There is a Russian saying that rings true in protecting entities against cyber threats, “I am not concerned about all of the wolves in Siberia, I am only concerned about the wolves that are now chasing my sleigh.” The world is full of cyber threats, hackers and state sponsored cyber terrorists who are targeting governments, businesses, and organizations. The way Red Sky Alliance can help the maritime industry and its supply chain is to focus on the cyber threats directly targeting a specific o
All Articles (2240)
Sort by
2020, a year that will be remembered for many reasons. Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands. Then there was the next economic collapse and subsequent worldwide insurrection. For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes
Activity Summary - Week Ending 19 June 2020:
- Red Sky Alliance identified 69,939 connections from new unique IP addresses
- Analysts identified 4,135 new IP addresses participating in various Botnets
- Wabot leads the ‘Hits’ for Malware
- Advertising Droppers and the Google Store
- Higaisa APT
- T-Mobile gets hit with a DDoS attack, that is…according to Anonymous
- Oil Prices slow a Bit and the Corona Pandemic is still Active
- ReconAfrica and Botswana
- BP Shares falling
- Pakistan investigating Black Marketing
One unhappy employee can ruin your day, your reputation, and cost millions of dollars in losses. Government agencies, companies and organizations of any size are all at risk. Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests. According to the Securonix 2020 Insider Threat Report, published in May 2020, "flight risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a jo
Maze Ransomware hackers, previously known in the hacker community as “ChaCha Ransomware,” was discovered on 29 May 2020 by Jerome Segura, a malware intelligence officer. The main goal of ransomware is to encrypt all files in an infected system and subsequently demand a ransom to recover the files. The threat actor who took credit for compromising an insurance giant , seems to continue its attacking spree with full intensity. It is currently targeting the aerospace sector, specifically mainten
Like any profitable business model, ransomware gangs continue to innovate and increase their business. Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.
Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf
Activity Summary - Week Ending 12 June 2020:
- Red Sky Alliance identified 53,951 Connections from new unique IP Addresses
- Analysts observed 25 unique email accounts compromised with Keyloggers
- 3,997 new IP addresses were observed participating in various Botnets
- Bradford British Telecommunications - Compromised (C2) IP: 147.147.220.86
- Octopus Scanner Spreads on GitHub
- Telnetd.IAC.Buffer.Overflow
- Industrial Enterprises are being Targeted
- Saudi Arabia leading OPEC in oil production cuts, or Maybe
Cyber-criminal and using the Corona Virus pandemic to spread the TrickBot malware. These underhanded hackers are sending fake emails designed to look like notifications from the US Department of Labor concerning changes to the Family and Medical Leave Act (FMLA), which can provide up to 12 weeks of unpaid leave for employees who are ill or need to care for someone with a serious medical condition. Benefits from FMLA increased in March 2020 when US President Trump signed the Families First Coro
As cyberattacks rise, so does the call by business leaders and shareholders to be ready to respond to a cyber incident. Cyber insurance and a solid Incident Response plan are two critical components to make your company resilient.
Cyber attorney Shawn Tuma says one of these things is likely to influence the other, which surprises many organizations and may surprise you. Tuma is Co-Chair of the Data Privacy and Cybersecurity Practice at law firm Spencer Fane, www.spencerfane.com.
Tuma explains
Activity Summary - Week Ending 5 June 2020:
- Red Sky Alliance observed 15 unique email accounts compromised with Keyloggers
- Analysts identified 4,332 new IP addresses participating in various Botnets
- Red Sky Alliance collections identified 62,899 connections from new unique IP addresses
- Zload Variant at it Again
- SaltStack
- Octopus Scanner and the vulnerable Supply Chain
- Anonymous – “They’re Back”
- Floating Storage has soared to a New High
- OPEC Oil Output hits the lowest levels in 20 Years
- Rosneft
By Mac McKee – Red Sky Alliance (photo by protonmail)
There is a common misconception among small and midsize businesses (SMBs) that hackers target only large organizations. Unfortunately, this belief is completely inaccurate. According to the most recent Verizon Data Breach Investigations Report, more than 70 percent of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give h
Activity Summary - Week Ending 29 May 2020:
- Red Sky Alliance identified 28,772 connections from new unique IP Addresses
- Korean pop singer Kim Hyun-jung being spoofed and it Keylogged
- Analysts identified 6,449 new IP addresses participating in various Botnets
- Anonymous Mexico seen in the Top 5 Threat Actors
- Vendetta Group working in Europe
- Hackers still using the COVID-19 pandemic to spread Malware
- Oil and Gas making a skittish ‘Come Back’
- Russia directly helping the Libyan National Army, Turkey
When my grandfather wanted to make a point, he would make it into a story to hold my attention. Here is a tale for you. Imagine that you recently acquired a nice inheritance from your favorite Aunt Nellie. A great home out in the country is brought to your attention and up for sale, so you decide to buy it. Ah, life is good. As you start getting comfortable in your new house, you decide to bring your priceless art collection, that Aunt Nellie willed to you, to show off your collection of w
Activity Summary - Week Ending 22 May 2020:
- Red Sky Alliance observed 68 unique email accounts compromised with Keyloggers
- Analysts identified 53,148 connections from new unique IP addresses
- MinaOTP and Lazarus
- EVILNUM
- OPEC+ Cuts appear to be Working
- Angola’s Oil Production comes to a Halt
- More Nord Stream 2 legal action in Europe
- Oil Prices continue an Up-hill, See-Saw Climb
- Iran sending Crude Oil to Venezuela, both defying Sanctions
- The Oil Rich South China Sea still in Dispute
- Greta wins a W
Activity Summary - Week Ending 15 May 2020:
- Red Sky Alliance identified 74,978 connections from new unique IP addresses
- Analysts identified 7,927 new IP addresses participating in various Botnets
- Stay away from: ohlordiwantyoutohelpme@gmail.com
- LeetHozer Botnet
- Aggah and new multiple RATs
- Beware of: ThunderSpy
- Olso’s Aker Solutions on a RedXray dashboard - 5876 Breach Data hits for Aker Solutions
- Interactive Brokers didn’t recognize negative Numbers
- Neptune and Egypt OBN
- Qatar Petroleum buying
There is a vigorous debate among geopolitical and military scholars if, and when China will invade Taiwan. At the beginning of the Corona Virus pandemic, many believed that the timing could be ripe for China to militarily invade the island nation of Taiwan. This a long sought-after prize to “reunite China.”
Link to full Report: TR-20-134-001_China Taiwan hotwarFINAL.pdf
A US federal executive order was issued on 1 May 2020 which proposes to “monitor and replace” any US power grid equipment made by its foreign adversaries. Security professional said it would mainly affect Chinese-made products like electrical transformers. The US Department of Energy (DOE) stated under the current US procurement rules, contracts are awarded to the lowest bidder when it comes to bulk power system procurement. That creates a "vulnerability that can be exploited by those with ma
From our friends at Be Cyber Aware at Sea: COVID-19 continues to dominate the headlines, changing lives worldwide and having a widespread impact upon the maritime and offshore industry, both in terms of the virus and the economic landscape thereafter. We hope that you are all staying safe and well amid the pandemic, wherever you are. This month we have a mix of news: on the one hand there was another confirmed cyber attack, this time on the MSC, a reminder that online threats are ever present. Ho
Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated
Activity Summary - Week Ending 8 May 2020:
- Red Sky Alliance identified 6,214 new IP addresses participating in various Botnets
- Analysts identified 60,201 connections from new unique IP addresses
- Thailand’s Tongue Fun Fruits, still Keylogged
- The Nazar Exploit
- Gamaredon COVID-19 lures
- ProLock Ransomware
- Oil prices, “Going up?”
- Delek Group selling assets
- Iraq, Russia, China, and Oil
- The Permian Basin is split on Oil cuts
- APT32 concerned about COVID-19, eyeballing China
- Emma Thompson and XR
Link t
