Cyber threat analysts have stated that 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce. "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling r
All Articles (2633)
Cyber-attacks seem to be occurring on a daily, if not hourly, basis. On 8 June 2021, multiple websites went offline briefly throughout the world after an outage at the cloud service company Fastly, revealing how critical a handful of companies running the Internet's network have become. Dozens of sites including the New York Times, CNN, some Amazon sites, Twitch, Reddit, the Guardian, and the U.K. government's home page, could not be reached.
In Asia, the cities of Hong Kong and Singapore were
The ransomware attacks inside the US don’t seem to be easing. On 3 June 2021, at least two TV news stations were hit with ransomware and completely knocked offline with what researchers believe was a cyber-attack on their parent company – Cox Media Group.
ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told last week by managers to shut down company computers and phones.[1] "We are only able to communicate with ea
Activity Summary - Week Ending 4 June 2021:
- Analysts identified 1,420 new IP addresses participating in various Botnets
- Red Sky Alliance identified 39,711 connections from new unique IP Addresses
- Analysts observed 14 unique email accounts compromised with Keyloggers
- BazaLoader
- WastedLoader
- Kimsuky, Velvet Chollima, Black Banshee, or Thallium spreading AppleSeed Backdoor
- JBS Ransomware
- Farming Equipment Vulnerabilities
- Produce supplier denied Insurance claim with a fraudulent $1.4 Million Wire T
The world has entered a new era of cyberattacks. There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.
The forecast for any organizations seeking or renewing cyber insurance is looking grim.
- 25% average premium increase.
- Ransomware/extortion coverage limitations-lower limits and coinsurance.
- Insu
The old trick of using a Trojan horse to deceive is still in vogue and using cyber as the lure. A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords, and other information from victims. Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts t
The biggest international meat supplier is under cyber-attack. This demonstrates a new threat to global food security which has already been made fragile by the CV-19 pandemic.
JBS SA shut its North American and Australian computer networks after an organized cyber assault on 30 May on some of its servers, JBS reported via email. Without commenting on operations at its numerous plants, JBS said the incident may delay certain transactions with customers and suppliers.[1] JBS SA is a Brazilian
Microsoft has discovered a large-scale spear-phishing campaign being conducted by the Russian advanced persistent threat (APT) group that has led to the breach of 3,000 email accounts across 150 organizations.
A Russian-based group called Nobelium, allegedly behind the SolarWinds attack, is at it again with a sophisticated phishing campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious cyber activities.
This time, Nobeli
Activity Summary - Week Ending 28 May 2021:
- An Apple designer and a Russian physicist continues to be Spoofed
- Analysts identified 1,872 new IP addresses participating in various Botnets
- Red Sky Alliance identified 22,469 connections from new unique IP Addresses
- DarkSide Ransomware Variant
- Web Skimming Attacks against CMS
- Dominos India hit Hard via Cell Phones
- Cyber Activists Complaining about India’s CERT
- Irish Health Service Executive still Reeling
- SITA airline on-line services still Showing D
A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam. Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.
The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States. Panda Stealer was discovered by Trend Micro at the beginning of A
The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports. Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.
Evil Corp is allegedly run by Russian nationals Maksim Yakub
Cybersecurity threats are more prevalent than ever. As of 2020, 67% of small businesses (those with less than 1,000 employees) were targeted. More than half of all small businesses have been breached. As a small business owner, you have to be aware of the dangers lurking on the web.
Red Sky Alliance offers a suite of Intelligence Services that revolve around cyber threat analysis. Today’s post is aimed at small business owners that need a quick primer on the threats streaming into their organiza
Dr. Alireza Jolfaei is a Lecturer in the Department of Computing at Macquarie University and provides a great view of cyber security and the use of white hat hackers from an Australian perspective. “Beneath our streets and above our heads, in the power lines and the satellite links that crisscross our cities, a constant war is being waged between the forces of malicious hacking and the cyber-security defense systems that must stay one step ahead to keep society running. Targets everywhere: Aus
Red Sky Alliance continues to observe large data breaches across both the clear net on traditional forums, and on the dark web where new websites are being populated daily. Analysts recently discovered a site advertising a large data breach containing data stolen from Domino’s India.
The threat actors claim to have stolen 13TB of employee files and customer details. At this time, the data showing up in searches consists mostly of past order details for customers, but the attackers claim “paymen
In the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant. Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction. The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emerg
Iranian hackers have reportedly hit multiple Israeli companies with ransomware, in a new campaign of attacks. A group describing itself as 'N3tw0rm' (Networm) recently added the logo of H&M Israel to their naming and shaming website, just three days after another local firm, Veritas Logistics, was hit.
It is suspected that Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard," or ENP, to target over a dozen organiza
A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.
On 29 April 2021, the Institute for Security and Technology's Ransomware Task Force published the framework, which features 48 proposals. It calls for a coordinated, international diplomatic and law enforcement effort to combat t
Activity Summary - Week Ending 21 May 2021:
- Analysts identified 1,828 new IP addresses participating in various Botnets
- Red Sky Alliance identified 28,925 connections from new unique IP Addresses
- Our collection show 21 unique email accounts compromised with Keyloggers
- FiveHands Ransomware
- Panda Stealer
- Waikato (NZ) District Health Boar – Hit
- AXA Partners in Asia – attacked by the Avaddon Group
- Ireland Hospital Hacking
- Glasgow (Scotland) Caledonian University – IT shut Down
- Additional DarkSide T
Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry by a Russian criminal group known as DarkSide. DarkSide was identified in the ransomware attack that shut down the US-Georgia-based Colonial Pipeline, which immediately created fuel shortages to cars, trucks, and the airline industry. The ransom of $5 million USD was eventually paid to get the pipeline back i
From Krebs On Security, 17 May 2021.[1] Our analysts think this is important information and wish to share with our Red Sky Alliance members. In a Twitter discussion last week on ransomware attacks, Krebs On Security noted[2] that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukr