Massive breach fuels calls for US action on cybersecurity

WASHINGTON (AP) — Jolted by a sweeping hack that may have revealed government and corporate secrets to Russia, U.S. officials are scrambling to reinforce the nation’s cyber defenses and recognizing that an agency created two years ago to protect America’s networks and infrastructure lacks the money, tools and authority to counter such sophisticated threats.

The breach, which hijacked widely used software from Texas-based SolarWinds Inc., has exposed the profound vulnerability of civilian government networks and the limitations of efforts to detect threats.

It’s also likely to unleash a wave of spending on technology modernization and cybersecurity.

“It’s really highlighted the investments we need to make in cybersecurity to have the visibility to block these attacks in the future,” Anne Neuberger, the newly appointed deputy national security adviser for cyber and emergency technology said Wednesday at a White House briefing.

The reaction reflects the severity of a hack that was disclosed only in December. The hackers, as yet unidentified but described by officials as “likely Russian,” had unfettered access to the data and email of at least nine U.S. government agencies and about 100 private companies, with the full extent of the compromise still unknown. And while this incident appeared to be aimed at stealing information, it heightened fears that future hackers could damage critical infrastructure, like electrical grids or water systems.

President Joe Biden plans to release an executive order soon that Neuberger said will include about eight measures intended to address security gaps exposed by the hack. The administration has also proposed expanding by 30% the budget of the U.S. Cybersecurity and Infrastructure Agency, or CISA, a little-known entity now under intense scrutiny because of the SolarWinds breach.

Republicans and Democrats in Congress have called for expanding the size and role of the agency, a component of the Department of Homeland Security. It was created in November 2018 amid a sense that U.S. adversaries were increasingly targeting civilian government and corporate networks as well as the “critical” infrastructure, such as the energy grid that…


Hackers Breach U.S. Cellular Customer Database After Scamming Employees

U.S. Cellular, the fourth-largest wireless carrier in America, has suffered a data breach. Hackers reportedly gained access to protected systems by installing malware on a computer at a U.S. Cellular retail store.

According to the breach notification filed with the Office of the Vermont Attorney General the attack began on the 4th of January. Hackers targeted a handful of U.S. Cellular store employees who had access to its customer relationship management (or CRM) software.

The notification doesn’t offer a lot of specifics about the attack itself. It notes only that those employees fell victim to a scam of some sort.

In incidents like this one, hackers will often contact employees and pretend to be IT support staff or outside contractors providing technology services. If they’re convincing enough, the victims are all too willing to grant remote access.

Once connected the attacker can implant malware that sets up the next phase of the attack. Since the U.S. Cellular staff were logged in to its CRM software at the time of the attack, the hackers immediately went to work collecting customer data.

Their activity was detected on January 6th — just two short days later. Unfortunately some U.S. Cellular customers had already been impacted.

The hackers were able to access customer names and addresses, cellular phone numbers, plan information and access PINs used when making changes to service. In some cases the attackers used that information to port customers’ phone numbers to other cellular carriers.

This can be very bad news for consumers. A ported phone number can allow a hacker to break into sensitive accounts if they’re protected by SMS-based two-factor authentication.

Porting can provide fodder for blackmail schemes and access to private photos and other data. A stolen phone number also gives a cybercriminal a convincing starting point for launching further attacks against a victim’s close contacts.

Impact of the attack was limited because the infected computer was quickly isolated before further harm could be done. U.S. Cellular has reset the affected customer PINs,…


USCellular hit by a data breach after hackers access CRM software


​Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers’ accounts.

In a data breach notification filed with the Vermont attorney general’s office, USCellular states that retail store’s employees were scammed into downloading software onto a computer.

This software allowed an attacker to access the computer remotely, and as the employee was logged into the customer relationship management (CRM), they gained access to that as well.

“On January 6, 2021, we detected a data security incident in which unauth0rized individuals may have gained access to your wireless customer account and wireless phne number. A few employees in retail stores were successfully scammed by unauthorized individuals and downloaded software onto a store computer.”

“Since the employee was already logged into the customer retail management (“CRM”) system, the downloaded software allowed the unauthorized individual to remotely access the store computer and enter the CRM system under the employee’s credentials,” states the USCellular data breach notification.

USCellular believes the attack occurred on January 4th, 2021.

It is not clear from the notification how many customers were affected and whether the employees were scammed via a phishing email or another method. 

While viewing a customers’ account in the CRM, the threat actor would have been able to see their name, address, PIN, cell phone numbers, service plan, and billing/usage statements.

“As indicated above, your customer account was impacted in this incident. Information your customer account includes your name, address, PIN c0de, and cellular telephone numbers(s) as well as information about your wireless services including your service plan, usage and billing statements known as Customer Proprietary Network Information (“CPNI”),” the data breach notification continues.

USCelluar states that customers’ social security numbers and credit card information were not accessible as they are masked in the CRM.

After learning of the attack, USCellular isolated the infected computer and reset the employee’s passwords.

The company also reset impacted customers’ and authorized contact’s PIN and…


Hackers breach Foreign Office computers in cyber attack

a large stone building with a grassy field: MailOnline logo

© Provided by Daily Mail
MailOnline logo

A Foreign Office countryside estate that hosts high-level discussions about global security was besieged by a cyber attack last month.  

Hackers targeted Wilton Park, a government agency operating out of a 16th century mansion in West Sussex, it was revealed tonight.

There is no evidence they stole any data but the outpost’s security operation is being stepped up.

Sources said that the National Cyber Security Centre was called in to help investigate following the breach.

a castle on top of a grass covered field: Hackers targeted Wilton Park, a government agency operating out of a 16th century mansion in West Sussex, it was revealed tonight

© Provided by Daily Mail
Hackers targeted Wilton Park, a government agency operating out of a 16th century mansion in West Sussex, it was revealed tonight

It is understood the attack is not connected to the devastating cyber attack on the Solar Winds Orion software, which US officials pin on Russian hackers.

The Foreign Office has not commented on any suspects of its investigation, but tonight confirmed the breach, which was first reported by The Sun

A Government spokesperson said: ‘We take data security very seriously. There is no evidence at this stage that data has been taken following a cyber incident at Wilton Park.’

Officials stressed that Wilton Park’s computer system is less secure than the Foreign Office’s IT, which holds classified information.

However it is understood Wilton Park’s cyber defences will be upgraded in light of the hack.

a man sitting in front of a computer screen: There is no evidence hackers stole any data but the outpost's security operation is being stepped up (stock image)

© Provided by Daily Mail
There is no evidence hackers stole any data but the outpost’s security operation is being stepped up (stock image)

Based in an imposing countryside house looming over the 6,000 acres of the South Downs National Park, Wilton Park is used for forums with political, diplomatic and business leaders.

It was established in 1946 and takes its name from the Wilton Park estate in Buckinghamshire, which was used as a Prisoner of War camp during World War II.

The government describes Wilton Park as ‘a global forum for strategic discussion’.

‘It organises over 50 events a year in the UK and overseas, bringing together leading representatives from the worlds of politics, business, academia, diplomacy, civil society and media.’ 

Read more