Tag Archive for: Destructive

Rising Global Tensions Could Portend Destructive Hacks

/in


Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

CISA’s Goldstein Says Critical Infrastructure Should ‘Remain on Heightened Alert’

Chris Riotta (@chrisriotta) •
October 25, 2023    

Rising Global Tensions Could Portend Destructive Hacks
Image: Shutterstock

U.S. government agencies and private sector organizations should “remain on heightened alert” for disruptive cyberattacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts, a top official for the U.S. Cybersecurity and Infrastructure Security Agency said on Wednesday.

See Also: Revealing the Secrets of Synthetic Identity Fraud: Safeguarding Your Organization Amidst a Changing Threat Landscape


Recent government analysis, including the latest annual global threat assessment of the U.S. intelligence community, indicates that cybercriminals and foreign adversaries would likely execute destructive attacks against critical infrastructure in the U.S. in the event of a Chinese conflict with Taiwan.


The U.S. is already facing major international crises – Russia’s invasion of Ukraine and the war between Israel and Hamas – that pose an “extraordinary challenge in cybersecurity” for government agencies, critical infrastructure operators and the private sector, said Eric Goldstein, CISA’s executive assistant director for cybersecurity.


“Russian cyber actors remain highly capable,” Goldstein said during an event hosted by think tank R Street Institute. There is “tremendous uncertainty” surrounding the future trajectory of Russian cyber activity around the war in Ukraine.


“We have to remain on heightened alert about how we think about the…

Source…

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

/in


Apr 08, 2023Ravie LakshmananCyber War / Cyber Threat

Iran-Based Hackers

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.

That’s according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084.

“While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation,” the tech giant revealed Friday.

MuddyWater is the name assigned to an Iran-based actor that the U.S. government has publicly connected to the country’s Ministry of Intelligence and Security (MOIS). It’s been known to be active since at least 2017.

It’s also tracked by the cybersecurity community under various names, including Boggy Serpens, Cobalt Ulster, Earth Vetala, ITG17, Mercury, Seedworm, Static Kitten, TEMP.Zagros, and Yellow Nix.

Attacks mounted by the group have primarily singled out Middle Eastern nations, with intrusions observed over the past year leveraging the Log4Shell flaw to breach Israeli entities.

The latest findings from Microsoft reveal the threat actor probably worked together with DEV-1084 to pull off the attack, the latter of which conducted the destructive actions after MuddyWater successfully gained a foothold onto the target environment.

“Mercury likely exploited known vulnerabilities in unpatched applications for initial access before handing off access to DEV-1084 to perform extensive reconnaissance and discovery, establish persistence, and move laterally throughout the network, oftentimes waiting weeks and sometimes months before progressing to the next stage,” Microsoft said.

In the activity detected by Redmond, DEV-1084 subsequently abused highly privileged compromised credentials to perform encryption of on-premise devices and large-scale deletion of cloud resources, including server farms, virtual machines, storage accounts, and virtual networks.

Furthermore, the threat actors gained full access…

Source…

FortiGuard Labs Reports Destructive Wiper Malware Increases Over 50%

/in


FortiGuard Labs Reports Destructive Wiper Malware Increases Over 50%
FortiGuard Labs Reports Destructive Wiper Malware Increases Over 50%

Adversarial Supply Chains Strengthen in Complexity and Sophistication to Counter Evolving Defenses

Bangalore, India, – February 27, 2023: Vishak Raman, Vice President of Sales, India, SAARC & Southeast Asia at Fortinet: “For cyber adversaries, maintaining access and evading detection is no small feat as cyber defenses continue to advance to protect organizations today. To counter, adversaries are augmenting with more reconnaissance techniques and deploying more sophisticated attack alternatives to enable their destructive attempts with APT-like threat methods such as wiper malware or other advanced payloads. To protect against these advanced persistent cybercrime tactics, organizations need to focus on enabling machine learning–driven coordinated and actionable threat intelligence in real time across all security devices to detect suspicious actions and initiate coordinated mitigation across the extended attack surface.”

News Summary:

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the latest semiannual Global Threat Landscape Report from FortiGuard Labs. The threat landscape and organizations’ attack surface are constantly transforming, and cybercriminals’ ability to design and adapt their techniques to suit this evolving environment continues to pose significant risk to businesses of all sizes, regardless of industry or geography. For a detailed view of the report, as well as some important takeaways, read the blog.

Highlights of the 2H 2022 report follow:

  • The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks.
  • New intelligence allows CISOs to prioritize risk mitigation efforts and minimize the active attack surface with the expansion of the “Red Zone” approach.
  • Ransomware threats remain at peak levels with no evidence of slowing down globally with new variants enabled by Ransomware-as-a-Service (RaaS).
  • The most prevalent malware was more than a year old and had gone through a large amount of speciation, highlighting the efficacy and economics…

Source…

US offers bounty for Sandworm, the Russian hackers blamed for destructive cyberattacks

/in


The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for information that identifies or locates its members.

The Sandworm hackers — who work for a division of Russia’s GRU, the country’s military intelligence division — are known for launching damaging and destructive cyberattacks against critical infrastructure, including food supplies and the energy sector.

Sandworm may be best known for the NotPetya ransomware attack in 2017, which primarily hit computer systems in Ukraine and disrupted the country’s power grid, leaving hundreds of thousands of residents without electricity during the depths of winter. In 2020, U.S. prosecutors indicted the same six Sandworm hackers, who are believed to still be in Russia, for the NotPetya attack, as well as several other attacks that targeted the 2018 PyeongChang Winter Olympics in South Korea and for running a hack-and-leak operation to discredit France’s then-presidential frontrunner Emmanuel Macron.

In a statement this week, the U.S. State Department said the NotPetya attack spilled outside of Ukraine across the wider internet, resulting in close to $1 billion in losses to the U.S. private sector, including medical facilities and hospitals.

Read more

The timing of the bounty comes as U.S. officials warn that Russia-backed hackers, including Sandworm, could be preparing damaging cyberattacks that target businesses and organizations in the United States following Russia’s invasion of Ukraine.

Since the start of the invasion in February, security researchers have attributed several cyberattacks to Sandworm, including the use of “wiper” malware to degrade Viasat’s satellite network that the Ukrainian military heavily relies on. Ukraine’s government said earlier this month it had disrupted another Sandworm attempt to target a Ukrainian energy provider using malware it repurposed from cyberattacks it launched against Ukraine in 2016.

The FBI also this month said it conducted an operation to disrupt a massive botnet that infected thousands of compromised routers, including many located in the U.S., by locking…

Source…