X-Industry

The National Institute of Standards and Technology (NIST) has published its definition of what "critical software" means for the U.S. federal government, as the standards agency begins fulfilling some of the requirements laid out in President Joe Biden's executive order on cybersecurity.

As part of Biden's executive order published on 12 May 2021, federal agencies are now required to reexamine their approach to cybersecurity, which includes developing new ways to evaluate the software that depar

Activity Summary - Week Ending 9 July 2021:

• Red Sky Alliance identified 56,261 connections from new unique IP addresses
• Analysts identified 2,346 new IP addresses participating in various Botnets
• 12 unique email accounts compromised were seen with Keyloggers
• RevengeRAT & Aviation
• Kaseya Attack
• Babuk Locker
• PayLoad Bin
• Space ISAC & Microsoft
• SideCopy
• A change in social media collection?
• DuckDuckGo, Good to Go

Link to full report: IR-21-190-001_weekly_190.pdf

Last weekend did not start out so nice.  The hacking group behind what media is calling ‘colossal ransomware attack’ has demanded $70m (£50.5m) paid in Bitcoin in return for a "universal decryptor" that it says will unlock the files of all victims.  The Russian associated REvil group is saying its malware, which initially targeted US IT firm Kaseya, has hit one million "systems." 

This number has not been totally verified and the exact total of victims is unknown.  Yet, victims include 500 Swedi

Activity Summary - Week Ending 2 July 2021:

• Red Sky Alliance identified 19,270 connections from new unique IP addresses
• Analysts identified 2,543 new IP addresses participating in various Botnets
• 13 unique email accounts compromised with keyloggers were Observed
• Netfilter
• PJobRAT Spyware
• Mirai Knockoffs
• Salvation Army Hit
• Conti & Canada
• DragonForce / Israeli Banking
• Fancy Lazarus attempts an attack on German Banks - Denied

Link to full report: IR-21-183-001_weekly_183_FINAL.pdf

Post offices in the US still post the FBI’s Most Wanted List.  The wanted criminal profiles are normally in a locked glass case somewhere in the lobby.  A looked at the photos and associated descriptions, it is amazing that even in our digital world -criminals can still commit major crimes and still lurk without leaving a digital sign for authorities to follow.  But cyber criminality is here and now and pose a huge threat to everyone, in any country.  Now the US Secret Service is asking for our

The average cost of a ransomware attack in 2020 was approximately $761,000.  The average cost of remediating a ransomware attack has more than doubled in the last 12 months.  Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of approximately $761,000 in 2020 to approximately $1.85 million in 2021.[1] 

The importance of cybersecurity is no secret to anyone who uses a computer or an iPhone.  Senior executives at businesses of all sizes u

IT companies are making up the majority of organizations being targeted amid new activity by the group behind last year’s SolarWinds supply-chain attack, with at least one victim coming from Microsoft’s customer support ranks. 

On 25 June 2021, the Microsoft Threat Intelligence Center said it was monitoring new activity from the Nobelium threat actor, which Microsoft is calling the group, with the vendor observing password spray and brute-force attacks, among other potential methods and tactics.

A pro-Palestinian Malaysian hacker group known as "DragonForce" claimed that it hacked into AcadeME last week, stating "THE LARGEST AND MOST ADVANCED STUDENT AND GRADUATE RECRUITMENT NETWORK IN ISRAEL Hacked By DragonForce Malaysia" in a Telegram message on 20 June.  The group claimed that they leaked emails, passwords, first and last names, addresses and even phone numbers of students who were registered on AcadeME. DragonForce attacked screenshots of code, server addresses and a table includin

Autonomous drones are now working as battlefield killers without human control. Theses military-grade drones can fly to a specific location, pick their own targets and kill without the assistance of a remote human operator.  Such weapons were known to be in development, but there were no reported cases of autonomous drones killing fighters on the battlefield. 

The Turkish built drone, a Kargu-2 quadcopter (pictured) was used in March 2020 during a conflict between Libyan government forces and a

The US has seized the domains of 36 websites linked with Iran and Iraq for allegedly publishing disinformation and running malicious influencing campaigns targeting Americans, the Justice Department says.  Thirty-three of the websites belong to the Iranian Islamic Radio and Television Union, or IRTVU, and three belong to Kata’ib Hizballah, or KH, a paramilitary group based in Iraq.  KH has been designated as a foreign terrorist organization since 2009, and IRTVU was put under sanctions in Octobe

The US and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels, according to the official summit communique.  NATO members agreed that the organization's Article 5 provision which states that an attack on one member nation is an attack on all could now be applied to cyber threats.  But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes.  A

Activity Summary - Week Ending 25 June 2021:

• Red Sky Alliance observed 105 unique email accounts compromised with Keyloggers
• Analysts identified 37,719 connections from new unique IP Addresses
• 2,489 new IP addresses participating in various botnets were Observed
• Darkside Affiliate Group
• Telegrams APIs being Used
• Poland’s Government allegedly hit by Russian Hackers
• White Hats to the Rescue
• Carnival Cruise Line hit, AGAIN
• Korea Atomic Energy Research Institute
• Hong Kong’s Apple Daily pivoting to

It is clearly proven on a daily/hourly basis that cyber-attacks will not slow down; with ransomware leading the hacker’s choice of malware techniques.  So, who really loses in these attacks?  In most cases, the business and corporate owners.  A million dollar ransom of frozen networks, even if negotiated down, will put many companies on their heels, if not out of business. 

A pair of recent lawsuits have been filed on behalf of former and current Scripps Health (Scripps) patients, who allege the

This all started with email scams requesting money for a Nigerian price who claims he can double your investment or requests money for charities.  A scam then; still a scam.  Now a new one: a current email scam, also known as advance fee fraud or 419 fraud, is a scheme in which a sender requests help in facilitating the transfer of a sum of money, generally in the form of an email. In return, the sender offers a commission —a large amount, sometimes up to several million dollars depending on the

The White House continues to make multiple moves to try and better combat the increasing damage being done by ransomware-wielding attackers.  "The number and size of ransomware incidents have increased significantly, and strengthening our nation's resilience from cyberattacks in both the private and public-sector is a top priority" for President Joe Biden, says a memo issued by the White House to U.S. corporate executives and business leaders on Wednesday, urging them to ensure they are followin

Reader’s Note:  I am writing this article in reverse order today. Please review Part 1 and begin following them today.  Then maybe part 2 will not be necessary.

Part 1

Red Sky Alliance has been has analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge.  In fact, the RedPane tool now scraps over 40 dark web forums, collecting pro-active data that can be used to defend a network b

GCHQ the UK’s spying agency says they have fully engaged with AI to find, analyze and use the massive amounts of global data for their own intelligence work. AI and Machine Learning are playing an increasing role in cybersecurity, with security tools analyzing data from millions of cyber incidents, and using it to identify potential threats.

Digital disruption is sweeping through the world’s second-oldest profession, spying, and it is altering monitoring, collection, and action. Spying has of co

Law enforcement is on a roll.  Europol members recently arrested numerous people in connection with a US law enforcement sting; last week Mexico arrested hacktivist Commander X; and now police in Ukraine reported earlier this week they arrested members of a major ransomware gang.  The arrests mark the first time a law enforcement agency has announced a mass arrest of a prolific hacker group that had extorted Americans by either encrypting an organization's files or threatening to leak them to th

Activity Summary - Week Ending 18 June 2021:

• Red Sky Alliance observed 39 unique email accounts compromised with Keyloggers
• Analysts identified 43,797 connections from new unique IP Addresses
• 2,102 new IP addresses were observed participating in various Botnets
• New Agent Tesla Variant
• Infostealer Malware
• Gelsemium
• Norms: Do they Mean Anything?
• Fancy Lazarus
• Asia Pacific Public Sector Cyber Security Executive Council
• Major Rx. Company still has Cyber Issues
• Commander X Busted in Mexico

Link to

Mexican media sources are reporting that hacktivist Christopher Doyon, known as 'Commander X', was captured in Mexico and extradited to the United States, where he faces over a decade's worth of criminal hacking charges.  Doyan now claims that he was illegally handed over to the US authorities and is claiming political asylum in Mexico. 

"Please tell the world that I was illegally handed over from Mexico, where I had political asylum and where I was a humanitarian refugee.  I was illegally taken