X-Industry

Malware has a way of grabbing all the attention in the media and keeping companies on their toes.  The world watched as wipers were deployed to Ukrainian organizations after the Russian invasion of Ukraine, which marked the beginning of a time of instability that included ransomware and InfoStealers, as well.  Adding to the negative cybersecurity load of 2022, the contemporary version of ransomware celebrated its 10-year anniversary.

And if that were not enough, researchers have seen that a cybe

Over the past six months, the infamous Emotet botnet has shown almost no activity, and now it is distributing malicious spam.  Emotet is by far one of the most dangerous trojans ever created.  The malware became a very destructive program as it grew in scale and sophistication.  The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents.  When users open these documents and enable

Activity Summary - Week Ending on 22 April 2022:

• Red Sky Alliance identified 9,534 connections from new IP’s checking in with our Sinkholes
• StreamHost in Belgium Hit 302x
• Analysts identified 6,436 new IP addresses participating in various Botnets
• Industroyer2  
• Lightning Stealer
• Emotet
• TraderTraitor
• Spying on Boris
• Trolls in the Tolls
  
  Link to full report: IR-22-112-001_weekly112.pdf

Activity Summary - Week Ending on 1 April 2022:

Today is April Fools' Day, but sound Cyber Security is No Joke.  Call us for protection.

• Red Sky Alliance identified 15,105 connections from new IP’s checking in with our Sinkholes
• Kanzas LLC Moscow RU - 241 x
• Analysts identified 1,392 new IP addresses participating in various Botnets
• Emotet Variant
• AbereBot is Escobar
• Kaspersky Lab
• Shortage of female Cyber Security Professional
• Hacked Ukrainian News Website
• Spearphishing Attack from Belize

Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc

Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc

The operators of TrickBot malware have infected an estimated 140,000 victims across 149 countries a little over a year after attempts were to dismantle its infrastructure.  The advanced Trojan is fast becoming an entry point for Emotet, another botnet that was taken down at the start of 2021.  Emotet is believed to have originated in the Ukraine is also known as Heodo which was first detected in 2014.  See:  https://redskyalliance.org/xindustry/this-may-be-the-end-of-emotet

Most of the victims d

A specially crafted update created by Germany's Bundeskriminalamt (BKA) federal police agency created and pushed the uninstall update.  European law enforcement has triggered the process of removing the Emotet botnet malware from 1.6 million infected computers around the world.  Emotet was thought to be the world's largest botnet, known for spewing millions of malware-laden spam emails each day. Law enforcement in the US, Canada and Europe conducted a coordinated takedown of Emotet infrastructur

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as

Attacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to

The number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o

US Cyber Command, Microsoft, and Europol are attacking Trickbot's malicious infrastructure, ahead of the elections. It won't stop hackers from adapting but is expected to create breathing space during the elections. Check out these slides if you missed the webinar on October 21, 2020 to find out more:

View Webinar

Activity Summary - Week Ending 31 July 2020:

• Red Sky Alliance identified 65,708 connections from new unique IP addresses
• 83 unique email accounts have been shown to be Compromised with Keyloggers
• Analysts identified 2,442 new IP addresses participating in various Botnets
• Emotet is Back
• Phishing Campaign Targeting High-Profile Twitter Accounts
• Confidential & Proprietary
• Russia conducts 1^st gas delivery via Artic shipping Route to Japan
• DAPL in the news Again
• Cavitas Energy and Thor
• Floating stor

https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

Our UK partners have share an important report on Ryuk Malware.

Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.

The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re