Search This Blog

Showing posts with label USA. Show all posts

Siemens USA Announced the Launch of Its Technologically Advanced Cyber Test Range

 

As the Coronavirus pandemic prompted an expansion in cyberattacks, this called for the need for certain facilities that would explicitly focus on prevention, discovery, and response solutions. For a similar reason, Siemens USA came up with the launch of its innovatively progressed cyber test go housed at its U.S. R&D headquarters in Princeton, New Jersey. 

The Siemens cyber test range was intended to test developing cybersecurity innovations against real-world situations to help distinguish and moderate potential weaknesses. 

The cyber range has embarked to turn into a hub where data scientists, security experts, and others can come together to perform inventive researches in the field of cybersecurity and prototype and approve new research ideas. 

Siemens' growing collection of operational innovation hardware and software components makes the range more valuable for 'a variety of industrially focused security research'.

The design of the facility was done keeping in mind the adaptability, permitting remote operation and range segments to be moved to different areas like gatherings, colleges, government research labs, and even customer environments. 

Siemens has partnered together with the Atlantic Council to utilize this cyber range to upgrade students' understanding during their 'Cyber 9/12 Strategy Challenge' arrangement through the re-enactment of cyberattacks on frameworks like advanced water treatment and power generation facilities. 

Today, Siemens and its products are upheld by a global association with more than 1,200 digital specialists. The organization's products and solutions have modern security functions that are inherent by design and empowered by default. 

Kurt John, Siemens USA's Chief Cybersecurity Office says “Cybersecurity is at the center of everything we do at Siemens. This cyber range will help Siemens continue to innovate in the field of critical infrastructure cybersecurity and build industry confidence in the secure digitalization of America’s operational technology. With this cyber range, our customers and partners can now join us on our ongoing journey to help mitigate cyberattacks and protect America’s critical infrastructure.” 

This cyber range will undoubtedly be another space for future pioneers to fabricate trust in associated foundation to shape an economical and a strong future and simultaneously for Siemens to ace the innovation foundational to a Fourth Industrial Revolution.

Iranian Threat Actors Have Modified Their Strategies, Attacks Now More Effective


Since the dawn of the digital age, Iranian hackers have been infamous for their attacks on critical infrastructures, targeting governments, and hacking large corporate networks. The main motive behind these attacks is getting espionage intelligence, steal confidential information, ransomware attacks, and target massive data networks. Since 2019, the hackers have been using developed strategies that are more effective in causing damage to the targets, resulting in better monetary benefits, says the Bloomsbury news.


Attack details

  • Earlier this year in April, hacking group APT34 (otherwise knowns as OilRig) launched a modified version of the backdoor named 'RDAT.' The backdoor uses the C2 channel, which can hide commands and data under images via attachments. 
  • Earlier this year in May, APT34 also added a new tool to its hacking inventory, known as DNSExfiltrator. The tool has allowed hackers to become the first hacking group that uses the DoH (DNS-over-HTTPS) protocol in its attacks. 

Keeping view of these new modifications in the hacking realm, organizations should know that the criminals are evolving and modifying their methods over time. It suggests that hackers have become more powerful and possess a more significant threat to the cybersecurity world.

Other developments 

  • In August 2020, the FBI issued a security alert about the hacking group going by the name of 'Fox Kitten' attacking potentially weak F5 networks. The hacker's purpose was to attack private and public U.S. government organizations. 
  • In July 2020, making its comeback, threat actor Charming Kitten launched a cyberespionage campaign, using WhatsApp and LinkedIn to imitate Persian speaking journalists. The targets included the U.S. government, Israeli scholars belonging to Tel Aviv and Haifa universities. 
  • In June 2020, an amateur hacking group from Iran attacked Asian companies using 'Dharma' ransomware. 

According to intelligence reports, the hackers used widely available hacking tools to target companies in China, Russia, Japan, and India. From July 2020, threat actor Fox Kitten is also infamous for giving small corporate networks access on hacking forums. According to experts, it is just trying to generate revenue using other income channels, using systems that lack any intelligence value but provide Iran money.

A City In Colorado Attacked, Forced to Pay $45,000 Ransom


Lafayette city from Colorado had to pay a ransom amount worth $45,000 for decryption of files that were encrypted in July, as the City was unable to restore the data from the backup. The town was attacked on 27th July, and the ransomware cyberattack affected people's smartphones, emails, and payment services. During the attack, the City didn't offer any explanation about what caused the problems. It asked its people to call 911 or emergency services if they were facing trouble with the outage. After a few days of the incident, Lafayette informed the citizens that the town had suffered a cyberattack. All the systems were encrypted by the hackers, which caused the outage problem.


The City managed to recover the lost financial data, but it had to pay a ransom of $45,000 to hackers (anonymous) for retrieving data. The recipient of the payment, an unknown identity, has offered a decryption software in return for the refund. The town on its official website says, "system servers and computers are currently being cared for and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified. While core City operations continue, online payment systems have not resumed. At this time, the City is unable to estimate a timeline that all systems will be back up and running."

The city Mayor Harkens decided not to reveal the attacker's identity to the people as it might compromise their negotiation terms. As per the reports, neither user data nor the credit card credentials was stolen. The mayor has advised townpeople to stay wary of any suspicious activity in their accounts.

The Lafayette town must be lucky as the hackers demanded a minimal amount of ransom in return. According to experts, in cases like these, the ransom demand can go from a hundred thousand to millions of dollars. "System servers and computers are currently being cleaned and rebuilt. Once complete, data will be restored to the system, and operations will resume. No permanent damage to hardware has been identified," says the town's website.

Israeli Security Company NSO Pretends to Be Facebook


As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”.

Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it.

The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking.

NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources.

Facebook also claimed that NSO was also behind the operation of the spyware to which NSO appealed to the court to dismiss the case insisting that sovereign governments are the ones who use the spyware.

Per sources, NSO’s ex-employee, allegedly, furnished details of a sever which was fabricated to spread the spyware by deceiving targets into clicking on links. The server was connected with numerous internet addresses which happened to include the one that pretended to be Facebook’s. And Facebook had to buy it to stop the abuse of it.

As per reports, package tracking links from FedEx and other links for unsubscribing from emails were also employed on other such domains.

NSO still stand their ground about never using the software, themselves. In fact they are pretty proud of their contribution to fighting crime and terrorism, mention sources.

Security researchers say that it’s almost impossible for one of the servers to have helped in the distribution of the software to be within the borders of the USA. Additionally, reports mention, NSO maintains that its products could not be employed to conduct cyber-surveillance within the United States of America.

Facebook still holds that NSO is to blame for cyber-attacks. And NSO maintains that they don’t use their own software.

BEC Scams Cost American Companies Billions!


Business Email Compromise (BEC) scams have surfaced among several US companies and have caused them damage costing along the lines of Billions, mentions a warning of the Federal Bureau of Investigation.

Per sources, BECs are “sophisticated scams” aiming at businesses involving electronic payments encompassing “wire transfers or automated clearing house transfers”. Usually, these scams include a cyber-con penetrating a legitimate business email account via device intrusion procedures.

Once the access has been acquired, the cyber-con is free to deceitfully dive into the email account to obtain funds by sending emails to suppliers, loaded with invoices of modified bank account details.

The hit list mostly consists of organizations that employ cloud-based email services, which makes it easier to go for Business Email Compromise (BEC) scams.

Per FBI, specially engineered “phish kits” with the ability to impersonate the cloud-based email services are used to prompt these scams only to exploit the business accounts and request or mi-sallocate funds.

Sources mention that the Internet Crime Complaint Center (IC3) received numerous complaints over the past years about companies having experienced damages amounting to a couple of Billions in “actual losses” as a result of the BEC scams.

The IC3 focused their attention on the BEC scams right after their number began to multiply rapidly across all the states of America.

The issue allegedly stands in the configuration of the cloud-based services which makes it almost effortless for cyber-criminals to exploit the company’s email accounts.

Obviously most cloud-based services are laden with security measures that intend to block all the BEC attempts. But that depends on the ability of the users to make good use of them. The maximum of these features needs to be enabled and manually configured.

Per sources, what makes these scams dangerous is that any organization, big or small, with kerbed IT resources is vulnerable.

The cyber-cons in addition to having control over the email accounts, usually also retrieve the address books of the exploited accounts to have a list of potential targets. Hence, a single bad apple could affect the entire basket, meaning a single affected organization could have ramifications for the entire business industry.

Phishing Attack Alert! Los Angeles County Says No Harm Done!


A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised.

The attack was discovered by the staff, last month. The containment of the attack was done by the staff instantaneously before much damage was done.

The hackers were apparently after the county’s residential data.

Per sources, it all began when the Los Angeles County received a phishing email which extended malicious activities. The malicious campaign was aimed at stealing the receiver’s personal data.

The hackers’ plan was to get the recipient to click on the links/attachment in the email. Reportedly, the email had come from a “third-party account”. Allegedly, the distribution list of the third party got leaked and was sent to more than 25 county employees.

Per website sources, The LA County happens to be the most populated area in the US. It has over 35,000 personal computers, 12,000+ cell phones and 800+ government network locations.

According to reports the “Internal Services Department” happens to support the “Countrywide Integrated Radio System” which extends essential services during emergencies.

Most local governments have faced attacks along the same lines including Los Angeles County as well. Per sources, in the Minnesota case where the phishing attack targeted over 100 LA County employees, the personal data including targets’ names, social security numbers, dates of birth, card details and other personal data was compromised.

It is evident that the phishing attack could have taken a gigantic form if it hadn’t been for the prompt skills of the employees and staff of the LA County.

Given that such a humongous number of devices and networks could have been jeopardized this attack must necessarily be taken as a serious warning.

The already existing and well-established security controls of the county also had a lot to contribute to this successful aversion of the accident.

Reportedly, the county’s Chief Executive Officer had taken this incident as quite a forewarning and mentioned that they would work stalwartly towards improving the security provisions and strengthening them.

The overall incident is still under investigation by the county along with help from a few private participants.

State of Texas Hit By a Ransomware Attack; 23 Agencies Shut Down!





The state of Texas got hit recently by a cyber-attack as a result of which 23 government agencies were taken down offline.

Per the DIR (Department of Information Resources) of Texas most of the aggrieved parties were small local government agencies which are unnamed so far.

The Texas state networks however are still unharmed. The State Operations center of the state has been rigorously working towards the problem.

Sources mention that all the state and federal agencies handling the case hint at the fact that the attack was coordinated by a single actor.

The attack has been categorized as a sure shot ransomware attack. Per sources in it was a stain which was identified as “Nemucod”.

The aforemetioned ransomware generally “encrypts files and then at the end adds the .JSE extension”, a researcher mentioned.

Allegedly, the US have been the target for a lot of cyber-attacks of late. With an apparent total of 53% of the entire global number, the US have been victimized the most by cyber-attacks.

A state emergency was declared on Louisiana in July this year in response to a ransomware attack on school computer systems.

The situation is very critical from the point of cyber-security as municipalities falling prey to such attacks and ransomware in particular is not a good sign at all.

Mass scale attacks and their increase in number are disconcerting on so many levels. Because threat actors willing to put so many efforts, like the researchers like to say, are numerous.

USA: Leading Servers Of Greenville Were Shutdown Owing It To A Ransomware Attack!



In the state of South Carolina, a city by the name of Greenville was attacked by a ransomware which blacked-out majority its servers.


The source of the ransomware and the infection is being conjectured upon by the help of the city staff and IT professionals.

As a basic ransomware works the organizations affected were asked for money. The IT team is working on getting the operation back online

The only servers that were separate and went unaffected were of the Greenville Utilities Commission and that of the emergency for and police department.

The infection first surfaced on the server of the Greenville Police Department. The IT division was immediately contacted and as result the servers were shutdown.

The shutdown hasn’t affected many of the operations and functions, just that the way things go about needed some adjusting.

Thanks to people not being too dependent on computers not much has been affected in the city except for people willing to do payments would need to do so in cash.

After CIRA’s free parking accident and the shutdown of Norsk Hydro, it’s evident that ransomware is an emerging hazard to cyber-security.

"US’ Giant Military Contract Has a Hitch", Says Deap Ubhi, an Entrepreneur of Indian Descent.





The founder of a local search site “Burrp!”, Deap Ubhi is a lesser known entrepreneur.

He joined Amazon in 2014 and motivated start-ups and other organizations to embrace cloud computing products.

He in less than a couple of years left, on a journey to start a company that furnished technology to restaurants.

Later on, he joined a Pentagon effort to employ techies. He wished to make a super effective search engine and according to what he said, also to help American people.

But as it turns out, Ubhi’s part in the Pentagon has landed him right in midst of one of the most prominent federal IT contracts.

A $10 billion deal of getting cloud computing to Pentagon, attracted the top tech companies when the project was announced in 2017.

Microsoft, Amazon, IBM, Oracle and Google, all wanted to seal the deal in their own ways.



But there was a catch to it all; the contract would go to only ‘one’ cloud vendor. And Amazon happened to close the deal with the capability of fulfilling Pentagon’s demands.

This is where Ubhi came in, especially his ties with Amazon, a place where he now works again.

Oracle, who under no circumstances could have landed the deal, vehemently criticized the one-vendor attitude.

The organization is now fighting in a federal court about Ubhi’s alleged inclination towards Amazon and its effect on the said deal.

Before the suit was filed, Pentagon had no found no suspicious influence of Ubhi and hence kept evaluating the deal despite Oracle’s lawsuit.

Further on, more information about Ubhi was discovered and Pentagon declined a request for disclosing it.

The winner of the deal was to be announced in April. When contacted by Amazon, both Ubhi and Pentagon refused to comment.

Oracle didn’t comment on the issue outside the court but during the proceedings it mentioned Ubhi’s outspoken inclination towards Amazon by providing the proof of a tweet via Ubhi’s handle.

According to the White house press secretary, the president of the US is not a part of this war of the vendors.



President Trump has never been involved in a government contract before so if he as much as even points at something regarding this situation it would be a first.

The cloud contract is being overseen by a Defense Department Procurement Official, commonly known as the Joint Enterprise Defense Infrastructure (JEDI).

The detection of the officials who’s actually chose the winner has not been made yet.

The Pentagon’s transition to cloud computing is being seen to by a team directed by the chief information officer, Dana Deasy.

Cloud computing would contribute a lot in the battlefield and hence the American government is keen on giving the contract to the best.

Reportedly, for some time Ubhi worked on a market research for JEDI while he was working at Pentagon.

Oracle in the court cited the internal documents where Ubhi articulated support towards a single cloud approach.

Oracle also thinks Ubhi had something to do with the decision to select a single cloud provider.



In return, Amazon said that Ubhi worked on JEDI only for seven weeks that too at the early stages and that there were over 70 people involved in the development.

Amazon and Ubhi’s ‘Tablehero’ were to engage in a partnership of which there is no proof as yet. Ubhi hasn’t been replying to the emails of investors either.

Pentagon mentioned that the single cloud would let the movement be faster and ensure more security. This statement was later asserted by the Government Accountability Office.

Both IBM and oracle filed heavy protests against the Government accountability Office which was later denied in Oracle’s case and rejected for IBM.

Oracle, which has a small cloud market shares, then took the issue to the federal courts of the US.

The Oracle lawsuit stands to profit Microsoft as it now has improved capabilities and hence could be a strong competitor to Amazon.

It doesn’t matter whether Ubhi molded the contract. Pentagon’s justifications support its decision to use a single cloud approach.

The major motivation behind the decision has always been helping the defense make better data driven decisions.