OpenTIP, command line edition

From securelist.com

For more than a year, we have been providing free intelligence services via the OpenTIP portal. Using the web interface, anyone can upload and scan files with our antivirus engine, get a basic sandbox report, look up various network indicators (IP addresses, hosts, URLs). Later on, we presented an easy-to-use HTTPS-based programming interface, so that you could use the service in your own scripts and integrate it in existing workflow.

Read more…

Novel News on Cuba Ransomware: Greetings From Tropical Scorpius

From unit42.paloaltonetworks.com

Ransomware conceptual image, covering groups such as Cuba Ransomware aka Tropical Scorpius

Beginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Using our naming schema, Unit 42 tracks the threat actor as Tropical Scorpius.

Here, we start with an overview of the ransomware and focus on an evolution of behavior observed leading up to deployment of Cuba Ransomware. While this behavior was consistent for over a year, Unit 42 has observed some recent changes. This includes providing an overview of the ransomware’s functionality and algorithms, as well as covering the technical details of the tactics, techniques and procedures (TTPs) used by Tropical Scorpius. Specifically, this involves:

Read more…

Which malware delivery techniques are currently favored by attackers?

From helpnetsecurity.com

A wave of cybercriminals spreading malware families – including QakBot, IceID, Emotet, and RedLine Stealer – are shifting to shortcut (LNK) files for email malware delivery. Shortcuts are replacing Office macros – which are starting to be blocked by default in Office – as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware.

Read more…

Sophos warns about simultaneous Cyber Attacks

From cybersecurity-insiders.com

Cybersecurity firm Sophos has warned that many organizations across the globe are being targeted by simultaneous cyber-attacks, where a single corporate network is hit by multiple attackers. Research claims that the time frame to launch simultaneous cyber attacks varies and can be anything between a few days, weeks, or months.

Read more…

Intel, Amazon, and SpaceX asked to tuck into DARPA’s Space-BACN

From theregister.com

DARPA’s attempt to build an internetwork of communications satellites – which operates under the fabulous name Space-BACN – has tapped Intel, SpaceX and others to build kit that will make its planned “Space-Based Adaptive Communications Node” a reality.

As The Register detailed when Space-BACN was announced in late 2021, DARPA has taken note of the launch of many comms satellites by the likes of SpaceX’s Starlink and Amazon’s planned constellation of 7,774 satellites.

Read more…

Emotet Tops List of July’s Most Widely Used Malware

From infosecurity-magazine.com

Emotet was the most widely used malware in the wild in July, followed by Formbook and XMRig, a new report by Check Point Research (CPR) suggests.

In June 2022 CPR reported that Emotet had a global impact of 14%. July saw a 50% reduction in Emotet’s global impact, down to 7%, but despite this the malware remains in the top spot. 

“Emotet continues to dominate our monthly top malware charts,” explained Maya Horowitz, VP of research at CPR.

“This botnet continually evolves to maintain its persistence and evasion. Its latest developments include a credit card stealer module, meaning that enterprises and individuals must take extra care when making any online purchases.”

Read more…