Tag: Small | SpinSafe

China’s Hackers Hijack Small Routers to Reach Big Targets

February 3, 2024/in Computer Security

The United States announced the disruption of a botnet made of hundreds of U.S.-based small office or home office (SOHO) routers that were hijacked by state-sponsored hackers from the People’s Republic of China (PRC) in order to be used to attack U.S. infrastructure.

Hacker Greece China-backed hackers target U.S. computers. (Photo: Darwin Laganzon, Pixabay, License)“The hackers, known to the private sector as ‘Volt Typhoon,’ used privately-owned SOHO routers infected with the ‘KV Botnet’ malware to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims,” the U.S. Department of Justice said Wednesday in a statement.

Attorney General Merrick B. Garland stressed that the Justice Department has thwarted a China-supported hacking group that sought to target “America’s critical infrastructure” using a botnet.

That campaign had been the focus of a joint advisory issued in May 2023 by the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and international partners, according to the statement.

The Justice Department explained that the majority of routers in the KV Botnet were Cisco and NetGear routers, which were vulnerable due to reaching the ‘end-of-life’ status – meaning that they were no longer supported with security patches or other software updates from their manufacturers.

The operation authorized by the court involved removing the KV Botnet malware from the routers and disconnecting them by blocking communications with other devices responsible for controlling the botnet.

The statement referred to court documents, stating that the government extensively tested the operation on the relevant Cisco and NetGear routers without affecting their legitimate functions or collecting content information from the compromised routers.

However, authorities cautioned that the remediated routers remain susceptible to future attacks by Volt Typhoon and other hackers. They strongly recommended that owners of end-of-life SOHO routers in their networks replace them.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens…

Source…

Comcast Business Releases 2023 Small Business Cybersecurity Report

October 27, 2023/in Internet Security

Comcast Business SecurityEdge™ blocked over 1.1 billion malware attacks, countered 1.1 billion bot attacks, and thwarted 395 million phishing attempts during the second quarter of 2023

PHILADELPHIA–(BUSINESS WIRE)–
Comcast Business has released findings from its 2023 Comcast Business l Small Business Cybersecurity Report. The report found that small businesses were under frequent threat from cyber-attacks from July 2022 to June 2023, with daily malware activity roughly doubling year-over-year and peaks in both holiday seasons.

“As small businesses embrace remote and hybrid work policies, relying on off-network and mobile devices for access to applications and data, they become more appealing targets for cybercriminals,” said Shena Seneca Tharnish, Vice President of Secure Networking and Cybersecurity Solutions at Comcast Business. “In the past year, SecurityEdge™ has successfully thwarted billions of threats, helping to protect tens of thousands of small businesses.”

The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses (SMBs), with malware, phishing, and botnets being the most common threats. Additionally, there is a concerning lack of security measures in place for mobile devices, as Comcast Business found that nearly 1 in 10 devices, on average, attempted to connect to domains associated with malware, phishing, or malicious bot activity.

“In our current digital age, the importance of safeguarding devices and data, regardless of their location, cannot be overstated. It’s critical for organizations of all sizes to stay secure in order to maintain trust from employees, customers, and other stakeholders,” said Jonathan Morgan, Vice President of Network Security Product Management at Akamai. “With Comcast Business’s SecurityEdge, customers can rest assured that they have the right tools and support in place to help protect their connected devices. We’re proud to be a key component in that solution with our Secure Internet Access services that protect businesses and families across the globe.”

The second annual Comcast Business Small Business…

Source…

Stop that hack: Cybersecurity tips for individuals and small businesses

October 16, 2023/in Internet Security

Big casinos aren’t the only ones that stand to lose from a cyberattack.

“It is inevitable,” says Russell Short, owner of Las Vegas-based cybersecurity company SYN Cyber.

“With the advent of AI technology, that’s going to help [hackers] craft more sophisticated phishing emails. And that’s the number one way of getting in,” he explains, adding that the popularity of working from home also brings new network vulnerabilities to businesses.

Short’s company is a managed service provider that helps with network and cloud security, IT support and security awareness training. He shared a few tips to protect yourself and your business from getting hacked.

Know how to spot phishing and bad links

The No. 1 method of attack is phishing, Short says, which is why awareness is so important. Phishing is a form of social engineering that attempts to get users to give up personal information or click a link that contains malware. It can take the form of an email that appears to be from a legitimate sender, a phone call or text.

Even when surfing the web, users should always verify that a link will take them where they want to go.

“Say you’re looking for espn.com, or Amazon. It’s good to hover over the link and then in the bottom left corner, it’ll show the URL you’re going to. Double-verify to make sure that it is indeed going to amazon.com and not ‘amaz0n’ with a zero instead of an O, or misspelled words.”

The same goes for a link in an email—verify that it will take you where you want to go by hovering over the link and looking at the bottom left corner of the screen.

Strong passwords

You’d be surprised just how easy it is to hack an account with a weak password, Short says. Certified Ethical Hackers like SYN Cyber have tools that can be used to test the strength of passwords: “If they have a weak password—just a dictionary word and a number and one exclamation point—we crack those in under two seconds.”

Short recommends having a password with 10-15 characters that is not a dictionary word and has upper and lowercase characters and numbers. “If you remember your passwords, they’re not strong enough,” he says, adding that people should not recycle…

Source…

Mass exploitation of critical MOVEit flaw is ransacking orgs big and small

June 8, 2023/in Computer Security

Organizations big and small are falling prey to the mass exploitation of a critical vulnerability in a widely used file-transfer program. The exploitation started over the Memorial Day holiday—while the critical vulnerability was still a zeroday—and continues now, some nine days later.

As of Monday evening, payroll service Zellis, the Canadian province of Nova Scotia, British Airways, the BBC, and UK retailer Boots were all known to have had data stolen through the attacks, which are fueled by a recently patched vulnerability in MOVEit, a file-transfer provider that offers both cloud and on-premises services. Both Nova Scotia and Zellis had their own instances or cloud services breached. British Airways, the BBC, and Boots were customers of Zellis. All of the hacking activity has been attributed to the Russian-speaking Clop crime syndicate.

Widespread and rather substantial

Despite the relatively small number of confirmed breaches, researchers monitoring the ongoing attacks are describing the exploitation as widespread. They liken the hacks to smash-and-grab robberies, in which a window is broken and thieves grab whatever they can, and warned that the quick-moving heists are hitting banks, government agencies, and other targets in alarmingly high numbers.

“We have a handful of customers that were running MOVEit Transfer open to the Internet, and they were all compromised,” Steven Adair, president of security firm Volexity, wrote in an email. “Other folks we have talked to have seen similar.”

Adair continued:

I do not want to categorize our customers at this point since I do not know what all is out there in terms of who is running the software and give them away. With that said, though—it’s both massive and small organizations that have been hit. The cases we have looked into have all involved some level of data exfiltration. The attackers typically grabbed files from the MOVEit servers less than two hours after exploitation and shell access. We believe this was likely widespread and a rather substantial number of MOVEit Transfer servers that were running Internet-facing web services were…

Source…

Tag Archive for: Small

Widespread and rather substantial