For the past month, a crimeware (crypto-mining) group infamously known as the 8220 Gang has expanded their botnet to roughly 30,000 global hosts. This through the use of Linux and common cloud application vulnerabilities and poorly secured configurations. In a recent campaign, the group was observed making use of a new version of the IRC botnet, PwnRig cryptocurrency miner, and its generic infection script.
Link to full report, with IOCs: IR-22-208-001_8220Gang.pdf
The average cost of data breaches in the hospitality industry was around $1.72 million in 2020. Hospitality includes Food & Beverage, Lodging, Recreation, Travel & Tourism and Meeting & Events industries. Simultaneously, the increased use of technology in the hospitality industry became prevalent, whereby businesses began deploying IoT devices, interconnected networks, digitalized services, etc. Unfortunately, the deployment of emerging technologies marked an increase in cyberattacks in the ho
For those of us Baby-Boomer who made our spending money cutting neighbors’ lawns on hot Mid-west summer afternoons, the following does not even seem fair. Husqvarna, the maker of autonomous home lawn mowers https://www.husqvarna.com/us/robotic-lawn-mowers/ that look something like RC tactical assault vehicles, is releasing an unusual software update to celebrate a lonely robot thousands of miles away. In early August 2022, the Curiosity Mars rover will turn ten years old. Following the softw
GPS, or Global Positioning Systems, have become a staple of our lives – especially in the transportation sector. Whether you are broadcasting your location for a rideshare or trying to find the quickest way to avoid traffic on your commute it seems that paper maps and printed directions have become a thing of the past. It comes as no surprise that the more we rely on interconnected devices the more susceptible to cyber attacks we become. This is exemplified through the Cybersecurity & Infras
On a daily basis, an average cyber security team receives tens of thousands of security alerts. Many analysts feel like they cannot get their heads above water during their shift. This work atmosphere leads to quick physical burnout and even apathy in the face of this volume of continuous, tedious work. HR surveys have found that some security analysts feel so overwhelmed they ignore alerts and even walk away from their computers. In fact, these surveys found that 70% of security teams feel
A new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates. The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm. The Diffie-Hellman key ex
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems. Entrust is a security firm focused on online trust and identity management, offering a wide range of services, including encrypted communications, secure digital payments, and ID issuance solutions. Depending on what data was stolen, this attack could impact a large number of critical, and sensitive, organizations who use Entrust for ident
The State of NJ NJCCIC continues to receive reports of stolen cryptocurrency and recently reported on observed tactics that often include the use of social engineering. The FBI issued a notification this week alerting financial institutions and investors that cybercriminals are creating fraudulent cryptocurrency investment apps to defraud cryptocurrency investors. The cybercriminals were observed contacting investors and convincing them to download fraudulent cryptocurrency investment mobile a
Link to full report: IR-22-203-001_weekly203.pdf
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associat
The US Justice Department announced on 19 July 2022 through a complaint filed in the US District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom payments. In May 2022, the Federal Bureau of Investigation (FBI) filed a sealed seizure warrant for the funds worth approximately half a million dollars. The seized funds include ransoms paid by health care providers in Kansas and Colorado. “Thanks to rapid reporting and cooperation
A group of actors originating from North Korea that Microsoft Threat Intelligence Center (MSTIC) tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name for its campaigns and has successfully compromised small businesses in multiple countries as early as September 2021.
Link to full MS report: IR-22-201-001_H0lyGh0st.pdf
Cybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure. Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites. The actors use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote a
The US Department of Justice (DOJ) announced recently that a man has been arrested and charged for allegedly selling fraudulent and counterfeit Cisco products. The suspect is 38-year-old Onur Aksoy of Miami, owner of Pro Network, who is allegedly also known as Ron Aksoy and Dave Durden. According to authorities, he was the CEO of at least 19 companies collectively tracked as Pro Network Entities the organization that bought fake Cisco networking equipment from China and Hong Kong and sold it
The US Department of Commerce's National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms for general encryption and digital signatures. NIST, a US standards-setting body and research organization within the Department of Commerce, announced the four algorithms after a six-year period of assessing potential quantum-resistant (QR) alternatives to today's cryptographic algorithms for public key encryption, digital signatures, and key excha
Fisherman are fans of worms for bait as most fish like them, yet cybersecurity professionals know that worms are bad. Worms have proven to be the most devastating force known to the computing world. The MyDoom worm holds the dubious position of most costly computer malware, responsible for some $52 billion in damage. And winning second place is Sobig, another worm.
Some investigators call MyDoom a virus, others call it a worm. It is known as My Doom and the Doom Virus. MyDoom is a serious
Link to full report: IR-22-196-001_weekly196.
Is Lamb Chop a hacker? Vulnerability coordination and bug bounty platform HackerOne recently disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," a spokesman said. "In under 24 hours, we worked quickly to contain the incident by identifying the then-employee and cutting off access to data.
Accountants may remember this phrase, “Figures do not lie, but liars’ figure.” After questioning some data results, people later were informed that when, the answer given was, “This is what the computer results showed.” As business people, there is a new “Expert” on its way and arguing with it may be useless.
In June 2022, Microsoft released the Microsoft Responsible Ai Standard, v2.[1] Its stated purpose is to “define product development requirements for responsible Ai.” Perhaps surprisingl
In a new tactic in the ransomware business, the LockBit cybercrime group has launched a bug bounty program promising money to people willing to share sensitive data that can be exploited in ransomware attacks. A recent tweet posted by the vx-underground account, which publishes malware samples, says that through the new bounty program, LockBit will pay for personally-identifiable information on “high-profile individuals, web security exploits and more.”
