Chris Bing – Page 15 – WindowsTechs.com

Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack

Posted on November 2, 2017 by Chris Bing

A group of hackers believed to be associated with Russia’s Main Intelligence Directorate (GRU), better known as APT28 or Fancy Bear, was responsible for last week’s international ransomware attack dubbed “BadRabbit,” according to Ukraine’s top law enforcement agency, the Security Service of Ukraine (SBU). In a letter sent to CyberScoop on Wednesday, SBU officials laid blame on APT28 for launching the massive, coordinated attack that disrupted business operations for hundreds of organizations based in Ukraine and Russia. Victims included multiple Russian news outlets, government organizations in both countries and Ukrainian transportation services. An official with Ukraine’s state cyber police announced Thursday, as part of an interview with Reuters, that the hackers behind BadRabbit intended for the ransomware to effectively act as a smokescreen while they simultaneously sent highly targeted phishing emails to several organizations. The phishing emails were designed to gain access to “financial and confidential information.” The state cyber police did not […]

The post Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack appeared first on Cyberscoop.

Continue reading Ukraine blames infamous Russian hackers for ‘BadRabbit’ ransomware attack→

Japanese businesses are the latest victims of attacks disguised as ransomware

Posted on November 2, 2017 by Chris Bing

A sustained ransomware campaign aimed at extorting Japanese companies now appears to have been part of an elaborate cyber espionage operation that included destroying data to conceal evidence, according to Israeli cybersecurity firm Cybereason. Based on malware analysis and other technical indicators discovered on victims’ networks, Cybereason concluded the two-part virus, dubbed “MBR-ONI,” was specially designed to target specific Japanese organizations in order to steal data during a certain timeframe. While the infections first appeared to be limited to conventional, cybercrime-related ransomware, further inspection by Cybereason revealed hidden commands were taking place behind the scenes, including a script that wiped Windows event logs. “We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation,” a blog post published Tuesday by the company reads. “These targeted attacks lasted between three to nine months and all ended with an attempt to encrypt hundreds of machines at […]

The post Japanese businesses are the latest victims of attacks disguised as ransomware appeared first on Cyberscoop.

Continue reading Japanese businesses are the latest victims of attacks disguised as ransomware→

Meet the French researcher the Shadow Brokers keep calling out

Posted on November 2, 2017 by Chris Bing

The Shadow Brokers appear to be obsessed with Matthieu Suiche. A bevy of security researchers have spent time studying the mysterious group of hackers best known for leaking a cache of National Security Agency hacking tools. But Suiche is one of few analysts to have been called out by the Shadow Brokers multiple times, with the acknowledgement straddling the line between begrudging respect and reverent admiration. No one, even Suiche, understands why. A 29-year-old French security researcher and entrepreneur, Suiche is one of the foremost experts when it comes to the peculiar group. In an effort to understand why and who The Shadow Brokers — an entity still at the center of an expansive federal counterintelligence investigation — are so enamored by his work, it’s important to understand how Suiche’s background led to this point in time. In late July, Suiche spoke at the large Vegas-based cybersecurity conference known as BlackHat about […]

The post Meet the French researcher the Shadow Brokers keep calling out appeared first on Cyberscoop.

Continue reading Meet the French researcher the Shadow Brokers keep calling out→

Global ransomware attacks tiptoed around Russian anti-virus products

Posted on October 30, 2017 by Chris Bing

Those responsible for two of the largest ransomware attacks of 2017 designed their malware to carefully handle computers with Russian anti-virus products installed, security researchers have told CyberScoop. For the third time in less than six months, a ransomware-style cyberattack spread across Eastern Europe in a matter of hours. The attack, dubbed “BadRabbit,” infected computers inside Ukrainian and Russian government agencies, Ukrainian transportations facilities and Russian news outlets among other targets; causing a disruption in normal business operations that continues for some until today. Although most of BadRabbit’s impact occurred in Russia, there’s evidence that the malware compromised organizations in several countries other than Ukraine, including Japan and Turkey. The virus, when successfully installed, will encrypt files and then request a payment in the form of Bitcoin from victims in order to unlock their systems. Experts say there’s likely more to the story than a simple ransom collection. An investigation into […]

The post Global ransomware attacks tiptoed around Russian anti-virus products appeared first on Cyberscoop.

Continue reading Global ransomware attacks tiptoed around Russian anti-virus products→

Leaked NSA tools were once again used in a global ransomware attack

Posted on October 27, 2017 by Chris Bing

Another global ransomware outbreak was powered with a leaked, fully operational NSA hacking tool that had been released by The Shadow Brokers, according to researchers with cybersecurity firms Cisco Talos, IB Group and Symantec. The latest international ransomware incident occurred on Tuesday and primarily affected computers in Ukraine and Russia. Analysts studying malware samples connected to this event, dubbed “BadRabbit,” found Thursday that the carefully prepared attack contained an exploit known as “EternalRomance.” Update: Talos has identified an eternal romance component and more! https://t.co/H4BAi4wRhE — Craig Williams (@security_craig) October 26, 2017 Some researchers say the BadRabbit operation had been planned for months, dating back perhaps to as far as Feb. 2017, according to FireEye, or July 2017, based on digital evidence found by Kaspersky Lab. It appears the attackers behind #Badrabbit have been busy setting up their infection network on hacked sites since at least July 2017. pic.twitter.com/fV5U1FeVtR — Costin Raiu […]

The post Leaked NSA tools were once again used in a global ransomware attack appeared first on Cyberscoop.

Continue reading Leaked NSA tools were once again used in a global ransomware attack→

Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group

Posted on October 27, 2017 by Chris Bing

A former senior U.S. official blocked Moscow-based cybersecurity firm Kaspersky Lab from joining a prominent trade group made up of U.S.-based cybersecurity companies earlier this year, multiple people with knowledge of the proposed deal tell CyberScoop. When Kaspersky representatives approached the Cyber Threat Alliance (CTA) — a U.S.-based not-for-profit membership organization largely made up of American technology firms who voluntarily share threat intelligence with one another — in early 2017, the group’s leader and former White House Cybersecurity Coordinator Michael Daniel quietly turned the company away, the sources said. “It didn’t really go anywhere because they got Heisman-ed from the get go,” one source described, referencing the college football trophy that represents a player forcefully pushing someone out of their way. Daniel spoke with CyberScoop and acknowledged that Kaspersky had shown interest in joining the CTA. Kaspersky is not currently a member. The choice to exclude Kaspersky alludes to knowledge of […]

The post Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group appeared first on Cyberscoop.

Continue reading Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group→

Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack

Posted on October 25, 2017 by Chris Bing

A software toolkit used in an expansive cyberattack that affected hundreds of organizations across Eastern Europe Tuesday has been linked to a hacking group known as BlackEnergy APT or Telebots, security researchers tell CyberScoop. This threat actor was also responsible for a similar attack dubbed “NotPetya” which largely affected Ukraine and was designed to wipe data from computers rather than collect ransoms when it was executed in June. Experts say BlackEnergy APT acts in the interests of the Kremlin. In the past, the group has repeatedly attacked Ukrainian organizations, including the country’s critical infrastructure sector. The latest variant of ransomware flooding across Europe is named “BadRabbit.” It requires that victims infected with the malware send bitcoin to an anonymous digital wallet in order to unlock their systems — until payment is received, affected computers remain largely unusable. “It appears that the two [ransomware] attacks are connected,” said Costin Raiu, director of the Global Research […]

The post Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack appeared first on Cyberscoop.

Continue reading Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack→

‘BadRabbit’ ransomware spreading across Ukraine, Russia

Posted on October 24, 2017 by Chris Bing

Multiple Russian and Ukrainian organizations were hit with a ransomware attack Tuesday, causing disruptions across a number of different transportation hubs, including a major airport and transit system in Kiev, Ukraine and several Russian media organizations. The malware, dubbed “BadRabbit” by security researchers, will load a message in red text over a black background on infected computers, requesting payment from victims in order to unlock their systems. The price to unlock an infected system increases over time, the message reads, and requires victims to log into a Tor hidden service website to send bitcoin. This display carries certain similarities with another ransomware outbreak known as NotPetya, which spread across Ukraine in June and into a variety of multinational corporations with connections to the country’s economy. Other overlaps also exist between NotPetya and BadRabbit, including the reuse of Diskcoder.D, a trojan that encrypts files on local drives, researchers say. #badrabbit found […]

The post ‘BadRabbit’ ransomware spreading across Ukraine, Russia appeared first on Cyberscoop.

Continue reading ‘BadRabbit’ ransomware spreading across Ukraine, Russia→

DNC hackers using NATO cyber conference to find phishing targets, researchers find

Posted on October 23, 2017 by Chris Bing

Security researchers recently found evidence showing that the same infamous hacking group responsible for last year’s breach at the Democratic National Committee were attempting to spy on people interested in an upcoming D.C.-based cybersecurity conference, according to Cisco’s Talos research team. In a blog post published Sunday, Talos noted that Group 74, otherwise known as APT28 or Fancy Bear recently sent a wave of spear phishing emails carrying malware-laden Microsoft Word attachments. These malicious emails contained information regarding a conference known as CyCon that’s taking place in early November. The event is produced by the U.S. Army Cyber Institute in collaboration with NATO. The conference often features top leaders from both the U.S. government and other allied nations who help guide cybersecurity relevant policy and missions. “This attack is another example of sophisticated social engineering undertaken by the bad guys in order to trick their intended victims into opening malicious […]

The post DNC hackers using NATO cyber conference to find phishing targets, researchers find appeared first on Cyberscoop.

Continue reading DNC hackers using NATO cyber conference to find phishing targets, researchers find→

Security researchers call for calm after DHS warns of energy grid hacking

Posted on October 23, 2017 by Chris Bing

A government security alert about foreign hackers probing the networks of U.S. energy companies frightened casual observers, but security experts say the report provided little more than an update on relatively well-known activity and behavior. The alert, released late last week by the Department of Homeland Security, mentions evidence of a hacker group — originally identified by U.S. cybersecurity firm Symantec and codenamed “Dragonfly 2.0” — working to compromise the front office networks of industrial firms. This activity is confined to the targeting, and in some cases compromise, of business networks by hackers largely through the deployment of phishing emails and strategic website compromises; also known as watering hole style attacks. FBI & DHS: massive hacking campaign underway attacking American energy, nuclear, water, aviation, construction & manufacturing sectors. — Jose Pagliery (@Jose_Pagliery) October 21, 2017 Though the information offered by the government may be helpful for some cybersecurity professionals, it is far from […]

The post Security researchers call for calm after DHS warns of energy grid hacking appeared first on Cyberscoop.

Continue reading Security researchers call for calm after DHS warns of energy grid hacking→