Sunday, May 20, 2012

Weekly update; Fusion Report 12-009 was just posted


It’s been another great week in the Red Sky Alliance!  
This week was the week of the FS-ISAC meeting.  As a result, participation was a little light, but nonetheless, we had some pretty cool stuff happen.
Fusion Report 12-009 was just posted to the portal. It tells the story of an Internet service provider in the US whose only customers are apparently international (ahem) entrepreneurs, including details of one man’s empire of fraud, domains, and a laundry list of malicious activity. The report gives our membership over 400 new domains, malicious emails and subnets that they may now simply ‘block’. This report was interesting because it wasn’t based on an incident responded to by a member, rather translations of open source information by one of our analysis teams which suggested that an international "security professional" was using a rural US-based ISP for their service. The question ‘why?’ lead us to some interesting findings from the membership, and in the end, a great read!
On Wednesday, another Founding Member joined the Alliance and our Advisory Board; this one from the Defense Industrial Base. This is a smaller company ($1.5 billion in annual revenue and 300 federal contracts in intelligence, defense, homeland security and the aviation industry) but the company has a GREAT Infosec team that will make an incredible contribution. The cross sector nature of the Alliance is rounding out nicely! Welcome!
Also on Wednesday we analyzed a suspected targeted 0-day. Many of the Alliance members assisted, and the output will be a formal Fusion Report showing how it plays into the bigger scheme of the group using it. I’m very much looking forward to Fusion Report 10!
Until next time,
Have a great week!
Jeff
Post a Comment