All Articles (305)


The back-to-school season has already been stressful for schools and families. Now a spate of ransomware attacks targeting K-12 schools has made it even more challenging.  In May 2020, the FBI warned schools about the increasing risk of ransomware attacks during the pandemic. The agency warned that cyber actors would likely increase targeting of K-12 schools as an "opportunistic target" as more institutions shift from in-person learning to online classes and teachers and staff rely on remote ac

7940856868?profile=RESIZE_400xActivity Summary - Week Ending 18 September 2020:

  • Red Sky Alliance identified 45,527 connections from new unique IP addresses
  • IP: 149[.]202[.]67[.]223 – French company, Roubaix Ovh Sas is compromised for the 2nd week
  • Analysts identified 4,362 new IP addresses participating in various Botnets
  • Multiplatform RaaS SMAUG
  • Shlayer Adware Targets OSX
  • Crude prices Rose at the end of this Week
  • Australian and US Pii leaked by CN Company
  • Colombian Ecopetro drilling in the US Permian Basin, but has some Cyb

7934495870?profile=RESIZE_400xCyberattacks on Small to Medium-sized businesses (SMBs) are continuing at a relentless pace for 2020, with most data breaches coming from outside the organization.  Cyber-attacks are up and average 75% since the Corona pandemic.  Cybersecurity analysts believe hackers are specifically targeting these smaller firms because they know SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses.

A new report from Cisco counters this misconception.

7934094494?profile=RESIZE_400xAs Maritime technology progresses, towage vessels (tugboats) and their crews are increasingly connected to online services during operations, increasing their vulnerability to cyber threats, malware, viruses, and hackers.  These cyber security concerns were raised by the US based Maritime Transportation System (MTS) - Information Sharing and Analysis Center (ISAC)[1] after a tugboat fell victim to a phishing email.  This was the first time a tugboat reported receiving this type of phishing email

7930856299?profile=RESIZE_400xWhat will happen if the November 2020 election results are tampered, blocked or disappear?  Both parties will cry foul and blame the other party.  Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome?  The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight.  State and local governments and their agencie

An adversary known for targeting the Financial Cyber Sector, at least since 2018, has switched up its tactics to include a new Python-based remote access Trojan (RAT).[1]  This RAT can steal passwords, documents, browser cookies, email credentials, software licenses, and credentials for trading software/platforms, customer credit card information, and proof of address/identity documents, and other sensitive information.   The group is suspected of offering APT style hacker-for-hire services to o

7897534695?profile=RESIZE_400xActivity Summary - Week Ending 11 September 2020:

  • Red Sky Alliance observed 97 unique email accounts compromised with Keyloggers
  • Analysts identified 69,770 connections from new unique IP addresses
  • The BeagleBoyz are robbing Banks
  • Analysts identified 4,775 new IP addresses participating in various Botnets
  • Box Pages Utilized in Phishing Attacks
  • Netwalker Ransomware in Argentina
  • Oil Prices in a new “Supercycle”
  • Iranian tankers possibly heading to Venezuela in defiance of US sanctions
  • Germany – Nor

7888586865?profile=RESIZE_400xFrom our Friends at Be Cyber Aware at Sea - "Welcome to this month’s edition of Phish & Ships, brought to you by The Be Cyber Aware at Sea campaign.
For the last few months we have been swept up in the effects of the coronavirus on the world, and its impact on the cyber sphere for shipping in particular.  While the virus is still very much in circulation and we are adjusting to the measures put in place for our protection, we must start to look ahead once more. After all, round the corner is the

7867521488?profile=RESIZE_400xRansomware is here to stay.  Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight.  There are many versions of ransomware in use and group and nations behind the extortion attempts.  These cyber actors are motivated by money.  Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.  While some simple ransomware

7826883265?profile=RESIZE_400xActivity Summary - Week Ending 4 September 2020:

  • Analysts identified 5,204 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 44,612 connections from new unique IP addresses
  • Analysts observed 24 unique email accounts compromised with Keyloggers
  • Analysts found identifying data on Kuwaiti hacker: NYANxCAT
  • Shlayer Malware
  • Tripwire‘s August 2020 Patch Priority Index (PPI)
  • ISIS attacks Syria’s energy infrastructure
  • Two oil tankers loading at the Libyan Port of Brega
  • Saudi

7812469654?profile=RESIZE_400xClose to 90 percent of all commerce is shipped via maritime transportation.  Lloyd’s of London report combined container throughput figures regarding the top 100 international ports grew by 2.5 percent in 2019.  Splash247 has posted an interesting article explaining that the Chinese government may be toying with supply chain data systems, creating concerns in maritime transportation. 

“There has been progress within the maritime and shipping sector in creating a digital maritime ecosystem that i

7757722684?profile=RESIZE_400xA recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag.  Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.  Ponemon's analysis of

7756134874?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA) and other US agencies have issued a warning about increases in bank e-thefts worldwide organized by a hacking group called "BeagleBoyz."  Researchers believe this group has ties to the North Korean government.  The BeagleBoyz group is a subset of the North Korean-backed hacking collective known as the Lazarus Group or Hidden Cobra.  The report with details of how the BeagleBoyz have made off with an estimated $2 billion in funds and cry

7653546094?profile=RESIZE_400xActivity Summary - Week Ending 28 August 2020:

  • Fairdeal Furniture LTD, located in Mombasa Kenya is still Keylogged
  • Red Sky Alliance observed 26 unique email accounts compromised with Keyloggers
  • Analysts identified 68,495 connections from new unique IP addresses
  • Red Sky Alliance identified 3,148 new IP addresses participating in various Botnets
  • Team TNT targeting AWS using Kinsing variant
  • Maze Ransomware
  • US SBA Loan Relief Phishing Campaign
  • Oil prices remain somewhat stagnant – even with Hurrica


Hackers are using a phishing campaign to deploy KONNI malware, a remote access trojan (RAT), via Microsoft Word documents containing malicious Visual Basic Application (VBA) macro code, according to a recent Department of Homeland Security (DHS) Cybersecurity and Infrastructure alert (CISA). 

First observed in 2014, the malware was linked to several campaigns tied to North Korea. There are also significant links in code with the NOKKI malware family and researchers possess some evidence that link

7553481481?profile=RESIZE_400xActivity Summary - Week Ending 21 August 2020:

  • Red Sky Alliance observed 15 unique email accounts compromised with Keyloggers
  • Videoholka still is Keylogged
  • Analysts identified 47, 658 connections from new unique IP addresses
  • 3,294 new IP addresses participating in various Botnets
  • Drovorub Malware Exposed
  • FritzFrog P2P botnet struck at least 500 government and enterprise SSH servers
  • COVID-19 Variants
  • Magecart Group 8
  • Oil Prices stuck in the $40-$45 Range
  • Petrobas and Microsoft working together f

7541747475?profile=RESIZE_400xCarnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

7541041283?profile=RESIZE_400xSmall and Medium (SMB) sized businesses are facing a growing number of ransomware threats as the programs needed to launch such attacks become more widespread and easier to use.  Also known as the “fast food franchise of cybercrime,” Ransomware-as-a-Service (RaaS) enables even low-level and inexperienced hackers to purchase a ready-made solution for attacking small and medium-sized businesses.[1]

The malicious group named Dharma as one of the most popular offerings around, explaining it provides

7517751492?profile=RESIZE_400xNew samples of the Ekans ransomware have revealed how today's cyber attackers are using a variety of methods to compromise key industrial companies.  Researchers from our friends at FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems.[1] 

Ekans, which is also referred to as Snake[2], was first identified in February 2020 and early reports indicated that it had been desi

7445070897?profile=RESIZE_400xActivity Summary - Week Ending 31 July 2020:

  • Red Sky Alliance observed 41 unique email accounts compromised with Keyloggers
  • Analysts identified 43,115 connections from new unique IP addresses
  • 1,518 new IP addresses were discovered participating in Various Botnets
  • Taidoor remote access Trojan
  • Lazarus Attacks with Ransomware Worms
  • Baker Hughes still has Cyber issues
  • Hezbollah remains in the Top 5 Cyber Threat Actors
  • Oil moving Renewable & Green
  • Egypt and Greece signed a maritime agreement; Turkey