X-Industry

Stoli Group's U.S. companies https://stoli-group.com  have filed for bankruptcy following an August 2024 ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.  Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a recent filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.

The cyb

While threat actors continue to rely on many “classic” tactics that have existed for decades, our threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and, from their perspectives, better attacks.  From Cybercrime-as-a-Service (CaaS) groups becoming more specialized to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.

In its 2025 thr

Researchers have discovered what they believe is the first-ever malware capable of infecting the boot process of Linux systems. "Bootkitty" is proof-of-concept code that students in Korea developed for a cybersecurity training program they're involved in. Though unfinished, the bootkit is fully functional and even includes an exploit for one of several so-called LogoFAIL vulnerabilities in the Unified Extensible Firmware Interface (UEFI) ecosystem that Binary Research uncovered in November 2023.

Criminals are using text messaging, dating apps, social media, and email to perpetrate a form of financial fraud, most known as 'pig-butchering,' where victims are lured into fraudulent investment schemes. Meta has confirmed it has removed around 2 million scam accounts across its platforms since the beginning of 2024. “This year alone, we’ve taken down over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates, and the Philippines,” says Meta.
See: http

Earlier this week on Cyber Monday, the US Internal Revenue Service (IRS) and its Security Summit partners warned taxpayers to approach their holiday shopping with extra caution because scammers are also shopping, for their next victim’s personal information.  The consumer alert kicks off the ninth annual National Tax Security Awareness Week featuring tips for taxpayers and tax professionals to avoid scams and protect their sensitive data.  The special week is part of the Security Summit initiati

Trustwave researchers have recently released a report about a phishing campaign they had been tracking which had experienced a significant increase in activity in August of 2024 and targeting primarily Microsoft 365 users. This campaign has been linked to the phishing kit called Rockstar 2FA.  The Rockstar 2FA phishing kit has been deemed to be an updated version of the DadSec phishing kit. Microsoft tracks the threat actor behind these phishing kits under the moniker Storm-1575.

Rockstar operat

Imagine a world where every car dealership in the country sells the same bland, featureless sedan.  No variety, no personality, just four wheels, a steering wheel, and a shrug-worthy lack of innovation.  That’s what one-size-fits-all cybersecurity looks like for managed security service providers (MSSPs): A cookie-cutter offering that nobody truly loves, everyone tolerates, and eventually, someone else customizes better.[1] 

Mike Saylor, CEO and co-founder of Black Swan Cybersecurity, has spent

In September 2024, researchers observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks.  While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading pl

FortiGuard Labs gathers data on ransomware variants of interest that are gaining traction within its datasets and the OSINT community. The report below provides brief insights into the evolving ransomware landscape.

Interlock Ransomware Overview - Interlock is a new ransomware variant that was first publicly discovered in an available file-scanning site in early October 2024. This could indicate that the ransomware emerged as early as September. The Interlock ransomware comes in Windows and Free

A ransomware attack on supply chain software firm Blue Yonder in turn hit a dozen big names in food and retail with business disruptions, Starbucks and Walgreens among them.  The software is widely used by a range of Fortune 500 companies, and the full list of potentially impacted victims remains unclear.  Companies such as grocery giant Kroger (and its recently acquired subsidiary Albertsons), Anheuser-Busch and Ford are known to use the software but have not confirmed any impact as of yet.  Se

Network-attached storage devices like NetApp contain volumes of data which are vital to business operations.  With broad access available to so many users, protecting NetApp storage from malware is critical to operational stability and integrity. Organizations worldwide face increasingly sophisticated threat actors. AI-powered threat detection can level the playing field, protect business data, and stop attacks before they begin. 

The Challenge - Legacy AV solutions have long dominated storage s

Two Internet cables between Germany and Finland, as well as between Lithuania and Sweden, have experienced sudden outages. Located in northern Europe, the Baltic Sea is an active commercial shipping route ringed by nine countries, including Russia. The affected countries, all members of NATO, say that it is unlikely to be accidental. This happened in the same waterway in which a significant gas pipeline and other underground cables were previously damaged in mysterious circumstances in 2022. No,

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

After being deported from South Korea, a Russian cybercriminal leader has made his first appearance in the US District Court for the District of Maryland to face his charges. Evgenii Ptitsyn, 42, is a Russian national who allegedly administered the sale, distribution, and operation of Phobos ransomware, which has been used against more than 1,000 victims, including public and private entities in the United States and globally. According to the indictment, its affiliates have extorted ransom paym

The US Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.

Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting US critical infrastructure, necessitate immediate action,” according to a portion of

The US Department of Justice is reportedly seeking to force Google to sell Chrome, according to Bloomberg.  Prying the browser from the rest of the company is only one of the measures the DOJ will ask the courts to enforce, following a ruling that the company maintained an illegal search monopoly.   While ripping Chrome from Google might seem a relatively simple measure, there are a huge number of complicating factors that make it a trickier operation than it might first appear, factors that cou

CyberVolk is a politically motivated hacktivist collective that launched its own RaaS in June 2024. The group uses DDoS and ransomware attacks to undermine and disrupt the operations of those opposed to Russian interests.

The group has become an increasingly prominent player within the cybercrime ecosystem, adapting and repurposing existing commodity malware to advance its causes. Highly skilled actors within the collective expand and revise such tools, effectively making them more sophisticated

Most people watch online scams, but if you are not careful, you might do the scammers' work for them. A new study from GenDigital, the company behind cybersecurity brands like Norton, Avast, LifeLock, AVG, ReputationDefender, and CCleaner, shines some light on "scam yourself" attacks that are on the rise dramatically. Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.
Gen says millions of people have fallen for these sca

A skilled and prolific hacker has been given a five-year sentence on 14 November 2024 for laundering the proceeds of one of the biggest ever crypto-currency thefts.  His crime involved the 2016 theft of a reported 120,000 bitcoins from cryptocurrency exchange Bitfinex, worth over $9bn at today's heightened exchange rate.   Ilya Lictenstein has been sentenced to five years in jail after he attempted to launder the money with the help of his wife Heather Morgan, who used the alias 'Razzlekhan' to

The country's National Cyber Security Centre (NCSC) has uncovered a new malware campaign targeting Swiss residents through fake postal letters. The scam involves fraudulent correspondence disguised as official communication from MeteoSwiss, the Federal Office of Meteorology and Climatology. It urges recipients to scan a QR code and download a malicious weather app for Android devices.

See: https://redskyalliance.org/xindustry/malicious-qr-codes

The fake “Severe Weather Warning App” app mimics t