Blog

Digital transformation efforts continue to accelerate and are pivotal for industries to sustain business and ensure growth. The major challenge is securing applications against malicious bots. Marshalling the resources to achieve this requires explaining the quantitative and qualitative impacts bots have on your business in terms your board and C-Suite will understand. As a business…

Context During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and…

The RH-ISAC intelligence team is publishing a catalog of the most prominent and prolific threat groups targeting our community as a resource for analysts. The catalog will be available via the RH-ISAC MISP instance and will include useful data on threat groups, including: Known aliases Background information and a brief history Prominent open-source incidents attributed…

On February 20, 2023, researchers with Sekoia.io reported the technical details of a new infostealer malware advertised for sale as “Stealc” by developers on dark web criminal forums. Context According to the report, “The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars and Redline stealers.”…

The 2023 RH-ISAC Regional Workshop series kicks off in February and will include in-person professional development opportunities in locations across the U.S. and Europe. This series features interactive discussions and threat landscape briefings, including mitigation or response techniques. In addition, attendees will get intel on observed incidents and emerging threats relevant to the retail and…

On February 10, 2023, Phylum security researchers reported a resurgence in a previously seen campaign typosquatting legitimate Python PyPI packages with malicious packages to deliver a malware with cryptocurrency wallet clipboard replacing capabilities. Context  In November 2022, Phylum reported a similar campaign “in which threat actors attempted to replace cryptocurrency addresses in developer clipboards with…

On February 8, 2023, Proofpoint researchers reported multiple phishing campaigns targeting organizations in multiple industries in the U.S. and Germany. Context Proofpoint attributes the activity to the likely financially-motivated TA866, which they assess is a new threat group. The campaign is currently active and has been since at least October 2022. Technical Details The emails…

In an increasingly connected world, no one is immune to cyber security risks. You don’t have to be in the middle of an incident to know that cybercrime and data breaches are widespread across all industries — and capable of bringing even a major corporation to its knees. In fact, according to Flashpoint’s 2022 Year…

Context Prilex has been active since at least 2014 and evolved from an automated teller machine (ATM) malware into a POS malware in 2016, primarily targeting Brazilian and South American retailers. In 2022, the malware evolved further, conducting fraudulent “GHOST transactions” using EMV cryptograms generated by payment cards during the payment process. In previous cases,…

The term “cybersecurity” can oftentimes be ambiguous and difficult to define, no different than that of a single or multi-family office. But much like an Investment Policy Statement, identifying and defining risk down to the individual level is paramount in achieving both near-term and strategic objectives. In this blog post, we seek to shed light…