X-Industry

Red Sky Alliance utilizes Fortinet collections, analysis, and support; this is important.  A vulnerability has been recently discovered in Fortinet's FortiOS, which could allow for arbitrary code execution.  FortiOS is the Fortinet’s proprietary operation system which is utilized across multiple product lines.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose acc

Recently, victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand simply because the ransomware is not able to decrypt files it just destroys them instead. Coded in Python, Cryptonite ransomware first appeared in October 2022 as part of a free-to-download open-source toolkit available to anyone with the skills required to deploy it in attacks against Microsoft Windows systems, with phishing attacks believed to be the most common means of delivery.

An anal

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 months.

As ransomware is still the preferred way for actors to monetize their access, there is a need to u

A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers.  The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.  The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014.   Cockpit is a JavaScript librar

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta.  The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities.  Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called Venom RAT, which has been c

Old technology solutions are still in the house.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there is no longer any support for the software, which means that the accounting solution only works on some older operating system

Malware is nothing more that burglary tools.  Cyber researchers have recently shed light on a Dark web marketplace called “In the Box” that is designed to specifically cater to mobile malware operators.  The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own.  The automation allows other bad actors to create o

Activity Summary - Week Ending on 9 December 2022:

• Red Sky Alliance identified 23,269 connections from new IP’s checking in with our Sinkholes
• Microsoft in Tokyo hit 32x
• Analysts identified 875 new IP addresses participating in various Botnets
• Cryptonite Source Code
• No Way to Recover
• ZeroBot – Top 5 Malware (IR-22-341-001)
• School District Out of Options
• Paris Hospital Hit
• Agrius and Diamonds
• VTB Bank hit with DDoS

Link to full report: IR-22-343-001_weekly343.pdf

The fall of the FTX crypto exchange forced many investors to seriously reconsider their overall approach to investments starting from self-custody to verifying the on-chain existence of funds.  This shift in approach was driven primarily by the lack of trust crypto investors have in the entrepreneurs after being duped by FTX CEO and co-founder Sam Bankman-Fried.

FTX crashed after Mr. Bankman-Fried and his accomplices were caught secretly reinvesting users’ funds, resulting in the misplacement of

Poor results reflect that (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.  So, a school grade of “C”, a score of

Cloud computing giant Rackspace, located in San Antonio TX, confirmed earlier this week that a ransomware attack caused a widespread outage that halted email services for thousands of people.  Since last Friday, the company has been dealing with an outage that took down the Microsoft Outlook Web App for thousands of customers and caused other downstream issues. The company runs a lucrative business centered on hosting Microsoft Exchange infrastructure, which offers customers Microsoft email, cal

Back in 1969, the rock group – The Rolling Stones – recorded an album titled “Let it Bleed.” The album sold over 2.4 million copies, and in 1997, it was voted the 27th "Best Album Ever." The current "Bleed You" malicious cyber campaign is far from being popular and is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. More than 1,000 systems are unpatched and vulnerable to compromise.

If an attacker gains cont

According to cyber security professionals, ZIP and RAR files have overtaken Office documents as the file most used by cyber criminals to deliver malware, according to an analysis of real-world cyberattacks and data collected from millions of PCs.  The research, based on customer data found in the period between July and September 2022, 42% of attempts at delivering malware attacks used archive file formats, including ZIP and RAR.

That means cyberattacks attempting to exploit ZIP and RAR formats

A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution.[1]  Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are configured to have fewer user rights on the system could be less impacte

It happens in minutes, even seconds.  In Singapore, a man who filed a dispute over a faulty computer with the Consumers Association of Singapore reportedly lost $149,000 in a matter of minutes after he clicked on a live chat icon in an e-mail purportedly from the consumer watchdog.  Mike (not his real name), who is in his early 50’s and works in the education industry, was one of at least 10 victims who fell prey to the phishing e-mails in October.

The police said the total losses amounted to at

Guatemala’s Foreign Ministry reporting it is currently investigating a ransomware attack that occurred earlier this year.  The Ministry of Foreign Affairs shared the Law on Access to Public Information with The Record and said they were unable to comment on the cyberattack because of it.  “The Ministry is not in a position to respond to your request, since it is in the investigation phase,” a spokesperson said.[1]

Activity Summary - Week Ending on 2 December 2022:

• Red Sky Alliance identified 30,052 connections from new IP’s checking in with our Sinkholes
• Microsoft in Singapore hit 111x
• Nivdort Malware Variant moves up in Collections
• Analysts identified 1,256 new IP addresses participating in various Botnets
• Tridas eWriter
• Remcos
• NY Suffolk County Hit
• German Festo and CODESYS
• Guadeloupe
• UK Cyber Regulation

Link to full report: IR-22-336-001_weekly336.pdf

A cruel business email compromise (BEC) gang called Lilac Wolverine is hacking people's email accounts and sending messages to their contacts claiming the account owner needs to send a gift to an unwell friend to manipulate people into sending online gift cards.  Detailed by cybersecurity researchers, this organized cybercriminal group has fine-tuned techniques pulling on people's heartstrings.

They include false claims that the gift cards are meant for people diagnosed with serious illnesses or

The Killnet group and its collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion: Elon Musk's Starlink satellite broadband service and the websites of the White House in the US and the Prince of Wales in the UK.  Researchers at Trustwave were able to find evidence corroborating the Russian-backed threat group's claims.[1] 

Just last month

Over the past six months, the infamous Emotet botnet has shown almost no activity, and now it is distributing malicious spam.  Emotet is by far one of the most dangerous trojans ever created.  The malware became a very destructive program as it grew in scale and sophistication.  The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents.  When users open these documents and enable