Tag Archive for: hack

5G Stocks: SolarWinds Hack Reveals a “Backdoor” Cyber Trade

/in


InvestorPlace – Stock Market News, Stock Advice & Trading Tips

Cybersecurity used to mean just running McAfee antivirus software on your desktop computer.

A digital illustration of a hacker in a blue sweatshirt.

Source: Shutterstock

That’s not true anymore.

Cyberattacks are no longer the result of clicking on a rogue link in a suspicious email. Now they occur on a global scale, and they are the subject of coverage from all major news outlets.

In the past two weeks, we’ve all learned about a major hack of the U.S. government. As CNBC reported:

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated. 

The Cybersecurity and Infrastructure Security Agency (CISA) said in a summary Thursday that the threat “poses a grave risk to the federal government.”

It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.

While CISA hasn’t identified the group responsible for this incredibly dangerous hack, many experts point to Russia. By hacking the IT management company SolarWinds, the cyber criminals were able to target the departments of Homeland Security, Commerce, Treasury, and Energy; cybersecurity firms like FireEye Inc. (NASDAQ:FEYE); and the tech giant Microsoft Corp. (NASDAQ:MSFT).

Obviously, these attacks are a threat to investors’ capital. A cyberattack on any company can, at a minimum, spook the market and push a stock’s value lower.

Microsoft, for example, dropped slightly the day after its breach was reported, but the effects of any cyberattack could always be worse than simply losing money on one of the largest tech companies in the world.

That’s why cybersecurity has become a major investment opportunity.

The term cybersecurity describes a broad range of proactive protections and reactive defenses — all of which try to thwart a specific cyber threat or combination of threats.

The first-generation cybersecurity tactics were usually add-on’s to an existing hardware or software platform — kind of like building a wall around an existing house. But many next-generation tactics incorporate…

Source…

Zero-click iMessage zero-day used to hack the iPhones of 36 journalists

/in


Promotional image of iPhone.

Three dozen journalists had their iPhones hacked in July and August using what at the time was an iMessage zero-day exploit that didn’t require the victims to take any action to be infected, researchers said.

The exploit and the payload it installed were developed and sold by NSO Group, according to a report published Sunday by Citizen Lab, a group at the University of Toronto that researches and exposes hacks on dissidents and journalists. NSO is a maker of offensive hacking tools that has come under fire over the past few years for selling its products to groups and governments with poor human rights records. NSO has disputed some of the conclusions in the Citizen Lab report.

The attacks infected the targets’ phones with Pegasus, an NSO-made implant for both iOS and Android that has a full range of capabilities, including recording both ambient audio and phone conversations, taking pictures, and accessing passwords and stored credentials. The hacks exploited a critical vulnerability in the iMessage app that Apple researchers weren’t aware of at the time. Apple has since fixed the bug with the rollout of iOS 14.

More successful, more covert

Over the past few years, NSO exploits have increasingly required no user interaction—such as visiting a malicious website or installing a malicious app—to work. One reason these so-called zero-click attacks are effective is that they have a much higher chance of success, since they can strike targets even when victims have considerable training in preventing such attacks.

In 2019, Facebook alleges, attackers exploited a vulnerability in the company’s WhatsApp messenger to target 1,400 iPhones and Android devices with Pegasus. Both Facebook and outside researchers said the exploit worked simply by calling a targeted device. The user need not have answered the device, and once it was infected, the attackers could clear any logs showing that a call attempt had been made.

Another key benefit of zero-click exploits is that they’re much harder for researchers to track afterward.

“The current trend towards…

Source…

Former Government Cybersecurity Head Blames Russian Intelligence For Massive Hack

/in


Christopher Krebs, the former top cybersecurity official in the U.S., says Russia is to blame for a massive breach that’s affected the State Department, the Pentagon, the Treasury Department, the Department of Homeland Security and other departments and agencies.

“I understand it is, in fact, the Russians,” Krebs told Steve Inskeep on Morning Edition.

“It’s the Russian SVR, which is their foreign intelligence service. They are really the best of the best out there. They’re a top flight cyber intelligence team, and they used some very sophisticated techniques to really find the seams in our cyberdefenses here in the United States and seem to be quite successful in penetrating some very sensitive places.”

Determining blame for cyberattacks is complex. The agency Krebs led until November, the Cybersecurity and Infrastructure Security Agency, described the hackers as “patient, well-resourced, and focused,” but did not blame any one entity.

But Krebs joins Secretary of State Mike Pompeo, Attorney General William Barr, and lawmakers including Sens. Jim Inhofe, R-Okla., Jack Reed, D-R.I., and Mitt Romney, R-Utah, in pointing toward Russia as the culprit.

President Trump has instead suggested China could be behind the hack.

Trump fired Krebs in November after Krebs said the November election was secure and free of interference.

Krebs talked with NPR about how the hack happened, if it’s an “attack” or “espionage,” and how the U.S. should respond. Here are excerpts:

When I think about Internet security as a layman, I’m aware that one of the easiest ways to get at me would be … that I’m offered some update that’s not an update or asked to click on a link that’s not really what it purports to be. Does it surprise you that the government was caught in this rather straightforward way?

I actually would maybe characterize it a little bit differently in that the majority of attacks these days or cyber compromises are getting someone to click on a link via an email or open an attachment. And that’s really attempting to come in through the front door.

This is a little bit different in that it is a supply chain compromise and they’re exploiting trusted relationships between the government in…

Source…

’20 Russian hack alerts businesspeople to the frailties of the system – News is My Business

/in


It is known that one of the ways to collect business intelligence is to infiltrate spy executives in key positions of multinationals. (Credit: Michael Borgers | Dreamstime.com)

The suspected epic cyberattack, or spy operation into the US government apparatus opens our eyes even wider to the vulnerabilities of the internet spectrum.

The news reports say American officials suspect a Russian spy agency has carried out what they describe as a “distressing feat of espionage into dozens of state corporations and government agencies.”

Historically, the Russian regime has been shameless about its cyber operations against the United States since the initial days of the Cold War. Satellite communication disruptions, laser ray attacks on sensitive radar installations in the Middle East, alleged radiation attacks against the US embassy in Moscow and Havana, Cuba… are just a few of the clandestine servings of Russian cyber operations.

ON GUARD — As much as the news media has raised the issue of data espionage by the security agencies of the United States and other industrialized countries, has made many businesspeople consider how to protect their confidential communications. Even against its own and competitors. Certainly, the scrutinizing eye of the federal government is deep. And there is not only military and political espionage, but a large slice of this activity includes industrial sniffing.

The reason for this is that nations with scientific advancement fear the unfair theft of their technologies for which a lot of money and human resources have been invested. The United States has never denied that it spies on multinational companies. The CIA is even known to be involved in many commercial espionage operations. Unlike Russia or China and other countries with centralized economies, the US swears it does not share its secret data outside its national security operations. So also say the Russians.

SKEPTICISM — Believing that requires a great leap of faith. However, there are several reasons the governments give to justify their shadow incursions into private data. The great slice of their…

Source…