Trying not to walk in the dark woods. A way out of the Maze

Trying not to walk in the dark woods. A way out of the Maze

After numerous ransomware attacks since its appearance in May 2019, the popular Maze Team recently claimed the end of its criminal activity through a press release on its Dedicated Leak Site. The Maze Team is responsible for the development and maintenance of Maze Ransomware, one of the most advanced and infamous piece of malware in today’s threat landscape, and has been the first adversary to adopt the Double Extortion technique, which allows attackers to maximize their chance of making profit asking ransom payment both from operation recovering and from avoiding the disclosure of stolen data. Indeed, while for a period of time other threat actors had only threatened to release […]

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa report 2020: the pandemic’s effect on cybersecurity

Enisa (the European Union Agency for Cybersecurity) has recently published the eighth edition of its Threat Landscape Report (ETL) on cyber threats registered in the period between January 2019 and April 2020, describing the evolution of the current cybersecurity scenario in Europe and emphasizing in particular the serious effects of the Coronavirus pandemic on the sector. Overview of the Enisa 2020 report The new ETL-Enisa Threat Landscape 2020 report was produced with the support of the European Commission and EU Member States. The content of the ETL report is primarily based on literature available from open sources, such as articles, expert opinions, intelligence reports, security incident analysis and research reports, […]

Operation “Space Race”: reaching the stars through professional Social Networks

Operation “Space Race”: reaching the stars through professional Social Networks

At the beginning of May 2020, Telsy analyzed some social-engineering based attacks against individuals operating in the aerospace and avionics sector performed through the popular professional social network LinkedIn. According to our visibility, the targeted organizations are currently operating within the Italian territory and the targeted individuals are subjects of high professional profile in the aerospace research sector. Adversary used a real-looking LinkedIn virtual identity impersonating an HR (Human Resource) recruiter of a satellite imagery company with which it contacted the targets via internal private messages, inviting them to download an attachment containing information about a fake job vacation. Based on code similarities of analyzed pieces of malware, Telsy asserts, […]

Cybersecurity’s weakest link: the human factor

Cybersecurity’s weakest link: the human factor

The latest studies are further confirming a fact that, although already known, is still too often ignored: the human factor is the greatest source of risk for companies’ IT security. In this period, in which the pandemic has dramatically increased the use of smart working, finding a solution to this problem must become a top priority. The main risk for companies In a recent survey, the Proofpoint company and the “Let’s System” community questioned the CISOs (Chief Information Security Officers) of 138 Italian companies, asking what were currently the worst threats for companies: according to 85% of them, the greatest risk is posed by phishing and social engineering attacks targeting […]

Cloud, Edge Computing and the future of cybersecurity

Cloud, Edge Computing and the future of cybersecurity

Cloud Computing is today a fully consolidated and still expanding reality, but the exponential development of IoT and 5G technology is increasingly attracting attention to Edge computing, a new distributed computing model designed to bring data processing to as close as possible to where the latter was produced. The debate on which is the best system to adopt, especially with regards to IT security, is still heated, given that both systems have advantages and disadvantages according to the different applications. The advantages and vulnerabilities of the Cloud Cloud computing undoubtedly has several advantages, since it is a flexible and inexpensive system that has also already been proven by years of […]

Twitter attack: the three lessons to learn

Twitter attack: the three lessons to learn

The recent cyber-attack that hit Twitter has created a lot of media sensation, especially because it is the first time that one of the great global social media platforms has been compromised in such a vast and blatant way. Beyond the economic and image damage produced by the attack, this event must push us to make some broader considerations, starting from the implications for cybersecurity and privacy, up to the role that certain social networks have now assumed in the sphere of social and political life. The dynamics of the attack On July 15, 2020, between 8:00 PM and 10:00 PM UTC, several Twitter accounts of celebrities, each with millions […]

Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene

Recently Telsy observed some artifacts related to an attack that occurred in June 2020 that is most likely linked to the popular Russian Advanced Persistent Threat (APT) known as Venomous Bear (aka Turla or Uroburos). At the best of our knowledge, this time the hacking group used a previously unseen implant, that we internally named “NewPass“ as one of the parameters used to send exfiltrated data to the command and control. Telsy suspects this implant has been used to target at least one European Union country in the sector of diplomacy and foreign affairs. NewPass is quite a complex malware composed by different components that rely on an encoded file to […]

Ransomware: a threat to the present and the future

Ransomware: a threat to the present and the future

Ransomware has become an increasingly prominent threat to cyberspace security globally and the recent statistical data collected would seem to confirm this trend also for the years to come. What is ransomware and how it works The term “ransomware” refers to a type of malware that limits access to the device it infects, requiring a ransom to be paid to remove the limitation. Some forms of ransomware, for example, block the system and order the user to pay to unlock it, whereas others encrypt the user’s files instead, asking the user to pay a sum to make the files readable again. There are of course many variations of ransomware, but […]

Cyber war: the current scenario

Cyber war: the current scenario

The modern hybrid war Lately we hear more and more often about “hybrid” or “asymmetric” war, terms intended to explain a military strategy that mixes conventional war, irregular war and cyber war with other indirect attack methods, such as fake news and accusations in the legal or political field. With the evolution of hybrid war as a form of low intensity conflict during peacetime, the “battlefield” has therefore expanded to sectors and organizations that had never been involved in war before. In fact, today, world superpowers are often involved in low intensity conflicts that allow the forces involved to avoid getting caught up in traditional confrontation. The last front of […]

Steganography: from its origins to the present

Steganography: from its origins to the present

The term steganography refers to a technique that aims to hide communication between two interlocutors. The term is composed precisely of the Greek words στεγανός (covered) and γραφία (writing). Unlike encryption, which allows you to encrypt a message so as to make it incomprehensible if you do not have a key to decipher it, steganography aims to keep the very existence of the message away from prying eyes, by hiding it. The origins Traces of steganography already existed in ancient Greece, when Herodotus narrated two examples in his Stories, but the first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography […]