All Articles (2531)

Sort by

8539955457?profile=RESIZE_400xIn 1972, Alice Cooper sang a popular song: “School’s Out.”  In 2020, school has literally been 'OUT for Covid.'  The global pandemic has shut down many, many global school systems.  This created a system of teaching virtually using a variety of on-line platforms.   That turned the heads of black hat hackers to successively focus on attacking school systems, teachers, parents and students.  Recently, there has been a significant increase in ransomware cyber-attacks on virtual classrooms.  The Cor

8533133253?profile=RESIZE_400xCybersecurity researchers disclosed in February 2020, a new supply chain attack targeting online gamers by compromising the update mechanism of NoxPlayer, a free Android emulator for PCs and Macs.  Named "Operation NightScout" by Slovak cybersecurity firm ESET, the highly-targeted surveillance campaign involved distributing three different malware families via tailored malicious updates to selected victims based in Taiwan, Hong Kong, and Sri Lanka.

NoxPlayer, developed by Hong Kong-based BigNox,

8533132083?profile=RESIZE_400xA recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. Named LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users. Since December 2020, it penetrated over 10 Demand Side Platforms (DSP), primarily Europe-based, with observed campaigns impacting users in the U.S. and Canada. 

According to security vendor Media Trust, the malware checks for a global variable ‘

8532841253?profile=RESIZE_400xA report published today by blockchain investigations firm Chainalysis confirms that cybercrime groups engaging in ransomware attacks don't operate in their own bubbles but often switch ransomware suppliers (RaaS services) in a search for better profits. The report analyzed how Bitcoin funds were transferred from victims to criminal groups, and how the money was divided among different parties involved in the ransomware attack, and how it was eventually laundered.

In today’s world, the ransomwar

8522620286?profile=RESIZE_400xActivity Summary - Week Ending 5 February 2021:

  • Red Sky Alliance identified 34,976 connections from new unique IP addresses
  • Greek Bank, Alpha Bank Group has an Attack Server (C2) Compromise
  • DigitalOcean has a Compromised (C2) IP
  • Analysts identified 2,089 new IP addresses participating in various Botnets
  • PowerShell Dropping REvil
  • Ursnif/Gozi using INPS as Bait
  • How the World Ends
  • US – Russia Cyber Strategy
  • Rocket Chat (Al Qaeda) urging Cyber Terrorism
  • Operation Lady-Bird
  • Electric Grids – Still a

8519980697?profile=RESIZE_400xYou have been asked to be a local celebrity at the summer church fund raiser.  This honor involves sitting on a perch in a Dunk Tank.  All goes well, until after the first plunge into the cold water, you realize that you forgot to take your phone off your hip.  Panic sets in.  This is the phone you use for both work and home.  Oh no – now what?   Plunging into a dunk tank may not be in your near future, but dropping your phone in the toilet, pool or local pond is a distinct reality.  Smart phone

8511885296?profile=RESIZE_400xA Russian-speaking "Scam-as-a-Service" (SaaS) operation called, "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.  This “SaaS” is adding to the long list of hacker services for anyone to buy with some spare Bitcoin.

The fraud actors are posting fake online classified advertisements for products to trick interested buyers into visiting phishing pages, where t

8511879887?profile=RESIZE_400xA suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest.  The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera, believed to be operating in the interests of the Chinese state.  Researchers say the group has remained undetected in a network for up to three years. Initial reports mentioned a series

8511759501?profile=RESIZE_400xLooks like the electric car is here to stay, especially in the US.  The vast spending power of the US federal government is unmatched and so when it decides to do something, it can move markets and shape the economy. 

The best, and by far biggest, example of this was the decision in 1961 to send a man to the moon by the end of the 1960s; the resulting flood of spending spawned waves of innovation and technological breakthroughs.  It literally rocketed America’s post-World War II economy into the

8508398465?profile=RESIZE_400xIn late January, a new botnet campaign was discovered targeting unpatched software running on Linux devices with recent code execution CVEs.  Once a device is compromised, the bot downloads and executes a malicious Python script that joins the compromised device to the botnet.  The botnet is controlled by attackers using Internet Relay Chat (IRC) and enables the attackers to perform DDoS attacks and run crypto miner software on infected devices.  Updates are available to patch all CVEs exploited

8507400489?profile=RESIZE_400xAccording to cyber threat investigators, several Magecart groups hide their JavaScript skimmers, phishing domains and other malicious tools behind a secure hosting service called Media Land, according to a report from security firm RiskIQ. During their investigation, the researchers found that thousands of domains used for JavaScript skimmers, phishing domains and other malicious infrastructure have been registered with Media Land since 2018 using at least two email addresses and other aliases.

8507233896?profile=RESIZE_400xA recently discovered Mobile Remote Access Trojan (MRAT) can take control of the infected Android devices and exfiltrate a multitude of user data.  Called Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for several years.

Triangulum first shared a mobile RAT on a dark web forum in June 2017.  The threat was capable of data exfiltration, but could also destroy data locally, and even e

8506959690?profile=RESIZE_400xRed Sky Alliance has previously reported on the many cyber perils within critical infrastructure and key resource sectors.  Our worldwide electric grids remain on the top of government concerns.  The New Yorker recently published a very thought-provoking and sobering piece on the same subject(s).  We would like to share with our members.

In the nightmare, sirens caterwaul as ambulances career down ice-slicked, car-crashed streets whose traffic lights flash all three colors at once (they’ve been

8503496288?profile=RESIZE_400xLast week, US and Bulgarian law enforcement seized the underground site used by the NetWalker ransomware cybercriminal group that was used to post stolen data from victims.  Additionally, a Canadian national is a person of interest who allegedly extorted more than $27 million through the spreading of NetWalker and was indicted in Florida, US.

NetWalker is a ransomware-as-a-service (Raas) crimeware product in which affiliates rent access to the continuously updated malware code in exchange for a

8503407452?profile=RESIZE_400xThe ongoing controversies surrounding TikTok hit a new gear on 14 January 2021 with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.  According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out.

TikTok, based in Beijing, China, h

8503390454?profile=RESIZE_400xA German-led police operation has taken down the "world's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors stated on 12 January 2021.  At the time of its closure, DarkMarket had nearly 500,000 users and more than 2,400 vendors worldwide, as the coronavirus pandemic leads much of the street trade in narcotics to go online.  DarkMarket was an English-speaking internet cybercrime forum created b

8493720681?profile=RESIZE_400xSANS has long been a leader in cyber and has recently published a research paper on Ransomware Prevention.  2020 saw ransomware attacks sky-rocket.  Below is a brief introduction and link to the full report.  "Ransomware is a fast-growing threat affecting organizations of all sizes and industries.  Quick spreading and highly interruptive, ransomware damage ranges from profoundly impacting a business’s finances to threatening proper healthcare by disabling access to critical data needed for medic

8493658653?profile=RESIZE_400xActivity Summary - Week Ending 29 January 2021:

  • Red Sky Alliance observed 62 unique email accounts compromised with Keyloggers
  • Analysts identified 39,701 connections from new unique IP addresses
  • British Telecommunications has Compromised C2 Servers
  • Researchers identified 1,619 new IP addresses participating in various Botnets
  • Hancitor Malware
  • OSAMiner & Crypto-miner Campaigns
  • Zyxel Firewalls the Backdoor is Open
  • Mimecast Compromised
  • Malwarebytes Caught in the Wind, SolarWinds
  • Dell/SonicWall hit

8490804099?profile=RESIZE_400xCybercriminals will often use brute-force attacks, phishing emails, and existing data dumps to break into corporate networks but there is one area that is often ignored to a company's detriment: ghost accounts.  It is not always the case that when a staff member leaves their employ, whether due to a new job offer, changes of circumstance, illness, or in unfortunate cases, death, that their accounts are removed from corporate networks. 

This oversight is one that cybercriminals are now taking adv

8467395687?profile=RESIZE_400xAttacks involving million-dollar ransom demands attract headlines, but the payout is no longer the sole financial incentive for attackers. The exfiltration of critical data is a key motivator that can be used to extort victims into paying even larger fees to recover assets.  Data, including intellectual property such as research and patents, is often targeted by organized groups or as part of corporate espionage. Stealing this information and then coercing a business into paying to get access to