covid-19 - X-Industry - Red Sky Alliance2024-03-29T15:36:21Zhttps://redskyalliance.org/xindustry/feed/tag/covid-19Who Wants to Work in a Cubicle Again?https://redskyalliance.org/xindustry/who-wants-to-work-in-a-cubicle-again2021-12-22T17:43:36.000Z2021-12-22T17:43:36.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}9936824857,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}9936824857,RESIZE_400x{{/staticFileLink}}" width="250" alt="9936824857?profile=RESIZE_400x" /></a>Since the beginning of COVID-19, now well over a year, some company managers thought that people would come flocking back to the office once generous unemployment benefits ended. Instead, after Republican states cut the $300-a-week Federal benefit and other benefits expired, there has been no rush to return to the workforce. There are many reasons for this. People do not want to catch COVID-19 and new variants; people are sick of their bad jobs; early retirement; and the one I care about today - bosses still think they can force skilled workers to return to offices. Employees are continuing to resign, find new lines of work, and are saying ‘not thanks’ for too long commutes and then spend their day in a cubicle workspace.</p>
<p>People with talent and high-value skills, like most technology workers, are not returning to traditional offices. A <u>Hackajob</u> survey of 2,000 UK tech workers and employers found not quite three-quarters (72%) of tech workers said having the ability to do remote work was very important to them. And over one in five were looking for new jobs with remote work. A more recent Microsoft survey found UK techies felt even stronger about the issue. In this MS survey, it found over half of the employees would consider quitting if you tried to force them back into the office.</p>
<p>It is not just in the UK. A <u>Future Forum Pulse</u> survey found IT workers in the US, UK, Australia, France, Germany, and Japan all had one thing in common: Most want to work at least part of the time remotely. More than 75% want flexibility in where they work, while 93% want flexibility in when they work. The top reason: "Better work-life balance."</p>
<p>Many executives and owners have not gotten the message yet. An estimated 44% said they wanted to work from the office daily; their employees, only 17%. Three-quarters of bosses said they at least wanted to work from the office 3-5 days a week, versus 34% of employees. This means that for the first time, maybe ever, workers not employers, are in control.</p>
<p>One of the easiest things you can give your tech workers is the ability to work from home. Any doubts you may have about people not doing a good job unless you are looking over their shoulders should have vanished by now. The CEO of Facebook, recently said, "I've found that working remotely has given me more space for long-term thinking and helped me spend more time with my family, which has made me happier and more productive at work."</p>
<p>It is not just in the tech world. The director of the Stanford Digital Economy Lab and MIT postdoctoral scholar found in their analysis of the 5.4% increase in US labor productivity in the first quarter of 2021, according to the Bureau of Labor Statistics (BLS), that some of this came from compressing "a decade's worth of digital innovation in areas like remote work into less than a year." Looking ahead, they see the biggest productivity impact coming from the continuation of the work-from-home trend. Workers agree.</p>
<p>The monthly academic <u>WFH</u> research.com survey has found almost six out of ten workers reported being more productive working from home. On average, respondents' productivity at home was 7% higher than they expected. In short, working from home is here to stay, period. They calculate that these working arrangements will increase overall worker productivity in the US by 5% as compared with the pre-pandemic economy.</p>
<p>This does not mean that managers must give up the traditional office entirely. In the <u>Dice State of Remote Work</u> report, there is a remote work spectrum. Some workers never want to walk into the office again, but others like a flexible work schedule where they can work outside of the office a set number of days per week or month. By using Dice's figures, only one in five workers are bound and determined to never come into the office again. 75% would be fine with flex work. But, only 3% want to go back to the traditional 9 to 5, every weekday at the office. A reported 7% of respondents said they would even take a 5% salary cut to work only remotely.</p>
<p>Why do they feel so strongly? It works better for them and for a company. A reported 53% of technologists listed greater productivity as one of the main benefits of working from home. Another 59% said that feeling more relaxed while working was a major benefit. As for their personal benefits, 80% agree that money saved on commuting is the main perk, especially with current gas prices. Like Facebook said, 47% find it gives them a better work/life balance. It's not that they are sitting back and watching HBO instead of working as many bosses feared, it is having the extra minutes to get the kids lunch ready, to take the dog out for a walk, or see the doctor while still being able to get their work done. The work-from-home trend, Dice believes, is only going to grow stronger.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization and offers proactive solutions to protect your networks. Cyber intelligence is a needed key for your overall cyber security. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings<br /><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a> </p></div>INTELLIGENCE REPORT: ALL SECTORShttps://redskyalliance.org/xindustry/intelligence-report-all-sectors2021-05-14T12:35:54.000Z2021-05-14T12:35:54.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><h2><a href="{{#staticFileLink}}8929187069,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8929187069,RESIZE_400x{{/staticFileLink}}" width="250" alt="8929187069?profile=RESIZE_400x" /></a>Activity Summary - Week Ending 14 May 2021:</h2>
<ul>
<li>Red Sky Alliance observed 78 unique email accounts compromised with Keyloggers</li>
<li>Analysts identified 23,596 connections from new unique IP Addresses</li>
<li>1,802 new IP addresses are participating in various Botnets</li>
<li>COVID-19 Lures Continue</li>
<li>RotaJakiro</li>
<li>Lemon Duck</li>
<li>Colonial Pipeline and DarkSide</li>
<li>US – Oil Supply Chain Repercussions</li>
<li>Belnet hit in Belgium</li>
<li>Rubin Design Bureau, Russian DIB</li>
<li>BoA upping Cyber Security Budgets</li>
<li>The “new” Normal, is it?</li>
</ul>
<p>Link to full report: <a href="{{#staticFileLink}}8929184852,original{{/staticFileLink}}">IR-21-134-001_weekly_134_FINAL.pdf</a></p></div>Verizon Mobile Security Index -MSI- 2021https://redskyalliance.org/xindustry/verizon-mobile-security-index-msi-20212021-04-14T17:33:05.000Z2021-04-14T17:33:05.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}8793749096,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8793749096,RESIZE_400x{{/staticFileLink}}" width="250" alt="8793749096?profile=RESIZE_400x" /></a>The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place. The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely. Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working practices during lockdown adversely affected their company’s cybersecurity.</p>
<p>Interestingly, even though 40% of businesses surveyed recognized that mobile devices are their company’s biggest IT security threat, 45% of them knowingly sacrificed the security of mobile devices to “get the job done” (e.g., meet a deadline or productivity targets) and nearly a quarter (24 percent) sacrificed the security of mobile devices to facilitate their response to restrictions put in place due to the pandemic.</p>
<p>“The pandemic caused a global shift in the way organizations to operate, many of which ramped up their digital transformation agendas and working models to meet the fast-changing needs of both employees and customers,” said the Chief Revenue Officer, Verizon Business. “While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike. With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations, means there is a greater need to hone in on mobile security to protect themselves and those they serve.”</p>
<p>The effect of the pandemic on the workforce is going to have a lasting impact. According to the report, a large majority (70 percent) of those that had seen remote working grow following the introduction of pandemic restrictions expected it to fall again afterward. However, 78 percent said that it would still remain higher than before lockdown. Overall, our respondents said that they expected the number of remote workers to settle at around half (49 percent).</p>
<p>Small and Medium-Sized Businesses (SMB) are also under threat !!! Over half of those surveyed (52 percent) said that small and medium-sized businesses are more of a target than larger enterprises but even though this is the case, 59% of SMBs sacrificed security with 22% suffering a mobile compromise. Seventy-eight (78) percent stated that they should take mobile-device security more seriously.</p>
<p>Security should always be front and center; ALWAYS. Of those surveyed, 72% of organizations are worried about device abuse or misuse. Part of the problem is that many companies struggle to develop an effective Acceptable Use Policy (AUP), 57% did not have one at all.</p>
<p>The MSI report details people and behaviors, apps, devices and things and networks, and the cloud as the four sectors of the mobile threat landscape. Additionally, it provides expert insights into how to help safeguard against pending cybercrime attacks, such as establishing a “zero-trust network access (ZTNA)” model and a secure access service edge (SASE) architecture, which is designed for a mobile-first and cloud-first world.</p>
<p>About the Verizon Mobile Security Index 2021 - The Verizon Mobile Security Index 2021 findings are based on an independent survey of 856 businesses across Australia, the US, and the UK. Verizon surveyed professionals that are responsible for the buying, managing, and security of mobile and Internet of Things (IoT) devices for their companies. It provides unique insights into the current mobile threat landscape and what organizations are, or in many cases are not, doing to protect their data and key systems. In addition to analysis from Verizon’s experts, the report includes insights and real-world data from leading security and management companies Asavie, Blackberry Cylance, Check Point, IBM, Ivanti, Lookout, NetMotion, Netskope, Proofpoint, Qualcomm, Thales, VMware, and Wandera.</p>
<p>Red Sky Alliance has been analyzing and documenting these types of cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at <a href="https://redskyalliance.org">https://redskyalliance.org</a> at no charge. Many past tactics are often dusted off and reused in current malicious campaigns. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network. </p>
<p style="text-align:left;">Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p><strong>Weekly Cyber Intelligence Briefings</strong>:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/3702558539639477516">https://attendee.gotowebinar.com/register/3702558539639477516</a></p></div>What the Heck is BEC?https://redskyalliance.org/xindustry/what-the-heck-is-bec2020-12-09T20:52:24.000Z2020-12-09T20:52:24.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}8267325297,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8267325297,RESIZE_400x{{/staticFileLink}}" alt="8267325297?profile=RESIZE_400x" width="250" /></a>Business Email Compromise or BEC attack begins with a cybercriminal hacking and spoofing emails to impersonate your company’s supervisors, CEO, or vendors. Once in, they request a seemingly legitimate business payment. The email looks authentic, seems to come from a known authority figure, so the unsuspecting employee complies. These fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the US Federal Bureau of Investigation (FBI) warns. Once again, any out of the ordinary/routine request to issue or authorize payments should be confirmed by a supervisor, director, CFO, and the requesting party by voice. Regular payments are normally authorized and paid in batches that are made on a regular or once a week sequence for business control purposes. There are multiple authorizations levels to ensure compliance with company and GAAP guidelines.<a href="#_ftn1">[1]</a></p>
<p>The FBI notes in an alert made public the first week in December 2020, that since the COVID-19 pandemic began, leading to an increasingly remote workforce, BEC scammers have been taking advantage of the auto-forwarding feature within compromised email inboxes to trick employees to send them money under the guise of legitimate payments to third parties.</p>
<p>This tactic works because most organizations do not sync their web-based email client forwarding features with their desktop client counterparts. This limits the ability of system administrators to detect any suspicious activities and enables the fraudsters to send malicious emails from the compromised accounts without being detected, the alert, sent to organizations in November and made public this week, notes. "If businesses do not configure their network to routinely sync their employees' web-based emails to their internal network, an intrusion may be left unidentified until the computer sends an update to the security appliance set up to monitor changes within the email applications," the FBI says. "This leaves the employee and all connected networks vulnerable to cybercriminals."</p>
<p>Because system audits will not detect email discrepancies or updates, BEC scammers can retain email access to the compromised accounts and then continue with their malicious activities, the alert notes. The FBI reported earlier this year that the bureau had received nearly 24,000 BEC-related complaints in 2019, with the scams generating a total loss of $1.7 billion and an average loss per incident of about $72,000.</p>
<p>The FBI alert highlights two types of BEC scams that are taking advantage of email-forwarding rules. The first was detected in August 2020, when fraudsters used the email forwarding feature in the compromised accounts of a U.S.-based medical company. The attackers then posed as an international vendor and tricked the victim to make a fraudulent payment of $175,000, according to the alert. Because the targeted organization did not sync its webmail with its desktop application, it was not able to detect the malicious activity, the FBI notes.</p>
<p>In a second case in August 2020, the FBI found fraudsters created three forwarding rules within a compromised email account. "The first rule auto-forwarded any email with the search terms 'bank,' 'payment,' 'invoice,' 'wire,' or 'check' to cybercriminals' email accounts," the alert notes. "The other two rules were based on the sender's domain and again forwarded to the same email addresses."</p>
<p>Chris Morales, head of security analytics at security firm Vectra AI, says that in addition to reaping fraudulent payments, fraudsters can use email-forwarding to plant malware or malicious links in documents to circumvent prevention controls or to steal data and hold it for ransom.</p>
<p>In a keynote presentation at Group-IB's CyberCrimeCon 2020 virtual conference in November, Craig Jones, director of cybercrime at Interpol, noted that BEC scammers are among the threat actors that are retooling their attacks to take advantage of the COVID-19 pandemic. Interpol revealed that it recently worked with others to uncover a massive Nigerian business email compromise gang that was active across more than 150 countries. Several members of the criminal organization were arrested.</p>
<p>"With the COVID-19 pandemic continuing to remain in the forefront of public consciousness, organized criminal groups are taking advantage of new working arrangements and global brands to steal large sums of money," says Mark Chaplin, principal at the London-based Information Security Forum. "Uncertainty will continue to provide criminals with further opportunities. BEC sits firmly on every organization's threat radar and will remain there for the foreseeable future."</p>
<p>Keylogged accounts can also lead to BEC attacks. These keylogged accounts are available on the dark web for sale or for free. Your cyber threat intelligence vendor should be reporting these keylogged account details to you on a daily basis. This service is a standard feature of Red Sky Alliance’s RedXray service.</p>
<p>The FBI recommends several steps that businesses can take to mitigate BEC threats:</p>
<ul>
<li>Ensure the organization is running the same version of desktop and web applications to allow appropriate synching and updates.</li>
<li>Track changes established in email account addresses.</li>
<li>Prohibit automatic forwarding of email to external addresses.</li>
<li>Monitor the email Exchange servers for changes in configuration and custom rules for specific accounts.</li>
</ul>
<p>Red Sky Alliance has been tracking cybercriminals for years. Throughout our research, we have painfully learned through our clients that the installation, updating, and monitoring of firewalls, cybersecurity, and proper employee training are keys to success, yet woefully not enough. Our current tools provide a valuable look into the underground, where malware like all the different variants of malware are bought and sold, and help support current protections with proactive underground indicators of compromise. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis for your organization.</p>
<p>Red Sky Alliance has been analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports. Malware comes and goes, but often is dusted off and reappears in current campaigns. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:<br /> <a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.bankinfosecurity.com/fbi-bec-scams-are-using-email-auto-forwarding-a-15498">https://www.bankinfosecurity.com/fbi-bec-scams-are-using-email-auto-forwarding-a-15498</a></p></div>Phishing emails from the “IRS” are Backhttps://redskyalliance.org/xindustry/phishing-emails-from-the-irs-are-back2020-11-24T16:10:45.000Z2020-11-24T16:10:45.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}8211410658,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8211410658,RESIZE_400x{{/staticFileLink}}" width="250" alt="8211410658?profile=RESIZE_400x" /></a>In the US, many people fear the Internal Revenue Service (IRS). When a US citizen receives any type communication from the IRS, people take notice. The cyber bad guys know that too and send IRS phishing messages to unwitting US citizens. In addition to receiving scam voice mails and texts about your Social Security number being at risk, a “credible looking” yet fake, IRS email has been sent to tens of thousands of email inboxes across the US. The question of authenticity can be explained in one quote, "The IRS does not send emails about your tax refund or sensitive financial information," says the IRS Commissioner. But hackers continue to send phishing scams capitalizing on the concerns of the pandemic related Economic Impact Payments and the entire international COVID-19 concerns. </p>
<p>The fake email looks like it came from support@irs.gov, and the email claims that the IRS could not reach you by phone so now it is emailing you with a demand for more than $1,400 you supposedly owe in taxes. Failure to pay, the letter says, will lead to a visit from the sheriff's department and a notification to credit bureaus. Per the fraudulent email message, "The opportunity to take care of this voluntarily is quickly coming to an end... you can email back to the get the payment mode... please let us know what your intention is by today so we can hold your case or else we will submit the paperwork to the local county Sheriff's Department." This is very upsetting to many, who will act on the fake message.</p>
<p>If you get an email like this, it should be an instant red flag because cybercriminals love to use fear and urgency in their phishing campaigns. They hope you will take action before you think about it. Researchers at Abnormal Security tracked this phishing campaign after it reached between 50,000 to 70,000 email accounts and produced the following findings: this specific campaign is even more convincing, because the attackers spoofed or imitated a legitimate domain. If a reader takes the time to look closer, one would find clues this email is a fake. Although the email appears to originate from the domain 'irs.gov', analysis of the email <em>headers</em> reveal that the true sender domain is 'shoesbagsall.com'. Additionally, the 'Reply-To' email is 'legal.cc@outlook.com', which is not associated with the IRS and instead leads directly back to the attacker.</p>
<p>These are two obvious indicators of fraud, but they are certainly not the only ones. IRS related phishing scams target different audiences. Some target tax preparers, others target human resources (HR) and payroll teams or services, and some may be directed to individual tax payers.</p>
<p>What is the biggest problems with an email or text message claiming to come from the IRS with information about a refund, a balance owed, or a request to verify W-2 data? The IRS will never send email like these. Ignore them, PERIOD.</p>
<p>If you have any questions about an email that states it is from the IRS, stop reading it and immediately visit: <a href="https://www.irs.gov/privacy-disclosure/report-phishing%C2%A0">https://www.irs.gov/privacy-disclosure/report-phishing </a> Per the link: "The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts."</p>
<p>The Internal Revenue Service provides a list of things it will not do. Looking at this list can help you avoid being scammed. The IRS will not:</p>
<ul>
<li>Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.</li>
<li>Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer.</li>
<li>Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business licenses, or immigration status.</li>
<li>If you or a friend/relative, especially a senior citizen receive emails relating to these things, you can be quite confident they are fake.</li>
<li>The IRS has several options for reporting IRS related scams, depending on the type of phishing attack you received and whether or not you or your organization fell for it.</li>
<li>For individual phishing emails that you believe are fake:</li>
<li>Forward the scam or phishing email to phishing@irs.gov.</li>
<li>For W-2 related phishing scams, the IRS suggests the following:</li>
<li>If you accidentally gave cybercriminals W-2 information, email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type "W2 Data Loss" so that the email can be routed properly. Do not attach any employee personally identifiable information (PII).</li>
<li>Businesses/payroll service providers should file a complaint with the FBI's Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement.</li>
<li>Notify employees so they may take steps to protect themselves from identity theft. The FTC's <a href="http://www.identitytheft.gov">www.identitytheft.gov</a> provides general guidance.</li>
<li>The IRS says it initiates most contacts through USPS mail, not emailing or texting or phone calls. That is important to keep in mind next time an urgent IRS phishing email arrives in your email inbox.</li>
</ul>
<p>Red Sky Alliance has been analyzing and documenting cyber threats, vulnerabilities and cyber scams for over 9 years and maintains a resource library of malware and cyber actor reports. Malware comes and goes, but often they are dusted off and reappears in current campaigns.</p>
<p>Join our Alliance at: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a> It’s FREE.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings: </p>
<p><a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p> </p></div>Cyberattacks Are Going To Reach All-Time Highs In 2020https://redskyalliance.org/xindustry/cyberattacks-are-going-to-reach-all-time-highs-in-20202020-09-25T19:53:31.000Z2020-09-25T19:53:31.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}7969666096,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7969666096,RESIZE_400x{{/staticFileLink}}" width="250" alt="7969666096?profile=RESIZE_400x" /></a>In a recent study by CrowdStrike regarding cyber threat activity show more intrusion attempts in the first six months of this year than in all of 2019. The pandemic-related shift to remote work and the growing availability of Ransomware-as-a-Service (RaaS) were two major drivers. Red Sky Alliance has reported on many of these ransomware groups and actors in detail in 2020. These reports can be found at no charge at <a href="https://redskyalliance.org">https://redskyalliance.org</a>.</p>
<p>The security vendor's threat-hunting team blocked some 41,000 potential intrusions just between Jan. 1 and June 30 this year compared with 35,000 for all last year. Incidents of hands-on-keyboard intrusions in the first six months of 2020 where a threat actor is actively engaged in malicious activity was some 154 percent higher than the number of similar instances that CrowdStrike's researchers observed in 2019.</p>
<p>Predictably, one of the biggest causes for the increased threat activity was the rapid adoption of remote workforces in response to the COVID-19 pandemic. The switch significantly expanded the attack surface at many organizations, which threat actors were quick to try and exploit. Another driving factor was the growing availability of RaaS offerings and the resulting increase in threat actors and attack activity in the space. There was a notable increase especially in ransomware attacks that also involved the theft of sensitive data and subsequent attempts to extort victims with threats to officially release the data.</p>
<p>Despite all the attention that cyber espionage and nation-state-backed threat groups have garnered recently, an overwhelming majority of the actual attacks that CrowdStrike blocked in the first six months of this year were financially motivated. In fact, 82 percent of the hands-on-keyboard attacks that CrowdStrike's threat hunters encountered fell into the e-crime category, compared with 69%</p>
<p>As has been the case for some time, organizations in the financial, technology and telecommunications sectors were targeted more heavily than organizations in most other sectors. In addition, though, analysts observed what it called a dramatic increase in intrusion activity involving manufacturing companies. In fact, the manufacturing industry was the second most frequently targeted vertical after the technology sector in the first half of 2020. According to the company, the critical nature of most manufacturing operations and the valuable intellectual property and other data that manufacturing companies hold have made the sector an attractive target for both financially motivated attackers and nation-state threat groups.</p>
<p>Other sectors that experienced increased threat activity included healthcare, food and beverage, and academic institutions.</p>
<p>China-based adversaries posed a significant threat to organizations in multiple industries. Investigators observed at least six China-based actors targeting organizations in various data theft and cyber-espionage campaigns in the first half of 2020. Telecommunications companies were particularly popular targets for the China-based groups. Organizations in the manufacturing, healthcare, and agricultural sectors were also relatively heavily targeted.</p>
<p>In keeping with a recent trend, attackers used a variety of legitimate administration tools in their attacks. Some of them were native to the host operating system and others were not. The most frequently used tools included Process Hacker, Proc Dump, Advanced IP Scanner, Team Viewer, and Advanced Port Scanner. Attackers also used a variety of legitimate pen-testing tools in their campaigns including Mimikatz, Cobalt Strike, PowerShell Empire, PowerSploit, and Meterpreter.</p>
<p>One noticeable trend was the growing commonality in tactics, techniques, and procedures (TTPs) among e-crime groups and the generally more sophisticated state-backed groups. The overlap in TTPs is especially evident in the initial stages of an intrusion and in the use of legitimate admin tools and so-called living-off-the-land (LOTL) tactics to infiltrate networks, to escalate privileges, to achieve persistence, and to evade defenses. Where the two groups differ, the most is in stealth and persistence. While financially motivated groups tend to be louder and more obvious in their malicious activity, the state groups tend to be stealthier and more persistent.</p>
<p>According to cyber threat analysts, one especially worrisome development for defenders is the lengths to which attackers have going to evade detection. With organizations using more endpoint detection and response tools and other endpoint controls, threat actors have begun innovating ways around them. They have seen some pretty interesting things in terms of how far they will go, including literally downloading [antivirus] uninstallers" on compromised systems. </p>
<p>Analysts from Red Sky Alliance emphasize the use of cyber threat notification services, such as RedXray that will provide cyber defense teams to see threats before they become breaches. This time sensitive intelligence can be added to any current network security service to block them. It has been noted that over seventy-two (72) TTPs that researchers observed attackers using to evade detection. Among them were tactics including registry modification, process injection, the use of signed code, process hollowing, malware that compiled after delivery, file deletion, and hidden users.</p>
<p>Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. </p>
<p>The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p><strong>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com. </strong></p>
<p><strong>Red Sky Alliance can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</strong></p>
<p><strong>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></strong></p>
<ul>
<li><strong>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></strong></li>
<li><strong>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></strong></li>
<li><strong>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></strong></li>
</ul>
<p> </p></div>Ransomware Red Flags Missed by Your Security Teamhttps://redskyalliance.org/xindustry/ransomware-red-flags-missed-by-your-security-team2020-09-08T19:13:52.000Z2020-09-08T19:13:52.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}7867493862,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}7867521488,RESIZE_400x{{/staticFileLink}}" width="250" alt="7867521488?profile=RESIZE_400x" /></a>Ransomware is here to stay. Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight. There are many versions of ransomware in use and group and nations behind the extortion attempts. These cyber actors are motivated by money. Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.</p>
<p>In a properly implemented crypto viral extortion attack, recovering the files without the decryption key is an intractable problem and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Will my organization become another ransomware victim? Security experts say the warning signs were there and security teams missed some of the clues. I want to thank Steve Zurier for compiling this list.</p>
<p>This is every CEO and CISO’s nightmare: Your organization has been hit with ransomware, and every machine and server has been encrypted. You are worried that confidential and private data will begin to be posted on the Internet. Security experts say the warning signs were there all along: misdirected DNS requests, bad VPN reboots, and Active Directory login failures should have been setting off alarms that a ransomware attack was in progress</p>
<p>Once the attackers are in your network, you have anywhere from 48 hours to 12 days before they pull the trigger, says Mike Hamilton, CISO of CI Security. What signs have your security team missed?</p>
<p><em>Active Directory Will Show Multiple Login Failures</em></p>
<p>CI Security's Hamilton advises security teams to monitor Active Directory for login failures. For example, if you see three login failures in a row on RDP servers, that is a surefire sign the network has been attacked. The same holds for administrative login failures. Because companies did not have time to prepare for COVID-19, and it looks like working from home will go on for the foreseeable future, it is time to develop a safe list of good IP addresses, Hamilton adds.</p>
<p><em>Brute-Force Attacks Will Hit the Network</em></p>
<p>According to Awake Labs vice president Jason Bevis, who recently published a blog about ransomware warning signs, you should also look for brute-force attacks on RDP systems. Once in the network, attackers typically look for additional passwords. You also need to watch for unusual file-copying activity, especially of .bat, .zip, .txt, and other common files. It is not common for one account to copy files to and from multiple user accounts or devices. There are also situations where the attackers could have compromised administrative accounts and start copying files. The attackers also use these accounts to persist and quickly encrypt the file systems.</p>
<p>All WinSysLog files should be sent to a security information and event management (SIEM) system for analysis because it can detect whether files are being encrypted, Domain Tools' Saleh adds. And in a blog posted earlier this week, Red Canary says to watch for the use of the Windows Backup Administration Tool wbadmin.exe to delete system backups. Other signs of ransomware include manipulation of vssadmin.exe to hinder recovery from backups and processes making hundreds of file modification operations on files with the string readme in them.</p>
<p><em>Phishing Emails Land with Strange Domains</em></p>
<p>Watch for emails that come in with strange domain names that have never been in the company's environment, Awake's Bevis advises. Analysis tools let you look for every new domain that has come through the network in the past seven days. It's possible to filter out known good and bad domains, such as those with a good reputation. These tools can also look at what was downloaded and determine what might seem unusual.</p>
<p><em>The Network Starts Making a String of Questions about a Single Machine</em></p>
<p>Peter Mackenzie, an incident response manager at Sophos, says attackers typically start by gaining access to one machine, where they search for information and ask questions that everyday users wouldn't normally pose -- for example, "Is this a Mac or Windows machine?" "What is the domain and company name?" "What kind of admin rights does the computer have?"</p>
<p>Next, attackers will want to try to find out what else is on the network and what they can access. In most circumstances, they will try to use a network scanner, such as Angry IP or Advanced Port Scanner. If you detect unusual activity and no one on the admin staff was using the scanner for normal corporate use, Mackenzie says it's time to investigate.</p>
<p><em>Security Tools Are Being Used in Environments They Were not Assigned To</em></p>
<p>Once attackers have admin rights, they will try to disable security software using applications created to assist with the forced removal of software, such as Process Hacker, IObit Uninstaller, GMER, and PC Hunter. These types of tools are legitimate, but if a specific tool is showing up on a system for which it's not assigned, then something is wrong.</p>
<p>Any detection of Mimikatz (used in NotPetya) should get investigated, Sophos' Mackenzie adds. If no one on your security team confirms using it, that is a red flag because Mimikatz has become one of the most commonly used hacking tools for credential theft.</p>
<p><em>Unusual Time Stamps Appear on VPN Connections</em></p>
<p>Be on the lookout for anomalous time stamps on VPN connections, says Saleh of DomainTools. If the organization has normal levels of traffic between 9 a.m. and 5 p.m. PT, and then suddenly there's traffic with IP addresses from Russia or Mozambique at 2 a.m. should set off warning signs. You also need to figure out what attackers are trying to access. In addition, watch out for bad reboots on VPN concentrators, CI Security's Hamilton says.</p>
<p><em>Traffic Is Suddenly Redirected to Questionable Places on the Dark Web</em></p>
<p>Normal network traffic should never get redirected to a TOR site, DomainTools' Saleh says. The average user probably doesn't know what that is in the first place, he says, let alone would have any business on a TOR network. Also, watch out for unusual DNS requests. If the requests are heading back to known malware sites, that's potentially a problem and the network could get infected.</p>
<p>Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports. </p>
<p>The installation, updating, and monitoring of firewalls, cybersecurity and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Implement 2-Factor authentication company-wide.</li>
<li>Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cybersecurity software, services, and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network. Ransomware protection is included at no charge for RedXray customers.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com. </p>
<p>Red Sky Alliance can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.</p>
<p>Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p> </p></div>The Cloud Does Not Have a Silver Lining for Protecting against Ransomware Attackshttps://redskyalliance.org/xindustry/the-cloud-does-not-have-a-silver-lining-for-protecting-against-ra2020-06-29T19:16:34.000Z2020-06-29T19:16:34.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}6440209290,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}6440209290,RESIZE_400x{{/staticFileLink}}" alt="6440209290?profile=RESIZE_400x" width="250" /></a>There will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals. The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers. While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers. The loss of just a few thousand dollars in ransom payments can be devastating and hackers do not discriminate when casting a wide net. Even if the ransom is paid, will your files be unlocked, posted, or even auctioned to the highest bidder. Remember, you are dealing with criminals and criminals have no rules. </p>
<p>Hackers are mining for data, passwords, and other bits of information that can open the door to a company’s assets. Email scams, password and login theft, malware, and ransomware are among the cybercriminals’ primary weapons. Most attacks begin with a simple phishing attempt and when the “Bait” is taken, malware, Trojans, and ransomware follow.</p>
<p>Cybersecurity threats have been constantly growing in 2019, according to a new report by Crypsis Group, incident management, and digital forensics company. The Crypsis 2020 Incident Response and Data Breach Report found that cybercriminals have “significantly escalated tactical approaches” and become more targeted in their actions. Ransomware attacks and business email compromise (BEC) were the two most impactful cyber threats in 2019 with ransomware demands up 200% last year and BEC fraud losses averaged $264,000 per incident. As stated above, these attacks began with low-cost phishing attempts.</p>
<p>Software as a Service (SaaS) is being increasingly used and is a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers. The COVID virus pandemic has forced businesses to start working from home on a massive scale, and SaaS platforms now have switched from being a matter of choice to a necessity. While the long-term advantages of this global switch are yet to be discovered, SaaS security threats are already out there. One of the most threatening is Ransomware 2.0.</p>
<p>This has led to a new generation of attacks, using sophisticated types of ransomware that spreads to the cloud and encrypts SaaS data of cloud services. The average ransom payment was $41,000 in 2019, although cyber liability insurance firms say that the real cost of a ransomware attack for a company with 50 employees has reached $73,000. This cost includes; Ransom fees, Forensics, Legal Fees, Fines and Penalties, and Data Recovery payments.</p>
<p><a href="{{#staticFileLink}}6440324485,RESIZE_192X{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}6440324485,RESIZE_192X{{/staticFileLink}}" alt="6440324485?profile=RESIZE_192X" width="186" /></a>Ransomware has become a multibillion-dollar industry for cybercriminals, who to maximize their profits, are expanding to new potential markets with a particular focus on the fast-growing Cloud computing sector.</p>
<p>Cyber-criminals have new market opportunities. Many offline businesses are closed due to COVID-19, which reduces new opportunities for cyber-criminals. Phishing attacks are up 667% since the pandemic began. Cyber-criminals seem to be looking for new ways to generate revenue. Cloud services have become mission-critical apps for successful businesses. The spread of coronavirus will push companies to speed up their cloud adoption. Many organizations already cannot imagine their business operating without cloud services. It is only a matter of time until ransomware actors begin targeting cloud data.</p>
<p>A scenario for a cloud ransomware attack:</p>
<ul>
<li>A user gets an email that looks like it was sent from their cloud service provider. It requires the user to click a phishing link to update an app.</li>
<li>A user installs a malicious app or a Chrome extension that requests a scope of permissions to access G Suite or Office 365 SaaS data.</li>
<li>Once permissions are granted, the app starts encrypting data directly in the cloud.</li>
<li>Ransomware that targets the cloud is here and we can expect that in the next one to two years, this evolution will accelerate, with the emergence of a whole new generation of ransomware.</li>
</ul>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating with quarterly updates.</li>
<li>Manage, review, and update file permissions and access for all employees.</li>
<li>Phishing is normally the first step in a broader attack campaign.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, without having to connect to your network.</li>
<li>RedXray customers can receive up to $100,000 in ransomware coverage at no additional expense to them.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p><strong>Red Sky Alliance</strong> strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at <strong>1-844-492-7225, or feedback@wapacklabs.com</strong></p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a><br /> Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a><br /> Twitter: <a href="https://twitter.com/redskyalliance">https://twitter.com/redskyalliance</a></p></div>China and the 5 Eyes Truth about Coronahttps://redskyalliance.org/xindustry/china-and-the-5-eyes-truth-about-corona2020-05-07T21:33:15.000Z2020-05-07T21:33:15.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}4828537481,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4828537481,RESIZE_400x{{/staticFileLink}}" width="250" alt="4828537481?profile=RESIZE_400x" /></a>A British media outlet, The Saturday Telegraph, recently obtained a 15-page research document by the Five Eyes (5E) Intelligence consortium; made up of the UK, US, Canada, New Zealand, and Australia. The report outlines an intelligence perspective on the negligence of China with the COVID-19 pandemic. The report demonstrates the “endangerment of other countries” as the Chinese government covered-up news of the virus by silencing or “disappearing” medical doctors who spoke out, its destroying of laboratory evidence and China’s refusing to provide live samples to international scientists who are actively working on a vaccine.</p>
<p>Link to full report: <a href="{{#staticFileLink}}4828486267,original{{/staticFileLink}}">TR-20-127-001_5_eyes_Covid_FINAL.pdf</a></p></div>Dealerships and Viruseshttps://redskyalliance.org/xindustry/dealerships-and-viruses2020-04-13T15:25:05.000Z2020-04-13T15:25:05.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}4411740630,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4411740630,RESIZE_400x{{/staticFileLink}}" width="250" alt="4411740630?profile=RESIZE_400x" /></a>New car showrooms are closed. Inventory is backing up. Auto dealers are cash strapped and ready to negotiate a good deal, almost any deal. So, if a person in the market for a new car, in good health and has a solid job (even with the various state “lock downs”), the timing is very good to buy a new car. Car shopping will currently be electronic, but salespersons are willing to sell cars and reduce their inventories. If you are a savvy online shopper and ready to negotiate a price by email or phone; you’re in luck.</p>
<p>The rules facing car dealerships vary from city, county, state or even auto manufacturer rules. Some government rules are allowing showrooms to stay open. Some places do not permit ANY sales, including online sales. These are two ends of the sales spectrum for dealers to follow during the Corona Virus outbreak. US governors can set rules, but local rules will take precedent. This all due to a “virus.”</p>
<p>How desperate are auto dealers? Auto sales are a cash-flow business and this current virus-related pandemic is directly affecting the economic impact on dealerships; and it’s severe. Some auto analysts are saying, “If you rely on selling 10 cars a day, and you’re selling one or zero, that’s $350,000 a day.”</p>
<p>There are about 16,700 car dealers in the US and 4,752 in Canada. Everyone is feeling the pinch. AutoNation, the US’s largest chain of car dealerships, recently laid off 7,000 workers and said it would delay $50 million in capital spending.<a href="#_ftn1">[1]</a> Penske Corporation, which runs another large dealer chain, said it would furlough an unidentified number of workers and delay $150 million of capital investment. This is matching the 2008-2009 financial slump’s effect on the auto sales industry. Some believe this time, it’s worse.</p>
<p>US passenger vehicle sales were already falling since its historic yearly peak of 17.46 million vehicles sold in 2016. Auto debt is also a problem. Economists are warning that 7 million car customers were 90 days or more behind on their auto loans in 2019. Automakers were already trying to avoid widespread negative profit sales incentives. Then the COVID-19 “virus” pandemic hit North America.</p>
<p>If currently looking to buy a car, the best price breaks will go to those willing to negotiate and walk away if the dealer does not agree to a “reasonable” price. Even in traditional tough sales times, salespersons will naturally try to squeeze out the highest price possible while upselling options and extras. Although no dealership is willing to go on the record admitting it, auto industry experts say dealers will sell at a loss to keep some cash coming in. One big reason cash flow is low during these times, is that people are not bringing in their cars in for service, a once profitable cash flow operation. </p>
<p>Even with online transactions, delivering the car and finalizing the paperwork involves human interaction and therefore a risk of exposure, however many believe to be small risk. Many car dealers and most banks can, in 2020, accommodate electronic signatures and/or can deal with paperwork transactions via private or public mail services.<a href="#_ftn2">[2]</a> </p>
<p>The ease of online, virtual car buying will vary - depending on the dealer. The range in online expertise can be seen on the websites of two different California Toyota dealerships, who sell the same products. Analysts discovered that it was difficult to figure out whether a car could be bought online at one of the two Toyota dealers. The chat function of this dealer had to be checked twice to see if “Internet Sales” were supported. What appeared to be a human on the other end, answered they “didn’t know.” The other Toyota dealership web site included a dropdown option on its homepage marked, “Express Store” that seamlessly takes a buyer through the entire purchase process. Yet, at the end of this e-transaction the customer is instructed that a sales representative would help complete the paperwork (with the distinct possibility of an upselling opportunity). </p>
<p>OK, so you are ready to buy a new car “on-line” due to the current “virus.” Well, what about the other viruses? Cyber viruses. That is, malware used to steal your personal identifying information (pii), needed to complete a sales purchase. If you are ready to buy a car online, how would you know if the dealership’s network is compromised with malware – you DON’T. As recently as January 2020, a sales manager at a US Northeast area auto conglomerate, we will call the Acme Automotive Group, had credentials exposed online. Red Sky Alliance discovered this damning information through our RedXray analytical tool; specifically observing data breach collections. With bad actors’ permission to an Acme’s sales team account, attackers would have access to sensitive sales data which likely includes private customer information, or their pii. The fact that this compromised network account is a manager, means a hacker would have access to many other privileged customers financial information links in the service, loan and rental departments.</p>
<p><a href="{{#staticFileLink}}4411774610,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4411774610,RESIZE_400x{{/staticFileLink}}" width="223" alt="4411774610?profile=RESIZE_400x" /></a>Red Sky Alliance has been has analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports. We can assist in the installation, updating and monitoring of firewalls, cyber security and provide employee training which are keys to blocking cyber-attacks. Please feel free to contact our analyst team for research assistance and check out our CTAC and RedXray Threat Analysis tools. <a href="{{#staticFileLink}}4411779633,RESIZE_584x{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}4411779633,RESIZE_400x{{/staticFileLink}}" width="300" alt="4411779633?profile=RESIZE_400x" /></a></p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>All data in transmission and at rest should be encrypted.</li>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Update disaster recovery plans and emergency procedures with cyber threat recovery procedures.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Ensure that all software updates and patches are installed immediately.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p><strong> </strong><strong>Conclusion</strong></p>
<p>Red Sky Alliance strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitoring in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a></p>
<p>Interested in a RedXray subscription to see what we can do for you? Sign up here: <a href="https://www.wapacklabs.com/redxray">https://www.wapacklabs.com/redxray</a> </p>
<p><strong>Reporting: </strong><a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p><strong>Website: </strong><a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></p>
<p><strong>LinkedIn: </strong><a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a></p>
<p><strong>Twitter: </strong><a href="https://twitter.com/wapacklabs?lang=en">https://twitter.com/wapacklabs?lang=en</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.cnbc.com/2020/04/03/autonation-furloughs-thousands-of-workers-due-to-coronavirus.html">https://www.cnbc.com/2020/04/03/autonation-furloughs-thousands-of-workers-due-to-coronavirus.html</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.latimes.com/business/story/2020-04-08/buying-car-online-dealers-coronavirus">https://www.latimes.com/business/story/2020-04-08/buying-car-online-dealers-coronavirus</a></p></div>COVID-19 .edu Resource Linkshttps://redskyalliance.org/xindustry/covid-19-edu-resource-links2020-03-21T14:13:33.000Z2020-03-21T14:13:33.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}4179836625,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4179836625,RESIZE_710x{{/staticFileLink}}" alt="4179836625?profile=RESIZE_710x" width="271" /></a>Later yesterday, the US based InfraGard National <a href="https://www.infragard.org/">https://www.infragard.org/</a> provided a very valuable link to a Northeastern University site that provides COVID-19 information and prevention on-line training. Much of this information is provided through the support of John Hopkins University, Center for Disease Control and the World Health Organization. We here at Red Sky Alliance would like to provide this very valuable reliable reference source; as “Knowledge is Power.” Having the proper prevention and up-to-date information will help us all get through this <u>temporary</u> pandemic. Northeastern University’s Global Resilience Institute, has just launched a short online course that provides life-saving skills for dealing with the COVID-19 outbreak. <strong>Please feel free to share this with your families and colleagues.</strong></p>
<p>Click link to see the course: COVID-19 / How to be Safe and Resilient: <a href="https://www.resilience-ed.org/">https://www.resilience-ed.org/</a></p>
<p>The course is on a web platform that allows universal access. We are hoping that international corporations, companies, and organizations will push this out to their employees. With everyone studying online and working online, this seems to be the best way to have a trusted source get this critical information directly to as many as possible with the encouragement that they spend the under one-hour to work their way through the self-navigating, 9 short-modules for the course:</p>
<ol>
<li>Introduction to Being Safe and Resilient</li>
<li>Mastering Washing Your Hands</li>
<li>Avoid Touching Your Face to Reduce Risk</li>
<li>Managing Your Household</li>
<li>Disinfecting Your Surfaces</li>
<li>Properly Using Masks and Gloves</li>
<li>Navigating Public Spaces</li>
<li>Staying Connected with Older Relatives, Neighbors, and Friends</li>
<li>Enhancing Community Resilience by Becoming a COVID-19 Leader</li>
</ol>
<p>In addition to providing this urgently needed life-saving information for dealing with the rapid spread of COVID-19, we believe that this will help to reduce anxiety as well. Ideally it will inspire and empower all who take it to reach out to others to share what they have learned. The final module in the online course is a call-to-action.</p>
<p>Leveraging all the latent capacity in our civil society will be instrumental to our getting through this. Everyone need to pull together at the household, neighborhood and community levels to help each other out while limited government and health sector resources are directed to those in most need. This is an “<strong>All Hands-on Deck</strong>” moment in our world history, and we appreciate everyone who are doing their share to help in this challenging time.</p>
<p>Red Sky Alliance is in New Boston, NH USA and is a Cyber Threat Analysis and Intelligence Service organization and can help organizations anywhere in the world. We off various level of RedXray services, For questions, comments or assistance, please contact the office directly at 888-RED-XRAY or (888)-733-9729, or email <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p><em>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/<br /></a></em><em>Portal: <a href="https://www.wapacklabs.com/">https://www.redskyalliance.org</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/wapacklabs/">https://www.linkedin.com/company/wapacklabs/</a><br /> Twitter: <a href="https://twitter.com/redskyalliance">https://twitter.com/redskyalliance</a></em></p></div>When The World Works From Homehttps://redskyalliance.org/xindustry/when-the-world-works-from-home2020-03-19T14:03:38.000Z2020-03-19T14:03:38.000ZJonathon Sweeneyhttps://redskyalliance.org/members/JonathonSweeney<div><p><strong><a href="{{#staticFileLink}}4157448215,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}4157448215,RESIZE_710x{{/staticFileLink}}" width="250" alt="4157448215?profile=RESIZE_710x" /></a>Summary</strong></p>
<p>As some operations and businesses in the United States and around the world come to a significant slowdown due to COVID-19, many employees are being forced to work from home. While every-day business operations may slow down, cyber-attacks do not; in fact, we predict - they will increase. Many companies are implementing BYOD and work-from-home policies on a huge scale. This presents many more hacking opportunities and creates more vulnerabilities than companies normally manage while employees are at their desks. Red Sky Alliance monitors external threat intelligence assist with the incident prevention, response, and mitigation of these threats.</p>
<p><strong>Details</strong></p>
<p>One of the tools that will be taken advantage of by many industries including healthcare, schools, and transportation is teleconferencing software. This includes but is not limited to GoToMeeting, Zoom, Teams, and others. While teleconferencing technology is excellent for remote communications and operations, it presents risks that may not exist when all employees are working in...</p>
<p>Read the full report here: <a href="{{#staticFileLink}}4157452185,original{{/staticFileLink}}">TR-078-001_Work_From_Home_Risks.pdf</a></p></div>