Net Neutrality, Facebook and WhatsApp

On 1 October 2016, the U.S., under the Net Neutrality doctrine, will relinquish FCC control of the international Internet (abolish ICANN).  This has concerned many cyber experts regarding the governance of the Internet.  This legal issue in Hamburg, Germany could be a precursor to interpretation of privacy laws, international law and future litigation against cyber companies.  Wapack Labs will continue to monitor this serious matter.

Publication date:                               30 September 2016

Handling requirements:                   Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:               Legal Court Order / EU Privacy Law

Actor Type:                                         N/A

Potential Targets:                               Worldwide Internet

Red Sky Alliance Reporting:             RSAC: DOC-4129

About Wapack Labs

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Credit Card Fraud & EMV Security Chip

Mobile banking fraud in Europe has increased by a factor of 20; a trend that could follow in the U.S.  Credit card fraud has hit critical mass in the U.S., causing a push in technology in new mobile apps, which could create a virtual playground for criminals.  A recent surge in the volume of U.S. credit card fraud has forced industries to adopt the European EuroPay, MasterCard and Visa (EMV) card system.  The resistance to the EMV conversion will result in higher merchant costs and ATM manufacturer resistance, which has prompted a growth in mobile banking apps.

Publication date:                        26 September 2016

Handling requirements:              Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:          Unknown at this time

Actor Type:                                 Adversary capabilities have been assessed as Tier III*

Potential Targets:                        USA

Past Reporting:                            Red Sky Alliance: DOC-3952, DOC-4265

*Practitioners who focus on the discovery and use of unknown malicious code, are adept at installing user and kernel mode root kits10, frequently use data mining tools, target corporate executives and key users (government and industry) for the purpose of stealing personal and corporate data with the expressed purpose of selling the information to other criminal elements. 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

New Macro Variant

On 06 September 2016, Wapack Labs received incident details involving a macro malware variant, that is researcher aware, and is leveraging a new method of string obfuscation.  Macro based malware, one of the most prevalent malware delivery mechanisms, uses embedded macros in Microsoft Office documents to download and install malware on a victim’s machine.  Over 3,600 additional samples of this variant, using the same obfuscation method, were found on Virus Total.  Artifacts from these files suggest widespread targeting in various industries.

This report includes details on the new macro variant delivery mechanism and infrastructure leveraged in these attacks.

Publication date:                   26 September 2016

Handling requirements:         Traffic light protocol (TLP) AMBER

Actor Type:                            Adversary capabilities have been assessed as Tier 1*

Past Reporting:                       Red Sky Alliance: DOC-3977

Indicators:                https://www.threatrecon.co/search?keyword=New_Macro_Variant,                                  redsky.soltra.com

*Practitioners who rely on others to develop the malicious code, delivery mechanisms, and execution strategy (use known exploits). 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

SIM Card Fraud in The Gambia

The Gambia - West Africa, has been subject to recent cyber-criminal activity, often through telecommunication cyber fraud, to which, every year a foreign national is publicly arrested and convicted for criminal fraud.  This has raised regional suspicion and it is believed has placed other countries in West Africa at risk of future cyber related crimes. The Gambia’s largest wireless carriers are facing the regular threat of the pirating of their networks and customer’s accounts using their own SIM cards in circulation with their subscribers.  This information is being supplied for your situational awareness. 

Publication date:                    26 September 2016

Handling requirements:          Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:      Foreign nationals/alleged collaborators in The Gambia

Actor Type:                             Adversary capabilities have been assessed as Tier II* 

Potential Targets:                    The Gambia and West Africa

Past Reporting:                        Red Sky Alliance: DOC-4296

*Practitioners with a greater depth of experience, with the ability to develop their own tools (from publicly known vulnerabilities). 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

After Action Report: RNC 2016 SM Research Project

Wapack Labs teamed up with the Cleveland (OH) Police Department (CPD) to provide direct and actionable public safety intelligence to the CPD Intelligence Unit.  This project was to supplement the intelligence collections efforts in support of the 2016 Republican National Convention (RNC), held in July of 2016.  The RNC project, was initiated in May 2016 to provide daily social media (SM) collection, research and tactical analysis within surface and underground social media venues.  CPD requested specific support with a covert undercover operations using social media intelligence activities.

This After-Action Report is intended to serve as a capstone to the RNC SM Research Project, highlighting both the areas of success, and those which Wapack analysts recommend for improvement.

Publication date:                             23 September 2016

Handling requirements:                   Traffic light protocol (TLP) AMBER.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Fancy Bear Disrupts the United Kingdom

On the heels of leaking personal and confidential data from the U.S. Democratic National Committee (DNC), the World Anti-Doping Agency (WADA) database, and countless other cyber-attacks, the Russian hacking group ‘Fancy Bear’ has turned its focus on the disruption of the BBC’s UK election coverage, as well as various British government websites.  In these attempted attacks, cyber experts at Britain’s GCHQ were able to thwart the cyber-attack before it began.  This information is being provided for your situational awareness.

Publication date:                          25 September 2016

Handling requirements:               Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:           Fancy Bears’ Hack Team

Actor Type:                                  Adversary capabilities have been assessed as Tier V*

Potential Targets:                         USA / International

Past Reporting:                             Red Sky Alliance: DOC-2590, DOC-4007, DOC-4311

*State actors who create vulnerabilities through an active program to “influence” commercial products and services during design, development or manufacturing, or with the ability to impact products while in the supply chain to enable exploitation of networks and systems of interest. 

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Google Allo and Privacy

Google recently presented their new chat app service called Allo.  Privacy concerns were immediately an issue since Allo does not provide end-to-end encryption.  The issue at hand, is that Google originally presented that their chat app would have full security features, yet this past week launched Allo without strong encryption features.  Some are claiming this chat app is actually a honeypot for government surveillance purposes.  The real reason is still open to debate.  Privacy issues are a constant concern for users, providers, cyber security and associated statutes.  Wapack Labs will continue to monitor this issue.  This information is being supplied for your situational awareness. 

Publication date:                         25 September 2016

Handling requirements:               Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:           Unknown  

Actor Type:                                  Adversary capabilities have been assessed as Tier I*

Potential Targets:                         USA

Past Reporting:                             Red Sky Alliance: DOC-1800, message/3507#3507

*Practitioners who rely on others to develop the malicious code, delivery mechanisms, and execution strategy (use known exploits).

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.

Wooyun Chinese Vulnerability Reporting Platform Shut Down

 

Wooyun, the website for China’s largest vulnerability hunting and reporting community, was shut down in July 2016, and its founder Fang Xiaodun and other website personnel were reportedly arrested.  The immediate cause seems to be a complaint from a corporate target whose data was “stolen” by a vulnerability hunter who reported the vulnerability through Wooyun. Other Chinese reporting indicates that Chinese corporations had become frustrated with white-hat hackers for exposing their system vulnerabilities, and the Wooyun community became a focus of this frustration. The arrests indicate a shift in government attitude, perhaps because of corporate pressure, and vulnerability hunting may be entering a period of pushback from both government and the Chinese business community.

Publication date:                         23 Sep 2016

Handling requirements:               Traffic light protocol (TLP) AMBER.

Attribution/Threat Actors:           Chinese State Actor

Actor Type:                                  Adversary capabilities have been assessed as Tier IV.*

Previous Reporting:                      None

Industries Targeted:                     Chinese Information Security

*Criminal or state actors who are organized, highly technical, proficient, well-funded professionals working in teams to discover new vulnerabilities and develop exploits.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.