X-Industry

Network credentials and virtual private network (VPN) access for colleges and universities based in the US are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber-attacks against individual users or affiliated organizations," the US Federal Bureau of Investigation (FBI) said in an advisory published last week.  See:  https://www.ic3.gov

Activity Summary - Week Ending on 3 June 2022:

• Red Sky Alliance identified 43,371 connections from new IP’s checking in with our Sinkholes
• Microsoft in Iowa hit 154 x
• Analysts identified 1,186 new IP addresses participating in various Botnets
• FluBot in the Top 5 Malware
• ArguePatch Variant
• Twisted Panda
• 1AveMariaRAT
• SideWinder, aka: Rattlesnake
• Karakurt
• Vulnerabilities in Smartphone Chips
• OneDrive Attacks

Link to full report: IR-22-154-001_weekly154.pdf

Our bi-weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report:  IR-22-153-001_IntelSummary153.pdf

Costa Rica is still reeling from the ransomware attacks deployed by the Conti group, and now the Hive ransomware group has joined in.  According to Bleeping Computer, the Hive ransomware group is behind the attack beginning 31 March 2022 targeting Costa Rica’s public health service.  

The Costa Rican government agency has publicly stated that an attack took place early Tuesday morning.  The targeted government entities included the Costa Rican Social Security Fund (CCSS).  The government also st

The recent BillQuick attack was an important reminder of the dangers of SQL injection.  Malicious hackers discovered a SQL injection flaw in BillQuick software used by over 400,00 organizations and used it to deploy ransomware across customer networks.  Below are lessons learned from Gilad David Maayan and provides measures to protect your organization from SQL injection.

So, what Is SQL Injection?  SQL injection (SQLi) techniques are one of the primary focuses of database security initiatives.

Both public and private maritime industries within the entire transportation supply chain is finally getting up to speed with cyber security.  The Port of Long Beach in California is poised to build its “Supply Chain Information Highway” digital infrastructure on the Amazon Web Services platform, following a new agreement with the online retail giant.

This “Information Highway” is being created to aggregate data collected at the port on a single platform for access by companies across different

The Conti Ransomware group has been in and out of the news for the majority of 2022.  Beginning the year with an attack on Kenyon Produce (KP) Snacks and conducting business as usual.  When the conflict between Russia and Ukraine boiled over, the group again made headlines for taking the side of Russia.  This led to widespread dissemination of the group's internal chat messages and eventually leaks of the ransomware source code.   

The group remains in the spotlight with news of an ongoing confl

A new cryptographic era is beginning where quantum computing will be able to break the encryption that underpins our entire digital society, this warning coming from Ms. Anne Dames, distinguished engineer at IBM.[1]  Speaking at an IBM press tour in Poughkeepsie, New York last, where Dames told journalists that “there’s a lot to be concerned about” when it comes to the potential threat of quantum attacks.  “We believe there will be a time when quantum computers can break the cryptographic protec

Activity Summary - Week Ending on 27 May 2022:

• Red Sky Alliance identified 39,820 connections from new IP’s checking in with our Sinkholes
• “Comment dire aide”
• Analysts identified 1,254 new IP addresses participating in various Botnets
• Sality remains our top Malware Variant
• Conti’s last Stand in Costa Rica
• Onyx Ransomware
• ZxxZ and Bitter
• Ransom DDoS Attacks
• Zola Ripped Off
• Battelle for Kids

Link to full report: IR-22-147-001_weekly147.pdf

Seems Twitter is having many serious issues of late.  A few months ago, Elon Musk started a whirlwind inside and outside the social media giant.  Now regulators at the US Federal Trade Commission (FTC) issued regulatory action against Twitter.  Twitter has agreed to pay $150 million for violating a 2011 administrative order with the FTC over how it used the email addresses and phone numbers of its users for targeted advertising, the agency announced with the US Department of Justice (DOJ) on May

Malware has become an industry segment and professional developers are found to exchange, steal each other’s code and engage in collaborations. Attacks are multi-layer with diverse sophisticated software apps taking over different jobs along the attack chain from initial compromise to ultimate data exfiltration or encryption. The specific tools for each stage are highly specialized and can often be rented as a service such as Malware as a Service (MaaS0), including customer support and subscript

Credit card skimming is when someone uses an illegal device to collect the information from the magnetic stripe on your ATM, debit, or credit card. Once the individual has this information, they can copy it over to another card and use it to withdraw cash or make purchase in your name. Considering the potential financial turmoil, it's vital to do everything possible to keep your credit card data safe. 

With card skimming, the thief uses a camouflaged counterfeit card reader to record all of the

The Snatch Ransomware group was first discovered at the end of 2019. The ransomware gained publicity due to its novel encryption method in which is reboots that target machine into safe mode and disables a number of security services before encrypting files, limiting the likelihood of detection.

The Ransomware also differs from major groups as they use targeted attacks rather than large phishing campaigns to gain access to specific companies. The group has been described as a big game hunter tha

A rise in any price by 92% hurts.  That's real cash like money.  This is the kind of thing that starts cutting into your whole cyber budget.  The Wall Street Journal (WSJ) recently reported, "Many US cyber insurers dramatically increased their rates during 2021, alarmed by a rash of cyber-attacks that struck companies around the world and drew the attention of national governments.  Data from regulatory filings and collated by ratings agencies shows that among the largest insurers, direct writte

When a small business owner is faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and unnecessary. However, this disregard for IT security is being exploited by cybercriminals.[1]  Researchers at Kaspersky report the dynamics of attacks on small and medium-sized businesses between January and April 2022 and the same period in 2021 to identify which threats pose an increasing danger to entrepren

There is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1]  The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa

Before becoming a bug bounty hunter, Hector was living a completely different life.  Back in 2019, he lost his job.  With only a high school education, he bounced around to make ends meet.  He sold popcorn at the cinema, then cellphones, and eventually joined the Coast Guard.  Things got a bit more desperate as his debt compounded. Yet, he fought back.  He pivoted to odd jobs like washing dishes and doing chores for his abuela. He did what he could find for pocket change.[1]

Then one day, he saw

Activity Summary - Week Ending on 20 May 2022:

• Red Sky Alliance identified 33,648 connections from new IP’s checking in with our Sinkholes
• InterServer Inc. has Issues
• Analysts identified 1,553 new IP addresses participating in various Botnets
• Sality remains our top Malware Variant
• Apache LogJ4 and LogJ4 2 still an issue / CVE-2021-44228
• Nerbian RAT
• Blind Eagle APT
• SEGs and ICES
• Wizard Spider in Russia

Link to full report: IR-22-140-001_weekly140.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-139-001_IntelSummary139.pdf

Wellington Whimpy used to say, “I'll gladly pay you Tuesday for a hamburger today.” The manager of a State of Illinois White Castle restaurant is seeking enforcement of the state's biometric data privacy law on behalf of all the chain's employees for what she claims is a decade of violations. The proposed class-action lawsuit against the fast-food chain, known for its hamburgers, alleges that fingerprint scans used to access restaurant computer systems violate the State of Illinois Biometric Inf