Chris Bing – Page 13 – WindowsTechs.com

Triton malware shines light on threat facing energy production companies

Posted on December 18, 2017 by Chris Bing

Sophisticated malware capable of forcing industrial equipment safety systems to fail was found in industrial control systems in the Middle East, according to information provided to CyberScoop and research produced Thursday by U.S. cybersecurity firms FireEye and Dragos. Dubbed “Triton”or “Trisis,” the malware disrupts an emergency shutdown capability in Schneider Electric’s Triconex safety instrumented system (SIS). By targeting this system, Triton makes it easier for an industrial control system (ICS) to fail and break down. SIS technology is often used in oil and gas production facilities, among other industrial environments. Triton is the fifth known case of malware that has been specially designed to sabotage industrial control systems. In some instances, an ICS-focused failure could result in an explosion, damaged machines, property destruction, injury or loss of human life. According to researchers with FireEye, Triton is likely the work of a nation-state, although it’s not clear which country is responsible. According to FireEye, the […]

The post Triton malware shines light on threat facing energy production companies appeared first on Cyberscoop.

Continue reading Triton malware shines light on threat facing energy production companies→

The line between adware and malware has become increasingly blurred, researcher finds

Posted on December 15, 2017 by Chris Bing

An opaque digital marketing firm based in Tel Aviv attempted to silence a group of researchers after they found that the company was responsible for highly intrusive advertising software which infected upwards of 10,000 Apple computers since 2016. New research by Israeli company Cybereason shows that TargetingEdge, a secretive advertising technology firm, had developed and spread “OSX.Pirrit,” a covert piece of software that can manipulate browsers, track users’ activity and forcefully load digital advertisements. These advertisements appear to be scams, including fake, paid Apple customer channels and disreputable anti-virus software downloads. The lead project researcher Amit Serper described OSX.Pirrit as malware due to the program gaining root access to a victim’s device and attempting to remain hidden in order to avoid being uninstalled or tracked by anti-virus products. Cybereason was able to connect OSX.Pirrit to TargetingEdge by studying how the command and control infrastructure behind the adware would call back […]

The post The line between adware and malware has become increasingly blurred, researcher finds appeared first on Cyberscoop.

Continue reading The line between adware and malware has become increasingly blurred, researcher finds→

Three men plead guilty for roles in Mirai botnet empire, court documents show

Posted on December 13, 2017 by Chris Bing

Three men have pleaded guilty for their role in creating, operating and selling access to the “Mirai botnet,” a massive army of compromised internet-connected devices used last year to launch numerous distributed denial of service attacks against hosting companies, social media platforms and other online businesses. The defendants, Paras Jha, Josiah White and Dalton Norman, were each responsible for supporting an elaborate scheme that began with the creation of a scanning tool to find vulnerable devices connected to the internet, infect them with malware and then mobilize them into a cohesive botnet army capable of pushing excessive internet traffic onto a target in order to knock them offline. They guilty pleas were entered in a federal district court in Alaska, the Department of Justice said. Distributed denial of service attacks typically function through a centralized platform or operator who controls infected computers which can be used to flood digital properties with […]

The post Three men plead guilty for roles in Mirai botnet empire, court documents show appeared first on Cyberscoop.

Continue reading Three men plead guilty for roles in Mirai botnet empire, court documents show→

Trump signed the NDAA today. Here’s what it means for cybersecurity.

Posted on December 12, 2017 by Chris Bing

President Donald Trump signed the $700 billion National Defense Authorization Act (NDAA) on Tuesday, a law that sets policies and budget guidelines for the U.S. military for fiscal 2018, including its various cybersecurity-focused initiatives. The mammoth piece of annual legislation often includes brand-new projects and policy provisions. This year’s NDAA advances several important cybersecurity efforts while also establishing new rules and programs related to information security. Here’s a closer look at some key cybersecurity provisions: The ban on Kaspersky Lab software becomes official (SEC. 1634) While the Homeland Security Department has already taken concrete steps to push Kaspersky Lab products out of the federal government, Sec. 1634 makes the ban official across the Defense Department and sets a deadline of October 2018 for total removal. The ban specifically mentions any and all products owned by Kaspersky Lab, including both services and software produced by subsidiaries. Trump will define what “cyberwar” means (SEC. 1633) The […]

The post Trump signed the NDAA today. Here’s what it means for cybersecurity. appeared first on Cyberscoop.

Continue reading Trump signed the NDAA today. Here’s what it means for cybersecurity.→

Meet Money Taker, the latest hacking group tied to Russian cybercrime

Posted on December 12, 2017 by Chris Bing

Hackers associated with a sophisticated Russian cybercrime ring attacked a series of banks in the U.S., U.K. and Russia, robbing at least one U.S. financial institution two separate times, according to Moscow-based cybersecurity company Group-IB. The researchers dubbed the group “Money Taker,” based on a custom, modular malware framework used to spy on banks and manipulate payment data. Security researchers say Money Taker has been active since at least 2016, targeting more than 20 organizations over the last two years. In addition to banks, victims include international law firms and financial software vendors. Money Taker is likely a criminal enterprise unaffiliated with any government, although they’ve proved to be highly-skilled, resourceful and well-equipped — similar to advanced persistent threat (APT) groups supported by a foreign government, Group-IB Director Nik Palmer told CyberScoop. “The [banking-focused] attacks were certainly conducted by a skillful targeted attack group,” explained Palmer. “The group is skillful enough to […]

The post Meet Money Taker, the latest hacking group tied to Russian cybercrime appeared first on Cyberscoop.

Continue reading Meet Money Taker, the latest hacking group tied to Russian cybercrime→

Hacking group turns Microsoft Office flaw into an exploit in less than a week

Posted on December 8, 2017 by Chris Bing

Less than one week after Microsoft publicly acknowledged a remote code execution vulnerability in Microsoft Office, Iranian hackers targeted the weakness via phishing emails sent to various Middle Eastern government agencies last month, according to research produced Thursday by U.S. cybersecurity firm FireEye. According to FireEye, the targets indicate that the group is likely linked to the Iranian government. There were multiple attempts to breach financial, energy and government enterprises located in geographic rivals of Iran, such as Saudi Arabia and Israel. This particular cyber espionage group, titled APT34 by FireEye, is also known as “NewsBeef” to other security researchers. APT34 has been especially active since mid-2016, based on publicly available research from FireEye and Kaspersky Lab. “We believe APT34 is involved in a long-term cyber-espionage operation largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014,” a FireEye blog post reads. “We […]

The post Hacking group turns Microsoft Office flaw into an exploit in less than a week appeared first on Cyberscoop.

Continue reading Hacking group turns Microsoft Office flaw into an exploit in less than a week→

This country’s hacking efforts have become too big to ignore

Posted on December 7, 2017 by Chris Bing

While hackers linked to China, North Korea and Russia have dominated headlines over the past year, similar groups in Iran have caused significant damage while drawing far less attention. Multiple cyber-espionage groups attributed to Iran became increasingly active over the last 12 months, as at least four entities with ties to the regime have broken into a wide array of organizations, according to private sector cybersecurity experts and three former U.S. intelligence officials with knowledge of regional activity. “For the first time in my career, I’m not convinced we’re responding more to Russia or China,” FireEye CEO Kevin Mandia said in a report published by the company on Thursday. “It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.” This surge in digital espionage — which has predominantly come in the form of spearphishing emails, strategic web compromises and breached social […]

The post This country’s hacking efforts have become too big to ignore appeared first on Cyberscoop.

Continue reading This country’s hacking efforts have become too big to ignore→

Roy Moore scandal used for phishing schemes aimed at U.S. law firms

Posted on December 4, 2017 by Chris Bing

Since at least June, Chinese hackers have been actively targeting a shortlist of multinational law firms in an apparent effort to spy on lawyers and steal confidential information, according to cybersecurity firm FireEye. The hacking group, which is known as APT19, will often design phishing campaigns that contain references to pertinent, high-profile U.S. news stories. Most recently, these booby-trapped emails have separately mentioned U.S. Senate candidate Roy Moore, disgraced Hollywood producer Harvey Weinstein and former presidential candidate Hillary Clinton. The hacking group has been loosely linked to China. FireEye says APT19 crafted the subject line “FW: Roy Moore scandal ignites fundraising explosion for Democratic challenger Doug Jones” to seemingly capitalize on the contentious campaign to fill the vacant senate seat in Alabama. Moore, 70, has been accused of making unwanted sexual advances toward multiple teenage girls when he was in his 30s. It’s relatively common for hackers to leverage public […]

The post Roy Moore scandal used for phishing schemes aimed at U.S. law firms appeared first on Cyberscoop.

Continue reading Roy Moore scandal used for phishing schemes aimed at U.S. law firms→

Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies

Posted on December 4, 2017 by Chris Bing

The Defense Department needs to clarify and further define how certain U.S. defense agencies and combatant commands — including the nation’s top cyberwarfare unit, U.S. Cyber Command — should interact with private sector companies and civilian agencies, according to a recent report by the Government Accountability Office (GAO). The GAO outlined deficiencies in a report by the Pentagon that sought to establish roles and responsibilities for some of these defense organizations when they respond to data breaches. GAO contends that the Defense Department’s “Section 1648 report” leaves out several key details that would sufficiently answer questions about collaboration with businesses as well as training requirements for operators. DOD has reportedly agreed with some of GAO’s criticism. Recent major data breaches affecting U.S. corporations, including Deloitte and Equifax, have spurred questions about whether the Pentagon should take on a greater role in defending the private sector from intrusions. “DOD was supposed to develop [a] comprehensive plan for CYBERCOM […]

The post Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies appeared first on Cyberscoop.

Continue reading Watchdog questions DoD about Cyber Command’s work with private sector, civilian agencies→

Why Eugene Kaspersky keeps talking about ‘Project Sauron’

Posted on December 1, 2017 by Chris Bing

Kaspersky Lab founder and CEO Eugene Kaspersky says he’s figured out why the U.S. government hates his company. According to Kaspersky, his company’s research into a sophisticated, international cyber espionage operation that targeted government entities in Russia, Iran and Rwanda represents why the Russian anti-virus maker has become a bogeyman for the U.S. government. This reasoning came during public comments Kaspersky made Tuesday during a small event in London. His comments are the most detailed effort among Kaspersky’s multiple attempts to defend his company from allegations the Moscow-based company acts as an intelligence collection tool for Russian spies. Kaspersky talked about his company’s discovery of U.S. intelligence related hacking operations, including those of the NSA-linked “Equation Group” and CIA-linked “Lamberts,” being the reason for the recent firestorm. He specifically emphasized the unveiling of one particular campaign — known as ProjectSauron or Strider — as a driving factor while also implying U.S. involvement with […]

The post Why Eugene Kaspersky keeps talking about ‘Project Sauron’ appeared first on Cyberscoop.

Continue reading Why Eugene Kaspersky keeps talking about ‘Project Sauron’→