Member Spotlight: Christy Elgee

RH-ISAC: What is your background in cybersecurity? Where did you get your training and education? Christy: My background is not originally in cybersecurity. I have only been working in cybersecurity for a little over a year. My background is actually in business. After earning my MBA, I began working at Hannaford, another company in the…

Read More

Campaign Dropping Cobalt Strike Beacons, RedLine Infostealer, and Amadey Botnet

A recent campaign drops Cobalt Strike Beacons, the RedLine Infostealer, and the Amadey Botnet with malicious scripts using two distinct methods. Context On September 28, 2022, Talos security researchers reported a campaign delivering Cobalt Strike beacons, the RedLine Infostealer, and Amadey botnet executables active since at least August 2022. Cobalt Strike is by far the…

Read More

New “NullMixer” Dropper Spreading Multiple Malware Families

A new dropper named “NullMixer” is spreading multiple malware families, including some seen regularly by the RH-ISAC community. Context On September 26, 2022, researchers at SecureList reported a new dropper they named “NullMixer” which spreads multiple malware families via malicious websites impersonating legitimate software downloads. According to SecureList, in addition to multiple malware families, NullMixer…

Read More

Reducing the Risk Bad Bots Pose to your Application Security

According to the 2022 Imperva Bad Bot Report, 27.7% of online traffic came from bad bots. For retail websites, it’s 23.6%. Bots routinely target retail sites with scalping and denial of inventory attacks, as well as fraud, gift card fraud, and account takeovers. The problem that many organizations are facing today is how to distinguish…

Read More

LockBit 3.0 Builder Code Leak Technical Analysis

On September 21, 2022, the LockBit 3.0 ransomware builder named “Black” was leaked online by a developer working for the LockBit threat group. On September 22, 2022, security researchers Yang HuiSeong and Jeong Hyunsik released a technical analysis of the code. The leaked code is currently available on GitHub. Threat Actor Details LockBit is a…

Read More