All posts by webmaster@telsy.com

The double extortion technique: the Campari case

The double extortion technique: the Campari case

In recent weeks the Campari group has suffered a serious ransomware attack of the so-called “double extortion” technique. The damage would amount to two terabytes of stolen data, with attached the threat to publish it if the company does not pay $15 million. The attack and the reaction of the company The ransom was carried out by the Ragnar Locker criminal group that, using the same technique, struck Capcom about a month ago, threatening the publication or auctioning of data. The nature of the information stolen from Campari remains confidential, even if the well-known Italian company has admitted the possibility of a loss – not quantified – of personal data […]

Cybersecurity and the implementation of smart working

Cybersecurity and the implementation of smart working

Faced with the unexpected health crisis, institutions and companies around the world are trying to facilitate the implementation of smart working through the dispersion of adequate rules and procedures. The widespread training of people involved in teleworking is urgent if we are to avert the real risk of cyber-attacks, for profit or political destabilization, aimed at public, corporate or personal networks and systems. The introduction of digital devices in the workplace such as smartphones and tablets has undoubtedly increased productivity, while exposing companies to a greater risk of  cyber-attacks. A threat that is all the more tangible and probable the more time employees spend working on these devices, especially remotely. […]

QNodeService stepped up its features while operated in widespread credential-theft campaigns

QNodeService stepped up its features while operated in  widespread credential-theft campaigns

Since mid-year 2020, a new piece of malware emerged in the cyber threat landscape. It seems to be linked to the crimeware matrix due its main purpose and use, which is exfiltration of browsers and email services credentials against a fairly extensive range of potential targets. The group that operates this threat is currently unknown for us (internally tracked as RedMoon) but we know that it likely operates, at least for malware samples involving Italian assets, from a West Asia country and we noted it seems to be very focused on keeping their detection rates as low as possible. A variant of this threat was originally spotted by @malwrhunterteam on […]

Trying not to walk in the dark woods. A way out of the Maze

Trying not to walk in the dark woods. A way out of the Maze

After numerous ransomware attacks since its appearance in May 2019, the popular Maze Team recently claimed the end of its criminal activity through a press release on its Dedicated Leak Site. The Maze Team is responsible for the development and maintenance of Maze Ransomware, one of the most advanced and infamous piece of malware in today’s threat landscape, and has been the first adversary to adopt the Double Extortion technique, which allows attackers to maximize their chance of making profit asking ransom payment both from operation recovering and from avoiding the disclosure of stolen data. Indeed, while for a period of time other threat actors had only threatened to release […]

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa (the European Union Agency for Cybersecurity) has recently published the eighth edition of its Threat Landscape Report (ETL) on cyber threats registered in the period between January 2019 and April 2020, describing the evolution of the current cybersecurity scenario in Europe and emphasizing in particular the serious effects of the Coronavirus pandemic on the sector. Overview of the Enisa 2020 report The new ETL-Enisa Threat Landscape 2020 report was produced with the support of the European Commission and EU Member States. The content of the ETL report is primarily based on literature available from open sources, such as articles, expert opinions, intelligence reports, security incident analysis and research reports, […]

Operation “Space Race”: reaching the stars through professional Social Networks

Operation “Space Race”: reaching the stars through professional Social Networks

At the beginning of May 2020, Telsy analyzed some social-engineering based attacks against individuals operating in the aerospace and avionics sector performed through the popular professional social network LinkedIn. According to our visibility, the targeted organizations are currently operating within the Italian territory and the targeted individuals are subjects of high professional profile in the aerospace research sector. Adversary used a real-looking LinkedIn virtual identity impersonating an HR (Human Resource) recruiter of a satellite imagery company with which it contacted the targets via internal private messages, inviting them to download an attachment containing information about a fake job vacation. Based on code similarities of analyzed pieces of malware, Telsy asserts, […]

Cybersecurity’s weakest link: the human factor

Cybersecurity’s weakest link: the human factor

The latest studies are further confirming a fact that, although already known, is still too often ignored: the human factor is the greatest source of risk for companies’ IT security. In this period, in which the pandemic has dramatically increased the use of smart working, finding a solution to this problem must become a top priority. The main risk for companies In a recent survey, the Proofpoint company and the “Let’s System” community questioned the CISOs (Chief Information Security Officers) of 138 Italian companies, asking what were currently the worst threats for companies: according to 85% of them, the greatest risk is posed by phishing and social engineering attacks targeting […]

Cloud, Edge Computing and the future of cybersecurity

Cloud, Edge Computing and the future of cybersecurity

Cloud Computing is today a fully consolidated and still expanding reality, but the exponential development of IoT and 5G technology is increasingly attracting attention to Edge computing, a new distributed computing model designed to bring data processing to as close as possible to where the latter was produced. The debate on which is the best system to adopt, especially with regards to IT security, is still heated, given that both systems have advantages and disadvantages according to the different applications. The advantages and vulnerabilities of the Cloud Cloud computing undoubtedly has several advantages, since it is a flexible and inexpensive system that has also already been proven by years of […]

Twitter attack: the three lessons to learn

Twitter attack: the three lessons to learn

The recent cyber-attack that hit Twitter has created a lot of media sensation, especially because it is the first time that one of the great global social media platforms has been compromised in such a vast and blatant way. Beyond the economic and image damage produced by the attack, this event must push us to make some broader considerations, starting from the implications for cybersecurity and privacy, up to the role that certain social networks have now assumed in the sphere of social and political life. The dynamics of the attack On July 15, 2020, between 8:00 PM and 10:00 PM UTC, several Twitter accounts of celebrities, each with millions […]

Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]

Utilizzando il sito, accetti l'utilizzo dei cookie da parte nostra. maggiori informazioni

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close