X-Industry

Tis the season for cybersecurity and IT teams have to send out a company-wide email: “No, our CEO does NOT want you to buy gift cards.”  As much of the workforce signs off for the holidays, hackers are stepping up their game.  We will see an increase in activity as hackers continue to introduce e-commerce scams and holiday-themed phishing attacks.  Hackers love to use these tactics to trick end users into compromising not only their personal data but also their organization data.

Use this time o

End of 2022 - Week Ending 30 December 2022:

• Red Sky Alliance identified 19,712 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca in NYC hit 23x
• Analysts identified 867 new IP addresses participating in various Botnets
• 2022-2023ZeroBot
• Ten (10) Data Set Stats
• Red Sky Tools
• Red Sky Partners
• LastPass

Link to .pdf : IR-22-364-001_weekly364.pdf

A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyber threat investigators reported.  RisePro, a new malware, was recently observed on a dark web forum run by Russian cybercriminals.  Since 13 December 2022, the virus has been offered for sale as a log credential stealer on underground forums, leading many to believe it is a clone of the Vidar Stealer.  RisePro was featured on a Russian Market cybercrim

A major insurance company is seriously re-thinking insuring for cyber-attacks.  As cyber-attacks continue to grow, they will become “uninsurable,” the CEO of Europe’s Zurich Insurance said.  The Financial Times broke the story earlier this week predicting that cyber-attacks could pose a larger threat to insurers than systemic issues like pandemics and climate change.  “What will become uninsurable is going to be cyber,” Zurich said. “What if someone takes control of vital parts of our infrastruc

Cyber threat actors continue to adapt to break the latest technologies, practices, and data privacy laws. All organizations must stay ahead of cybercrime by implementing strong cybersecurity measures and programs for today and the New Year.

Expect an increase in digital supply chain attacks - With the rapid modernization and digitization of supply chains come new security risks.  Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply

The popular Royal ransomware is being used by skilled bad actors who used to be part of Conti Team One.  Between September and December 2022, Royal ransomware was used in numerous cyberattacks, which earlier this month prompted the US Department of Health and Human Services (HHS) cyber analysts to warn healthcare organizations of the risks associated with this threat.  Royal is the rebranded version of Zeon ransomware, which emerged earlier this year and was associated in August 2022 with Conti

I should not be writing this article in 2022, but sometimes the apparent need to be restated.  Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad.  For example, recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  See: https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-belgium-city-of-antwerp/

As usual, all parties cried "foul play" and suggested that proper

In the past several weeks, our analysts were asked their opinions of what they believe will be the most pressing cyber security issues for the upcoming year.  I told them that you really can’t be wrong, as the malware used by all levels of hackers – is constantly changing.  Our job as cyber security professional is to try our best, based upon what we have seen recently, to identify immediate challenges in our profession. 

Are we guessing…… or do we use facts and evidence to make our expectations

Much of the world’s population observes and celebrates Christmas every December to connect with friends and family and reflect on the year.  Malware operators also observe the holiday, perennially attempting to compromise the systems of users who have let their guard down during the festivities.

Affected Platforms: Windows
Impacted Users: Windows users
Impact: Malware opens a backdoor and exfiltrates information from compromised machines
Severity Level: High

FortiGuard Labs has come across two h

Activity Summary - Week Ending on 23 December 2022:

• Red Sky Alliance identified 44,282 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca In Las Vegas hit 16x (2^nd week)
• Analysts identified 1,046 new IP addresses participating in various Botnets
• MCCrash DDoS
• Glupteba Trojan
• Glupteba IoCs
• Epic Games
• Thyssenkrupp
• Russia and Oil
• Happy Holidays

Link to full report: IR-22-357-001_weekly357.pdf

With minutes left in the holiday buying season, online shopping and gift-giving are at the top of many people's to-do lists.  But before you hit the "buy" button, it is important to remember that this time of year is also the highest time for cybercriminals.   Cybercriminals often increase their efforts during the traditional Christmas holidays and often take advantage of the flood of ‘new’ online shoppers and the general chaos of this buying time of year.

Do not let cybercriminals steal your ho

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.

While BEC is most commonly used to steal money, in cas

Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems.  Azov is the name of ransomware, malware that blocks access to files by encrypting them.  It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i

The New York State Department of Financial Services (NYDFS) is proposing an amendment to its regulations requiring financial services companies to increase their cybersecurity planning reporting and protection.  The Department of Financial Services supervises and regulates the activities of approximately 1,500 banking and other financial institutions with assets totaling more than $2.6 trillion and more than 1,400 insurance companies with more than $4.7 trillion.

Under the proposed amendment, th

Sometimes, good intentioned research can actually benefit adversaries.  Recently when a US-based foreign affairs analyst, received an email from the Director of the “38 North think-tank” to commission an article, it seemed to be business as usual.  The sender was actually a suspected North Korean spy seeking information, according to those involved and three cybersecurity researchers.

Instead of infecting his computer and stealing sensitive data, as hackers typically do, the sender appeared to b

In the era of digitization and ever-changing business needs, the production environment has becomes more attractive.  Multiple functions and teams within an organization can ultimately impact the way an attacker sees the organization's assets, or in other words, the external attack surface.  This dramatically increases the need to define an exposure management strategy.

To keep up with business needs while effectively assessing and managing cybersecurity risk, there are two primary elements that

With the threat of cyber-attacks increasing in the agriculture industry, some farmers differ if there is a need to secure data.  Jason Perdue farms and raises cattle in Eastern Nebraska said, “I don’t understand all of what’s out there and all of the possibility of what is at risk.”  He says he’s more concerned about livestock data than crop information. “I’m probably a little more concerned if something were to happen to our controlling system like the ventilation, feed or water in our livestoc

Activity Summary - Week Ending on 16 December 2022:

• Red Sky Alliance identified 31,927 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca In Las Vegas hit 14x
• Analysts identified 730 new IP addresses participating in various Botnets
• Cuba Ransomware
• ZeroBot
• Heliconia Exploit
• Sam’s Busted
• Metropolitan Opera
• CA Finance LockBit
• India Fighting on many Fronts
• e-Car Buyers

Link to full report: IR-22-350-001_weekly350.pdf

Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

The Luna Moth, also known as the Silent Ransom Group, has been active since March 2022 and has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing callback phishing or Telephone-oriented attack Delivery (TOAD).

The lure of recent Luna Moth campaigns is a phishing email with an invoice indicating that the recipient’s credit card has been charged for a service, typically under $1,000. The phishing email is personaliz