Publications & Advisories
October 2023 Redsense Monthly Threat Briefing
Below is a summary of our RedSense Monthly Threat Briefing for October 2023. This summary is just a small sample of the information RedSense customers receive every month in much greater detail as part of either RedSense Advantage or RedSense As-a-Service for Cyber Threat Intelligence.
ContinueArtificial Intelligence in Cybersecurity
The greatest irony of current technology is that threat actors around the world are using artificial intelligence to more convincingly impersonate humans. That’s right, ChatGPT – a machine! – is enabling malicious activity like email phishing attacks. One might wonder what commentary Alan Turing would offer on this development.
ContinueAdvanced Adversary SSO Abuse
Low and slow Multi-Factor Authentication (MFA) exploitation abounds, as adversarial campaigns target exposed Single Sign-On (SSO) endpoints (e.g., Centralized Authentication Services) throughout August and September
ContinueHolidays Routine
Naughty or nice, there’s a few things in cyber circuits that won’t change in this year’s Holiday Season. Threat actors are financially motivated, driven by human needs, and the holidays are expensive.
ContinueHealthcare Still Under Threat
Since early 2022, leading security industry experts have made broad estimations that ‘ransomware is on the decline’, but did they properly contextualize their data and findings? Given destabilization from the Russia-Ukraine conflict and tightening U.S. and EU law enforcement activities, ‘ransomware is on the decline’ proponents underestimate their adversaries’ motivations, resiliency, and abilities to support persistent criminal operations.
ContinueVOIP Ecosystems: A Deep Dive
The methods enclosed in this write up can be used for several different types of malicious activities from call center support scams to just generic vishing campaigns.
ContinueRansomware is Dead, Long Live Ransomware!
It seems to be a common misconception in business today that ransomware is dead or dying. The perception is that we haven’t seen a huge daily deluge of new major businesses making eight figure payments to prolific centralized operations in the way that they were over the last few years. Incidents like Medibank feel less common. This perception is inaccurate at best, and dangerous at worst.
ContinueSilent No More
Red Sense routinely collaborates with Industry and open source researchers. We are honored to republish an article by Dissent Doe (@PogoWasRight).
ContinueDaixin Hits Healthcare
Over the last several months, Red Sense has observed the growing threat of Daixin Team, who have successfully targeted multiple U.S. Healthcare victims.
ContinueInsights Into BlackBasta
Blackbasta is an active former-Conti staffed ransomware group that began organizing in late 2021 behind the dissolution of Conti’s centralized operations. Active operations were first observed in spring and summer of 2022, and there are several TTP similarities that carry forward from Conti to blackbasta operations.
ContinueInsights Into Lionkebab
During the final week of June 2022, Red Sense adversary space operations acquired a large victim list relating to criminal activities centered around a recent Confluence 0-Day, CVE-2021-26084.
Continue