phishing (113)

10053400461?profile=RESIZE_400xActivity Summary - Week Ending on 28 January 2022:

  • Red Sky Alliance identified 21,120 connections from new IP’s checking in with our Sinkholes
  • Intern LLC in Moscow hit
  • Analysts identified 5,665 new IP addresses participating in various Botnets
  • AvosLocker Ransomware
  • Wormable Windows Vulnerability
  • Nmap
  • Belarus Trains hit
  • Canada mad at Russia
  • QR Code Confusion
  • 22% Gone Phishing
  • Vessel Impersonation

 

Link to full report: IR-22-028-001_weekly028.pdf

10046387086?profile=RESIZE_400xRed Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc

10001741452?profile=RESIZE_400xConsidering the sensitive information it holds, it is no wonder that the financial services industry continues to be one of the most targeted critical infrastructure sectors by current cyber-criminals.  Recent societal and technological changes during 2021 have made matters worse.

The ongoing COVID-19 pandemic has created a ripe target field for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening

9768200270?profile=RESIZE_400xCybersecurity researchers are warning about a rise in cyber criminals going after mobile devices as a means of gaining entry to networks.  There has been a surge in mobile phishing attacks targeting the energy sector as cyber attackers attempt to break into networks used to provide services including electricity and gas.

The energy industry is highly critical, providing people with vital services required for everyday use.  That role makes it a prime target for cyber criminals.  That risk was de

9613836687?profile=RESIZE_400xLast week Microsoft Security issued a detailed report on a massive phishing-as-a-service operation named BulletProofLink that offered as a subscription and all the tools needed to conduct a campaign.  The phishing-as-a-service, or PHaaS, model differs from the phishing kits that many gangs have used in that it is more expansive and handles many of the small details that could befuddle a less tech-savvy attacker.

"It's worth noting that some PhaaS groups may offer the whole deal - from template c

Measuring the health of your security awareness program can be tricky. There are many methods you can use to measure the effectiveness of your program and there are virtually infinite metrics you can pull out and interpret in different ways. Let’s explore 3 method / metric combinations that can set a benchmark for your program’s health and increase the confidence your company has in its effectiveness.

9428788269?profile=RESIZE_400xSome things seem to come full circle.  Morse Code was invented in the 1800’s by Samuel Morse when he worked with an electrical telegraph system sending pulses of electric current and an electromagnet.  His code used the pulse and breaks between them to transmit information.  Popular with amateur radio operators, this code is no longer required if you want to get a pilots or air traffic controller license, though these individuals often have a basic understanding of the code. Morse code is a meth

9318796279?profile=RESIZE_400xRed Sky Alliance has been monitoring a global phishing campaign which leverages the Ex-Robotos phishing kit to gain access to usernames and passwords of targeted victims. This specific attacker generally targets engineering organizations but has been seen targeting other industries as well. They have been sending out emails since May of 2021, though the tool has been publicly available for purchase since 1 July 20191. Phishing plays a major role in cyber-attacks and often leads to data breaches

9258267700?profile=RESIZE_400xFool me once, shame on you.  Fool me twice, shame on me.  We have all been duped at some level by devious on-line schemers.  In the Cyber World, it sounds like old news.  Phishing is a type of social engineering tactic where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker, then introduce malicious software on the victim's infrastructure like ransomware.  Phishing attacks have become increasingly sophisticate

9021995884?profile=RESIZE_400xMicrosoft has discovered a large-scale spear-phishing campaign being conducted by the Russian advanced persistent threat (APT) group that has led to the breach of 3,000 email accounts across 150 organizations.

A Russian-based group called Nobelium, allegedly behind the SolarWinds attack, is at it again with a sophisticated phishing campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious cyber activities.

This time, Nobeli

8895965100?profile=RESIZE_400xThreat researchers have come across two new phishing scams targeting customers of JPMorgan Chase Bank.  Both attacks deployed social engineering and brand impersonation tactics to steal customers' login credentials.  While one scam involved an email that appeared to contain a credit card statement, the other impersonated a locked account workflow to falsely inform victims that access to their account had been blocked following the detection of unusual login activity.

Cyber threat researchers sai

8793749096?profile=RESIZE_400xThe COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place.  The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely.  Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working

8685179675?profile=RESIZE_400xThe US Department of Justice (DOJ) continues to warn that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data.  In a press release issued 5 March 2021, DOJ reported it had received reports that bad cyber actors are creating fake websites that mimic sites genuinely belonging to SWAs.  "The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and oth

8640804469?profile=RESIZE_400xAs the 2020 tax preparation season begins in the US, the Internal Revenue Service (IRS) is warning that it is seeing more signs of cyber criminals spoofing the agency's domains and incorporating its logos and language into phishing campaigns.  Authorities additionally are cautioning other fraud campaigns that spoof US government departments, with some using themes capitalizing on COVID-19 economic relief programs.  A tempting lure to many.

During February 2020, the IRS published a notification t

8592620480?profile=RESIZE_400xThe age-old trick of romance scams remains real and is getting worse.  The number of people being targeted by fake relationship-seekers has drastically spiked during the COVID-19 pandemic.  Why? People are lonely and clever criminals play on this new phenomenon.  Romance scams remain the most successful fraud strategy for cybercriminals and represent a growing arena of opportunity; this according to the Federal Trade Commission. During 2020, romance schemes accounted for a record $304 million ra

8507400489?profile=RESIZE_400xAccording to cyber threat investigators, several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a secure hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.

8267325297?profile=RESIZE_400xBusiness Email Compromise or BEC attack begins with a cybercriminal hacking and spoofing emails to impersonate your company’s supervisors, CEO, or vendors.  Once in, they request a seemingly legitimate business payment. The email looks authentic, seems to come from a known authority figure, so the unsuspecting employee complies.  These fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the US Federal B

8157700677?profile=RESIZE_400xA cyberespionage campaign aimed at aerospace and defense sectors to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.  The use of job of employment ads and postings have the recent bait for unsuspecting victims.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involve

8128171082?profile=RESIZE_400xAccount takeover seeks to infiltrate an existing account and use them for the criminal’s benefit.  Cyber threat actors will target any firm from any market segment, so there is no pattern to follow.  Once the criminal accesses the account, they may make unauthorized purchases and cash advances; they may also change account information so that the real owner does not receive notifications from the account.

According to a recent report, account takeover has tripled over a year-to-year comparison,

8120562100?profile=RESIZE_400xThey say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most securi