The US Transportation Security Administration (TSA) have announced a new cyber-security directive regulating designated passenger and freight railroad carriers. The announcement demonstrates the Biden Administration’s commitment to strengthen the cyber-security of US critical infrastructure. Building on the TSA’s work to strengthen defenses in other transportation modes, this security directive will further enhance cyber-security preparedness and resilience for the nation’s railroad operations
All Articles (1949)
Sort by
There have been some developments in the Ducktail phishing campaign. To begin our report, it seems reasonable to go over a little bit of history on Ducktail for those who might be unfamiliar. The Ducktail phishing campaign was first discovered and reported on in late July of 2022. Researchers at the firm WithSecure are credited with the discovery of the campaign. In terms of who is responsible, WithSecure’s report on this campaign indicated a high level of confidence in their belief that the
Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.” Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities. This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.
Activity Summary - Week Ending on 21 October 2022:
- Red Sky Alliance identified 32,517 connections from new IP’s checking in with our Sinkholes
- NoVa hit 17x
- Analysts identified 1,515 new IP addresses participating in various Botnets
- “Alchimist” Attack
- REvil
- Good News from Brazil
- Khan Academy
- Vinomofo
- Japanese Crypto Funds
- Oh Canada
Link to full report: IR-22-295-001_weekly295.pdf
Fifteen percent of car dealers have experienced a cybersecurity incident in the past year. Of those impacted, 85% of the occurrences were due to sophisticated phishing attempts concealed as legitimate emails that resulted in data breaches, IT-related business interruptions and loss of revenue.
The 2022 State of Cybersecurity in the Dealership report from CDK Global Inc. surveyed business and IT executives at 201 car dealerships in the United States about their current cybersecurity posture. T
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc
Cyber threat investigators say do not let the ongoing "crypto winter" lull you into a false sense of cybersecurity. The phrase “crypto winter” likely came from the hit HBO series, “Game of Thrones.” In the series, the motto of the House of Stark was “Winter Is Coming.” It was considered a warning that lasting conflict could descend on the land of Westeros at any time. Similarly, an extended period of trouble may be settling over the crypto market. During this difficult time, you must remain
A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. operation systemsFortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product.
Last week, we reported an alleged cyber-attack on Italian automaker Ferrari. Well, high end automaker has confirmed the leak of some internal documents but did not say how it happened. On 10 October, RansomEXX, a ransomware-as-a-service operator, claimed to have breached Ferrari, though the company said it is investigating how the leak occurred. Italy’s Red Hot Cyber reported that internal documents, including repair manuals, datasheets, etc., sizing up to 6.99 gigabytes, were leaked. Ransom
Activity Summary - Week Ending on 14 October 2022:
- Red Sky Alliance identified 26,570 connections from new IP’s checking in with our Sinkholes
- Netskope IAD hit 56x
- Analysts identified 556 new IP addresses participating in various Botnets
- Bisamware and Chile Locker
- njRat, a.k.a. Bladabindi
- Emotet 2022
- Singtel
- Pinnacle Hack
- Ukraine War
- Optus Part II
Link to full report: IR-22-288-001_weekly288.pdf
There has been a very disturbing trend of criminal hackers targeting healthcare providers and directly at hospitals. The NHS system in the UK was recently attacked, numerous healthcare and hospitals in the US and now in Australia. What was once a “white collar crime” of only attacking financial institutions, these cyber-attacks are compromising the health and safety of people around the globe. Health insurer Medibank Private says it has been hit by a cyber-attack.
Key points:
It is A
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
Adaptive security is a cybersecurity model with four phases, prediction, prevention, detection, and response. The process was developed in response to the decentralization of IT ecosystems to accommodate hybrid working environments and the porting of systems to the cloud.
The perimeter that once defined a network no longer exists. Organizations are leveraging cloud technology and shifting towards hybrid work environments. The de-centralization of IT ecosystems is becoming increasingly difficu
Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict. These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives. Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel. The shared practical report discusses the technical details of
Last week, a high-ranking tech executive was arrested in Michigan on data theft suspicion at the behest of Los Angeles CA county district attorney. Konnech Corporation CEO Eugene Yu was arrested on suspicion of storing election workers’ data on servers in China. Konnech develops PollChief, a payroll, communication, training, and logistics management system for election workers that the Los Angeles county leverages under contract during elections. “Under its $2.9 million, five-year contract wi
Some of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation. It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security. "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait
The International Association of Ports & Harbors (IAPH) has recently published its summary report “Closing the Gaps," highlighting key actions in digitalization, decarbonization and resilience the maritime sector.”[1] IAPH defines and identifies the principal gaps in port and port-related infrastructure on a global scale. These gaps were identified in terms of efficiency, connectivity and accessibility, digitalization, decarbonization, shipping costs and regulatory environment.
The report serv
Activity Summary - Week Ending on 7 October 2022:
- Red Sky Alliance identified 24,201 connections from new IP’s checking in with our Sinkholes
- Pptechnology Limited in Romania hit 485x
- Analysts identified 1,163 new IP addresses participating in various Botnets
- Royal Ransomware
- Phishing Microsoft
- US National Elections
- Vice Society
- New Zealand Attack
- Ferrari Issues
Link to full report: IR-22-281-001_weekly281.pdf
US cybersecurity, law enforcement and intelligence officials revealed on Tuesday that sophisticated hackers infiltrated a likely US military contractor and maintained “persistent, long-term” access to their system. The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a detailed, joint advisory containing the notification, explaining that in November 2021 CISA responded to a report of malicious activity on an anonymous “Defense Indu
Financial messaging system SWIFT (Society for Worldwide Interbank Financial Telecommunications) has laid out its blueprint for a global central bank digital currency (CBDC) network following an 8-month experiment on different technologies and currencies. The trial, which involved France and Germany's national central banks as well as global lenders like HSBC, Standard Chartered and UBS, looked at how CBDCs could be used internationally and even converted into fiat money if needed. Around 90% o
