Tag Archive for: Finds

HSB Cyber Survey Finds Electric Vehicles Drive Data Security Fears

/in


HARTFORD, Conn.–(BUSINESS WIRE)–Mar 2, 2022–

Small business owners are adding electric vehicles to their service fleets, a survey released today by HSB reports, but they worry about cyber security when connecting them to public charging stations.

The HSB poll conducted by Zogby Analytics found 15 percent of small and medium-size businesses had leased or purchased electric vehicles (EVs) for commercial use.

Three-quarters (76 percent) of those business owners and managers were concerned EV charging stations could be a target for hackers, ransomware, and other cyber-attacks.

“The technology is advancing swiftly and there is a growing need to focus on the cyber security of electric vehicles,” said Timothy Zeilman, vice president for HSB, part of Munich Re. “With the rush to make the switch to electric cars and trucks, owners and the EV industry should step up their efforts to protect vehicles and charging infrastructure from cyber-attacks.”

EV Chargers Could Add to Cyber Risks

The plug-in electric chargers communicate with vehicles through an internet connection and security experts warn the systems could be hacked.

These potential threats add to the concerns of small business owners, who were already worried about the cyber security of their commercial vehicles.

The HSB survey found almost half (46 percent) were somewhat or very concerned about the cyber exposures and safety of internet connected and automated vehicles.

Commercial Vehicles Vulnerable to Attacks

When asked about their own experience, 13 percent of the business owners and managers said that at some point, a computer virus, hacking incident, or other cyber-attack had damaged or otherwise affected their commercial vehicles.

Overall, 44 percent of those responding to the poll said they fear that malware, or another cyber-attack will damage or destroy their vehicles’ data, software, or operating systems.

Most of them (56 percent) are somewhat or very concerned their vehicles could be immobilized or made inoperable, their safety compromised (54 percent), and that a hacker could communicate and confront them over their audio system (43 percent).

Survey Methodology

Zogby Analytics surveyed 504 decision makers at small and…

Source…

Kaspersky finds evidence of continued Russian hacking campaigns in Ukraine

/in


APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine.

apt.jpg
Image: Profit_Image/Shutterstock

Security researchers at Symantec have presented what they said is further evidence that the Russian advanced persistent threat hacking team known as Shuckworm has been actively waging a cyber espionage campaign against organizations in Ukraine.

According to a report from The Security Service of Ukraine released in November 2021, Shuckworm, also known by Armageddon, Gamaredon, Primitive Bear and other monikers, is relatively new to the APT world. The SSU believes Shuckworm was founded in 2013 or 2014 and initially operated with a very low profile. Despite its relative newness to the scene, the SSU said “the group is able to turn into a cyberthreat with consequences, the scale of which will exceed the negative effect of the activities of [known Russian APTs APT28, SNAKE and APT29].”

Symantec said its findings are consistent with the SSU’s report, which said Shuckworm has become more sophisticated since 2017, the end result of which is a group with custom-built malware to infiltrate and legitimate tools to keep itself connected.

Anatomy of a cyber espionage attack

There are a variety of methods that APTs use to establish a permanent presence in victim networks. In the particular case study Symantec included in its report, Shuckworm likely used a tried-and-true ingress method: Phishing.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

The attack began July 14, 2021, and continued for over a month, Symantec said, and it all began with a malicious Word document. “Just five minutes after the document is opened, a suspicious command is also executed to launch a malicious VBS file,” Symantec said. That file, in turn, installed the Pterodo backdoor software that was previously linked to Shuckworm.

The creation of Pterodo is what the SSU said divides Shuckworm’s early days from its more dangerous later years. Prior to the creation of Pterodo, Shuckworm relied on legitimate remote access tools like RMS and UltraVNC. Now, through the…

Source…

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

/in


MOUNTAIN VIEW, Calif.–()–Menlo Security, a leader in cloud security, today announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, The Menlo Security Labs research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organization had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security. “Cyber Threats are a mainstream problem and a boardroom issue that should be on everyone’s agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective.”

HEAT attacks leverage one or more of the following core techniques that bypass legacy network security defenses:

  • Evades Both Static and Dynamic Content Inspection: HEAT attacks evade both signature and behavioral analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling. This technique is used by…

Source…

Company used for school website, software design finds ransomware in system

/in


The company states it is “making significant progress to get all websites up and running” and that “full restoration has taken us longer than anticipated.” 

Finalsite took to its Facebook page Thursday to provide an update to its clients, saying an ongoing investigation shows as of this time, there is no evidence that data belonging either to the company, or its clients, has been taken.  

Source…