Tag Archive for: Devastating

The Sunburst hack was massive and devastating. Here are 5 observations from a cybersecurity expert

/in


So much remains unknown about what is now being called the Sunburst hack, the cyberattack against US government agencies and corporations. US officials widely believe that Russian state-sponsored hackers are responsible.

The attack gave the perpetrators access to numerous key American business and government organisations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely.

However, the nature of the affected organisations alone makes it clear that this is perhaps the most consequential cyberattack against the US to date.

An act of cyberwar is usually not like a bomb, which causes immediate, well-understood damage. Rather, it is more like a cancer — it’s slow to detect, difficult to eradicate and it causes ongoing and significant damage over a long period of time.

Here are five points that cybersecurity experts — the oncologists in the cancer analogy — can make with what’s known so far.

1. The victims were tough nuts to crack

From top-tier cybersecurity firm FireEye to the US Treasury, Microsoft, Intel and many other organisations, the victims of the attack are for the most part firms with comprehensive cybersecurity practices.

The list of organisations that use the compromised software includes firms like MasterCard, Lockheed Martin and PricewaterhouseCoopers. SolarWinds estimates about 18,000 firms were affected.

As CEO of cybersecurity firm Cyber Reconnaissance Inc and an associate professor of computer science at Arizona State University, I have met security professionals from many of the targeted organisations.

Many have world-class cybersecurity teams. These are some of the hardest targets to hit in corporate America. The victims of Sunburst were specifically targeted, likely with a primary focus on intelligence gathering.

2. This was almost certainly the work of a nation – not criminals

Criminal hackers focus on near-term financial gain. They use techniques like…

Source…

The Sunburst Hack Was Massive and Devastating

/in


This article about the Sunburst hack is republished here with permission from The Conversation. This content is shared here because the topic may interest Snopes readers; it does not, however, represent the work of Snopes fact-checkers or editors.

So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials widely believe that Russian state-sponsored hackers are responsible.

The attack gave the perpetrators access to numerous key American business and government organizations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely. However, the nature of the affected organizations alone makes it clear that this is perhaps the most consequential cyberattack against the U.S. to date.

An act of cyberwar is usually not like a bomb, which causes immediate, well-understood damage. Rather, it is more like a cancer – it’s slow to detect, difficult to eradicate, and it causes ongoing and significant damage over a long period of time. Here are five points that cybersecurity experts – the oncologists in the cancer analogy – can make with what’s known so far.

1. The victims were tough nuts to crack

From top-tier cybersecurity firm FireEye to the U.S. Treasury, Microsoft, Intel and many other organizations, the victims of the attack are for the most part firms with comprehensive cybersecurity practices. The list of organizations that use the compromised software includes firms like MasterCard, Lockheed Martin and PricewaterhouseCoopers. SolarWinds estimates about 18,000 firms were affected.

As CEO of cybersecurity firm Cyber Reconnaissance Inc. and an associate professor of computer science at Arizona State University, I have met security professionals from many of the targeted organizations. Many of the organizations have world-class cybersecurity teams. These are some of the hardest targets to hit in corporate America. The victims of Sunburst were specifically targeted, likely with a primary focus on intelligence gathering.

2. This was almost certainly the work of a nation – not criminals

Criminal hackers focus on near-term financial…

Source…

Google finds a devastating iPhone security flaw, FireEye hack sends alarm bells ringing – TechCrunch

/in


In case you missed it: A ransomware attack saw patient data stolen from one of the largest U.S. fertility networks; the Supreme Court began hearing a case that may change how millions of Americans use computers and the internet; and lawmakers in Massachusetts have voted to ban police from using facial recognition across the state.

In this week’s Decrypted, we’re deep-diving into two stories beyond the headlines, including why the breach at cybersecurity giant FireEye has the cybersecurity industry in shock.

THE BIG PICTURE

Google researcher finds a major iPhone security bug, now fixed

What happens when you leave one of the best security researchers alone for six months? You get one of the most devastating vulnerabilities ever found in an iPhone — a bug so damaging that it can be exploited over-the-air and requires no interaction on the user’s part.

The AWDL bug under attack using a proof-of-concept exploit developed by a Google researcher. Image Credits: Ian Beer/Google Project Zero

The vulnerability was found in Apple Wireless Direct Link (AWDL), an important part of the iPhone’s software that among other things allows users to share files and photos over Wi-Fi through Apple’s AirDrop feature.

“AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity,” wrote Google’s Ian Beer in a tweet, who found the vulnerability in November and disclosed it to Apple, which pushed out a fix for iPhones and Macs in January.

But exploiting the bug allowed Beer to gain access to the underlying iPhone software using Wi-Fi to gain control of a vulnerable device — including the messages, emails and photos — as well as the camera and microphone — without alerting the user. Beer said that the bug could be exploited over “hundreds of meters or more,” depending on the hardware used to carry out the attack. But the good news is that there’s no evidence that malicious hackers have actively tried to exploit the bug.

News of the bug drew immediate attention, though Apple didn’t comment. NSA’s Rob Joyce said the bug find is “quite an accomplishment,” given that most iOS bugs require chaining multiple vulnerabilities…

Source…

Chinese Hackers Infiltrated Eight Major Tech Providers For Years With ‘Devastating’ Impact: Report – Fortune

/in

Chinese Hackers Infiltrated Eight Major Tech Providers For Years With ‘Devastating’ Impact: Report  Fortune

Eight of the world’s biggest technology firms were targets of an intense hacking campaign, battling teams sponsored by China’s government.

“chinese hackers” – read more