Shipping is an indispensable part of modern life. It is the lifeblood of the global economy, with numerous large companies (and their equally large container ships) perpetually moving goods from one corner of the earth to the other to provide consumers and industries with the necessities of life. Due to the critical importance of shipping and receiving goods to most organizations, threat actors often use shipping as a lure for phishing emails: such as false invoices, changes in shipping delive
All Articles (1975)
Sort by
Keyloggers have been around for decades. They have constantly adapted to the changing technology landscape and remain an effective method used by attackers to obtain information about computer users. In this report we take a look at what keyloggers do, how they have changed, and what keyloggers to look out for going forward.
Keyloggers are software or hardware devices used to record keyboard inputs by users on a computer. They were originally invented for corporations to monitor employee comput
Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.
The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]
Since mid-2021, TrendMicro analysts have been investigating a threat actor called Earth Lusca (EL) that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes. This group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 rese
Activity Summary - Week Ending on 21 January 2022:
- Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
- Microsoft IP hit again
- Analysts identified 4,093 new IP addresses participating in various Botnets
- SysJoker Backdoor
- Konni Campaign
- Take Down of VPNLab.net
- Russia shuts down REvil, huh?
- Brookings Blog on Russia
- SilverTerrier sent to the Kennel
- China and the Olympics
- Up-Date on Ukraine Hit
Link to full report: IR-22-021-001_weekly021.pdf
The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021. Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have
Cybersecurity is more than meets the eye. Proper security contains several layers, including adequate training and technology, to meet HIPAA compliance guidelines. Healthcare organizations are responsible for implementing robust cybersecurity strategies to prevent cyberattacks. The healthcare industry claims to prioritize cybersecurity efforts, yet 18% of organizations allocate only 1-2% of their IT budgets to cybersecurity. Covered entities who choose not to prioritize proper cybersecurity l
In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted
In the US, 5G services are planned for launch beginning 19 January 2022 using frequencies in a radio spectrum called the C-band. These frequencies can be close to those used by radar altimeters, an important piece of safety equipment in aircraft. Because the proposed 5G deployment involves a new combination of power levels, frequencies, proximity to flight operations, and other factors, the US Federal Aviation Administration (FAA) will impose restrictions on flight operations using certain typ
The Sygnia’s Incident Response team recently discovered a threat group conducting financial theft by subtly stealing millions of dollars from financial and commerce companies’ systems, all the while hiding in plain sight. The criminal group operates inside the victims’ networks for months while studying their financial systems and injecting fraudulent transactions into regular activity.
Titled Elephant Beetle or TG2003, the cyber threat group does not develop new zero-day exploits to commit fin
Activity Summary - Week Ending on 14 January 2022:
- Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
- Microsoft IP’s in UK and N. Ireland hit
- Analysts identified 1,435 new IP addresses participating in various Botnets
- Rook Ransomware
- More Log4j
- Ukraine Cyber Bust
- UK NHS
- Who’s Winning?
- Google Docs
- The Electric Grid’s Hot Wires
- BLM suing LAPD
Link to full report: IR-22-014-001_weekly014.pdf
At the onset of the global pandemic, the UK’s Cambridge Cybercrime Centre observed a significant increase in murderous fantasies expressed online within the incel community. An ‘incel’ is a member of an online subculture of people who define themselves as unable to get a romantic or sexual partner despite desiring one. The level of online activity, as well as the tone, had grown increasingly threatening. Fortunately, that level of violent ideation settled down over time but now has resurfacin
ONUS, the Vietnamese crypto trading platform, recently experienced an attack stemming from the Log4j vulnerability (CVE-2021-44228).[1] ONUS allows users to trade crypto currencies through their app which is available for iOS and Android. The organization has grown significantly in the past 18 months since the app’s launch in March of 2020, with a large portion of users in Vietnam, Nigeria, and the Philippines.[2]
Financial organizations and crypto platforms in particular are juicy targets for a
Considering the sensitive information it holds, it is no wonder that the financial services industry continues to be one of the most targeted critical infrastructure sectors by current cyber-criminals. Recent societal and technological changes during 2021 have made matters worse.
The ongoing COVID-19 pandemic has created a ripe target field for cyberthreats as industries and individuals alike became vulnerable as they wrestled with remote working practices, mass digital disruption, and widening
A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance: https://www.brightcove.com According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected real-estate-related sites. At least 100 of them were successfully infected.
A full list of affected websites can be found here:
https://github.com/pan-unit42/iocs/blob/master/Skimmer
Mailing Malware. You just can’t make this up: but the oldest cyber threat tactic is back again. A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI. The USB drives contain so-called 'BadUSB' attacks. They were sent in the mail through the US Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Ser
Activity Summary - Week Ending on 7 January 2022:
- Red Sky Alliance identified 25,112 connections from new IP’s checking in with our Sinkholes
- 227.12[.]174 x 182
- Analysts identified 1,148 new IP addresses participating in various Botnets
- (5) Ransomware Attack Techniques
- CVE-2021-42278 and CVE-2021-42287
- Lapsus$
- Omicrom Scams
- ONUS Attacked by a Log4j Version
- Insider Threats
- Walmart, Part II
- Sunrise Movement
Link to full report: IR-22-007-001_weekly007.pdf
Our friends at the National Defense Transportation Association (NDTA) shared a PowerPoint from the BIO-ISAC that explains recent cyber-attacks on Bio-Manufacturing research and development companies. A serious APT attack has been identified in the biomanufacturing sector that has been found within a pharmaceutical company that is involved in COVID-19 therapeutics, as well as another pharmaceutical company.
The APT is named Tardigrade and was publicly announced on 22 November 2021. As with any
Cyber security investigators have reported that replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases in 2022. The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original singular victim or may choose to cherry-pick from the most valuable potential targets. This can save cy
