X-Industry

The Russian government announced on 04 March 2011 that it will begin to “partially restrict” access to Facebook, according to an announcement from its internet regulatory agency Roskomnadzor.  Russia claimed that it would implement the measures, which were not specified after Facebook put its own restrictions on four Russian state-linked media outlets, the television network Zvezda, news agency RIA Novosti, and the websites Lenta.ru and Gazeta.ru.

“On 24 February 2022, Roskomnadzor sent requests

Today, organizations face cyber security incidents across every sector. Data breaches are one of the most prevalent. If we were to define a data breach, it would be, “the intentional or unintentional release of secure information to an untrusted environment” (National Forum on Education Statistics). [1]

 A data breach can come from a variety of sources, including:

• Internal threats—Actors within an organization.
• External threats—Actors from outside an organization.
• Intentional breaches—Breaches

Last week, Russia blocked access to BBC website and the media outlet resorted to broadcasting news bulletins over shortwave radio in the country.  According to a UK media report, the BBC said it was bringing back the WWII-era broadcasting technology in the region, just hours before its sites were banned.  "It's often said truth is the first casualty of war.  In a conflict where disinformation and propaganda is rife, there is a clear need for factual and independent news people can trust and in a

Activity Summary - Week Ending on 4 March 2022:

• Red Sky Alliance identified 5,761 connections from new IP’s checking in with our Sinkholes
• Malicious Keylogger data is back
• Analysts identified 5,700 new IP addresses participating in various Botnets
• Kraken Botnet
• TA2541 Part II
• Russian Hackers
• Indian Port hit with Malware
• Anonymous: Good or Bad Guys?
• Popular Journalist Hacked
• Bridgestone Americas
• US Banks on High Alert

Link to full report: IR-22-063-001_weekly063.pdf

An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other "hacktivists" to stay out of a potentially very dangerous computer war.  According to Livia Tibirna, an analyst at the European cyber security firm Sekoia www.sekoia.io, nearly 260,000 people have joined the "IT Army" of volunteer hackers, which was set up at the initiative of Ukraine's digital minister Mykhailo Fedorov.

The group, which can be accessed via the en

As news continues to break about the ongoing crisis in Western Europe, Cyber Security professionals have been busy making sense of the role that presumably planned cyber-attacks have played in the conflict between Russia and Ukraine.  A number of Russian cyber-attacks have served as a prelude to a physical invasion of Ukraine.  There is a lot of information from the past two months to unpack and new events are continuing to be reported.

A quick review of the cyber events leading up to boots on t

The common definition of Guerrilla Warfare is a form of ‘irregular’ warfare in which small groups of combatants, such as paramilitary personnel, armed civilians, or irregulars, use military tactics including ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility, to fight a larger and less-mobile traditional military.  Now enter cyber guerrilla warfare.  A Ukrainian cyber guerrilla warfare group is in the process of launching digital sabotage attacks against critical Russian

Japanese auto giant Toyota said it will restart US domestic production today, a day after all of its factories nationwide ground to a halt following a cyberattack at a parts supplier.  Production lines will be switched back on at its 14 factories across the US, Toyota said in a statement.  Yesterday’s suspension hit output of around 13,000 vehicles, sparking concern about the robustness of cybersecurity in Japan's extensive supply chain.

The issue has emerged as a key area of concern in Japan, w

With geo-political events evolving minute by minute regarding the Russian/Ukraine conflict, cyber security has been pushed to one of the top concerns relating to baniking and business enterprises.  Almost every aspect of life, commerce, governments, and military operations are tied directly to cyber activity.  Insert the added dimension of private hacking groups getting involved with this new ‘cyber-war,’ only makes the situation even more volatile. 

It is common knowledge in the cyber security

A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25^th, in the aftermath of Russia’s invasion of Ukraine.  The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an

Several days ago, our friends at FortiGuard Labs shared a valuable check list considering the current Ukrainian crisis.  We would like to share with our readers and thank Fortinet.   With Russian military operations currently underway in Ukraine, the question of whether cyber warfare will also be employed remains unanswered.  While researchers have seen cases of destructive cyber actions focused on Ukraine, at this point specific attribution is not possible. 

As a result of these actions, there

Elon Musk announced yesterday that his company SpaceX’s satellite broadband service, Starlink, has been activated in Ukraine, after the Internet was disrupted in the country due to Russia’s invasion.  “Starlink service is now active in Ukraine.  More terminals en route,” Musk wrote on Twitter in response to Ukrainian Vice Prime Minister Mykhailo Fedorov.

“[Elon Musk], while you try to colonize Mars—Russia try to occupy Ukraine! While your rockets successfully land from space—Russian rockets atta

The Russian military continues to be active in Ukraine; movements that started on 23 February.  Of interest, the cyber conflict is mirroring the military conflict with Russian government websites going dark to some parts of the world after being targeted with a flood of web traffic via a distributed denial-of-service (DDoS) attack attempting to knock them offline.  It is unclear who directed the attack or if it was successful in disrupting the sites.  However, cybersecurity researchers say the R

Activity Summary - Week Ending on 25 February 2022:

• Red Sky Alliance identified 9,248 connections from new IP’s checking in with our Sinkholes
• com[.]tr Hit 336 times last week.
• Analysts identified 9,095 new IP addresses participating in various Botnets
• DriveGuard
• Magecart
• Cloud Security
• Impacket & APT10
• CyberWar
• Stealing Discord Tokens
• Cyclops Blink
• Russian Cyber-Attacks; Ukraine Attack

Link to full report: IR-22-056-001_weekly056.pdf

This is a true story and the names and location of the victim's family have been deleted. A crypto account holder was annoyed when his phone would not stop buzzing. It looked like a robocall, so he tried to ignore it. The calls continued and then his wife’s phone also started to ring. When she picked it up, a banner came across, a notification that read, ‘Your account’s in jeopardy.’”  The warning, which he said was a text message, prompted him to pick up his phone. That was when the couple’s ni

Cyber threat investigators believe the infamous TrickBot malware has reached its limits, but its development team appears to have been “acquired” by the Conti ransomware gang, which has been thriving amid recent crackdowns.  TrickBot has been around since 2016.  It was initially a banking trojan designed to steal financial data, but it evolved into a modular stealer that could target a wide range of information.  See:  https://redskyalliance.org/xindustry/trickbot-has-learned-more-tricks

TrickBo

Welcome to the new normal, the cybersecurity threat landscape has gotten progressively more complex and dangerous.  The online world is full of data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses.  The cyber threat actors have the upper hand at the moment. Part of the reason for that is the fallout from the rapid digitization made necessary by the COVID-19 pandemic.  According to research on the subject, more than half of business

The Winter Olympics have officially come to a close. There have been heartwarming headlines of athletes overcoming adversity, upsets, dominant performances, and countless clips of the mascot Bing Dwen Dwen throughout the past two weeks.  The headline that cyber professionals are waiting for a yet to arrive.

In the weeks leading up to the opening of the Olympic Games athletes were required to install the My2022 app to track their health. The app is supposed to track Covid-19 and monitor the healt

During the Super Bowl, Coinbase ran a 60 second Advertisement.  This AD featured a color-changing QR code bouncing around the screen, imitating the iconic bouncing DVD logo.  When scanned, users were directed to their promotional website.  New users were offered $15.00 of free BTC when signing up and current users were entered into a $3 million raffle.  This advertising technique has recently been a small controversy in the industry, as some purport it teaches users that it is okay to scan unkno

Logistics and freight forwarding giant Expeditors International announced a cyber-attack on 20 February that crippled some of their operating systems and continues to slow their operations around the globe.  The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyber-attack.  "The situation is evolving, and we are working with global cybersecurity experts to manage the situation.