Wednesday, September 26, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 24, 2018 

On 24 September 2018, Wapack Labs identified 44 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wednesday, September 19, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 19, 2018 

On 19 September 2018, Wapack Labs identified 37 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 17, 2018

Wapack Labs identified connections from 10,200 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Sunday, September 16, 2018

Motor Vessel (MV) Impersonation

Wapack Labs conducted a CTAC collection for malicious activity, analyzing all data containing Motor Vessel (MV) in the subject line of malicious emails. Email subject line Motor Vessel (MV) impersonation is a common TTP for attackers targeting the maritime industry. Wapack Labs is providing this monthly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. 

A few 'MV' examples:

  • MV AMIS WISDOM III //CIF, KEELUNG// Bunker & Ship Charter - Seen 16 times
  • RE: MV MODULUS 5 - CARGO: 2106.505 MTS STEEL SCRAP IN BULK - Seen 5 times
  • MV PAPAYIANNIS - Requisition - Seen 3 times
  • MV TS Honour - voy 180XXXX - Appointment of Agency for Load - Seen 3 times
  • MV TS Honour - voy 180XXXX - Appointment of Agency for Load Assistance and Agreement - Seen 3 times

Would you like to read the full Motor Vessel (MV) Impersonation article, get all the related specifics? A PDF will be available on the complimentary CHANNEL 001 Webinar, this upcoming Wednesday, September 19th. Topic: The Missing Link in the Supply Chain, Presented to you by Wapack Labs and Chris Hall, Co-Owner and Principal Engineer at Wapack Labs.


Contact Wapack Labs for more information:

1-844-492-7225, or info@wapacklabs.com

WWW.WAPACKLABS.COM

Friday, September 14, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 12, 2018

Wapack Labs identified connections from 76,077 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 12, 2018 

On 12 September 2018, Wapack Labs identified 81 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Thursday, September 13, 2018

CHANNEL 001:CYBER BRIEF: The Missing Link in the Supply Chain Webinar

Introducing a NEW Wapack Labs Monthly Cyber Brief Webinar Series - called 'Channel 001'. We will host a webinar every month on prevailing cyber topics. These webinars are open to everyone and are free to attend. First up, we have a Supply Chain webinar - 'The Missing Link in the Supply Chain'.

September 19th, 10:00 AM EDT REGISTER NOW


In recent years, the global supply chain has become the new "playground for hackers". With chain inherently having numerous links (from suppliers to manufacturers to distributors), the number of potentially exploitable relationships makes it an attractive target. This presentation includes the 'how' and the 'why' of supply chain attacks and describes several notable malware campaigns affecting supply chain in multiple industries.

Viewers will:
• Understand the basic nature of cyber supply chains
• Gain insight into cyber supply chain vulnerabilities
• Learn how to begin protecting our cyber supply chains 


Your presenter Chris Hall, Co-Owner and Principal Engineer at Wapack Labs, has been in the intelligence community for over 18 years in various capacities including SIGINT, network defense, reverse-engineering, and fusion. In 2012, Chris moved from the government to the private sector to help form the Red Sky alliance and then co-found Wapack Labs in 2013. As a partner at Wapack Labs, Chris's main responsibility is to oversee the production, sourcing, and collection of intelligence.

Please join us for this webinar and many more to come. September 19th, 10:00 AM EDT.

REGISTER NOW


Contact Wapack Labs for more information:
603-606-1246, or info@wapacklabs.com 


WWW.WAPACKLABS.COM 

Friday, September 7, 2018

Wapack Labs Keylogger Blacklist

TLP AMBER ANNOUNCEMENT:
Compromised Email Accounts
Reporting Period: September 5, 2018 

On 5 September 2018, Wapack Labs identified 167 unique email accounts compromised with keyloggers and used to log into mostly personal accounts and organizations. Attackers may be able to access not only email addresses but also financial, social media and other data.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com 

Action recommendation: Users should immediately place each of these email accounts in a block status in intrusion prevention systems. 

Thursday, September 6, 2018

DeepLocker – An AI Powered Malware

DeepLocker is a class of malware that use AI (Artificial Intelligence) to infect a victim’s system.  DeepLocker was developed and launched by an IBM research group.[1]  Their concept is artificial intelligence can automatically detect and combat malware to effectively stop cyber-attacks before they impact an organization.  This positive concept can now theoretically be used in reverse and weaponized by bad actors.  This to power a new generation of malware that can evade even the best cyber-security defenses and infect a computer network or launch an attack; even when with strong two-party authentication. Read More ...

To read the full article and find an archive of related reporting follow this link to READBOARD.

WWW.WAPACKLABS.COM

Wednesday, September 5, 2018

Wapack Labs Sinkhole Blacklist

TLP AMBER ANNOUNCEMENT:   
Reporting Period: September 4, 2018

Wapack Labs identified connections from 14,706 new unique IP addresses, which are checking in with one of the many Wapack Labs sinkhole domains.

Contact Wapack Labs for more information:
603-606-1246, or feedback@wapacklabs.com
 
Action recommendation: Users should immediately place each of these IP addresses in a monitor or block status in intrusion prevention systems. 

WWW.WAPACKLABS.COM
This TLP AMBER report is available only to Red Sky Alliance members.