Anvilogic Forge Threat Research Reports

Banking outage in Canada

On February 16, 2022, a significant outage affected online and mobile banking services for major Canadian banks, including Royal Bank of Canada (RBC), Bank of Montreal (BMO), Scotiabank, TD Bank, and Canadian Imperial Bank of Commerce (CIBC). The issues peaked between 17:00 - 18:00 EST, with customers experiencing service disruptions and transaction rejections. Despite efforts to restore services, customers reported ongoing issues throughout the day.

Analysis of Ukraine's DDoS Attack

CadoSecurity's analysis of the February 2022 DDoS attack on Ukraine reveals the involvement of the Katana botnet, impacting banks, government, and military sites. The attack, attributed to Russia, caused moderate disruptions.

CISA Advisory - BlackByte Ransomware

Ukraine & Russia Cyber Update

The CISA advisory on the Ukraine-Russia crisis highlights Russian threat actors targeting vulnerabilities in Oracle Weblogic, Exchange, Cisco, VMware, and Citrix. The attacks focus on critical infrastructure, particularly OT/ICS networks. MITRE ATT&CK framework-based TTPs are detailed. Joint CISA-FBI advisory reveals U.S. Cleared Defense Contractors are targets for sensitive information theft since January 2020.

Trickbot Fading and Conti Rises

AdvIntel reports Trickbot's decline, with Conti absorbing its key developers and investing in new tools like BazarBackdoor. Conti has grown rapidly, aiming to monopolize the cyber threat market. Despite Trickbot's detectability, its threat remains, raising concerns about Conti's expanding capabilities and future operations.

Trending regsvr32 & Squiblydoo Technique

Uptycs reports a rise in the use of regsvr32 combined with the Squiblydoo technique, allowing attackers to load COM scriptlets from the internet, bypassing security measures. Over 500 samples were found, mainly using Microsoft Excel, RTF, and Word documents to register OCX files and execute malicious code.