X-Industry

A few years ago, while visiting old friends in a major metropolitan midwestern city where I grew up, I had the chance to meet an old friend who was working part-time as an IT consultant for a city suburb.  This city had its own network and a municipal level court system network.  He told me they were hit three times in the recent past by hackers.  I asked if any law enforcement agency investigated it and his answer was, “no, we back-up our data every evening and just recovered the following day.

Activity Summary - Week Ending on 6 January 2023:

• Red Sky Alliance identified 32,773 connections from new IP’s checking in with our Sinkholes
• Amazon in Singapore hit 32x
• Analysts identified 492 new IP addresses participating in various Botnets
• Red Sky Dark Web Collection for 2022
• LockBit seen twice in Top 5 Malware
• Indian Job Seeker data stolen (IR-23-005-001)
• The Meta Eire Fine
• Five Guys Burgers

Red Sky Alliance Compromised (C2) IP’s 

An Elasticsearch server belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.  However, the data is not limited to jobseeker as the server is also exposing the company’s employees’ data.  Another important aspect of this data exposure is the fact that it also contains the company’s client records from different companies, including Apple and Samsung.

This was confirm

Our friends at The Record shared some concerning news for the US.  More than 200 local governments, schools and hospitals in the US were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.

The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.  These figures are based only on public

In 2023, companies and organizations are cope with more sophisticated and higher levels of widespread cyber threats with a dwindling set of competent security resources. And the technologies they use to bring services and applications online are perpetually changing, while their operations and development teams remain under constant scrutiny to execute and employ updated or new features and services faster than ever needed before.  Bring all these factors together and they create an even riskier

Red Sky Alliance has often reported on auto dealerships in the past.  Many dealerships were woefully unprepared for cyber-attacks, especially with car sales during Covid.  So, this news is a huge step in the right direction. The Reynolds and Reynolds Company announced the start of construction of a security operations center (SOC) for Proton Dealership IT.  The SOC will be built on-site at Reynolds’ headquarters in Dayton, Ohio.  Reynolds acquired Proton in summer 2022.

The SOC will be a key com

RisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

Someone or some group is attacking the US electrical power grid.  Specifically in the Seattle, WA area which comes after a series of similar incidents elsewhere in the Pacific Northwest as well as in Florida.  And law enforcement has never caught the guy who attacked the electrical grid down in North Carolina earlier in December 2022.  These were physical attacks which involved alleged shooting up power substation.[1]  As evident, these are physical attacks, not even cyber-attacks.

Shooting with

Hospitals on the front line of cyberattacks are increasingly strained under the often deadly conditions created by such hacks.  Capitalizing on the chaos of the COVID-19 pandemic, cyber criminals frequently shut down hospital networks at a time when they were overwhelmed, leading to limited emergency services, canceled surgeries, and a spike in deaths.  Hackers used to treat hospitals as ‘off limits.’  Not the case anymore.

Cyber-attacks have long been viewed as less lethal than missile strikes,

North Korea’s BlueNoroff hackers have updated their strategies and delivery techniques in a new wave of attacks targeting banks and venture capital firms according to cyber threat investigators.  Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyber-attacks targeting banks, cryptocurrency firms, and other financial institutions.

The campaign by BlueNoroff has been in operation at least since 2017.  It us

The Godfather Android banking trojan has been observed targeting over 400 banking and crypto applications in 16 countries. Godfather was initially observed in June 2021 and is believed to be the successor of the Anubis banking trojan, likely built on top of the Anubis source code that leaked in 2019.  Compared to Anubis, Godfather features updated command-and-control (C&C) communication and implementation, a modified traffic encryption algorithm, a new module for managing virtual network computi

Tis the season for cybersecurity and IT teams have to send out a company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game.  We will see an increase in activity as hackers continue to introduce e-commerce scams and holiday-themed phishing attacks.  Hackers love to use these tactics to trick end users into compromising not only their personal data but also their organization data.

Use this time o

End of 2022 - Week Ending 30 December 2022:

• Red Sky Alliance identified 19,712 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca in NYC hit 23x
• Analysts identified 867 new IP addresses participating in various Botnets
• 2022-2023ZeroBot
• Ten (10) Data Set Stats
• Red Sky Tools
• Red Sky Partners
• LastPass

Link to .pdf : IR-22-364-001_weekly364.pdf

A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyber threat investigators reported.  RisePro, a new malware, was recently observed on a dark web forum run by Russian cybercriminals.  Since 13 December 2022, the virus has been offered for sale as a log credential stealer on underground forums, leading many to believe it is a clone of the Vidar Stealer.  RisePro was featured on a Russian Market cybercrim

A major insurance company is seriously re-thinking insuring for cyber-attacks.  As cyber-attacks continue to grow, they will become “uninsurable,” the CEO of Europe’s Zurich Insurance said.  The Financial Times broke the story earlier this week predicting that cyber-attacks could pose a larger threat to insurers than systemic issues like pandemics and climate change.  “What will become uninsurable is going to be cyber,” Zurich said. “What if someone takes control of vital parts of our infrastruc

Cyber threat actors continue to adapt to break the latest technologies, practices, and data privacy laws. All organizations must stay ahead of cybercrime by implementing strong cybersecurity measures and programs for today and the New Year.

Expect an increase in digital supply chain attacks - With the rapid modernization and digitization of supply chains come new security risks.  Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply

The popular Royal ransomware is being used by skilled bad actors who used to be part of Conti Team One.  Between September and December 2022, Royal ransomware was used in numerous cyberattacks, which earlier this month prompted the US Department of Health and Human Services (HHS) cyber analysts to warn healthcare organizations of the risks associated with this threat.  Royal is the rebranded version of Zeon ransomware, which emerged earlier this year and was associated in August 2022 with Conti

I should not be writing this article in 2022, but sometimes the apparent need to be restated.  Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad.  For example, recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  See: https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/

As usual, all parties cried "foul play" and suggested that proper

In the past several weeks, our analysts were asked their opinions of what they believe will be the most pressing cyber security issues for the upcoming year.  I told them that you really can’t be wrong, as the malware used by all levels of hackers – is constantly changing.  Our job as cyber security professional is to try our best, based upon what we have seen recently, to identify immediate challenges in our profession. 

Are we guessing…… or do we use facts and evidence to make our expectations

Much of the world’s population observes and celebrates Christmas every December to connect with friends and family and reflect on the year.  Malware operators also observe the holiday, perennially attempting to compromise the systems of users who have let their guard down during the festivities.

Affected Platforms: Windows
Impacted Users: Windows users
Impact: Malware opens a backdoor and exfiltrates information from compromised machines
Severity Level: High

FortiGuard Labs has come across two h