Tag Archive for: U.S.

U.S. Dams Face Growing Cyber Threats

/in


Critical Infrastructure Security

Hacks on Unregulated Dams Can Result in Mass Casualties, Experts and Lawmakers Warn

Chris Riotta (@chrisriotta) •
April 18, 2024    

Hacking the Floodgates: U.S. Dams Face Growing Cyber Threats
Dams need better cybersecurity, warn experts. (Image: Shutterstock)

Could a hacker seize control of America’s dams, unleashing floods and chaos across vulnerable communities? Cybersecurity analysts and leading lawmakers warn it’s possible.

See Also: Transforming the vision for Public Sectors in Australia New Zealand


During an April hearing on cybersecurity threats to critical water infrastructure, Sen. Ron Wyden, D-Ore., used stunningly apocalyptic framing to raise his concerns.


“As the chairman of the subcommittee responsible for dams, I don’t want to wake up to a news report about a small town in the Pacific Northwest getting wiped out because of a cyberattack against a private dam upriver,” the senator said.


Influential voices in the cybersecurity field typically avoid alarmist scenarios, favoring practical, actionable responses to threats. But with the majority of dams under Federal Energy Regulatory Commission oversight not having undergone comprehensive cyber audits, and only four full-time employees tasked with overseeing 2,500 dams nationwide, experts agree with Wyden about the vulnerability of the sector to cyberattacks that could result in loss of human lives.


“Human life and safety are in play here,” Padriac O’Reilly, a water cyber risk advisor for the Defense Department and chief innovation officer of the cyber risk firm, CyberSaint, told Information Security Media Group. “Operational technology, population centers near dams, critical power generation capacity – all of these coupled with a lack of knowledge with respect to the maturity of cyber risk management adds up to a very concerning…

Source…

U.S. and UK Impose Sanctions on APT 31 Chinese Hackers

/in


In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S.

The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives.

The U.S. Department of Justice has unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other individuals for their involvement in a series of cyber attacks.

These individuals are believed to be connected to the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which is allegedly a front for the Chinese Ministry of State Security (MSS).

The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has sanctioned Wuhan XRZ and the two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their roles in the cyber operations.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These operations have targeted entities within the U.S. critical infrastructure sectors, posing a direct threat to national security.

APT 31: A Chinese Malicious Cyber Group

The hackers are affiliated with the state-sponsored Advanced Persistent Threat group 31 (APT 31), which is known for its sophisticated cyber espionage campaigns.

OFAC’s sanctions are pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets individuals and entities responsible for or complicit in cyber-enabled activities that threaten the U.S.

This action represents a collaborative effort involving the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK Foreign,…

Source…

U.S. still finding victims of advanced China-linked hacking campaign, NSA official says

/in


The U.S. is still identifying victims targeted by an extensive China-backed hacking campaign that became the subject of a recent FBI takedown operation and other advisories from officials over the past year, a top NSA cyber official said.

Rob Joyce, the agency’s outgoing cybersecurity director, said on Friday that the U.S. is still finding victims of the Volt Typhoon hacking collective that’s been latching onto critical infrastructure through compromised equipment including internet routers and cameras, and that NSA is not yet done with efforts to eradicate such threats.

The clandestine activities, which are said to be backed by the Chinese government, have allowed the hackers to conceal their intrusions into U.S. and foreign allies’ systems for at least five years, officials have previously said. 

The FBI in January announced it had jettisoned a significant portion of the group’s operations from compromised equipment it had burrowed into. These claims were subsequently affirmed by analysis from the private sector. But Friday’s remarks indicate there is still a way to go before Volt Typhoon is completely eradicated from U.S. networks.

Joyce, who was speaking to a group of reporters, declined to give a precise account of how many victims were remaining, but said the Chinese cyberspies are using tradecraft that’s difficult to uncover because of its reliance on stolen administrator credentials which allow them to more easily mask exploits.

The Volt Typhoon group has been carrying out “station keeping” activities, in an effort to preposition themselves to take down key infrastructure like transportation networks, he said. As for when the dismantling order would come down from Chinese authorities, the agency assesses it would be a “pretty high bar” reserved for major conflict like a possible Chinese invasion of Taiwan, he said.

The Volt Typhoon hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, previous U.S. reports said, noting that they have breached American facilities in Guam, as well as other key infrastructure in facilities both inside and outside the U.S.

Joyce added that NSA has been able to…

Source…

Ransomware Attack on Change Healthcare Wreaks Havoc on U.S. Medical Billing Systems

/in


One cybersecurity expert estimates some healthcare providers are losing $100 million per day because of the Change Healthcare ransomware attack.

Change Healthcare, a technology company owned by UnitedHealth that processes insurance claims and other critical hospital functions experienced a ransomware attack on February 21 that has continued to cause major disruptions to the nation’s medical payments infrastructure.

For more than a week and a half, the attack has threatened the security of patient data and is delaying many prescriptions at pharmacies and in hospitals around the country, as well as some healthcare worker paychecks, reports the Associated Press. Pharmacies such as CVS, Walgreens, Publix, and Good RX all have reported some disruption resulting from the attack, reports the Tennessean.

The ransomware attack against Change Healthcare is the most serious incident of its kind leveled against a healthcare organization in the U.S., according to the American Hospital Association (AHA). The company says it processes about 15 billion healthcare transactions every year and touches one in every three patient records.

One cybersecurity expert says some healthcare providers are losing more than $100 million per day due to the outage, reports CNN.

According to the AHA: “The staggering loss of revenue means that some hospitals and health systems may be unable to pay salaries for clinicians and other members of the care team, acquire necessary medicines and supplies, and pay for mission critical contract work in areas such as physical security, dietary and environmental services. In addition, replacing previously electronic processes with manual processes has often proved ineffective and is adding considerable administrative costs on providers, as well as diverting team members from other tasks.”

In response to the attack, Change Healthcare immediately isolated and disconnected the impacted systems, reports NBC News. UnitedHealth also stood up a “Temporary Funding Assistance Program” for hospitals affected by the breach, but according to the AHA, the funds “will not come close to meeting the needs of our members as they…

Source…