Search This Blog

Showing posts with label cyber threat. Show all posts

Hackers Asking $70 Million in Ransom, Kaseya Confirmed

 

On Monday, U.S. information technology organization ‘Kaseya’ has reported a new ransomware attack that has targeted 800 to 1,500 businesses around the world. Florida-based company's CEO, Fred Voccola told the media that as of now, it is difficult to gauge the impact of the ransomware attack because those who have been targeted were mainly customers of Kaseya's customers. 

Reportedly, hackers got their way into the internal files of the system that gave them command over the system. It allowed them to successfully disable hundreds of businesses on all five continents. However, those who have been targeted were not necessarily affected adversely, it included dentists' offices or accountants. While, in some countries, disruption has been felt more severely such as in Sweden, where hundreds of supermarkets had to shut since their cash registers were inoperative, and in New Zealand schools and kindergartens ran offline. 

The group of hackers who asserted liability for the breach is asking $70 million ransom for restoring all the businesses' data that has been stolen. 

Alongside, the group has also shown readiness in person-to-person conversations with a cybersecurity expert and with Reuters. "We are always ready to negotiate," a representative of the hackers told Reuters earlier Monday. The spokesperson, who had dialogue via a chat interface on the hackers' website, has not disclosed their names. 

When Voccola was asked about this negotiation he directly refused to say anything. "I can't comment 'yes,' 'no,' or 'maybe'," he said when asked whether his company would talk to or pay the hackers. "No comment on anything to do with negotiating with terrorists in any way."

Kaseya Limited is an American software company that provides software for managing networks, systems, and information technology infrastructure. It also offers software tools to IT companies and its network monitor is used for observing the performance and various types of network assets like switches, Firewalls, routers, etc. 

100 Military Personnel to Train in US to Combat Cyber Warfare

 

The Indian government seems to be gearing up in the wake of the growing threat of cyber-attacks against the Indian armed forces. The Department of Military Affairs (DMA) is planning to send 100 personnel to the US to be trained in the latest cybersecurity technology and Artificial Intelligence (AI) for future warfare. The reports published in the month of June indicate that China's cyber spies are targeting the Defense Department of India and many sectors including Telecom. 

According to South Block officials, under the 2016 Cyber Framework and Defense Cooperation Agreement, the US has offered to train 100 military personnel in Silicon Valley to help them combat cyber warfare and the role of AI in future defense and warfare. The South Block houses the offices of the Ministry of Defence, Ministry of External Affairs, PMO, and NSA. 

Actually, the Indian Army has a tri-services defense cyber agency under the Integrated Headquarters. The government is in favor of setting up a proper cyber command in the hinterland of Madhya Pradesh to give a fighting edge to the proposed theater command. The proposed Cyber Command will match the individual capabilities of the three services to protect the Army from being vulnerable to cyber-attacks from India's adversaries.  

The command's charter would also ensure that Indian military communications are secure and systems are not affected by any malware in forward formations like the sensitive Siliguri Corps, Tezpur Corps, and the Northern Command including the Tibet-facing Ladakh Corps. The Siliguri Corps in Chumbi Valley has witnessed cyber-attacks through malware over the past decade to not only affect software but also leak sensitive documents to adversaries. Let me inform you that these corps, including the Siliguri Corps, are separate teams of the Indian Army.

On June 16, cybersecurity firm Recorded Future published a report claiming that a suspected unit of Chinese cyber soldiers has targeted Indian telecom companies, government agencies, and several defense contractors. A cyber threat intelligence company disclosed that there was evidence of these manipulative espionage operations by China and that one of these operations was linked to a specific unit of the People's Liberation Army (PLA).

Countries Not Capable To Face Current Cyber Threats: IISS Report Says

 

Currently, the US is the leading cyberspace power, but China is also closing in quickly and will be a tough rival to the US in the military and civil sector, says International Institute for Strategic Studies, a Britain-based research organization. The other countries are still in the early process to come on foot with the cyberspace implications, according to the experts at IISS. In the present scenario, a feeling of inadequacy and crisis is evident in political circles, where private players can be seen bragging 'catch me if you can' to government organizations as they are trying to reap off high profits. 

There has been rapid advancement in surveillance and intelligence technologies that are capable of compromising network capabilities and advanced computing, but still, there is a need in the government sector to build legal frameworks for the use of such technologies. "China is a second-tier cyber power but, given its growing industrial base in digital technology, it is the state best placed to join the US in the first tier," says the IISS report. At the heart of the national strategies of the US and China, and the trade war between them is competition for control over the technologies that physically underpin the future of cyberspace -- such as microchip production, computer assembly, mobile internet (such as 5G), cloud architectures, cables, and routers," the analysts said. 

The primitive model of government, social organization, and corporate management are continuously struggling to adapt to the current changes, says the IISS report. The reports list 15 major countries into three groups, on the basis of their technological capabilities. The US tops the list, as expected because of 25 years of experience and investment in cybersecurity infrastructure. However, China is also closing in rapidly in technological advancements, along with France, Britain, Russia, Australia, Canada, and Israel. India has emerged as the leading country in the third group along with North Korea, Iran, and Japan. 

As of now, the countries in the third group are not that eminent, but they are making quite progress in particular areas with high ambitions for building their cyber power sector. IISS says, "Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests."

What is a Supply Chain Attack? Here's How is it Making Your Software Vulnerable

 

Users receive warnings from public and private organizations asking them to be aware of fraud links and sources, to not share their credentials with anybody, and save their sensitive data from dark websites, etc. commonly. However, the sophisticated hacking market is generating a sense of fear in minds of the public with questions like what if the legal software and hardware that makes up your network has been already compromised at the source? Which leads us to our main question: What is a supply chain attack? 

A very common form of cyber-hacking is known as a "supply chain attack”, it is also called a value-chain or third-party attack. This umbrella term ‘supply chain attack’ includes those cyber attacks that target software developers and suppliers so that several clients and customers of the fine products and services can be affected directly. 

By leveraging a single developer or supplier, threat actors or spies can steal its distribution systems and install the application that they want to send to the victims. 

By compromising a single chain, the hackers can well-place intrusion and can successfully can create a springboard to the networks of a supplier's consumers in which thousands of people can be victimized. 

Supply chain attacks have always been understood as daunting tasks. The reason behind this is their consequences can be very severe, a single attack can leave the whole organization with severe vulnerabilities and can break the trust between an organization and the customers. 

"Supply chain attacks are scary because they're really hard to deal with, and because they make it clear you're trusting a whole ecology," says Nick Weaver, a security researcher at UC Berkeley's International Computer Science Institute. "You're trusting every vendor whose code is on your machine, and you're trusting every vendor's vendor." 

In December 2020, the worst face of the supply chain attack had already been witnessed, when it was discovered that the Russian malicious actors later identified as Russian foreign intelligence service (SVR) compromised the software firm SolarWinds and installed malicious code in its IT management tool Orion. With this, hackers attacked at least nine US federal agencies. 

The spy operation ‘SolarWinds’ wasn't unique, there is a list of events that already hit the world’s big companies including a Chinese hacking group known as Barium carrying out at least six supply chain attacks over the past five years. 

In 2017, the Russian threat actors ‘Sandworm’, hijacked the software updates of the Ukrainian accounting software MEDoc, which ultimately inflicted $10 billion in damage worldwide. This attack is the costliest cyberattack in history.

With the available statistics and data, we can conclude that supply chain attacks are a huge problem that's not going away anytime soon. 

Active Cyber Attacks on Mission-Critical SAP Apps

 

Security researchers are warning about the arrival of attacks targeting SAP enterprise applications that have not been updated to address vulnerabilities for which patches are available, or that utilize accounts with weak or default passwords. 

Over 400,000 organizations worldwide and 92% of Forbes Global 2000 use SAP's enterprise apps for supply chain management, enterprise resource planning, product lifecycle management, and customer relationship management.

According to a study released jointly by SAP and Onapsis, threat actors launched at least 300 successful attacks on unprotected SAP instances beginning in mid-2020. Six vulnerabilities have been exploited, some of which can provide complete control over unsecured applications. Even though SAP had released fixes for all of these flaws, the targeted companies had not installed them or were using unsecured SAP user accounts. 

"We're releasing the research Onapsis has shared with SAP as part of our commitment to help our customers ensure their mission-critical applications are protected," Tim McKnight, SAP Chief Security Officer, said. 

"This includes applying available patches, thoroughly reviewing the security configuration of their SAP environments, and proactively assessing them for signs of compromise." Researchers also observed attackers targeting six flaws, these flaws, if exploited, can be used for lateral movement across the business network to compromise other systems. 

The threat actors behind these attacks have exploited multiple security vulnerabilities and insecure configurations in SAP applications in attempts to breach the targets' systems. In addition, some of them have also been observed while chaining several vulnerabilities in their attacks to "maximize impact and potential damage."

According to an alert issued by CISA, organizations impacted by these attacks could experience, theft of sensitive data, financial fraud, disruption of mission-critical business processes, ransomware, and halt of all operations. 

Patching vulnerable SAP systems should be a priority for all defenders since Onapsis also found that attackers start targeting critical SAP vulnerabilities within less than 72 hours, with exposed and unpatched SAP apps getting compromised in less than three hours. 

Both SAP and Onapsis recommended organizations to protect themselves from these attacks by immediately performing a compromise assessment on SAP applications that are still exposed to the targeted flaws, with internet-facing SAP applications being prioritized. 

Also, companies should assess all applications in the SAP environment for risk as soon as possible and apply the relevant SAP security patches and secure configurations; and assess SAP applications to uncover any misconfigured high-privilege user accounts.

"The critical findings noted in our report describe attacks on vulnerabilities with patches and secure configuration guidelines available for months and even years," said Onapsis CEO Mariano Nunez.

"Companies that have not prioritized rapid mitigation for these known risks should consider their systems compromised and take immediate and appropriate action" Nunez added.

Chinese Origin Threat Group Targets Hong Kong Universities with New Backdoor Variant




The Winnti, a China-linked threat group that has been active in the cyberspace since 2009 was found to be employing a new variant of the ShadowPad backdoor (group's new flagship tool) in the recent attacks where it compromised computer systems at two Hong Kong universities during the protests that began around March 2019 in Hong Kong.

The threat group of Chinese origins has largely targeted the gaming industry, while constantly expanding the scope of its targets. Various reports suggest Winnti being operated in link with some other groups including APT17, Ke3chang Axiom, Wicked Panda, BARIUM, LEAD, DeputyDog, Gref, and PlayfullDragon.

According to other sources available, Kaspersky was the first to identify the Winnti group but some researchers attribute its existence to the year 2007.

In October 2019, security researchers at ESET spotted two new backdoors used by the group – Microsoft SQL-targeting skip-2.0 and PortReuse. Later, the same year in November, ESET researchers discovered samples of ShadowPad Launcher Malware on various devices in the two universities. The Winnti was found to be present on these universities' systems a few weeks before the backdoor was confirmed.

“In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules.” as per the analysis done by ESET.

“One can observe that the C&C URL used by both Winnti and ShadowPad complies to the scheme [backdoor_type][target_name].domain.tld:443 where [backdoor_type] is a single letter which is either “w” in the case of the Winnti malware or “b” in the case of ShadowPad.” reads the report.

“From this format, we were able to find several C&C URLs, including three additional Hong Kong universities’ names. The campaign identifiers found in the samples we’ve analyzed match the subdomain part of the C&C server, showing that these samples were really targeted against these universities.”

In Berlin, Russian and German scientists discussed the danger of smart gadgets


By December 15, on behalf of President Vladimir Putin, the Russian government should prepare a Federal project "Artificial intelligence", which will prescribe tasks and measures to support the development of digital technologies in the country until 2030. Meanwhile, an inter-University conference was held in Berlin with the participation of Moscow specialists, aimed at attracting promising personnel to the Russian Federation for the development of the digital economy.

According to Pavel Izvolsky, the director of the Russian House of Science and Culture in Berlin, such events help to improve relations between Russian and foreign universities and research centers in the field of innovative digital technologies.

Nevertheless, talented students from other countries, even such economically and technologically successful ones as Germany, have a lot to learn in Russia. According to Izvolsky, such simple things for Russians, as paying for Parking from a mobile device or obtaining various certificates through the portal of public services, are not yet available for the Germans.

"In this sense, it's just a Stone Age," stated Izvolsky. The topics discussed were various, from the use of blockchain technologies in the banking sector and the introduction of intelligent transport systems in megacities to ensuring cybersecurity in the everyday sense when it comes to the use of gadgets by children.

The report of the leading content analyst of Kaspersky Lab Andrei Sidenko caused a great response. He talked about how the younger generation spends time on the Web, what threats are most often exposed and how parents react to it. For example, surveys have shown that for the first time children get access to smartphones from the age of three, and by the age of 11-14, 37 percent of young

Russians have personal gadgets. In the same studies, 85 percent of domestic teenagers answer that
they can not do without a mobile phone, and almost all the free time 15-18-year-old schoolchildren spend almost all their free time on the Internet. But every third parent does not know what exactly his child is watching on the Web. Children are in a rather vulnerable position: they share personal data, open "adult content", are subjected to cyberbullying or are involved in communication with dubious persons, and so on.

The discussion on digitalization in Berlin was the next in a series of international inter-University conferences that Rossotrudnichestvo (the Federal Agency for the Commonwealth of Independent States, Compatriots Living Abroad and International Humanitarian Cooperation) has already held in India, Indonesia and Iran. As a result of the past conferences, memorandums of cooperation between Russian and foreign universities were signed.

Expert warns cyber threats to worsen with tech advances


Technological advances like Artificial Intelligence, Internet of Things, Automatic Cards and others will throw up new challenges for cyber security and all countries must unite to foresee and combat them, a leading Israeli cyber security expert said on Monday.

"The Internet was not designed for security, hence it is inherently insecure since everything is hackable. It is more difficult to be a cyber security personnel than a hacker. The hacker has to succeed only once, where the the cyber security personnel has to succeed always to remain safe, within many rules and regulations," Menny Barzilay, the CEO, Cyber Research Centre of Tel Aviv University and CEO of Cytactic, said.

He pointed out how "smart people" from different countries are joining hands to commit cyber crimes and hence there is "a need for super-smart people" from around the world to join as cyber security experts.

"Cyber threats don't create a sense of urgency, unlike a bomb threat, and we cannot feel it in our senses. It is therefore more difficult to convince people that the 'cyber' threat is real," said Barzilay, addressing a panel discussion on cyber security at Nehru Science Centre (NSC) via videoconference.

The discussion was also attended by Israeli Consul-General in Mumbai, Yaakov Finkelstein, security experts from the Mumbai Police and students.

Recalling an incident of cyber attack on Sony Corporation after the release of its film, "The Interview", Barzilay said that corporates are not prepared to face cyber crimes and the government must support them during such cyber hits.

"Billions of devices, part of Internet of Things implies they are prone to hacking, a smart device means being vulnerable, it will also affect our privacy. Big companies have lot of data about users and can manipulate them for private gains, something which allegedly happened in the US elections," he said.

BT and Europol sign agreement to share cybersecurity intelligence data


The European Union Agency for Law Enforcement Cooperation (Europol) and communications company BT have joined forces in an agreement to exchange threat intelligence data.

A Memorandum of Understanding (MoU) was signed by both parties at Europol’s in The Hague in the Netherlands, which along with the creation of a framework to share knowledge of cybersecurity threats and attacks, will also help in facilitating sharing of information relating to cybersecurity trends, measures, technical expertise, and industry practices to reinforce cybersecurity in Europe.

To this end, BT will work alongside Europol’s European Cybercrime Centre (EC3), helping in identifying cyber threats and strengthening law enforcement response to cyber crimes.

“The signing of this Memorandum of Understanding between Europol and BT will improve our capabilities and increase our effectiveness in preventing, prosecuting and disrupting cybercrime,” said Steve Wilson, Head of Business at EC3. “Working co-operation of this type between Europol and industry is the most effective way in which we can hope to secure cyberspace for European citizens and businesses. I am confident that the high level of expertise that BT bring will result in a significant benefit to our Europe wide investigations.”

BT became, earlier in the year, the first telecom provider to share information on malicious websites and softwares with other internet service providers (ISPs) via a free online portal, called the Malware Information Sharing Platform (MISP), to help them in tackling cyber threats.

The company will now share that information with Europol to aid in cybercrime investigations.

“We at BT have long held the view that coordinated, cross border collaboration is key to stemming the global cyber-crime epidemic,” Kevin Brown, VP, BT Security Threat Intelligence, said. “We’re working with other law enforcement agencies in a similar vein to better share cybersecurity intelligence, expertise and best practice to help them expose and take action against the organised gangs of cybercriminals lurking in the dark corners of the web.”

BT currently has a team of more than 2,500 cybersecurity experts who have so far helped to identify and share information on more than 200,000 malicious domains.

New report says IoT adoption heightens cybersecurity threat

A new report by Navigant Research says that due to the increasing adoption of Internet of Things (IoT) devices and systems, threats to cybersecurity are also increasing as attackers are given more numbers of “vectors and surfaces” to target.

The report looks at the state of IoT as a whole, not just its utilities, and addresses questions such as common vulnerabilities present in IoT settings, strategies for cybersecurity, global revenue forecast on IoT security, etc. It also examines regulatory frameworks shaping the market and steps that can be taken to minimize risk.

Oracle Chairman, Larry Ellison, says that companies are losing this cyber war and that, “Make no mistake, it’s a war.”

“The mushrooming number of IoT devices being deployed by utilities and other enterprises carries an obvious and growing security risk,” said Neil Strother, principal research analyst with Navigant Research. “Smart managers need a comprehensive strategy to stay ahead of potentially devastating threats to IoT assets.”

He added that managers can no longer rely on the “old-school reactive” approach but must instead adopt “latest proactive and predictive tools and methodologies to keep devices and systems safe.”

The report itself is aimed at utility security managers, enterprises, IoT cybersecurity solution vendors, investor groups, regulators, and other stakeholders.

Hacker Group threatens students and schools

According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.

TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.

The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”

The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.

According to the report, TDO has also threatened violence in case of failure to meet demands.

Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”

This caused several schools to shut down for few days as a precaution.

TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”

In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.

The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.

The Team8 Portfolio Company, comes Out of Stealth and launches its First Product upon a Disruptive Hybrid Architecture

The Israeli cyber security company Hysolate founded by President Tal Zamir, a veteran of an elite Israeli cyber unit and the former Research and development leader in Wanova, Dan Dinnar, former CEO of HexaTier and executive sales officer at CyberArk Programming, has recently made the news for raising around $8 million, led by the cuber security foundry Team8 and Eric Schmidt's Innovation Endeavors.

In light of the rising number of cyber threats the Team8 portfolio organization, has at last left stealth and instituted its first product.

There have been occasions that have in some way or the other found a way to keep the enterprises indentured to regularly attempt to lock down user devices, keeping the users from fully browsing the web, installing in new applications, interfacing USB devices or communicating adequately with the 3rd parties or the cloud.

In different cases, enterprises are made to embrace an "air gap" security display or model that requires the clients to really carry two laptops: one unhindered laptop for full internet use and another entirely restricted laptop for favoured corporate access. While this significantly enhances security, efficiency or in yet other words productivity is additionally corrupted. This however never fails to further frustrate the employees and fundamentally brings about the abatement of efficiency.

Hysolate, while keeping up the most elevated level of security, enables enterprises to run various next to each other working system on a solitary workstation, giving a consistent experience to the end-users. The start-up is known for building its stage upon an option "hybrid" design that disposes of these difficulties.

Zamir said, "While we are proud to introduce Hysolate, what excites us even more is that we are creating game-changing comprehensive security architecture for endpoints. The feedback we have received from our first customers - who include some of the worlds most respected and well-known brands - over the last year has been overwhelmingly positive, and we look forward to rapidly expanding our customer and partner base over the next year."

Indeed, even Nadav Zafrir, Co-Founder and CEO of Team8 concurs that while most enterprise security products concentrate on security first and users last, Hysolate is "secure-by-design", guaranteeing no compromise on both security and user experience. What's more, he additionally adds that since its beginning, the Hysolate group has far surpassed their expectations.

Hysolate, as of now is even working with some of the biggest enterprises in the world, including a few of the world's biggest banks, innovation and technology merchants, money related service providers and other enterprise organizations and remains the fourth company to be launched out of Team8, joining Illusive Networks, Claroty and the recently launched Sygnia.


AIG Launches New Cyber Threat Analysis Service to Understand Cyber Risks

American International Group Inc., an American multinational insurance company, has launched a new system for cyber threat analysis.

The system scores companies on the degree to which a cyber attack may affect their business and the potential costs involved. It compares the company’s risk of having a breach to the safeguards it has in place.

Tracy Grella, AIG’s Global Head of Cyber Risk Insurance, in an interview said, “AIG’s underwriters have been using the computerized analysis since November, which combines information from a new insurance application designed for the process and data about current cyber threats to generate scores on various related factors.”

With mounting cyber threat to businesses, this system hopes to provide a way to measure the risk involved in a business so that cyber coverage in insurance may be taken into consideration.

This comes after AIG in October said that they will review all coverage types to check for cyber risk and give insurers a clear picture about cyber coverage and estimated financial exposure. They will also create a cyber-risk report for the customers with the analysis scores for understanding and comparing.

Along with this, AIG also announced their partnership with cybersecurity companies CrowdStrike Inc and Darktrace, on Tuesday, to launch CyberMatics, a service that verifies information AIG receives from customers’ cybersecurity tools.

Darktrace Chief Executive, Nicole Eagan, said, “The service uses artificial intelligence, or the ability of machines to carry out tasks normally associated with human intelligence, to look inside an insured company’s network for strengths and vulnerabilities.”

Tracy Grella said that while companies are not required to use the service, those who do may be able to negotiate more favourable policy terms.