Tag Archive for: feds

Feds say Microsoft security ‘requires an overhaul’ — but will it listen? – Computerworld

/in


What Microsoft did wrong

The DHS Cyber Safety Review Board’s report lays out the Chinese hack and Microsoft’s response in exquisite detail, revealing what the Washington Post calls Microsoft’s “shoddy cybersecurity practices, lax corporate culture and a deliberate lack of transparency.”

The attack was engineered by the Storm-0558 hacking group — doing the bidding of China’s most powerful spy service, the Ministry of State Security. Storm-0558 has a history of carrying out espionage-related hacks of government agencies and private companies dating back to 2000. Until now, the best-known one was Operation Aurora, brought to light by Google in 2010. The Council on Foreign Relations called that attack “a milestone in the recent history of cyber operations because it raised the profile of cyber operations as a tool for industrial espionage.”

According to the DHS report, the most recent hack took place after Storm-0558 got its hands on a “Microsoft Services Account (MSA)17 cryptographic key that Microsoft had issued in 2016.” Using the key, Storm-0558 forged user credentials and used them to log into government accounts and steal emails of Raimondo, Burns, Bacon, and others. 

There are other unsolved mysteries. The key should only have been able to create credentials for the consumer version of Outlook Web Access (OWA), yet Storm-0558 used it to create credentials for Enterprise Exchange Online, which the government uses. Microsoft can’t explain how that can be done.

There’s worse. That 2016 key should have been retired in 2021, but Microsoft never did so because the company had problems with making its consumer keys more secure. So the key, and presumably many others like it, remained as powerful as ever. And Storm-0558 did its dirty work with it.

This series of events — a key that should have been retired was allowed to stay active, the theft of the key by Storm-0558 stole the key, and then Storm-0558’s ability to use it to forge credentials to get access to enterprise email accounts used by top government officials, even though the key shouldn’t have allowed them to do so — represents the “cascade of errors” the DHS said…

Source…

Feds offer reward after UnitedHealthcare hack

/in


The agency is offering the reward for information that would lead to the identification or location of anyone who engaged in the “malicious cyber activities” against U.S. infrastructure on behalf of a foreign government, our colleague Lauren Irwin reported.

 

“The ALPHV BlackCat ransomware-as-a-service group compromised computer networks of critical infrastructure sectors in the United States and worldwide, deploying ransomware on the targeted systems, disabling security features within the victim’s network, stealing sensitive confidential information, demanding payment to restore access, and threatening to publicize the stolen data if victims do not pay a ransom,” the State Department said in a statement.

 

The group ALPHV, or Blackcat, was first deployed in 2021. Its members have “developed and maintained” ransomware and recruited affiliates to deploy it, according to the State Department.

 

Change Healthcare, a subsidiary of UnitedHealth Group that manages payment systems for most of the hospitals in the U.S., was hit by a cyberattack on Feb. 21. Many patients had to pay out-of-pocket for medicines and health care services due to the effects of the attack.

 

As of mid-March, the health care giant said that it was testing software it must restore from the attack but has no date yet for finishing the recovery. The company restored nearly all its systems for processing prescriptions, bills and payments, The Associated Press reported.

 

Read more in a full report at TheHill.com.

Source…

Crypto scams more costly to US than ransomware, Feds say • The Register

/in


The FBI says investment fraud was the form of cybercrime that incurred the greatest financial loss for Americans last year.

Investment scams, often promising huge returns, led to reported losses of $4.57 billion throughout the year – a 38 percent increase from $3.31 billion in 2022. The vast majority prey on those looking to make a quick buck with cryptocurrency, with these kinds of scams contributing just shy of $4 billion to the overall losses.

The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud.

These cons also led to a rise in scams themed around the recovery of funds lost to investment scams, preying on vulnerable victims at their lowest. In some cases, victims would be strung along for long periods of time and convinced to make multiple payments to recovery services that would never reunite them with their stolen funds.

The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI’s Internet Crime Complaint Center (IC3). It was barely even a comparison, in fact, with ransomware apparently costing victims just $59.6 million for the entire year.

That figure is adjusted, not including the cost of downtime for businesses still in their recovery phases, for example, but it still seems especially low to a reporter who’s covered one-off ransom fees in the $15 million region.

The average ransom demand in the US is also said to be around $1.5 million, and with the IC3’s reported 2,825 ransomware-related complaints throughout the year, something isn’t adding up.

El Reg asked the feds for clarity but they didn’t immediately respond.

A…

Source…

Crypto scams more costly to the US than ransomware, Feds say • The Register

/in


The FBI says investment fraud was the form of cybercrime that incurred the greatest financial loss for Americans last year.

Investment scams, often promising huge returns, led to reported losses of $4.57 billion throughout the year – a 38 percent increase from $3.31 billion in 2022. The vast majority prey on those looking to make a quick buck with cryptocurrency, with these kinds of scams contributing just shy of $4 billion to the overall losses.

The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud.

These cons also led to a rise in scams themed around the recovery of funds lost to investment scams, preying on vulnerable victims at their lowest. In some cases, victims would be strung along for long periods of time and convinced to make multiple payments to recovery services that would never reunite them with their stolen funds.

The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI’s Internet Crime Complaint Center (IC3). It was barely even a comparison, in fact, with ransomware apparently costing victims just $59.6 million for the entire year.

That figure is adjusted, not including the cost of downtime for businesses still in their recovery phases, for example, but it still seems especially low to a reporter who’s covered one-off ransom fees in the $15 million region.

The average ransom demand in the US is also said to be around $1.5 million, and with the IC3’s reported 2,825 ransomware-related complaints throughout the year, something isn’t adding up.

El Reg asked the feds for clarity but they didn’t immediately respond.

A caveat was made in the report regarding the low reporting rates by ransomware victims across the country, and that the data only includes incidents reported to IC3 and not FBI field offices, so it appears the authorities are indeed aware of how low the reported figures seem.

“By reporting the incident, the FBI may be able to provide information on decryption, recover stolen data, possibly seize/recover…

Source…