The methods enclosed in this write up can be used for several different types of malicious activities from call center support scams to just generic vishing campaigns.
Holidays Routine
Naughty or nice, there’s a few things in cyber circuits that won’t change in this year’s Holiday Season. Threat actors are financially motivated, driven by human needs, and the holidays are expensive.
Ransomware is Dead, Long Live Ransomware!
It seems to be a common misconception in business today that ransomware is dead or dying. The perception is that we haven't seen a huge daily deluge of new major businesses making large ransomware payments.
Advanced Adversary SSO Abuse
Low and slow Multi-Factor Authentication (MFA) exploitation abounds, as adversarial campaigns target exposed Single Sign-On (SSO) endpoints (e.g., Centralized Authentication Services) throughout August and September
Daixin Hits Healthcare
Over the last several months, Red Sense has observed the growing threat of Daixin Team, who have successfully targeted multiple U.S. Healthcare victims.
Blackbasta
Blackbasta is an active former-Conti staffed ransomware group that began organizing in late 2021 behind the dissolution of Conti’s centralized operations.
Lionkebab
During the final week of June 2022, Red Sense adversary space operations acquired a large victim list relating to criminal activities centered around a recent Confluence 0-Day, CVE-2021-26084.
Silent No More
Red Sense routinely collaborates with Industry and open source researchers. We are honored to republish the below article by Dissent Doe.
Dr. Anya Plays 419 Long Game
The Nigerian, 419, Advance-Fee scam is one of the most common forms of cyber confidence tricks observed by Red Sense. The scam typically involves promising would-be victims a large pay day in return for a small initial payment.
Healthcare - Still Ransomed
Since early 2022, leading security industry experts have made broad estimations that ‘ransomware is on the decline’, but did they properly contextualize their data and findings?