Ransomware Review – July 2021

The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear …

Ransomware Review – July 2021 Read More »

Geopolitical and Cybersecurity Weekly Brief – 21 December 2020

The nexus between geopolitics and cybersecurity manifested in the announcement of a ‘highly sophisticated’ supply-chain attack against one of the biggest network management systems in the USA, SolarWinds. The attack, announced on 14 December, is now known to have affected the majority of Fortune 500 companies, US military and government, Intel, Microsoft, and many others …

Geopolitical and Cybersecurity Weekly Brief – 21 December 2020 Read More »

SolarWinds Supply Chain Attack: Summary and Analysis

One of the biggest network management systems (NMS) in the USA, SolarWinds, announced on 14 December that it was breached in a ‘highly sophisticated’ supply chain attack. SolarWinds’ Orion platform, used to monitor network devices and critical servers, had its update server compromised to push Trojanised DLL files dubbed SUNBURST or Solorigate. These malicious DLLs …

SolarWinds Supply Chain Attack: Summary and Analysis Read More »

Geopolitics and Cybersecurity Weekly Brief – 21 September 2020

Executive Summary Education remains a significant focus for threat actors as students receive exam results and return to schools and universities. Both the FBI and NCSC released warnings concerning ransomware targeting educational institutions, and student and faculty data is seriously at risk. In Germany, the ‘real world’ effects of a ransomware attack were felt when …

Geopolitics and Cybersecurity Weekly Brief – 21 September 2020 Read More »

Credential harvesting campaigns target governments and cybersecurity companies

Threat analysts at Cyjax have uncovered multiple mass credential harvesting campaigns that have recently been targeting cybersecurity companies, government entities, and organisations in a range of other sectors. Reverse engineering these campaigns revealed the attacker’s infrastructure and stolen data store. Throughout July and August 2020, we detected two separate credential harvesting campaigns targeting accounts for …

Credential harvesting campaigns target governments and cybersecurity companies Read More »

Geopolitical and Cybersecurity Weekly – 27 July 2020

COVID-19 Cybersecurity Update A study conducted by VMware Carbon Black has revealed that enterprises are reporting an increase in cyberattacks since restrictions on free movement have been implemented. There was a 92 per cent increase in COVID-19-inspired malware. Singapore saw a 43 per cent increase in the number of attacks; 67 per cent of them …

Geopolitical and Cybersecurity Weekly – 27 July 2020 Read More »

Geopolitical and Cybersecurity Weekly – 20 July 2020

COVID-19 Cybersecurity Update The US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) have disclosed new information regarding Russian threat group APT29 targeting research organisations worldwide. The group is believed to operate on behalf of the Russian intelligence services. The campaign against organisations participating in coronavirus (COVID-19) vaccine development also targeted …

Geopolitical and Cybersecurity Weekly – 20 July 2020 Read More »

Scroll to Top