Watching the cyber threat evolve over the last few decades has made it clear to many researchers and cyber analysts: we are all targets. As individuals we need to do what we can to minimize the threats to our personal information. Corporate leaders should do what they can to educate employees on these personal threats. We need to do this for two main reasons: 1.) Because you care about yourself and family and for your employees and want to make them cyber-aware, and 2) Because bad guys target
All Articles (2240)
Sort by
Activity Summary - Week Ending 24 July 2020:
- Red Sky Alliance observed 35 unique email accounts compromised with Keyloggers
- Analysts identified 4,056 new IP addresses participating in various Botnets
- Collections identified 47,553 connections from new unique IP addresses
- Call of Duty remains a favorite lure for Malware
- Conti 32 Core Ransomware
- CracxStealer
- ‘servicedesk.com’ Phishing Attack
- Tunisian protesters stormed a crude production site
- US is ratcheting up efforts to disrupt the completion o
Red Sky Alliance provides weekly Vessel Impersonation reports, Top 5 Maritime Indicators of Compromise (IOCs) and a Maritime Watchlist. These reports support current facts provided by Naval Dome’s Boston-based North American operations[1] that cyberattacks are directly targeting maritime industry’s operational technology (OT) systems.
These attacks have increased by 900 percent over the last three years with the number of reported incidents set to reach record volumes by the end of 2020. Addr
The United States, Federal Bureau of Investigation (FBI) has issued a warning to air travelers to be suspicious of bogus US airport websites and WiFi networks when booking flights online. FBI analysts are aware of the recent creation of a number of websites trick users into thinking the sites are real. These spoofed domains, which grow increasingly sophisticated as cyber-criminals hone their skills for mimicry, posed a real threat for travelers, airports, and the aviation industry as a whole.
It is estimated the over five billion unique user credentials are circulating on Darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks. Researchers discovered that more than 15 billion user credentials are in circulation, of which 5 billion username and password combinations do not have repeated credential pairs and have been advertised on underground forums only once, according to the recently issued report.[1]
Wells Fargo, the fourth-largest bank in the US, has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The bank's move to ban the app on corporate devices comes on the heels of Amazon, sending very mixed signals to its employees about whether they should remove TikTok from their company-issued devices.
Amazon said in a memo asking employees to remove the app was initially sent in error, an Amazon spokesperson told media sources.
Activity Summary - Week Ending 17 July 2020:
- Red Sky Alliance identified 57,886 connections from new unique IP addresses
- Analysts identified 3,052 new IP addresses participating in various Botnets
- Buffalo Vastitude is Compromised
- ShinyHunters is on the Top 5 Threat Actor List
- Thanos Ransomware
- OT Ransomware Ekans
- Outlaw Botnet
- Oil Prices remain around the low $40 a barrel
- Oil Merchant Tanker hiding in Iran waters
- UK cuts ties with Huawei, China not Happy
- Libya’s eastern government asking Egypt
A new strain of ransomware has arisen in Canada, targeting Android users, and locking up personal photos and videos. Named CryCryptor by cyber threat investigators, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada. It is propagating via two different bogus websites that pretend to be official. According to ESET researchers, one called tracershield[dot]ca. Like other ransomware families, it encrypts targeted files. But, instead of sim
On June 23, 2020, the US Federal Bureau of Investigation sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, especially about ransomware gangs that abuse remote desktop connections to break into school systems.
The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic targe
Ransomware-as-a-Service (RaaS) is increasing around the world due to the ease of use, and the increasing success that attackers are having in their cyber-attacks. Recently, researchers have observed an increase in the use of a specific piece of malware known as Thanos ransomware. This malware is unique in that it is the first to advertise the use of the RIPlace tactic. This tactic allows attackers to evade detection by altering files without being detected by common Anti-Virus engines such as
Activity Summary - Week Ending 10 July 2020:
- Analysts identified 2,818 new IP addresses participating in various Botnets
- Red Sky Alliance identified 47,423 connections from new unique IP addresses
- Furkan Dedeoglu is keylogged on various Email Accounts
- 37.191.52 – Secaucus Interserver Inc. is a Compromised C2
- The Transportation Supply Chain being hit as WTH continues
- Apple has Failed Gasoline Traders
- Oil Prices Stall
- A floating production storage and offloading ship was attacked off Nigeria; 9 c
The electric grid is so important to any country’s national security and thus the high importance of keeping the electricity flowing. Even an outage of only a few minutes can wreak havoc on any residence or business. Cyber attackers responsible for distributing LookBack malware are targeting US utility providers with a new threat called “FlowCloud.” The FlowCloud modular remote-access trojan (RAT) has similarities and connections to the LookBack malware. The LookBack at its core is a remote
I have written about Phishing before and I will continue to warn friends and colleagues about phishing and their tactics. Phishing is the start of almost all serious cyber breaches. In early 2020, cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaign is launched every 20 seconds. Twenty seconds equates to three additional phishing sites designed to target users in every minute. However, this number no longer applies during COVID-19 times.
Ransomware is unfortunately is the new normal for businesses of all segments and sizes and this malware is multiplying quickly. More than two-dozen US organizations were attacked in recent days by a known threat group attempting to deploy a dangerous new strain of ransomware called WastedLocker.
Had the attacks succeeded, they could have resulted in millions of dollars in damages to the organizations and potentially had a major impact on supply chains in the US, Symantec said in a report on 26
Our friends and colleagues at Dryad Global assess that the floating and processing ship FPSO SENDJE BERGE has been attacked by unknown armed men off the coast of Nigeria at the Okwori Terminal. Further reports indicate that up to 11 personnel may have been kidnapped from the vessel.
This attack is distinctive regarding offshore vessel incidents within West Africa. Both the manner of attack and target are beyond the usual targeting and attack methodology of pirate action groups within Nigeria.
Activity Summary - Week Ending 2 July 2020:
- Analysts identified 3,351 new IP addresses participating in various Botnets
- Red Sky Alliance identified 54,358 connections from new unique IP addresses
- Insider Threats still #1
- Fileless Attacks
- SixLittleMonkeys has an API
- Lucifer Malware
- Corona’s making a comeback, Oil Prices still in Flux
- Iran looking to avoid the Strait of Hormuz Oil Shipping Route
- Russia using Anti-Drone technology to protect Oil Fields
- The US is opening the Arctic for Oil Explorat
Many auto dealerships are strongly promoting the safety of customers and employees. This in the wake of the COVID-19 pandemic. That is why the many international dealerships are taking safety protocols seriously. Shields are up in the reception area, employees are wearing face coverings and social distancing, and disposable seat, wheel and shifter covers have been placed in all vehicles. In addition, many are establishing vigorous test drive cleaning protocol and hourly and nightly cleaning
There will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals. The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers. While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers. The loss of just a few thou
All organizations should consider working with a cyber threat intelligence firm to send test “Phishing” emails to random employees on a regular basis. This will test employee vulnerabilities to provide subsequent remediation plans. Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms or having confidential data exposed or auctioned to the highest bidder.
Researchers at two security firms are tracking separate phishing camp
Activity Summary - Week Ending 26 June 2020:
- Analysts identified 3,945 new IP addresses participating in various Botnets
- Red Sky Alliance identified 55,969 connections from new unique IP addresses
- Pegasus malware is Back on the Scene
- Octopus Scanner keeps Spreads on GitHub
- SNAKE Ransomware
- LODEINFO malware visits Japan
- Oil Prices keep inching Upward
- North Sea Oil Shutdowns and Arctic Openings
- Malaysian energy giant Petronas
- Australia blaming China in past and recent Cyber Attacks
Link to full
