Tag Archive for: targeting

Latvian woman charged for alleged role in transnational ransomware scheme targeting 11 countries | Washington Examiner

/in


A Latvian national faces federal charges for allegedly participating in a transnational plot using ransomware to steal money and other confidential information from victims, including Americans.

Alla Witte, 55, was arraigned in the U.S. District Court for the Northern District of Ohio on Friday on 19 counts in a 47-count indictment brought against the “Trickbot Group,” named for the Trickbot malware used in the plot, according to the Justice Department.

As part of their cybercrime scheme, Witte and other conspirators, who operated in Russia, Belarus, Ukraine, and Suriname, allegedly began using the malware in November 2015 to steal from individuals, hospitals, schools, public utilities, banks, and governments in the United States, the United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia.

UPTICK IN RANSOMWARE ATTACKS SHARES ‘A LOT OF PARALLELS’ WITH 9/11: WRAY

Witte, who resided in Suriname when the cybercrimes occurred, was a developer for the group and oversaw the creation of computer code used to control the ransomware, obtain payment from victims, and store stolen information, according to court documents.

The group infected millions of computers worldwide, including those belonging to individuals and business entities within the Northern District of Ohio, to harvest credit card information, passwords, social security numbers, and addresses and to steal funds from victims’ bank accounts, the indictment said.

“The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad,” acting U.S. Attorney Bridget Brennan of the Northern District of Ohio said in a Justice Department news release.

A warrant was issued for Witte on Aug. 13, 2020, and she was arrested Feb. 6 in Miami.

Witte faces one count each of conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, and conspiracy to commit money laundering, as well as eight counts of bank fraud and eight counts of aggravated…

Source…

What Microsoft Officials Know About Russia’s Phishing Hack Targeting USAID

/in


Microsoft says the same group that breached the software company SolarWinds seems to have launched another hack, this time using phishing attacks on a number of human rights agencies, including the U.S. Agency for International Development. Image: J. David Ake/AP

Microsoft officials say hackers linked to the Russian intelligence service, SVR, appear to have launched another supply chain attack — this time on a company that allowed the intruders to slip into the computer networks of a roster of human rights groups and think tanks.

Microsoft said it discovered the breach this week and believes it began with hackers breaking into an email marketing company called Constant Contact, which provides services to, among others, the United States Agency for International Development.

Once they had broken in, the hackers sent out emails that looked like they came from USAID. Those emails contained links, and when the recipients clicked on them, quietly loaded malware into their systems, allowing the hackers full access. They could read emails, steal information and even plant additional malware for use later.

Tom Burt, vice president of customer security and trust at Microsoft, told NPR in an interview that the hackers appeared to be learning as they went along, customizing their malware packages depending on the target. “Even before the malware gets installed,” he said, “they’re doing some things to help them understand the environment that they are going to try to install the malware into, so they can pick the right malware package.”

The reason that’s important is because it is yet another indication that a nation-state actor is involved. As a general matter, common cyber criminals don’t target these kinds of institutions or tailor their malware in this way. Microsoft said about 150 organizations may have fallen prey to the hack, with some 3,000 possible compromised accounts, though they think the number will probably end up much lower than that.

The latest attack follows the discovery earlier this year of a sweeping supply chain hack against a Texas software company called SolarWinds. In that case, hackers linked to the SVR are thought to have slipped into the company’s development…

Source…

Cyber attackers are targeting your child’s school and it’s costing us millions

/in


ST. LOUIS COUNTY, Mo. – If you have a website, you are at risk. You don’t have to click on a malicious link to let the criminal inside. Just like your home, cybercriminals are looking for unlocked windows, a weak door, or that key you’ve hidden under a rock.

“It is what keeps people in my position up at night,” Jason Rooks said. He’s Parkway School District’s Chief Information Officer.

“It’s not if you get attacked – it’s when you get attacked,” he said.

Rooks says school districts are now one of the biggest targets.

“In the past month, two school districts in the state of Missouri have had to close multiple days due to ransomware attacks,” he said.

The Affton School District was recently hit with ransomware. Cybercriminals said they had personal information and demanded money for its return. Affton said it didn’t pay, but Maryville University Associate Professor of Cybersecurity Brian Gant says some districts do.

“One in four school districts is experiencing ransomware currently. Right now, K-12, we’re talking about millions and millions of dollars being lost,” he said.

Gant teaches student how to defend our computer systems. A video wall in their cyber fusion center shows active attacks being stopped—live—in real time. Gant says we don’t have enough experts to stop the attacks.

“The gap that we’ve been experiencing is vast,” he said. “In 2023, they’re expecting it to be a million-job gap between those with the skills necessary to fill it, and higher education is one of those vehicles in which we can get people into the pipeline to fill those gaps.”

Student Hunter Myles already has a job lined up where he will fight to defend our virtual borders.

“Nothing is secure. No company is safe,” he said. “Major national government agencies were attacked. National corporations with billions of dollars in security funding were attacked. It always takes one open door for these attackers to get in.”

In class, he’s working with school districts like Parkway to tighten their security.

“And the great thing is they don’t charge school districts for these services,” Rooks said….

Source…

Facebook Blocks PA-Connected Hacking Ring Targeting Journalists, Activists

/in


(The Media Line) In a report released Wednesday, Facebook detailed its actions against two hacker groups from the Palestinian territories that made use of the Facebook platform to spy on Palestinians.

According to the report, the first group targeted journalists, human rights activists and government opposition, among others, and used malware to access phones and computers for spying. This group is connected to the Palestinian Authority’s Preventive Security Service (PSS), an intelligence agency tasked with internal security.

The second group, named Arid Viper, directed its efforts at Fatah members, PA officials and members of security forces, hinting at a possible connection to Fatah-rival Hamas. This second group employed a variety of tactics, all aimed at accessing personal information on phones and computers.

A PSS spokesperson rejected these allegations, telling Reuters that “we respect the media, we work within the law that governs our work.”

Facebook took action against these groups by blocking their accounts, as well as internet domains connected to them. The company also notified the attackers’ targets as well as “industry partners.”

If the allegations are true, the attacks are in keeping with the PA’s suppression of dissidents and critics. Both the PA and Hamas have been harshly criticized by human rights organizations for their employment of suppressive measures. A 2020 report by Amnesty International said that both Hamas, which controls the Gaza Strip, and Fatah, the organization heading the PA, arrested dozens of protesters, opposition members, activists and journalists throughout the year.

The 2020 annual report of MADA, the Palestinian Center for Development and Media Freedoms, noted a decline in the number of attacks on journalists in the Palestinian territories. Yet the report attributes the smaller numbers to lockdown measures enforced because of COVID-19, which lowered the number of interactions between journalists and potential attackers. “The state of media freedoms in Palestine has not witnessed any real positive and tangible developments that would serve to move away from the path of practices and trends that prevailed during the preceding…

Source…