As Maritime technology progresses, towage vessels (tugboats) and their crews are increasingly connected to online services during operations, increasing their vulnerability to cyber threats, malware, viruses, and hackers.  These cyber security concerns were raised by the US based Maritime Transportation System (MTS) - Information Sharing and Analysis Center (ISAC)[1] after a tugboat fell victim to a phishing email.  This was the first time a tugboat reported receiving this type of phishing email

What will happen if the November 2020 election results are tampered, blocked or disappear?  Both parties will cry foul and blame the other party.  Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome?  The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight.  State and local governments and their agencie

An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1]  This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information.   The group is suspected of offering APT style hacker-for-hire services to o

Activity Summary - Week Ending 11 September 2020:

• Red Sky Alliance observed 97 unique email accounts compromised with Keyloggers
• Analysts identified 69,770 connections from new unique IP addresses
• The BeagleBoyz are robbing Banks
• Analysts identified 4,775 new IP addresses participating in various Botnets
• Box Pages Utilized in Phishing Attacks
• Netwalker Ransomware in Argentina
• Oil Prices in a new “Supercycle”
• Iranian tankers possibly heading to Venezuela in defiance of US sanctions
• Germany – Nor

From our Friends at Be Cyber Aware at Sea - "Welcome to this month’s edition of Phish & Ships, brought to you by The Be Cyber Aware at Sea campaign.
For the last few months we have been swept up in the effects of the coronavirus on the world, and its impact on the cyber sphere for shipping in particular.  While the virus is still very much in circulation and we are adjusting to the measures put in place for our protection, we must start to look ahead once more. After all, round the corner is the

Ransomware is here to stay.  Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight.  There are many versions of ransomware in use and group and nations behind the extortion attempts.  These cyber actors are motivated by money.  Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.  While some simple ransomware

Activity Summary - Week Ending 4 September 2020:

• Analysts identified 5,204 new IP addresses participating in various Botnets
• Red Sky Alliance identified 44,612 connections from new unique IP addresses
• Analysts observed 24 unique email accounts compromised with Keyloggers
• Analysts found identifying data on Kuwaiti hacker: NYANxCAT
• Shlayer Malware
• Tripwire‘s August 2020 Patch Priority Index (PPI)
• ISIS attacks Syria’s energy infrastructure
• Two oil tankers loading at the Libyan Port of Brega
• Saudi

Close to 90 percent of all commerce is shipped via maritime transportation.  Lloyd’s of London report combined container throughput figures regarding the top 100 international ports grew by 2.5 percent in 2019.  Splash247 has posted an interesting article explaining that the Chinese government may be toying with supply chain data systems, creating concerns in maritime transportation. 

“There has been progress within the maritime and shipping sector in creating a digital maritime ecosystem that i

A recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag.  Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.  Ponemon's analysis of

The Cybersecurity and Infrastructure Security Agency (CISA) and other US agencies have issued a warning about increases in bank e-thefts worldwide organized by a hacking group called "BeagleBoyz."  Researchers believe this group has ties to the North Korean government.  The BeagleBoyz group is a subset of the North Korean-backed hacking collective known as the Lazarus Group or Hidden Cobra.  The report with details of how the BeagleBoyz have made off with an estimated $2 billion in funds and cry

Activity Summary - Week Ending 28 August 2020:

• Fairdeal Furniture LTD, located in Mombasa Kenya is still Keylogged
• Red Sky Alliance observed 26 unique email accounts compromised with Keyloggers
• Analysts identified 68,495 connections from new unique IP addresses
• Red Sky Alliance identified 3,148 new IP addresses participating in various Botnets
• Team TNT targeting AWS using Kinsing variant
• Maze Ransomware
• US SBA Loan Relief Phishing Campaign
• Oil prices remain somewhat stagnant – even with Hurrica

Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA). 

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link

Activity Summary - Week Ending 21 August 2020:

• Red Sky Alliance observed 15 unique email accounts compromised with Keyloggers
• Videoholka still is Keylogged
• Analysts identified 47, 658 connections from new unique IP addresses
• 3,294 new IP addresses participating in various Botnets
• Drovorub Malware Exposed
• FritzFrog P2P botnet struck at least 500 government and enterprise SSH servers
• COVID-19 Variants
• Magecart Group 8
• Oil Prices stuck in the $40-$45 Range
• Petrobas and Microsoft working together f

Carnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

Small and Medium (SMB) sized businesses are facing a growing number of ransomware threats as the programs needed to launch such attacks become more widespread and easier to use.  Also known as the “fast food franchise of cybercrime,” Ransomware-as-a-Service (RaaS) enables even low-level and inexperienced hackers to purchase a ready-made solution for attacking small and medium-sized businesses.[1]

The malicious group named Dharma as one of the most popular offerings around, explaining it provides

New samples of the Ekans ransomware have revealed how today's cyber attackers are using a variety of methods to compromise key industrial companies.  Researchers from our friends at FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems.[1] 

Ekans, which is also referred to as Snake[2], was first identified in February 2020 and early reports indicated that it had been desi

Activity Summary - Week Ending 31 July 2020:

• Red Sky Alliance observed 41 unique email accounts compromised with Keyloggers
• Analysts identified 43,115 connections from new unique IP addresses
• 1,518 new IP addresses were discovered participating in Various Botnets
• Taidoor remote access Trojan
• Lazarus Attacks with Ransomware Worms
• Baker Hughes still has Cyber issues
• Hezbollah remains in the Top 5 Cyber Threat Actors
• Oil moving Renewable & Green
• Egypt and Greece signed a maritime agreement; Turkey

Maze ransomware is a complex piece of malware that uses some tricks to frustrate analysis right from the beginning. The malware starts preparing some functions that appear to save memory addresses in global variables to use later in dynamic calls though it does not actually use these functions later. The operators of the Maze ransomware have published tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts.

The hackers leake

Three US agencies published a joint warning alert for private companies about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers.

The alert is from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense's Cyber Command (CyberCom), and the Federal Bureau of Investigations (FBI).  The three US government agencies report they have observed Taidoor being used in new attacks.  The n

Analysts studying CoronaVirus-related phishing and malware threats in malicious emails reveal four major topics abused by hackers: news, medical, financial, and regulatory.  In the first phases of the Corona pandemic, hackers were mostly disguising their malicious emails as general news and medical information with the most common keywords being “update” and “affected.”  When Summer 2020 (June-July) arrived, the dominating attack theme became “financial” and the leading keyword became “payment.