Tag Archive for: Collaborate

Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor

/in


This blog was made possible through contributions from Christopher Caridi. 

IBM Security X-Force recently discovered a new malware family we have called “Domino,” which we assess was created by developers associated with the cybercriminal group that X-Force tracks as ITG14, also known as FIN7. Former members of the Trickbot/Conti syndicate which X-Force tracks as ITG23 have been using Domino since at least late February 2023 to deliver either the Project Nemesis information stealer or more capable backdoors such as Cobalt Strike.

Background

This discovery highlights the intricate nature of cooperation among cybercriminal groups and their members:

  • Since late February 2023, Domino Backdoor campaigns have been observed using the Dave Loader, which we have linked to the Trickbot/Conti syndicate and its former members.
  • Domino’s code shows overlap with the Lizar (aka Tirion, Diceloader) malware family, leading us to suspect that it was created by current or former ITG14 developers.
  • One of Domino’s final payloads is the Project Nemesis infostealer. Project Nemesis was first advertised on the dark web in December 2021, though has been rarely used since then.

Analysis

Ex-Conti Members Deploy Domino in Recent Campaigns

Former members of ITG23 (aka the Trickbot/Conti syndicate) are likely behind recent campaigns using the Dave Loader to load Domino Backdoor and probably collaborated with current or former ITG14 developers to purchase or use the new malware family. X-Force previously assessed that Dave is one of several loaders or crypters developed by members of the Trickbot/Conti group. Although the group has fractured, many of its loaders/crypters — including Dave — have been maintained and continue to be used by factions composed of former Trickbot/Conti members, including Quantum, Royal, BlackBasta, and Zeon.

  • The Dave Loader has been used recently with several Cobalt Strike samples with the watermark “206546002,” which X-Force and other security researchers — here and here — have associated with groups composed of former members of the Trickbot/Conti syndicate, including Quantum and Royal. X-Force observed Dave-loaded Cobalt Strike samples using this watermark in…

Source…

Industry Leaders Collaborate on New Cybersecurity Offering

/in


Center for Internet Security and Akamai partnership offers enhanced web security for state, local, tribal and territorial governments, K-12 schools, and hospitals

EAST GREENBUSH, N.Y., March 20, 2023 /PRNewswire/ — Cyberattacks often begin with an unsuspecting user clicking on a link that redirects them to a harmful site containing malware. Even the best employee training won’t prevent every mistake. The best way to stop those mistakes from becoming costly cyber incidents is to block those sites automatically.

Akamai
Akamai

Since 2020, The Center for Internet Security, Inc. (CIS®) and Akamai have teamed up to offer Malicious Domain Blocking and Reporting (MDBR), a program that has blocked more than 10.7 billion requests to known or suspected harmful sites for state and local governments. Now, additional features are being offered through MDBR+ to customize the user experience in blocking malware, ransomware, and phishing attacks.

“We are pleased to expand our partnership with Akamai to deliver the MDBR+ service to enhance the web security of state and local government organizations,” said Gina Chapman, Executive Vice President, Sales and Business Services at CIS. “MDBR+ harnesses Akamai’s extensive visibility into the global threat landscape, combined with CIS’s robust SLTT-specific threat database, and offers security teams real-time visibility and custom configuration options to increase their cybersecurity defenses.”

The additional features include:

  • Full access to a cloud-based management portal– enables management and custom configuration from any location at any time
  • Real-time reports on blocked activity– see where blocked activity is occurring across your IT environment
  • Protection for off-network devices– protect laptops and mobile devices wherever they are connected to the internet

“MDBR has been hugely successful at proactively blocking threats that could have significantly impacted the ability of SLTT organizations to deliver public services,” said Patrick Sullivan, VP, CTO of Security Strategy for Akamai. “MDBR+ will allow SLLT security teams to customize their environments and policies to enable employees to work where they need to while quickly enhancing…

Source…

AWS and the BMW Group Collaborate to Deliver BMW’s New Cloud-Based Vehicle Data Platform; Joint software will accelerate the introduction of new data-driven features, services, and enhancements for drivers, and help automakers advance connected-car and software-defined vehicle capabilities

/in


SEATTLE-Amazon Web Services, Inc. (AWS), an Amazon.com, Inc. company (NASDAQ: AMZN), and the BMW Group today announced a strategic collaboration to develop customizable cloud software that will simplify the distribution and management of data from millions of connected vehicles.

The BMW Group will be the first automaker to use the software, which will serve as the basis for its next-generation, cloud-based vehicle data platform. Moving forward, the new software will be available to other automakers, enabling them to easily integrate vehicle data sources, accelerate vehicle and fleet application feature development, and improve life cycle management, while delivering advanced vehicle features and more personalized driver experiences at lower costs.

‘We have 20 million connected vehicles on the road today. With the launch of the ‘Neue Klasse,’ BMW’s next generation of vehicles, our offboard cloud platform, powered by AWS, will process roughly triple the volume of vehicle data compared to the current generation of BMW models,’ said Nicolai Kramer, vice president of Vehicle Connectivity Platforms at the BMW Group. ‘Together with AWS, we will continue to create innovative solutions that enable us to develop and deliver new data-driven functions to customers worldwide, even faster.’

The BMW Group and AWS co-developed solution collects BMW vehicle signals and fleet intelligence data, then securely processes and routes the data in the cloud. Using AWS’s cloud infrastructure and its industry-leading security, the BMW Group ensures that its customer data is protected and processed in accordance with data privacy requirements and customer preferences. Only the BMW Group’s internal domain experts-vehicle application developers, fleet managers, data scientists, and artificial intelligence, business intelligence, and development engineers-gain access to the data via a self-service mechanism that gathers streaming vehicle data, easily adds new data sources, configures access in accordance with governance policies, and monitors the quality and health of streaming sources. The data is then combined with AWS capabilities, including analytics, machine learning, database, storage, and compute,…

Source…

T-Mobile to Collaborate with Paladin Cloud on Cloud Security

/in


Paladin Cloud, a leader in open source cloud security, announced today that T-Mobile Ventures has participated in its $3.3M seed financing round. 

T-Mobile will collaborate with Paladin Cloud to equip developers with a powerful platform to detect, visualize and remediate key risks in their cloud environments.With Paladin Cloud, developers can continuously monitor their cloud services in real-time, leveraging best practice security policies in an open, connector-based architecture. 


The open source platform identifies and eliminates misconfigurations and reduces security risks, while automating workflow and remediation activities. The company’s extensible policy management plane covers AWS, Microsoft Azure, and Google Cloud with the ability to connect into cloud-based enterprise systems. Leveraging T-Mobile’s PacBot framework, Paladin Cloud is building a new open source community dedicated to holistically improving cloud security.  

Daniel Deeney, Co-Founder and CEO, Paladin cloud
We launched the company to change the security paradigm for developers and security teams by providing a holistic approach to cloud security through a modern open source platform that functions as a policy management plane across multi-cloud and enterprise systems. 

Rob Roy, SVP of Emerging Products at T-Mobile
T-Mobile is thrilled to be the first wireless provider to invest in Paladin Cloud. We share a vision to enable developers to build and deploy modern applications quickly and securely. This investment is another step forward in unlocking innovation on our industry-leading 5G network.

Source…