Tag Archive for: eyes

Five Eyes intelligence agencies warns millions at risk as hackers exploit mutating Log4Shell bug

/in


Five Eyes intelligence agencies are warning of a rapidly evolving cyber storm that could hit everyone from gamers to big and small businesses, hospitals, transport and power systems.

“This is an evolving situation, and new vulnerabilities are being discovered,” the Australian, United States, United Kingdom, Canadian and New Zealand agencies have warned in an alert.

“The ACSC has observed malicious cyber actors using this vulnerability to target and compromise systems globally and in Australia,” the Australian Cyber Security Centre told AAP on Friday.

The joint alert issued out of the US said the vulnerabilities, especially Log4Shell, are “severe”.

The Log4Shell vulnerability affects software used by millions of Australians, often unknowingly, on their home and work computers, phones, apps, online games or when saving data in the cloud.

Intelligence agencies from the US, UK, Australia, Canada and New Zealand have warned the mutating Log4Shell bug is putting millions at risk.
Intelligence agencies from the US, UK, Australia, Canada and New Zealand have warned the mutating Log4Shell bug is putting millions at risk. Credit: Yuichiro Chino/Getty Images

Microsoft says state-backed hackers from China, Iran, North Korea and Turkey are using the weakness to deploy malicious software, or malware, including ransomware.

Belgium’s defence department was breached this week, via a computer with internet access, the ministry said in a statement.

Cyber security firm ESET said it had blocked hundreds of thousands of attack attempts, mostly in the US and UK, but warned nearly 180 countries were in the firing line.

Australia was number seven in the top 20 countries with the most exploit attempts, as of December 20.

The bug involves a software component that logs information so developers or IT support staff can look at what’s happening in the program, and it’s used by millions of computers worldwide running online services.

Cyber criminals can use the weakness to get access to set up ransomware and install back doors for future access.

“It makes everyone a possible target from ransomware attacks,” technology expert Shane Day at Australian cyber security firm Unify Solutions said.

“It’s not the kind of Christmas present anyone wants to receive and could make for a very unhappy New Year.”

The UK’s cyber agency said…

Source…

Cyber defense policies evolve in three of the Five Eyes.

/in


At a glance.

  • Australian critical infrastructure protection policy evolves.
  • US Commerce Department restricts cyber exports.
  • Software Supply Chain Risk Management Act passes the US House.
  • UK established information assurance unit in the MoD.
  • Qualifications for the Cyber Safety Review Board.

Australia allows government intervention for cyberattacks on critical services.

The Guardian reports that Australia has approved new legislation requiring operators of critical services to report cyberattacks and, in extreme cases, allowing the government to take over their operations. As the ruling explains, its purpose is to permit the government to “provide assistance immediately prior, during or after a significant incident.’ It also broadens the term “critical infrastructure” to include providers of food, energy, communications, financial services, higher education and research, and space technology, which comprised a quarter of all cyberattacks reported to the Australian Cyber Security Centre in the past year. Innovation Aus points out that last week the Australian Information Industry Association backed by an international group of tech associations penned a letter warning the law could set a “troubling global precedent,” as it could force businesses to give the government access to internal systems and grant excessive control over how these businesses operate. Home Affairs Minister Karen Andrews disagreed, stating, “If we don’t act now, we risk our cybersecurity falling further behind.”

Josh Brewton, vCISO at Cyvatar, finds it significant that the government will intervene when the operators’ responses are inadequate:

“It’s interesting that the Government are willing to step in when the response is deemed not adequate. Where is the line drawn? How will they define their triggers? How or who will be paying for the response if the ASD take control. Given the frequency of Cyber Attacks today I wonder how the cost of such a response would be dealt with. It could push smaller businesses over the edge. With a healthy bill from the government and the added financial, operational and reputational impacts from the attack itself.”

Saryu Nayyar, CEO of Gurucul, approves of the…

Source…

Cyber Private Eyes Go After Hackers, Without Counterattacking

/in


Companies hit by hackers typically limit themselves to playing defense to comply with a federal law against invading someone’s computer. But some specialist cybersecurity firms say they can pursue criminals without launching their own attacks.

Most cybercrimes in the U.S. fall under the Computer Fraud and Abuse Act, a 1986 law that prohibits unauthorized access of computer systems. The law effectively places offensive cybersecurity actions solely in the hands of the federal government.

Striking back against hackers directly might be off limits but some former spies and cyber cops say that disrupting an attack in progress is a different story, as long as defenders follow the letter of the law. That often means persuading a hacker to give consent to access the computer or database being used in the suspected cyberattack, for instance by posing as a customer for stolen data.

Max Kelly,

the chief executive of security-services provider Redacted Inc., advocates proactively going after digital criminals. Businesses hire Redacted to manage their security, but the company can also take on hackers, he said.

Redacted’s employees, 60% of whom are former intelligence officers, will engage with cybercriminals such as ransomware operators, those offering his clients’ data for sale on the dark web, or serial online harassers, he said.

Mr. Kelly’s team builds a profile of the attackers by gathering information about them from the public internet and hidden hacker forums on the dark web. The investigators can often find out which hacking tools were used and where they were bought and can trace emails to identify a culprit, he said.

A direct confrontation often can be enough to get them to back off, said Mr. Kelly, who previously worked at the Federal Bureau of Investigation, the National Security Agency and

Facebook Inc.

“[The attackers] think they’re impervious and can’t be touched,” he said. “As soon as you come and poke at them, and they’re able to connect that to the activity they’re involved with, they disappear.”

The idea…

Source…

China eyes pushing US IPO-bound firms to hand over data control: Sources

/in


HONG KONG: Chinese regulators are considering pressing data-rich companies to hand over management and supervision of their data to third-party firms if they want US stock listings, sources said, as part of Beijing’s unprecedented scrutiny of private sector firms.

The regulators believe bringing in third-party information security firms, ideally state-backed, to manage and monitor IPO hopefuls’ data could effectively limit their ability to transfer Chinese onshore data overseas, one of the people said.

That would help ease Beijing’s growing concerns that a foreign listing might force such Chinese companies to hand over some of their data to foreign entities and undermine national security, added the person.

The plan is one of several proposals under consideration by Chinese regulators as Beijing has tightened its grip on the country’s internet platforms in recent months, including looking to sharpen scrutiny of overseas listings.

The crackdown, which has smashed stocks and badly dented investor sentiment, has particularly targeted unfair competition and internet companies’ handling of an enormous cache of consumer data, after years of a more laissez-faire approach.

A final decision on the IPO-bound companies’ data handover plan is yet to be made, said the sources, who declined to be identified due to the sensitivity of the matter.

The regulatory officials have discussed the plan with capital market participants, said one of the sources, as part of moves to strengthen supervision of all Chinese firms listed offshore.

IPO advisers are hopeful a formal framework on the data handover issue could be delivered in September, said the source.

The China Securities Regulatory Commission (CSRC) and the Cyberspace Administration of China (CAC) did not respond to faxed requests for comment.

Chinese regulators have recently put companies’ overseas listing plans, particularly in the United States, on hold pending new rules on data security.

Last month, the CAC proposed draft rules calling for companies with over 1 million users to undergo security reviews before listing overseas.

The US Securities and Exchange Commission, which oversees US-listings, did not immediately respond to a request for…

Source…