Author Archives: Chris Bing

Trisis has mistakenly been released on the open internet

Posted on by

An elite, government authored cyberweapon has been sitting online in public view for nearly anyone to copy since Dec. 22 because multinational energy technology company Schneider Electric mistakenly posted a sensitive computer file to VirusTotal, three sources familiar with the matter told CyberScoop. Schneider Electric obtained the file in question, titled “Library.zip,” after collecting evidence during a data breach investigation in the Middle East that focused on an incident at an oil and gas refinery. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye. The upload to VirusTotal, a public malware repository, provided the remaining puzzle piece needed for someone to reconstruct Trisis from publicly available artifacts. After being posted to VirusTotal, Library.zip proliferated — it was picked up and re-uploaded to various platforms, including GitHub and VirusTotal. Experts say the unique malware was carefully designed to manipulate […]

The post Trisis has mistakenly been released on the open internet appeared first on Cyberscoop.

Continue reading Trisis has mistakenly been released on the open internet

Trisis has the security world spooked, stumped and searching for answers

Posted on by

At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the world. They had no idea that the code carried the most dangerous industrial malware on the planet. More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the perpetrators planted inside a nondescript Saudi computer network. It’s a rare case involving a computer virus specially engineered to sabotage industrial control systems (ICS) — the gear that keeps factories and refineries running. Manipulating these systems can have a destructive impact far beyond the network. Today, the incident’s magnitude and implications are […]

The post Trisis has the security world spooked, stumped and searching for answers appeared first on Cyberscoop.

Continue reading Trisis has the security world spooked, stumped and searching for answers

Russian hacking group Fancy Bear prepares to attack Winter Olympics, U.S. Senate

Posted on by

A hacking group heavily linked to the Russian government is attempting to steal U.S. Senate email login credentials and also appears to be preparing to disrupt the 2018 Winter Olympics in South Korea, based on new research by cybersecurity firms TrendMicro and ThreatConnect. Researchers found that the group, named “APT28,” “Fancy Bear” or “Pawn Storm,” had recently registered numerous malicious domains — some of which mimic legitimate properties related to the 2018 Olympic Games — and sent spearphishing emails to several professional winter sporting organizations, including the International Ski Federation, International Ice Hockey Federation, International Luge Federation, International Bobsleigh & Skeleton Federation and global governing body for biathlon competitions. Experts say this activity shows that APT28 is laying the ground work for future operations. The news comes during a period of heightened tension between Moscow and the International Olympic Committee, after a doping scandal saw 43 Russian athletes and several other […]

The post Russian hacking group Fancy Bear prepares to attack Winter Olympics, U.S. Senate appeared first on Cyberscoop.

Continue reading Russian hacking group Fancy Bear prepares to attack Winter Olympics, U.S. Senate

Senators introduce bill to counter bad cybersecurity practices in credit reporting industry

Posted on by

Two Democratic senators introduced a bill Wednesday that would provide new regulatory powers for the Federal Trade Commission so that it can punish companies like Equifax and others in the credit reporting industry for poor cybersecurity practices. The “Data Breach Prevention and Compensation Act” by Sens. Elizabeth Warren, D-Mass., and Mark Warner, D-Va., contains plans for the creation of a “Cybersecurity Office” within the FTC to be led by a career supervisor who will be able to enforce financial penalties on rule breakers. This supervisor would need to maintain relations with the credit reporting industry as the FTC proposes future cybersecurity standards and other related regulations. The move comes in the wake of the massive data breach at Equifax in 2017, which caused the private records of more than 145 million Americans to be compromised by hackers. A subsequent investigation into the incident by the FBI showed that an outdated piece […]

The post Senators introduce bill to counter bad cybersecurity practices in credit reporting industry appeared first on Cyberscoop.

Continue reading Senators introduce bill to counter bad cybersecurity practices in credit reporting industry

These are the favorites to become the next NSA director

Posted on by

With NSA Director Adm. Mike Rogers set to retire later this year, several prominent names are already being floated among government leaders as to who will become the next leader of the country’s premier signals intelligence agency. Several sources with knowledge of the discussions said the “name at the top of the list” is U.S. Army Cyber Command Gen. Paul Nakasone, who has helped pioneer the U.S. Army’s offensive and defensive cyber operations mission. The sources — both current and former U.S. officials — spoke on the condition of anonymity in order to freely discuss the candidate search. Other contenders include Lt. Gen. William Mayville, who now serves as director of operations for the Pentagon’s Joint Staff, and Lt. Gen. Vincent Stewart, deputy commander of U.S. Cyber Command, according to two current U.S. officials. Rogers’ retirement was first reported by The Washington Post and independently confirmed by CyberScoop. The Cipher Brief similarly reported on Friday […]

The post These are the favorites to become the next NSA director appeared first on Cyberscoop.

Continue reading These are the favorites to become the next NSA director

Cyxtera Technologies to acquire offensive cyber firm Immunity

Posted on by

Internet infrastructure company Cyxtera Technologies has acquired Miami-based Immunity Inc., a penetration testing technology development and vulnerability research firm founded by former NSA analyst Dave Aitel. Cyxtera Technologies decided to acquire the startup in order to expand its product portfolio, which will now include various offensive-oriented tools to test defensive systems. The new offerings will be packaged into a “threat analytics solution” to be sold by Cyxtera Technologies later this year, based on a press release distributed by the company. Terms for the acquisition were not disclosed. It is expected to close by the end of the first fiscal quarter. “In the security industry, it’s rare that you can blend together offense and defense-oriented capabilities,” Christopher Day, chief cybersecurity officer of Cyxtera, said in a release. “The advantages of combining Immunity’s products and services with Cyxtera’s portfolio creates an opportunity to approach cybersecurity in a truly holistic manner.” Cyxtera Technologies […]

The post Cyxtera Technologies to acquire offensive cyber firm Immunity appeared first on Cyberscoop.

Continue reading Cyxtera Technologies to acquire offensive cyber firm Immunity

Microsoft’s chip patch is messing with anti-virus products

Posted on by

Some major anti-virus software vendors were forced to reconfigure their programs after Microsoft rolled out a patch that changed their products’ processing architecture, industry experts tell CyberScoop. In response to the “Spectre” and “Meltdown” vulnerabilities, which affect nearly every microchip created since 1995, Microsoft immediately offered a software patch that would prevent attackers from targeting these flaws. Microsoft and Amazon — much like the microchip makers — have known about the two vulnerabilities for months but have been under a strict embargo. During this timeframe, Microsoft worked on creating an adequate software update that could remediate the problems. However, due to the embargo, many cybersecurity companies were left in the dark; entirely unaware that either Microsoft or the microchip industry was dealing with the issue. This lapse in coordination is currently causing major headaches for security companies. Microsoft’s emergency update causes the operating system to change how it processes data at the kernel level. Processes […]

The post Microsoft’s chip patch is messing with anti-virus products appeared first on Cyberscoop.

Continue reading Microsoft’s chip patch is messing with anti-virus products

NSA contractor pleads guilty to charge of hoarding troves of classified docs

Posted on by

A former U.S. defense contractor who spent nearly two decades mishandling classified information while working inside the NSA and other American intelligence agencies has agreed to plead guilty to a felony charge of illegal retention of national security information, the government says in newly filed court documents. Ex-NSA contractor Harold T. Martin could face up to 10 years in prison in addition to a $250,000 fine for the single felony charge. His guilty plea is just one part of an expansive case involving a 20-count indictment handed down in February 2017. The government did not specify whether the guilty plea is part of a plea deal. Investigators found last year that Martin had removed a staggering amount of sensitive material — including documents, removable media and computer files about internal NSA policy and cyber-operations — from various classified environments. More than 50 terabytes of material, some marked “Top Secret,” were recovered as part […]

The post NSA contractor pleads guilty to charge of hoarding troves of classified docs appeared first on Cyberscoop.

Continue reading NSA contractor pleads guilty to charge of hoarding troves of classified docs

NSA contractor pleads guilty to charge of hoarding troves of classified docs

Posted on by

A former U.S. defense contractor who spent nearly two decades mishandling classified information while working inside the NSA and other American intelligence agencies has agreed to plead guilty to a felony charge of illegal retention of national security information, the government says in newly filed court documents. Ex-NSA contractor Harold T. Martin could face up to 10 years in prison in addition to a $250,000 fine for the single felony charge. His guilty plea is just one part of an expansive case involving a 20-count indictment handed down in February 2017. The government did not specify whether the guilty plea is part of a plea deal. Investigators found last year that Martin had removed a staggering amount of sensitive material — including documents, removable media and computer files about internal NSA policy and cyber-operations — from various classified environments. More than 50 terabytes of material, some marked “Top Secret,” were recovered as part […]

The post NSA contractor pleads guilty to charge of hoarding troves of classified docs appeared first on Cyberscoop.

Continue reading NSA contractor pleads guilty to charge of hoarding troves of classified docs

China’s new law calls on private industry to hand over valuable cyber threat data

Posted on by

The new year marked the beginning of yet another Chinese cybersecurity law that could have a big impact on U.S.-based technology companies. Known as the “Public Internet Cybersecurity Threat Monitoring and Mitigation Measures,” the rules call on private companies conducting business in China to report and hand over cyberthreat information to the government’s Ministry of Industry and Information Technology (MIIT). China founded the MIIT in 2008 in order to regulate the country’s burgeoning information technology industry. The law instructs companies to turn over information regarding both cyberattacks they’ve faced and also any “cyber threat intelligence” they own. Cyber threat intelligence is typically collected by cybersecurity firms and software giants like Microsoft and used to strengthen security operations. The regulation states: “after cybersecurity threats are discovered by relevant professional organizations, basic telecommunication enterprises, cybersecurity enterprises, Internet companies, domain name registration management and service organs … information shall be submitted to MIIT, provincial, autonomous […]

The post China’s new law calls on private industry to hand over valuable cyber threat data appeared first on Cyberscoop.

Continue reading China’s new law calls on private industry to hand over valuable cyber threat data