X-Industry

Security researchers have discovered a new Android banking trojan that can spy and steal data from 153 Android applications.

Named Ghimob, the trojan is believed to have been developed by the same group behind the Astaroth (Guildma) Windows malware, according to a report published on Monday by Kaspersky.  Kaspersky says the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth operation. Distribution was never c

A stealthy new Windows Trojan steals saved passwords, session cookies, hardware and software information and other valuable items from the Google Chrome and Mozilla Firefox browsers and from Windows itself. 

The malware, named Jupyter by its finders at Israeli security firm Morphisec, has been active since at least May 2020, but it escaped detection by most antivirus software until last week; partly because unlike most malware, Jupyter runs mostly in memory and leaves very little trace on a syst

The 2020 Holidays are here and many global and domestic economies are preparing for the subsequent shopping. This buying season is being executed in an environment that has changed entirely due to the Corona Pandemic lockdowns and fears of virus infection.  This creates – buying on-line.  It is estimated that this will be the largest on-line/eCommerce holiday season ever.  As tradition on Black Friday was once, consumers will not be standing outside of brick and mortar stores waiting for the lat

In August 2020, the NSA and FBI published a joint security alert containing details about a previously undisclosed Russian malware.  The entire report can be viewed here

The agencies say that the Linux strain malware has been developed and deployed in real-world attacks by Russian military hackers. The FBI says, “The Russian General Staff Main Intelligence Directorate (GRU) 85^th Main Special Service Center (GTsSS) military unit 26165, whose activity is sometimes identified by the private sector

Encryption is a valuable partner in maintaining privacy.  Encryption keeps our data safe from unwanted guests.  It stops people from robbing our valuable credit card details, our app usage habits, and our passwords.  While this is the answer for those with privacy concerns, IT teams will face a massive influx of traffic that they cannot look inside without decryption technology.  This means encryption brings a bit of a double-edged sword because cyber threat actors can use it too.  Encryption ca

Walmart wants to learn whether robotic deliveries can fit into with its retail operations so it is launching a pilot program with General Motors funded electric automobile company Cruise, using the tech startup’s electric, self-driving to deliver groceries and other goods to suburban Phoenix customers.

The project will begin sometime in early 2021 and will use battery-powered vehicles in Cruise’s test fleet in Scottsdale, Arizona, Tom Ward, Walmart’s senior vice president for customer product, s

Law enforcement in Jackson, Mississippi has launched a pilot program that allows officers to tap into private surveillance devices during criminal investigations.  On 30 October 2020, the AP reported that the trial, now signed off by the city, will last for 45 days.  The small trial could herald a wider rollout with participating residents in the future. The pilot program uses technology provided by Pileum and Fusus, an IT consultancy firm and a provider of a cloud-based video, sensor, and data

Previously, Red Sky Alliance reported on Fancy Bear imposters demanding Bitcoin ransom from a Florida election information website.  These actors send various ransom/scam demands using coronavirus-themed domains covidpapers[.]org and coronaxy[.]com.  In some cases, they threaten with exposure of allegedly hacked personal files, in other cases, with DDoS attack.  They often claim to be Russian government hackers, pretending to be Fancy Bear, Cozy Bear, or Venomous Bear.   Their ransom emails typi

A cyberespionage campaign aimed at aerospace and defense sectors to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought.  The use of job of employment ads and postings have the recent bait for unsuspecting victims.

The attacks, which targeted IP-addresses belonging to internet service providers (ISPs) in Australia, Israel, Russia, and defense contractors based in Russia and India, involve

Activity Summary - Week Ending 13 November 2020:

• Red Sky Alliance observed 67 unique email accounts compromised with Keyloggers
• Analysts identified 42,222 connections from new unique IP addresses
• 2,563 new IP addresses were observed Participating in various Botnets
• Hezbollah is the Top Threat actor this week targeting Israel, US, Lebanon, Syria and Iran
• TrickBot and BazarLoader
• WatchBogMiner
• Ransomware blocks electronic Stadium Entrances
• A UK Premier League soccer club's Managing Director was H

The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it downloaded in a November 3, 2020 attack unless a US$15 million ransom is paid in Bitcoin.  Attacks that are carried out by the gang behind Ragnar Locker, break into company networks, make themselves admins, conduct reconnaissance, delete backups and deploy ransomware manuall

The past few months have seen a new ransomware variant emerge that is being distributed by the TrickBot malware. The appearance of this new ransomware, named Conti, corresponded with an observed decrease in Ryuk deployments. This suggested that Conti is the “successor” of Ryuk. Some media outlets have also reported that Conti was an evolved version of Ryuk, suggesting that it has evolved from the RYUK source code. While this may have been true for very early samples, a Red Sky analysis of recent

American toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations.  Founded in 1945 and headquartered in El Segundo, California, Mattel is one of the largest toy sellers in terms of revenue, with its operations divided into three segments, namely North America, International, and American Girl.  Mattel sells products such as Barbie, Fisher-Price, Monster High, American Girl, Polly Pocket, and Hot Wheels in 150 countries, an

Cofense Intelligence researchers found a new version of the Hentai OniChan ransomware called “King Engine” and is being delivered in a Coronavirus-themed phishing campaign.   The new variant exfiltrates data and demands a massive amount for ransom, which is significantly higher than previously discovered Hentai OniChan campaigns.[1]  This is odd. 

According to researchers, cybercriminals used the Berserker variant of this ransomware previously in their campaign, which did not exfiltrate data and

Akamai recently published a report detailing criminal activity targeting the retail, travel, and hospitality market segments with attacks of all types and sizes between July 2018 and June 2020.  The report also includes numerous examples of criminal ads from the Dark web illustrating how they cash in on the results from successful attacks and the corresponding data theft.

So, what is credential stuffing?  Please visit and read our full report at: https://redskyalliance.org/xindustry/credential-s

The 2020 election season appears to have to end in sight.  For states not under vote-counting-scrutiny, there have been many ballot measures around the country that have drawn people's attention.  One of these measures is Proposition 24 in California, known as the California Privacy Rights Act of 2020 (CPRA). The measure passed with a majority of people voting to strengthen consumer privacy rights.

The new measure will update existing conditions from the 2018 California Consumer Privacy Act (CCP

The number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o

It should come as no reprise that ransomware groups that steal a company's data and then get paid a fee to delete it don't always follow through on their promise.

The number of cases where this has happened has increased, according to a report[1] published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months. These incidents take place only for a certain category of ransomware attacks — namely those carried out by

Activity Summary - Week Ending 6 November 2020:

• Red Sky Alliance observed 60 unique email accounts compromised with Keyloggers
• A University of Albert professor may be Keylogged
• Analysts identified 44,623 connections from new unique IP addresses
• Collection identified 3,097 new IP addresses participating in various Botnets
• Ryuk Evolving Its Encryption and Evasion TTPs
• GravityRAT
• Eastern European cybercriminal group Attacking Health Care Services
• FBI warns of an "imminent" increase in Ransomware a

Account takeover seeks to infiltrate an existing account and use them for the criminal’s benefit.  Cyber threat actors will target any firm from any market segment, so there is no pattern to follow.  Once the criminal accesses the account, they may make unauthorized purchases and cash advances; they may also change account information so that the real owner does not receive notifications from the account.

According to a recent report, account takeover has tripled over a year-to-year comparison,