an alleged cyber-attack on Italian automaker Ferrari. Well, high end automaker has confirmed the leak of some internal documents but did not say how it happened. On 10 October, RansomEXX, a ransomware-as-a-service operator, claimed to have breached Ferrari, though the company said it is investigating how the leak occurred. Italy’s Red Hot Cyber reported that internal documents, including repair manuals, datasheets, etc., sizing up to 6.99 gigabytes, were leaked. Ransom
Link to full report: IR-22-288-001_weekly288.pdf
There has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals. The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia. What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe. Health insurer Medibank Private says it has been hit by a cyber-attack.
Key points:
It is A
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
Adaptive security is a cybersecurity model with four phases, prediction, prevention, detection, and response. The process was developed in response to the decentralization of IT ecosystems to accommodate hybrid working environments and the porting of systems to the cloud.
The perimeter that once defined a network no longer exists. Organizations are leveraging cloud technology and shifting towards hybrid work environments. The de-centralization of IT ecosystems is becoming increasingly difficu
Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict. These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives. Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel. The shared practical report discusses the technical details of
