cyberattacks
Latest
Microsoft blocked Russian cyberattacks targeting Ukraine
Microsoft said it has disrupted cyberattacks from a Russia-linked group called Strontium (aka APT28 and Fancy Bear) targeting Ukraine and the West.
US charges two Chinese hackers with trying to steal COVID-19 research
Today, the US Justice Department charged two Chinese hackers with targeting US COVID-19 research.
FBI accuses China of attempting to steal US COVID-19 research
The FBI warns that China-backed hackers are attempting to steal COVID-19 research from organizations in the US.
Huawei accuses the US of cyberattacks and other ‘unscrupulous’ behavior
Today, Huawei accused the US of carrying out cyberattacks, attempted entrapment, unlawful searches and more. The company says the US has "been using every tool at its disposal" including "unscrupulous means" to disrupt the business operations of Huawei and its partners. The accusations, which were made without evidence, come one day after the US and Poland signed an agreement to rigorously investigate 5G network equipment from foreign providers like Huawei.
Cyber attacks reportedly cost the US as much as $109 billion in 2016
Cyber attacks are increasingly becoming a fact of life. North Korea attacked aerospace and telecom networks last year. Olympics officials confirmed a recent attack that took place during the opening ceremonies. While Russia denied its involvement in the devastating NotPetya attacks, the US has finally joined other countries in blaming Russia for them. Now, a report from the White House Council of Economic Advisers says that malicious cyber activity like this cost the US economy between $57 and $109 billion in 2016.
Feds reveal technical details of North Korea's cyber attacks
North Korea has been running a hacking campaign targeting aerospace, telecommunications and financial industries in the US since 2016, according to alerts issued by the government. Homeland Security and the FBI have released the technical details of what they say are North Korean-sponsored cyber attacks in an effort to help companies protect themselves. The alerts contain IP addresses associated with Volgmer, one of the backdoor Trojans the hackers have been using for years.
China denies carrying out cyberattacks against US-based activist
China claims it wasn't behind the hacking of a US think tank that was set to host exiled Chinese tycoon-turned-activist Guo Wengui. The Hudson Institute abruptly canceled its event with Guo last week, claiming it had detected a Shanghai-based attack aimed at crippling its website.The incident was raised by US Attorney General Jeff Sessions in his meeting with Chinese government officials on Wednesday, according to The Wall Street Journal. Guo himself also claimed that the law firm representing his US political asylum bid backed out after it was targeted by Chinese hackers. In a statement, China's Ministry of Public Security told Reuters it had found "no evidence" of government involvement in the alleged cyberattacks.
US pressured North Korea by overwhelming hackers with data traffic
The US is no stranger to hacking North Korea, but it's usually in a bid to directly thwart the country's military ambitions. Now, however, those attacks are being used as a diplomatic strategy. The Washington Post has learned that President Trump ordered a broad pressure campaign against North Korea that led to the US conducting a denial of service attack against North Korea's spying office, the Reconnaissance General Bureau. The move flooded the RGB's servers with traffic that effectively strangled their internet access, including the Bureau 121 group responsible for the North's hacking campaigns. And while it clearly didn't change Kim Jong Un's mind, it does appear to have had a practical effect.
Apple builds data center to obey Chinese cybersecurity rules
Apple is building its first data center in China in a bid to speed up services for local users and adhere to convoluted cybersecurity laws introduced by the country last month. According to Chinese officials the regulations, which state that all foreign firms must store their data in China, are designed to counter the threat of cyberattacks.
Clinton's campaign was also hacked in breach of Democratic Party
The most recent cyberattacks against the Democratic Party, revealed today, also included attacks on Hillary Clinton's presidential campaign, Reuters reports. Sources tell the news agency that the Justice Department's national security division is investigating all of the recent hacks against the Democratic Party, and they note that's a sign that the Obama administration believe the attacks are state sponsored.
Cybersecurity forecast: Heavy smug
When you think of rockstar hackers and infosec pundits, I'm sure it's easy to imagine people who are humble, kind and patient, and never look down on anyone who would reuse a password. OK, maybe infosec types aren't known for doing benevolence all that well when they need to communicate with those not in the know about computer security. And when they do, they seem to prefer to do it from a stage and safely behind the title of "expert." Case in point: the much-ballyhooed talk being given at the Aspen Ideas Festival, where a professor at Rochester Institute of Technology, Josephine Wolff, is making a case today for punishing people when they're not good at computer security.
US Senate passes controversial CISA bill
The US Senate convened for a vote on the controversial Cybersecurity Information Sharing Act (CISA) today as well as five amendments to it. All five amendments, which would have restrained law enforcement from abusing the bill's powers as well as made corporations more accountable for their roles in protecting consumer information, have failed. A cloture motion, which prevents filibustering the initiative, passed at the start of the session today by a vote of 83 - 14. The bill itself passed the Senate with a 74 - 21 vote (it needed 60). It must now do the same in the House before being either signed into law or vetoed by the President.
China says 'absurd logic' is behind US hacking accusations
China isn't taking accusations that it's connected to the recent hack of US government employee data lying down. "We have noticed that the US is still investigating, but feels that China is responsible," Chinese foreign ministry spokesman Lu Kang said at a recent general briefing. "This is absurd logic." This wouldn't be the first time the US has pointed the finger at China -- it was also suspected to be behind last year's major USPS hack, among many other instances over the years. The most recent hack leaked information for more than four million federal employees, including incredibly detailed data from background checks. While that attack is still being investigated, the American government has said that it'll be making online records more secure. China, for its part, says it's also facing regular cyberattacks from the US. Meanwhile, the two frenemies are also trying to work together to take on cybercriminals. [Photo credit: Jewel Samad/AFP/Getty Images]
JPMorgan and other US banks reportedly hit by cyberattack
A Bloomberg report claims that JPMorgan Chase and "at least" four more banks in the US have been victims of a virtual attack from hackers. The data gathered from the breach could reportedly "be used to drain accounts," according to two Bloomberg sources who have been briefed on the situation by the US government. At the moment, it is unknown which other banks were affected by this, but the FBI has already opened an investigation and is currently working to find out more details. "[We are] working with the United States Secret Service to determine the scope of recently reported cyberattacks against several American financial institutions," said the FBI in a statement. Meanwhile, a different report from CNN Money notes that seven of the "top" 15 banks were on the wrong end of these attacks, per people familiar with the matter -- though such information has not been corroborated by US officials.
UK plans to lock up cyberattackers for life
The Queen's speech is that moment when the government asks an 88-year-old to read out its legislative agenda for the forthcoming year. This time out, Her Majesty has got hackers in her royal sights, with harsh punishments promised for anyone caught messing around in someone else's code. Life sentences will be handed out for cyber attackers who steal industrial secrets, cause death, injury or compromise national security. Unfortunately, the broadly written law also suggests that scanning for vulnerabilities would be treated with similar scorn, which has gotten some security analysts hot under the collar. Governments implementing laws about technology without asking some experts first? Color us surprised.
Washington Post report details how often security agencies break into other networks
The latest national security related revelation to come from the documents leaked by Edward Snowden is an account of how offensive computer operations work, and how many there are. The Washington Post reports that in 2011, 231 took place with about three quarters of them against "top-priority" targets, which its sources indicate include Iran, Russia, China and North Korea. Also interesting are details of software and hardware implants designed to infiltrate network hardware, persist through upgrades and access other connected devices or networks. The effort to break into networks is codenamed Genie, while the "Tailored Access Operations" group custom-builds tools to execute the attacks. One document references a new system "Turbine" that automates control of "potentially millions of implants" to gather data or execute an attack. All of this access isn't possible for free however, with a total cyber operations budget of $1.02 billion which includes $25.1 million spent this year to purchase software vulnerabilities from malware vendors. Get your fill of codenames and cloak-and-dagger from the article posted tonight, or check out the "Black Budget" breakdown of overall intelligence spending.
Kaspersky Labs preps its own OS to guard vital industry against cyberwarfare
Kaspersky Labs' namesake Eugene Kaspersky is worried that widely distributed and potentially state-sponsored malware like Flame and Stuxnet pose dire threats to often lightly protected infrastructure like communication and power plants -- whatever your nationality, it's clearly bad for the civilian population of a given country to suffer even collateral damage from cyberattacks. To minimize future chaos and literally keep the trains running, Kaspersky and his company are expanding their ambitions beyond mere antivirus software to build their own, extra-secure operating system just for large-scale industry. The platform depends on a custom, minimalist core that refuses to run any software that isn't baked in and has no code outside of its main purposes: there'll be no water supply shutdowns after the night watch plays Solitaire from an infected drive. Any information shared from one of these systems should be completely trustworthy, Kaspersky says. He doesn't have details as to when the OS will reach behind-the-scenes hardware, but he stresses that this is definitely not an open-source project: some parts of the OS will always remain confidential to keep ne'er-do-well terrorists (and governments) from undermining the technology we often take for granted.
Iran claims to have been hit by 'heavy' cyber attack, pins slowdowns on coordinated hacking campaign
Whatever you think of Iran's politics, it's hard to deny that the country has frequently been the target of internet-based attacks that sometimes go beyond the originator's plans. If you believe High Council of Cyberspace secretary Mehdi Akhavan Behabadi, the pressure is only getting worse. He tells Iranian media that the nation is under "constant" digital bombardment and was just hit with a major assault on Tuesday that bogged down local internet access. Behabadi unsurprisingly contends that the attacks are deliberate efforts to undermine Iran's data, nuclear and oil infrastructures, with a finger implicitly pointed westward. While it's no secret that the country's enemies want to slow down what they see as a rush towards nuclear weapons, it's difficult to know how much of the accusation is serious versus bluster: we've seen individual smartphone users who consume more than the "several gigabytes" of traffic that reportedly caused national chaos in the most recent incident. No matter the exact nature, it's likely that residents stand to lose as Iran fences off the internet to keep outside influences, hostile and otherwise, from getting in. [Image credit: Amir1140, Wikipedia]
Water pump reportedly destroyed by SCADA hackers
The FBI and DHS are investigating damage to a public water system in Springfield, Illinois, which may have been the target of a foreign cyber attack. There's no threat to public safety and criminal interference has not been officially confirmed, but a security researcher called Joe Weiss has reported evidence that hackers based in Russia are to blame. He claims they accessed the water plant's SCADA online control system and used it to repeatedly switch a pump on and off, eventually causing it to burn out. Coincidentally, a water treatment facility was publicly hacked at the Black Hat conference back in August, precisely to highlight this type of vulnerability. If there are any SCADA administrators out there who haven't already replaced their '1234' and 'admin' passwords, then they might consider this a reminder.
