X-Industry

With the terrible flight issues with Southwest Airlines during the recent holidays in the rearview mirror, there now has been another airline shutdown, which the US Federal Aviation Administration (FAA) is calling an “outage.”  An overnight computer outage late on 10 January 2023 at the FAA lead to widespread flight delays and disruptions which is now cascading into hundreds of flight delays.  This just like a few weeks ago.[1] 

The FAA said the “outage” was in the Notice to Air Missions system,

At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses.  However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyber-attacks.

Check Point Research’s (CPR) previously reported and described how ChatGPT successfully conducted a full infection

We are only 10 days into 2023 and already a ransomware attacks continue to escalate.  San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency.  BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday.  The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the

In the past several years, Red Sky Alliance has tracked vessel spoofing is seen all along the transportation supply chain.  Now we are hearing that DNV Maritime has reported a cyber-attack on its ShipManager software that forced the company to take its servers offline.  The incident was detected on 7 January 2023, and DNV said its experts are working with IT security partners to put in place a technical recovery plan and ensure operations are online as soon as possible.[1]​

Meanwhile, users can

FortiGard has shared a great technical report on Monti, BlackHunt and Putin Ransomware. 

Affected platforms: Microsoft Windows
Impacted parties:   Microsoft Windows Users
Impact:                   Encrypts files and demands ransom for file decryption
Severity level:         High

Monti Ransomware:  Monti is a relatively new ransomware designed to encrypt files on Linux systems. Files encrypted by Monti ransomware have a ".puuuk” file extension. We are also aware of reports of potential Monti vari

A few years ago, while visiting old friends in a major metropolitan midwestern city where I grew up, I had the chance to meet an old friend who was working part-time as an IT consultant for a city suburb.  This city had its own network and a municipal level court system network.  He told me they were hit three times in the recent past by hackers.  I asked if any law enforcement agency investigated it and his answer was, “no, we back-up our data every evening and just recovered the following day.

Activity Summary - Week Ending on 6 January 2023:

• Red Sky Alliance identified 32,773 connections from new IP’s checking in with our Sinkholes
• Amazon in Singapore hit 32x
• Analysts identified 492 new IP addresses participating in various Botnets
• Red Sky Dark Web Collection for 2022
• LockBit seen twice in Top 5 Malware
• Indian Job Seeker data stolen (IR-23-005-001)
• The Meta Eire Fine
• Five Guys Burgers

Red Sky Alliance Compromised (C2) IP’s 

An Elasticsearch server belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.  However, the data is not limited to jobseeker as the server is also exposing the company’s employees’ data.  Another important aspect of this data exposure is the fact that it also contains the company’s client records from different companies, including Apple and Samsung.

This was confirm

Our friends at The Record shared some concerning news for the US.  More than 200 local governments, schools and hospitals in the US were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.

The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.  These figures are based only on public

In 2023, companies and organizations are cope with more sophisticated and higher levels of widespread cyber threats with a dwindling set of competent security resources. And the technologies they use to bring services and applications online are perpetually changing, while their operations and development teams remain under constant scrutiny to execute and employ updated or new features and services faster than ever needed before.  Bring all these factors together and they create an even riskier

Red Sky Alliance has often reported on auto dealerships in the past.  Many dealerships were woefully unprepared for cyber-attacks, especially with car sales during Covid.  So, this news is a huge step in the right direction. The Reynolds and Reynolds Company announced the start of construction of a security operations center (SOC) for Proton Dealership IT.  The SOC will be built on-site at Reynolds’ headquarters in Dayton, Ohio.  Reynolds acquired Proton in summer 2022.

The SOC will be a key com

RisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

Someone or some group is attacking the US electrical power grid.  Specifically in the Seattle, WA area which comes after a series of similar incidents elsewhere in the Pacific Northwest as well as in Florida.  And law enforcement has never caught the guy who attacked the electrical grid down in North Carolina earlier in December 2022.  These were physical attacks which involved alleged shooting up power substation.[1]  As evident, these are physical attacks, not even cyber-attacks.

Shooting with

Hospitals on the front line of cyberattacks are increasingly strained under the often deadly conditions created by such hacks.  Capitalizing on the chaos of the COVID-19 pandemic, cyber criminals frequently shut down hospital networks at a time when they were overwhelmed, leading to limited emergency services, canceled surgeries, and a spike in deaths.  Hackers used to treat hospitals as ‘off limits.’  Not the case anymore.

Cyber-attacks have long been viewed as less lethal than missile strikes,

North Korea’s BlueNoroff hackers have updated their strategies and delivery techniques in a new wave of attacks targeting banks and venture capital firms according to cyber threat investigators.  Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyber-attacks targeting banks, cryptocurrency firms, and other financial institutions.

The campaign by BlueNoroff has been in operation at least since 2017.  It us

The Godfather Android banking trojan has been observed targeting over 400 banking and crypto applications in 16 countries. Godfather was initially observed in June 2021 and is believed to be the successor of the Anubis banking trojan, likely built on top of the Anubis source code that leaked in 2019.  Compared to Anubis, Godfather features updated command-and-control (C&C) communication and implementation, a modified traffic encryption algorithm, a new module for managing virtual network computi

Tis the season for cybersecurity and IT teams have to send out a company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game.  We will see an increase in activity as hackers continue to introduce e-commerce scams and holiday-themed phishing attacks.  Hackers love to use these tactics to trick end users into compromising not only their personal data but also their organization data.

Use this time o

End of 2022 - Week Ending 30 December 2022:

• Red Sky Alliance identified 19,712 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca in NYC hit 23x
• Analysts identified 867 new IP addresses participating in various Botnets
• 2022-2023ZeroBot
• Ten (10) Data Set Stats
• Red Sky Tools
• Red Sky Partners
• LastPass

Link to .pdf : IR-22-364-001_weekly364.pdf

A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyber threat investigators reported.  RisePro, a new malware, was recently observed on a dark web forum run by Russian cybercriminals.  Since 13 December 2022, the virus has been offered for sale as a log credential stealer on underground forums, leading many to believe it is a clone of the Vidar Stealer.  RisePro was featured on a Russian Market cybercrim

A major insurance company is seriously re-thinking insuring for cyber-attacks.  As cyber-attacks continue to grow, they will become “uninsurable,” the CEO of Europe’s Zurich Insurance said.  The Financial Times broke the story earlier this week predicting that cyber-attacks could pose a larger threat to insurers than systemic issues like pandemics and climate change.  “What will become uninsurable is going to be cyber,” Zurich said. “What if someone takes control of vital parts of our infrastruc