Tag: thwart | Page 2

Practise good cyber hygiene habits to thwart hackers, scammers and other malicious parties

April 21, 2022/in Computer Security

In 2013, World Password Day was introduced by Intel to raise awareness on the role strong passwords play in safeguarding our digital lives.

The event, which falls on every first Thursday in May, invites users to evaluate their own security measures and take the necessary steps to protect their accounts.

Simply using lengthier passwords consisting of unique characters is no longer sufficient today as users are advised to turn on multi-factor authentication for better protection.

Experts also urge users not to recycle passwords as they may have been inadvertently exposed in data breaches, and to utilise other security measures such as biometrics authentication using fingerprints or facial recognition wherever possible.

Here are some recent cybersecurity incidents involving bad password habits to convince you to make the change.

As easy as 123

First reported in 2020, the SolarWinds hack has been described as one of the most devastating security breaches in US history.

According to a Reuters report, hackers breached SolarWinds’ software and could have gained access to an estimated 18,000 companies and multiple US government agencies that used its products. These included emails at the US Treasury, Justice and Commerce departments, among others. A subsequent investigative report published by the company claimed that fewer than 100 customers were actually affected by the hack.

Investigations into the cause of the hack led to the initial discovery that SolarWinds had suffered a lapse in password security back in 2019, when an intern allegedly posted the password “solarwinds123” onto their private Github account.

The researcher who found the leaked password, Vinoth Kumar, told CNN that the password had been accessible online since 2018 and that by using the password, he was able to log in and deposit files onto the company’s server.

He warned that any hacker could upload malicious programs to SolarWinds using the tactic.

SolarWinds CEO Sudhakar Ramakrishna later admitted that the password had been in use from as far back as 2017 and that he had taken measures to fix the issue.

The…

Source…

Justice Department doubles down on efforts to thwart global cybercrime

February 21, 2022/in Computer Security

Fresh off its largest financial seizure ever, the Justice Department said Thursday it is doubling down on U.S. efforts to combat the sharp rise in ransomware attacks worldwide and will now prioritize disrupting cybercriminals before they act.

In a speech to attendees at the annual Munich Cyber Security Conference, Deputy Attorney General Lisa Monaco unveiled several new initiatives by the Justice Department and FBI that she said will speed up their transformations into the kind of high-tech law enforcement agencies required to go after today’s hyperconnected and globalized cybercriminals.

Feds say "majority" of $4.4 million Colonial Pipeline cryptocurrency ransom recovered — Feds say “majority” of $4.4 million Colonial Pipeline cryptocurrency ransom recovered

By doing so, she said, the U.S. government is sending a clear message to hackers, crackers and other digital bad actors everywhere: “The long arm of the law can and now will stretch much farther into cyberspace than you think. If you continue to come for us, we will come for you.”

More: A Russian invasion could reach farther than Ukraine. How a cyberattack could affect you.

As part of that transformation, Monaco said, federal agents and prosecutors will focus far more intensively on the use of bitcoin and other cryptocurrencies in a wide array of malicious activities targeting American citizens and corporations.

“Ransomware and digital extortion – like many other crimes that are fueled by cryptocurrency – only work if the bad guys get paid,which means we have to bust their business model,” Monaco said.

The Justice Department and FBI also will expand their international operations and country-to-country partnerships to better thwart cybercriminals where they live and work, Monaco told the assembled group of security leaders.

In recent years, U.S. efforts to apprehend – and even identify – the perpetrators of massive cyberattacks against U.S. interests have been stymied by their ability to operate in countries like Russia, China and Iran, including at times with those countries’ consent or cooperation.

Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington on Nov. 2, 2021. Two suspected hackers accused of ransomware attacks resulting in 5,000 infections have been arrested as part of a global cybercrime crackdown, according to an announcement Monday by Europol. — Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington on Nov. 2, 2021. Two suspected hackers accused of ransomware attacks…

Source…

OFAC Imposes New Sanctions To Thwart Ransomware – Technology

September 25, 2021/in Internet Security

On September 21, 2021, the US Treasury Department’s Office
of Foreign Assets Control (“OFAC”) levied its first
sanctions against a Russian-operated virtual currency exchange
involved in ransomware payments and published an updated advisory
on sanctions risks for ransomware payments. At the same time,
Deputy Secretary of the Treasury Wally Adeyemo was careful to
underscore that “the vast majority of activity that’s
happening in the virtual currencies is legitimate activity.”
The actions form part of what the Treasury Department described as
a whole-of-government effort targeting ransomware networks and
certain foreign virtual currency exchanges – those that are
either illicit or operate at the edges of legality – that
support them. In a ransomware attack, a cyber actor uses malware to
encrypt the data on a victim’s computer system and only
decrypts it if the victim pays a ransom, usually in
cryptocurrency.

OFAC targeted only one, Russian-operated virtual currency
exchange, but its action signals a broader focus on intermediary
parties that launder ransom payments or otherwise facilitate
ransomware attacks. The September 21, 2021 advisory (the “Updated
Advisory”) expands on the guidance provided in its October 2020
predecessor about OFAC’s expectations of how victims and
others should act both before, during, and after an attack. All
companies, especially those in industries such as financial
services that are often targeted by ransomware attacks, and the
cybersecurity firms that help victims manage attacks, should review
the Updated Advisory and incorporate its guidance into their
ransomware planning.

New Sanctions and Updated Advisory on Cryptocurrency

US companies are generally prohibited from engaging in any
financial transactions with persons identified on OFAC’s
Specially Designated Nationals and Blocked Persons
(“SDN”) List, and with those located in certain
sanctioned countries or territories, including Cuba, Iran, and the
Crimea region of Ukraine. Non-US companies may also violate US
sanctions if they cause a US person to violate the sanctions
prohibitions. And, as OFAC indicates in the Updated Advisory, a
ransomware payment made…

Source…

Turn off, turn on: Simple step can thwart top phone hackers

July 29, 2021/in Computer Security

RICHMOND, Va. — As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure.

Step One: Turn off phone.

Step Two: Turn it back on.

That’s it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is – turning a device off then back on again – can thwart hackers from stealing information from smartphones.

Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.

“This is all about imposing cost on these malicious actors,” said Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate.

The NSA issued a “best practices” guide for mobile device security last year in which it recommends rebooting a phone every week as a way to stop hacking.

King, an independent from Maine, says rebooting his phone is now part of his routine.

“I’d say probably once a week, whenever I think of it,” he said.

Almost always in arm’s reach, rarely turned off and holding huge stores of personal and sensitive data, cellphones have become top targets for hackers looking to steal text messages, contacts and photos, as well as track users’ locations and even secretly turn on their video and microphones.

“I always think of phones as like our digital soul,” said Patrick Wardle, a security expert and former NSA researcher.

The number of people whose phones are hacked each year is unknowable, but evidence suggests it’s significant. A recent investigation into phone hacking by a global media consortium has caused political uproars in France, India, Hungary and elsewhere after researchers found scores of journalists, human rights activists and politicians on a leaked list of what were believed to be potential targets of an Israeli hacker-for-hire company.

The advice to periodically reboot a phone reflects, in part, a change in how top…

Source…

Tag Archive for: thwart

New Sanctions and Updated Advisory on Cryptocurrency