X-Industry

There appears to be continuing data breach campaign inside the THORChain’s security system. THORChain is a cross-chain DeFi protocol that was hacked last week for the first time and suffered a loss of $8.3 million.  Now it has been hacked again, and this time, attackers allegedly managed to steal $8 million worth of cryptocurrency Ether.

According to THORChain, the decentralized e-commerce exchange has become a victim of a sophisticated attack on its ETH router.  THORChain posted to Twitter to a

Red Sky Alliance has been monitoring a global phishing campaign which leverages the Ex-Robotos phishing kit to gain access to usernames and passwords of targeted victims. This specific attacker generally targets engineering organizations but has been seen targeting other industries as well. They have been sending out emails since May of 2021, though the tool has been publicly available for purchase since 1 July 2019¹. Phishing plays a major role in cyber-attacks and often leads to data breaches

Recently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

There’s an old saying in the American West: “Whiskey is for drinking; water is for fighting.”  Back in March, Red Sky Alliance presented facts surrounding the Oldsmar, Florida water treatment cyber-attack.  Well, this critical infrastructure in the US remains a target to cyber-criminals.

The idea that access to water, especially the clean, drinkable kind, is something that is worth fighting for is nothing new.  But cyber security was never a real factor in water safety.   Recent incidents have e

Almost 2 years ago (09-2019), Red Sky Alliance reported on the negative ramifications of TikTok: “TikTok is a popular social media app for sharing short user-created video clips.  TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic.  TikTok is hugely popular with about 500 million monthly users worldwide and more than 26 million users in the United States.  The problem is that TikTok is a Chinese social media app, developed in China by a young engineer nam

Last October, the information technology (IT) department at the University of Vermont Medical Center (UVM) began receiving reports of malfunctioning computer systems across its network.  Employees reported they were having trouble logging into business and clinical applications.  Some reported the systems were not working at all. Within a few hours, the IT department began to suspect the hospital was experiencing a cyberattack.   At that time, the possibility was very much a reality to the IT te

Activity Summary - Week Ending 23 July 2021:

• Red Sky Alliance identified 19,903 connections from new unique IP addresses
• Top observed Attacker Server (C2): Alexey[.]rybalov@yandex.ru & taleq[.]simeon888@mail.com
• Analysts identified 2,670 new IP addresses participating in various Botnets
• DLL Side-Loading Technique
• dmerchant
• WildPressure
• China keeps pulling Triggers
• Russia Cyber-Attacks
• Saudi Aramco Hit with Ransomware
• Cell Phones and Spying
• Norway blaming China for March cyber-attack
• What will b

In the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric

Cybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci

A password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity.  Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.

Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant

Palo Alto Networks, Unit 42 has provided great research on the Mespinoza criminal cyber group.  As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms.  As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.  One good example is Mespinoza ransomware, which is run by a prolific group with a penchant fo

The National Security Agency, the FBI and other agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Microsoft Office 365 and other cloud-based services, according to an alert published Thursday.  The campaign, which started in 2019, has targeted "hundreds" of businesses, government agencies and organizations worldwide, mainly in the U.S. and Europe, the NSA reports. The victims include several U.S. Department of Defense unit

COVID-19 has changed many companies’ hybrid work force procedures, but with vaccines reaching new heights, many workers are returning to their offices.  As the US opens back up and employees get back in the offices, violence and physical threats to businesses are being seen at an unsettling, record-high pace, according to the Ontic Center for Protective Intelligence.

The study showcases the collective perspectives of physical security directors, physical security decision-makers, chief security

Hackers have recently tampered with critical infrastructure entities in the US.  This includes the Colonial Pipeline incident that affected the supply of gas and the JBS Foods hack that affected operations of the meat-packing giant.  Neither of these ransomware attacks had any severe, real-world consequences.  Some people could not put gas in their cars for a few days, or the price of meat might have gone up in some areas, but no lives were immediately threatened.

But what if the hackers decided

Data management has bothered large companies for decades.  Almost all firms spend both time and money on it and still find the results unsatisfactory.  While the issue does not appear to be growing worse, resolving it is increasingly urgent as managers and companies strive to become more data-driven, leverage advanced analytics and artificial intelligence, and compete with data.

Most companies struggle with a few common but significant data management issues:

• First, companies have concentrated

A recent cyber security blog by researcher Maahnoor Siddiqui, he provides a clear picture of the threats and vulnerabilities in the Transportation supply chain.  A concern shared by Red Sky Alliance.  Our 40-minute commute to work in the morning can feel like an insular event.  Whether it is by bus, train, ferry, or car; it can be hard to place this single event within the vast network of transit that occurs every day.  These small personal journeys make up a highly interconnected transportation

Die Zahl der registrierten Cyberkriminalität steigt im deutschen Cyberspace weiter an, wobei sich Cyberkriminelle zunehmend auf "größere Beute" konzentrieren.  Die Zahl der DDoS-Attacken nimmt weiter zu, ebenso deren Intensität.  Die Täter sind global vernetzt und agieren mit zunehmender Geschicklichkeit und Professionalität.  Die Dark-Web-Underground-Economy wächst und stellt eine kriminelle, globale Parallelökonomie dar, die primär auf finanziellen Profit aus ist.  Haupttreiber des Profits ist

Fool me once, shame on you.  Fool me twice, shame on me.  We have all been duped at some level by devious on-line schemers.  In the Cyber World, it sounds like old news.  Phishing is a type of social engineering tactic where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker, then introduce malicious software on the victim's infrastructure like ransomware.  Phishing attacks have become increasingly sophisticate

Activity Summary - Week Ending 16 July 2021:

• Who’s TBoy Ken?
• Red Sky Alliance observed 12 unique email accounts compromised with Keyloggers
• Analysts identified 56,261 connections from new unique IP Addresses
• 2,346 new IP addresses were seen participating in various Botnets
• Diavol & Wizard Spider
• ChaChi, a new Golang RAT
• Cyber Security in Australia
• A Close look at COVID-21, huh?
• Iranian Trains hit with Cyber-attack, Again
• Internet Down in Cuba, Porque? 

Link to full Report:

IR-21-197-001_weekly

The number of recorded cybercrimes continues to rise in the German cyberspace, with cybercriminals focusing increasingly on “larger prey.” The number of DDoS attacks continues to rise, as is their intensity. The perpetrators are globally networked and are acting with increasing skill and professionalism. The dark web underground economy is growing and represents a criminal, global parallel economy, which is primarily seeking financial profit. The main driver of profit is still Ransomware, posing