NEWS FOR IMMEDIATE RELEASE

For More Information Contact:
Bill Schenkelberg, Managing Director
603-606-1246
bschenkelberg@wapacklabs.com.

New Boston, NH USA – Red Sky® Alliance, also known as Wapack Labs Corporation http://www.wapacklabs.com, a leading global information security, cyber intelligence, and analysis firm, announced today that their cyber threat intelligence collections now include extensive targeted Dark Web intelligence called REDPANE.  REDPANE is an automatic dark web search engine that monitors dozens of dark web sites every day, empowering clients with current and historical dark web content pertinent to the targeted search's subject topic. 

 "REDPANE collections will help our clients to be better informed of potential threats directed at them and mentions or postings of their organizations and data on dark web portals. We have added this additional investigative intelligence at no charge to current and new clients," stated Jim McKee, CEO, Red Sky Alliance.

REDPANE is a proprietary dark web search service developed and owned by Red Sky® Alliance, also known as Wapack Labs Corporation. REDPANE gives threat hunters valuable intelligence that can be used for targeted investigations. Clients can search through a giant database of IP addresses, domains, and keywords to research threats across the dark web. Dark web sites are in constant motion and difficult to follow. The REDPANE service can keep up with these sites and add new ones as they appear.

The targeted intelligence provided by REDPANE is incorporated into Red Sky Alliance's RedXray, daily cyber threat notification service, and Cyber Threat Analysis Center (CTAC) services.  RedXray and CTAC users will not have to perform any new tasks to have this enhanced intelligence included in their reporting.  Red Sky Alliance will handle the collection, storage, and processing of dark web data.  Current clients will not be required to do anything to have this new dark web data presented in their collections. READ MORE ON REDPANE

"Red Sky Alliance's technology is an integral part of our security service offerings and used extensively by us to measure, test, and report our client's exposure to threats observed in the Deep/Dark Web. REDPANE is a substantially new technology that will enable us to enhance our current offerings to provide highly targeted and client-specific pre-emptive searches further enhancing our understanding of the client's vulnerability and risk exposure," stated Greg Ware, President, Net Compliance Solutions, https://trustncs.com

Red Sky Alliance's CTAC service and entire cyber threat collections dating back 7+ years are available on the Snowflake https://www.snowflake.com Data Market Place for ease of access and use. REDPANE collected data will be included in these services.

About Red Sky® Alliance

Red Sky® Alliance is a privately held USA-owned and cyber threat intelligence firm, also known as Wapack Labs Corporation, that delivers proprietary intelligence data, analysis, and in-depth strategic reporting. The company is located in New Boston, NH USA. For questions or comments regarding the services mentioned in this news release, please contact our offices at 603-606-1246 or info@wapacklabs.com

Rochester NY, 12/18/2020 — CYRISMA which offers a data-centric security ecosystem, has entered a partnership with Red Sky® Alliance, also known as Wapack Labs Corporation, to provide an inside-outside security service offering. Industry stats show that 71% of security breaches target small and medium-sized businesses (SMB). Many lack the resources and talent to combat these threats, which can often cripple their company and so, many are turning to specialized Managed Services Providers (MSP) to handle their security needs

This unique “Inside Outside” security approach will provide affordable, simplistic, and accessible cybersecurity features that give MSP’s the tools to keep their clients secure:

• Cyber Threat Intelligence to monitor external sources for IP’s, email addresses, domain names, and other related data owned by their clients and deliver targeted, cyber threat notifications daily or on-demand.

• Vulnerability Scanning to identify vulnerabilities based on the OVAL/ NIST NVD database.

• Data Sensitivity Scanning to scan structured and unstructured data and classify the data such as Credit Cards, Social Security, PII, and or PHI.

• Secure Baseline Scanning to scan assets for secure configurations or hardening standards against CIS Security or DISA STIG benchmarks.

• Mitigation Workflow Engine to assign accountability to mitigate identified risk and to track progress.

• Tactical Security Score Cards to provide dashboard views of security score grade systems, trends, executive leadership understanding, and to show risk reduction progress.

“Our RedXray® cyber threat notification service can provide any client, anywhere in the world with the cyber threat intelligence they need to defend against the increasing new threats against their organizations.  Partnering with CYRISMA allows our firms to offer a comprehensive defense against all attackers. The recent successful state-sponsored attacks show how persistent hackers have become,” stated Jim McKee, Red Sky Alliance’s Founder and CEO.

“Red Sky® adds a new dimension when offered in partnership with CYRISMA. MSP’s no longer need to cobble together a complete solution from many complex and expensive solutions. This further enhances the trust factor with MSP’s clients, gains quick ROI, and provides major revenue generation.” Said Liam Downward, CEO of CYRISMA. “Ultimately, like any ecosystem, the CYRISMA and Red Sky partnership will grow to provide the tools that are needed today and to add new future features.”

About Red Sky® Alliance:
Red Sky® Alliance, also known as Wapack Labs Corporation, is a USA cyber threat intelligence firm that delivers proprietary intelligence data, analysis, and in-depth strategic reporting. Red Sky continues to deliver insightful, actionable intelligence in formats best suited for strategic, operational, and tactical needs. https://redskyalliance.org

About CYRISMA:
CYRISMA was founded in Rochester, NY in 2018 to bring accessibility, affordability, and simplicity back to cybersecurity. CYRISMA is a SaaS-based ecosystem that provides a single interface to identify sensitive data, vulnerable systems, insecure configurations, track mitigation progress, and assign accountability. Organizations that utilize this solution see significant ROI against their resources, time, money, and people, while meeting compliance mandates. The company is backed by StartFast, and other investors. For more information, contact  https://www.cyrisma.com

Helpful CYRISMA links:

• What is CYRISMA?

• CYRISMA Intro Video

• Company LinkedIn page

Red Sky® Alliance
For More Information Contact:
Bill Shenkelberg, Managing Director
603-606-1246
bschenkelberg@wapacklabs.com.

New Boston, NH USA – Red Sky® Alliance, also known as Wapack Labs Corporation http://www.wapacklabs.com, leading global information security, cyber intelligence, and analysis firm, announced today that their enterprise Cyber Threat Analysis Center (CTAC) is now available for customer use on  Snowflake®.com.  Snowflake Computing is a cloud-based data warehousing company. Their cloud platform helps eliminate the complexity, costs, and constraints inherent with other solutions.

When your data is warehoused on  Snowflake®, it can easily be analyzed with CTAC with Red Sky® Alliance’s proprietary sourced intelligence and collections. The CTAC service monitors threats against your networks or your supply chain in a single console. It has also been referred to as an “Alternative Data Source” for financial firms that are concerned about the cyber health of their portfolios. The service can compare malicious activity directed at your organization and metrics, such as share price or manufacturing downtown(s) can be tracked and investigated. For  Snowflake users with their own analytic research engines, Red Sky Alliance’s massive database is also available for users to query for investigations and research programs.

" Snowflake® customers that adopt a security data lake architecture need up-to-date, high-quality threat intelligence for threat detection and response. Red Sky® Alliance's threat intelligence feed on  Snowflake Data Marketplace meets that need without building or maintaining any integrations. Data sharing makes it easy to apply indicators of compromise in near-real time and to correlate with months or years of log data within the data cloud,” stated Omer Singer, Head of Cyber Security,  Snowflake, Inc.

“Wapack Labs is pleased to have joined the Snowflake® services family. We can now offer our proprietary data and cyber threat analysis services at a very attractive price point at any time for threat investigators in our expanding global market,” said Jim McKee, Founder & CEO of Red Sky® Alliance. “Our team has been collecting and analyzing cyber threat groups, their methods, and malware since August 2011. In addition, we have developed our RedXray family of services, based on our CTAC service that will allow incident responders to react more quickly to threats before they breach your systems.”

About Red Sky® Alliance

Red Sky® Alliance is a privately held USA owned and cyber threat intelligence firm that delivers proprietary intelligence data, analysis, and in-depth strategic reporting. The company is located in New Boston, NH USA. For questions or comments regarding the services mentioned in this news release, please contact our offices at 603-606-1246 or info@wapacklabs.com.

For More Information Contact:

Bill Shenkelberg, Managing Director
603-606-1246
bschenkelberg@wapacklabs.com.

Net Compliance Solutions (NCS) announced today its partnership with Wapack Labs Corp./Red Sky® Alliance and its DEEP/DARK WEB (D/DW) analysis service RedXray®.  NCS is proud to become a partner of Red Sky® Alliance, which will allow us to embed the capability of RedXray®  with our service offerings.

RedXray® is a daily cyber threat notification service that simplifies the monitoring of organizations and supply chains. RedXray® does not require software or hardware installation and provides cyber threat intelligence from open and proprietary sources without requiring a network connection anywhere in the world. 

RedXray® scours the D/DW exclusively for targeted cyber threat data associated with domain names, email addresses, IP addresses, and all associated data of the client’s company or organization.  RedXray® clients also receive up to US$100,000 (25k – 100k available depending on the size of company size) in ransomware coverage at no charge.

Effectively all malicious cyber activity emanates from the D/DW and is sold, traded, and managed by bad actors in various ways and means therein.

Red/Xray has been scraping data from the D/DW since approximately 2013 and can provide historical information as well as the continuous daily monitoring and reporting to each client in a short report form that can be further dissected.  Tracing the origins of an attack that occurred in the recent past can provide client technicians with gateways to what data was used to create the intrusion.

Contact NCS at @trustncs.com or email to Info@trustncs.com or call at 855-879-2373.

NCS (Net Compliance Solutions) founded in 2006, NCS, is a full-service cybersecurity and consulting firm. We provide a wide array of preventive and remedial products that ensure the safety of your organization’s data. We know your company’s reputation is on the line every day, and we treat your issues as our own. NCS’s mission is to help organizations, and the people who manage them, to make informed decisions about investing in and implementing, compliance, and security technologies. We work with our clients to protect their organizations, customers, employees, stockholders, and business partners against cyber attacks. And we help create a unique and sound cybersecurity strategy for each of our clients that matches their financial and technological goals and resources.

Red Sky® Alliance https://www.wapacklabs.com/  (Wapack Labs Corp.) is a privately held USA cyber threat intelligence firm and delivers proprietary intelligence data, analysis, and in-depth strategic reporting. Red Sky® Alliance continues to deliver insightful, actionable intelligence in formats best suited to strategic, operational, and tactical needs.  Red Sky® Alliance follows a warning problem methodology, an approach used in the defense and intelligence communities to monitor and report on threats. Warning problems can run from phishing to DDoS to physical attacks. Red Sky® Alliance’s analysts incorporate data and factors beyond the technical to include geographic, political, economic trends and developments. Red Sky follows this approach because “cyber” is only one aspect of the myriad threats facing your enterprise.

The unprecedented global pandemic COVID-19 is impacting businesses in ways never before seen. In a recent CNBC survey, more than one-third of senior technology executives said cybersecurity risks have increased as a majority of their employees work from home, and 53% say their firm hasn’t stress-tested their system for an event like this. With 85% of companies also estimating that at least 50% of their employees are now remote, the true level of cyber risk is likely much higher.

With this risk comes increases in phishing and other cyber scams. One respondent to the CNBC survey estimates their organization has seen such incidents rise by 40%. Software technology company Check Point claims that over 4,000 Coronavirus-related domains have been registered globally since January. Of these, at least 5% is suspicious. Coronavirus-related domains are also 50% more likely to be malicious than others registered in the same period, including seasonal domains for things like Valentine’s Day.

So what is a growing business to do? First, besides balancing employee productivity needs with aggressive monitoring for potential breaches, IT teams must continue to proactively patch and maintain their network cybersecurity programs. Second, companies must provide guidelines and tools such as VPNs (Virtual Private Networks) to manage more employees suddenly working from home – often on their own device and unsecured WiFi networks. And third, if they haven’t already, business owners should invest in a robust cyber insurance policy.

Keeping in mind that many traditional insurance policies specifically exclude losses resulting from a cyber incident, the right cyber insurance policy is key to helping business owners mitigate many of the potential losses the coronavirus outbreak has given rise to. Costs and payments to resolve a ransomware attack are typically covered under a policy’s Network Extortion insuring agreement. The resulting incident response costs – forensic investigations (to determine the extent of the attack), legal advice, customer notification requirements, public relations, and data restoration – are also usually covered.

In the event of a cyber-attack or data breach, companies will also likely face significant loss of income until they restore systems – probably even more so than after a property loss, given the lack of geographic limitations in cyberspace. A customers’ inability to access dashboards or complete purchases, accounting’s failure to generate and pay invoices, or employees’ inability to access critical systems or equipment can all lead to revenue loss. Companies will also have ongoing expenses such as utility payments and payroll. They may incur new or additional costs to mitigate the effects of a breach – such as paying employees overtime, renting or leasing new equipment, or hiring third-parties to support business continuity. A properly structured cyber insurance policy covers all of these expenses.

In addition to the loss scenarios above, more robust cyber insurance policies can include additional protections that may be particularly important in the current situation. For example, the Cysurance policy expands Business Interruption coverage through several clauses. Reputational Events coverage indemnifies you for a loss of customers due to network downtime, so if a customer switches vendors after you suffer a breach or even temporarily goes to a competitor while your site is down, you can recover from your policy. The Preventative Shutdown coverage allows for reimbursement in the event the insured voluntarily shuts down their network to prevent a virus or other threat from spreading, which can significantly limit losses in the event of a successful phishing attack or breach, and System Failure covers downtime due to cyber incidents resulting from human or programming error or infrastructure outage – a heightened risk with so many employees currently working from home for the first time.

In the present environment, the Cysurance policy also provides a competitive advantage through broad policy definitions. Protected information is expanded to includes bio-metrics, internet browsing history and personally identifiable photos and videos and extortion expenses explicitly include Bitcoin and other cryptocurrencies. Additionally, coverage for contractual partners who mandate being named as an additional insured allows policyholders to continue to bid with confidence on new business, despite the heightened sensitivity around cyber risk today.

As businesses adapt to new cyber threats brought on by the coronavirus, it is essential to review cybersecurity protocols and employee training.  However, it is also important to remember that nothing can guarantee protection from all cyber threats. In the current operating environment, cyber insurance is an especially critical component of holistic cyber risk management.

Written by: Kirsten Bay, CEO, Co-founder, Cysurance
https://www.linkedin.com/in/jkirstenbay/

MANCHESTER, N.H. —

Recent evidence indicates that TikTok, although operating abroad, is itself being filtered to eliminate content not friendly to China. This suggests that the Chinese government could exploit TikTok to shape perceptions of China for an audience in the US. One of the fastest-growing social media platforms in the world is raising concerns with security experts. For more information read the whole article at Red Sky Alliance.

WMUR TRANSCRIPT

TikTok is a social media service where users can upload 15-second videos.

"It typically records videos of you dancing to music or singing to music," said cybersecurity technician Jonathan Sweeney.

The often-humorous videos can be addictive. But Sweeney warned that the app could open its users up to security issues.

"When you put the app on your phone it says, 'Hey, we want permission to use your camera and send a bunch of metadata,' and just like all other apps, we're just like, yeah, yeah, whatever. We're just going to move on," Sweeney said.

He said that complacency could lead to a much bigger problem.

"Once it downloads the app, it installs that software and it begins transmitting that software to the company who owns the servers," he said.

A lawsuit filed in federal court in northern California alleges that TikTok and its owner, ByteDance, have "vacuumed up and transferred to servers in China vast quantities of private and personally identifiable user data."

In response, TikTok told WMUR, in part: "Our data centers are located entirely outside of China, and none of our data is subject to Chinese law."

According to the app's privacy policy, the data that TikTok collects includes your cellphone number, your IP address and your geolocation.

Sweeney said China's government has been collecting data on citizens and noncitizens for years.

"In a matter of seconds, they can scan through billions of faces and can say, 'That guy's committed robbery or car thefts, so let's go arrest him,'" Sweeney said.

He isn't alone with concerns. The U.S. military has banned the app from government-owned phones, and lawmakers in Washington are calling for formal investigations.

Sweeney said the concern is that any data collected by TikTok could be used as counterintelligence.

"It makes it so much easier when people are doing it voluntarily," he said. "Why send spies to a different country when you can have people spy for you on themselves?"

Market researchers said 41 percent of TikTok's 500 million active users are between the ages of 16 and 24, and Sweeney said he believes parents should be on high alert.

"I recommend not having TikTok on your phone," he said. "I'll be straightforward. I don't recommend having TikTok on your phone."

Sweeney recommended that everyone check on a few things before installing any app:

• Verify where the company's headquarters are located. U.S. companies are subject to U.S. laws.

• Double-check what information the app will have access to under its privacy settings.

• Have open conversations with your children about what apps they're downloading and why some apps are OK and others are not.

News Release

Cysurance Contact: Gray Newhouse VP of Marketing (917) 503-8031 gnewhouse@cysurance.com

New York, February 11, 2020 – Cysurance, LLC, a next-generation cyber insurance agency protecting small businesses and their partners through affordable cyber insurance, and Red Sky Alliance, a cyber threat intelligence firm delivering actionable data and analysis, today announced a new partnership to provide cyber risk management services to businesses. In 2018, the cybercrime industry generated $1.5 trillion in profits, which would rank 13th in GDP if it were a country. With costs relating to cybercrime expected to jump from $3 trillion to over $5 trillion in the next five years, companies will increasingly depend on timely, insightful risk intelligence to protect against cyberattacks. Yet even the most well-informed cybersecurity team with the most modern technology and best practices cannot prevent all cyberattacks, and employee error remains a leading cyber exposure. In the modern era, companies will succeed by educating staff on trending cybercrime tactics, techniques and procedures while also protecting their downside with a broad, affordable cyber insurance policy. For small and medium businesses (SMBs with smaller budgets and fewer resources, these challenges are magnified. And those relying on manual intelligence gathering and traditional property and casualty insurance policies face an even greater threat. By bundling Red Sky Alliance’s daily cyber threat notification service RedXray® with Cysurance’s cyber insurance policy underwritten by Chubb, a leading cyber insurance provider, SMBs get a holistic cyber risk solution that both informs and protects.

RedXray® simplifies monitoring of cyber threats directed at a business’s domain(s) that might affect its customers, staff or supply chain – all without installing software or requiring a network connection. While antivirus and firewall solutions can block most cyber threats, RedXray® uses a multidimensional approach that goes beyond the technical to include geographic, political, and economic factors and report on external threats facing the customer, including keyloggers. Every automated analysis mines Red Sky’s proprietary collections, underground forums, and the dark web for emerging threats, then reports findings via daily emails or a customer access dashboard.

Cysurance, a licensed agent, is the only solution designed for (SMBs) allowing vendors to bind a broad policy of up to $2,000,000 on behalf of their customer at the point of sale, without application or underwriting – often for less than the price of a cup of a coffee a day. Leveraging the end-users existing data discovery capabilities or its proprietary monitor, the platform scans the SMBs network and automatically records any anomalous activity in its proprietary blockchain for irrevocable proof of loss and full transparency. This also triggers a smart contract that initiates a covered breach response team to begin remediation, saving time and money.

“By offering customers a competitive cyber insurance policy at the same time they purchase RedXray’s® threat intelligence service, we can now offer value-added cyber services on both the front- and back-ends of the cyber risk spectrum, helping organizations identify and prepare for emerging risks while also protecting them in the unlikely event of a breach,” said Jim McKee, Founder, and CEO of Red Sky Alliance.

Kirsten Bay, co-founder and CEO of Cysurance, echoed these sentiments, saying “we’re thrilled to partner with Red Sky Alliance to offer their customers a complimentary cyber product that drives adoption of the cyber risk management trifecta of informed cybersecurity, cyber governance, and cyber insurance and increases their overall cyber resiliency.”

With RedXray® and Cysurance, companies can improve their intelligence gathering capabilities and reduce the likelihood of a cyberattack or data breach while also securing a broad cyber insurance product to satisfy customer insurance mandates and help them recover from previously unknown attack vectors or malware.

Cysurance is the next-generation cyber solution, protecting small businesses and their partners through affordable cyber insurance. Built on a proprietary platform, our program comes with a complete set of features to safeguard business continuity and insure against loss, protecting both revenue and recovery. For more information, visit www.cysurance.com, follow us on LinkedIn, Facebook and Twitter, or email us at info@cysurance.com.

Insurance offered by Cysurance, LLC. NY License #1578397. Chubb is the marketing name used to refer to subsidiaries of Chubb Limited providing insurance and related services. For a list of these subsidiaries, please visit www.chubb.com. Insurance provided by ACE American Insurance Company and its U.S. based Chubb underwriting company affiliates. All products may not be available in all states. This communication contains product summaries only. Coverage is subject to the language of the policies as actually issued. Nothing in this communication should be construed as involving the sale, solicitation or negotiation of insurance, the provision or offer of insurance services, or the provision or offer of legal advice or services.

Red Sky Alliance is headquartered in New Boston, NH USA and is a global Cyber Threat Analysis and Intelligence Service organization. For more information about the company or services, please contact the office directly at 888-RED-XRAY or 888-733-9729 or email info@wapacklabs.com.

PRESS RELEASE

FOR IMMEDIATE RELEASE
January 06, 2020
For More Information Contact:
Jim McKee, CEO
314-422-8185
jmckee@wapacklabs.com

New Boston, NH USA – Red Sky Alliance, wapacklabs.com announced today that their new service RedXray-Plus is now available for production use. RedXray-Plus provides daily cyber threat notification services and can show the subject organization the information/intelligence behind the cyber threats on a user-friendly dashboard. RedXray-Plus is an enhanced version of Red Sky Alliance’s RedXray service which notifies your named contact of any cyber threats to your enrolled named entity on a daily basis, without requiring a network connection. For more information https://www.wapacklabs.com/redxray-plus

There are multiple-use applications for banking, finance, insurance, healthcare, automotive groups, and any other organization that handles Personal, Private, and Financial information. If the named entity is having cyber issues, the problem is identified quickly and easily to mitigate potential problems immediately. Support for all RedXray customers is available from Red Sky Alliance via telephone and email.

“Think of RedXray-Plus as a smoke alarm in your house. When the smoke alarm goes off, you need to take action. By using RedXray-Plus, your cyber threat manager has access to information/intelligence behind the reported threats. RedXray-Plus can be critical when defending against all types of cyber threats,” said Robin May, President/CEO, IdentityMaxx.

“RedXray-Plus is helping our clients to be more proactive by seeing what cyber threats are affecting their business on a daily basis before the problem becomes more severe, and a loss could occur. Cyber threats are changing constantly and if you are not receiving daily reports on your organization via the RedXray-Plus dashboard, you can be missing critical information,” stated Bill Schenkleberg, Managing Director of Red Sky Alliance and former director of a large metropolitan Fusion Center.

About Red Sky Alliance

Also known as Wapack Labs, located in New Boston, NH USA is a Cyber Threat Analysis and Intelligence organization supporting organizations by offering expert level targeted intelligence analysis.

For questions or comments regarding this news release, please contact Jim McKee, CEO at 314-422-8185 or jmckee@wapacklabs.com.

The Cyber Intelligence Briefing (CIB) team at Red Sky Alliance/Wapack Labs presented Cyber Predictions & Trends for 2020, on December 17, 2019, at Noon EDT. Click Here to Watch the Webinar.

DECEMBER 2020 PREDICTIONS TOPICS:

TECHNICAL

• Top 3 Cyber Security Threats

• Mobile App Targets for 2020

• NIST/GDRP & the future

GEOPOL

• China’s 2020 Focus on their 100 Year Plan

• Russian Influence into the Next Decade

INDUSTRY/MARKET

• Transportation – Maritime Industry Energy

• Oil & Gas / Electric Grid

• HealthCare – IoT Vulnerabilities

• Automotive – Dealerships

Please join our monthly cyber intelligence on-line, in-depth reporting webinars. Listen to top cyber professionals share threat intelligence that has the potential to transform your cybersecurity. Up to date insights into who’s targeting you and the tactics they might use. Make these monthly briefings part of your security program. The next webinar is on December 19, 2019.

RESTON, VA, USA – November 21, 2019- Global Resilience Federation (GRF) has partnered with Red Sky Alliance of New Boston, NH to offer automated and customized threat reports to GRF member companies, at a reduced rate.

 “We’re excited to offer individual companies affiliated with the GRF network a way to affordably access threat reports that are specific to the needs of their company, including intelligence gathered from Dark Web scans, keylogger outputs, and sinkholes.” said GRF President Mark Orsi.

 Red Sky Alliance, founded in 2011, is led by a team that created the first private corporate cyber threat intelligence sharing partnership. Red Sky analysts mine data from proprietary information sources, underground forums, and the Dark Web to produce daily intelligence assessments. These cyber threat reports are specific to the named company without requiring a network connection to the organization.

“We developed RedXray® as an easy to understand daily cyber threat report with documentation and access to our analyst team to help defend against cyber criminals. We are pleased with the opportunity to work with GRF and their members,” said Red Sky Alliance Founder and CEO Jim McKee.

 Joining GRF’s Alliance Program as a vendor partner, Red Sky Alliance is able to connect with thousands of organizations across multiple information sharing communities to offer its tailored reporting as well as complimentary tools including a malware analysis application.

 “This partnership offers insight to GRF affiliated organizations from a cybersecurity company that is committed to free and tier-priced services in order to meet different protection needs, regardless of companies’ size and budget,” added Orsi. “Given GRF’s non-profit mission to help secure critical and vital sectors, this ethos is one we find commendable and we’re glad to be working with Jim and his team.”

 ###

Global Resilience Federation (GRF) is a non-profit hub and integrator for support, analysis, and cross-sector intelligence exchange among information sharing and analysis centers (ISACs), organizations (ISAOs), and computer emergency readiness/response teams (CERTs). GRF’s mission is to help assure the resilience of critical and vital infrastructure against threats that could significantly impact the orderly functioning of the global economy and general safety of the public. GRF members include Financial Services ISAC, Retail ISAO, Retail and Hospitality ISAC, Legal Services ISAO, Energy Analytic Security Exchange, Health ISAC, Professional Services Information Exchange, Oil and Natural Gas ISAC, Downstream Natural Gas ISAC, and Operational Technology ISAC. Learn more at www.GRFederation.org, by visiting @GRFederation on Twitter or Global Resilience Federation on LinkedIn. Questions may be directed to Patrick McGlone at pmcglone@grfederation.org

Red Sky Alliance is a privately held USA owned and based cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting. Our company delivers insightful, actionable intelligence in formats best suited to your strategic, operational, and tactical needs. Red Sky focuses on identifying cyber threat actors, incidents, and trends; documenting tactics, techniques, and procedures; and putting that information into the proper context for both executive decision-makers and front-line defenders. Learn more at Red Sky Alliance website and our Portal.

Cyber Intelligence Briefing (CIB). November 14, 2019, at Noon EDT. Webinar presentations include the topics 'Emotet Botnet Trending' and 'QakBot’. Click here to watch the video now.

Please join our monthly cyber intelligence on-line, in-depth reporting webinars. Listen to top cyber professionals share threat intelligence that has the potential to transform your cybersecurity. Up to date insights into who’s targeting you and the tactics they might use. Make these monthly briefings part of your security program. The next webinar is on December 19, 2019.

New Boston, NH USA – Wapack Labs LLC http://www.wapacklabs.com announced today that their new service RedXray is now available for production use. RedXray monitors threats against your networks and your supply chain in a single console. The service automatically notifies you of any threats in your enrolled named entities for any industry segment. For use in supply chains, you can see who is at risk on daily basis and comply with NIST 800-171 rules. There are multiple use applications for banking (monitoring borrowers’ cyber health), finance (confirming cyber threats before investing) and insurance (is your client already in cyber jeopardy). If a client is having cyber issues, you can identify the problem quickly and easily and mitigate losses immediately.

“We use RedXray as a critical capability in our supply chain Strategic Assessment and Continuous Assessment engagements. It is by far the most robust offering we have seen,” stated John M.B. O’Connor, Chairman, Whitney Strategic Services LLC a New York City based business risk consulting firm.

“RedXray is helping our clients to be more proactive by seeing what cyber threats are affecting their business relationships, before the problem becomes more severe and a loss could occur. We use it internally to monitor our own portfolio of customers, and we now offer it to our customers to monitor their portfolio of suppliers, clients and customers,” said Jeff Stutzman, Chief Intelligence Officer at Wapack Labs.

About Wapack Labs LLC

Wapack Labs, located in New Boston, NH USA is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC, and individual organizations by offering expert level targeted intelligence analysis.

For questions or comments regarding this news release, please contact Jim McKee, CFO at 314-422-8185 or jmckee@wapacklabs.com.

The Wapack Labs analyst said the Russian nationals, now charged, after Robert Mueller's investigation “It's pretty clear that the Russian government is responsible. What is not clear is - what was/is the end game?”

Friday’s news that the Justice Department had indicted 12 Russian agents in connection with interference in the 2016 U.S. elections was a major development in the fast-moving Robert Mueller investigation. But that doesn’t mean it will change anyone’s mind in the long run.

Since Mueller was appointed special counsel in May 2017, his investigation has brought charges against 35 people or businesses, including former Trump confidants Paul Manafort and Michael Flynn in late 2017. But while American opinion about Russian involvement in the 2016 election has shifted over that time, the shift hasn’t always been lasting.

In late February 2018 — just after Mueller indicted 13 Russians and three companies, accusing them of trying to influence the 2016 election by stirring up anti-Clinton and pro-Trump sentiment online — Quinnipiac University asked poll respondents whether they thought the Russian government tried to influence the 2016 presidential election. Seventy-six percent said “yes,” while 18 percent said “no.” One month earlier, however, only 68 percent had said “yes,” while 27 percent had said “no.” Although we can’t know for sure, it’s reasonable to theorize that the indictments played a role in that increase.

*Published By FiveThirtyEight

Summary

During March-April 2018, dozens of Russian diplomats were expelled; hundreds of Russian Troll Factory- related accounts banned; new travel and economic sanctions levied and more are expected. While Russia did expel diplomats symmetrically, it explores options for an asymmetric response ranging from intellectual property violations to cyberattacks.

Details

Blows Targeting Russia

In March 2018, 25 countries and NATO expelled dozens of Russian diplomats (intelligence officers) over an ex-spy poisoning case in the UK (Figure 1). *1 The US closed Russia's Seattle Consulate, and in response Russia proportionally expelled the same number of diplomats and are closing the US Consulate in St. Petersburg.

On 15 March 2018, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) put five Russian entities and 19 individuals under sanctions for significant malicious cyber-enabled activities. This was prompted in part by the NotPetya attack and other cyber events. But the main focus was on the Internet Research Agency (IRA, also known as “Russian Troll Factory”) actors.

On 3 April 2018, Facebook and Instagram banned over 200 accounts which were connected to IRA. Most of the ban affected Russian-speaking accounts. Many were media-related and one was a Moscow local government account. According to Facebook, they “removed this latest set of Pages and accounts solely because they were controlled by the IRA, but not based on the content.”*2 Later in April, Reddit will join Twitter and Facebook in identifying and freezing IRA-related accounts.*3

On 6 April 2018, Trump's administration unleashed a new round of US-Ukraine related sanctions on Russia. This action resulted in Russian oligarchs losing close to $12 Billion in capitalization, and additionally, the Russian ruble lost part of its value.*4

Currently, new sanctions are being discussed and it is probable that the next round of sanctions will be in relation to the Russian collaboration of Syria’s use of chemical weapon against their opposition. Radical measures are being discussed to include placing Russia on the designated Foreign Terrorist Organizations (FTOs) list.

There are no signs of Russia stepping back. Publically Trump is sending signals that he desires a good relationship with Russia, yet both countries are using de-escalation mechanisms to avoid direct military conflict in Syria and other areas of the World.

Russia is and has been on a long-term trajectory to expand its influence. This strategy involves military actions and cyber operations to encompass: supporting rogue regimes of North Korea, Iran, Syria, and Venezuela; not abandoning their foothold in the Crimea; and, or dethroning Assad in Syria. So until these Russian diplomatic philosophies remain intact, relationships with the West will continue to deteriorate.

Russian Possible Response and Cyber

Russian actions and possible counter-actions are divided into five (5) important categories (diplomatic, kinetic, economic, information, and cyber):

1) Diplomatic actions included symmetric expulsion of Western diplomats. Russia is not cooperating in the investigations of chemical weapon use in Duma, Syria and with the ex-spy poisoning in the UK. Russia is trying to win new friends in Turkey and Austria.

2) Kinetic actions include continuation of low-scale military conflict in the Ukraine, successful expansion of Assad-controlled territories in Syria, and possible military bases in Sudan and other African countries.

3)   Economic actions include expanding existing Russian programs of supporting entities under sanctions. Russia has a prepared bill to potentially target reciprocally Western corporations, and even to abolish Western patents and trademarks in Russia.*5 So far Russia is cautious with these measures as they are likely to backfire; but some steps in this direction are being initiated.

4)   Information war includes continuation of the active information campaign towards the West. Dana White, the Chief US Pentagon Spokesperson noted that there was a 2,000 percent increase in Russian troll activity following the Syrian airstrikes.*6 At the same time, Russia has tighten the control over their Internet. On 16 April 2018, Russian censor agency banned Telegram messenger which refused to provide encryption keys. By 17 April 2018, the number of banned IPs grew to 16 million as Telegram started using Amazon and Google cloud services.*7 The Russian censor agency currently is threatening to audit and potentially ban Facebook, unless Facebook moves Russian users data to Russia and deletes unwanted information.*8

5)   A cyber response from Russia is also likely as part of asymmetric information war. Wapack Labs does not have much of immediate visibility into the current Russian APT moves, but we observe some inclinations from Russian hackers and we are learning much from the discovered Russian APT activities during the last 2-3 years.

Russia remains a save heaven for financially-motivated hackers that target other countries.

Both Russian APT groups and criminal hackers are using phishing and social engineering methods. For example, in April 2018, Wapack Labs reported how Russian spammers found a way to abuse the legitimate Email Report form for Google Analytics.*9

As Russia begins to censor Telegram messenger, several high profile Russian officials are publicly switching to ICQ. ICQ messenger is still popular among many hackers in different countries and is being controlled by Russia to offer valuable information regarding the cyber underground.

Russia is blamed for escalating cyber attacks as it became clear that Russia had a concerning foothold in the energy sector and in their networking equipment. US reported that since at least March 2016, Russian government cyber actors have targeted government entities and multiple US critical infrastructure sectors; including the energy, nuclear and other.*10

And a joint alert issued on 16 April 2018 by the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom's National Cyber Security Centre (NCSC) warns that Russian state-sponsored cyber actors are actively targeting home and enterprise routers. This alert provides an overview of Russian APT activity beginning in 2015 and ongoing in 2016 and 2017. Hacked devices ranged from small home routers to ISP-grade routers and firewalls, with attackers trying to hoard as many systems as possible. Attack vectors include Telnet, TFTP, SNMP, and SMI — protocols often found on routers, known to include vulnerabilities and easy to corrupt configuration options (see the Indicators table for the recorded IP indicators).*11

Conclusion

Relationships between Russia and the US constantly deteriorate and de-escalation mechanisms have only partially successful. In 2018, Russian information campaigns are of a concern (Russian Trolls); Russian state-sponsored hackers continue to be active; and new methods of spoofing and social engineering are being developed. Russian campaigns were discovered to compromise the US energy sector and networking infrastructure (routers). This prompted the US government to share information and help the wide range of industries to pay more attention. Wapack Labs will continue to monitor new Russian TTPs.

For questions or comments regarding this report, please contact the lab directly at 603-606-1246 or feedback@wapacklabs.com

*1 aa.com.tr/en/info/infographic/9483
*2 newsroom.fb.com/news/2018/04/authenticity-matters/ “Authenticity Matters: The IRA Has No Place on Facebook”
*3 www.reddit.com/wiki/suspiciousaccounts and www.reddit.com/r/announcements/comments/8bb85p/reddits_2017_transparency_report_and_suspec t/
*4 bloomberg.com/news/articles/2018-04-09/russia-s-richest-lose-16-billion-in-selloff-over-u-s- sanctions
*5 sozd.parliament.gov.ru/bill/441399-7 [in Russian]
*6 www.dailymail.co.uk/news/article-5615877/Russian-troll-activity-increases-2-000-Syrian- airstrikes.html
*7 www.bleepingcomputer.com/news/government/russia-bans-18-million-amazon-and-google-ips-in- attempt-to-block-telegram/
*8 iz.ru/733380/siuzanna-farizova/so-svobodoi-vse-khorosho-s-otvetstvennostiu-plokho [in Russian] 
*9 ctac-01.tac.wapacklabs.com/f5-w-68747470733a2f2f31302e302e312e3532$$/IR-18-095- 001_Russian_Spam_from_Google_Analytics
*10 www.us-cert.gov/ncas/alerts/TA18-074A Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. March 15, 2018
*11 www.us-cert.gov/ncas/alerts/TA18-106A

Jeff Stutzman CEO and Co-Founder of Wapack Labs speaks with Ray Brewer from WMUR9-ABC on the WANNACRY ransomeware attack and what you can do to keep your computer safe.