X-Industry

Several top US federal agencies on 14 October 2021 issued a joint advisory around potential cyber threats to the nation's water facilities. 

Officials cite "ongoing malicious cyber activity by cyber threat actors targeting the information technology and operational technology networks, systems and devices" of US water and wastewater systems.

See:  https://redskyalliance.org/xindustry/water-is-worth-fighting-for

The advisory co-authored by the FBI, Cybersecurity, and Infrastructure Security Agenc

The US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.

Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for

“Oh Romeo, Romeo wherefore art thou Romeo?”  The FBI is warning the public that a massive spike of online romance scams this year caused many Americans to lose more than $113 million since the start of 2021.  The scammers behind this type of online fraud trend (also known as confidence fraud) which can lead to significant financial losses and devastating emotional scars use fake online identities to gain potential victims' trust on dating or social media platforms.

After the victims are lured in

What if three disgruntled employees left your organization and took top secret information to a competing company?  What repercussions would follow and how would it impact your business?  In many cases, there would be a lawsuit. In this case, there was federal prosecution and a cybersecurity threat.

The US Department of Justice (DOJ) released a shocking statement on 16 September 2021, which explains the scenario at the federal level. Three men, who formerly worked for the US intelligence communi

Did you ever wonder how a can of green beans gets to the shelf of your supermarket?  Well, from planting the seeds, harvesting the crop, canning the beans, and pushing them to market – is all called the ‘Food Supply Chain.’  Now cyber-attackers are targeting our food supply chain and the Jolly Green Giant ain’t so happy.

The US Federal Bureau of Investigation (FBI) has issued a new alert on 06 September 2021 warning companies in the food and agricultural sector that they are increasingly at risk

Post offices in the US still post the FBI’s Most Wanted List.  The wanted criminal profiles are normally in a locked glass case somewhere in the lobby.  A looked at the photos and associated descriptions, it is amazing that even in our digital world -criminals can still commit major crimes and still lurk without leaving a digital sign for authorities to follow.  But cyber criminality is here and now and pose a huge threat to everyone, in any country.  Now the US Secret Service is asking for our

The US has seized the domains of 36 websites linked with Iran and Iraq for allegedly publishing disinformation and running malicious influencing campaigns targeting Americans, the Justice Department says.  Thirty-three of the websites belong to the Iranian Islamic Radio and Television Union, or IRTVU, and three belong to Kata’ib Hizballah, or KH, a paramilitary group based in Iraq.  KH has been designated as a foreign terrorist organization since 2009, and IRTVU was put under sanctions in Octobe

The US federal authorities will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned (HIBP), the data breach notification service.  The password hashes will contribute to Pwned Passwords, a service used to help warn users against reusing passwords that have been leaked in data breaches, says Troy Hunt, the Australian developer who created Have I Been Pwned

The stolen and leaked data the FBI comes across in investigations,

A few days after the Colonial Pipeline was attacked, a former law enforcement source close to the company told Red Sky Alliance that law enforcement officials used a cyber type ‘dye pack’ to track the Bitcoin Colonial ransom payment.  A traditional dye pack is used in banks to be used during a bank robbery.  The robbers take the cash bundle with the dye pack and within minutes, the dye pack ignites and paints the robber with a dye, so responding police can identify the fleeing felon.  The federa

Recently a trusted cyber professional of Red Sky Alliance, with close to 40 years in the business said, “As cyber technology grew in the last thirty plus years, our international community sacrificed security for convenience.”  So true. 

Now we ask: if a Russian cyber-criminal group[1] or the North Korean military hacks[2] your company, places ransomware on your network because of corporate carelessness and then demands millions to unlock your valuable data - at that point - does it really matte

China, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.

Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal

In August 2020, the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.  The entire report can be viewed here

The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85^th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector

The US Federal Bureau of Investigation (FBI) is warning organizations in the financial sector about an increase in botnet-launched credential stuffing attacks.  Many of these attacks, which target APIs, are being fed by billions of stolen credentials leaked over the last several years. 

Credential stuffing is a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords are used to gain unauthorized acces

Throughout the USA, State and County election computer networks are still vulnerable to cyber-attacks and Election Day is only 29 days.  In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.

The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampe

A previously unreported Fancy Bear campaign indicates APT28 has persisted for well over a year and indicates that the notorious group has broadened its focus.   Hackers from Russia’s GRU military intelligence agency, Units 26165 and 74455, aka Fancy Bear/APT28, have deep interests and experience in decryption, hacking, and dissemination of stolen information.  These two units have carried out many of the most aggressive acts of hacking in history that have included destructive worms, blackouts,

The United States, Federal Bureau of Investigation (FBI) has issued a warning to air travelers to be suspicious of bogus US airport websites and WiFi networks when booking flights online.   FBI analysts are aware of the recent creation of a number of websites trick users into thinking the sites are real.  These spoofed domains, which grow increasingly sophisticated as cyber-criminals hone their skills for mimicry, posed a real threat for travelers, airports, and the aviation industry as a whole.

2020, a year that will be remembered for many reasons.  Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands.  Then there was the next economic collapse and subsequent worldwide insurrection.  For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes

We all need some good news on the “new” COVID-19 Cyber Front.  The FBI has delivered the good news this past week.  During these first weeks of the “New Normal” during the worldwide Corona Virus pandemic, more and more employees are working from home with limited cyber threat protections or training.  Taking down a Crime as a Service (CaaS) web store off the Internet is fantastic news.  This past week, the FBI seized the domain of Deer.io, which federal prosecutors say served as a clearinghouse

During these current and uncertain times, who can you trust for updated, reliable and virus free information on the Coronavirus?  A safe reliable source is InfraGard.  InfraGard National is an FBI-affiliated nonprofit organization dedicated to strengthening national security, community resilience and the foundation of American life.  InfraGard is one of the FBI’s longest-running outreach programs and its largest public/private partnership, with over 60,000 members representing 77 InfraGard chapt

The FBI’s Internet Crime Complaint Center (IC3) published its 2019 Internet Crime Report which stated that cybercrime was behind individual and business losses of $3.5 billion, represented by 467,361 reported complaints received last year.  Under the subsection titled: “Reported Complaints,” many individuals and businesses did not report their losses and this dollar amount of losses is under reported.  IC3 says that it has received 4,883,231 complaints since its inception in May 2000, with an av