New Advanced Phishing Kits Target Digital Platforms

The difference between an obvious phish and a successful one is often the technical skill and attention to detail of the phish’s author. Gone are the days of poorly designed phishing kits and obvious deception; instead, a number of phishing kit authors are using increasingly sophisticated tactics to evade detection and trick targets into disclosing […]

Exploring a Lokibot and Azorult Actor’s Infrastructure

Investigating attacker infrastructure is the bread and butter of HYAS Comox. One of the routine tasks we need to do as investigators and analysts is to find malware samples and infrastructure related to a given incident or report. Comox makes this task quick and painless, especially when combined with our Maltego transforms. In this post, […]

Recent Ursnif Campaign Infrastructure and the Additional Items to Keep an Eye On

In recent months, there are has been a resurgence of Ursnif (aka Gozi ISFB) related campaigns. Since 2014, when the source code for the one of the more popular banking trojans was leaked, adversaries have been busy at work adding new features and capabilities to the malware. Some of these features and functions were highlighted […]

Adversaries Employing new TTPs to Launch Credential Stuffing Attacks

Over the past few months, HYAS has observed a noticeable increase in the number of credential stuffing attacks targeting multiple verticals including the enterprise market. “A credential stuffing attack involves attempting to use credentials that were publicly exposed during previous breaches in an automated fashion against new targets.” Multiple customers and partners reached out to […]

Phishing Attacks Continue to Challenge Healthcare Industry

Over the past few months, HYAS has observed a significant increase in the number of domains associated with crime-as-a-service vendors focused on phishing, spamming, and malware distribution. The threat of phish-facilitated malware looms large over the healthcare sector. Research shows that phishing techniques are frequently used as initial delivery vectors for malware attacks, whether ransomware […]

Is FIN7 Returning to Their Roots?

It’s been months since the arrest of key figures of the Carbanak group yet the actor group continues to be a formidable adversary for the world’s top banks and other financial institutions, launching consistent campaigns against a host of targets. They continue to ramp up operational tempo and evolve the nature of their attacks. Carbanak […]