Joe Warminsky – Page 4 – WindowsTechs.com

TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators

Posted on February 25, 2022 by Joe Warminsky

The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether. Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational. Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months. AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti. “In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that […]

The post TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators appeared first on CyberScoop.

Continue reading TrickBot malware suddenly got quiet, researchers say, but it’s hardly the end for its operators→

In studying tech supply chain, feds cite open source products, device firmware

Posted on February 25, 2022 by Joe Warminsky

Open-source software and device firmware are two of the biggest areas of vulnerability in the supply chains for information and communications technology, according to a federal report Thursday that called for better risk management practices and improved monitoring efforts by government and industry. Another area that potentially affects U.S. cybersecurity is a shrinking manufacturing base for hardware, including a “significant reduction” in the related workforce, the report said. The Biden administration asked the departments of Commerce and Homeland Security for the review under an executive order signed in February 2021 as the White House worked to address challenges in the supply chains for goods and services overall. At the time, the breach of SolarWinds’ software supply chain by Russia-linked hackers had riled Washington, and Thursday’s report comes as the government and cybersecurity industry are still responding to the Log4shell bug found in December 2021 in a widely used piece of […]

The post In studying tech supply chain, feds cite open source products, device firmware appeared first on CyberScoop.

Continue reading In studying tech supply chain, feds cite open source products, device firmware→

Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’

Posted on February 23, 2022 by Joe Warminsky

A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]

The post Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’ appeared first on CyberScoop.

Continue reading Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’→

White House attributes Ukraine DDoS incidents to Russia’s GRU

Posted on February 18, 2022 by Joe Warminsky

Russia was behind recent disruptions of Ukrainian government and banking websites, a top White House official said Friday. “We have assessed that Russia was responsible for the distributed denial-of-service [DDoS] attacks that occurred earlier this week,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology. Neuberger said the U.S. has “technical information” that shows digital infrastructure belonging Russia’s main intelligence directorate, the GRU, “transmitting high volumes of communication to Ukraine-based IP addresses and domains.” The British government also attributed the attacks to the GRU on Friday. DDoS incidents involve flooding websites with bogus traffic until they’re unavailable to most users. Ukrainian officials earlier this week did not attribute the incidents to a specific actor, but suggested Russia was the only country that would conduct such an operation. Around the same time as Tuesday’s DDoS attacks, Ukrainians also received spam text messages falsely claiming that ATMs didn’t work. […]

The post White House attributes Ukraine DDoS incidents to Russia’s GRU appeared first on CyberScoop.

Continue reading White House attributes Ukraine DDoS incidents to Russia’s GRU→

‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors

Posted on February 16, 2022 by Joe Warminsky

For more than two years, “Russian state-sponsored cyber actors” have targeted the emails and other data of U.S. defense contractors that handle sensitive information about weapons development, computer systems, intelligence-gathering technology and more, the federal government warned Wednesday. The alert from the Cybersecurity and Infrastructure Security Agency said cleared defense contractors (CDCs) are the primary victims of the breaches. Those companies are authorized by the Department of Defense to access, receive and store classified information as part of their contracting work. The alert does not say whether classified information was accessed. The attackers, however, have been able to “acquire sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology,” the alert said, by focusing on “enterprise and cloud networks, prioritizing their efforts against the widely used Microsoft 365 (M365) environment.” “The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications […]

The post ‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors appeared first on CyberScoop.

Continue reading ‘Russian state-sponsored cyber actors’ cited in hacks of U.S. defense contractors→

TrickBot developers continue to refine the malware’s sneakiness and power

Posted on February 16, 2022 by Joe Warminsky

The versatile malware known as TrickBot continues to pose “great danger” to customers of financial and technology companies because its developers are trying to stay a step ahead of cybersecurity analysts, according to Check Point Research. The company says TrickBot’s authors have equipped it with layers of “anti-analysis” and “anti-deobfuscation” capabilities, meaning that if an expert tries to pick apart the malware’s code, it stops communicating with its command-and-control servers or stops working altogether. Those features “show the authors’ highly technical background and explain why Trickbot remains a very prevalent malware family,” Check Point says in research published Wednesday. The danger remains clear, too: Check Point says the various modules of TrickBot are often deployed for stealing login credentials from customers of several large banks, including Bank of America and Wells Fargo, as well as big tech firms like Microsoft and Amazon. About 60 companies are affected overall. “These brands […]

The post TrickBot developers continue to refine the malware’s sneakiness and power appeared first on CyberScoop.

Continue reading TrickBot developers continue to refine the malware’s sneakiness and power→

For signs of cryptocurrency laundering, look closely at Moscow firms, report says

Posted on February 14, 2022 by Joe Warminsky

Moscow-based businesses appear to be handling much of the money laundering of cryptocurrency payments that come from global ransomware activity and other forms of cybercrime, according to a report from crypto-tracking company Chainalysis. The analysts focused on several dozen companies with a presence in Moscow City, the Russian capital’s skyscraper-packed business district. In any given quarter, “illicit and risky” blockchain addresses account for between 29% and 48% of all funds received by those cryptocurrency businesses, the report says. That traffic, including legitimate crypto transactions, can sometimes be more than $1 billion in a quarter, Chainalysis says. “A huge amount of cryptocurrency-based money laundering, not just of ransomware funds but of funds associated with other forms of cybercrime as well, goes through services with substantial operations in Russia,” Chainalysis says in the Monday blog post, which is based on its upcoming “2022 Crypto Crime Report.” The company defines “risky or illicit” […]

The post For signs of cryptocurrency laundering, look closely at Moscow firms, report says appeared first on CyberScoop.

Continue reading For signs of cryptocurrency laundering, look closely at Moscow firms, report says→

CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal

Posted on February 11, 2022 by Joe Warminsky

Some data belonging to Americans was swept up in a secret CIA mass surveillance program that operated under atypical legal authority for such an operation, according to a letter released Thursday night by two Democratic members of the Senate Intelligence Committee. The unnamed program operates “entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight” that otherwise would apply, according to the letter from Sens. Ron Wyden, D-Ore., and Martin Heinrich, D-N.M. The senators said the “secret bulk collection program” was authorized under presidential Executive Order 12333 from the early 1980s, which covers some activities of U.S. intelligence agencies. Many of the intelligence community’s surveillance programs are covered under the Foreign Intelligence Surveillance Act (FISA), which involves a special court that secretly reviews requests for spying. The information released by the senators does not […]

The post CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal appeared first on CyberScoop.

Continue reading CIA ‘secret bulk collection program’ picked up some Americans’ data, senators reveal→

Online romance scams expand, now with more cryptocurrency

Posted on February 10, 2022 by Joe Warminsky

Reports of online romance scams continued to grow in 2021, according to the Federal Trade Commission, and cryptocurrency payments now represent a big chunk of the money lost. Complaints about these heartbreaking swindles added up to $547 million overall last year, the agency said Thursday, up about 80 percent from the $307 million reported to the FTC in 2020. Of that total, $139 million in reported losses came from cryptocurrency transactions. In those cases, the victims often are subjected to a fancier plea for money than what typically occurs in a romance scam. “People are led to believe their new online companion is a successful investor who, before long, casually offers investment advice,” the FTC said. “These so-called investment opportunities often involve foreign exchange (forex) trading or cryptocurrency.” The spike in cryptocurrency-oriented complaints is dramatic. The 2021 numbers “are nearly five times those reported in 2020, and more than 25 […]

The post Online romance scams expand, now with more cryptocurrency appeared first on CyberScoop.

Continue reading Online romance scams expand, now with more cryptocurrency→

Inside the numbers of another big year for cyber mergers, acquisitions and investments

Posted on February 9, 2022 by Joe Warminsky

Sustained demand for cybersecurity services and continued innovation across the industry helped 2021 become a record-setting year for deals involving cyber companies, analysts say. The funding that flowed into cyber companies increased 136% over 2020 levels, to $29.3 billion, up from $12.4 billion the previous year, according to the executive summary of a report from Momentum Cyber, which advises cyber companies on mergers and acquisitions. Likewise, the total volume of mergers and acquisitions activity reached $77.5 billion, up 294% from calendar year 2020, according to the report. Several trends are driving those numbers, analysts and executives say: Companies across the economy have expanded their budgets for reliable cybersecurity services, boosting revenues for the industry. In turn, big investors — including private equity groups and venture capitalists — are following that money. And as cyberthreats increase in severity and complexity, smaller firms continue to develop valuable expertise in niche areas of […]

The post Inside the numbers of another big year for cyber mergers, acquisitions and investments appeared first on CyberScoop.

Continue reading Inside the numbers of another big year for cyber mergers, acquisitions and investments→