Tag Archive for: Cybercriminals

Ransomware: How cybercriminals hold data hostage… and why the best solution is often paying a ransom – 60 Minutes

/in


We’re seeing just how defenseless our food and fuel supplies can be to hackers. This month, the largest meat producer in America was forced to close for several days. And that was only three weeks after hackers shut down the main source of gasoline for the East Coast. Both were ransomware, attacks by hackers who break into a computer network and lock it until ransom is paid. Colonial pipeline paid more than $4 million, in May, to get fuel flowing in the East again. As we first told you in 2019, critical public service networks are also targets. Twenty-six percent of cities and counties, for example, report that they fend off network attacks every hour. Perhaps even worse, dozens of hospitals have been held hostage all across the country.

In January 2018, the night shift at Hancock Regional Hospital watched its computers crash with deepest apologies. The 100-bed facility in the suburbs of Indianapolis got its CEO, Steve Long, out of bed.

Steve Long: We had never been through this before. And it’s something that I read in the journals. And I say, “Oh, those poor folks. I’m glad that’s never going to happen to us.” But when you come in and you see that the files on your computer have been renamed and all of the files were renamed either “we apologize for files” or “we’re sorry.” And there was a moment when I thought, “Well, maybe they’re not so bad. They said they were sorry.” But, in fact, they had encrypted every file that we had on our computers and on the network.

steve-long-1.jpg
Steve Long

Long told 911 to divert emergency patients to a hospital 20 miles away. His staff turned to pen and paper. Nothing electronic could be trusted.

Steve Long: This is a ransomware, so this is a virus that has gotten into the computer system. “Would it have the ability to jump to a piece of clinical equipment? Could it jump to an IV pump? Could it jump to a ventilator? We needed a little time just to make sure about that.”

But time was a luxury not offered in the ransom demand.

Steve Long: “Your network has been encrypted. If you would like to purchase the decryption keys, you have seven days to do so or your network files will be permanently deleted.” And then it gave us the…

Source…

The MTA’s Computer Systems Breached By Chinese Cybercriminals

/in


New York City’s Metropolitan Transportation Authority (MTA), which runs the city’s bus and subway systems, has disclosed on Wednesday it had its systems hacked in April 2021.

The Metropolitan Transportation Authority (MTA) is a public benefit organization that is in charge of public transportation in the New York City metropolitan area of the U.S. state of New York.

The MTA is the largest public transit authority in the United States, carrying over 11 million passengers on an average weekday systemwide, and over 850,000 vehicles on its seven toll bridges and two tunnels per weekday.

The threat actors, believed to have connections to the Chinese Government, penetrated the MTA network employing flaws in Pulse Connect Secure, a commercial VPN solution that provides employees remote access to their company’s network.

As stated by Rafail Portnoy, MTA’s Chief Technology Officer, the cybercriminals did not obtain access to systems that control train cars and rider safety was not at risk, adding that the intrusion seemed to have done little damage. No access to staff or customer-sensitive data was acquired during the hack.

The MTA quickly and aggressively responded to this attack, bringing on Mandiant, a leading cybersecurity firm, whose forensic audit found no evidence operational systems were impacted, no employee or customer information breached, no data loss, and no changes to our vital systems.

Source

MTA officials stated the attack occurred at around 8 p.m. on April 20. It said the Cybersecurity and Infrastructure Security Agency, National Security Agency, and FBI informed MTA of the breach.

By the next morning, MTA declared it had executed the required security patches, recommended by CISA, to fix the flaw.

Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing the spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyber-attacks are a growing global threat.

Source

According to a cybersecurity company that collaborates with the federal government, the attack on the MTA did not involve financial requests and instead seems to be part of a recent series of global intrusions by…

Source…

The pandemic has been a boon for cybercriminals – Boston 25 News

/in


BOSTON — School closures, car inspections stalled and emergency services communications affected; those are some of the disruptions ransomware attacks have caused in Massachusetts in recent weeks.

25 Investigates examined who is behind these attacks and whether enough is being done to thwart future incidents.

As investigative reporter Ted Daniel found, business has been good for these digital extortionists. Ransomware attacks in the U.S. have increased by 300% in the past nine months, in part because more people are working remotely.

Hackers form Evil Corp, a Russian cybercrimes organization, are responsible for ransomware attacks in 11 states, including Massachusetts, according to the Department of Justice.

Videos on social media show Evil Corp members enjoying a lavish lifestyle, including fast cars and exotic pets, presumably funded with ill-gotten money.

The FBI says a different group of Russian hackers is behind recent cyberattacks that shut down the Colonial gas pipeline. The pipeline moves nearly half the fuel used on the eastern seaboard. And you may be paying more at the pump because of it.

“The nature of these attacks does seem to be changing,” said Jane Fountain, a cybersecurity expert and professor at the University of Massachusetts-Amherst’s College of Information and Computer Sciences.

Fountain said hackers are demanding higher ransoms and stealing private data even when the ransom is paid. That data can include credit card numbers, medical records and social security numbers.

“Many criminals realize that they can try selling that data on the black market, all over the world. So they can attack operations, as well as encrypting data,” she said.

25 Investigates was the first to report that hackers took down the computer network at Lawrence City Hall last month.

Haverhill Public Schools was simultaneously dealing with a ransomware attack of its own.

Ransoms have also been demanded from or paid by the vendor that hosts the Registry of Motor Vehicles inspection network. That security failure cost repair shops thousands and temporarily allowed potentially unsafe cars on the road.

The list of ransomware attacks in Massachusetts includes: City of New Bedford, Tewksbury…

Source…

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

/in


Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research.

The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

password auditor

“The biggest risk for the targeted companies and individuals is the fact that security solutions still have a lot of problems with detecting malicious Excel 4.0 documents, making most of these slip by conventional signature based detections and analyst written YARA rules,” researchers from ReversingLabs said in a report published today.

Excel 4.0 macros (XLM), the precursor to Visual Basic for Applications (VBA), is a legacy feature incorporated in Microsoft Excel for backward compatibility reasons. Microsoft warns in its support document that enabling all macros can cause “potentially dangerous code” to run.

The ever-evolving Quakbot (aka QBOT), since its discovery in 2007, has remained a notorious banking trojan capable of stealing banking credentials and other financial information, while also gaining worm-like propagation features. Typically spread via weaponized Office documents, variants of QakBot have been able to deliver other malware payloads, log user keystrokes, and even create a backdoor to compromised machines.

password auditor

In a document analyzed by ReversingLabs, the malware not only tricked users into enabling macros with convincing lures, but also came with embedded files containing XLM macros that download and execute a malicious second-stage payload retrieved from a remote server. Another sample included a Base64-encoded payload in one of the sheets, which then attempted to download additional malware from a sketchy URL.

“Even though backward compatibility is very important, some things should have a life expectancy and, from a security perspective, it would probably be best if they were deprecated at some point in time,” the researchers noted. “Cost of maintaining 30 year old macros should be weighed against the security risks using such outdated technology brings.”

Source...


[the_ad_group id="27628"]