Sean Lyngaas – Page 20 – WindowsTechs.com

Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected

Posted on December 17, 2020 by Sean Lyngaas

The Department of Energy on Thursday said it had found malicious software related to the breach of contractor SolarWinds on the department’s IT networks, making it the latest federal agency to be swept up in a hacking campaign reportedly tied to Russia. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” Department of Energy spokeswoman Shaylyn Hynes said in a statement. DOE joins a growing list of federal agencies, including the departments of Homeland Security and Treasury, that have been reportedly breached in the hacking campaign. The cyber activity, which The Washington Post reported is connected to a Russian intelligence service, has involved using tampered software from Austin-based SolarWinds, to gain persistence access to victim networks. SolarWinds’ software is also widely used in […]

The post Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected appeared first on CyberScoop.

Continue reading Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected→

How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic

Posted on December 17, 2020 by Sean Lyngaas

The U.S. government officials trying to test the country’s ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn’t in the script. Until this year, National Guard personnel, Pentagon contractors and engineers at big U.S. utilities would typically gather in person to run through exercises involving dire scenarios, from a weeks-long power outage to a mock attack on utility computers that appeared to delete data. In October, though, COVID-19 forced planners from the departments of Defense and Energy to figure out how to run the event virtually, with participants plugged in from around the country. And they used the […]

The post How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic appeared first on CyberScoop.

Continue reading How the US military used a creepy island to test cyberattacks on the grid — in the middle of a pandemic→

Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on

Posted on December 17, 2020 by Sean Lyngaas

President-elect Joe Biden said on Thursday he has instructed his advisers to learn as much as possible about a hacking campaign that’s roiled the U.S. government, as the investigators warned that the suspected Russian effort represented a “grave risk.” In a statement, Biden pledged to “elevate cybersecurity as an imperative across the government,” following revelations about how hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks belonging to reported victims including the departments of Treasury, Commerce and Homeland Security. “Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation,” Biden said in a statement. The Department of Homeland Security also on Thursday released additional technical details on the hacking effort that the Washington Post has connected to a Russian intelligence agency, calling it a “grave risk” to federal and state networks […]

The post Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on appeared first on CyberScoop.

Continue reading Biden says he will ‘elevate’ cybersecurity as US hack investigation goes on→

FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware

Posted on December 16, 2020 by Sean Lyngaas

As the U.S. government works to contain a sprawling hacking campaign that relies on software in technology from SolarWinds, a federal contractor, technology firms are disabling some of the hackers’ key infrastructure. Cybersecurity giant FireEye on Wednesday said that it had worked with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to victim machines. The move is no panacea for stopping the suspected state-sponsored hacking campaign, though it could help stem the tide of victims, which reportedly includes the departments of Treasury and Homeland Security. The seized domain, known as a “killswitch,” will “affect new and previous” infections of the malicious code coming from that particular domain, FireEye said in a statement that was first reported by independent journalist Brian Krebs. “Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware […]

The post FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware appeared first on CyberScoop.

Continue reading FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware→

SolarWinds breach has industrial firms checking their networks for vulnerabilities

Posted on December 15, 2020 by Sean Lyngaas

Executives from multiple U.S. electric utilities on Monday convened a phone call to discuss a critical vulnerability in software made by SolarWinds, the federal contractor at the heart of an apparent cyber-espionage operation. The briefing, hosted by an industry-government group known as the Electricity Subsector Coordinating Council, is just one example of the wide ripple effects of the malicious tampering of SolarWinds’ software by suspected state-sponsored hackers. The SolarWinds compromise has led to the reported breaches of multiple U.S. federal agencies, including the departments of Treasury and Homeland Security. The affected software is widely used in the electricity, oil and gas and manufacturing sectors, and the process of assessing some organizations’ exposure to the bug has only just started. “We have to make sure we’re breaking down some of these concepts so they understand the impact to them as critical infrastructure owners and operators,” said one U.S. official involved in […]

The post SolarWinds breach has industrial firms checking their networks for vulnerabilities appeared first on CyberScoop.

Continue reading SolarWinds breach has industrial firms checking their networks for vulnerabilities→

National security officials brief Biden team on SolarWinds hacking campaign

Posted on December 15, 2020 by Sean Lyngaas

U.S. national security officials have briefed the transition team for President-elect Joe Biden and Capitol Hill aides on the consequences of a suspected government-backed hacking campaign affecting multiple federal agencies, according to multiple people familiar with the matter. Trump administration officials held multiple briefings on the topic for Biden aides on Monday, and there is a classified briefing slated for Tuesday, according to a person familiar with the briefings. Among the agencies briefing Biden staff on Monday was the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, a CISA official said. The hacking campaign, which the Washington Post reported as being tied to Russia, forced an emergency meeting of the White House National Security Council and prompted some lawmakers to call for new approaches to defending U.S. companies from malicious cyber activity. Responding to the apparent cyber-espionage effort could be one of the first big tests of Biden’s cybersecurity […]

The post National security officials brief Biden team on SolarWinds hacking campaign appeared first on CyberScoop.

Continue reading National security officials brief Biden team on SolarWinds hacking campaign→

Matt Masterson, CISA’s top election security official, to step down

Posted on December 10, 2020 by Sean Lyngaas

Matt Masterson, one of the U.S. government’s top election experts, is leaving his post as of next week for a role in academia where he will continue to study the disinformation campaigns that have plagued the country, he told CyberScoop on Thursday. Masterson has been a senior adviser at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency since 2018. He led a team that reassured the public that the 2020 election was secure, despite President Donald Trump’s baseless assertions to the contrary. Masterson will join the Stanford Internet Observatory, a team of academics and tech experts led by former Facebook security chief Alex Stamos, which works on election security and social media challenges. Masterson said his last day at CISA will be Dec. 18. At Stanford, “We’re going to unpack what we’ve learned over the last few years [on election security],” Masterson said in an interview, including “what […]

The post Matt Masterson, CISA’s top election security official, to step down appeared first on CyberScoop.

Continue reading Matt Masterson, CISA’s top election security official, to step down→

Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Posted on December 10, 2020 by Sean Lyngaas

Security experts at Microsoft on Thursday detailed how internet attackers are abusing some of the world’s most popular web browsers for a fraud campaign, which at its height has affected more than 30,000 devices per day. The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program. Microsoft did not identify who was responsible for the attacks, or how much money they had netted. The malicious campaign, which Microsoft said began in May, uses extensions on popular web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge and Russian-language Yandex to reach as many internet users as possible. “[T]he fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how […]

The post Scammers use Chrome, Firefox extensions in widespread ad fraud campaign appeared first on CyberScoop.

Continue reading Scammers use Chrome, Firefox extensions in widespread ad fraud campaign→

Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians

Posted on December 9, 2020 by Sean Lyngaas

An Arabic-speaking hacking group that’s used phishing emails laden with sensational headlines focused on the Middle East to spy on government officials is leveraging recent diplomatic activity to conduct espionage. Operatives with the group, known as MoleRATs, used mainstream technology services like Facebook and Dropbox to obscure their malicious activity and exfiltrate data, according Cybereason, the security company that published details on the activity on Wednesday. It’s the latest example of a savvy hacking group turning to popular technology platforms to dupe their targets, or cover their tracks. This MoleRATs espionage campaign, which occurred in October and November, was aimed at political and government officials in Egypt, the Palestinian territories, the United Arab Emirates and Turkey, according to Cybereason. Its phishing emails referenced a reported secret meeting between Saudi Crown Prince Mohammed bin Salman, Israeli Prime Minister Benjamin Netanyahu and U.S. Secretary of State Mike Pompeo. Hackers used Facebook accounts […]

The post Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians appeared first on CyberScoop.

Continue reading Hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians→

FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame

Posted on December 8, 2020 by Sean Lyngaas

FireEye, one of the most influential cybersecurity companies in the world, on Tuesday revealed that it had been breached by a suspected state-sponsored hacking group. FireEye CEO Kevin Mandia said that the FBI and security experts at Microsoft were helping investigate the incident, in which attackers accessed the tools FireEye uses to simulate attacks against clients. “Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques,” Mandia said in a blog post. Attackers stole so-called red team tools, which security firms use to imitate real-world hacks on behalf of their clients. Such red team tools from a respected firm like FireEye would provide malicious attackers with a kind of roadmap on how to subvert defenses, and breach victims. Mandia said his firm was taking the extraordinary step of developing “more than 300 countermeasures for our customers, and the community at […]

The post FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame appeared first on CyberScoop.

Continue reading FireEye says hackers stole its red-team tools, suggests state-sponsored group is to blame→