Search This Blog

Showing posts with label America. Show all posts

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.

Hackers Now Allowed to Find Flaws in US Fighter Jets and Security System


The Trusted Aircraft Information Download Station could have been shut down entirely due to a host of flaws discovered by hackers who were challenged to detect vulnerabilities in a system of a U.S military fighter jet known as F-15.

It was unprecedented in the history of the tech world that outside researchers were given physical access to such critical machinery, and were asked to detect vulnerabilities. It was a matter of two days for a group of 7 hackers to come up with a number of exploits which included bugs that were identified by the Air Force itself but they couldn't fix it, according to the Washington Post.

Hackers put the system through numerous attacks which included subjecting it to malware and testing with objects like screwdrivers and pliers, reported the DEF CON 27.

In the context of the vulnerabilities exploited by the hackers, Roper Technologies attributed, “decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.”

Usually, outsiders were not allowed such access to military equipment which is highly sensitive in nature and their operation; it came as a massive change in how the military and technological world works in synchronization, the gravity of which can be gauged by the fact that hackers physically approached the machine with tools.

As per Roper, American Air Force is of the belief that if it doesn't allow America's best hackers to find every single vulnerability present in their weapons, machinery and fighter jets, then they are at the risk of being exploited by other adversaries like Iran, Russia and North Korea.