Mil News CYBERSECURITY in the NEWS

[rtomedic]

Time is Running Out for Atlanta in Ransomware Attack

Time is running out for the city of Atlanta, which was given until Wednesday to pay off the cyberattackers who laid siege to city government data and are threatening to wipe the computers clean.

But, as Georgia Public Broadcasting’s Emily Cureton reported for NPR, even if officials authorized the six-bitcoin ransom payment — currently worth about $51,000 — to lift the wall of encryption paralyzing a number of city services, it’s not clear whether there is anywhere to send the money.

The payment portal set up by the hijackers for the infected systems, which included a countdown clock, was disabled days before the deadline after a local TV news station tweeted out an unredacted ransom note it obtained from a city employee. ...more with videos

https://americansecuritytoday.com/time-running-atlanta-ransomware-attack-multi-video/

 

[BravoZulu]

Great to see you in the threads @rtomedic old mate, so glad you have decided to put your toes in the water! BZ

 

[Bombardier]

North Korea is a bigger cyber-attack threat than Russia, says expert

North Korea poses a bigger threat of large-scale cyber-attacks than Russia, according to the co-founder of the information security firm that investigated the 2016 Democratic National Committee hacks.

Speaking to the Guardian, Crowdstrike’s Dmitri Alperovitch said: “In 2018, my biggest worry is actually about North Korea. I worry a great deal that they may do a destructive attack, perhaps against our financial sector, in an attempt to deter a potential US strike against either their nuclear facilities or even the regime itself.

“Regardless of whether a military strike is actually on the cards or not, what matters is whether they think one might happen. And given all the rhetoric over the last year or so, it wouldn’t be irrational for them to assume that.”


https://www.theguardian.com/technology/2018/feb/26/north-korea-cyber-attack-threat-russia

 

[rtomedic]

Facebook: Most Users May Have Had Public Data 'Scraped'
NEW YORK (AP) — Facebook’s acknowledgement that most of its 2.2 billion members have probably had their personal data scraped by “malicious actors” is the latest example of the social network’s failure to protect its users’ data.

Not to mention its apparent inability to even identify the problem until the company was already embroiled in scandal.

CEO Mark Zuckerberg told reporters Wednesday that Facebook is shutting down a feature that let people search for Facebook users by phone number or email address. Although that was useful for people who wanted to find others on Facebook, it turns out that unscrupulous types also figured out years ago that they could use it to identify individuals and collect data off their profiles.

The scrapers were at it long enough, Zuckerberg said, that “at some point during the last several years, someone has probably accessed your public information in this way.”

The only way to be safe would have been for users to deliberately turn off that search feature several years ago. Facebook had it turned on by default.

... More

https://inhomelandsecurity.com/face...-public-data-scraped&utm_campaign=20180406IHS

 

[Bombardier]

Another example of Facebook's inability to protect its users data.

 

[rtomedic]

GCHQ Director Slams Russia's 'Unacceptable Cyber Behavior'
In his first public speech as director of British spy agency GCHQ, Jeremy Fleming called out Russia’s “unacceptable cyber behavior,” amidst rising tensions between Western allies and the Kremlin in Syria and beyond. Speaking at the CyberUK event in Manchester, U.K., on Thursday, Fleming said recent events had been “particularly stark and shocking,” pointing to the use of a nerve agent on a former Russian spy and his daughter on British soil.

He said the poisoning of the Skripals, for which Russia has denied culpability, was a sign of how “reckless” the Kremlin was willing to be and how comfortable it was “putting ordinary lives at risk.” From an online perspective, Fleming said the U.K. would continue to respond to malicious cyber activity and would “attribute where we can.”

The GCHQ chief pointed to the recent outbreak of the NotPetya ransomware, which spread out from initial targets in Ukraine to hit global businesses last year, as a sign of Russia’s increasing use of its cyber capabilities. “They’re not playing to the same rules,” he added. “They’re blurring the boundaries between criminal and nation state activity.”

The U.S. officially blamed Russia for NotPetya earlier this year. The Kremlin denied it was responsible.

Fleming’s comments came a day after President Trump warned on Twitter of stronger action against Russia, over the Kremlin’s threat to shoot American missiles out of the sky. ...MORE

https://inhomelandsecurity.com/gchq...table-cyber-behavior&utm_campaign=20180412IHS

 

[rtomedic]

Russia-Backed Hackers Accused Of Global Cyberattacks
Russian state-sponsored hackers are seeking to hijack critical network infrastructure devices, U.S. and British intelligence agencies say.

Britain's National Cyber Security Centre (NCSC), the FBI, and the U.S. Department of Homeland Security (DHS) issued a joint alert on April 16, warning that the global campaign could be escalated to launch future offensive attacks.

https://www.us-cert.gov/ncas/alerts/TA18-106A

Moscow did not immediately comment on the allegations. It has denied previous accusations that it carried out cyberattacks on other countries.

The alert said the targets of the campaign were primarily "government and private-sector organizations, critical infrastructure providers, and the Internet Service Providers (ISPs) supporting these sectors."Russian state-sponsored actors are using compromised routers to conduct spoofing 'man-in-the-middle' attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations," it said. ...MORE

https://www.globalsecurity.org/secu...6-rferl01.htm?_m=3n.002a.2267.ph0ao0037n.235h

 

[rtomedic]

Russia Dismisses Rare US-British Warning on Hackers
Russia has rejected allegations from the United States and Britain that Russian-backed hackers are escalating cyberattacks on American and British companies, government operations and infrastructure.

"We don't know what these new accusations are based on," said Kremlin spokesman Dmitry Peskov. He told reporters during a regularly scheduled media briefing that London and Washington have not presented any evidence, and dismissed the accusations as "groundless" and "unjustified."

Washington and London said the widespread, global campaign began in 2015 and could be expanded to launch offensive attacks.

The warning came from the Department of Homeland Security, the FBI and Britain's National Cyber Security Center, and included advice about what companies can do to protect themselves.

American and British officials said the attacks affected a wide range of organizations including Internet service providers, private businesses and critical infrastructure providers. They did not identify any victims or provide details on the impact of the attacks. ...MORE

https://www.globalsecurity.org/secu...417-voa01.htm?_m=3n.002a.2268.ph0ao0037n.2373

 

[rtomedic]

White House Cybersecurity Official To Return To The NSA
Rob Joyce, the White House cybersecurity coordinator, has announced he will return to the National Security Agency.

Joyce’s announced departure comes on the heels of the resignation of White House homeland security adviser Tom Bossert, and a number of other National Security Council officials. President Trump’s new national security adviser, John Bolton, began in the job last week, replacing H.R. McMaster.

Joyce, a career federal employee, will stay on as needed to facilitate the transition to his eventual replacement, White House officials said. He is currently also serving as the acting deputy homeland security adviser, which includes coordinating responses to natural disasters and monitoring terrorism threats.

Joyce, who was detailed to the White House from the NSA at the start of the Trump administration, has served more than 25 years at the spy agency. There, he held various leadership positions. He headed the elite hacking or “offensive” division, called Tailored Access Operations, which penetrated networks overseas to gather foreign intelligence.

He has also led the Information Assurance Directorate, which handled cybersecurity or defense of classified government networks. Both divisions have been folded into the agency’s new directorate ...MORE

https://inhomelandsecurity.com/whit...to-return-to-the-nsa&utm_campaign=20180418IHS

 

[rtomedic]

“The Dirty Secrets of Network Firewalls,”
Drive threat prevention to unmatched levels. The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware without relying on signatures. Deep learning makes Intercept X smarter, more scalable, and higher performing than security solutions that use traditional machine learning or signature-based detection alone.

Sophos has announced the findings of its global survey, The Dirty Secrets of Network Firewalls, which revealed that IT managers cannot identify 45% of their organization’s network traffic. In fact, nearly one-in-four cannot identify 70% of their network traffic. The lack of visibility creates significant security challenges for today’s businesses and impacts effective network management.

The survey polled more than 2,700 IT decision makers from mid-sized businesses in 10 countries including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa.

Considering the debilitating impact cyber-attacks can have on a business, it’s not a surprise that 84% of respondents agree that a lack of application visibility is a serious security concern.

Without the ability to identify what’s running on their network, IT managers are blind to ransomware, unknown malware, data breaches and other advanced threats, as well as potentially malicious applications and rogue users.

Network firewalls with signature-based detection are unable to provide adequate visibility into application traffic due to a variety of factors such as the increasing use of encryption, browser emulation, and advanced evasion techniques. ...MORE WITH VIDEO

https://americansecuritytoday.com/dirty-secrets-network-firewalls-sophos-multi-video/

 

[rtomedic]

Homeland Security: Top Cyber Risks are Mobile Apps & Users
Most mobile app users blindly trust that the apps they download from app stores are safe and secure. But that isn’t the case.

Douglas Maughan, who heads up the Department of Homeland Security’s Science and Technology division, tells FOX Business that most mobile apps aren’t vetted.


Dr. Douglas Maughan, Director of S&T’s Cyber Security Division
“Mobile applications are put out on the app store [but] they’re not really checked,” he says.

“When people download applications most people don’t know what they are downloading.”

“They don’t know what’s in that software.”

Maughan says users are playing an increasingly important role in the country’s cybersecurity defense, but the more smart devices that proliferate the market, the bigger the target. ...MORE WITH VIDEO

https://americansecuritytoday.com/homeland-security-top-cyber-risks-mobile-apps-users-see-video/

 

[rtomedic]

Cops Take Down World's Biggest 'DDoS-For-Hire' Site They Claim Launched 6 Million Attacks
The Webstresser.org advertised itself as the number one DDoS testing site in the world. But cops think it was used for criminal means rather than for legitimate cybersecurity tests.

European law enforcement are today celebrating the dismantling of a website police claim sold Distributed Denial of Service (DDoS) attacks and helped launch up to 6 million of them for as many as 136,000 registered users. Alleged administrators of the webstresser.org service were arrested on Tuesday in the U.K., Canada, Croatia and Serbia, whilst the site was shut down and its infrastructure seized in Germany and the U.S., Europol announced Wednesday.

DDoS attacks typically flood web servers with traffic to take them down. So-called stressers sell those attacks as a service, offering to take down customers’ selected targets for a small fee or providing direct access to a simple DDoS tool. According to investigators working on Operation Power Off, webstresser.org appeared to be the biggest of all such services.

DDoS hits emanating from webstresser.org targeted banks, government institutions, police forces, schools and the gaming industry, investigators said. And Americans made up the majority of both targets and customers on webstresser.org, according to Europol’s lead case coordinator, who asked to remain anonymous in speaking with Forbes exclusively ahead of today’s announcement. “It’s ...MORE

https://inhomelandsecurity.com/cops...ed-6-million-attacks&utm_campaign=20180425IHS

 

[rtomedic]

Cyber Warfare: The Threat From Nation States
The nature of warfare has shifted from physical to online, seeing a deluge of state-sponsored cyber assaults on the West. The issue was put under the global spotlight last month (April), when the UK and US made an unprecedented joint statement blaming Russia for cyber-attacks on businesses and consumers.

The announcement – which is the first time two nations have come together to show solidarity in this area – saw the National Cyber Security Centre (NCSC), US Department of Homeland Security and the FBI warn businesses and citizens that Russia is exploiting network infrastructure devices such as routers around the world. The aim: To lay the groundwork for future attacks on critical infrastructure such as power stations and energy grids.

It is widely agreed that Russia is one of the most – if not the most – accomplished nations in the world in its ability to perform state sponsored attacks, disinformation and espionage. But China, North Korea and Iran are known to have dedicated cyber arsenals that are of increasing threat to the West.

In April, the US and UK governments hit out at state owned Chinese telecoms firm ZTE, with the NCSC writing to UK telecoms providers to warn that using the firm’s equipment and services could pose a national security risk. ...MORE

https://inhomelandsecurity.com/cybe...t-from-nation-states&utm_campaign=20180504IHS

Cybercom to Elevate to Combatant Command
WASHINGTON -- In response to the changing face of warfare, U.S. Cyber Command will be elevated tomorrow to a combatant command, chief Pentagon spokesperson Dana W. White said today.

"The cyber domain will define the next century of warfare," White said at a Pentagon news conference.

Army Lt. Gen. Paul M. Nakasone, most recently commander of Army Cyber Command, will receive his fourth star as he succeeds retiring Navy Adm. Michael S. Rogers as Cybercom commander.

"Just as our military must be prepared to defend our nation against hostile acts from land, air and sea," White said, "we must also be prepared to deter, and if necessary, respond to hostile acts in cyberspace." ...MORE

https://www.globalsecurity.org/secu...03-afps01.htm?_m=3n.002a.2282.ph0ao0037n.23mu

 

[rtomedic]

Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices

Additional action necessary worldwide to remediate the botnet.

The Justice Department today announced an effort to disrupt a
global botnet of hundreds of thousands of infected home and office (SOHO) routers and other networked devices under the control of a group of actors known as the "Sofacy Group" (also known as "apt28," "sandworm," "x-agent," "pawn storm," "fancy bear" and "sednit"). The group, which has been operating since at least in or about 2007, targets government, military, security organizations, and other targets of perceived intelligence value.

Assistant Attorney General for National Security John C. Demers, U.S. Attorney Scott W. Brady for the Western District of Pennsylvania, Assistant Director Scott Smith for the FBI's Cyber Division, FBI Special Agent in Charge Robert Johnson of the Pittsburgh Division and FBI Special Agent in Charge David J. LeValley of the Atlanta Division made the announcement.

"The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal, and today's effort is another example of our commitment to do that," said Assistant Attorney General Demers. "This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft ...MORE

https://www.globalsecurity.org/secu...523-doj01.htm?_m=3n.002a.2300.ph0ao0037n.249b

 

[rtomedic]

Global Body Data Clone’ to Secure Global Blockchain/Crypto Exchanges
RJ Hilton a multinational company specializing in next-generation cyber secure interoperable ecosystems for Fourth Industrial Revolution technologies, Internet of Artificial Intelligent Things (IoAIT), and Blockchain and Cryptocurrency technologies, will be launching a sophisticated artificial intelligence algorithm powered bio-metrics platform called “Global Body Data.”

The technology platform, co-developed by scientists at ElpisEremo Inc., in collaboration with Swiss-based PWI, utilizes artificial intelligence (AI) with ElpisEremo’s breakthrough bio-signature recognition technology.

The Global Body Data platform harnesses AI and a multitude of devices, sensors to create a multi-step bio-metrics ecosystem that acquires a unique biological code to create a digital clone of the person, a bio-intelligent digital key/password that guarantees with a very high degree of accuracy the identity of the person.

“Combining Blockchain with Artificial Intelligence and bio-metrics is the future of Cybersecurity,” explains Charles (Chuck) Brooks, CEO and Co-founder of RJ. HILTON, an emerging technology evangelist, named one of top 5 people to follow on LinkedIn and a former legislative director of the Department of Homeland Security’s Science and Technology directorate (DHS S&T). ...MORE

https://americansecuritytoday.com/global-body-data-clone-secure-global-blockchain-crypto-exchanges/

 

[BravoZulu]

Iranian hackers attack UK universities to steal secret research
Hackers linked with the Iranian government are targeting universities and academic institutions around the world as part of a major campaign to steal unpublished research and obtain intellectual property, security researchers have revealed.

Cyber experts from IT firm Secureworks discovered the attacks, which they believe stem from the Cobalt Dickens group operating out of Iran.

The hackers targeted 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.

As the investigation is still ongoing into the hacking attacks, Secureworks has not shared the full list of universities. However, the firm told The Independent that targets include universities listed in the Times Higher Education Top 50..

The campaign involved creating fake websites that resembled the login pages for each university.

Anyone who accidentally filled in their account name and passwords to the spoofed login pages would have handed the group their login credentials.

After filling in their details, victims would be automatically redirected to the legitimate website, meaning they may have been unaware that they had fallen for the hack.

More: https://www.independent.co.uk/life-...-attack-security-cobalt-dickens-a8506406.html

 

[BravoZulu]

Australia's 5G security hard line is bad news for China's Huawei, ZTE
China has faced another setback in its bid to become a global telecommunications powerhouse: The Australian government, worried about national security, has effectively blocked Chinese carriers from building Australia's 5G network.

The decision could have broader ramifications elsewhere in the world. In the United States, for instance, President Donald Trump has proposed building a nationalized 5G network free of overseas interference in order to maintain telecommunications security.

While governments around the world gear up for the new technological era of 5G(think driverless cars, remote surgery and wide-scale connectivity), they're also thinking about espionage threats. President Trump's US-built 5G network, reportedly proposed by his National Security Council, would attempt to counter concerns such as the risk of Chinese spying on US mobile devices.

Australia, though, has acted decisively, announcing on Thursday it is tightening the involvement of "third party vendors in 5G networks" in a bid to manage national security.

"The Government considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference," the joint statement from the Department of Home Affairs and the Department of Communications read.

While China was not mentioned specifically, the announcement reflects the long-awaited decision by the Australian government on the involvement of the communist country in building Australia's communications infrastructure.

The presence of companies such as Huawei and ZTE in Australia has long been a political sticking point. Huawei was banned from involvement in building Australia's National Broadband Network, and the country's Department of Defence has moved to distance itself from Chinese carriers, quietly phasing out Huawei and ZTE handsets among staff.

Australia is not alone. ZTE avoided a seven-year ban in the US only after striking a deal that included a total of $1.4 billion in payments by the company, among other concessions, though some US lawmakers continue to call for harsher action. In the UK, meanwhile, the government has raised security concerns about the use of Huawei equipment in Britain's telecom networks.

In a statement to ZDNet, Huawei labeled the Australian government's decision as "extremely disappointing," adding that it had "safely and securely delivered wireless technology in Australia for close to 15 years."

China said that Australia shouldn't "use various excuses to artificially erect barriers," according to Reuters.

"We urge the Australian government to abandon ideological prejudices and provide a fair competitive environment for Chinese companies' operations in Australia," Chinese foreign ministry spokesman Lu Kang said at a daily news briefing in Beijing on Thursday.

On Friday, one day after the government announced the news, South China Morning Post reported that Huawei had dubbed it a move made on political grounds.

"The Australian government's decision to block Huawei from Australia's 5G market is politically motivated, not the result of a fact-based, transparent, or equitable decision-making process," it said.

Huawei did not respond to CNET's request for comment.

ZTE declined to comment.
https://www.cnet.com/news/china-blocked-from-building-5g-networks-in-australia/

 

[morris]

Scammers take over high-profile Twitter accounts in mass hack

Twitter staff tricked by social engineering campaign.

www.itnews.com.au

A growing number of high-profile verified Twitter accounts were hacked today, including those belonging to tech billionaires Elon Musk, Jeff Bezos and Bill Gates, after Twitter staff were tricked using a "coordinated social engineering campaign".

Apple and ride-sharing giant Uber's official account were also compromised, in what appears to be the most serious attack on Twitter to date. United States presidential candidate Joe Biden's account was also compromised.

 

[morris]

North Korean hackers stole more than $300 million to pay for nuclear weapons: UN report

www.9news.com.au

North Korea's army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country's nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report.
The document accused the regime of leader Kim Jong Un of conducting "operations against financial institutions and virtual currency exchange houses" to pay for weapons and keep North Korea's struggling economy afloat.
One unnamed country that is a member of the UN claimed the hackers stole virtual assets worth $400 million between 2019 and November 2020, according to the document.

The document doesn't name victim countries or specify if money were somebody frozen assets.

 

[Fish&Chips]

Florida Water Supply Hack Chilling Reminder of Infrastructure Vulnerability

In a particularly disturbing cyberattack, a water supply hack in Oldsmar, Florida, could have poisoned that city's drinking water.

www.channelfutures.com