All Articles (262)

6642624069?profile=RESIZE_400xRansomware-as-a-Service (RaaS) is increasing around the world due to the ease of use, and the increasing success that attackers are having in their cyber-attacks. Recently, researchers have observed an increase in the use of a specific piece of malware known as Thanos ransomware.  This malware is unique in that it is the first to advertise the use of the RIPlace tactic.  This tactic allows attackers to evade detection by altering files without being detected by common Anti-Virus engines such as

6757208482?profile=RESIZE_400xActivity Summary - Week Ending 10 July 2020:

  • Analysts identified 2,818 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 47,423 connections from new unique IP addresses
  • Furkan Dedeoglu is keylogged on various Email Accounts
  • 37.191.52 – Secaucus Interserver Inc. is a Compromised C2
  • The Transportation Supply Chain being hit as WTH continues
  • Apple has Failed Gasoline Traders
  • Oil Prices Stall
  • A floating production storage and offloading ship was attacked off Nigeria; 9 c

6710390901?profile=RESIZE_400xThe electric grid is so important to any country’s national security and thus the high importance of keeping the electricity flowing.  Even an outage of only a few minutes can wreak havoc on any residence or business.  Cyber attackers responsible for distributing LookBack malware are targeting US utility providers with a new threat called “FlowCloud.”  The FlowCloud modular remote-access trojan (RAT) has similarities and connections to the LookBack malware.  The LookBack at its core is a remote

6643007679?profile=RESIZE_400xI have written about Phishing before and I will continue to warn friends and colleagues about phishing and their tactics.  Phishing is the start of almost all serious cyber breaches.  In early 2020, cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaign is launched every 20 seconds.  Twenty seconds equates to three additional phishing sites designed to target users in every minute.  However, this number no longer applies during COVID-19 times.

6641863457?profile=RESIZE_400xRansomware is unfortunately is the new normal for businesses of all segments and sizes and this malware is multiplying quickly.  More than two-dozen US organizations were attacked in recent days by a known threat group attempting to deploy a dangerous new strain of ransomware called WastedLocker.

Had the attacks succeeded, they could have resulted in millions of dollars in damages to the organizations and potentially had a major impact on supply chains in the US, Symantec said in a report on 26

6585524863?profile=RESIZE_400xOur friends and colleagues at Dryad Global assess that the floating and processing ship FPSO SENDJE BERGE has been attacked by unknown armed men off the coast of Nigeria at the Okwori Terminal.  Further reports indicate that up to 11 personnel may have been kidnapped from the vessel.

This attack is distinctive regarding offshore vessel incidents within West Africa.  Both the manner of attack and target are beyond the usual targeting and attack methodology of pirate action groups within Nigeria.

6521458097?profile=RESIZE_400xActivity Summary - Week Ending 2 July 2020:

  • Analysts identified 3,351 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 54,358 connections from new unique IP addresses
  • Insider Threats still #1
  • Fileless Attacks
  • SixLittleMonkeys has an API
  • Lucifer Malware
  • Corona’s making a comeback, Oil Prices still in Flux
  • Iran looking to avoid the Strait of Hormuz Oil Shipping Route
  • Russia using Anti-Drone technology to protect Oil Fields
  • The US is opening the Arctic for Oil Explorat

6441370273?profile=RESIZE_400xMany auto dealerships are strongly promoting the safety of customers and employees.  This in the wake of the COVID-19 pandemic.  That is why the many international dealerships are taking safety protocols seriously.  Shields are up in the reception area, employees are wearing face coverings and social distancing, and disposable seat, wheel and shifter covers have been placed in all vehicles.  In addition, many are establishing vigorous test drive cleaning protocol and hourly and nightly cleaning

6440209290?profile=RESIZE_400xThere will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals.  The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers.  While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers.  The loss of just a few thou

6439637457?profile=RESIZE_400xAll organizations should consider working with a cyber threat intelligence firm to send test “Phishing” emails to random employees on a regular basis.  This will test employee vulnerabilities to provide subsequent remediation plans.  Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms or having confidential data exposed or auctioned to the highest bidder.

Researchers at two security firms are tracking separate phishing camp

6345847254?profile=RESIZE_400xActivity Summary - Week Ending 26 June 2020:

  • Analysts identified 3,945 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 55,969 connections from new unique IP addresses
  • Pegasus malware is Back on the Scene
  • Octopus Scanner keeps Spreads on GitHub
  • SNAKE Ransomware
  • LODEINFO malware visits Japan
  • Oil Prices keep inching Upward
  • North Sea Oil Shutdowns and Arctic Openings
  • Malaysian energy giant Petronas
  • Australia blaming China in past and recent Cyber Attacks

Link to full

6325083890?profile=RESIZE_400xThere is a Russian saying that rings true in protecting entities against cyber threats, “I am not concerned about all of the wolves in Siberia, I am only concerned about the wolves that are now chasing my sleigh.”  The world is full of cyber threats, hackers and state sponsored cyber terrorists who are targeting governments, businesses, and organizations.  The way Red Sky Alliance can help the maritime industry and its supply chain is to focus on the cyber threats directly targeting a specific o

6244931697?profile=RESIZE_400x2020, a year that will be remembered for many reasons.  Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands.  Then there was the next economic collapse and subsequent worldwide insurrection.  For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes

6121817661?profile=RESIZE_400xActivity Summary - Week Ending 19 June 2020:

  • Red Sky Alliance identified 69,939 connections from new unique IP addresses
  • Analysts identified 4,135 new IP addresses participating in various Botnets
  • Wabot leads the ‘Hits’ for Malware
  • Advertising Droppers and the Google Store
  • Higaisa APT
  • T-Mobile gets hit with a DDoS attack, that is…according to Anonymous
  • Oil Prices slow a Bit and the Corona Pandemic is still Active
  • ReconAfrica and Botswana
  • BP Shares falling
  • Pakistan investigating Black Marketing

6120315501?profile=RESIZE_400xOne unhappy employee can ruin your day, your reputation, and cost millions of dollars in losses.  Government agencies, companies and organizations of any size are all at risk.  Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests.  According to the Securonix 2020 Insider Threat Report, published in May 2020, "flight risk" employees, generally deemed to be individuals on the verge of resigning or otherwise leaving a jo

6014420079?profile=RESIZE_400xMaze Ransomware hackers, previously known in the hacker community as “ChaCha Ransomware,” was discovered on 29 May 2020 by Jerome Segura, a malware intelligence officer.  The main goal of ransomware is to encrypt all files in an infected system and subsequently demand a ransom to recover the files.  The threat actor who took credit for compromising an insurance giant , seems to continue its attacking spree with full intensity.  It is currently targeting the aerospace sector, specifically mainten

5887188088?profile=RESIZE_400xLike any profitable business model, ransomware gangs continue to innovate and increase their business.  Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.

Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf

5877072295?profile=RESIZE_192XActivity Summary - Week Ending 12 June 2020:

  • Red Sky Alliance identified 53,951 Connections from new unique IP Addresses
  • Analysts observed 25 unique email accounts compromised with Keyloggers
  • 3,997 new IP addresses were observed participating in various Botnets
  • Bradford British Telecommunications - Compromised (C2) IP: 147.147.220.86
  • Octopus Scanner Spreads on GitHub
  • Telnetd.IAC.Buffer.Overflow
  • Industrial Enterprises are being Targeted
  • Saudi Arabia leading OPEC in oil production cuts, or Maybe

5778302894?profile=RESIZE_400xCyber-criminal and using the Corona Virus pandemic to spread the TrickBot malware.  These underhanded hackers are sending fake emails designed to look like notifications from the US Department of Labor concerning changes to the Family and Medical Leave Act (FMLA), which can provide up to 12 weeks of unpaid leave for employees who are ill or need to care for someone with a serious medical condition.  Benefits from FMLA increased in March 2020 when US President Trump signed the Families First Coro

5769575663?profile=RESIZE_400xAs cyberattacks rise, so does the call by business leaders and shareholders to be ready to respond to a cyber incident.  Cyber insurance and a solid Incident Response plan are two critical components to make your company resilient.

Cyber attorney Shawn Tuma says one of these things is likely to influence the other, which surprises many organizations and may surprise you.  Tuma is Co-Chair of the Data Privacy and Cybersecurity Practice at law firm Spencer Fane, www.spencerfane.com.

Tuma explains