Tag Archive for: responsibility

Pro-Russian hackers claim responsibility for knocking U.S. airport websites offline

/in


A pro-Russian hacker group is taking credit for temporarily taking down several U.S. airport websites on Monday, though there appeared to be no impact on flight operations.

The cyberattacks claimed by Killnet impacted the websites for Los Angeles International, Chicago O’Hare, and Hartsfield-Jackson International in Atlanta, among others.

The group posted a list of airports on Telegram, urging hackers to participate in what’s known as a DDoS attack — a distributed denial-of-service caused when a computer network is flooded by simultaneous data transmissions.

The group’s call to action included airports across the country, including Alabama, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, and Missouri.

It was not immediately clear how many of the airports were actually hit and whether all victims’ sites suffered any disruptions.

In a statement, LAX officials told NPR that FlyLAX.com was partially disrupted early Monday morning.

“The service interruption was limited to portions of the public facing FlyLAX.com website only. No internal airport systems were compromised and there were no operational disruptions,” a spokeswoman said in an emailed statement.

She added that the airport’s information technology team has restored all services and is investigating the cause. Officials have also notified the FBI and the Transportation Security Administration.

By about 1 p.m. in Atlanta, authorities said ATL.com was “up and running after an incident early this morning that made it inaccessible to the public.” But people on Twitter continued to complain about parts of the site being inaccessible for several hours after the announcement had been made.

Atlanta airport officials said no airport operations had been impacted.

In an earlier post on Monday, Killnet noted other vulnerable U.S. sites that could succumb to similar DDoS strikes, include sea terminals and logistics facilities, weather monitoring centers, health care systems, subway systems, and exchanges and online…

Source…

Client-Side Security: You Can Delegate Authority But Not Responsibility

/in


By Source Defense

There’s an old saying that leaders can delegate authority but not responsibility. That remains relevant and true in the digital supply chain. Companies can give their supply chain partners authority to operate on their websites, but responsibility for what that 3rd, 4th, and 5th-party code is doing ultimately rests with your internal security team.

Security practitioners struggle to keep up with the volume and pace of cybersecurity incidents, are overwhelmed by alerts and false positives, are distracted by new and evolving compliance requirements and are under pressure to show value to business peers. But the corporate website—often the centerpiece of the enterprise revenue model—presents a structural security risk that could mean the difference between business success and failure.

In the browser, client-side processes are almost always written in JavaScript. According to our team’s latest intelligence, there are more than 1.7 billion public-facing websites worldwide, and JavaScript is used on 95% of them. Frontend JavaScript code has grown in size by more than 347% for desktop and more than 593% for mobile during the last 8 years and keeps growing. 

And therein lies the structural security issue that poses one of the biggest threats to your most critical business channels—protecting your customer data at the point of entry. Javascript is used by all of your 3rd party digital suppliers, including payment card processors, advertising networks, social sharing services, analytics, and more, and it sits outside your security perimeter and is vulnerable to a wide range of attacks. 

How Much Do You Know About Your 3rd Party Attack Surface?

As a security team, if you still aren’t convinced that taking action to secure client-side transactions like payment card entry is an immediate necessity, the latest release of the Payment Card Industry Data Security Standard (PCI DSS version 4.0) has decided for you.

PCI DSS v4.0 section 6.4.3 states explicitly in its guidance that payment page scripts that are loaded and executed in the consumer’s browser must be managed as follows:

  1. A method is implemented to confirm that each script is authorized.
  2. An inventory…

Source…

Russian hacking group takes responsibility for DDoS attacks on Lithuania

/in


A Russian hacking group has taken responsibility for a distributed denial-of-service attack targeting government and private organizations in Lithuania.

According to a report today in The Baltic Times, the attack, from a group known as “Killnet,” caused delays in processing passports and residence permits through Lithuania’s Migration Department. Other public agencies and companies in the communications and finance sectors also suffered temporary service disruptions.

The cyberattacks follow a decision by Lithuania to restrict the transit of steel and ferrous metals to Kaliningrad, a Russian exclave on the Baltic Sea that can only be accessed by land through Lithuania or Poland. Lithuania restricted the goods because of European Union sanctions, but the decision enraged the Kremlin, who denounced the move as unprecedented and unlawful.

A spokesperson for Killnet told Reuters that the DDoS attack was in direct response to Lithuania’s decision to block the transit of sanctioned goods. “The attack will continue until Lithuania lifts the blockade,” the spokesperson said. “We have demolished 1,652 web resources. And that’s just so far.”

The figure of 1,652 “web resources” being demolished was not backed up with evidence. Jonas Skardinskas, director of Lithuania’s National Cyber Security Center, told Yahoo News that the attacks have already been “contained,” but warned that “it is very likely that attacks of similar or higher intensity will continue in the coming days, especially in the transport, energy and financial sectors.”

Attacks originating from Russia have been prolific since the start of the invasion of Ukraine, including an attack on the Viasat satellite service in February. On June 22, Microsoft Corp. warned that Russian hacking against allied governments — Lithuania is a member of NATO — continues to increase.

“Every significant military power in the world has developed cyber capabilities,” Chris Clymer, director and chief information security officer of cybersecurity risk management provider Inversion6, told SiliconANGLE. “These have evolved from espionage tools into full-fledged weapons to be used as part of a…

Source…

Panasonic Admits Suffering a Second Cyber Attack in 6 Months With Conti Ransomware Gang Claiming Responsibility

/in


Japanese tech company Panasonic disclosed that it was the victim of a “targeted cyber attack” on its Canadian operations. According to malware analysis group VX Underground, the Conti ransomware group claimed responsibility for the attack. The group claims to have stolen 2.8 gigabytes of data from Panasonic Canada.

The February attack was the second to devastate the company within six months. In November 2021, Panasonic Japan disclosed that a third party had breached its network and accessed files on its servers.

The company disclosed in January 2022 that the attack leaked the personal information of job candidates and interns.

According to the Japanese media outlet NHK, the illegal access lasted from June to November 2021.

Similarly, Panasonic Corporation India suffered a cyber attack in December 2020, leaking 4 GB of financial information.

Conti ransomware group leaks files allegedly stolen from Panasonic

Conti ransomware group started sharing allegedly stolen documents on its leak site. The dump includes files and spreadsheets reportedly stolen from the HR and accounting departments. Some of the documents had names like “HR Global Database” and “Budget.”

Panasonic hasn’t disclosed the hacking group’s identity or ransomware demands, the intrusion method, the nature of the information stolen, or the number of potential victims.

However, the company says the attack affected the Canadian operation, which employs 400 people and is part of the North American segment.

Panasonic spokesperson Airi Minobe told TechCrunch that the company “took immediate action to address the issue with assistance from cybersecurity experts and our service providers.”

Its response “included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.” This description perfectly resembles a ransomware attack response.

Minobe added that efforts to restore operations were still in progress, although the top priority was to mitigate the impacts of the suspected Conti ransomware attack.

“Since confirming this attack, we have worked diligently to restore operations and…

Source…