Sean Lyngaas – Page 18 – WindowsTechs.com

FBI aims for stronger cyber strategy as US grapples with SolarWinds fallout

Posted on January 13, 2021 by Sean Lyngaas

While dealing with a massive cyber-espionage campaign against the U.S. government, the FBI is trying to quietly implement a new strategy aimed at better tracking foreign hackers. FBI officials last spring gave the head of the National Cyber Investigative Joint Task Force (NCIJTF) — a group of intelligence, law enforcement and defense officials who track hacking threats — a more senior role within the bureau, according to Tonya Ugoretz, deputy assistant director in the FBI’s cyber division. The result is that a senior FBI official now leads an interagency group whose work could lead to offensive cyber-operations, sanctions or State Department démarches — or all three. Herb Stapleton, the former head of the FBI’s the head of FBI’s Cyber Crime Operations, is filling that role. The goal of the strategy, which the FBI unveiled in September, is to disrupt foreign cyber operations against U.S. assets by “changing the risk calculus” of adversaries, as […]

The post FBI aims for stronger cyber strategy as US grapples with SolarWinds fallout appeared first on CyberScoop.

Continue reading FBI aims for stronger cyber strategy as US grapples with SolarWinds fallout→

Mimecast breach investigators probe possible SolarWinds connection

Posted on January 13, 2021 by Sean Lyngaas

Mimecast, a global email security provider, on Tuesday said that one of its software security certificates had been breached by a “sophisticated threat actor” in a targeted operation to access customer emails. London-based Mimecast has a sprawling footprint, claiming some 39,000 customers around the world. The company said 10% of its customers use the particular software implementation involved in the breach, adding that attackers apparently targeted “a low single-digit number” of customers. The illicit access would have allowed attackers to spy on Mimecast clients. The hackers’ methods, and the fact that they targeted Microsoft’s cloud-based email services, have parallels with a suspected Russian hacking campaign that has used tainted software made by contractor SolarWinds to breach multiple U.S. government agencies. A person familiar with the matter told CyberScoop that investigators are examining whether the same attackers who breached SolarWinds also infiltrated Mimecast, a detail first reported by Reuters. “As a […]

The post Mimecast breach investigators probe possible SolarWinds connection appeared first on CyberScoop.

Continue reading Mimecast breach investigators probe possible SolarWinds connection→

Hackers who breached European medical regulator leak vaccine-related data

Posted on January 12, 2021 by Sean Lyngaas

Hackers who stole data related to a coronavirus vaccine have leaked it online, a European regulator investigating the breach said Tuesday. An ongoing investigation into the breach found that “some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet,” the European Medicines Agency said in a statement. It was not immediately clear what the unidentified attackers were trying to accomplish in dumping the data online. Cybercriminals often leak stolen data in an attempt to extort victims. Hackers last month stole documents from an EMA computer server related to a COVID-19 vaccine candidate developed by pharmaceutical firms Pfizer and BioNTech. The EMA emphasized that the breach hasn’t affected the efficacy or approval of the vaccine. The incident again spotlights that vaccine data has drawn interest not only from spies, but also also from scammers aiming to exploit a global […]

The post Hackers who breached European medical regulator leak vaccine-related data appeared first on CyberScoop.

Continue reading Hackers who breached European medical regulator leak vaccine-related data→

SolarWinds details stealthy code used to launch hacking campaign

Posted on January 11, 2021 by Sean Lyngaas

SolarWinds, the federal contractor at the center of a sweeping suspected Russian hacking campaign, on Monday identified malicious code the company says attackers used to manipulate its software, and remain undetected for months. The code was designed to inject another piece of custom malicious software into Orion, the SolarWinds software used by numerous Fortune 500 companies and federal agencies, “without arousing the suspicion of our software development and build teams,” Sudhakar Ramakrishna, the new CEO of SolarWinds, wrote in a blog post. The discovery adds to the public understanding of one of the most complex digital espionage operations in recent memory. The attackers have used not only SolarWinds’ software, but other digital entry points in carrying out the hack, which has affecting major firms including Microsoft and FireEye, as well as multiple federal agencies. Security firm CrowdStrike, which helped find the new malicious code, said the code monitors software processes […]

The post SolarWinds details stealthy code used to launch hacking campaign appeared first on CyberScoop.

Continue reading SolarWinds details stealthy code used to launch hacking campaign→

More federal victims of SolarWinds hacking likely to come forward, CISA chief says

Posted on January 11, 2021 by Sean Lyngaas

The number of federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the U.S Cybersecurity and Infrastructure Security Agency said. “The number [of federal victims] is likely to grow with further investigation,” Brandon Wales, CISA’s acting director, said in an interview Friday. “That being said, we do believe that the number will remain extremely small because of the highly targeted nature of this campaign. And that is going to be true for both government and private-sector entities compromised.” Wales is a career civil servant who found himself at the helm of the Department of Homeland Security’s cybersecurity agency in mid-November after President Donald Trump fired Chris Krebs. Wales has been quarterbacking CISA’s response to a sweeping breach of federal and corporate networks, in which suspected Russian hackers exploited the reach of software made by the contractor […]

The post More federal victims of SolarWinds hacking likely to come forward, CISA chief says appeared first on CyberScoop.

Continue reading More federal victims of SolarWinds hacking likely to come forward, CISA chief says→

Russian man sentenced to 12 years in prison for massive JPMorgan data heist

Posted on January 8, 2021 by Sean Lyngaas

A U.S. federal judge on Thursday sentenced Andrei Tyurin, a 37-year-old Russian man, to 12 years in prison for his role in a hacking scheme that prosecutors say involved the theft of personal data from over 100 million customers of big U.S. financial firms. The brazen hacking operation, which ran from 2012 to 2015, is one of the biggest to hit Wall Street in recent memory. It involved Tyurin allegedly working with an Israeli man named Gery Shalon, among others, to breach big-name companies like JPMorgan Chase, ETrade and The Wall Street Journal. The scammers then sought to inflate stock prices by marketing them to people whose data they had stolen. Tyurin’s breach of JPMorgan Chase alone saw data on 80 million customers stolen, according to prosecutors. The Russian man made $19 million altogether from the hacking, the Justice Department said in a statement. The case is a win for […]

The post Russian man sentenced to 12 years in prison for massive JPMorgan data heist appeared first on CyberScoop.

Continue reading Russian man sentenced to 12 years in prison for massive JPMorgan data heist→

SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack

Posted on January 8, 2021 by Sean Lyngaas

Software provider SolarWinds, which was breached in a suspected Russian hacking campaign against U.S. companies and federal agencies, has hired former senior U.S. cybersecurity official Chris Krebs and former Facebook security chief Alex Stamos to help respond to the hack and improve its security practices. Krebs and Stamos will work as consultants for Texas-based SolarWinds as it continues to deal with the fallout of a hacking operation that has roiled Washington and is considered one of the more significant cyber-espionage campaigns against U.S. agencies in years. “Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies,” SolarWinds said in a statement. “We have brought in the expertise of Chris Krebs and Alex Stamos to assist in this review and provide best-in-class guidance on our journey to evolve into an industry leading secure software […]

The post SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack appeared first on CyberScoop.

Continue reading SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack→

Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia

Posted on January 7, 2021 by Sean Lyngaas

An influential Senate Democrat who will soon chair the intelligence committee on Thursday accused the White House of “water[ing] down” the U.S. government’s public statement linking a hacking campaign to Russia, and suggested more high-profile corporations had been breached. “We know who it was,” Sen. Mark Warner, D-Va., said in reference to the espionage campaign in which attackers leveraged the software built by federal contractor SolarWinds to compromise multiple federal agencies. “And this White House has again water-downed the attribution statements that should have been made in one more outrageous effort to constantly underestimate and underreport on Russian activity.” He spoke at an event held by the Aspen Institute. U.S. intelligence and national security agencies on Tuesday said the hacking campaign was “likely Russian in origin,” calling it “a serious compromise that will require a sustained and dedicated effort to remediate.” A person familiar with internal U.S. government deliberations on […]

The post Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia appeared first on CyberScoop.

Continue reading Sen. Warner accuses White House of weakening statement attributing SolarWinds hack to Russia→

Capitol Hill riot exposes Congress’s operational and cybersecurity frailties

Posted on January 7, 2021 by Sean Lyngaas

The violent pro-Trump mob that stormed the Capitol on Wednesday exposed not only glaring weaknesses in the legislative body’s physical security but also its digital and operational security, according to experts. The intruders were able to roam the halls of Congress and at certain points had unfettered access to some lawmakers’ offices and computers. One rioter left a note in front of a computer in House Speaker Nancy Pelosi’s office saying, “We will not back down.” Sen. Jeff Merkley, D-Ore., said a laptop was stolen from his office. There is no public evidence that devices were tampered with. But some experts are hoping that, in addition to a likely investigation into the failures of physical security measures, lawmakers take the opportunity to review their own digital security practices, which have long been a concern. The insurrectionists who breached the Capitol were unsophisticated opportunists who were more interested in taking selfies […]

The post Capitol Hill riot exposes Congress’s operational and cybersecurity frailties appeared first on CyberScoop.

Continue reading Capitol Hill riot exposes Congress’s operational and cybersecurity frailties→

Justice Department confirms SolarWinds hackers accessed Department emails

Posted on January 6, 2021 by Sean Lyngaas

The Justice Department on Wednesday joined a growing list of confirmed victims in the public and private sector of a suspected Russian espionage campaign that used tainted software made by SolarWinds. The attackers were able to burrow their way into the Microsoft Office 365 email accounts of Justice Department employees and potentially had access to “around 3%” of such email accounts in the department, Marc Raimondi, a department spokesman, said in a statement. The Justice Department has more than 115,000 employees, according to a fiscal 2020 budget request, but not all employees use Office 365, Raimondi told CyberScoop. He declined to say how many employees do use the software. The departments of Commerce, Energy and Treasury have also confirmed breaches. “Fewer than 10” U.S. agencies have been victimized by the targeted espionage operation, according to investigators. The Justice Department statement comes a day after U.S. investigators for the first time […]

The post Justice Department confirms SolarWinds hackers accessed Department emails appeared first on CyberScoop.

Continue reading Justice Department confirms SolarWinds hackers accessed Department emails→