Tag: Government’s | Page 5

Chinese hacking groups target US and European governments

March 9, 2022/in Internet Security

Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government.

The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government networks. The APT did so by exploiting vulnerable internet-facing web applications, including using zero-day or hitherto undiscovered vulnerabilities in the USAHerds application and Apache Log4j.

The campaign by APT41 ran between May 2021 and February 2022. Although Chinese state-sponsored actors targeting networks in the West is not new, the researchers note that one remarkable aspect is how quickly they act to exploit vulnerabilities when they become known.

In the case of the now-infamous Log4j vulnerability, the Chinese hackers were exploiting the vulnerability within hours of it being disclosed. The exploitation of the initial Log4j vulnerability — there ended up being multiple vulnerabilities — directly led to the compromise of two U.S. state government networks as well as other targets in insurance and telecoms. Having gained access, APT41 then undertook extensive credential collection.

APT41 was linked by the BlackBerry Ltd. Research & Intelligence team to a range of previous campaigns in October. The U.S. Department of Justice indicted five Chinese nationals and two Malaysians linked to the group in September.

“Based on my extensive experience in tracking nation-state adversaries, China is deeply concerned with knowing as much as they can at all times,” Aubrey Perin, lead nation-state threat intelligence analyst at information security and compliance firm Qualys Inc., told SiliconANGLE. “Their belief system around information being a public domain differs with the United States’ notion of intellectual property. As long as China is not spying for the sake of harming others, it is on brand for them to be poking about in ways that come to fruition in instances such as these.”

The second campaign, detailed by researchers at Proofpoint Inc., relates to the…

Source…

Cyber thieves target local, county governments to launch bigger attacks

February 6, 2022/in Computer Security

Lindsay M. McCoy

When Webster Township in Washtenaw County was attacked by ransomware, officials had to create a new website, new emails and new anti-virus and ransomware software to resolve the problem.

It was one of 77 ransomware attacks in the United States last year that were confirmed by the cybersecurity company, Emsisoft.

To lessen such attacks, the federal government has included a new $1 billion cybersecurity grant program in the bipartisan infrastructure law passed last year. It allocates the bulk of the funding that states receive for their local governments, with 25% of the money earmarked for rural governments.

There were 77 ransomware attacks on local governments in the United States in 2021. In 2019, a ransomware attack affected about two dozen Texas communities.

Sgt. Matt McLalin, who investigates cyberattacks in the State Police’s cyber command center, said local and county governments make up a lot of the center’s victims.

“Every single week we are getting multiple reports of local governments who have been affected,” McLalin said.

Brett Callow, a threat analyst from Emsisoft, said the discrepancy in data stems from not all attacks being reported to his New Zealand-based company or being labeled as “cyberattacks” rather than ransomware.

“Tracking incidents is far more challenging than it should be,” Callow said.

The most common type of attacks on rural governments are ransomware attacks and phishing emails, said Michigan Tech University professor Yu Cai, a cybersecurity expert.

“The ransomware is getting explosive in the past 10 years, so we see a lot of cyberattacks based off ransomware,” he said.

When ransomware infiltrates a computer system, those impacted can’t access their information systems until they pay ransom to the hackers, usually in the form of bitcoin, according to Cai.

Source…

Apple sues NSO Group, company known for hacking iPhones on behalf of governments

November 23, 2021/in Computer Security

Apple CEO Tim Cook delivers the keynote address during the 2020 Apple Worldwide Developers Conference (WWDC) at Steve Jobs Theater in Cupertino, California.

Brooks Kraft/Apple Inc/Handout via Reuters

Apple on Tuesday sued NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them, including messages and other communications.

Earlier this year, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that had been infected with NSO Group malware called Pegasus.

Apple is seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices. It’s also seeking damages over $75,000.

Apple considers the lawsuit to be a warning to other spyware vendors. “The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a tweet.

NSO Group software permits “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware.”

Apple also said on Tuesday it has patched the flaws that enabled the NSO Group software to access private data on iPhones using “zero-click” attacks where the malware is delivered through a text message and leaves little trace of infection.

Pegasus’ users can remotely surveil the iPhone owner’s activities, collect emails, text messages and browsing history, and access the device’s microphone and camera, Apple alleged in its lawsuit.

Apple said the attacks were only targeted at a small number of customers, and said on Tuesday it will inform iPhone users that may have been targeted by Pegasus malware.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing…

Source…

With the increase of cybercrime, local governments face in uphill battle in hardening digital defenses

October 8, 2021/in Internet Security

What would a small community do if its school district’s network was attacked by ransomware? What about if a municipally managed wastewater treatment plant in a rural county was shut down by a digital onslaught initiated by organized cybercriminals operating a continent away?

With cyberthreats increasingly targeting municipal frameworks, these are the types of questions that constituents should be asking—and ones that local administrators should be prepared to answer.

“You’re talking about tens of millions of dollars being raised from these crimes. It’s become a big business,” said Bert Kashyap, CEO of the cybersecurity firm SecureW2, which advises local governments on cybersecurity.

Two decades ago when Kashyap entered the industry, hackers “were playing around with malware, it was less of an organized crime type of thing. Now, it’s definitely gotten to the point where there are nation states protecting these folks, and cyber gangs are basically forming syndicates,” Kashyap said.

Last year, for example, American government organizations were targeted by nearly 80 ransomware attacks, potentially impacting 71 million people, according to a from the consumer tech information site Comparitech.

Recently, the Allen Independent School District in Texas was targeted with ransomware. The district refused to pay, according to reports, and parents of children in the school system have since received threatening emails warning their student’s private information will be released if the district doesn’t change course. And on Thursday, the cybersecurity firm Mandiant issued a report detailing how “an aggressive, financially motivated threat actor” that goes by FIN12 is specifically targeting “critical care functions. Almost 20 percent of directly observed FIN12 victims were in the health care industry.”

Faced with this rapidly emerging threat, Kashyap says most of the administrators he’s talked to and advised say they’re not prepared.

“Everyone from school district (managers) to other local officials tell us they’re concerned,” he said. “Especially with the ransomware threats, when you have a situation (that)…

Source…

Tag Archive for: Government’s