Tag Archive for: government

US government reinforces ICBC hack link to Citrix Bleed

/in


The possibility that this was the case was first raised by security researcher and commentator Kevin Beaumont via social media website Mastodon on Thursday 9 November. Beaumont had posted evidence drawn from Shodan revealing that ICBC was running a Citrix NetScaler appliance that was not patched against CVE-2023-4966.

According to the Wall Street Journal, which was first to report the latest development having reviewed the note, the Treasury told the industry that it was yet to fully establish that CVE-2023-4966, an information disclosure vulnerability, and a second bug tracked as CVE-2023-4967, a denial-of-service vulnerability, were the access vectors used by LockBit’s operatives. However, the authorities appear to be confident that this will be confirmed imminently.

In the wake of last week’s attack, according to Reuters, the disruption to ICBC’s ability to do business was so extensive that employees were forced to move to proprietary webmail services, while the brokerage was also left temporarily indebted to investment bank BNY Mellon to the tune of $9bn.

Separately, an individual purporting to represent the interests of the LockBit cartel told the news agency that ICBC has paid a ransom. The veracity of this claim has not been verified.

Should I worry about Citrix Bleed?

Commonly known as Citrix Bleed, zero-day exploitation of CVE-2023-4966 has been dated to the beginning of August, and it was added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue on 18 October, eight days after Citrix issued an update to patch it.

Mandiant researchers explained that when successfully exploited, an attacker can use CVE-2023-4966 to hijack existing authenticated sessions and bypass authentication measures, and worse still, these sessions can persist even if the Citrix patch has been deployed.

Its analysts have also observed session hijacking in which session data was stolen before the patch was deployed, and thereafter used by an attacker.

Authenticated session hijacking is a problem because it can lead to attackers gaining wider downstream access based on the permissions that identity or session had been given.

They can then steal additional credentials and start moving…

Source…

How Effective Are Government Sanctions Against Ransomware

/in


How Effective Are Government Sanctions Against Ransomware

As ransomware attacks reach an all-time high, with 46% of them directed against American individuals and organizations, sanctions have become an important weapon for the government to fight back.

The US government imposed sanctions on Mikhail Mahteev — a Russian cybercriminal on the FBI’s most-wanted list.

Mahteev has been accused of being a “prolific ransomware affiliate” carrying out cyberattacks both in the US and abroad. The sanctioning of ransomware attackers is meant to protect victims from extortion, but it is a double-edged sword. Companies that pay ransom to sanctioned individuals and groups end up on the receiving end of the consequences.

The Downside of Sanctions

While it’s true that sanctions make it more difficult for cybercriminals to operate, they are far from being the perfect solution. A number of factors make it hard to effectively sanction ransomware groups, and there are still ways these groups can work around the sanctions. Besides, it’s ultimately the victims who face the consequences, which can range from hefty fines to criminal prosecution.

The tactic is meant to bar American victims from paying ransomware extortionists, but the only way it can be enforced is by penalizing victims who violate the sanctions.

A lot of ransomware actors like Mahteev are based in Russia — a country with a reputation for allowing hackers to operate freely, especially against Western targets.

There isn’t much the US government can do against such cybercriminals to enforce the sanctions effectively.

Besides, the way sanctions work makes them a less-than-ideal solution for tackling the ransomware threat, too. Imposed by the U.S.

Treasury’s Office of Foreign Assets Control (OFAC), these sanctions make it unlawful for individuals and businesses in the US to transact with sanctioned entities like Mahteev.

Experts also fear that such sanctions could potentially encourage opposite reactions. Victim organizations violating the sanctions by making ransomware payments to sanctioned entities or countries, even unknowingly, might not notify authorities of the incident out of fear of prosecution.

This would lead to a lot of ransomware attacks going…

Source…

Why Apple risks facing India’s scrutiny after ‘hacking’ allegations against Modi government

/in


(Getty)

(Getty)

India’s lawmakers could pull up Apple representatives after several politicians from the country’s opposition said they received alerts on their iPhones warning them of “state-sponsored” hacking.

Ministers of the Narendra Modi-led government on Tuesday said they will investigate the allegations and “get to the bottom of these notifications” after screenshots of the alert sent by the American tech giant went viral on social media.

While opposition politicians have accused the ruling Bharatiya Janata Party (BJP) administration of spying on rivals and critics ahead of national elections in 2024, it could be Apple that soon faces the scrutiny of the Indian government.

A parliamentary committee on information technology is considering summoning representatives of Apple India over the alerts sent to public figures, an unnamed official of the committee was quoted as saying by news agency ANI on Wednesday.

The committee’s secretariat expressed “deep concern” over the alerts and is treating the matter with the “utmost seriousness”, the official said.

A minister from the Modi government also said Apple should explain what the notification means, especially their claims about the security of their devices.

“After today’s ‘threat notifications’ being received by many people, including MPs, and those in geopolitics, we expect Apple to clarify the following… if its devices are secure, why these ‘threat notifications’ are sent to people in over 150 countries,” said Rajeev Chandrasekhar, the minister of state for electronics and information technology, on X/Twitter.

The BJP’s lawmakers have also rubbished allegations of hacking made by opposition politicians.

“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” said a screenshot of the alert shared by opposition members.

“If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.

“While it’s possible this is a false alarm, please take this warning seriously,” it said.

The alerts were sent by…

Source…

Hackers Claim to Have Breached Dallas County Government

/in


(TNS) — Dallas County may be the latest victim in a string of local cyber attacks after a ransomware group claimed on the dark web over the weekend that it has obtained county information.

County officials said Monday that they became aware of a “cybersecurity incident” on Oct. 19, but they have not released details.

“We immediately took steps to contain the incident and engaged an external cybersecurity firm to conduct a comprehensive forensic investigation,” County Judge Clay Lewis Jenkins said in a statement.


The statement said that the county has put in place stringent security protocols and is working with cybersecurity specialists and law enforcement to address the situation. Citing an ongoing investigation, it did not elaborate on the incident. Lewis Jenkins’ office declined to comment further.

Commissioner John Wiley Price said that the county knew about the alleged attack before the ransomware group posted on the dark web. Price said that the county is not validating the claim that this group infiltrated the county’s system but rather investigating whether a breach occurred.

“We just know that it’s a claim,” he said in an interview. “We’re not validating any claim at this time.”

The Dallas Police Department sent an internal email on Monday cautioning employees to not log into the law enforcement portal shared with Dallas County, upload or download evidence or open attachments or links from Dallas County email addresses.

District Attorney John Creuzot said that the incident could impede attorneys’ and prosecutors’ ability to upload documents to court cases.

“If there is a larger a problem, I haven’t been informed of it, and nobody in my office told me that they were impaired in their ability to do their work,” Creuzot said in an interview.

Cyber experts have posted on X, formerly Twitter, screenshots from the dark web of a cyber hacking group claiming to have information from Dallas County. The screenshots say the hackers created the post Oct. 28.

Brett Callow, a cyber threat analyst with cybersecurity firm Emsisoft, said that, while these hackers typically are criminals and…

Source…