X-Industry

Activity Summary - Week Ending 6 November 2020:

• Red Sky Alliance observed 60 unique email accounts compromised with Keyloggers
• A University of Albert professor may be Keylogged
• Analysts identified 44,623 connections from new unique IP addresses
• Collection identified 3,097 new IP addresses participating in various Botnets
• Ryuk Evolving Its Encryption and Evasion TTPs
• GravityRAT
• Eastern European cybercriminal group Attacking Health Care Services
• FBI warns of an "imminent" increase in Ransomware a

Account takeover seeks to infiltrate an existing account and use them for the criminal’s benefit.  Cyber threat actors will target any firm from any market segment, so there is no pattern to follow.  Once the criminal accesses the account, they may make unauthorized purchases and cash advances; they may also change account information so that the real owner does not receive notifications from the account.

According to a recent report, account takeover has tripled over a year-to-year comparison,

The Maze cybercrime gang, which revolutionized the ransomware business by adding an extortion element to each attack, has issued a statement saying it has hung up its spikes and will retire, at least temporarily.  Can you believe anything a ransomware group says?  Maze posted a "retirement" notice to its darknet site on Nov. 1 saying: "This project is now closed." The word "project" appears to be a reference to the ransomware gang stating in the note that its attacks were intended to teach its v

The Covid-19 pandemic has led to dangerous gray areas for employers, such as new BYOD policies, thanks to the rapid and required shift to remote working.  The work to home (WTH) phenomenon has cause numerous cyber challenges.  This creates an ‘insider threat’ scenario.  Yes, trusted employees working at home could become an insider threat, though most likely an unwitting threat.[1]  Many company cyber security professionals are starting to seriously examine the changing nature of traditional ins

They say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most securi

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated

US authorities are sharing a quick reference on Ransomware.  "Ransomware is a type of malicious software cyber actors use to deny access to systems or data.  The malicious cyber actor holds systems or data hostage until the ransom is paid.  After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems.  If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. L

Link to full report: Ransomware_Exec

Activity Summary - Week Ending 30 October 2020:

• Red Sky Alliance identified 42,687 connections from new unique IP addresses
• 79 unique email accounts compromised with Keyloggers
• Analysts identified 3,334 new IP addresses participating in various Botnets
• Vulnerabilities in Multiple Adobe Products
• Eval-stdin.PHP.Remote.Code.Execution
• Spoofing US Census Bureau
• Hungarian Financial Institutions hit with DDoS attack
• Bots and Covid Loan Applications
• Robinhood Markets Inc.
• Hackers and ‘Social Bandits’
• T

There is no shortage of places within the Internet's dark market where stolen credit and debit card information is sold.  Most of them, truth be told, are criminal chancers trading in recycled data from old breaches; bargains are to be held for fraudsters willing to take a gamble that some of the bundle of payment cards they have bought will actually be usable.  Not only is it the biggest, but Joker's Stash, which was established in 2014, prides itself on traders selling the "freshest" of paymen

Red Sky Alliance analysts detected Fancy Bear impersonators targeting a US county election information website. Their DDoS ransom note claims they will take the site down one day before the election if not paid in Bitcoin. This year we see an uptick of similar impersonation emails claiming to be from Fancy Bear, Lazarus Group, or Armada Collective hackers.

Details: Florida Vote Case

Election support infrastructure being vulnerable to ransomware attacks is widely discussed.  But sites going dow

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.  Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems.

Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, t

Almost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout.  A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians.  Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t

The coronavirus pandemic and lockdown have forced organizations to make dramatic changes over a short period of time.  One of the biggest changes has been the shift to a remote workforce nationwide.  Because of the abruptness and speed of that transition, proper cybersecurity has not necessarily been followed, prompting cybercriminals to level more attacks against remote workers, devices, and assets.

Based on a recent survey by security provider Keeper Security looks at the types of threats aime

A Mac or iPad appearing on your organization’s network may not be cause for concern at first.  But when did it join the network? What is it doing? Is it the only one?  These questions can help discern a benign connected device from a malicious product trying to infiltrate an organization.

"The number of unmanaged devices has pretty much exploded in the last five years," said the head of threat research at Awake Security.  More people are connecting to corporate networks with devices that are not

The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472) less than two hours after the initial phish.

The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Mic

Activity Summary - Week Ending 23 October 2020:

• Red Sky Alliance observed 69 unique email accounts compromised with keyloggers
• Analysts identified 43,643 connections from new unique IP addresses
• CTAC identified 2,933 new IP addresses participating in various Botnets
• EKING Variant of Phobos Ransomware
• Kraken
• KillDisk and Industroyer
• Mobility Electronics Suppliers Expo – Attacked
• Messe-Berlin
• Minnesota Republican Party – Attacked
• Critical Manufacturing RedXray example – Tesla Inc.
• 4Chan and 8Chan

US Cyber Command, Microsoft, and Europol are attacking Trickbot's malicious infrastructure, ahead of the elections. It won't stop hackers from adapting but is expected to create breathing space during the elections. Check out these slides if you missed the webinar on October 21, 2020 to find out more:

View Webinar

Ransomware attacks remain the top cyber-enabled threat seen by law enforcement agencies.  But phishing campaigns, business email compromises, and other types of fraud that are now using COVID-19 themes are increasing.  Red Sky Alliance has members, clients, and readers from around the world and this article has been written from the European Union viewpoint, which actually applies internationally to global defense against cyber-crimes.  Our source is the seventh annual Internet Organized Crime T

In June 2015, the US Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.  The final estimate of the number of people impacted is 22.1 million.  This includes records of people who had undergone background checks, as well as their friends and family, many of whom were not government employees.  It has been described by federal officials as among the largest breaches of government data in the history o