Saturday, March 17, 2012

Did you experience "large scale phishing" last night?

Good morning!

At approximately 8PM (UTC) last night a member of the Red Sky Alliance posted a note and initial snippets of a 'large scale phish'. It turned out the phish affected multiple companies across the membership. Three of them and two analysts from Red Sky Alliance team came together to quickly diagnose the event as a team.

This phish is still under monitor in the membership and we'll wait to see what happens over the weekend, but we had four participants from three industry sectors looking at 'large scale phishing'. At least two different mails went were received. Both showing different senders for each of thousands of emails received.

Threat analysts and incident responders in real time communications with threat analysts and incident responders in other companies, in other sectors, comparing notes and quickly diagnosing issues they're seeing on their networks.

Great job to all involved! This is exactly what the Red Sky Alliance is all about!


Tuesday, March 13, 2012

Posting our second Fusion Report!

Red Sky just posted our second Fusion Report. The report offers an analysis of a set of APT actors, how they operate, and indicators to both identify, and protect from their current MO. 

What is the Red Sky Alliance? Red Sky Alliance is a real time private cyber neighborhood watch (42 second video) and when needed, an out of band ‘war room’.  Inside the portal members share information about current advanced threats and assist each other with analysis, best practice, and preventing future attacks. On the back end, Red Sky analysts use the information to author Fusion Reports that detail, in a clear and cohesive way, all information known about the subject. The Fusion Report includes an executive summary, detailed analysis, mitigation recommendations, and a list of indicators in an easy to use Kill Chain format. 

It's a small start, but this is our second fusion report in as many weeks. You asked for value beyond simple collaboration..  we're delivering... and we're going to keep delivering.