X-Industry

Activity Summary - Week Ending on 25 November 2022:

• Red Sky Alliance identified 26,613 connections from new IP’s checking in with our Sinkholes
• Contabo GmbH in Germany hit 100x
• Analysts identified 769 new IP addresses participating in various Botnets
• New RapperBot Campaign
• Somnia Ransomware
• New Inlock and Xorist Variants
• Debugging .NET Malware
• Iranian Drones
• City of Westmount, Quebec hit
• Nord Stream2 and AIS
• Kiwi Attacks

Link to full report: IR-22-329-001_weekly329.pdf

The SEC's new rule requires public companies to report material cybersecurity incidents within four business days after determining that an event has occurred.   Many organizations ignored the topic when discussions about cybersecurity came up, but as more businesses are victimized by hackers and experience effects that hit their bottom line in ways that require them to share the information with regulators.  But changes are coming to the rules of the Securities and Exchange Commission that will

A China-based cyber actor group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019.   The threat actor, Fangxiao, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017.  Fangxiao targets businesses in multiple verticals, including retail, banking, travel, and energy.  The offers promised financial or physical incentives are used to trick victims into further sprea

Swashbuckling pirates and sabotage on the high seas have gone digital.  Ransomware has replaced the cutlass.  In fact, the entirety of modern conflict has evolved into Fifth Generation Warfare with information and perception as its framework.  Often referred to as the "Gray Zone" or "hybrid warfare," the term encompasses cyberattacks, nonviolent economic pressure and disinformation campaigns.[1]

It’s the weaponization of anything.  The threat is massive and echoed by many.  Klaus Schwab, Founder

Security researchers are alerting about an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer.  The attackers have been active since October 2022.  The attack was uncovered by investigators on 01 November 2022, with the attackers copying existing popular libraries and injecting a malicious ‘import’ statement into them. The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which f

The holidays are when people unknowingly let their guard down, and cybercriminals know it.  They take advantage of people at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as the staff takes vacation time and someone not used to a certain role might be covering for another employee.  It is a holiday recipe for potential disaster.

See:  https://redskyalliance.org/xindustry/holiday-2021-tip-to-stay-safe-1

Th

Recorded Future has shared information regarding potential threats to the 2022 World Cup soccer matches set in Qatar.  Email-based phishing attacks targeting the Middle East doubled in October in the lead up to the World Cup in Qatar, according to new research from Trellix.  Many of the emails purport to come from the FIFA help desk or ticketing office while some impersonate specific team managers and departments.  Others claim to be notifications about bans implemented by FIFA, or spoof Snoonu,

The US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.  FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents.  Victims of ransomware operations should report the incident to thei

According to cyber experts, threat groups are making nearly 1,000 attempts to hack account passwords every single second and they are more determined to succeed with the number of attacks increasing.  This analysis comes from Microsoft's Digital Defense Report 2022 and are based on research of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services. 

The report cautions that cyber-attacks are increasing, with account passwords still very much the

The ramifications from the 2017 NotPetya attack, which the US government said was caused by a Russian cyber-attack in Ukraine, continues to be felt worldwide as now cyber insurers are modifying coverage exclusions; that is - expanding the definition of these attacks as an "act of war."  This 5-year-old cyber-attack appears to be leading the insurance industry on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with fa

Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

Activity Summary - Week Ending on 10 November 2022:

• Red Sky Alliance identified 23,574 connections from new IP’s checking in with our Sinkholes
• Timeweb[.]ru hit 251x – for the 2^nd Week
• Analysts identified 1,762 new IP addresses participating in various Botnets
• Patching is Very Important
• Microsoft Patch Tuesday
• YouTube - You’re Not Helping
• Vidar stealer
• Stolen Data in Australia
• Lloyd’s of London
• School System Stands its Ground
• Oil & Gas - ABBs

Link to full report: IR-22-313-001_weekly313.pdf

Hundreds of regional and national news websites in the United States are delivering malware because of a supply chain attack involving one of their service providers. Cybersecurity researchers reported on 02 November 2022 that a threat actor it tracks as TA569 appears to be behind the attack.  The hackers have targeted an unnamed media company that serves many news outlets in the US.

The service provider delivers content to its partners via a JavaScript file.  The attacker modified the noted cod

Impending doom looked foreseeable with Elon Musk’s $44 billion acquisition of Twitter and began to show early on even before the billionaire completed his purchase.  From the daily tit-for-tat on his Twitter acquisition stance, it became apparent to some that that Musk’s indecisive nature foretold an ominous future for Twitter.  However, the actual chaos ensued just hours after Musk became the largest stakeholder in the bird app.  From his plan to grant a “blue tick” verification symbol to anyon

The internet opened the door to a realm of possibilities that permanently changed the business and social landscape and our personal lives.  Most users are no longer restricted to dial-up; many of us now consider access to a stable internet connection as a critical aspect of our daily lives. We pay our bills online, check our bank statements, communicate via email, and maintain a presence on social media.  Many users rely on the web for work and entertainment, and seeking out information through

According to a new report published by cybersecurity firm Group-IB, a French-speaking cybercrime group may have stolen more than $30 million from banks and other types of organizations in the past years.  The threat actor has been named Opera1er. Some of its activities were previously investigated by others, who have named it Common Raven, Desktop-Group, and NXSMS.

The cyber threat investigators are aware of 30 successful attacks between 2019 and 2021. In many cases, the same victim was attacked

Robots are taking over the world.  According to Oxford Economics, there will be 14 million robots in China by 2030 and 20 million worldwide.  In the USA, robots will modify or replace 1.5 million job positions.  Labor shortages due to the COVID-19 pandemic encouraged both manufacturers and warehouse companies to partner with robotic companies to optimize human and robot collaboration.   We have already seen robots build robots, what is next?

Now enter the engineers from Google, they have unveile

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead-up to and after the 2022 midterm elections.  Foreign actors may intensify efforts to influence the outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure.  Additionally, th

A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt.  Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on.  The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.  DSB is the largest train operating company in Denmark.[1]

“Trains throughout th

Activity Summary - Week Ending on 4 November 2022:

• Red Sky Alliance identified 20,715 connections from new IP’s checking in with our Sinkholes
• Timeweb[.]ru hit 204x
• Analysts identified 1,260 new IP addresses participating in various Botnets
• ShadowPad
• DramaQq
• British Cyber Spies
• Small Business Cyber Security
• German Copper
• Star Gazing stopped in Chile
• French Defense Firm Attack
• Can You Remember ?

Link

Link to full report: IR-22-307-001_weekly308.pdf