Today's Security News
Detroit Gasoline Theft: We have observed some reports of gasoline theft in Detroit that appears to be a physical hack of the gas pump controls. We fully expect this to continue to be an issue as thieves become more skilled at methods of physical attack. There are still a lot more questions than answers on this incident. Article Link: https://www.schneier.com/blog/archives/2018/07/gas_pump_hack.html
Dark Web Activity Update: Started seeing large amounts of inexpensive accounts being sold on the dark web. (Blog Post).
Today's Security Events
Masscan Activity: We are getting reports of an uptick in Masscan activity. Typically this indicates that threat actors are looking for security vulnerabilities in public facing systems. Event: 28897
Spam Emails: We are seeing spam from several domains to include stormyachiever[.]com and malicious ads from t1.tentaculos[.]net. Event: 28897
Uptick in Portscanning: We are seeing a large amount of traffic from 185.222.211[.]98 which was also observed by Artillery Threat Feed and Alienvault. Event: 28897
Some of the most active campaigns includes RIG EK, APT28 and various other annoying attackers.
IOCS:
185.222.211[.]98 193.238.130[.]169 23.23.120[.]28 35.190.39[.]246 stormyachiever[.]com t1.tentaculos[.]net