Activity Summary - Week Ending on 11 February 2022:
✓ Red Sky Alliance identified 14,657 connections from new IP’s checking in with our Sinkholes
✓ Amazon IP hit – this time in France
✓ Analysts identified 6,580 new IP addresses participating in various Botnets
✓ Emotet still being Used
✓ ShuckWorm
✓ Dark Herring
✓ LockBit 2.0
✓ VodaFone Attack
✓ $94,000 Bitcoins Seized
✓ Drones used to Attack Networks
✓ CapraRAT and Earth Karkaddan
Link to full report: IR-22-042-001_weekly042.pdf
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint Cybersecurity Advisory outlining the growing international threat posed by ransomware over the past year.
The advisory titled “2021 Trends Show Increased Globalized Threat of Ransomware”[1] outlines top trends seen across three nation
The operators of the GootLoader campaign are targeting employees of accounting and law firms as part of a renewed effort of cyberattacks to deploy malware on infected systems. This is an unfortunate sign that the adversary is expanding its focus to other high-value targets. The Gootkit malware family has been around for five years or more, and is used to distribute code such as ransomware, which can encrypt the files on a Windows computer and only release them once a ransom is paid.
Gootloader
Red Sky Alliance has been building our dark web data collection since late January 2021. With it, we are able to make dark web content available without the need for analysts to touch the dark web to visit Tor .onion sites. To date, we have over 1.3 million data points on over 75 sites and we are adding new sites regulary. The dark web sites that we collect from evolves over time as new sites come and older sites shut down, but we maintain a historical record of those decommissioned sites. Lastl
In separate reporting, the “metaverse” could be a serious problem for children worldwide. If there is only one thing that technology companies, retailers, content creators and investors can agree upon, is that there is money to be made from the metaverse. The metaverse is planned as a virtual-reality space in which users can interact with a computer generated environment and other users.[1] As technology CEOs try to win a market position in the still developing digital space, some psychologis
The European Central Bank is preparing banks for a possible Russian-sponsored cyber-attack as tensions with Ukraine mount as the region braces for the financial fallout of any conflict. The stand-off between Russia and Ukraine has rattled Europe's political and business leaders, who fear an invasion that would inflict damage on the entire region.
Earlier this week, French President flew to Moscow, then to Kyiv Ukraine in a bid to act as a mediator after Russia massed troops near Ukraine.[1] N
Cyber threat actors are now using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines to take over an end user’s computer, researchers have found. It is one of a number of stealthy ways threat actors recently have been targeting desktop users through trusted applications they use daily, using emails that are designed to evade security detections and appear legitimate.
New research from Avanan https://avanan.co
It is estimated that North Korea (KP) is continuing to steal hundreds of millions of dollars from financial institutions and cryptocurrency firms and exchanges. This stolen currency is an important source of funding for its nuclear and missile programs, UN experts said in a report quoting cyber specialists. The panel of experts said that according to an unnamed government, North Korean “cyber-actors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchan
Merchant tanker and barge shipments in and out of Europe’s biggest oil hub have been delayed by up to a week as four storage companies work to resume operations after cyber-attacks. Since the end of last week, storage company Oiltanking and oil trading firm Mabanaft, both owned by Germany’s Marquard & Bahls, have been hit by hackers. Belgium’s SEA-TANK and Dutch fuel storage firm Evos have also been affected.
The companies have had to suspend some operations, affecting oil flows in the Netherl
Scientists and technology visionaries have envisioned a day when computers become so powerful that they become smarter than the human race. There is no shortage of science fiction stories and movies about robot uprisings. We are still far from that scary scenario (we hope), but at the same time, artificial intelligence (AI) is no longer sci-fi. Many applications of AI abound today in business and it is now being used in some creative professions.
New behavioral experiments by Alok Gupta from the
German car dealers and distributors have found a new use for blockchains: acquiring and financing their customers quickly and with less paperwork than traditional bank loans. Using Ethereum smart contracts – computer protocols that facilitate, verify or enforce the negotiation of an agreement – dealerships can provide their clients with immediate access to fiat currencies through dealer credit applications. But this family-owned dealership has embraced the blockchain by incorporating cryptocur
The Conti gang strikes again, disrupting the grocery store supply chain and threatening supermarket shelves that could stay empty for weeks. KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March 2022 at the earliest. For our US readers, Brits call potato chips, crisps. You say potato; I say potaaato.
The British company said that the Conti gang was behind the s
The concept of computer security has only recently shifted from individual services, such as installing and operating virus and network firewalls on individual terminals, to interconnected and integrated services. These interconnected and integrated services aid organizations in not only terms of functionality but also efficiency. The need for and importance of endpoint security was demonstrated in 2003 by the SQL Slammer worm (which caused extensive damage to network systems).
The SQL Slammer w
A 19-year-old security researcher said he was able to hack into over 25 Teslas from around the world. Recently the young hacker published a blog post explaining how he was able to remotely hack into the cars via security bugs in TeslaMate, a popular open source logging tool that tracks anything from the Tesla's energy consumption to location history. The teenager hails from Dinkelsbühl, Germany and first revealed news of the vulnerability on Twitter earlier in January, but waited to fully deta
Link to full report: IR-22-035-001_weekly035.pdf
Democratic lawmakers on the House Committee on Financial Services on 27 January 2022 outlined nine (9) provisions of the proposed America COMPETES Act of 2022 one of which has been criticized by the cryptocurrency community for potential privacy and due process concerns.
Committee Chairwoman Maxine Waters, D-Calif., says the America Creating Opportunities for Manufacturing Pre-Eminence in Technology and Economic Strength or COMPETES Act will "strengthen the competitiveness of the US economy and
The US government has urged organizations to shore up defenses "now" in response to website defacements and destructive malware targeting Ukraine government websites and IT systems this week.
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new 'CISA Insights' document aimed at all US organizations, not just critical infrastructure operators. The checklist of actions is CISA's response to this week's cyberattacks on Ukraine's systems and websites, which the country
The US Department of Justice, FBI's Internet Crime Center (IC3) is warning that scammers are exploiting verification weaknesses in job-focused networking sites to post legitimate looking ads, capture personal information and steal money from job seekers. Scammers "continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," authorities warn in a new public service announcement. Se
Conti ransomware was first discovered in December of 2019 and has become one of the most prominent ransomware platforms to date. The Conti Ransomware as a Service (RaaS) platform gained international attention in May of 2021 when it was used to shutdown Ireland’s Health Service Executive (HSE). The group has shown no signs of slowing down with notable attacks reported in the United States, Australia, United Kingdom, Taiwan, and Indonesia in the past two and a half months.
The most recent attack
Previous attacks from the Iranian Phosphorus APT (aka Charming Kitten, APT35) are well documented. Recently a new set of tools incorporated into the group's arsenal, and a connection with the Memento ransomware, have been discovered. Researchers from have detected a new and undocumented PowerShell backdoor that supports downloading malware such as a keylogger and an infostealer. The code runs in the context of a .NET app without launching powershell.exe and thus avoiding detection.
