Tag Archive for: allegedly

OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack | Ballard Spahr LLP

/in


First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.

The Blacklisting of SUEX

According to OFAC, over 40% of SUEX’s known transaction history is associated with illicit actors.  As a result, SUEX is prohibited from transacting with U.S. persons or transacting within the United States, and financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.  OFAC issued the designation pursuant to Executive Order (E.O.) 13694, entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious…

Source…

Israeli firm allegedly behind unique hacking tool for Apple iPhones, Latest World News

/in


NEW YORK: A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, Internet security watchdog group Citizen Lab alleged on Monday.

The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on Monday.

The tool allegedly developed by the NSO Group defeats security systems designed by Apple in recent years. Apple said it fixed the vulnerability in Monday’s software update.

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Mr Ivan Krstic, head of Apple Security Engineering and Architecture.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers…” he added.

NSO did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”. – REUTERS

Source…

Hacker allegedly tried to poison San Francisco Bay Area water supply

/in


A hacker allegedly tried to poison water being processed at a San Francisco Bay Area water treatment plant, according to an NBC News report late last week.

The attack took place on Jan. 15 and involved the person gaining access to the water treatment plant network by using a former employee’s TeamViewer account credentials. Having gained access to the plant, the person then deleted programs that the water plant uses to treat drinking water.

According to a confidential report compiled by the Northern California Regional Intelligence Center and seen by NBC, the hack was not discovered until the following day. The facility subsequently changed its passwords and reinstalled the programs. “No failures were reported as a result of this incident and no individuals in the city reported illness from water-related failures,” the report noted.

Michael Sena, the executive director of NCRIC, denied the report. “No one tried to poison any of our water. That is not accurate,” Sena told the San Franciso Chronicle, noting that tampering with computer programs would be unlikely to result in poisoning.

“It takes a lot to influence a water supply chain,” Sena explained. “For a large impact, there has to be a large change in the chemicals in the system. The amount of chemicals it would take to cause harm to people…. The numbers are astronomical.”

The Bay Area’s water supply threat is not the first compromise of a treatment plant and will likely not be the last. In February, an unknown attacker accessed a water treatment plant in Oldsmar, Florida, and attempted to poison the water supply by increasing the flow of sodium hydroxide to toxic levels. In that case, the attacker was detected before the water supply could be affected.

“While it’s important to keep an eye on major events, we should also avoid oversensationalized headlines intended to spread fear,” Chris Grove, technology evangelist at critical infrastructure security specialist Nozomi Networks Inc., told SiliconANGLE. “Some headlines are taking the action of deleting code and jumping to attempted mass poisoning. There was not an attempt at poisoning the water supply.”

That said, he added, “this…

Source…

Raoul sets up hotline on computer breach as ‘ransomware’ group posts files allegedly stolen from his office

/in


A “ransomware” group potentially linked to Russia has uploaded to a website scores of documents it says were stolen from Illinois Attorney General Kwame Raoul’s office over two weeks after the state’s top law enforcement officer first reported his office’s computer network was compromised.

Raoul had declined to publicly provide details of the hack, but on Thursday, he issued a follow-up statement, saying his office has set up a toll-free hotline for those seeking more information on the breach, which could include “names, addresses, email addresses, Social Security numbers, health insurance and medical information, tax information, and driver’s license numbers.”

But the office said it “has not yet determined what personal information on its network is impacted.”

The latest announcement comes after the ransomware group DoppelPaymer posted 68 documents it said are from the attorney general’s office, as well as other entities they’ve hit, on a website on which a user can find “private data of the companies which were hacked by DoppelPaymer.”

According to the website, the “companies decided to keep the leakage secret. And now their time to pay is over.”

The Chicago Sun-Times accessed the site using a special browser that allows for anonymous communication while on the internet.

Ransomware is a type of malicious software that typically includes threats to publish a victim’s data or block access to that data unless the victim pays a ransom.

The documents from Raoul’s office were initially published on the website on April 21, with more documents added Thursday. The files taken from the Illinois’ chief legal officer include those labeled “judgments entered,” “shakedown cases” and “state prisoners.”

About 200 gigabytes of confidential information will be “progressively uploaded,” the group warns on the site.

Starting Friday, anyone with questions about the network compromise can call the Attorney General’s Computer Network Compromise Hotline at 1-833-688-1949, from 8 a.m. to 5 p.m., Monday through Friday.

Raoul’s office will continue to “evaluate the extent of the network compromise” and information about the breach, and…

Source…