X-Industry

Mexican media sources are reporting that hacktivist Christopher Doyon, known as 'Commander X', was captured in Mexico and extradited to the United States, where he faces over a decade's worth of criminal hacking charges.  Doyan now claims that he was illegally handed over to the US authorities and is claiming political asylum in Mexico. 

"Please tell the world that I was illegally handed over from Mexico, where I had political asylum and where I was a humanitarian refugee.  I was illegally taken

As more cities see their police departments targeted with ransomware attacks, some analysts are voicing concerns that the attacks, which could lead to inaccessible systems and potentially compromised evidence, could impede criminal prosecutions.   

Among the latest developments, the police department in the City of Azusa, Arizona, recently reported that it had been hit by ransomware in March 2021, resulting in the compromise of personally identifiable information (pii), including Social Security

The Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government.  The new cybersecurity mandates, which will replace some voluntary guidelines that had been in place for a decade, were announced Thursday in the wake of a 07 May 2021 ransomware attack that led Colonial Pipeline Co. to temporarily shut down its pipeline serving the East Coast, triggering fuel sh

The US federal authorities will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned (HIBP), the data breach notification service.  The password hashes will contribute to Pwned Passwords, a service used to help warn users against reusing passwords that have been leaked in data breaches, says Troy Hunt, the Australian developer who created Have I Been Pwned

The stolen and leaked data the FBI comes across in investigations,

At a time when ever escalating ransomware campaigns are making international headlines, it is interesting to see cyber adversaries demanding ransom before launching an attack.  The bad actors are now using marketing techniques to better message their crimes.  Researchers at ProofPoint explain a new and improved DDoS attack demonstrates how bad actors are consistently seeking more means of achieving their goals.  "DDoS attacks have become increasingly easier to launch and have a potentially subst

The decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.  JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.

The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers

"They went after our gas and they went after our hot dogs.  No one is out of bounds here. Everyone is in play here," warned Christopher Krebs, former director of cybersecurity at Department of Homeland Security.  From natural phenomena to cyberattacks like the massive SolarWinds operation and recent attack on the Colonial Gas Pipeline, security experts warn it is clear that most businesses and key infrastructure like power grids across this country are pitifully unprepared to meet such threats.

Activity Summary - Week Ending 11 June 2021:

• Red Sky Alliance identified 33,092 connections from new unique IP Addresses
• Analysts identified 1,485 new IP addresses participating in various Botnets
• Variations of dnSpy is still being used as a Lure
• Agent Tesla
• NOBELIUM
• Phishing Campaigns Targeting NGOs
• Bing v. Google and Videos
• Chinese general buys land in TX, why?
• Cloud service company Fastly, Shut Down
• SkinnyBoy
• Quanta Computer – Taiwan
• Amazon Prime accused of Spying??

Link to full report: IR-

A few days after the Colonial Pipeline was attacked, a former law enforcement source close to the company told Red Sky Alliance that law enforcement officials used a cyber type ‘dye pack’ to track the Bitcoin Colonial ransom payment.  A traditional dye pack is used in banks to be used during a bank robbery.  The robbers take the cash bundle with the dye pack and within minutes, the dye pack ignites and paints the robber with a dye, so responding police can identify the fleeing felon.  The federa

Cyber threat analysts have stated that 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce.  "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling r

Cyber-attacks seem to be occurring on a daily, if not hourly, basis.  On 8 June 2021, multiple websites went offline briefly throughout the world after an outage at the cloud service company Fastly, revealing how critical a handful of companies running the Internet's network have become.  Dozens of sites including the New York Times, CNN, some Amazon sites, Twitch, Reddit, the Guardian, and the U.K. government's home page, could not be reached.

In Asia, the cities of Hong Kong and Singapore were

The ransomware attacks inside the US don’t seem to be easing.  On 3 June 2021, at least two TV news stations were hit with ransomware and completely knocked offline with what researchers believe was a cyber-attack on their parent company – Cox Media Group. 

ABC affiliate WFTV in Orlando, Florida, and NBC affiliate WPXI in Pittsburgh, which are both owned by the Cox Media Group, were told last week by managers to shut down company computers and phones.[1]  "We are only able to communicate with ea

Activity Summary - Week Ending 4 June 2021:

• Analysts identified 1,420 new IP addresses participating in various Botnets
• Red Sky Alliance identified 39,711 connections from new unique IP Addresses
• Analysts observed 14 unique email accounts compromised with Keyloggers
• BazaLoader
• WastedLoader
• Kimsuky, Velvet Chollima, Black Banshee, or Thallium spreading AppleSeed Backdoor
• JBS Ransomware
• Farming Equipment Vulnerabilities
• Produce supplier denied Insurance claim with a fraudulent $1.4 Million Wire T

The world has entered a new era of cyberattacks.  There have been decades of viruses, breaches, and other forms of attack, last year saw increased hacker sophistication, the propensity to pay in ransomware cases, and a broad swath of geopolitical uncertainty conditions that hackers have found favorable.

The forecast for any organizations seeking or renewing cyber insurance is looking grim.

• 25% average premium increase.
• Ransomware/extortion coverage limitations-lower limits and coinsurance.
• Insu

The old trick of using a Trojan horse to deceive is still in vogue and using cyber as the lure.  A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords, and other information from victims.  Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts t

The biggest international meat supplier is under cyber-attack.  This demonstrates a new threat to global food security which has already been made fragile by the CV-19 pandemic. 

JBS SA shut its North American and Australian computer networks after an organized cyber assault on 30 May on some of its servers, JBS reported via email.  Without commenting on operations at its numerous plants, JBS said the incident may delay certain transactions with customers and suppliers.[1]  JBS SA is a Brazilian

Microsoft has discovered a large-scale spear-phishing campaign being conducted by the Russian advanced persistent threat (APT) group that has led to the breach of 3,000 email accounts across 150 organizations.

A Russian-based group called Nobelium, allegedly behind the SolarWinds attack, is at it again with a sophisticated phishing campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious cyber activities.

This time, Nobeli

Activity Summary - Week Ending 28 May 2021:

• An Apple designer and a Russian physicist continues to be Spoofed
• Analysts identified 1,872 new IP addresses participating in various Botnets
• Red Sky Alliance identified 22,469 connections from new unique IP Addresses
• DarkSide Ransomware Variant
• Web Skimming Attacks against CMS
• Dominos India hit Hard via Cell Phones
• Cyber Activists Complaining about India’s CERT
• Irish Health Service Executive still Reeling
• SITA airline on-line services still Showing D

A new information stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.   Panda Stealer malware uses spam emails and the same hard-to-detect fileless distribution method deployed by a recent Phobos ransomware campaign discovered by investigators.

The attack campaign appears to be primarily targeting users in Australia, Germany, Japan, and the United States.  Panda Stealer was discovered by Trend Micro at the beginning of A

The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.  Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.

Evil Corp is allegedly run by Russian nationals Maksim Yakub