X-Industry

Red Sky Alliance has previously reported on John Deer’s cyber woes.  No industry sector is immune from cyber threats, hacking or mischief.  Recently, numerous vulnerabilities were uncovered in tractor manufacturer John Deere's systems that underscore the cyber risks that come with the productivity gains from high-tech farming.  An Australian researcher who goes by the nickname Sick Codes, his LinkedIn profile (11) Sick Codes | LinkedIn  remotely presented his latest findings on 08 August 2021 at

The U.S. needs to devise ways to counter Chinese cyber activity including the theft of intellectual property and cyberattacks on government networks and critical infrastructure that poses a direct threat to U.S. national security, according those who testified at a Senate hearing this first week in August 2021.  All organizations need to take immediate steps to stop cyber breaches to protect their data and intellectual Property.  The government cannot curb or stop it, so it is in the hands of al

On 5 August 2021 a threat actor using the handle m1Geelka, made a post on the Russian XSS cybercriminal forum.  In the post, they claim to have leaked the manuals and instructions used by the Conti ransomware group whom with they were previously associated.  These posts provide valuable insight into Conti operations.  While the group is highly likely to change its exposed infrastructure and their tactics, techniques, and procedures (TTP’s), network defenders are now able to research this informa

Supply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to p

A data lake is an unstructured repository of data that allows for the storage of different data types from different sources.  Depending on the requirements, a typical organization will require both a data warehouse and a data lake as they serve different needs and use cases.  A data warehouse is a database optimized to analyze relational data coming from transactional systems and lines of business applications.  The data structure and schema are defined in advance to optimize for fast SQL queri

Activity Summary - Week Ending 30 July 2021:

• Red Sky Alliance identified 29,998 connections from new unique IP addresses
• Analysts identified 7,608 new IP addresses participating in various Botnets
• Do you used Cucurut on YouTube?
• ‘dmechant’ Malware - Still on the Radar
• Candiru’s Spyware
• Google Chrome Security update
• DNS Cache Poisoning
• RedLine Malware and the Olympics
• Israel and Japan working to Protect the Olympics
• IceFog at the Summer Olympics?
• BlackMatter group

Link to full report: IR-21-211

Earlier this month, the infamous hacking group LulzSec’s founder issued a stern warning to the US.  If 2020 was coined The Year of the Digital Pandemic, then 2021 has still not discovered any digital vaccines.  Cyber-attacks have grown rapidly over the past year, and are showing no indications of slowing down.  One ‘former’ Black Hat hacker expressed his growing concern at the lack of preparedness the United States has shown.

The US government has been attacked by several world superpowers durin

There appears to be continuing data breach campaign inside the THORChain’s security system. THORChain is a cross-chain DeFi protocol that was hacked last week for the first time and suffered a loss of $8.3 million.  Now it has been hacked again, and this time, attackers allegedly managed to steal $8 million worth of cryptocurrency Ether.

According to THORChain, the decentralized e-commerce exchange has become a victim of a sophisticated attack on its ETH router.  THORChain posted to Twitter to a

Red Sky Alliance has been monitoring a global phishing campaign which leverages the Ex-Robotos phishing kit to gain access to usernames and passwords of targeted victims. This specific attacker generally targets engineering organizations but has been seen targeting other industries as well. They have been sending out emails since May of 2021, though the tool has been publicly available for purchase since 1 July 2019¹. Phishing plays a major role in cyber-attacks and often leads to data breaches

Recently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

There’s an old saying in the American West: “Whiskey is for drinking; water is for fighting.”  Back in March, Red Sky Alliance presented facts surrounding the Oldsmar, Florida water treatment cyber-attack.  Well, this critical infrastructure in the US remains a target to cyber-criminals.

The idea that access to water, especially the clean, drinkable kind, is something that is worth fighting for is nothing new.  But cyber security was never a real factor in water safety.   Recent incidents have e

Almost 2 years ago (09-2019), Red Sky Alliance reported on the negative ramifications of TikTok: “TikTok is a popular social media app for sharing short user-created video clips.  TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic.  TikTok is hugely popular with about 500 million monthly users worldwide and more than 26 million users in the United States.  The problem is that TikTok is a Chinese social media app, developed in China by a young engineer nam

Last October, the information technology (IT) department at the University of Vermont Medical Center (UVM) began receiving reports of malfunctioning computer systems across its network.  Employees reported they were having trouble logging into business and clinical applications.  Some reported the systems were not working at all. Within a few hours, the IT department began to suspect the hospital was experiencing a cyberattack.   At that time, the possibility was very much a reality to the IT te

Activity Summary - Week Ending 23 July 2021:

• Red Sky Alliance identified 19,903 connections from new unique IP addresses
• Top observed Attacker Server (C2): Alexey[.]rybalov@yandex.ru & taleq[.]simeon888@mail.com
• Analysts identified 2,670 new IP addresses participating in various Botnets
• DLL Side-Loading Technique
• dmerchant
• WildPressure
• China keeps pulling Triggers
• Russia Cyber-Attacks
• Saudi Aramco Hit with Ransomware
• Cell Phones and Spying
• Norway blaming China for March cyber-attack
• What will b

In the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric

Cybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci

A password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity.  Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.

Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant

Palo Alto Networks, Unit 42 has provided great research on the Mespinoza criminal cyber group.  As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms.  As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.  One good example is Mespinoza ransomware, which is run by a prolific group with a penchant fo

The National Security Agency, the FBI and other agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Microsoft Office 365 and other cloud-based services, according to an alert published Thursday.  The campaign, which started in 2019, has targeted "hundreds" of businesses, government agencies and organizations worldwide, mainly in the U.S. and Europe, the NSA reports. The victims include several U.S. Department of Defense unit

COVID-19 has changed many companies’ hybrid work force procedures, but with vaccines reaching new heights, many workers are returning to their offices.  As the US opens back up and employees get back in the offices, violence and physical threats to businesses are being seen at an unsettling, record-high pace, according to the Ontic Center for Protective Intelligence.

The study showcases the collective perspectives of physical security directors, physical security decision-makers, chief security