August Mag | Episode 2: Ransomware Trends in Second Quarter
Here you are.
Welcome to your most readable and elucidator newsletter page B'News, Biweekly Cybersecurity Newsletter from Brandefense Team.
In our newsletter episodes, you will find significant security news, some findings from the dark web, blogs, details of apt groups, and more and more...
So, Let's Begin!
Brandefense Ransomware Trends Report | Q2 2023
In preparing this report, the focus has been on the attacks carried out by various groups closely monitored by our analysts between April and June.
Brandefense analysts identified staggering ransomware incidents in Q1/2023 - Q2/2023 across the deep and dark web. They collected valuable details such as targeted organizations, countries impacted, data stolen during attacks, and demanded ransom payouts - all compiled into this comprehensive retrospective report on cybercrime activity worldwide.
For this report, Brandefense analysts covered 1383 cyber-attacks across 83 countries and 27 industries and deeply analyzed 41 ransomware groups.
Stay Secure and Vigilant!
News and Bites From Dark World
discord[.]io Hacked
During our CTI Team intelligence operations, it was observed that the database allegedly belonged to the discord[.]io site was put up for sale by threat actors. When the post was examined, it was seen that the database contained critical data such as;
-name,
-surname,
-e-mail address, and
-passwords of 760,000 users.
The threat actor claimed that access to the database continued. Following the post made by threat actors, Discord[.]io confirmed the data breach notification.
Backdoor Named from Ocean: Advanced Backdoor Attack "SUBMARINE"
Hackers used a sophisticated backdoor called “SUBMARINE” in recent attacks against Barracuda Email Security Gateway (ESG) appliances, the US Cybersecurity and Infrastructure Security Agency (CISA) revealed on Friday.
The backdoor was discovered by analyzing malware samples from an undisclosed organization that fell victim to threat actors exploiting a critical vulnerability in ESG devices, CVE-2023-2868 (CVSS: 9.8/10). This vulnerability allows remote command injection.
The attackers, suspected to be linked to China, exploited this zero-day vulnerability in October 2022 to gain initial access to their targets. They then deployed backdoors to ensure continued access and control. [Read More]
领英推荐
BlackCat, a.k.a AlphV, Attacked Seiko
Seiko Group Corporation, also known as Seiko, a Japanese-based maker of watches, clocks, and electronic devices, has been targeted by a ransomware group called AlphV.
Blogs vs. Researches: Choose Your Side
This episode's blog topic is "Supply Chain Security"
First thing first. What is the "supply chain"?
A supply chain is a dynamic network overseeing the creation, production, and delivery of goods or services to consumers.
The modern supply chain increasingly relies on sophisticated software solutions to optimize efficiency and coordination. It enhances real-time tracking, enabling stakeholders to monitor product movement closely and respond swiftly to disruptions, while data analytics provide insights that aid in risk mitigation and process improvement. In essence, software is now an integral part of a well-functioning supply chain, orchestrating its intricate processes precisely.?
And why do supply chain processes need to implement cybersecurity practices?
Organizations within the supply chain embrace digital transformation, integrating more digital tools, cloud solutions, and IoT devices. While these tools enhance operational efficiencies, they can also inadvertently introduce vulnerabilities if not deployed with security in mind.
The supply chain often facilitates the transfer of sensitive information and substantial financial transactions, making it a lucrative target for cybercriminals interested in financial gains or industrial espionage.
This sprawling network of interconnected systems provides a vast playground for cybercriminals.?
Research: Godfather Android Banking Trojan Technical Analysis
The Godfather Android banking trojan targeted more than 400 international financial companies between June 2021 and October 2022. Half of the targeted financial companies are banks, and the other half are cryptocurrency wallets and exchanges.
The Godfather’s targets include 49 US-based companies, 31 Turkish-based companies, and 30 Spanish-based companies. Financial service providers in Canada, France, Germany, England, Italy, and Poland are among the hardest-hit companies.
It stands out among malicious Android software as a significant threat. This malware targets financial and personal information, endangering users’ security. Key characteristics of Godfather include:
August APT Group Investigation: Anonymous Sudan
In June and July 2023, Anonymous Sudan shook the cyber world with a series of powerful DDoS attacks, significantly impacting various industries and online platforms, including Microsoft, SWIFT, and Riot Games.
Recent findings indicate a concerning affiliation between Anonymous Sudan and the pro-Russian hacktivist collective Killnet.
There are strong indications that the group might be state-sponsored Russian actors adopting the facade of Sudanese actors with religious motives, possibly to obscure their actions against Western targets. While the hacktivist group predominantly operates in English and Russian, their recent posts in Arabic appear to make cultural and nationalistic references to Sudan. Nevertheless, the timing of their first Arabic post coincided with security researchers questioning the group’s true ideological affiliations, raising doubts about their true motivations and origins.