Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
phishing (95)
Since the beginning of phishing, fraudulent invoicing and purchasing schemes have been one of the most common lures, because they make money. The usual modus operandi involves appealing to the recipient’s desire to avoid incurring a debt, especially where a business may be involved. Researchers recently came across an interesting phishing e-mail masquerading as a purchase order addressed to a Ukrainian manufacturing organization that deals with raw materials and chemicals. The e-mail containe
Activity Summary - Week Ending on 28 January 2022:
- Red Sky Alliance identified 21,120 connections from new IP’s checking in with our Sinkholes
- Intern LLC in Moscow hit
- Analysts identified 5,665 new IP addresses participating in various Botnets
- AvosLocker Ransomware
- Wormable Windows Vulnerability
- Nmap
- Belarus Trains hit
- Canada mad at Russia
- QR Code Confusion
- 22% Gone Phishing
- Vessel Impersonation
Link to full report: IR-22-028-001_weekly028.pdf
Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
Considering the sensitive information it holds, it is no wonder that the financial services industry continues to be one of the most targeted critical infrastructure sectors by current cyber-criminals. Recent societal and technological changes during 2021 have made matters worse.
The ongoing COVID-19 pandemic has created a ripe target field for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening
Cybersecurity researchers are warning about a rise in cyber criminals going after mobile devices as a means of gaining entry to networks. There has been a surge in mobile phishing attacks targeting the energy sector as cyber attackers attempt to break into networks used to provide services including electricity and gas.
The energy industry is highly critical, providing people with vital services required for everyday use. That role makes it a prime target for cyber criminals. That risk was de
Last week Microsoft Security issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription and all the tools needed to conduct a campaign. The phishing-as-a-service, or PHaaS, model differs from the phishing kits that many gangs have used in that it is more expansive and handles many of the small details that could befuddle a less tech-savvy attacker.
"It's worth noting that some PhaaS groups may offer the whole deal - from template c
Some things seem to come full circle. Morse Code was invented in the 1800’s by Samuel Morse when he worked with an electrical telegraph system sending pulses of electric current and an electromagnet. His code used the pulse and breaks between them to transmit information. Popular with amateur radio operators, this code is no longer required if you want to get a pilots or air traffic controller license, though these individuals often have a basic understanding of the code. Morse code is a meth
Red Sky Alliance has been monitoring a global phishing campaign which leverages the Ex-Robotos phishing kit to gain access to usernames and passwords of targeted victims. This specific attacker generally targets engineering organizations but has been seen targeting other industries as well. They have been sending out emails since May of 2021, though the tool has been publicly available for purchase since 1 July 20191. Phishing plays a major role in cyber-attacks and often leads to data breaches
Fool me once, shame on you. Fool me twice, shame on me. We have all been duped at some level by devious on-line schemers. In the Cyber World, it sounds like old news. Phishing is a type of social engineering tactic where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker, then introduce malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticate
Microsoft has discovered a large-scale spear-phishing campaign being conducted by the Russian advanced persistent threat (APT) group that has led to the breach of 3,000 email accounts across 150 organizations.
A Russian-based group called Nobelium, allegedly behind the SolarWinds attack, is at it again with a sophisticated phishing campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious cyber activities.
This time, Nobeli
Threat researchers have come across two new phishing scams targeting customers of JPMorgan Chase Bank. Both attacks deployed social engineering and brand impersonation tactics to steal customers' login credentials. While one scam involved an email that appeared to contain a credit card statement, the other impersonated a locked account workflow to falsely inform victims that access to their account had been blocked following the detection of unusual login activity.
Cyber threat researchers sai
The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place. The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely. Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working
The US Department of Justice (DOJ) continues to warn that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data. In a press release issued 5 March 2021, DOJ reported it had received reports that bad cyber actors are creating fake websites that mimic sites genuinely belonging to SWAs. "The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and oth
As the 2020 tax preparation season begins in the US, the Internal Revenue Service (IRS) is warning that it is seeing more signs of cyber criminals spoofing the agency's domains and incorporating its logos and language into phishing campaigns. Authorities additionally are cautioning other fraud campaigns that spoof US government departments, with some using themes capitalizing on COVID-19 economic relief programs. A tempting lure to many.
During February 2020, the IRS published a notification t
The age-old trick of romance scams remains real and is getting worse. The number of people being targeted by fake relationship-seekers has drastically spiked during the COVID-19 pandemic. Why? People are lonely and clever criminals play on this new phenomenon. Romance scams remain the most successful fraud strategy for cybercriminals and represent a growing arena of opportunity; this according to the Federal Trade Commission. During 2020, romance schemes accounted for a record $304 million ra
According to cyber threat investigators, several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a secure hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.
Business Email Compromise or BEC attack begins with a cybercriminal hacking and spoofing emails to impersonate your company’s supervisors, CEO, or vendors. Once in, they request a seemingly legitimate business payment. The email looks authentic, seems to come from a known authority figure, so the unsuspecting employee complies. These fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the US Federal B
A cyberespionage campaign aimed at aerospace and defense sectors to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The use of job of employment ads and postings have the recent bait for unsuspecting victims.
The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involve
