Saturday, August 31, 2013

Red Sky Weekly - 0-day and intel

Red Sky Alliance turns two!

Yesterday marked the second anniversary of our incorporation! We're two! We've come a long way. They say the test of a startup comes in making it through the first year, but I'll tell you, even the second is terrifying! That said, it's been a GREAT two years!

I've just returned from Iceland, where I had the opportunity to participate and speak at the Nordic Security Conference. What a blast! The weather was cool and wet most days, but nonetheless, I was able to get a run in along the beach (Did you know they have a heated beach?? They pump geothermal heat into the beach!) and experience a bit of the local flair. Thank you to our Icelandic hosts! I'm looking forward to seeing some of you come into Red Sky!

BT BT (break break)

I'm starting this week's blog with some good intel. We're heading into post-summer, and as with every year, it seems September brings folks back to life from summer vacations. This year is now different...

  • Fusion Report 20: In late July, Red Sky received information regarding Microsoft 0 day, being exploited in the wild. This Fusion Report provided detailed the delivery and C2 infrastructure as well as the observed payloads and protection against it. Red Sky classified this activity as UPS for future tracking and correlation. 
  • Intelligence Report: Red Sky received information regarding a piece of malware used in targeting (as currently known) only one member of the Red Sky Alliance membership. This appeared to be a highly targeted set of attacks (yes, a set.. more than one) against one company with very specific intent. Our internal analysis team was able to locate who we believe authored the malware used. Our report is going out this weekend after some final edits.
BT BT

Preparing for our next threat day: September 9th will bring our next threat day. This one will be held in one of the big telecoms. We'll be demonstrating new tech to be added to the Red Sky portal, we've got four great presenters and we'll be wrapping the day with a tour of this telecom's global NOC. I'm very much looking forward to it!



The next few weeks are big for Red Sky Alliance. As we head into the post-summer months, it seems like we get really busy on both the analytic fronts and new membership requests. I'll be in the lab in Manchester all of this week, but heading to the DC area next week, taking appointments for Red Sky introductions. I've got several booked up, so if you've been considering talking with us about membership in any of the portals, or a need for services from the lab, Please contact us earlier rather than later. 

  • Red Sky Alliance's private portal - Business to business only. No government participation. Companies share information about current activities and futures. Our backend analysis team boils down those conversations and feeds them back in Fusion reports --20 pages of solid analyst porn and usually several pages of easy to use kill chain formatted indicators.
  • Red Sky Alliance's Beadwindow portal: Beadwindow is a Private | Public environment. We have smaller companies, and state/local/federal IT workers in Beadwindow. Beadwindow members do not get access to the private portal, but do have access to Red Sky's expert analytic team.
  • Wapack Labs: Wapack is the hands-on end of the business. If you need forensic support, malware work, or development work, consider Wapack. In addition, we've been talking (and working) in healthcare companies offering HIPAA gap analysis and assessments (we have fully qualified auditors on staff), following up with placement of sensors for protection. We bring data back to the lab (over the wire) where we check sensor findings against current Red Sky indicator data. This does a couple of things --companies who may not otherwise participate in Red Sky get the benefit, and Red Sky members get the benefit of any new TTP's or indicators identified!

I'm keeping this one short, but please, if you're considering scheduling a demo, contact us today. We'd be happy to set it up.

Until next time,
Have a great week!
Jeff




Post a Comment