All Articles (423)

Sort by

8467395687?profile=RESIZE_400xAttacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to

8467393284?profile=RESIZE_400xFinancial services firms in the UK were hit hard in 2020, with 70% experiencing a successful cyber-attack and most of these blaming COVID-related conditions for the incident, according to Keeper Security.  The password security firm commissioned the Ponemon Institute to poll over 370 UK IT security leaders in the sector, as part of a larger global study.  It revealed that the rapid shift to remote working forced on businesses during the pandemic provided threat actors with an opportunity to targ

8467359093?profile=RESIZE_400xThe president of Microsoft, Brad Smith, provided a warning of increasing cyber-threats to society as technology plays a more powerful role in our lives.  This warning delivered during his recent talk at the Consumer Electronics Show (CES) 2021.  Smith delineated the potential enormous benefits and advancements that technologies offer, including in areas like; sustainability, the cyber-threats being faced are correspondingly becoming increasingly concerning. “As computers create all this promise,

8466315484?profile=RESIZE_400xActivity Summary - Week Ending 22 January 2021:

  • Keylogged: - Mombasa Kenya
  • Red Sky Alliance observed 29 unique email accounts compromised with Keyloggers
  • Analysts identified 19,902 connections from new unique IP Addresses
  • 1,957 new IP addresses participating in various Botnets
  • Ursnif (Gozi) banking Trojan
  • ElectroRat Crypto-Stealing
  • JetBrains
  • Social Media Alternative Parler is under Siege
  • The Word of the Moment – Purge
  • Censorship-Resistant Blockchain Social Media
  • S

8439801081?profile=RESIZE_400xRed Sky Alliance has long reported on the underground carding site – Joker’s Stash (JS).  Well several research firms have identified that JS is ‘goiong out of business.’  Joker’s Stash is reportedly (or was…) the largest underground forum/shop for selling stolen credit card and identity data.  JS is reporting they are closing its shop by the middle of February 2021.  This news was shared after a crazy 2020 for the major cybercrime store, and several weeks after US and European law enforcement a

8429845491?profile=RESIZE_400xA cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it.  The malware is tracked as OSAMiner and has been in the wild since at least 2015.  Analyzing it has been difficult because payloads are exported as run-only AppleScript files, which makes decompiling them into source code difficult.

OSAMiner is a typical Trojan which mainly cause system vulnerability on PCs to help hackers’ remote attack. Use

8427732881?profile=RESIZE_400xHackers recently posted confidential documents regarding Covid-19 medicines and vaccines on the internet after a data breach late last year at the European Medicines Agency (EMA).   Timelines related to evaluating and approving Covid medicines and vaccines haven’t been affected, the EMA said in a statement on Tuesday. The agency said it remains fully functional and that law enforcement authorities are taking action on the breach. 

It is suspected by cyber threat investigators that these hacks ma

8426125299?profile=RESIZE_400xActivity Summary - Week Ending 15 January 2021:

  • 46 unique email accounts were seen compromised with Keyloggers
  • Red Sky Alliance identified 43,555 connections from new unique IP addresses
  • Analysts identified 2,201 new IP addresses participating in various Botnets
  • German - Strang 1&1 Ionos SE in the Top 10 C2 compromised Servers
  • Solar Winds Updates
  • Dassault Falcon Jet – Hit / Ransomware
  • “Up in Smoke” - Aurora Cannabis
  • More Activism going On

Link to full report: IR-21-015-001_Manufacturing_015_FI

8423424691?profile=RESIZE_400xIn their attempt to extort as much money as quickly as possible out of victims, ransomware gangs know some effective techniques to get the full attention of a firm’s management team.  One of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom. 

Although the technique of prioritizing the theft of data from managers’ PCs

8403132900?profile=RESIZE_400xFor years, Red Sky Alliance has been monitoring the Chinese Communist Party (CCP) in both cyber activity and geopolitical matters.  The CCP has been and continues to be aggressive in their Belt and Road, long term, initiatives, or the China Maritime Silk Road.[1]  The CCP yearly train approximately 20,000 cyber ‘professionals’ in hacking type activities.  This permeates into the business and citizen cultures of the Chinese population.  China controls all business ventures inside its borders and

8403075076?profile=RESIZE_400xActivity Summary - Week Ending 8 January 2021:

  • Red Sky Alliance observed 123 unique email accounts compromised with Keyloggers
  • ??
  • Analysts identified 46,954 connections from new unique IP addresses
  • Red Sky Alliance identified 2,131 new IP addresses participating in various Botnets
  • WhatsApp – New Policies
  • Egregor Ransomware
  • T-Mobile hit AGAIN
  • The Green New Deal now on Steroids
  • 6th of January a Sad Day in the US
  • Protests and new technology surveillance

Link to full report: IR

8399725677?profile=RESIZE_400xLast October 2020, researchers at US security company AdvIntel discovered that one of the Internet’s most troublesome malware platforms, Trickbot, had started testing something rather threatening: probing UEFI firmware chips inside targeted PCs to see whether they were vulnerable to known firmware vulnerabilities.  This was only reconnaissance, Trickbot was not infecting the SPI flash chip on which UEFI firmware resides, but the discovery is significant.

UEFI (Unified Extensible Firmware Interfa

8390510860?profile=RESIZE_400xOur Red Sky Alliance research predictions for 2021 are not necessarily in any order of importance yet presented as what we believe are the most important.

Ransomware…Ransomware… Ransomware

2020 saw a dramatic rise in ransomware activity.  While it is difficult to predict specifically what ransomware authors will do next, it can be expected that they will continue to do what has worked well for them in the past if it continues as profitable.  Ransomware ‘payment’ amounts saw a 217% rise in 2020 f

8389433675?profile=RESIZE_400xT-Mobile after completing its recent merger with Sprint, ended 2020 by announcing its second data breach of the year.   T-Mobile US, Inc., doing business as T-Mobile, is an American wireless network operator. Its largest shareholder is the German telecommunications company Deutsche Telekom with a 43% share, with Japanese conglomerate holding company SoftBank Group partially owning the company as well at a 24% share. Its headquarters are located in Bellevue, Washington, in the Seattle metropolita

8370100074?profile=RESIZE_400xThe Covid pandemic add numerous concerns with the shipment of cargo in many countries.  Part of these “concerns” are the drastic increase of ransomware into the IT and OT (operating technology) systems of the transportation sector.  Transportation Topics published a recent article regarding the growing transportation targeted ransomware threat.[1]  The authors report that ransomware attacks have jumped 715% year-over-year.   

United States Tennessee state-based trucking and logistics company For

8369172900?profile=RESIZE_400xActivity Summary - Week Ending 31 December 2020:

  • Red Sky Alliance identified 22,558 connections from new unique IP addresses
  • Analysts identified 2,589 new IP addresses participating in various Botnets
  • 52 unique email accounts were observed compromised with Keyloggers
  • NZBGeek hit
  • Year of the Covid - Hacking
  • Auchtung - Funke Mediengruppe und Doppelpaymer
  • Social Media and Hacking
  • Victor Gevers, “yourefired”
  • Twitch has a sever Itch, or Worse
  • Cuban Artists and Social Media Protests
  • Activists using s

8354614496?profile=RESIZE_400xRegarding cybersecurity, misconfigurations can create exploitable issues that can cause vulnerabilities later.  The following are some common-sense security misconfigurations that can easily be avoided.[1]

Development permissions that do not get changed when something goes live.  For example, AWS S3 buckets are often assigned permissive access while development is going on.  The issues arise when security reviews are not carefully performed prior to pushing the code live, no matter if that push

8326554494?profile=RESIZE_400xCybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research.   Affiliates are typically threat actors responsible for gaining an initial foothold in a target network.  In a recent analysis published by Sophos.  The report states that the new deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads for fu

8326228084?profile=RESIZE_400xWith the new incoming US government and other international countries looking seriously at renewable energy sources; so are hackers, who are no fools and are researching ways to compromise the future of energy.  The ‘rush’ to renewable energy technology may open multiple cybersecurity threats and vulnerabilities if caution is not placed on cyber security and these energy source developments. 

Quick developing solar and wind technologies present new risks to power grid security, especially as sma

8324519665?profile=RESIZE_400xActivity Summary - Week Ending 23 December 2020:

  • Red Sky Alliance identified 38,232 connections from new unique IP addresses
  • Analysts observed 32 unique email accounts compromised with Keyloggers
  • 1,979 new IP addresses we seen participating in various Botnets
  • JavaScript RAT
  • Hacker Tactics
  • BitGrail
  • com
  • MetaMax
  • E-commerce up 600%
  • Protesters using Bitcoin more and more
  • City of Detroit suing #BLM

Link to full report: IR-20-358-001_eCommerces_358FINAL.pdf