X-Industry

Activity Summary - Week Ending 7 August 2020:

• WastedLocker, ta505 Strikes Again
• Analysts observed 28 unique email accounts compromised with Keyloggers
• Red Sky Alliance identified 45,195 connections from new unique IP addresses
• Analysts identified 1,682 new IP addresses participating in various Botnets
• Malicious Code in Twilios
• Boko Haram remains the top Threat actors – hitting African targets (Nigerian oil)
• Syrian SDF, US and Oil
• Husky Energy Inc to Escalate Production in Canada
• WTH in Oil busi

From our friends at Be Cyber Aware at Sea:  Welcome to this month’s edition of Phish & Ships, brought to you by The Be Cyber Aware at Sea campaign.  For the last few months we have been swept up in the effects of the coronavirus on the world, and its impact on the cyber sphere for shipping in particular.   While the virus is still very much in circulation and we are adjusting to the measures put in place for our protection, we must start to look ahead once more.   After all, round the corner is

Our friends and colleages at Dryad Global maritime intellgience group in UK provies the following intellignece update on the 4 August 2020 explosion in Beirut Lebanon:

Dryad Incident Overview:  Reporting indicates that a significant explosion has occurred in the vicinity of the port of Beirut.  Eyewitness observers, social media footage and local intelligence sources all confirm that a large 'shockwave' was observed, and caused significant structural damage to nearby buildings, with the blast ra

Mac devices are currently targeted by new ransomware, which is more sinister than before.  But its true purpose may be hidden.  According to Arstechnica's latest report, the new Mac ransomware is called ThiefQuest or EvilQuest.  It is a data wiper and info-stealer that is using ransomware as a decoy.  It is more dangerous because it steals credit card numbers and passwords.  The victims get infected after downloading trojanized installers of popular apps from torrent trackers.

While not common, r

Military patrols working outside their forward operating bases (FOB) are categorized as “working outside the wire.”  This is often where reconnaissance patrols and military intelligence officers collect and gather valuable military intelligence to provide back to its unit, base, and section commanders to use in future proactive combat operations.  This is no different from what RedXray does in cyber security.  RedXray collects and analyzes indicators of compromise (IOCs) to help customers identi

Maybe some of our readers are old enough to remember Avon’s catchphrase, “Avon calling!” The Avon ladies show up at your door and rang the doorbell to sell your mother cosmetics. “Avon is Reeling.” A misconfigured cloud server at global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. Researchers at SafetyDetectives said they found the Elasticsearch database on an Azure server publicly exposed with no password protection o

Red Sky Alliance analysts have read that the New York Power Authority (NYPA) and Siemens Energy announced a new collaboration to create a Center of Excellence regarding industrial cybersecurity monitoring, research and innovation center, that will concentrate on detecting and guard against cyberattacks on NYPA’s infrastructure.  NYPA’s Board of Trustees approved the creation of the cybersecurity center this past week.[1]  Public and private solutions are a critical component to sound cyber healt

Activity Summary - Week Ending 31 July 2020:

• Red Sky Alliance identified 65,708 connections from new unique IP addresses
• 83 unique email accounts have been shown to be Compromised with Keyloggers
• Analysts identified 2,442 new IP addresses participating in various Botnets
• Emotet is Back
• Phishing Campaign Targeting High-Profile Twitter Accounts
• Confidential & Proprietary
• Russia conducts 1^st gas delivery via Artic shipping Route to Japan
• DAPL in the news Again
• Cavitas Energy and Thor
• Floating stor

According to a recent article from ThreatPost, the North Korea-linked APT known as Lazarus Group, also known by names such as the Guardians of Peace, Whois Team, Hidden Cobra and Zinc has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux, and macOS operating systems.  Cyber threat investigators at Kaspersky have uncovered a series of attacks utilizing MATA (so-called because the malware authors themselves call their infrastructure MataNet), involving the

A previously unreported Fancy Bear campaign indicates APT28 has persisted for well over a year and indicates that the notorious group has broadened its focus.   Hackers from Russia’s GRU military intelligence agency, Units 26165 and 74455, aka Fancy Bear/APT28, have deep interests and experience in decryption, hacking, and dissemination of stolen information.  These two units have carried out many of the most aggressive acts of hacking in history that have included destructive worms, blackouts,

Researchers say it is estimated that more than 70 percent of cyberattacks target hit small businesses, many resulting in the demise of the business.

Small and midsize businesses (SMBs) are often easy targets for hackers.  A smaller company, with a limited cyber threat defense budget, is less likely it to use multi-layered defenses that block hackers in today’s cyber environment.  SMBs often think they are protected with one layer of security, such as a firewall, anti-virus, or a simple backup. 

Watching the cyber threat evolve over the last few decades has made it clear to many researchers and cyber analysts: we are all targets.  As individuals we need to do what we can to minimize the threats to our personal information.  Corporate leaders should do what they can to educate employees on these personal threats.  We need to do this for two main reasons: 1.) Because you care about yourself and family and for your employees and want to make them cyber-aware, and 2) Because bad guys target

Activity Summary - Week Ending 24 July 2020:

• Red Sky Alliance observed 35 unique email accounts compromised with Keyloggers
• Analysts identified 4,056 new IP addresses participating in various Botnets
• Collections identified 47,553 connections from new unique IP addresses
• Call of Duty remains a favorite lure for Malware
• Conti 32 Core Ransomware
• CracxStealer
• ‘servicedesk.com’ Phishing Attack
• Tunisian protesters stormed a crude production site
• US is ratcheting up efforts to disrupt the completion o

Red Sky Alliance provides weekly Vessel Impersonation reports, Top 5 Maritime Indicators of Compromise (IOCs) and a Maritime Watchlist.  These reports support current facts provided by Naval Dome’s Boston-based North American operations[1] that cyberattacks are directly targeting maritime industry’s operational technology (OT) systems. 

These attacks have increased by 900 percent over the last three years with the number of reported incidents set to reach record volumes by the end of 2020.  Addr

The United States, Federal Bureau of Investigation (FBI) has issued a warning to air travelers to be suspicious of bogus US airport websites and WiFi networks when booking flights online.   FBI analysts are aware of the recent creation of a number of websites trick users into thinking the sites are real.  These spoofed domains, which grow increasingly sophisticated as cyber-criminals hone their skills for mimicry, posed a real threat for travelers, airports, and the aviation industry as a whole.

It is estimated the over five billion unique user credentials are circulating on Darknet forums, with cybercriminals offering to sell access to bank accounts as well as domain administrator access to corporate networks.  Researchers discovered that more than 15 billion user credentials are in circulation, of which 5 billion username and password combinations do not have repeated credential pairs and have been advertised on underground forums only once, according to the recently issued report.[1]

Wells Fargo, the fourth-largest bank in the US, has directed employees to remove the TikTok social media app from their company-issued devices, citing security concerns. The bank's move to ban the app on corporate devices comes on the heels of Amazon, sending very mixed signals to its employees about whether they should remove TikTok from their company-issued devices. 

Amazon said in a memo asking employees to remove the app was initially sent in error, an Amazon spokesperson told media sources.

Activity Summary - Week Ending 17 July 2020:

• Red Sky Alliance identified 57,886 connections from new unique IP addresses
• Analysts identified 3,052 new IP addresses participating in various Botnets
• Buffalo Vastitude is Compromised
• ShinyHunters is on the Top 5 Threat Actor List
• Thanos Ransomware
• OT Ransomware Ekans
• Outlaw Botnet
• Oil Prices remain around the low $40 a barrel
• Oil Merchant Tanker hiding in Iran waters
• UK cuts ties with Huawei, China not Happy
• Libya’s eastern government asking Egypt

A new strain of ransomware has arisen in Canada, targeting Android users, and locking up personal photos and videos. Named CryCryptor by cyber threat investigators, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada.  It is propagating via two different bogus websites that pretend to be official.   According to ESET researchers, one called tracershield[dot]ca.  Like other ransomware families, it encrypts targeted files.  But, instead of sim

On June 23, 2020, the US Federal Bureau of Investigation sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, especially about ransomware gangs that abuse remote desktop connections to break into school systems.

The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic targe