Tag Archive for: Cyberattack

Russian hackers target US networks in ‘ongoing’ cyberattack

/in


Russian-linked hackers blamed for the massive cyberattack on the US last year have been targeting hundreds of companies and organizations in its latest wave of attacks on US-based computer networks — as the White House dismisses the incident as “unsophisticated, run-of-the-mill operations.”

In a blog post Sunday, Microsoft said Nobelium — the Russian-based agency behind last year’s widespread SolarWinds attack — has been targeting cloud service providers and technology service organizations in a bid to obtain data.

The attacks have targeted organizations in the US and Europe since May, Microsoft said.

One of Microsoft’s top security officers, Tom Burt, told the New York Times, which first reported the breach, that the latest attack was “very large and ongoing.”

“Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Microsoft said in its blog post.

A smartphone displays the Microsoft logo in this illustration taken July 26, 2021.
Top Microsoft security officer Tom Burt claims Russian agency Nobelium is trying to disrupt the “global IT supply chain.”
REUTERS

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” 

Microsoft said it had notified 609 customers between July 1 and Oct. 19 that they had been attacked.

The company insisted only a small percentage of the latest attempts were successful.

President Joe Biden greets Russian President Vladimir Putin during a US-Russia Summit in Geneva, Switzerland on June 16, 2021.
President Biden greets Russian President Vladimir Putin during a US-Russia summit in Geneva, Switzerland, on June 16, 2021.
Getty Images

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian…

Source…

Senate Bill to Mandate Cyberattack, Ransomware Payment Reporting

/in


Energy companies, banks and other critical infrastructure operators would have to report cybersecurity incidents and ransomware payments to the federal government under legislation introduced Tuesday.

Senate Homeland Security and Governmental Affairs Chairman Gary Peters (D-Mich.) and ranking member Rob Portman (R-Ohio) are unveiling a bipartisan bill to require critical infrastructure operators to notify the Cybersecurity and Infrastructure Security Agency within at least 72 hours of experiencing a cyberattack, according to details shared with Bloomberg Government.

The measure would also require other organizations—including nonprofits, businesses with more than 50 employees and state and local governments—to notify the federal government within 24 hours if they make a ransom payment following a ransomware attack.

“When entities — such as critical infrastructure owners and operators — fall victim to network breaches or pay hackers to unlock their systems, they must notify the federal government so we can warn others, prepare for the potential impacts, and help prevent other widespread attacks,” Peters said in a press statement.

Companies Must Report Ransomware, Cyberattacks in Senate Measure

The Biden administration’s top cybersecurity officials, CISA Director Jen Easterly and National Cyber Director Chris Inglis, backed a draft version of the measure during a committee hearing last week.

Biden Cyber Officials Back Breach Incident Reporting Mandate

The Senate bill is similar to legislation from House Homeland Security Chair Bennie Thompson (D-Miss.) and Reps. Yvette Clarke (D-N.Y.) and John Katko (R-N.Y.), which was included in an amendment to the House version of the fiscal 2022 National Defense Authorization Act (H.R. 4350) passed on Sept. 23. The House bill doesn’t mandate reporting of ransom payments.

Cyber Incident Reporting by Industry Mandated in Draft Bill

Peters said he plans to mark up the legislation and is considering the Senate version of the defense policy bill as a potential vehicle to advance the measure on the Senate floor, he told Bloomberg Government last week.

To contact the reporter on this story: Rebecca…

Source…

The Colonial Pipeline Ransomware Cyberattack — Part 2 – rAVe [PUBS]

/in


hacker cybersecurity cyberattacks

What motivates a hacker or group of cyberattackers? The answer is typically money.

For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security.

The Colonial Pipeline ransomware attack in May of 2021 caused many gas shortages. It also resulted in an Executive Order from the Biden administration to “improve the nation’s cybersecurity and protect federal government networks.” The EO press release noted, “public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” But what motivates these attackers?

Hollywood movies and television series have long depicted hackers as teenagers huddled in a basement or dorm room, hacking into systems to change their grades or just to cause a little mayhem. The mischief-minded nerdy teens or collegiate hacker groups do exist in real life, for sure. But those stories are rare, and the impact of hacks by mischievous “script kiddies” is usually very minor. It’s more of competition at that age. While the pride of “cracking” a device or “pwning” someone is a real feeling among cybercriminals, most don’t do it for fun. Instead, most cyberattackers are motivated by money. Let’s look at the Colonial Pipeline as an example.

On May 7, 2021, a group of cybertattackers known as DarkSide used ransomware to attack the business networks of Colonial Pipeline, and the pipeline management quickly shut down the pipeline systems too.

A few days later, the Darkside website hosted a statement about the motivation of the attack, which said:

“We are apolitical, we do not participate in geopolitics, [you] do not need to tie us with a defined government and look for … our motives… Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.” 

Granted, if this statement came from criminals, it could be a partial or complete lie. But for the…

Source…

Check Point 700 Appliance Setup | SMB Cyber Security

/in