On 12 May, the FBI Cyber Division issued a TLP:WHITE Private Industry Notification. This concerned a spear-phishing campaign distributing messages that masqueraded as financial institutions to push fake Windows apps containing remote access Trojans (RATs). The most recent attack impersonated a US-based financial institution to target an American renewable energy company. The spear-phishing email referenced …
The first quarter of 2021 saw a number of noteworthy developments in the darknet community. This included the DDoS attacks targeting WhiteHouse market and the shutdown of Joker’s Stash. There have also been some interesting emerging trends concerning ransomware groups that are likely to affect the threat landscape for the rest of the year. WhiteHouse …
Ransomware has continued to play a dominant role in the 2021 threat landscape alongside the unravelling SolarWinds saga and the recent wave of ProxyLogon attacks to deploy webshells on vulnerable Microsoft Exchange Servers [1, 2]. Since the start of the year, Cyjax analysts have tracked a malicious spam (malspam) campaign and cybercriminal operation, dubbed WizardSpider …
WizardSpider using legitimate services as cloak of invisibility Read More »
Since early February, Cyjax analysts have been tracking a mass spam campaign masquerading as Royal Mail parcel delivery notifications. We have observed large numbers of malicious domains being registered each day, typically using Namecheap as registrar and hosting service rather than any others. Multiple varieties of attacks have been detected that use both Royal Mail-themed …
On 16 March 2021, an important new report on national defence and foreign policy in the UK was published – ‘Global Britain in a competitive age’.[i] While in the report there is a focus on traditional forms of defence and the promise of an increase in spending on military hardware – including nuclear warheads – …
Phishing is nothing new: it has been around in some form since the earliest days of the internet and before – even postal mail had its own forms of phishing (and still does). Since the turn of the millennium, however, online services have boomed, creating an ever-increasing pool of targets for convincing phishing lures intended …
The nexus between geopolitics and cybersecurity manifested in the announcement of a ‘highly sophisticated’ supply-chain attack against one of the biggest network management systems in the USA, SolarWinds. The attack, announced on 14 December, is now known to have affected the majority of Fortune 500 companies, US military and government, Intel, Microsoft, and many others …
Geopolitical and Cybersecurity Weekly Brief – 21 December 2020 Read More »
2020 has seen a wide range of attacks and the evolution of the threat landscape. Ransomware attacks have dominated the headlines, alongside state-sponsored APT groups targeting the global COVID-19 response effort. New threat actors have emerged, and well-established groups have persisted undeterred, using upgraded tactics, techniques, and procedures (TTPs). #1 Global malicious email campaigns Throughout …
Financial Technology, or FinTech, comprises ‘computer programs and other technology used to support or enable banking and financial services’. The first ATM was opened in 1967 at Barclays bank branch in Enfield, UK. Since then, Fintech has evolved significantly to online banking and other platforms that facilitate the transfer and lending of money, making banking …
Threat analysts at Cyjax have uncovered multiple mass credential harvesting campaigns that have recently been targeting cybersecurity companies, government entities, and organisations in a range of other sectors. Reverse engineering these campaigns revealed the attacker’s infrastructure and stolen data store. Throughout July and August 2020, we detected two separate credential harvesting campaigns targeting accounts for …
Credential harvesting campaigns target governments and cybersecurity companies Read More »
