The Qbot malware was first discovered in 2008 and it has been used for a variety of purposes. It boasts a couple of prolific campaigns in recent years, particularly in 2020, but recent events indicate that it might have a slightly different coat of paint. We’ll begin our exploration here with a little bit of history on the Qbot malware, but from there we will move on to discussing DLL usage manipulation in Windows. In particular, we’ll go over a little bit about DLL side-loading: what it is, how
All Articles (1934)
Sort by
American Honda Motor Co., http://www.honda.com has confirmed that researchers were able to hack certain Honda vehicles' remote keyless entry system to unlock the doors and start the engine. Recently, security researchers Kevin2600 and Wesley Li from Star-V Lab published information on a security bug they identified in the rolling codes mechanism of the remote keyless system of Honda vehicles, which allowed them to open car doors without the key fob present. When sending a signal to unlock the
Israeli media sources are reporting a cyber-attack on 30 June at Sapir College. Students at Sapir College near the southern city of Sderot had received text messages stating that their personal information was being held for ransom by hackers. “Last night at around 9:00 p.m., local time some seniors and graduates of Sapir College received a text message about their account being hacked. We would like to clarify and reassure you: that the hacking of the college’s network is being handled by the
Our monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-209-001_IntelSummary209.pdf
Activity Summary - Week Ending on 29 July 2022:
- Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
- Hetzner 10x
- Analysts identified 309 new IP addresses participating in various Botnets
- Ransomware UpDate
- Adversary-in-the-Middle - AiTM
- South Africa under Attack
- Mercenary Spyware
- T-Mobile
- US Electric Grid
- Kherson Ukraine
Link to full report: IR-22-210-002_weekly210.pdf
The Port of Los Angeles has been making headlines after sharing an eye-opening statistic; the port faces around 40 million cyber-attacks per month. As the busiest port in the western hemisphere handling $250 billion of cargo each year this astounding number of attacks could wreak havoc on the supply chain and international commerce.
The number of attacks has more than doubled since the beginning of the Covid-19 pandemic. The pandemic has also impacted the port’s efficiency as workers were force
In the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies. Specifically, the hackers sought out electricity and water supply systems. After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.
This state backed hacker is said to belong t
Google Search and Drive are erroneously flagging links to Association for Computing Machinery (ACM) research papers and websites as ‘malware.’ This 'issue' was first reported by a German researcher. Founded in 1947 and located in New York City US as a non-profit, ACM is the world's largest scientific and educational computing society. As of 2019, ACM's membership comprises nearly 100,000 students and professionals involved in the field of computing.
Its research paper allegedly "violates" Goo
The Infrastructure Investment and Jobs Act,[1] as passed by the US Congress in November 2021, authorizes $7.5 billion to help meet US President Joe Biden's goal of installing 500,000 electric vehicle charging stations by 2030. Biden aims to have EVs represent half of all new vehicles being sold in the US by 2030. But as the number of stations increases, the number of vulnerabilities does as well.
For the past several years, hackers have been busy targeting their cyber-attacks at electrical sys
For the past month, a crimeware (crypto-mining) group infamously known as the 8220 Gang has expanded their botnet to roughly 30,000 global hosts. This through the use of Linux and common cloud application vulnerabilities and poorly secured configurations. In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner, and its generic infection script.
Link to full report, with IOCs: IR-22-208-001_8220Gang.pdf
[1] https://www.sentinelon
The average cost of data breaches in the hospitality industry was around $1.72 million in 2020. Hospitality includes Food & Beverage, Lodging, Recreation, Travel & Tourism and Meeting & Events industries. Simultaneously, the increased use of technology in the hospitality industry became prevalent, whereby businesses began deploying IoT devices, interconnected networks, digitalized services, etc. Unfortunately, the deployment of emerging technologies marked an increase in cyberattacks in the ho
For those of us Baby-Boomer who made our spending money cutting neighbors’ lawns on hot Mid-west summer afternoons, the following does not even seem fair. Husqvarna, the maker of autonomous home lawn mowers https://www.husqvarna.com/us/robotic-lawn-mowers/ that look something like RC tactical assault vehicles, is releasing an unusual software update to celebrate a lonely robot thousands of miles away. In early August 2022, the Curiosity Mars rover will turn ten years old. Following the softw
GPS, or Global Positioning Systems, have become a staple of our lives – especially in the transportation sector. Whether you are broadcasting your location for a rideshare or trying to find the quickest way to avoid traffic on your commute it seems that paper maps and printed directions have become a thing of the past. It comes as no surprise that the more we rely on interconnected devices the more susceptible to cyber attacks we become. This is exemplified through the Cybersecurity & Infras
On a daily basis, an average cyber security team receives tens of thousands of security alerts. Many analysts feel like they cannot get their heads above water during their shift. This work atmosphere leads to quick physical burnout and even apathy in the face of this volume of continuous, tedious work. HR surveys have found that some security analysts feel so overwhelmed they ignore alerts and even walk away from their computers. In fact, these surveys found that 70% of security teams feel
A new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates. The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm. The Diffie-Hellman key ex
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for ident
The State of NJ NJCCIC continues to receive reports of stolen cryptocurrency and recently reported on observed tactics that often include the use of social engineering. The FBI issued a notification this week alerting financial institutions and investors that cybercriminals are creating fraudulent cryptocurrency investment apps to defraud cryptocurrency investors. The cybercriminals were observed contacting investors and convincing them to download fraudulent cryptocurrency investment mobile a
Activity Summary - Week Ending on 22 July 2022:
- Red Sky Alliance identified 21,897 connections from new IP’s checking in with our Sinkholes
- com 424x
- Analysts identified 1,504 new IP addresses participating in various Botnets
- Log4Shell update
- Vulnerabilities in Siemens JT2Go & Teamcenter Visualization
- QakBot
- Confucius Says
- Sewers held Hostage
- Attacks Shame, Scare Victims
- GPS Vulnerabilities
Link to full report: IR-22-203-001_weekly203.pdf
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associat
The US Justice Department announced on 19 July 2022 through a complaint filed in the US District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the Federal Bureau of Investigation (FBI) filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms paid by health care providers in Kansas and Colorado. “Thanks to rapid reporting and cooperation
