X-Industry

In the US Great Depression, there was a song called, ‘Brother, can you spare a Dime.”  Now it is $25.00.  In 2021, there has been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware attacks.  Some access has been offered at only $25.00.  How would you feel if your organization’s network access was on the “Bargain Rack?”

Researchers at cybersecurity company Group-IB a

It has been over two years since the UK’s data protection watchdog warned the behavioral advertising industry that it is ‘totally out of control.’  The UK’s Information Commissioner's Office (ICO) reportedly has not taken any action to stop the systematic unlawfulness of the tracking and targeting industry abusing Internet users’ personal data to try to manipulate their attention.  That is not in terms of enforcing the law against offenders and stopping what digital rights campaigners have descr

Activity Summary - Week Ending on 3 December 2021:

• Red Sky Alliance identified 35,939 connections from new IP’s checking in with our Sinkholes
• Dauction.ru has Issues
• Analysts identified 4,712 new IP addresses participating in various Botnets
• Unpatched Information & Windows
• PowerShortShell
• Banking Trojans and the Play Store
• Vestas Wind Systems
• US Military Veterans Targeted
• IKEA and the SquirrelWaffle
• WSpot in Brazil
• Walmart and Cyber Monday

Link to full report: IR-21-337-001_weekly337a.pdf

Don’t ignore those pesky emails from HP requesting that you download the most recent software updates.  Vulnerabilities in more than 150 multi-function printers from HP demonstrate that any type of device that connects to a network can expand the perceived threat surface.  Helsinki, Finland-based F-Secure  https://www.f-secure.com/us-en  found exploitable vulnerabilities in more than 150 HP multi-function printers.  It reported its findings to HP in the spring of 2021.  HP has updated the printe

The Five Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.  What effects one of these partner countries will affect all of them.  China, Russia and Iran pose three of the biggest threats to the U.K. in a fast-changing, unstable world, the head of Britain’s foreign intelligence agency said 29 November 2021.  M

It is never easy to negotiate with criminals, especially in the cyber-world we live in.  Organizations that fall victim to a ransomware attack should never let the cyber criminals know they have cyber insurance, because if the attackers know that their victim holds an insurance policy, they are more likely to outright demand the ransom payment in full.  Criminals are smart and cunning.

Cybersecurity researchers recently examined over 700 negotiations between ransomware attackers and ransomware v

It is the most wonderful time of the year… unless you get scammed. The holiday shopping season is in full swing, and so are fraudsters looking to steal your money and more.  With more people shopping online, digital retailers make getting your holiday shopping done easy; you can buy what you need without going outside.  It also comes with its own unique risks. Digital payment fraud has been growing with criminals paying special attention to the Black Friday shopping season.

 “The total number of

In today’s business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships.  Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity.  There have been cyber-attacks on companies during M&As, yet there is a growing concern with M&A activities and cyber security.

The use of alt

State-sponsored hacking groups, also known as advanced persistent threats (ATPs), have adopted this year a new attack technique called “RTF Template Injection,” which has brought a new twist and made their attacks harder to detect and stop.   Proofpoint is reporting that APTs from China, Russia, and India are already exploiting this technique, which they also expect to see adopted by financially-motivated threat actors as well.

So, what the heck is RTF Template Injection?  Called RTF Template In

There seems to be a pattern in data breach and other cyber-attack cases.  After a data breach, a company often turns to its insurer for coverage.  Some companies have specialized cyber insurance and sometimes it does not.  Yet, even if businesses have paid for what they believe to be comprehensive cyber security risk insurance, the insurer may refuse to pay the claim.  Insurers often have many reasons for refusing coverage such as a failure to notify in a timely fashion, failure to mitigate cost

Nobody wants to believe they’ll fall for a scam.  Especially not any of you, my intelligent, savvy, and OPSEC-conscious friends!  Your radar is always on and carefully protecting your personal information, so you’d never click the link in that fortune-promising email, you’d never open an unexpected file attachment, and you’d certainly never send some stranger a document with your personal details on it, that’s inconceivable.  Or is it?  A recent blog post on Hatless1der.com explains the developm

An advanced malware operation on Discord utilizes the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities.  Babadeda is a crypter used to encrypt and obfuscate malicious payloads in what appear to be harmless application installers or programs.  Starting in May 2021, threat actors have been distributing remote access trojans obfuscated by Babadeda as a legitimate app on crypto-themed Discord channels.  Due to its complex obfuscation, it has a very low AV detection

Are hackers better at using AI than defenders?  “There are three parts of any security strategy. You want to be able to detect, to prevent, and to respond,” says the Global Chief Technology Officer of Dell Technologies.  “It turns out that in the 'detect' area, we are well underway.  If you are using a security event information-management service or managed-security service provider, and they are not already using high degrees of advanced machine intelligence to detect threats, you already lost

Microsoft (MS) announced recently that data collected by its network of honeypot servers, that most brute-force attackers primarily attempt to guess short passwords, with very few attacks targeting credentials that are either long or contain complex characters.

“I analyzed the credentials entered from over >25 million brute force attacks against SSH.  This is around 30 days of data in Microsoft’s sensor network,” said a security researcher at Microsoft.  77% of attempts used a password between 1

Activity Summary - Week Ending on 24 November 2021:

• Red Sky Alliance identified 26,071 connections from new IP’s checking in with our Sinkholes
• Analysts identified 2,849 new IP addresses participating in various Botnets
• DigitalOcean in the Cross-Hairs Again
• Magniber Ransomware
• Ransomware Still #1
• Attack Framework - Left to Right
• Core to the Edge
• Iran Cyber Bullies & Mahan Airlines
• Asia Financial Targets
• CBDC
• Environmentalists Sharing the Brave New World

Link to full report: IR-21-328-001_weekl

Phishing Emails are being used with small font size to bypass security filters.  Researchers at Avanan have spotted phishing emails that are using a font size of one (1) to fool email security scanners.  The emails appear to be password expiration notifications from Microsoft 365.  The attackers have inserted benign links that are invisible to the human eye, but trick security scanners into viewing the email as a legitimate marketing email.

“In this attack, hackers utilize a number of obfuscatio

A new Android banking trojan has been discovered targeting international banks and cryptocrrency services from the United Kingdom, Italy and the US.  Twenty-two instances have been reported so far.  The malware, first detected at the end of October 2021, appears to be new and is still being developed.  It was discovered by Cleafy, an Italian fraud detection and prevention firm.  Cleafy calls it ‘SharkBot’, named after the frequency of the word ‘sharked’ in its binaries.

SharkBot is not found in

A bipartisan group of state attorneys general said on Thursday they had opened an investigation into Meta, the company formerly known as Facebook, for promoting its social media app Instagram while knowing of mental and emotional harms caused by Instagram. 

As of now, 11 US states are involved in the investigation, including California, Florida, Kentucky, Massachusetts, Minnesota, Nebraska, New Jersey, New York, Oregon, Tennessee and Vermont, as well as the District of Columbia.  The Massachuset

Activity Summary - Week Ending on 19 November 2021:

• Red Sky Alliance identified 22,393 connections from new IP’s checking in with our Sinkholes
• Analysts identified 5,918 new IP addresses participating in various Botnets
• Firsttheberg.net in France has a Compromised IP
• MBR Attacks
• Abcbot Linux Malware
• FatPipe
• Not Just the CISOs Problem
• Swedish Spoof
• The FBI is Cold?
• Lazarus Still Around
• UK Gamers

Link to full report: IR-21-323-001_weekly323.pdf

A new initial access broker named Zebra2104, has been providing entry points to ransomware groups such as MountLocker and Phobos, as well as espionage-related advanced persistent threat group StrongPity, with access prices starting at just $25, according to a new report.  Zebra2104 enters a victim’s network and sells that access to the highest bidder on underground forums in the dark web.  This process saves threat actor customers the time, effort, and expense of gaining a toehold in an organiza