X-Industry

Activity Summary - Week Ending on 26 August 2022:

• Red Sky Alliance identified 30,967 connections from new IP’s checking in with our Sinkholes
• Microsoft hit
• Analysts identified 2,019 new IP addresses participating in various Botnets
• DarkyLock, Gwisin, vvyu, Kriptor
• Cuba Ransomware
• DiDi Chinese Ride Share
• India hit Hard
• Psychology and Cyber Security
• LockBit in France
• Center Hospital Sud Francilien & La Poste Mobile Hit

Link to full report: IR-22-238-001_weekly238.pdf

Benjamin Franklin had it right so many years ago: “An Ounce of Prevention is Worth a Pound in Cure.”  An ounce of prevention in cyber security is now a requirement.  Due to the number of cybersecurity firms that have entered the market in recent years, it is evident that all industries are reaching a level of heightened anxiety.  Some organizations are on alert because they know their networks have already been targeted by state-sponsored hackers, others know their executives are being targeted

A security awareness and training program is a critical element of any organization. It is how we can distribute security information in the workforce. By establishing and maintaining a robust security awareness and training program we can provide the workforce with the information and tools, they need to protect the organization's vital information. In this aspect, all users have information security responsibilities.

It is not unusual for organizations to treat awareness and training as two se

Since 2018, Proofpoint researchers have tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Latin America and sometimes North America, and western Europe.  The actor sends malicious emails written in Portuguese, Spanish, and sometimes English.  The emails use reservation-themed lures with business-relevant themes such as hotel room bookings.  The emails may contain malicious attachments or URLs aiming to distribute one of at l

Pen testing and vulnerability scanning are often confused for the same service.  The problem is business owners often use one when they really need the other.  People frequently confuse penetration testing and vulnerability scanning.  Both services look for weaknesses in your IT infrastructure by exploring your systems the same way an actual hacker would.

Penetration testing is a manual security assessment where cyber security professional attempts to find a way to break into your systems.  It's

Back in 1968, the Rolling Stones came out with a song titled, “Sympathy for the Devil.”  The lyrics try to offer sympathy for a demon.  So, the following story of a kid hacker tries to offer some sympathy for a criminal hacker.  As one of Britain’s most notorious cyber criminals, Daniel Kelley played a leading role in the 2015 TalkTalk data breach. The hack was catastrophic for the telecoms firm, resulting in a financial loss of £77 million (€90.7 million) and the stolen data of over 150,000 cus

Tesla is set to unveil a new humanoid robot, Optimus, in late September 2022.  There has been a lot of speculation surrounding Tesla's strategy in entering the robotics market, and a recent post by Elon Musk sheds some new light.

In the post, published in China's Cyberspace Administration's official publication, Musk continued to make the point underlined since announcing the Tesla Bot project in 2021: That Tesla, because of its major investments in autonomous driving, is arguably the biggest ro

Google Cloud has claimed to have blocked the largest Layer 7 (HTTPS) DDoS attack to date after a Cloud Armor customer was targeted by a series of attacks that peaked at 46 million requests per second (rps).  Google explained the attack, which occurred on 1 June 2022, was at least 76% larger than the previously reported HTTPS DDoS record and showed characteristics that link it to the Mēris attack family.

Google said its Cloud Armor Adaptive Protection was able to detect and analyze the traffic ea

FortiGuard Labs researchers have been tracking a quickly evolving IoT malware family known as “RapperBot” since mid-June 2022.  This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.  In addition, recent samples show that its developers have started adding code to maintain persistence, which is rarely done

The Ukrainian energy agency responsible for the oversight and safe operation of the nation’s nuclear power plants said earlier this week that Russian hackers had launched their most ambitious effort yet on the company’s official website.  The attack appeared to fail and there was no indication that it threatened to disrupt the Ukrainian power grid or the company’s oversight of the nation’s 15 working  nuclear reactors.

The company, Energoatom,[1] said it had managed to keep the attack from being

Activity Summary - Week Ending on 19 August 2022:

• Red Sky Alliance identified 23,756 connections from new IP’s checking in with our Sinkholes
• com x18
• Analysts identified 2,529 new IP addresses participating in various Botnets
• Redeemer, Beamed, and Araicrypt
• Mars Stealer
• Chinese Porn
• DSE
• Lapsus$ Group
• Seaborgium and NATO
• Bitter APT & APT36

Link to full report: IR-22-231-001_weekly231.pdf

Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

We do not recommend this, but if you happened to be sneaking onto Cape Canaveral Space Force Station in late July 2022, you would have had a short visit.  Space Force conducted a demonstration where two robot dogs, built by Ghost Robotics, conducted patrols in advance of potential broader adoption of the platforms for critical perimeter security. The robot dogs are known as Vision 60 Q-UGVs, for quadruped unmanned ground vehicles. Bearing more than a passing similarity to Boston Dynamics' quadru

Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information from the victims’ machines.   Investigators are warning of two such packages ‘ultrarequests’ and ‘pyquest’ that were masquerading as ‘requests’, a highly popular open source package.  The malicious repositories copied the description from the legitimate package and contained fake statistics.  PyPI as an index which allows users to search for packages by keywords o

Attacks on educational facilities continue to plague the .edu world.  A local US, Kentucky university was hit with a cyberattack that has left it with embarrassing and inappropriate pictures on their social media account that they cannot take down.  Thomas More University’s Facebook account was hacked, and all of their account managers are locked out.  “About three weeks ago we got a notice that told us all of the university administrators, who are admins on the page, have been removed,” said vi

The US Department of Treasury placed sanctions on 08 August 2022 regarding Tornado Cash, a leading "crypto mixer" for transactions in virtual currency that US officials describe as a hub for laundering stolen funds, including by North Korean hackers.   The Treasury Department reported Tornado Cash had been used to transfer at least $96 million of funds stolen in June from crypto exchange service Harmony Bridge and another $7.8 million of the nearly $200 million in cryptocurrency hacked from Noma

Are Zombies real?  According to a recent report, they may very well be real.   In a tongue-in-cheek report, Kevin Sheridan offers his observations and recommendations on the real “Working Dead.”  “Several years ago, I got wrapped up in the TV Show AMC called ‘The Walking Dead.’  For those who have not seen it, the show is about the world being taken over by Zombies who savagely bite living people and transform them into fellow Zombies.  While doing keynote speeches at national and international

With criminals beginning to use deepfake video technology[1] to spoof an identity in live online job interviews, security researchers have highlighted one simple way to spot a deepfake: just ask the person to turn their face sideways.  The reason for this as a potential handy authentication check is that deepfake AI models, while good at recreating front-on views of a person's face are not adequate for presenting side-on or profile views like those seen in a mug shot.

Camera apps have become inc

During the current proxy ‘WWIII,’ Russia and Ukraine continue to battle on the cyber side of the war between the two nations.  Both sides have launched cyber-attacks against each other in offensive ways, such as Russian threat actors taking over radio stations to spread misinformation of Ukraine’s President.  Current events show that the hacking might be getting a lot more serious and could cost more lives.

Pro-Russia hacking groups claim that they have developed "a new type of attack" that can

It was once the case that only governments had the technical ability to penetrate secure data, telecoms networks and the devices connected to them.  The threat now posed by private firms with cyber capabilities that rival the world’s most skilled spy agencies, is not widely known.  The lucrative spy-for-hire industry targets people and organizations with aims to collect their intelligence information and monitor/analyze them to infiltrate their tech devices.  These operations will silently get t