Tag Archive for: pose

Iran-backed hackers exploited Microsoft, pose major cyber threat, investigators say

/in


Law enforcement agencies in the U.S., Britain, and Australia have issued a joint statement labeling an Iran-sponsored group as a serious threat to cyber security.

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Cyber Security Center (ACSC), and British National Cyber Security Center (NCSC) released a joint cybersecurity advisory Wednesday that linked a group of hackers to the Iranian government.

The agencies also labeled the group an advanced persistent threat (APT) after it exploited Fortinet and Microsoft Exchange in March and October, respectively. The group gained access to the systems as part of an ongoing operation to deploy ransomware.

The advisory notes the group has actively targeted “a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Heath Sector, as well as Australian organizations.”

FBI AWARE OF AND INVESTIGATING FAKE FBI EMAILS SENT TO THOUSANDS

Authorities did not name the Iranian actors or tie them to a specific group working for the government.

Cybersecurity agencies in all three countries urged any organization using Microsoft Exchange and Fortinet to investigate any suspicious activity in their networks.

The U.S. has identified a number of foreign ransomware attacks over the past two years, most notably the Ryuk and Darkside groups, which authorities tied to Russia, but not to the Russian government.

US AUTHORITIES SEEK EXTRADITION OF RUSSIAN FOR ALLEGED RANSOMEWARE MONEY LAUNDERING OPERATION

Ryuk orchestrated a number of attacks on U.S. health care organizations and facilities during the peak of the coronavirus pandemic, delaying potentially life-saving treatments for patients, according to Radio Free Europe.

U.S. authorities tied Darkside to the Colonial Pipeline ransomware attack that occurred in May 2021.

Earlier this year, the Biden administration imposed sanctions on Russia for the SolarWinds computer hack, which began in 2020 when malicious code was sneaked into updates to popular software that monitors computer networks of businesses and governments.

MICROSOFT SAYS RUSSIAN GROUP BEHIND SOLARWINDS ATTACK NOW TARGETING IT SUPPLY…

Source…

Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat

/in


Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report

Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns

Online scams are still the biggest cyber threat to African citizens, a new report has revealed, though ransomware attacks are “expanding rapidly” across the continent.

The study (PDF), published by Interpol yesterday (October 25), found that internet-enabled fraud was the biggest risk to African countries, which have reported a sharp increase in the number of online banking scams, including instances of banking and credit card fraud, in 2021.

Read more of the latest ransomware news

Digital extortion – defined as “allegations of sexually compromising images or direct blackmail campaigns” – was the second highest recorded cyber threat.

While business email compromise (BEC) scams have also risen in prominence during the Covid-19 pandemic, due, in part, to the increase of businesses and organizations relying on bank wire transfers.

Better connected

The number of African citizens who have access to the internet is estimated to be around 500 million, which is a huge figure in itself, though when compared to the overall population only equates to 38%.

Leading the way is Kenya with 83% of its population being online, Nigeria with 60%, and South Africa with 56%.

RELATED Millions of South Africans caught up in security incident after debt recovery firm suffers ‘significant data breach’

Fraud has historically been an issue across the continent – in particular, phishing campaigns and romance scams – however the report found that the increase in digitization across Africa has created new avenues for crime.

The report reads: “… the move towards a digital society – particularly within the African region – has created new attack vectors for criminals to both obfuscate their identity and target new victims.”

Ransomware rising

While social engineering remains the most popular attack vector in Africa, the study found that instances of ransomware and botnet attacks are also rising.

Ransomware is the fourth most prevalent cyber-attack identified in the report, which states that more than 61% of companies in the region were…

Source…

Cybercriminals hacking into vehicles pose major concerns

/in


COLORADO SPRINGS — We face cybersecurity threats every day on our devices and online accounts, but the hackers have now set their sites on something that could be even more dangerous, our cars.

Researchers at the University of Colorado Colorado Springs are working to better understand these threats and are sharing some of what they know.

“They can control all the major functions of the vehicle. So, they can control your door locks, they can control your acceleration, your breaks, your turning,” UCCS Assistant Professor of Computer Science Dr. Gedare Bloom said.

With funding from the National Science Foundation and the State of Colorado, Dr. Bloom and his team are on a mission to better understand these cyberattacks.

“So this is absolutely a national security issue. We rely on vehicles for everything. They are a critical infrastructure,” Dr. Bloom said. And these hacks are already happening. A Global Automotive Cybersecurity report by Upstream Security analyzed more than 200 cyber incidents in 2020.

The report found in one case a hacker took control of an entire connected vehicle fleet by exploiting a vulnerability. According to the research, there has been a 99% increase in cyber incidents in 2019 and a 94% increase year-over-year from 2016.

“So we saw the Colonial Pipeline where the attackers took down infrastructure,” Dr. Bloom said. “So if an attacker can take down one model of vehicle across the country simultaneously all of a sudden they have a huge lever to extort money out of the manufacturer of that particular model.”

Also, a hack on a trucking company would be a disaster when combined with a labor shortage and supply chain issues. “One semi-truck carrying a load of freight is probably as valuable as anything else that a cybercriminal can capture,” Dr. Bloom said.

The experts say any vehicle with connectivity could be subject to a hack, but newer vehicles with modern technology are the ones researchers are working to improve security measures.

“Modern vehicles that connect through 5G, cellular connections, or even through internet infrastructure,” Dr. Bloom said.

So, if you’re looking to buy a new car, researchers say it’s important to prioritize cybersecurity when making your…

Source…

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management

Security Experts Size Up Impact of US Rush to Leave Afghanistan

Doug Olenick (DougOlenick) •
August 17, 2021    

Does Abandoning Embassy in Kabul Pose Cybersecurity Risks?

It’s unlikely that the U.S. abandoning its embassy and other facilities in Afghanistan poses cyber risks, thanks to the emergency planning that was in place, some security experts say.

See Also: OnDemand | Beyond Credit Risk: Onboard Thin-File Customers with Confidence

“Realistically, any cybersecurity impacts from the rapid evacuation are minimal to nonexistent,” says Jake Williams, a former member of the U.S. National Security Agency’s elite hacking team and co-founder and CTO at BreachQuest. “However, this is only because of lots of planning and practice with equipment and document destruction. Even if the situation on the ground moved faster than anticipated, these facilities would have prioritized lists of what to destroy first.”

The Taliban is not likely to be a cybersecurity threat to the U.S. because the group is focused primarily on establishing control of the Afghanistan government, security experts say.

Plus, as Frank Downs, a former NSA offensive analyst, notes: “Based upon the operating procedures of the Taliban in the past, it would be hasty to assume they are an advanced cyberthreat.”

Part of the advanced planning to secure the embassy and other sites took place last week when the Department of Defense Inspector General sent a notification to U.S. Army commands in the U.S. and Afghanistan,…

Source…