Tag: issue | Page 2

Hacking is far more than a security issue. It chills free speech

January 25, 2024/in Computer Security

The British and US governments have just jointly sanctioned two Russian intelligence operatives for their attempts to derail the democratic process through a series of coordinated cyber attacks. The US State Department is also offering a reward of up to $10M for information on the Russian hackers responsible for the coordinated cyber espionage attack, which is international and spans several years. Targets even included the former MI6 director Richard Dearlove, and more recently scientists at several nuclear facilities in the United States. But what distinguishes this recent wave of Russian cyberattacks is that they are not just targeting governments or politicians.

Civil society became a significant target for Russia’s state backed hackers, including “universities, journalists, public sector, non-government organisations and other civil society organisations”. Paul Mason, a former BBC and Channel 4 journalist, has put out a statement confirming he was targeted by these hackers. At the time his private accounts were hacked, I had been helping Mason work on an article challenging Russian propaganda narratives that were spreading during the Bucha massacre in Ukraine. Overnight we were turned into the latest circulating ‘deep state’ conspiracy theory.

The Mason hack

As we worked, I received an urgent message from Mason saying his emails with me may have been compromised. He published a statement saying he had been “targeted by a Russian hack-and-leak operation”. I then received an email from a Grayzone writer who has also written for Russian state media (Sputnik/RT), saying, “Been going over various emails and DMs of yours. Very interesting…” The writer said he thought my employer and “the academics you’re trying to target are likely to be very unhappy indeed when they hear about all this. I think we’d better talk.”

The writer said the email was not a threat. But it was clear to me I was facing an impending reputational attack to harm my career and relationships. This email didn’t resemble the right to reply that journalists usually send posing questions prior to reporting, and it made no mention of an article or outlet.

Within…

Source…

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

November 16, 2023/in Computer Security

The threat actors behind the Rhysida ransomware engage in opportunistic attacks targeting organizations spanning various industry sectors.

The advisory comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

“Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates,” the agencies said.

“Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network.”

First detected in May 2023, Rhysida makes use of the time-tested tactic of double extortion, demanding a ransom payment to decrypt victim data and threatening to publish the exfiltrated data unless the ransom is paid.

It’s also said to share overlaps with another ransomware crew known as Vice Society (aka Storm-0832 or Vanilla Tempest), owing to similar targeting patterns and the use of NTDSUtil as well as PortStarter, which has been exclusively employed by the latter.

According to statistics compiled by Malwarebytes, Rhysida has claimed five victims for the month of October 2023, putting it far behind LockBit (64), NoEscape (40), PLAY (36), ALPHV/BlackCat (29), and 8BASE (21).

The agencies described the group as engaging in opportunistic attacks to breach targets and taking advantage of living-off-the-land (LotL) techniques to facilitate lateral movement and establish VPN access.

In doing so, the idea is to evade detection by blending in with legitimate Windows systems and network activities.

Vice Society’s pivot to Rhysida has been bolstered in the wake of new research published by Sophos earlier last week, which said it observed the same threat actor using Vice Society up until June 2023, when it switched to deploying Rhysida.

The cybersecurity company is tracking the cluster under the name TAC5279.

“Notably, according to the ransomware group’s data leak site,…

Source…

‘It’s a pretty big issue for the city’: Ransomware attack responsible for Toronto Public Library outage

November 6, 2023/in Internet Security

Library branches remain open as scheduled but its website, public computers, printing services, digital collections and MAP passes are still unavailable.

Source…

Questions linger after ‘cyber issue’ shuts down MGM computer systems

September 12, 2023/in Computer Security

Jae C. Hong / AP

The Las Vegas Monorail passes by MGM Grand, April, 27, 2006, in Las Vegas.

By Ray Brewer (contact)

Tuesday, Sept. 12, 2023 | 11:55 a.m.

The targets of cybersecurity attacks are typically high-profile companies that face challenges getting back online, said Yoohwan Kim, a UNLV computer scientist who studies data privacy on blockchain and network security.

Think hospitals, utility companies, even casino giants like MGM Resorts International.

MGM, with 28 properties worldwide, including many up and down the Las Vegas Strip, starting late Sunday experienced what resort officials labeled a “cyber issue.”

The nature of the issue was not detailed, but a statement from MGM said efforts to protect data included “shutting down certain systems.” The FBI is taking part in the investigation.

The shutdown prevented credit card transactions and crashed the BetMGM sports betting mobile app and company websites. It also prevented digital access to guest rooms, halted some slot machine play and provided the company plenty of bad publicity.

It was not known how many people were affected by the disruptions.

“One thing is clear: When this happens, there’s a lot of chaos in the company figuring out what it will take to fix it,” said Kim, who spearheaded the effort to develop a cybersecurity major at UNLV.

Kim said answers to many questions — Who did this? What information was compromised? Why MGM? — wouldn’t be immediately known. An attack of this nature takes time to execute and could have been years in the making, he said.

The motivation was more than likely money — pay a ransom to get back up and running, he said. MGM could have been asked to pay “several million dollars,” Kim speculated.

“It comes down to a cost analysis” when deciding whether to pay, he said. “If there’s urgency and people will die (such as could be the case with a hospital), that’s motivation to pay the ransom to resolve as fast as possible.”

This is not the first time MGM has been the target of a cyber issue.

Details about millions of people who stayed at MGM properties were published in 2020 on a hacking forum, including some driver’s license and passport…

Source…

Tag Archive for: issue