Author Archives: Patrick Howell O'Neill

Cryptojacking on the rise in poorer countries where ransoms can’t be paid

Posted on by

A collection of poorer countries in Eastern Europe are the only places in cyberspace where ransomware isn’t seen as a top threat. Cybercriminals aren’t ignoring nations like Ukraine. Instead, to make the most of malware, hackers are finding different ways to extract value from poor countries whose population is still connected to the internet. Rich countries like the United States are ripe for ransomware because the population has more money to pay ransoms, with the practice becoming a $2 billion criminal industry in 2017. Knowing that residents in less-developed countries are less likely be able to pay ransoms, criminals are heavily targeting poorer regions with malware that uses victims’ computers to mine cryptocurrency — a scheme known as cryptomining or cryptojacking — according to new research from the cybersecurity firm Bitdefender. “Ransomware is the number one infection globally,” Bogdan Botezatu, the senior threat analyst at the cybersecurity firm Bitdefender, told CyberScoop. “Cryptominers rank second.” […]

The post Cryptojacking on the rise in poorer countries where ransoms can’t be paid appeared first on Cyberscoop.

Continue reading Cryptojacking on the rise in poorer countries where ransoms can’t be paid

Rep. Graves: ‘Active defense’ bill will launch a new industry

Posted on by

One of the authors of a controversial “hack back” bill in Congress believes the legislation can launch a new industry around “active defense” that allows companies to strike back against hackers who steal data. Rep. Tom Graves, R-Ga., predicts the private sector will develop new tools that will add a new layer of deterrence. Graves, who strenuously objects to the “hack back” terminology for the bill, spoke with CyberScoop earlier this month about the legislation. “You currently have a 1.5 percent conviction rate in cyberattacks,” Graves said. “I think you’ll see that rate go up because attribution will go up, but also because I think you’ll see the number of attacks reduced. And then you’ll see information sharing occurring prior to successful attacks, which will protect additional systems and networks as information being shared about attacks taking place or attempted attacks and the process they’re going about.” Graves and Rep. Kyrsten Sinema, D-Ariz., […]

The post Rep. Graves: ‘Active defense’ bill will launch a new industry appeared first on Cyberscoop.

Continue reading Rep. Graves: ‘Active defense’ bill will launch a new industry

Uber paid $100K to cover up 2016 data breach of 57 million users

Posted on by

Uber paid to hide a data breach that revealed sensitive information on 57 million customers and drivers, leading to the dismissal of Chief Security Officer Joe Sullivan. The breach took place in October 2016 and revealed names, email addresses, phone numbers and U.S. driver’s license numbers. Social Security numbers, location data and payment data was not accessed, Uber said. The company paid the hackers $100,000 to stay quiet and delete the data. Uber has not revealed the identities of the hackers. The breach and the payment to hackers was first reported by Bloomberg. New York Attorney General Eric Schneiderman is investigating the hack. According to the report, hackers first breached the ridesharing company through an Uber-owned GitHub account. They found more credentials there, including usernames and passwords to an Amazon Web Services account that held rider and driver information. With the information in hand, they demanded money from the company. “I recently learned […]

The post Uber paid $100K to cover up 2016 data breach of 57 million users appeared first on Cyberscoop.

Continue reading Uber paid $100K to cover up 2016 data breach of 57 million users

Ransomware is now a $2 billion-per-year criminal industry

Posted on by

Ransomware payments in 2017 will hit a record $2 billion, according to a new research from the cybersecurity firm Bitdefender. That figure would make 2017 the most costly year ever for ransomware, doubling the $1 billion paid out by ransomware victims in 2016 and skyrocketing above the $24 million paid in 2015. The upward trend will likely continue into 2018 as malware becomes more sophisticated and difficult to stop. Exacerbating the problem is amount attributed to total damage, which exceeds $5 billion. The NotPetya attacks alone caused over $310 million in damages to U.S. pharmaceutical giant Merck, a $300 million loss for the courier firm FedEx and a $200 million loss for the shipping firm Maersk. The average ransomware demand is up to $1,000, a 266 percent rise from 2016. The spike is credited to more victims paying up, including many businesses that privately pay five-figure ransoms.  Only 47 percent of victims who pay the ransom ever […]

The post Ransomware is now a $2 billion-per-year criminal industry appeared first on Cyberscoop.

Continue reading Ransomware is now a $2 billion-per-year criminal industry

Intel patches flaw that leaves millions of computers vulnerable to hidden attacks

Posted on by

Intel patched ten vulnerabilities across a dozen generations of CPUs, with many of the vulnerabilities being severe and impacting millions of devices. The flaws would let hackers run code on targeted systems using vulnerabilities, which include multiple buffer overflows in the operating system kernel for the Intel Management Engine (ME) firmware. Lenovo, whose website calls it a high severity vulnerability with an industry-wide scope, has a striking description of the issue: “An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation or denial of service.” Intel’s ME has long been criticized by security experts as a secret second internet-connected computer running inside your own machine without your knowledge or consent. That’s a potentially giant problem from a number of angles, not least of which is the fact that a user can’t turn […]

The post Intel patches flaw that leaves millions of computers vulnerable to hidden attacks appeared first on Cyberscoop.

Continue reading Intel patches flaw that leaves millions of computers vulnerable to hidden attacks

Hackers tied to North Korea target South Korea through Google Play Store, researchers say

Posted on by

Hackers known as the Lazarus Group are targeting Android phones in a new campaign aimed at South Korea, according to researchers at the cybersecurity firm McAfee. The attack begins with a malware-laced version of a Korean bible study app in the Google Play Store. It’s been downloaded 1,300 times. McAfee attributes the attack to Lazarus Group, which intelligence agencies in the U.S., Britain and elsewhere say is North Korean. Google Play Store, the app market for the world’s most popular operating system, has a persistent malware issue. On Monday, anti-virus company Avast reported banking malware that avoided Google’s detection and was downloaded thousands of times. North Korea spends significant resources on building and using cyber-capabilities. One scheme involved stealing $81 million from the central bank of Bangladesh in a heist that ran through the Federal Reserve Bank of New York in 2016. South Korea, North Korea’s chief geopolitical rival alongside the United States, is a frequent target of […]

The post Hackers tied to North Korea target South Korea through Google Play Store, researchers say appeared first on Cyberscoop.

Continue reading Hackers tied to North Korea target South Korea through Google Play Store, researchers say

BankBot, once thought to be wiped out, returns to Google Play store

Posted on by

There is another example of malware being a constant problem for Android users: BankBot, a banking Trojan designed to help crooks steal people’s money, is still lurking in various Google Play store apps despite Google’s attempts to get rid of it. The malware’s newest version hides in seemingly benign software (like free flashlight apps or solitaire games), avoids detection by Android’s security, downloads the effective payload from an external source hours after gaining administrator rights and allows for the theft of the victim’s banking credentials. BankBot has already been through several iterations, having been removed by Google in September but “several versions remained active until November 17,” according to researchers from the security firm Avast. “This was long enough for the apps to infect thousands of users.” “The cyber criminals have been targeting customers of big banks like Wells Fargo, Chase and about 160 other banking apps in the U.S., Latin America, Europe […]

The post BankBot, once thought to be wiped out, returns to Google Play store appeared first on Cyberscoop.

Continue reading BankBot, once thought to be wiped out, returns to Google Play store

Pentagon left AWS databases publicly exposed

Posted on by

A Department of Defense database containing 1.8 billion scraped internet posts over a span of eight years was left publicly exposed, according to researchers from the cybersecurity firm UpGuard. Researcher Chris Vickery discovered the trove, first reported by CNN. Vickery and UpGuard have made a name for themselves sniffing out mistakenly publicly exposed databases over the last year including data on 200 million voters, one gigabyte of sensitive files from Viacom and information on 14 million Verizon customers. “With evidence that the software employed to create these data stores was built and operated by an apparently defunct private-sector government contractor named VendorX, this cloud leak is a striking illustration of just how damaging third-party vendor risk can be, capable of affecting even the highest echelons of the Pentagon,” UpGuard’s Dan O’Sullivan wrote in a blog post. In June, Vickery found 60,000 sensitive files left publicly exposed by leading U.S. government contractor Booz Allen Hamilton. Vickery found the exposed […]

The post Pentagon left AWS databases publicly exposed appeared first on Cyberscoop.

Continue reading Pentagon left AWS databases publicly exposed

Kaspersky: NSA worker’s computer was packed with malware

Posted on by

As Kaspersky Lab faces accusations that its software allowed spying on classified U.S. documents, the Russian cybersecurity firm published the results of an internal investigation Thursday claiming an NSA worker who took classified documents home had a personal computer overwhelmed with malware. Other than a trove of NSA hacking tools, the unidentified NSA worker’s computer had 121 malicious files, including at least one backdoor created by a Russian criminal hacker, the firm concluded. Kaspersky said its antivirus software must have been disabled on the machine in order to allow the backdoor, known as Mokes, to run. The individual NSA worker has not been named publicly but is currently going through legal processes, according to U.S. officials. Kaspersky has been the focus of multiple congressional hearings. It was recently banned from civilian and military federal networks by a Department of  Homeland Security directive. The possibility of legal action by the Moscow-based company looms over the ongoing […]

The post Kaspersky: NSA worker’s computer was packed with malware appeared first on Cyberscoop.

Continue reading Kaspersky: NSA worker’s computer was packed with malware

China hides homegrown hacks from its vulnerability disclosure process

Posted on by

The U.S. government debuted its reworked vulnerabilities equities process on Tuesday after a drawn out fight about transparency and security. But almost nothing is known about the same process for China, the world’s second biggest economy and long time adversary to the U.S. in the digital domain. A new report shows the quieter Chinese vulnerability disclosure process tries to hide vulnerabilities exploited by malware linked to Chinese-linked hacking groups, according to research from Boston-based cybersecurity firm Recorded Future. “We believe we’ve found they have a vulnerability evaluation process that’s led by their intelligence services,” said Priscilla Moriuchi, the director of strategic threat development at Recorded Future. There’s been no previous public discussion of the Chinese process. China’s process is one  “in which high threat vulnerabilities are likely evaluated for their utility in intelligence operations before they’re published by [Chinese National Vulnerability Database],” the report reads. “The publication is made or delayed for these high threat vulnerabilities based […]

The post China hides homegrown hacks from its vulnerability disclosure process appeared first on Cyberscoop.

Continue reading China hides homegrown hacks from its vulnerability disclosure process