X-Industry

With criminals beginning to use deepfake video technology[1] to spoof an identity in live online job interviews, security researchers have highlighted one simple way to spot a deepfake: just ask the person to turn their face sideways.  The reason for this as a potential handy authentication check is that deepfake AI models, while good at recreating front-on views of a person's face are not adequate for presenting side-on or profile views like those seen in a mug shot.

Camera apps have become inc

During the current proxy ‘WWIII,’ Russia and Ukraine continue to battle on the cyber side of the war between the two nations.  Both sides have launched cyber-attacks against each other in offensive ways, such as Russian threat actors taking over radio stations to spread misinformation of Ukraine’s President.  Current events show that the hacking might be getting a lot more serious and could cost more lives.

Pro-Russia hacking groups claim that they have developed "a new type of attack" that can

It was once the case that only governments had the technical ability to penetrate secure data, telecoms networks and the devices connected to them.  The threat now posed by private firms with cyber capabilities that rival the world’s most skilled spy agencies, is not widely known.  The lucrative spy-for-hire industry targets people and organizations with aims to collect their intelligence information and monitor/analyze them to infiltrate their tech devices.  These operations will silently get t

The threat actor who recently breached Twilio systems also targeted Cloudflare, and a few of the web security company’s employees fell for the phishing messages.   Twilio recently revealed that it became aware of unauthorized access to some of its systems on 04 August 2022.  An investigation showed that the attackers had tricked some of its employees into providing their credentials, which they then used to access internal systems and obtain customer data.[1]   The threat actor sent phishing tex

Activity Summary - Week Ending on 12 August 2022:

• Red Sky Alliance identified 23,968 connections from new IP’s checking in with our Sinkholes
• ril.com Hit
• Analysts identified 765 new IP addresses participating in various Botnets
• Zeppelin Ransomware
• Exim
• SmokeLoader
• RapperBot
• AiTM Phishing
• BlenderBot
• PortDoor & CotSam

Link to full report: IR-22-224-001_weekly224.pdf

There was once an unwritten moral code among cyber hackers that they would never attack vulnerable businesses like health care.  Well, those disingenuous hacker ethics are out the door; have been for awhile.  After dealing with the hack of the UK’s NHS controlled ambulance service last week[1], malicious hackers are now holding an IT firm that supplies NHS ‘trusts’ to ransom following a cyber-attack.  NHS trusts are public sector bodies established by parliamentary order through the UK Secretary

Finland’s parliament website was temporarily shut down on Tuesday, 9 August, following a cyber-attack that coincided with the US’s move to admit the Nordic country to the North Atlantic Treaty Organization (NATO).  The Finnish parliament said in a statement on Twitter that a denial-of-service attack hit the parliament’s external websites at around 2:30 pm local time.  “The Parliament takes steps to limit the attack together with service providers and the Cybersecurity Center,” the statement said

We have cautioned on numerous times to, “Let’s the Buyer Beware.”  Online financial scams continue to run rampant, and people keep falling for them.  Researchers have uncovered a huge network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.  The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims.  The goal of the operation is to trick users in

According to cyber threat researchers, phishing incidents are on the rise and will not wane due to their effectiveness as the first step to injecting malware into a target’s network.  A recent report shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques.  Although technical solutions protect against phishing threats, no solution is 100% effective.  This is the reason why; companies should involve their emp

A suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.”  This the company wrote on its Facebook page.  “We are therefore closed until we know the extent [of the attack].  We hope to be able to open stores again soon,” it wrote.

There are 176 7-Eleven stores in Denmark.  The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats.    The list comprises malware that has evolved over the past ten years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools.

The agencies listed the top malware strains of 2022:

• Agent Tesla (information stealer)
• AZORult (information stealer)
• Formbook (information stealer)
• Ursnif (banking Tro

“Due to a possible cyberattack, the German Chambers of Industry and Commerce (DIHK) has shut down its IT system as a precautionary measure for security reasons.  We are currently working intensively on a solution and defense.  After testing, the IT systems are successively started up so that the services for companies are then available again,” it said last week.  DIHK said it would inform the public as soon as the security of their systems had been fully restored.[1]

“We will inform you on this

In light of all of the Russian ransomware attacks on organizations worldwide, a dose of Schadenfreude is a welcome sign.  For our non-German readers: “Schadenfreude is the experience of pleasure, joy, or self-satisfaction that comes from learning of or witnessing the troubles, failures, or humiliation of another (especially an adversary). It is a borrowed word from German, with no direct translation, that originated in the 18th century.”

An unknown threat actor has been targeting Russian entitie

Even in the middle of a war, Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country.  The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000.

This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commande

Chinese developers have created a new command-and-control (C2) framework with features and functionality similar to Cobalt Strike and Sliver. The new framework is called Manjusaka.

Cisco Talos researchers have discovered the C2 framework in the wild running in parallel with Cobalt strike.  The initial investigation began with a Cisco Talos response to a Cobalt Strike beacon detection that was installed from a malicious Microsoft Word Document.  The document was sent in an email as an attachment

Activity Summary - Week Ending on 5 August 2022:

• Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
• Hetzner 10x
• Analysts identified 309 new IP addresses participating in various Botnets
• CloudMensis
• Lightning Framework
• Samba
• Google ADs for Malvertising
• Cyber Security in Ireland
• OneTouchPoint
• SharpTongue

Link to full report: IR-22-217-001_weekly217.pdf

As a cyber security professional and you are asked about the biggest cybersecurity threats facing business, which one springs to mind first?  Maybe it is relentless ransomware attacks, with cyber criminals encrypting networks and demanding vast sums for a decryption key, even from hospitals.  Or maybe it is a devious malware attack, which lets hackers hide inside the network for months on end, stealing everything from usernames and passwords to bank details.  To be sure, both are on the list.  T

The data stream that transmits human vital signs information from hospital patient monitors to a central hub can be hacked and falsified, according to cybersecurity researchers.  This highlights new concerns about medical device vulnerabilities.   Using a patient monitor and a compatible central monitoring station purchased from eBay, members of the McAfee Advanced Threat Research team were able to emulate and modify data coming from a patient monitor, including heart rate, oxygen levels and blo

From the Center for Security Policy: Over the past several years America has discovered that China has been carrying out various forms of espionage and intellectual property theft across the US, particularly targeting American companies in the tech sector.  Just this past week it was reported that components from the Chinese tech conglomerate Huawei installed in US telecommunications networks could disrupt communications at US nuclear bases.  While these companies set up American subsidiaries wh

Based on the US Federal Bureau of Investigation’s 2021 Internet Crime Report, there were 847,376 cybersecurity complaints last year, representing almost $7 billion in business losses.  That number is an increase from 301,580 claims representing $1.4 billion in losses in 2017.  All this even though businesses and governments spend billions of dollars to fight these attacks. Microsoft alone spends about $2 billion annually to address cybersecurity.  Why then, despite the big brains and big budgets