Swashbuckling pirates and sabotage on the high seas have gone digital. Ransomware has replaced the cutlass. In fact, the entirety of modern conflict has evolved into Fifth Generation Warfare with information and perception as its framework. Often referred to as the "Gray Zone" or "hybrid warfare," the term encompasses cyberattacks, nonviolent economic pressure and disinformation campaigns.[1]
It’s the weaponization of anything. The threat is massive and echoed by many. Klaus Schwab, Founder
Security researchers are alerting about an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer. The attackers have been active since October 2022. The attack was uncovered by investigators on 01 November 2022, with the attackers copying existing popular libraries and injecting a malicious ‘import’ statement into them. The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which f
The holidays are when people unknowingly let their guard down, and cybercriminals know it. They take advantage of people at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as the staff takes vacation time and someone not used to a certain role might be covering for another employee. It is a holiday recipe for potential disaster.
See: https://redskyalliance.org/xindustry/holiday-2021-tip-to-stay-safe-1
Th
Recorded Future has shared information regarding potential threats to the 2022 World Cup soccer matches set in Qatar. Email-based phishing attacks targeting the Middle East doubled in October in the lead up to the World Cup in Qatar, according to new research from Trellix. Many of the emails purport to come from the FIFA help desk or ticketing office while some impersonate specific team managers and departments. Others claim to be notifications about bans implemented by FIFA, or spoof Snoonu,
The US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022. FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents. Victims of ransomware operations should report the incident to thei
According to cyber experts, threat groups are making nearly 1,000 attempts to hack account passwords every single second and they are more determined to succeed with the number of attacks increasing. This analysis comes from Microsoft's Digital Defense Report 2022 and are based on research of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services.
The report cautions that cyber-attacks are increasing, with account passwords still very much the
The ramifications from the 2017 NotPetya attack, which the US government said was caused by a Russian cyber-attack in Ukraine, continues to be felt worldwide as now cyber insurers are modifying coverage exclusions; that is - expanding the definition of these attacks as an "act of war." This 5-year-old cyber-attack appears to be leading the insurance industry on its head.
Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with fa
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc
Link to full report: IR-22-313-001_weekly313.pdf
Hundreds of regional and national news websites in the United States are delivering malware because of a supply chain attack involving one of their service providers. Cybersecurity researchers reported on 02 November 2022 that a threat actor it tracks as TA569 appears to be behind the attack. The hackers have targeted an unnamed media company that serves many news outlets in the US.
The service provider delivers content to its partners via a JavaScript file. The attacker modified the noted cod
Impending doom looked foreseeable with Elon Musk’s $44 billion acquisition of Twitter and began to show early on even before the billionaire completed his purchase. From the daily tit-for-tat on his Twitter acquisition stance, it became apparent to some that that Musk’s indecisive nature foretold an ominous future for Twitter. However, the actual chaos ensued just hours after Musk became the largest stakeholder in the bird app. From his plan to grant a “blue tick” verification symbol to anyon
The internet opened the door to a realm of possibilities that permanently changed the business and social landscape and our personal lives. Most users are no longer restricted to dial-up; many of us now consider access to a stable internet connection as a critical aspect of our daily lives. We pay our bills online, check our bank statements, communicate via email, and maintain a presence on social media. Many users rely on the web for work and entertainment, and seeking out information through
According to a new report published by cybersecurity firm Group-IB, a French-speaking cybercrime group may have stolen more than $30 million from banks and other types of organizations in the past years. The threat actor has been named Opera1er. Some of its activities were previously investigated by others, who have named it Common Raven, Desktop-Group, and NXSMS.
The cyber threat investigators are aware of 30 successful attacks between 2019 and 2021. In many cases, the same victim was attacked
Robots are taking over the world. According to Oxford Economics, there will be 14 million robots in China by 2030 and 20 million worldwide. In the USA, robots will modify or replace 1.5 million job positions. Labor shortages due to the COVID-19 pandemic encouraged both manufacturers and warehouse companies to partner with robotic companies to optimize human and robot collaboration. We have already seen robots build robots, what is next?
Now enter the engineers from Google, they have unveile
The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead-up to and after the 2022 midterm elections. Foreign actors may intensify efforts to influence the outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure. Additionally, th
A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt. Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on. The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities. DSB is the largest train operating company in Denmark.[1]
“Trains throughout th
Link
Link to full report: IR-22-307-001_weekly308.pdf
Red Sky Alliance maintains a substantial dark web collections data set and we make this data available to our customers through our CTAC, RedXray, and API products. This gives customers the opportunity to explore and perform analyses on dark web data without the need for establishing a safe infrastructure for navigating the Tor network. To date we have collected over 1.4 million data points across 80 dark web sites. The set of sites that we collect from on an ongoing basis will change with ne
A Ukrainian man has been charged with computer fraud for allegedly infecting millions of computers with malware in a cybercrime operation known as "Raccoon Infostealer," the US Justice Department (DOJ) said 25 October 2022. Mark Sokolovsky, 26, is being held in the Netherlands and the US is seeking his extradition, the DOJ said in a statement.
It said Raccoon Stealer malware was leased to cybercriminals for $200 a month, payable in cryptocurrency. The malware was then installed on the computer
ShadowPad is a modular malware platform privately shared with multiple PRC-linked threat actors since 2015. According to SentinelOne, ShadowPad is highly likely the successor to PlugX. Due to its prevalence in the cyber espionage field, the VMware Threat Analysis Unit (TAU) was motivated to analyze the command and control (C2) protocol to discover active ShadowPad C2s on the Internet. C2 Protocol: ShadowPad supports six C2 protocols: TCP, SSL, HTTP, HTTPS, UDP, and DNS. In this research[1]
