Tag Archive for: space

Clop ransomware dominates ransomware space after MOVEit exploit campaign

/in


The number of ransomware attacks in July rose over 150% compared to last year and the actors behind the Clop ransomware were responsible for over a third of them. The gang took the lead from LockBit as the top ransomware threat after exploiting a zero-day vulnerability in a managed file transfer (MFT) application called MOVEit in June. While the MOVEit attacks were used for data theft and subsequent extortion, they were not used to deploy the actual Clop ransomware program, even though the actors behind the attacks are associated with this ransomware program and took credit for the campaign.

“This campaign is particularly significant given that Clop has been able to extort hundreds of organizations by compromising one environment,” Matt Hull, global head of threat intelligence at NCC Group, said in a report. “Not only do you need to be vigilant in protecting your own environment, but you must also pay close attention to the security protocols of the organizations you work with as part of your supply chain.”

Clop takes the ransomware lead

NCC Group has recorded 502 ransomware-related attacks in July, a 16% increase from the 434 seen in June, but a 154% rise from the 198 attacks seen in July 2022. The Clop gang was responsible for 171 (34%) of the 502 attacks while LockBit came in second with 50 attacks (10%).

LockBit has dominated the ransomware space since the middle of last year after the notorious Conti gang disbanded and the LockBit authors revamped their affiliate program to fill the void and attract former Conti partners. Ransomware-as-a-service (RaaS) operations such as LockBit rely on collaborators called affiliates to break into enterprise networks and deploy the ransomware program in exchange for a hefty percentage of the ransoms.

Clop is also a RaaS operation that has existed since 2019 and before that it acted as an initial access broker (IAB) selling access to compromised corporate networks to other groups. It also operated a large botnet specialized in financial fraud and phishing. According to a CISA advisory, the Clop gang and its affiliates compromised over 3,000 organizations in the US and over 8,000 globally to date.

The Clop…

Source…

Cybersecurity Researchers Sent a “Sandbox” Satellite into Space to Hack into It

/in


Cybersecurity Researchers Sent a “Sandbox” Satellite into Space to Hack into It

Rendering of the Moonlighter satellite.

image credit: The Aerospace Corporation.

For the first time, researchers launched a satellite into space with the expressed hope that hackers will find and exploit weaknesses in its security defenses. Dubbed Moonlighter, the satellite will be the core of Hack-a-Sat, an annual space security competition hosted at DEF CON, the world’s largest hacking conference. 

The project is a collaboration between the Aerospace Corporation, the Air Force Research Laboratory, and US Space Systems Command. In a so-called bug bounty program to be held at this year’s DEF CON, which will begin on August 10, five teams of hackers will face off to identify vulnerabilities and breach the satellite’s cybersecurity system so that the government can learn more about how hackers go about satellite cyberattacks. The first team to hack the satellite will receive a $50,000 grand prize.

The satellite hitched a ride into low earth orbit on a SpaceX rocket on June 5, along with several other CubeSats for a resupply mission to the International Space Station, where it’s currently awaiting deployment. The satellite will finally go into orbit in July in preparation for DEF CON.

The Hack-a-Sat competition started in 2020, after the secretary of acquisitions for the Air Force attended DEF CON. Since then, the Air Force has used the annual competition an information-gathering project. But so far, all the competitions have been simulations — Moonlighter will be the first actual satellite involved.

James…

Source…

Moonlighter Satellite Offers In-Orbit Target for Space Hackers

/in


Satellite hacking is set to blast off to new frontiers when Moonlighter, billed as the “world’s first and only hacking sandbox in space,” is launched into low-Earth orbit (LEO) this August.

Moonlighter will be part of Hack-A-Sat 4, an annual space security challenge timed with DEF CON that’s hosted jointly by the US Air Force and Space Force. This is the first year that finalists can target a real satellite in orbit rather than a simulation.

Developed by the Aerospace Corp. in partnership with Space Systems Command (SSC) and the Air Force Research Laboratory (AFRL), Moonlighter is meant to bolster operational security of space objects (as opposed to the data they transmit). It has a dedicated cyber payload with a firewall to isolate the onboard subsystem, along with a “fully reprogrammable payload computer that behaves like a flight computer, according to an announcement (PDF) from Aerospace Corp.

“Cybersecurity testing for space usually occurs in a laboratory or during a simulation activity on the ground,” according to the release. “Applying cyber defense theories and approaches in the space domain has been restricted by the limited availability of suitable existing vehicles in that environment.”

moonlighter hacking satellite from aerospace corp
The Moonlighter satellite will be a purpose-built target for hackers.

A working satellite designed to help improve cybersecurity for space systems by providing a real-time, real-world target for pen testers is an important step forward, given that satellite hacks are hardly theoretical. Early in 2022, the FBI and CISA warned that attacks against satellite ground-based and space-based infrastructure could become a reality. Soon after, in the wake of Russia’s invasion of Ukraine, nation-state cyber operations targeted communications in the region via Viasat and SpaceX’s Starlink satellites.

“Starlink has resisted Russian cyberwar jamming & hacking attempts so far, but [attackers are] ramping up their efforts,” SpaceX CEO Elon Musk stated on Twitter at the time.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source…

How Mobile Phone Towers Could Reveal Earth to Aliens

/in