Link to full report: IR-22-098-001_weekly098.pdf
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-097-001_IntelSummary097.pdf
The US Justice Department announced on 06 April 2022 a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the US government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU).
The malware called “sandworm” is infecting users’ systems, t
Ransomware is a constant thorn in the side of cyber security professionals worldwide. Hive Ransomware stormed onto the scene in June of 2021 and in their first six months, from June to December of 2021 they managed to compromise 355 companies. The group made headlines for targeting IT, real estate, and healthcare organizations, prompting an FBI Alert sharing the Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the group in late August.
Recently the
Electricity, oil and gas and other critical infrastructure vital to any country’s day to day lives is increasingly at risk from cyber-attackers who know that successfully compromising industrial control systems (ICS) and operational technology (OT) can enable them to disrupt or tamper with vital services. A report from cybersecurity company Dragos[1] details ten different hacking operations which are known to have actively targeted industrial systems in North America and Europe and its warned t
They say “Birds of a Feather, Flock Together.” This holds true with criminal hackers. Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]
Link to full report: TR-22-095-002_Fin7.pdf
[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/
Those readers who have children have already built a sandbox and watched the contents be tracked into their house. What I will be describing is a different type of sandbox or some have referred to it as a “Cuckoo box.” Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it; build your own environment or use third-party solutions. Here are some “easy” steps required to create a custom malware sandbox where you can perform a proper a
With the worldwide push to stamp out the internal combustion engine and push electric vehicles; a research study on how to thwart the charging process of EVs was introduced. University of Oxford researchers in the UK, in collaboration with Switzerland and the UK’s Armasuisse federal agency, identified a novel attack method that let them remotely force EVs to abort charging. The attack method called Brokenwire works by sending malicious signals wirelessly to the targeted vehicle to cause electr
Today is April Fools' Day, but sound Cyber Security is No Joke. Call us for protection.
The 2022 Major League Baseball season is set to kick off next week, which means fans everywhere are trying to gauge how their team stacks up to the competition. To prepare for the season Wapack Labs has skipped the analysis of Batting Averages, RBI’s, and On-Base Percentages in favor of measuring each team’s cyber security posture.
Horizon Actuarial Services, LLC provided notice regarding a data privacy incident that occurred on 12 November 2021. The incident involved the theft of data inclu
Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-090-001_IntelSummary090.pdf
Globalism is an ideology based on the belief that people, information, and goods should be able to cross national borders unrestricted, while globalization is the spread of technology, products, information, and jobs across nations. Within one week of the Russian invasion of Ukraine, governments around the world passed some of the toughest and most coordinated sanctions in modern history. At lightning speed, dealings with the Russian Central Bank and Russian travel to and through 33 countries’
The Ronin Network announced yesterday that hackers have stolen more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date. The company, which is tied to the popular blockchain game Axie Infinity, said in a Substack post that they suffered a security breach on March 23. Sky Mavis, a blockchain gaming company, built and controls the Axie Infinity game.
The hack involved the
Recently, a cyber threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. The result is that he/they are receiving “Free money” ATMS.
Threat intelligence researchers are tracking the cluster under the name of UNC2891, with some of the group's tactics, techniques, and procedures sha
Proofpoint released a new report this week about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day. Bad actors are using the promise of easy money to steal personal data or trick victims into committing money laundering. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” said Proofpoint. “They are very concerning for universities especial
The US Federal Communications Commission (FCC) has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This is the first time a Russian company has been added to the list, which is otherwise made up of Chinese companies, like Huawei and ZTE.[1]
Businesses in the US are barred from using federal subsidies provided through the FCC’s Universal Service Fund to purchase any products
Last Monday, the current US administration released a “Statement by President Biden on our Nation’s Cybersecurity,” followed by public statements where Biden warned about the prospect of a Russian cyberattack, saying “it’s coming.” Both the written and verbal comments reinforced the fact that “the federal government can’t defend against the threat alone” and Biden went on to tell US critical infrastructure owners that “under US law…the private sector…largely decides the protections that we will
Link to full report: IR-22-084-001_weekly084.pdf
For years, cyber threat professionals have warned against installing Kaspersky on any computer. Now, German cybersecurity agency BSI on 16 March 2022 urged consumers not to use anti-virus software made by Russia's Kaspersky, warning the firm could be implicated in hacking assaults amid Russia's war in Ukraine. Russia's military and intelligence activities in Ukraine, and its threats to EU and NATO allies, particularly Germany, mean there is "a considerable risk of a successful IT attack", the
Since declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy. It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.
Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers. In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack
