Posts

The Colonial Pipeline Ransomware Cyberattack — Part 2 – rAVe [PUBS]

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


hacker cybersecurity cyberattacks

What motivates a hacker or group of cyberattackers? The answer is typically money.

For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security.

The Colonial Pipeline ransomware attack in May of 2021 caused many gas shortages. It also resulted in an Executive Order from the Biden administration to “improve the nation’s cybersecurity and protect federal government networks.” The EO press release noted, “public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” But what motivates these attackers?

Hollywood movies and television series have long depicted hackers as teenagers huddled in a basement or dorm room, hacking into systems to change their grades or just to cause a little mayhem. The mischief-minded nerdy teens or collegiate hacker groups do exist in real life, for sure. But those stories are rare, and the impact of hacks by mischievous “script kiddies” is usually very minor. It’s more of competition at that age. While the pride of “cracking” a device or “pwning” someone is a real feeling among cybercriminals, most don’t do it for fun. Instead, most cyberattackers are motivated by money. Let’s look at the Colonial Pipeline as an example.

On May 7, 2021, a group of cybertattackers known as DarkSide used ransomware to attack the business networks of Colonial Pipeline, and the pipeline management quickly shut down the pipeline systems too.

A few days later, the Darkside website hosted a statement about the motivation of the attack, which said:

“We are apolitical, we do not participate in geopolitics, [you] do not need to tie us with a defined government and look for … our motives… Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” 

Granted, if this statement came from criminals, it could be a partial or complete lie. But for the…

Source…

Check Point 700 Appliance Setup | SMB Cyber Security



Tokyo Olympics could be threatened by cyberattack, FBI warns

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


The Olympics are ripe for cyberattacks by nation-state actors, the FBI said in a notification to cybersecurity professionals, adding that these actors could hack or ransom sensitive stolen data.

The games provide an opportunity for state-backed actors to “sow confusion…and advance ideological goals,” the FBI said in a statement.

In its notification, the FBI cited the potential for distributed denial of service (DDoS) attacks – where computers are rendered unavailable to an organization – targeting TV broadcasters, hotels, mass transit, ticketing services and event security infrastructure as a possibility.

TOKYO OLYMPICS: WHAT TO KNOW ABOUT THE 2020 GAMES

DDoS attacks are often part and parcel of ransomware.

Some attacks have already happened. In June, Japan’s Kyodo News reported that information was leaked from a data sharing tool developed by Japanese IT company Fujitsu. The breach involved Japan’s national cybersecurity center which was preparing for potential cyberattacks during the games, Kyodo said.

Olympic meddling from state actors would not be unprecedented. The FBI indicted Russian cyber actors for hacking into computers supporting the 2018 PyeongChang Winter Olympics, culminating in a cyberattack targeting the Opening Ceremony.

And the FBI notification comes in the wake of a joint advisory from The National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI about an active malicious cyber campaign being carried out by the Russian General Staff Main Intelligence Directorate (GRU) targeting hundreds of U.S. and foreign organizations in order to penetrate government and private sector networks.

“GRU continues to be a threat…The scale, reach and pace of their operations is alarming,” a spokesperson from cybersecurity firm Check Point Software told Fox News.

BIDEN TELLS PUTIN TO ‘DISRUPT’ RANSOMWARE GROUPS OPERATING OUT OF RUSSIA

Against a backdrop of global cyber warfare, the usual suspects could be active.

“Given the ongoing rise in temperatures of the ‘Cyber Cold War,’ it is likely that we will see many of those previously linked with recent high profile cyberattacks – such as Russia, China, REvil and other organized groups,”…

Source…

Russian Defense Ministry website targeted by foreign cyberattack

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Russia’s Defense Ministry was targeted by a DDoS cyberattack conducted by a foreign source on Friday, according to the Russian TASS news agency.

“The official website of the Russian Ministry of Defense on the Internet was subjected to a DDoS attack, as a result of which some users may experience difficulties in accessing its content,” the ministry said, according to TASS.

The ministry added that the source of the attack came from outside Russia. The site has been restored.

The computer security service of the Defense Ministry stated that “No violations in the operability of the software and technical infrastructure of the website of the Russian Defense Ministry have been allowed.”

US President Joe Biden recently warned Russian President Vladimir Putin that the US would take “any necessary action” to stop cyberattacks from Russia, after a series of cyberattacks from within Russia territory targeted US companies.

Biden told reporters that he “made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” according to the BBC.

The Kremlin denied that the US has contacted Russia about cyberattacks, saying that Russia is ready to “jointly clamp down on criminal activity in the informational sphere.”

Source…