Tag Archive for: attempts

U.S., U.K. intel: Russian military hacking attempts “certainly still ongoing”

/in


United States and United Kingdom intelligence agencies said in a report Thursday that Russian military hackers over the last three years have tried to access the computer networks of “hundreds of government and private sector targets worldwide” and warned that those “efforts are almost certainly still ongoing.”

Why it matters: The security agencies cautioned that the military cyber unit, best known for hacking the Democratic National Committee and other political targets during the 2016 election, is still focusing on political consultants, political parties and think tanks, though they did not specify any targets by name.

  • The report is a joint advisory to network defenders published by the U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), and the U.K.’s National Cyber Security Centre (NCSC).

How it works: The agencies said hackers working for Russia’s General Staff Main Intelligence Directorate 85th Main Special Service Center (GTsSS) first attempts to gain login credentials to governmental or private-sector networks by conducting “widespread, distributed, and anonymized brute force access attempts” using Kubernetes.

  • The hackers can then use the valid credentials it obtains to expand their access to the targeted network, evade detection and defenses and ultimately access and exfiltrate protected data, including information from emails.
  • While brute-force password guessing campaigns are not new, the NSA said the “GTsSS uniquely leveraged software containers to easily scale its brute force attempts.”

What they’re saying: “The advisory warns system administrators that exploitation is almost certainly ongoing,” the NSA said. “Targets have been global, but primarily focused on the United States and Europe.”

  • “Targets include government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.”

The big picture: The report comes on the heels of a summit between President Biden and Russian President Vladimir Putin, during which Biden threatened to use the U.S.’…

Source…

Health Agency from Sweden Closes SmiNet after Hacking Attempts

/in


SmiNet, the country’s infectious diseases database which is also used to store electronic reports with statistics on COVID-19 infections, was shut down in order to investigate the hacking attempts.

The Swedish Public Health Agency has discovered that there have been several attempted intrusions into the SmiNet database. The database has therefore been closed down temporarily.

Work is underway to investigate as quickly as possible whether anyone may have accessed sensitive personal data from the database, as well as sort out and rectify any deficiencies.

Source

Because of the attack, the Swedish Public Health Agency was not able to report complete COVID-19 stats since the database shut down, and while the investigation is ongoing, no additional updates will be issued as well.

Translated the tweet will read:

Even if so far no evidence of unauthorized parties accessing sensitive information was found, the investigation will last at least a few more days until the reporting process will be restarted.

The SmiNet database, which stores electronic reports of infectious diseases, including covid-19, was previously closed for security reasons after several intrusion attempts. After adjustments to further increase security, the database has been running again since the evening of 28 May.

More time is needed to ensure that the statistics are complete so that a reliable assessment of the epidemiological situation can be made. Therefore, the next update of the statistics on cases of covid-19 will be on Thursday, June 3. Data from care providers and laboratories are then estimated to have been reported and analyzed.

The investigation into unauthorized access to sensitive information is still ongoing.

The incident has been reported to the Police and to the Privacy Protection Authority.

Source

This is not the first event of this kind, as two years ago the 1177 Swedish Healthcare Guide service for health care information was affected by a data breach after the company in charge of managing its storage server exposed it to…

Source…

Microsoft will alert Office 365 admins of Forms phishing attempts

/in


Microsoft will alert Office 365 admins of Forms phishing attempts

Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.

Microsoft Forms is an app that enables web and mobile users to create surveys, polls, and quizzes for collecting feedback and data online.

It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions.

Forms phishing activity alerts

Microsoft Forms detects phishing attempts with the help of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019).

This phishing protection feature will proactively identify malicious password collection in forms and surveys.

To do that, it uses automated machine reviews to “proactively detect malicious password collection in forms and surveys” to block phishers from abusing Microsoft Forms to create phishing landing pages.

Admins receive alerts of any users or forms blocked in their tenants for potential phishing. Microsoft is now working on also adding these phishing activity alerts to SCC’s Alert center.

“We are now adding Microsoft Forms’ phishing activities alert (for blocked forms and users due to confirmed and suspicious phishing) to the default alert policies in Microsoft’s Security and Compliance Center (SCC),” the company explains in a Microsoft 365 Roadmap entry.

“If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center.”

Rolling out later this month

Microsoft is planning on making this new feature generally available worldwide in all environments by the end of this month.

Microsoft also added an option in November allowing Office 365 admins to review Microsoft Forms phishing attempts to confirm or unblock forms tagged as suspicious for potentially attempting to maliciously harvest sensitive data.

Once the notifications are added…

Source…

Malware Email Attempts Flood Area Businesses | News

/in


Spam emails are being sent to many business in our area, including this newspaper. 

The emails have become an annoyance of late.   This prompted the Executive Director of the Chamber, Sweetwater and Nolan County, Karen Hunt  to issue clarification: 

“It has been brought to my attention that a few have received email from me with the subject seeming to have something to do with leadership class or a leadership participant invoice due.

DO NOT OPEN any attachments for an invoice or the leadership schedule or whatever the bait might be.

We do not send invoices by email unless we are contacted to do so. Invoices are still sent through the USPS mail. Also, Leadership Sweetwater and Future Sweetwater continue to be on hold until we feel it is safe to proceed and the organizations and facilities involved are comfortable with resuming the program.

Please note that my email address should appear as [email protected]. In two incidents thus far, my email address has not been correct. Please feel free to contact me if you have any concerns or comments.”

Source…