X-Industry

Ransomware has hit an Illinois college with devastating results.  It is shutting its doors permanently.  Lincoln College says it will close this week in the wake of a ransomware attack that took months to resolve.  While the impact of COVID-19 severely impacted activities such as recruitment and fundraising, the cyberattack seems to have been the tipping point for the Illinois college. 

The college has informed the Illinois Department of Higher Education and Higher Learning Commission that it wi

Development teams need to consider the concept of secure design when developing applications. When coding any software, the main goal is to focus on security. Never leave protection and security until the end of development. It is important to note that any errors associated with this can damage the entire software.

Prevention is always better than mitigation. To avoid threats, we can use the following secure software development best practices: Validate input, Heed compiler warnings, Architect

Just who are your LinkedIn connections?  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks and an estimate of 52% of phishing attacks globally are focused on LinkedIn.  LinkedIn users are being urged to watch out for suspicious emails because the professional networking website is one of the most popular brands targeted by cybercriminals in phishing attacks

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed evade detection since at least 2019.  Named by investigators "Operation CuckooBees,” the massive intellectual property theft operation enabled the threat actor to exfiltrate hundreds of gigabytes of information.  Targets included technology and manufacturing companies primarily located in East Asia, Western Europe, and North America.  "The attackers targeted intellectual property develo

Activity Summary - Week Ending on 6 May 2022:

• Red Sky Alliance identified 43,915 connections from new IP’s checking in with our Sinkholes
• msk.ru still #1 in Hits
• Analysts identified 1,442 new IP addresses participating in various Botnets
• CVSS
• Using Emulation
• BotenaGo Variant
• PyInstaller
• Inmarsat
• 5 Constant Malware Issues

Link to full report: IR-22-126-001_weekly126.pdf

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-125-001_IntelSummary125.pdf

Just yesterday, I gave a very brief talk on the ethics and morals of hackers.  My focus was centered on the criminality of hacking, but the same holds true with nation-state level cyber actors.  The Russia Matters publication has provided a series of opinions on why Russia has not initiated a full scale cyber-attack, often called ‘cybergeddon’ upon its adversaries.  Russia’s war in Ukraine, now nearing its 10-week mark, has been devastating, killing thousands of civilians, and forcing millions t

When one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally?   I will let the philosophers answer this question.  A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war.  Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused

Black Basta, a new ransomware group, has made their presence felt by claiming responsibility for twelve ransomware attacks in the month of April.   Black Basta, like many other ransomware operations, uses double-extortion tactics, stealing victim data before encrypting systems to leverage payment.  The group then uses their Tor site and slowly leaks victim data, applying pressure to victims to pay the ransom for the decryption key.  Notable targets from the first stretch of attacks include the A

With apologies to singer/songwriter Bob Dylan, “The answer my friend, is blowing in the wind.” Hackers do not care if the energy source is renewable or fossil fuel, they will attack it and turn out your lights and everything electric (yes, your network). German wind turbine giant Deutsche Windtechnik https://www.deutsche-windtechnil.com has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier in April 2022.

The incident, which the

Those readers who were born before the Internet Age may remember seeing the Wanted Posters of criminals on the walls of US Post Offices.  There were stated cash rewards for those who provided information that led to the wanted criminal’s arrest.  Yes, you actually went into a federal building and mailed a letter with a postage stamp attached.  What is a postage stamp?  We will cover this subject in another article. The US authorities are offering a multimillion-dollar reward for anyone with info

Activity Summary - Week Ending on 29 April 2022:

• Red Sky Alliance identified 10, 907 connections from new IP’s checking in with our Sinkholes
• msk.ru has issues
• Analysts identified 3,698 new IP addresses participating in various Botnets
• Vice & Industrial Spy
• US Agriculture under Attack
• T-Mobile Hit (again)
• Oil India LTD
• Getting Annoyed?
• Lapsus$

Link to full report: IR-22-119-001_weekly119.pdf

There are many things you can do to protect yourself against cyberattacks but if you still do not remember the basics, then your organization is an easy target for cyber criminals.  Please review what Red Sky Alliance recommends at the end of this article.

A security vulnerability that was left unpatched for three years allowed a notorious cyber-criminal gang to breach a network and plant ransomware.  The BlackCat ransomware attack against the undisclosed organization took place in March 2022

Our weekly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.   

Link to full report: IR-22-118-001_IntelSummary118.pdf

The financial sector is a prime target for criminal cartels and nation-state actors. Criminals seek a lucrative market, and nation-states treat profit as a form of sanctions-busting. The high volume of Russian-speaking gangs and the current sanctions against the Russian state makes Russia a major threat to financial institutions today.

The reason that financial institutions are under constant attack is simple: that’s where the money is today.  This is no different than the statement made by the

Has the notorious REvil, aka Sodinokibi, ransomware operation come back? Researchers suspect former developers may have restarted the server and data leak site. On 20 April 2022, the original Happy Blog leak site began redirecting to the new blog, which lists both old and seemingly new victims, including Oil India Limited.  Cybersecurity researchers on Twitter attributed a recent ransomware attack at Oil India Limited to either REvil or imposters using the gang's name.

In early April 2022, at th

Adaptive security is a cybersecurity model made up of four phases, prediction, prevention, detection, and response.  The process was developed in response to the de-centralization of IT ecosystems to accommodate hybrid working environments and the porting of systems to the cloud.

The perimeter that once defined a network no longer exists.  Organizations are leveraging cloud technology and shifting towards hybrid work environments.  The de-centralization of IT ecosystems is becoming increasingly

White hat hackers recently won $40,000 for cracking a system used by most major industrial companies, including the ones that manage our power grids, and they told MIT Technology Review it was extremely easy.  The challenge was to hack industrial control systems, specifically the hardware and software used to control power grids, water treatment facilities, and other critical infrastructure. 

Because so many people rely on this infrastructure, hackers can ask for and receive large ransoms in exc

Activity Summary - Week Ending on 22 April 2022:

• Red Sky Alliance identified 9,534 connections from new IP’s checking in with our Sinkholes
• StreamHost in Belgium Hit 302x
• Analysts identified 6,436 new IP addresses participating in various Botnets
• Industroyer2  
• Lightning Stealer
• Emotet
• TraderTraitor
• Spying on Boris
• Trolls in the Tolls
  
  Link to full report: IR-22-112-001_weekly112.pdf

Electric vehicles (EV) appear to be a vital part of the present (and future) state of the US auto market.  In the past, there has been EV hope and hype; now the rapid adoption of electric vehicles is finally here.  As an example, Tesla was only one month away from bankruptcy in the recent past and now is thriving.  In 2011, there were only 16,000 battery and plug-in hybrid electric vehicles on the road.  In mid-2021, that number had grown to over 2 million vehicles. In fact, auto executives expe