August Mag | Episode 2: Ransomware Trends in Second Quarter
Brandefense Biweekly Cybersecurity Newsletter

August Mag | Episode 2: Ransomware Trends in Second Quarter


Here you are.

Welcome to your most readable and elucidator newsletter page B'News, Biweekly Cybersecurity Newsletter from Brandefense Team.

In our newsletter episodes, you will find significant security news, some findings from the dark web, blogs, details of apt groups, and more and more...

So, Let's Begin!


Brandefense Ransomware Trends Report | Q2 2023


In preparing this report, the focus has been on the attacks carried out by various groups closely monitored by our analysts between April and June.

Brandefense analysts identified staggering ransomware incidents in Q1/2023 - Q2/2023 across the deep and dark web. They collected valuable details such as targeted organizations, countries impacted, data stolen during attacks, and demanded ransom payouts - all compiled into this comprehensive retrospective report on cybercrime activity worldwide.

For this report, Brandefense analysts covered 1383 cyber-attacks across 83 countries and 27 industries and deeply analyzed 41 ransomware groups.

Stay Secure and Vigilant!

Download the Ransomware Trends Report


News and Bites From Dark World        


discord[.]io Hacked

During our CTI Team intelligence operations, it was observed that the database allegedly belonged to the discord[.]io site was put up for sale by threat actors. When the post was examined, it was seen that the database contained critical data such as;

-name,

-surname,

-e-mail address, and

-passwords of 760,000 users.

The threat actor claimed that access to the database continued. Following the post made by threat actors, Discord[.]io confirmed the data breach notification.



Click the image to read more details about the SUBMARINE backdoor attack

Backdoor Named from Ocean: Advanced Backdoor Attack "SUBMARINE"

Hackers used a sophisticated backdoor called “SUBMARINE” in recent attacks against Barracuda Email Security Gateway (ESG) appliances, the US Cybersecurity and Infrastructure Security Agency (CISA) revealed on Friday.

The backdoor was discovered by analyzing malware samples from an undisclosed organization that fell victim to threat actors exploiting a critical vulnerability in ESG devices, CVE-2023-2868 (CVSS: 9.8/10). This vulnerability allows remote command injection.

The attackers, suspected to be linked to China, exploited this zero-day vulnerability in October 2022 to gain initial access to their targets. They then deployed backdoors to ensure continued access and control. [Read More]



Not every blackcat is innocent. Click the image to find out more about BlackCat/AlphV

BlackCat, a.k.a AlphV, Attacked Seiko

Seiko Group Corporation, also known as Seiko, a Japanese-based maker of watches, clocks, and electronic devices, has been targeted by a ransomware group called AlphV.


Blogs vs. Researches: Choose Your Side        

This episode's blog topic is "Supply Chain Security"

First thing first. What is the "supply chain"?

A supply chain is a dynamic network overseeing the creation, production, and delivery of goods or services to consumers.

The modern supply chain increasingly relies on sophisticated software solutions to optimize efficiency and coordination. It enhances real-time tracking, enabling stakeholders to monitor product movement closely and respond swiftly to disruptions, while data analytics provide insights that aid in risk mitigation and process improvement. In essence, software is now an integral part of a well-functioning supply chain, orchestrating its intricate processes precisely.?

And why do supply chain processes need to implement cybersecurity practices?

Organizations within the supply chain embrace digital transformation, integrating more digital tools, cloud solutions, and IoT devices. While these tools enhance operational efficiencies, they can also inadvertently introduce vulnerabilities if not deployed with security in mind.

The supply chain often facilitates the transfer of sensitive information and substantial financial transactions, making it a lucrative target for cybercriminals interested in financial gains or industrial espionage.

This sprawling network of interconnected systems provides a vast playground for cybercriminals.?

Learn More about What is Supply Chain Security



“I have learned more from the streets than in any classroom.” - Don Vito Corleone

Research: Godfather Android Banking Trojan Technical Analysis

The Godfather Android banking trojan targeted more than 400 international financial companies between June 2021 and October 2022. Half of the targeted financial companies are banks, and the other half are cryptocurrency wallets and exchanges.

The Godfather’s targets include 49 US-based companies, 31 Turkish-based companies, and 30 Spanish-based companies. Financial service providers in Canada, France, Germany, England, Italy, and Poland are among the hardest-hit companies.

It stands out among malicious Android software as a significant threat. This malware targets financial and personal information, endangering users’ security. Key characteristics of Godfather include:

  • Objective and Threat: Godfather aims to seize users’ financial account information, identity data, and personal details. It can jeopardize users’ security, leading to financial losses and identity theft.
  • Operational Mechanism: Utilizing keylogging, Godfather monitors users’ keystrokes, stealing entered data and tracking user interactions.
  • Distribution Methods: This malware often spreads through fake applications or malicious websites. It increases infection risks by luring users into traps with deceptive content.
  • Data Transmission: Godfather can transmit captured data to a command and control server.

More about the Godfather Android Banking Trojan


August APT Group Investigation: Anonymous Sudan        
In June and July 2023, Anonymous Sudan shook the cyber world with a series of powerful DDoS attacks, significantly impacting various industries and online platforms, including Microsoft, SWIFT, and Riot Games.

Recent findings indicate a concerning affiliation between Anonymous Sudan and the pro-Russian hacktivist collective Killnet.

There are strong indications that the group might be state-sponsored Russian actors adopting the facade of Sudanese actors with religious motives, possibly to obscure their actions against Western targets. While the hacktivist group predominantly operates in English and Russian, their recent posts in Arabic appear to make cultural and nationalistic references to Sudan. Nevertheless, the timing of their first Arabic post coincided with security researchers questioning the group’s true ideological affiliations, raising doubts about their true motivations and origins.

Read More about Anonymous Sudan


Follow us on Twitter , and Telegram .


要查看或添加评论,请登录

社区洞察

其他会员也浏览了