Tag Archive for: hacking

Federal Cyber Officials Admit: Dominion Voting Machines Vulnerable to Hacking, Fraud

/in


cmannphoto/iStock/Getty Images Plus

“Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave them susceptible to hacking if unaddressed, the nation’s leading cybersecurity agency says in an advisory sent to state election officials.” So reported Associated Press on May 31 regarding an “advisory” issued by the federal Cybersecurity and Infrastructure Agency (CISA) to state officials. The Associated Press obtained a copy of the document, which has not yet been released to the public.

The CISA advisory, reports AP, focused on Dominion Voting Systems and “details nine vulnerabilities and suggests protective measures to prevent or detect their exploitation.”

According to the AP article, the advisory is based on a report by Professor J. Alex Halderman, a renowned computer scientist at the University of Michigan, who, along with his students, is famous for “white hat” computer hacking that has exposed major security vulnerabilities in personal, commercial, and government computer systems. The AP report notes that “Halderman has long argued that using digital technology to record votes is dangerous because computers are inherently vulnerable to hacking and thus require multiple safeguards that aren’t uniformly followed. He and many other election security experts have insisted that using hand-marked paper ballots is the most secure method of voting and the only option that allows for meaningful post-election audits.”

“These vulnerabilities, for the most part, are not ones that could be easily exploited by someone who walks in off the street, but they are things that we should worry could be exploited by sophisticated attackers, such as hostile nation states, or by election insiders, and they would carry very serious consequences,” Halderman told the AP.

The vulnerabilities that worry Dr. Halderman are the same weaknesses that election expert Colonel Kurt Hyde and Dr. Douglas Frank have been warning about concerning the 2020 presidential election. Col. Hyde, an elections historian and former adjunct professor of systems analysis, was one of the earliest critics of electronic voting, pointing…

Source…

Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium

/in


After detecting a Lebanese hacking group it calls Polonium abusing its OneDrive personal storage service, Microsoft says it was able to disable the group, which could have links to the Iranian government.

In its latest effort, the advanced persistent threat (APT) targeted more than 20 Israeli organizations and one intergovernmental organization. The Microsoft Threat Intelligence Center (MSTIC) says it suspended more than 20 malicious OneDrive applications created by Polonium actors in the campaign.

Among the targeted organizations were those involved in critical manufacturing, transportation systems, financial services, IT, and Israel’s defense industry, the software giant says – all of which offer an avenue to carry out downstream supply chain attacks.

“In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply-chain attack that relied on service provider credentials to gain access to the targeted networks,” according to MSTIC. “Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a Polonium tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access.”

Polonium’s Infection Routine

In 80% of the observed cases, the group exploited a flaw in Fortinet VPN appliances (likely via CVE-2018-13379 vulnerability) to gain initial access. Then they installed a custom PowerShell implant called CreepySnail on the target networks, according to Microsoft. From there, the actors deployed a set of tools named CreepyDrive and CreepyBox to abuse legitimate cloud services for command-and-control (C2) across most of their victims. 

MSTIC says with “moderate confidence” that the attacks were likely carried out with help from Iran’s Ministry of Intelligence and Security (MOIS).

“The observed activity was coordinated with other actors affiliated with Iran’s [MOIS], based primarily on victim overlap and commonality of tools and techniques,” the MSTIC assessment states. “The tactic of leveraging IT products and service providers to gain access to downstream customers remains…

Source…

Cyber Security Projects – BEST Raspberry Pi Setup Guide for Beginners (EASIEST method)

/in



Russian hacking gang Evil Corp shifts its extortion strategy after sanctions

/in


A back-lit computer keyboard.

A back-lit computer keyboard. (Chris Ratcliffe/Bloomberg)

A notorious Russian cybercrime group has updated its attack methods in response to sanctions that prohibit U.S. companies from paying it a ransom, according to cybersecurity researchers.

The security firm Mandiant said Thursday it believes that the Evil Corp gang is now using a well-known ransomware tool named Lockbit. Evil Corp has shifted to using Lockbit, a form of ransomware used by numerous cybercrime groups, rather than its own brand of malicious software to hide evidence of the gang’s involvement so that compromised organizations are more likely to pay an extortion fee, researchers said.

The U.S. Treasury Department in 2019 sanctioned the alleged leaders of the Evil Corp gang, creating legal liabilities for American companies that knowingly send ransom funds to the hackers. While cybersecurity firms have associated Evil Corp with two kinds of malware strains, known as Dridex and Hades, the group’s use of LockBit could cause hacked organizations to believe that another hacking group, other than Evil Corp, was behind the breach.

Evil Corp is believed to be behind some of the worst banking fraud and computer hacking schemes of the past decade, stealing more than $100 million from companies across 40 countries, according to the U.S. government.

Alleged members are on the wanted lists of law enforcement across the U.S., UK and Europe, including accused mastermind Maksim Yakubets, who the Treasury Department said previously worked for Russia’s Federal Security Service. The 35-year-old Russian man is reported to own a tiger and drive a personalized Lamborghini with a license plate that translates to say “thief,” according to the U.K.’s National Crime Agency.

The U.S. has increasingly used sanctions to try to curb cybercriminal operations, including prohibiting American organizations from paying ransom fees to known groups like Evil Corp and cryptocurrency exchanges which are often used to funnel ransom payments.

Source…