Chris Bing – Page 24 – WindowsTechs.com

Early indications point to Sandworm hacking group for global ransomware attack

Posted on June 30, 2017 by Chris Bing

The main suspect behind the recent global ransomware attack is a hacking group with suspected ties to Russia and a history of launching destructive computer viruses, according to research conducted by Czech cybersecurity firm ESET. The company has pegged the attack to a group known as Telebots or Sandworm. “The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine. Instead of spearphishing emails with documents containing malicious macros, they used a more sophisticated scheme known as a supply-chain attack,” writes Anton Cherepanov, a senior malware researcher with ESET, in a blog post. “The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities.” While the spread of so-called PetrWrap or NotPetya turned into global news as thousands of computers were locked down by the virus, the incident plays into a larger and already established narrative of hackers repeatedly using wiper malware and defunct ransomware, […]

The post Early indications point to Sandworm hacking group for global ransomware attack appeared first on Cyberscoop.

Continue reading Early indications point to Sandworm hacking group for global ransomware attack→

Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Posted on June 29, 2017 by Chris Bing

Just 24 hours after a malicious worm infected thousands of computers across Europe, the now infamous Shadow Brokers group published a message celebrating the chaos, advertised a vague new “VIP service” and threatened an unnamed former NSA official for “writing ugly tweets.” In a post on social media publishing site Steemit, the group also hinted at being in possession of FBI hacking tools. Until Wednesday, it was largely believed that only NSA-linked exploits had been published by the group. The Shadow Brokers described a former NSA official “as a doctor living in Hawaii that owns a security company.” The group threatened to publish this person’s personal information — a practice known as “doxxing” — including their operational history at NSA. The person’s record included missions targeting Chinese nationals, the Shadow Brokers said. “TheShadowBrokers is thinking ‘doctor’ person is former EquationGroup developer who built many tools and hacked organization in China,” the blog […]

The post Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy appeared first on Cyberscoop.

Continue reading Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy→

Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Posted on June 29, 2017 by Chris Bing

The post Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy appeared first on Cyberscoop.

Continue reading Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy→

Global ransomware attack was meant to be destructive, not collect money

Posted on June 28, 2017 by Chris Bing

A global ransomware outbreak Tuesday was inherently designed to be destructive in nature, according to private sector cybersecurity researchers. An analysis of Petya conducted by Comae Technologies’ Matthieu Suiche reveals that computer code in the June 27 version of the malware is different than previous samples which were tied to incidents involving monetary gain. The primary difference between past Petya variants and Tuesday’s malware comes in the form of a small block of code that effectively commands the virus to “erase the Windows system’s Master Boot Record (MBR) on default,” said Suiche. “After comparing both implementations, we noticed that the current [implementation] that massively infected multiple entities in Ukraine was in fact a wiper, which just trashed the 25 first sector blocks of the disk,” Suiche wrote in a blog post. Petya effectively demolishes a key function of the victim computer’s boot process even before a victim has the chance to read any ransom […]

The post Global ransomware attack was meant to be destructive, not collect money appeared first on Cyberscoop.

Continue reading Global ransomware attack was meant to be destructive, not collect money→

Global ransomware outbreak spread in part due to NSA-linked hacking tool

Posted on June 27, 2017 by Chris Bing

A growing number of cybersecurity firms, including BitDefender, Kaspersky Lab and Symantec, along with a cohort of independent cybersecurity researchers, say that the quickly spreading ransomware variant, known as Petya, is proliferating in part due to two previously leaked NSA hacking tools, codenamed EternalBlue and EternalRomance. This is not the first time in recent months that hackers combined leaked NSA computer code with ransomware to make their attacks more potent. Some researchers disagree on how to define the quickly spreading malware; with various security experts calling the ransomware a variant of Peyta, or GoldenEye, and others explaining it as an entirely different computer virus. Regardless, commonalities do exist and incidents involving what appears to be the same “Peyta” ransomware were reported Tuesday across most of Europe. Peyta is believed to be more complex than a similar recent attack known as WannaCry, which was also powered by EternalBlue; although in a slightly different fashion. […]

The post Global ransomware outbreak spread in part due to NSA-linked hacking tool appeared first on Cyberscoop.

Continue reading Global ransomware outbreak spread in part due to NSA-linked hacking tool→

Massive ransomware outbreak is quickly spreading across Europe

Posted on June 27, 2017 by Chris Bing

An apparent outbreak of Petya ransomware appears to be affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain and France. Early reports indicate that infected computers are locked by ransomware and as such, normal business operations have been disrupted. A new #WannaCry-like massive attack on Russian and Ukrainian #Critical #Infrastructue discovered. More countries expected #Petya #infosec pic.twitter.com/hRDPHKAC8R — Group-IB (@GroupIB_GIB) June 27, 2017 Kaspersky Labs researchers say that Petya is spreading globally at an alarming rate. The cause behind Petya’s spread is not yet k known. Some have speculated that the virus is powered by components of EternalBlue, an NSA-quality exploit that was leaked several months ago and has already been used once to deliver a worm-based variant of ransomware. Petrwrap/Petya ransomware variant with contact wowsmith123456@posteo.net spreading worldwide, large number of countries affected. — Costin Raiu (@craiu) June 27, 2017 Based on […]

The post Massive ransomware outbreak is quickly spreading across Europe appeared first on Cyberscoop.

Continue reading Massive ransomware outbreak is quickly spreading across Europe→

For now, many conversations about global ‘cyber norms’ start with Beijing

Posted on June 26, 2017 by Chris Bing

China’s government is taking steps to become an international leader in discussions concerning “cyber norms,” a formal but still vague understanding about the appropriate behavior between states regarding offensive cyber operations. Chinese leaders signed one such agreement Friday with Canada, marking Beijing’s sixth deal in two years. The first was with the Obama administration in late 2015. It curbed some cyber-enabled economic espionage by the Chinese against American companies. China is promising to end state-sponsored cyberattacks aimed at Canada’s high-tech private sector, curtailing the practice of stealing Canadian trade secrets. Beijing has now come to similar terms with the U.S., Canada, the United Kingdom and Australia — four of the Five Eye nations — in addition to Russia and Brazil. In similar fashion to China’s other international cybersecurity agreements, this deal is non-binding, unenforceable in nature and only covers economic espionage. It outlines no punishment mechanism in case either China or Canada were to break the agreement. The accord […]

The post For now, many conversations about global ‘cyber norms’ start with Beijing appeared first on Cyberscoop.

Continue reading For now, many conversations about global ‘cyber norms’ start with Beijing→

Leaked Hacking Team tools were used by group stealing East Asian IP

Posted on June 23, 2017 by Chris Bing

A sophisticated and “well-funded” hacking group with a penchant for stealing intellectual property and other trade secrets is wreaking havoc in East Asia by exploiting a series of old, publicly acknowledged software vulnerabilities, according to research conducted by TrendMicro. The findings are significant because it exposes an active regional threat that continues to invest in new hacking capabilities — including unique backdoor implants and an exfiltration tools — while apparently running multiple, active economic espionage operations. Dubbed “BlackTech” by security reachers, the clandestine unit is believed to be associated with three separate campaigns dating back to at least 2010. During that time frame, BlackTech relied on a similar server infrastructure to launch attacks but used various different tools and techniques against organizations, allowing them to move laterally across victim networks and ultimately attempt to exfiltrate sensitives files. “We are confident attributing these three campaigns to BlackTech given the backend infrastructure used and target overlap,” […]

The post Leaked Hacking Team tools were used by group stealing East Asian IP appeared first on Cyberscoop.

Continue reading Leaked Hacking Team tools were used by group stealing East Asian IP→

Ransomware attacks are rarely being reported to the FBI, new data shows

Posted on June 22, 2017 by Chris Bing

An absurdly small number of companies affected by ransomware reported the incidents to the federal government last year, newly released FBI data shows. While more than a third of all ransomware infections occurred in the U.S. last year, according to U.S. cybersecurity firm Symantec, the FBI’s Internet Crime Complaint Center (IC3) only “received 2,673 complaints identified as ransomware” in 2016 amounting to “losses of over $2.4 million,” according to a new report. Current private sector estimates for total ransomware losses in 2016 alone exceeded $100 million, said Vincent Weafer, vice president of McAfee Labs, and that’s “likely on the conservative side.” Verizon also found that ransomware infections were up 50 percent from 2015 to 2016. And McAfee saw more than 9 million cases of ransomware during the same time period. “One of the biggest problems with prosecuting ransomware is the recalcitrance of organizations and people in reporting they were hacked,” said John Bambenek, […]

The post Ransomware attacks are rarely being reported to the FBI, new data shows appeared first on Cyberscoop.

Continue reading Ransomware attacks are rarely being reported to the FBI, new data shows→

How China’s cyber command is being built to supersede its U.S. military counterpart

Posted on June 22, 2017 by Chris Bing

As U.S. leaders contemplate a proper definition for “cyberwar,” their counterparts in China have been building a unit capable of fighting such a large-scale conflict. China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force (SSF), is quietly growing at a time when the country’s sizable military is striving to excel in the digital domain. Though the American government is widely considered to be one of the premier hacking powers — alongside Israel, Germany, Russia and the United Kingdom — China is rapidly catching up by following a drastically different model. The SSF uniquely conducts several different missions simultaneously that in the U.S. would be happening at the National Security Agency, Army, Air Force, Department of Homeland Security, NASA, State Department and Cyber Command, among others. If you combined all of those government entities and added companies like Intel, Boeing and Google to the mix, then you would come close to how the […]

The post How China’s cyber command is being built to supersede its U.S. military counterpart appeared first on Cyberscoop.

Continue reading How China’s cyber command is being built to supersede its U.S. military counterpart→