Tag: Bay | SpinSafe

FBI-led takedown keeps crims at bay for just 3 months • The Register

December 19, 2023/in Internet Security

Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.

Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack attempts are currently low in volume.

The gang targets the hospitality sector, initially using phishing emails containing malicious PDF attachments that they’ve doctored to look like they come from the US Internal Revenue Service (IRS).

When opened, the PDF presents the target with an error screen indicating a preview of the document isn’t available, alongside a button to download the document from “AdobeCloud.”

Germán Fernández, security researcher at CronUp, said the same PDF template was used by Pikabot operators just days earlier – Windows malware that shares many similarities with Qakbot. Both are being associated with attacks from the group Proofpoint tracks as TA577.

Clicking the button in the PDF led to the download and installation of Qakbot, which Microsoft said may have been an updated payload. The previously unseen version, 0x500, was generated on December 11, according to its analysis.

The team at Zscaler ThreatLabz confirmed that the payload was updated, and the new version has a 64-bit architecture, uses AES for network encryption, and sends POST requests to path /teorema505.

Two researchers at Proofpoint, Tommy Madjar and Pim Trouerbach, also confirmed they had spotted updated Qakbot activity, but the new features only amount to “minor tweaks.”

They added that the new Qakbot activity goes back to November 28, roughly two weeks further than December 11 – the date Microsoft first spotted it.

Qakbot’s takedown

August saw the conclusion of Operation Duck Hunt with what authorities said at the time was a takedown of Qakbot, seizing its infrastructure and 20 of its operators’ crypto wallets.

The FBI, which oversaw Op Duck Hunt, said it was “the most significant technological and financial operation ever led by the Department of Justice against a botnet.”

The operation was also supported by authorities in the UK, France, Germany, the Netherlands, and Latvia, but didn’t result in any…

Source…

Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware

July 12, 2023/in Internet Security

One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit.

ZooTampa confirmed to Recorded Future News that it recently discovered an incident that impacted its network environment.

“Upon detecting the incident, the Zoo took swift action and promptly engaged third-party forensic specialists to assist us with securing the network environment and investigate the extent of the unauthorized activity. ZooTampa also contacted and are working with federal law enforcement,” a spokesperson said.

The organization notified employees and vendors whose information may have been accessed, while it continues to investigate.

“ZooTampa does not store personal or financial information on daily visitors or members,” they said.

The zoo, which is consistently ranked in the country’s top 10, is run by a nonprofit and was designated a center for Florida wildlife conservation and biodiversity by the state government. It is in the process of raising funds for a $125 million renovation announced in December.

The spokesperson did not respond to further questions about whether the attack involved ransomware, but on July 5 the BlackSuit ransomware gang claimed to have attacked the zoo.

Con … oops … I mean, *Black Suit* has listed #ZooTampa (there’s a pun to be made here, I’m sure – @uuallan? @AShukuhi?) #ransomware #BlackSuit 1/2 pic.twitter.com/FExzpaJ1tU

— Brett Callow (@BrettCallow) July 5, 2023

The group is relatively new, having first appeared in May, and has posted three victims to its extortion site, according to Recorded Future ransomware expert Allan Liska. The Record is an editorially independent unit of Recorded Future.

According to Liska, the group appears to have ties to the Royal ransomware gang, which is responsible for headline-grabbing attacks on the city of Dallas and more. Both BlackSuit and Royal also have ties to the now defunct Conti ransomware group, which disbanded last June and splintered into several new gangs, according to experts.

While the BlackSuit group is new, the operators are likely experienced due to their work with Conti…

Source…

Oakland Police Union Seeking Damages Suffered in Ransomware Attack on City – NBC Bay Area

April 4, 2023/in Internet Security

Oakland police officers have filed a claim against the city for damages suffered due to the ransomware attack on the city in February, officials with the police union said Monday.

The claim was filed Thursday by attorneys for the Oakland Police Officers’ Association, which represents more than 700 officers.

The union is asking for monetary compensation as well as credit monitoring services, bank monitoring services, credit restoration services and identity theft insurance.

“Having to file this legal claim is disappointing,” said police union President Barry Donelan in a statement. “Oakland employees trusted the city with their personal and confidential data, and the city failed them by releasing it through a combination of incompetence and negligence.” City officials, including the mayor’s office, said last week that they would meet with the police union following a threat of litigation.

As of Monday, there hasn’t been a meeting, but union officials said they are optimistic a meeting will occur.

A spokesperson for Mayor Sheng Thao on Monday referred a request for comment to City Attorney Barbara Parker’s office.

Parker’s office did not have a comment Monday, saying the office just received the claim and has not had time to review it. The city was closed Friday for Cesar Chavez Day.

The ransomware attackers released private, personal information of police officers, Donelan said. Reportedly, other employees’ private information was released, too.

The attack started Feb. 8. The attackers crippled the city’s information technology systems and demanded ransom to free the systems.

Attorneys for the police union said the city was repeatedly warned in the past and recently of “significant deficiencies in the security of its information technology systems,” according to the claim filed Thursday.

The claim was filed by the police union’s attorneys Rains, Lucia, Stern, St. Phalle and Silver and is a precondition for filing a lawsuit against the city, attorney Rockne Lucia Jr. said.

“We are currently evaluating all of our options and will make a determination on how to protect the interests of the members of the OPOA in the next few weeks,” Lucia said by email….

Source…

EQT Ventures portfolio company Baffin Bay Networks acquired by Mastercard

March 23, 2023/in Internet Security

Stockholm-based Baffin Bay Networks has been acquired by payments tech giant Mastercard for an undisclosed sum. The purchase from Purchase aims to add Baffin Bay’s cybersecurity offer to bolster businesses with further armour in an increasingly challenging cyberattack landscape.

Founded in 2017 by a group of cybersecurity professionals, Baffin Bay Networks offers a cloud-first threat protection platform that leverages AI to mitigate attacks from the IP layer right on through to the application layer.

The platform also continuously improves as it adds customers since learnings from one attack are shared across networks, creating what Baffin Bay Networks calls a “herd immune system”.

Backed solely by EQT Ventures, in early January 2019, the firm announced its expansion to the US via the acquisition of botnet and IoT research startup Loryka.

Building from strength to strength, Baffin Bay Networks’ lineage and timing couldn’t be better (?). Positioned as it is, the company is playing its part in staving off cyber criminal activities and post-acquisition will see its offer funneled into Mastercard’s single cyber service, a service provided to customers around the world and one that includes RiskRecon. This data analytics tool enables organisations to identify vulnerabilities well in advance of any nefarious actors exploiting them.

Where Baffin Bay fits into the mix is by shoring up operations on the automated Threat Protection service, which helps to stop attackers from penetrating or taking down cyber systems.

“Our cloud-based Threat Protection service provides a simple and effective way to safeguard against application and network-level attacks,” said Joakim Sundberg, founder, and chief technology officer at Baffin Bay Networks. “Our two companies share this vision: to provide our customers with security and trust. We are thrilled to join the Mastercard family to expand our impact across the globe.”

Source…

Tag Archive for: Bay

Qakbot’s takedown