Tag Archive for: warn

Rocket Alert Apps Warn Israelis of Incoming Attacks While Gaza Is Left in the Dark

/in


The app and sirens are a backstop to Israel’s extensive military defenses. The Iron Dome missile defense system effectively intercepts or destroys most airborne weapons headed to Israel. But some rockets have slipped through, causing injuries in recent days, and the government has encouraged people in Israel to download its app.

Across the border, Israel’s military has sometimes called people in Gaza to warn of its own attacks. But power and communications networks there have been unreliable since Israel’s recent assault began, and on Friday internet access appeared to be cut off entirely. The Home Front Command app doesn’t provide alerts for the disputed Hamas-controlled territory, as it is out of Israel’s jurisdiction, Zamir says.

Palestinian activists and tech entrepreneurs say no one appears to be trying to provide civilians of Gaza with an equivalent early warning system. Hamas did not respond to requests for comment.

If power and communications were intact, a warning app could technically operate in Gaza, perhaps in a similar way to a system that Western governments fund in Syria. Vetted users and social media scanning tools feed the app with observations about drones, missiles, and other military movement. Machine learning and other data analysis techniques determine which areas of Syria need warning. Alerts then ring through public sirens and messaging apps.

But it’s unclear who would be willing to stand up a system like that in Gaza, or how it could keep functioning as Israel’s assault continues. Communications networks have faltered over the past three weeks of Israeli air strikes, which have damaged key infrastructure. On Friday the last internet provider whose service was operating in Gaza, Paltel, and UK internet monitoring company NetBlocks reported that Gaza was wholly offline. Power generators are reaching their limits, according to the UN agency advocating for Palestinians, after Israel cut off electricity and fresh fuel.

“Tech solutions are invalid,” says Mohammad Alnobani, a Palestinian who is CEO of Arab-focused stock photography service Middle Frame, speaking ahead of Friday’s communications collapse in Gaza. He says trying to maintain contact…

Source…

FBI, CISA warn critical infrastructure organizations about AvosLocker ransomware

/in


The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) to share known indicators of compromise (IOCs), tactics, techniques and procedures (TTPs), and detection methods associated with the AvosLocker ransomware variant identified through FBI investigations as recently as May 2023.

U.S. critical infrastructure organizations across several industries — including government, financial services, and critical manufacturing — have been targeted by the AvosLocker ransomware-as-as-service (RasS) operation.

Last week’s advisory updated the March 17, 2022, joint CSA released by FBI, CISA, and the Department of the Treasury’s Financial Crimes Enforcement Network. The update included IOCs and TTPs not included in the previous advisory, as well as a YARA rule developed after analyzing a tool associated with an AvosLocker compromise.

AvosLocker’s track record of successful cyberattacks against U.S. critical infrastructure have elevated this threat to justify a government advisory from CISA and the FBI providing known IOCs, TTPs, as well as detection methods, said Darren Guccione, co-founder and CEO at Keeper Security. Guccione said the federal agencies offer concrete actions that can help to mitigate risk and impact of AvosLocker and other cyberthreats.

“CISA and FBI recommend adopting application controls, limiting the use of remote desktop services, restricting PowerShell use, requiring phishing-resistant multi-factor authentication, segmenting networks, keeping systems up-to-date, and maintaining offline backups,” said Guccione. “As ransomware operators like AvosLocker evolve their tactics, protecting your organization requires a layered approach.”

Craig Jones, vice president of security operations at Ontinue, added that the nature of threats targeting critical infrastructure such as AvosLocker will likely continue to evolve in line with technological advancements. Jones said it’s noteworthy because as infrastructure becomes progressively connected and dependent on digital systems, the possible attack surface for cybercriminals increases.

“We can expect to see more sophisticated attacks that exploit specific…

Source…

US, Japan authorities warn of China-linked hacking group BlackTech

/in


By Kantaro Komiya

TOKYO (Reuters) – U.S. National Security Agency, Federal Bureau of Investigation and Japanese police jointly warned multinational companies of China-linked hacker group BlackTech in a cybersecurity advisory late on Wednesday.

The joint advisory, which also came from the U.S. Cybersecurity and Infrastructure Security Agency and its Japanese counterpart, urged firms to review the internet routers at their subsidiaries to minimise the risk of potential attack from the group.

“BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets,” the statement said.

BlackTech has been engaging in cyberattacks on governments and tech-sector companies in the United States and East Asia since around 2010, Japan’s National Police Agency said in a separate statement.

In 2020, self-ruled Taiwan’s security authority reported cyberattacks to some 6,000 government officials’ email accounts from Blacktech and another hacking group Taidoor, saying both were likely backed by the Chinese Communist Party.

Amid heightening U.S.-China tensions over issues including Taiwan, U.S. security officials are raising the tone of their warnings against China’s cyberattack capabilities. FBI chief Chris Wray earlier this month said China “has a bigger hacking program than every other major nation combined”.

In May, cybersecurity authorities of Australia, Canada, New Zealand and the United Kingdom joined the U.S. agencies in issuing an advisory on China’s “state-sponsored cyber actor”.

Japan, a key U.S. ally in East Asia along with South Korea, was allegedly attacked by Chinese military hackers that gained access to its classified defence networks in 2020, the Washington Post said last month. The Pentagon said it was confident about sharing intelligence with Japan despite the report.

(Reporting by Kantaro Komiya; Editing by Michael Perry)

Source…

Feds Warn About Snatch Ransomware

/in


Fraud Management & Cybercrime
,
Ransomware

US Agency Advisory Sheds Light on the Group’s Activities

Prajeet Nair (@prajeetspeaks) •
September 21, 2023    

Feds Warn About Snatch Ransomware
Image: Shutterstock

The Snatch ransomware group is targeting a wide range of critical infrastructure sectors, including the defense industrial base, food and agriculture, and information technology sectors, according to a new alert issued by U.S. authorities.

See Also: OnDemand | SaaS: The Gaping Hole in Your Disaster Recovery Plan

The group first appeared in 2018 and operates on a ransomware-as-a-service model, conducting operations involving data exfiltration and double extortion.

A joint advisory from the Cybersecurity and Infrastructure Security Agency and the FBI on Wednesday said that the group was earlier referred to as Team Truniger, based on the nickname of a key group member, Truniger, who operated as a GandCrab affiliate (see: Alleged GandCrab Distributor Arrested in Belarus).

Snatch threat actors employ different methods to gain access to and maintain persistence on a victim’s network. Their affiliates primarily rely on exploiting weaknesses in Remote Desktop Protocol for brute-forcing and gaining administrator credentials to victims’ networks.

In some instances, Snatch affiliates have sought out compromised credentials from criminal forums or marketplaces and gained persistence on a victim’s network by compromising an administrator account and establishing connections over HTTPS to a command-and-control server located on a Russian bulletproof hosting service.

The group also used previously stolen data bought from other ransomware actors to harass victims into paying extortion by threatening to release the data on its leak site.

Snatch uses different tactics, techniques and procedures to…

Source…