Tag: investigation

S.E.C. Social Media Hack That Sent Bitcoin Soaring Prompts Investigation

January 11, 2024/in Computer Security

The hack of a social media account used by the Securities and Exchange Commission is prompting both internal and external investigations into how the security breach occurred and whether anyone tried to profit from it, said the commission and several legal experts.

The S.E.C. said in a statement on Wednesday that it was coordinating an investigation into the hack that occurred the prior day “with appropriate law enforcement entities, including the S.E.C.’s Office of the Inspector General and the F.B.I.”

John Reed Stark, a former S.E.C. enforcement lawyer and regulatory consultant on cybersecurity, said the commission’s inspector general would need to investigate how a hacker was able to access the S.E.C.’s official account on X — formerly Twitter — to post a false message that the commission had approved several Bitcoin investment products.

“This is, unfortunately, a glaring failure of basic cyber-hygiene,” Mr. Stark said.

He also said federal prosecutors would very likely open a separate investigation into whether the hack was part of an attempt to profit from changes in Bitcoin’s price spiking. Mr. Stark added that it did not matter whether the hackers made any money from trading during the 15 minutes or so the post was online, but whether they had the criminal intent to do so.

Daniel Hawke, a partner at the law firm Arnold & Porter and a former director of the S.E.C.’s market abuse unit, said the fake post had all the hallmarks of an attempt to “manipulate the crypto markets.”

Some in Congress also want to learn more about the hack and the S.E.C.’s diligence. The House Financial Services Committee on Wednesday afternoon sent a letter to Gary Gensler, the S.E.C.’s chair, asking for a “briefing” on the incident no later than Jan. 17.

A spokesman for the Justice Department declined to comment. A spokesman for the S.E.C.’s inspector general said, “We are currently evaluating the circumstances and reviewing the S.E.C.’s statements.”

In a post on Tuesday night, X said that the hacker had used a phone number associated with the S.E.C. account, and that the government agency did not have the two-factor authentication security feature in place to…

Source…

Cyberattack 101: Go inside the ransomware negotiations with hackers | Action News Investigation

December 15, 2023/in Internet Security

PHILADELPHIA (WPVI) — Cyberattacks are surging and health care networks are being increasingly targeted.

Just last week, cyber thieves hit Capital Health in New Jersey.

Criminal enterprises usually get access to networks due to human error on a computer when employees often mistakenly click on what’s called a “phishing email” and accidentally download malware.

But that’s just the early innings in the game of ransomware, then begins the negotiations.

“It’s billions of dollars every year that ransomware groups are making,” said Drew Schmitt with Guidepoint Security.

Schmitt’s job is to negotiate with cyber syndicates who he said go by names like Akira, BlackBasta, Lockbit and the Lazarus Group.

“We see that there are threat actors that exist all over the world,” he said.

He said with the click of a mouse the cyber gangs take over networks.

Hospitals in Delaware County, the City of Philadelphia and a Pennsylvania water authority are just a few of the local victims in 2023.

“These threat groups have evolved in such a way that they have more or less real-time chat applications,” said Schmitt.

Schmitt took us behind the scenes of what happens when entities hire Guidepoint Security. The cybersecurity firm is responsible for past negotiations of one-third of Fortune 500 companies and more than half of US government cabinet-level agencies.

He said after an attack, victims will first get a link. They’ll then be instructed to enter their company name and code, and then negotiations are underway.

“Hey I was told to get in contact with you based on this ransomware. How do we get our files back?” he said they usually ask.

In this ransomware attack, Schmitt shared with the Investigative Team that BlackBast requested $1 million. If not paid, the group warned the sensitive information would be posted to a news board or leaked onto a site on the dark web where other criminals can access the information.

“That’s where they name and shame. That’s where they post the data.”

Schmitt said he’ll then request proof they have the files they say they do.

“So we actually call that proof of life,” he said. “You have what you say you have. But now we need to know that you can actually decrypt the files that you’ve encrypted…

Source…

Airbus Launches Investigation After Hacker Leaks Data

September 15, 2023/in Computer Security

Airbus has launched an investigation after a hacker leaked information allegedly stolen from the French aerospace giant’s systems.

Cybercrime intelligence firm Hudson Rock reported on Tuesday that a hacker who uses the online moniker ‘USDoD’ claimed earlier this month on a cybercrime forum that they had hacked Airbus.

The same hacker previously claimed to have breached the FBI’s InfraGard database, which stores information on 80,000 people, including business leaders, IT professionals, and military, law enforcement, and government officials.

The hacker, who recently announced joining an emerging ransomware group, apparently obtained the personal information of 3,200 people associated with Airbus vendors, including Rockwell Collins and Thales. The compromised data includes names, job titles, addresses, email addresses, and phone numbers.

The attacker said they had gained access to Airbus systems using a compromised account belonging to an employee at a Turkish airline. Airbus confirmed to Hudson Rock that this was indeed the attack vector.

The cybersecurity firm’s investigation showed that the hacker obtained the targeted airline employee’s credentials for Airbus systems with the aid of malware.

Information-stealing malware collects vast amounts of credentials from infected computers, and the malware operators then sell those credentials to others. In this case, Hudson Rock determined that the employee likely got their device infected with RedLine malware after downloading a pirated version of .NET.

Advertisement. Scroll to continue reading.

“Credentials obtained from info-stealer infections, which have become the primary initial attack vector in recent years, provide threat actors with easy entry points into companies, facilitating data breaches and ransomware attacks,” Hudson Rock said.

The security firm regularly analyzes data obtained by such info-stealers, which have also been observed stealing hacker forum credentials.

In a statement provided to SecurityWeek, an Airbus spokesperson said, “Airbus has launched an investigation into a cyber event during which an IT account associated with an Airbus customer has been attacked. This account was…

Source…

Investigation recovers $45K in back wages from fruit company that denied dozens of agricultural workers full wages, transportation and housing

August 2, 2023/in Mobile Security

Employer name: Mt. Clifton Fruit Company LLC

Investigation site: 17581 Mechanicsville Road, Timberville, VA 22853

Investigative Findings: The U.S. Department of Labor’s Wage and Hour Division found the employer violated multiple requirements of the H-2A agricultural worker program by failing to do the following:

Compensate 55 workers, 50 of whom came from Mexico, for all hours worked.
Comply with the requirements of the agricultural job order.
Pay the hourly adverse effect wage rates of $13.15 in 2021, $14.16 in 2022 and $14.91 in 2023.
Comply with safety and health requirements for housing and transporting H-2A workers.
Request a preoccupancy inspection of housing in a timely way.
Comply with other applicable federal, state and local employment-related laws and regulations.

Back wages recovered: $45,384

Civil money penalties: $8,998

Workers affected: 55, which includes 50 H-2A program workers and five other workers

Quote: “Our investigation found the Mt. Clifton Fruit Company denied dozens of agricultural workers, many of whom traveled to the U.S. at the company’s request, safe housing and transportation, and their legally earned wages,” said Wage and Hour Division District Director Roberto Melendez in Richmond, Virginia. “In addition to recovering back wages, we assessed penalties for these deliberate violations.”

Background: Mt. Clifton Fruit Company LLC is an agricultural fixed-site employer who specializes in growing and harvesting a variety of apples which are sold retail, direct to consumers and to processors in the U.S.

Learn more about the Wage and Hour Division, including a search tool to use if you think you may be owed back wages collected by the division. The department can speak with callers confidentially in more than 200 languages through the agency’s toll-free helpline at 866-4US-WAGE (487-9243). Download the agency’s new Timesheet App for i-OS and Android devices – also available in Spanish – to ensure hours and pay are accurate.

Source…

Tag Archive for: investigation