Tag: Cluley | Page 2

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns • Graham Cluley

February 3, 2024/in Internet Security

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Got two-and-a-half hours to spare?

Maybe instead of settling down to watch “Mission: Impossible – Dead Reckoning Part One”, you could check out this video where FBI director Christopher Wray warned the US Congress earlier this week of the risks posed by Chinese state-sponsored hackers.

As Wray described to the House select committee on the Chinese Communist party, a botnet operated by Volt Typhoon hacking group has been disrupted by law enforcement agencies.

The “vast majority” of affected routers are out-of-date NetGear and Cisco gear that are deemed to have reached their “end of life” and are no longer receiving security updates.

The routers were vulnerable to being recruited into Volt Typhoon’s so-called KV botnet if left unpatched. However, a court-approved US operation has deleted the malware from affected routers and took steps to prevent reinfection.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the FBI’s Wray, Volt Typhoon is compromising small businesses and home office routers to hide the origin of future Chinese-backed cyber attacks.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict. Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”

Committee chairman Mike Gallagher said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants.”

Although it’s a headline-grabbing thing to say, there is some truth in it. We have seen cyber attacks by nation-states against water facilities and electricity grids in the past. If successful, such attacks could have a significant impact.

Russia, for instance, managed to cut off internet access for tens of millions of Ukrainians, and in a separate cyber attack disrupted the power grid in the war-torn country.

“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” continued Gallagher. “The sole purpose is to be ready to destroy American infrastructure, which will…

Source…

Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

January 11, 2024/in Computer Security

Security firm Mandiant says it didn't have 2FA enabled on its hacked Twitter account

Anyone who works in computer security knows that they should have two-factor authentication (2FA) enabled on their accounts.

2FA provides an additional layer of security. A hacker might be able to guess, steal, or brute force the password on your accounts – but they won’t be able to gain access unless they also have a time-based one-time password.

So, how come Mandiant didn’t have 2FA protecting its Twitter account, which was hacked last week to promote a cryptocurrency scam?

Mandiant promised in the wake of the hack that it would share details of what had happened, and – true to its word – it’s done just that.

Mandiant explanation

But Mandiant’s explanation of how it was hacked raises some more questions.

We have finished our investigation into last week’s Mandiant X account
takeover and determined it was likely a brute force password attack,
limited to this single account.

What they seem to be saying is that someone tried over-and-over-and-over-and-over again again to break into Mandiant’s Twitter account, or rather used a computer to do it for them… and eventually they got lucky.

You have to wonder just how long and complicated Mandiant’s Twitter password was if that really was the case.

Presumably Mandiant has now changed the password, so why don’t they tell us what it was? Maybe we could all learn something if we knew just how much effort the hackers had to go to to bruteforce Mandiant’s password, and how long it might have taken them.

PS. “likely”? Sounds like Mandiant isn’t really sure.

My guess had been that perhaps Mandiant’s Twitter account was compromised in a similar way to that of another firm hacked around the same time – CertiK.

In that case the hackers contacted CertiK posing as a Forbes journalist, and tricked an employee into clicking on a link that posed as a calendar scheduling link for an interview.

Anyway, lets look further at what Mandiant has to say about its security breach:

Normally, 2FA would have mitigated this, but due to some team transitions and a change in X’s 2FA policy, we were not adequately protected. We’ve made changes to our process to ensure this doesn’t happen again.

Well, there’s a carefully worded sentence!…

Source…

LockBit ransomware gang steals data related to security of UK military bases, due to unpatched Windows 7 PC • Graham Cluley

September 5, 2023/in Internet Security

LockBit ransomware gang steals data related to security of UK military bases

An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.

Zaun says that on 5-6 August a “sophisticated cyber attack” saw hackers exploit an obsolete Windows 7 PC to gain access to the company’s servers, and exfiltrate data which has since been published on the dark web.

According to the firm, classified documents are not believed to have been included in the haul:

“LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.”

In what appears to be an attempt to reduce concern about the security breach, Zaun says that its perimeter fencing is hardly top secret:

“Zaun is a manufacturer of fencing systems and not a Government approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.”

Well, maybe that’s the case. But I would still be alarmed if there was sensitive information contained in the emails and other documents that were stolen. For instance, the contact details of personnel at military sites, or the specifics of a most sensitive area’s physical security.

I get the feeling that Zaun may know what it is doing when it comes to physical security, but may be lagging a little behind when it comes to digital security. Mainstream support for Windows 7 ended back in 2015.

Even if your organisation had managed to get itself on the list for extended Windows 7 security updates, the very last time you were able to receive them was until January 2023.

Zaun says it has contacted the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) about the data breach.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the…

Source…

Hacking forum hacked, user database leaked online • Graham Cluley

June 9, 2023/in Computer Security

Hacking forum hacked, user database leaked online

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Because it seems the hacking site has been… err… hacked.

As Bleeping Computer explains, upon the demise of RaidForums many of its users jumped ship to a new hacking forum called BreachForums to trade their stolen data.

Sign up to our free newsletter.
Security news, advice, and tips.

However, in March this year the US Department of Justice announced that it had forced BreachForums offline, and arrested its alleged founder 20-year-old Conor Brian Fitzpatrick, aka “pompompurin.”

Once again, those who like to frequent criminal hacking forums realised that they had to find a new home. Some members of the site, no doubt, would have feared that the authorities might have been able to spy upon their communications and gather evidence of their various wrongdoings.

So, did they give up a life of cybercrime? Far from it! Many of them joined a new hacking forum called ExposeForums.

And it is this site which appears to have now leaked the user database of RaidForums – potentially providing law enforcement, security researchers, and – yes – other cybercriminals with a large amount of potentially sensitive information.

Raidforums leak

According to Bleeping Computer, the data includes details of 478,870 RaidForums members, “including their usernames, email addresses, hashed passwords, registration dates, and a variety of other information related to the forum software.”

Chances are that this information (and possibly more) has been in the hands of law enforcement investigators since RaidForums’ website was seized in April 2022, but there is no doubt that it would also be of interest to others.

It must be pretty nerve-wracking being a mamber of a hacking forum like RaidForums, BreachForums, ExposeForums… never quite knowing when your preferred cybercrime hangout is going to be seized by the cops, and what information they might be able to find out about you.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley…

Source…

Tag Archive for: Cluley