Tag Archive for: identifies

City of Dallas identifies group responsible for network outage, ransomware attack

/in


Dallas officials gave an update Thursday after announcing that city servers were under a cyberattack Wednesday, affecting several city services.

“Vendors continue to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments,” the city said in the update.

A ransomware group called “Royal” initiated the attack, according to city officials.

Bill Zielinski, the chief information officer for Dallas, will give a briefing on the attack on Monday, May 8.

As of 10 a.m. Thursday, the city provided the following updates on services:

  • Dallas Police Department and Dallas Fire -Rescue service to residents is unaffected.

  • 911 calls continue to be received and dispatched.

  • 311 calls are being answered, but non-emergency service requests may be delayed.

  • Courts are closed and LiveChat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.

  • Saturday’s election is unaffected. Dallas County will share official information including results. Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, Spectrum channels 16 & 95, and AT&T U-verse at channel 99. Contracts may be delayed.

  • All branches of the Dallas Public Library are open and in-person checkouts continue. Online materials are currently unavailable.

  • Billing for Dallas Water Utilities is unaffected, but meter reading will be delayed. Only the department’s interactive voice response system can take credit card payments. Disconnections will be discontinued until the outage is resolved.

On Wednesday morning, the City of Dallas’ security monitoring tools notified the Security Operations Center that a likely ransomware attack had been launched on their servers.

The city confirmed later Wednesday that a number of servers have been compromised with ransomware, impacting “several functional areas,” including the Dallas Police Department website, the city said in a news release.

“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services…

Source…

SecurityGen identifies the cybersecurity priorities for mobile operators in 2023, Security

/in


Rome, Italy – SecurityGen, the award-winning global provider of security solutions and services for the telecoms industry, today announced its cybersecurity priorities for telecom operators in 2023.

“As 5G’s global footprint increases, the number of cyber threats targeting 5G increases as well,” said SecurityGen co-founder and CTO Dmitry Kurbatov. “In 2023, operators must be aware of the range of these threats and take necessary steps to properly defend their networks, protect their customers, and safeguard their operations and revenue.”

Kurbatov identifies the main factors shaping the risks and threats that operators must prepare for in the year ahead as follows:

1) 5G-related challenges

  • 5G is open for integration – but also open to attack

  • Unlike previous mobile network generations like 3G and LTE, 5G is designed from the ground up to be flexible and open for integration with multiple external systems. However, the same open architecture that enables this flexibility and easy integration can also make 5G vulnerable and exposed to threats and hidden vulnerabilities.

    The challenge for operators is to maximise 5G’s advanced functionality and interoperability while also recognising this vulnerability and minimising the threats arising from 5G’s extra openness compared to previous network generations.


  • Beware of roaming traffic from non-standalone 5G

  • As operators deploy more 5G networks and more users purchase 5G smartphones, the volume of roaming traffic between 5G networks increases. But the majority of this extra roaming traffic goes through non-standalone 5G networks which still use unsecure legacy technology for their core networks, including signalling protocols such as GTP and Diameter, which have proven to be hackable in recent years.

    Without proper security measures in place, 5G is vulnerable to threats originating from non-5G networks carried in non-5G network traffic – but which are able to damage and disrupt 5G services.

 

2) Cyberattacks from hostile states and organised crime


Telecom networks are critical national infrastructure, which makes them high-value targets for cyberattacks, especially during times of conflict and heightened…

Source…

Microsoft Identifies Chinese Hack of Indian Power Grid That Could Go Viral

/in


Hackers are utilizing a discontinued web server to launch attacks on energy grid infrastructure, Microsoft has warned, with the initial attack discovered on the Indian grid, carried out by Chinese hackers.

According to the software giant, the Boa server was used in routers, security cameras and popular software development kits. While Boa was technically retired in the early 2000s, it is still widely used in various devices, TechCrunch reported.

Microsoft announced this week that it had identified one million internet-exposed Boa server components around the world in a single week. The company warned that the components represent a “supply chain risk that may affect millions of organizations and devices.”

“Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files,” Microsoft said.

“Moreover, those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities.”

Power grids, as critical infrastructure, are high-value targets for hackers.

Earlier this year, the Department of Energy began work on shoring up the defenses of the U.S. grid along with supply chain suspecting state-sponsored actors from Russia and China might target the infrastructure.

We really need to do a lot more,” Puesh Kumar, director of the Office of Cybersecurity, Energy Security, and Emergency Response, told Bloomberg in March. “The energy sector is a very complex machine composed of a lot of different components, a lot of different players—and we really need to raise the security of all of them.”By Charles Kennedy for Oilprice.com

By Charles Kennedy for Oilprice.com

More Top Reads From Oilprice.com:

Read this article on OilPrice.com

Source…

Netskope threat research identifies next gen phishing tactics

/in


SANTA CLARA, Calif. – Netskope, the SASE computer security platform provider has released their new threat research which reveals the top sources of phishing attacks and cloud vulnerabilities.

Threats this go around are led by fake login page referrals, fake third-party cloud apps and more as detailed in the Netskope Cloud and Threat Report: Phishing. These threats mimic legitimate apps in order gain access to unsuspecting users’ information.

“Although email is still a primary mechanism for delivering phishing links to fake login pages to capture usernames, passwords, MFA codes and more, the report reveals that users are more frequently clicking phishing links arriving through other channels, including personal websites and blogs, social media, and search engine results,” Netskope wrote. “The report also details the rise in fake third-party cloud apps designed to trick users into authorizing access to their cloud data and resources.”

Email has been the traditional delivery method for phishing attempts however Netskope’s report notes that webmail made up 11% of attempts recorded as opposed to personal sites and blogs which were responsible for 26% of referrals to phishing content. That’s extrapolated from roughly 8 out of every 1000 enterprise users who clicked on phishing links or accessed phishing content during Q3 2022.

Search engines have also seen a rise of referrals to phishing pages due to attackers creating pages based on uncommon or obscure search terms, which sees them becoming the top link for search results. “Business employees have been trained to spot phishing messages in email and text messages, so threat actors have adjusted their methods and are luring users into clicking on phishing links in other, less expected places,” said Ray Canzanese, Threat Research Director, Netskope Threat Labs. “While we might not be thinking about the possibility of a phishing attack while surfing the internet or favorite search engine, we all must use the same level of vigilance and skepticism as we do with inbound email, and never enter credentials or sensitive information into any page after clicking a link. Always browse directly to login pages.”

Another…

Source…