X-Industry

Red Sky Alliance wanted to share this important article from Technology Review and MIT.  As the Taliban swept through Afghanistan in mid-August, declaring the end of two decades of war, reports quickly circulated that they had also captured US military biometric devices used to collect data such as iris scans, fingerprints, and facial images.  Some feared that the machines, known as HIIDE, could be used to help identify Afghans who had supported coalition forces.[1]  

According to experts speaki

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum.  The collection is a subset of the purported 100 million records contained in stolen databases.  The seller’s offer does not mention T-Mobile.  The seller told Motherboard and BleepingComputer publications that the source is in fact the T-Mobile servers.  Specifically, they claim to have penetrated T-Mobile’s production, staging, and development s

Activity Summary - Week Ending 27 August 2021:

• Red Sky Alliance identified 34,340 connections from new unique IP addresses
• Analysts have observed 22 unique email accounts compromised with Keyloggers
• Researchers identified 1,744 new IP addresses participating in various Botnets
• DigitalOcean has a compromised IP
• Grief Ransomware
• IISerpent Malware
• “Tricky” TrickBot
• T-Mobile’s 5 Million Customers
• US State Department hit
• The Electric Grid and Zero Trust
• India’s Election Fraud
• Indiana’s COVID Cyber I

Ransomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware using persuasion over the phone. The technique was first spotted in February, according to Palo Alto Networks' Unit 41 research unit. But Microsoft is issuing a fresh warning about the campaigns, contending they're much more dangerous than it first realized. Microsoft calls the campaign "BazaCall."

See:  https://redskyalliance.org/xindustry/ransomware-demand-answer-line-

A new Raccoon Stealer campaign shows the evolution of this information-stealer, which has recently been distributed through a dropper campaign to steal cryptocurrencies, cookies, and other types of information on target machines.

See:  https://redskyalliance.org/xindustry/raccoon-attack-exposes-secret-key

Sophos researchers have been tracking a "particularly active" campaign by attackers using Raccoon Stealer, a widely used information stealer. While the campaign is no longer active, researchers

On 31 May 2021, a spokesperson for AllWorldCards published their first post on the cybercrime forum XSS announcing that they are open for business. Similar to the shops that have preceded them, AllWorldCards advertised shop links on deep web and Tor domains, a presence on cybercrime forums, and an accessible customer support email. Further, they have taken a cue from the major ransomware collectives, Lockbit and REvil, and sponsored an article competition on XSS dubbed “XSS Hot Summer.” The comp

Years ago, baby monitors were able to listen in on remote telephones in people’s homes.  This may still be the case, only in reverse.  Current baby monitors include interactive devises that allow parent to both listen and watch their precious little one.  They can even talk to their babies remotely.  That is very cool, but it may come with vulnerabilities.

Many variants of smart devices have been identified as being at risk from cyber intrusion.  Devices of concern include security cameras, DVRs

A new twist on an old con; remember all the Nigerian Princes who wanted to share their fortune with you, if only you would only send them your bank account number?  Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then th

Activity Summary - Week Ending 20 August 2021:

• Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
• Beware of vadmin-vad05
• Analysts have identified 24,404 connections from new unique IP addresses
• 2,573 new IP addresses participating in various Botnets were seen this past week
• APT31
• APT Attack / Kimsuky
• APT1 - Common Crew
• Darkside and BlackMatter (a Hive connection?)
• Defense Industrial Base (DIB) / Israel
• Health Care / US, Ohio
• Indra / Hackers Behind Recent Attacks on I

An emerging information-stealing malware, sold and distributed on underground Russian underground forums has been written in Rust, is signaling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse engineering efforts.  Rust is a multi-paradigm, high-level, general-purpose programming language designed for performance and safety, especially safe concurrency.  Rust is syntactically similar to C++ b

The Empire PowerShell toolkit is an open-source exploitation toolkit/framework similar to Metasploit, differing in its use of PowerShell scripts. The project was released on 30 October 2015 and was discontinued on 31 July 31, 2019. According to their website and GitHub information, “The framework offers cryptographically secure communications and flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployabl

New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code.  The best practices could be a model for the private sector as well.  NIST's release of best practices carries out a mandate in President Joe Biden's May executive order on cybersecurity, which, in part, called for agencies to address supply chain threats, such as that posed by the SolarWinds incident

U.S. crime-fighting agencies testified in front of Congress during the last week of July 2021, and the hearing had a chilling title: "America Under Cyber Siege: Preventing and Responding to Ransomware Attacks"

Since January 2021, ransomware attacks have disrupted critical infrastructure, the food supply, IT management, healthcare, education, transportation, and many other sectors of the economy.For the most part, criminal and nation-state actors continue to launch attacks with little fear of fac

Cyber-security researchers at Ben-Gurion University in Israel are very good at looking at situations from a leftfield thinking perspective, recently regarding eavesdropping on your private conversations.  Conventional thinking is to breach your privacy by compromising passwords to access your networks, or the use of vulnerabilities in your software or operating system.   If you thought that ‘physical access’ to your smart speakers, or most any speaker, was required to listen in to the audio bein

A recent report by Ponemon Institute[1] and commissioned by Team Cymru found that half of the organizations surveyed experienced disruptive cyber-attacks from repeat sophisticated threat actors, the majority of whose exploits were unresolved.  Although organizations acknowledged experiencing disruptive attacks and from repeat offenders, total remediation was not possible.  According to the report, this situation left personal data and organizations’ infrastructure at risk of more attacks.  Last

Some things seem to come full circle.  Morse Code was invented in the 1800’s by Samuel Morse when he worked with an electrical telegraph system sending pulses of electric current and an electromagnet.  His code used the pulse and breaks between them to transmit information.  Popular with amateur radio operators, this code is no longer required if you want to get a pilots or air traffic controller license, though these individuals often have a basic understanding of the code. Morse code is a meth

What happens when your expert consultant team that has been advising your organization about what you need to do to protect your firm from cyber threats becomes “front page news?” The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack.  Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.

See for more informat

Every few months, enterprising cyber criminals are offering new services to enable cybercrimes, thefts and paid ransoms.  These new “services” make crime easier for lower skilled criminals and increase profits for all members of the ransomware supply chain. TM: General Mills

Cyber threat actors who want to take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks.  On average, such access is so

Activity Summary - Week Ending 13 August 2021:

• Red Sky Alliance identified 38,261 connections from new unique IP addresses
• Analysts observed 39 unique email accounts compromised with Keyloggers
• Researchers identified 3,451 new IP addresses participating in various Botnets
• Conti Exposed by m1Geelka
• RATs – more Remote Access Trojans
• Bandook Malware
• Poly Network Hit
• Ransomware Directly affecting Public Safety
• China & Israel
• New AdLoad Malware
• Perfume and Cyber

Link to full report: IR-21-225-001_w

Cyber threats are not been the only problem for supply chains this past year.  The physical problems of moving large quantities of goods in a reasonable time period are turning into an equally insurmountable problem for all supply chain members.  All consumers will be paying higher prices for nearly every product.  US rail yards, ports, and warehouses are choked with freight, with too few people to move it quickly, causing delays and rising prices for companies and consumers.

California ports in