X-Industry

Activity Summary - Week Ending 5 March 2021:

• Fair Deal Furniture in Mombasa Kenya still is Keylogged
• Red Sky Alliance identified 35,371 connections from new unique IP Addresses
• Analysts identified 3,001 new IP addresses participating in various Botnets
• SIM Swapping – easier than a Malware Attack
• Silver Sparrow flying around inside Apple
• Javali Banking Trojan
• PlugX and RedEcho
• A Kia Hit
• Oh Canada – Bombidier, GlobalEye and Enterprise Oh !!
• Don’t get Stung by Lithuanian CityBee
• The Darkside Hacke

Recent reporting by CrowdStrike indicates that two productive cybercrime threat groups, Carbon Spider (CS) and Sprite Spider (SS) are spreading hate and discontent against VMware’s ESXi.

ESXi is a Type-1 hypervisor (also known as a “bare-metal” hypervisor) developed by VMware.  A hypervisor is software that runs and manages virtual machines (VMs).  In contrast to Type-2 hypervisors that run on a conventional host operating system, a Type-1 hypervisor runs directly on a dedicated host’s hardware.

Back in the 1960’s my Dad had an insurance salesman who was a real boring guy.  No expression, just sold insurance; to which so many didn’t even want to discuss anyway.  Those days are long gone.  Now everything is so impersonal – just like the boring insurance salesman (maybe he knew something we did not).  So, when you get an on-line solicitation for a free insurance quote, many jump at the chance of NOT having to talk to a boring insurance salesperson.  Hackers are targeting vulnerabilities i

Macs and viruses are not all that common, but the one that was recently discovered by researchers is even less so. Security researcher Red Canary has published information about a new “activity cluster” that has infected 29,139 Macs across more than 150 countries but is missing one key ingredient: a reason to be.

In the report, Red Canary and Malwarebytes outline a new strain of macOS malware called Silver Sparrow that affects both Intel and Apple silicon processors. The companies have determine

While in existence prior to 2016, ransomware gained notoriety that year targeting the global healthcare industry, and in several instances, successfully extorting ransoms from victims. Since then, ransomware has turned out to be more than just a nuisance crime, with ransomware operators adjusting targeting strategies, malware deployment, and diversifying how they executed their campaigns to maintain success rates. Over the past few years, ransomware operators have shifted tactics, moving from wi

One can say, “Do we really care what happens in Lithuania?”  Well, with the World that is shrinking Day by Day; we all need to watch every inch of the Cyber-Globe for malicious cyber trends and triggers.  According to the hacker behind the CityBee breach, the black hats found the backup database of CityBee and exposed it on the Internet for all to see and use.  CityBee is a leading Lithuania-based car-sharing platform who suffered a data breach in which personal data, including customer login cr

Activity Summary - Week Ending 26 February 2021:

• 600+ US healthcare data breaches in 2020
• Red Sky Alliance identified 35,139 connections from new unique IP addresses
• Analysts identified 2,378 new IP addresses participating in various Botnets
• Bazar Trojan Variant
• Malware Lingerie for 2021Valentine’s Day !!
• Silver Sparrow; aren’t Sparrows Brown?
• Pfizer, COVID Vaccine and Hacking
• LEON and Nocona Hospitals hit
• eHealth in Canada – Ryuk Ransomware
• France to invest 1 billion euros in Cyber Security –

The age-old trick of romance scams remains real and is getting worse.  The number of people being targeted by fake relationship-seekers has drastically spiked during the COVID-19 pandemic.  Why? People are lonely and clever criminals play on this new phenomenon.  Romance scams remain the most successful fraud strategy for cybercriminals and represent a growing arena of opportunity; this according to the Federal Trade Commission. During 2020, romance schemes accounted for a record $304 million ra

For over a year and a half, Red Sky Alliance has provided Dryad Global with weekly Vessel Impersonation Reports and Maritime Watch Lists to help the maritime community better protect against cyber intrusions.  Our friends at Dryad Global have issued their Annual Report for 2020/2021, which highlights various maritime hotspots around the globe. 

This is the link for the Annual Report: Dryad Global: Annual Report 2021

Cybercriminal gangs operating darknet stolen payment card marketplaces are scrambling to attract customers from the now-closed Joker's Stash card market, according to representatives from the security firms Kela and Flashpoint.  The administrator behind Joker's Stash claims to have officially shut down the operation in February 2021. Meanwhile, other criminal gangs offering stolen payment cards for sale have stepped up their promotional

Among the darknet marketplaces vying to pick up former Joke

With cyber-attacks ramping up and up since the international pandemic, the need for proper cyber protection and cyber insurance coverage is taking on a new meaning, as well as many other business risk factors.[1]  With all the current business concerns in an ever-changing US administration priorities, the corporate risks and vulnerabilities are closely coupled with cyber security matters.  As an example, fossil fuel-energy companies and drug developers are among the most common issuers updating

Just how much US land does China own?  Excerpts by Libertas Bella (edited).

American-US prosperity has largely been built on a dual foundation: cheap land or expensive labor.  Until the US Immigration Act of 1965, Ronald Reagan’s Amnesty of 1986 and North American Free Trade Association (NAFTA) opened up the floodgates of immigration (both legal and illegal) this formula basically held firm.  When there was not enough labor, employers had to pay more rather than simply importing massive amounts

Activity Summary - Week Ending 19 February 2021:

• VW Jetta Headlights VACAR-CN
• Cheyenne Cloud Shards & C2 Compromise
• Red Sky Alliance identified 37,941 connections from new unique IP addresses
• Analysts identified 2,217 new IP addresses participating in various Botnets
• Bazar/Team9 and MS
• TX Wind Power Turbines Freeze
• France and the Sandworm Group
• Norway Oil worker’s Strike Averted
• Major Oil find offshore in South Africa, Looks to Govt for Approval

Link to full article:  IR-21-050-001_Energy_050F

No one needs reminding that ransomware has reached incredible proportions; one widely reported statistic from Purplesec suggests that $20 billion was paid out in 2020. That's almost double its $11.5 billion estimate from 2019, with a commensurately huge increase in the number of attacks, while BitDefender suggested a 715% increase in the first half of the year.

The "crews" have multiplied, adopted tactics that are reminiscent of nation-state attacks, and developed partnerships and relationships

A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day.  Jones Day is an international law firm based in the US.  As of 2018, it was the fifth largest law firm in the US and the 13th highest grossing law firm in the world.  Jones Day has represented former US president Donald Trump, including his inquiries into the 2020 voting irregularities. 

The cybercriminals behind the ransomware operation known as Clop (Cl0p) have been known to encry

Global Cybercrime Market Revenue Surged to $1.7 Billion in 2020, Chainalysis reports.  Underground markets continue to thrive despite being regularly targeted by international law enforcement agencies and site administrators often steal buyers' and sellers' cryptocurrency via "exit scams" and users get ripped off.

Darknet markets persist because users are willing to risk losing funds, risk arrest and will keep their loses quiet if scammed.  Yet, for anyone who wants to buy or sell ‘illegal’ good

Back in the 1960’s, our educational systems began teaching a concept called, Phonics.  Phonics is a method for teaching people how to read and write an alphabetic language. It is done by demonstrating the relationship between the sounds of the spoken language, and the letters or groups of letters or syllables of the written language.  Enter FonixCrypter, not the mobile app but the criminal hacking gang - which is far from the innocent way of teaching language. 

It is being reported that the Foni

Activity Summary - Week Ending 12 February 2021:

• Red Sky Alliance observed only 75 unique email accounts compromised with Keyloggers
• Analysts identified 36,685 connections from new unique IP addresses
• 1,794 new IP addresses were collected participating in various Botnets
• Hello Kitty Malware Pussy-Footing Around Projekt RED
• Groundhog Botnet in the Cloud
• Danabot Going Wild
• Banking and Financial services in the hacker’s Cross-hairs
• Pii data of millions of people in Brazil in the Underground
• PayPal

With a single update, a popular barcode scanner app on Google Play transformed into malware and was able to hijack up to 10 million devices.  Until recently, Barcode Scanner was a straightforward application that provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. The app, which has been around since at least 2017, is owned by developer Lavabird Ldt., and claims to have over 10 million downloads

Lavabird Ltd.'s Barcod

In a continuation of malicious activity observed over the last two weeks, analysts are still seeing attackers impersonating Mediterranean Shipping Company (MSC) in a campaign to spread Dridex malware.  The attackers seem to be using the same tactic to target numerous companies across the globe targeting multiple different industries.

Analysts have observed numerous malicious emails beginning in late January, in which senders are impersonating Mediterranean Shipping Company (MSC) employees and t