Author Archives: Sean Lyngaas

White House executive order further restricts investments in Chinese surveillance technology

Posted on by

President Joe Biden on Thursday signed an executive order that expands restrictions on U.S. investments in the Chinese defense sector and takes aim at the export of Chinese surveillance technologies. Building on a Trump administration order, the new directive expands to 59 the list of Chinese companies that Americans are barred from investing in. The order, the White House said, will also give U.S. officials greater leeway in addressing the threat of Chinese surveillance technology that is used to repress religious or ethnic groups inside and outside of China. The directive allows the U.S. “to prohibit – in a targeted and scoped manner – U.S. investments in Chinese companies that undermine the security or democratic values of the United States and our allies,” the White House said in a statement. Several Chinese technology firms have been implicated in the Chinese government’s mass detention of Uyghurs, a mostly Muslim minority group whose […]

The post White House executive order further restricts investments in Chinese surveillance technology appeared first on CyberScoop.

Continue reading White House executive order further restricts investments in Chinese surveillance technology

Justice Department orders prosecutors to more closely track ransomware, share case information

Posted on by

The Justice Department has required federal prosecutors across the U.S. to more closely track ransomware cases and notify department officials of key developments in the prosecution of hackers. It’s a move that, in the wake of ransomware attacks on key U.S. distributors of fuel and meat, elevates the fight against ransomware as a top priority for the government’s law enforcement division. The goal is to have a clearer view of extortion attempts occurring in every state, and any progress that’s being made in tracking down the perpetrators. A memo that Deputy Attorney General Lisa Monaco sent to U.S. Attorneys offices on Thursday requires the offices to notify senior department officials in Washington whenever they learn of a new ransomware attack in their district. Such “urgent reports,” for example, should cover ransomware incidents affecting critical infrastructure or a municipal government — something that happens regularly. “To ensure we can make necessary […]

The post Justice Department orders prosecutors to more closely track ransomware, share case information appeared first on CyberScoop.

Continue reading Justice Department orders prosecutors to more closely track ransomware, share case information

Fujifilm shuts down computer systems following apparent ransomware intrusion

Posted on by

Fujifilm Corp. has shut down part of its computer network and “disconnected from external correspondence” in the face of a possible ransomware attack, the Japanese electronics giant said Wednesday. In a brief statement, Fujifilm said that it became aware of the security issue late Tuesday and that it has “taken measures to suspend all affected systems in coordination with our various global entities.” The company said it was still “working to determine the extent and the scale of the issue.” Fujifilm is just the latest multinational company to be hamstrung by ransomware. JBS, the world’s largest beef producer, had to temporarily shut down facilities in Colorado, Canada and Australia following a ransomware hack. Perhaps best known for its photography equipment, Fujifilm also makes a range of medical products such as CT Scan and Xray devices. The company reported more than $20 billion in revenue last year and has offices around […]

The post Fujifilm shuts down computer systems following apparent ransomware intrusion appeared first on CyberScoop.

Continue reading Fujifilm shuts down computer systems following apparent ransomware intrusion

Sensitive medical, financial data exposed in extortion of Massachusetts hospital

Posted on by

A hospital in Massachusetts quietly paid off a ransomware gang after a February hack that exposed patients’ sensitive medical and financial data, the hospital said in a May 28 statement. Sturdy Memorial Hospital, a 126-bed facility in the city of Attleboro, said that the information exposed in the hacking incident may have included insurance claim numbers, medical history, treatment information, Social Security numbers, bank routing numbers and credit card numbers and security codes, among other data. “In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed,” Sturdy Memorial said. Other Massachusetts health providers with which Sturdy Memorial Hospital has worked were swept up in the incident. The breach affected data belonging to patients of Harbor Medical Associates, South Shore Medical Center and providers affiliated with South Shore Physician Hospital Organization, according to the statement. Nearly four […]

The post Sensitive medical, financial data exposed in extortion of Massachusetts hospital appeared first on CyberScoop.

Continue reading Sensitive medical, financial data exposed in extortion of Massachusetts hospital

Meat chain JBS says US production is returning after ransomware attack

Posted on by

The U.S. division of JBS, which accounts for an estimated one-fifth of the country’s beef production, said it expects the “vast majority” of its meat plants to be operational on Wednesday after a ransomware attack ground work to a halt. “Our systems are coming back online and we are not sparing any resources to fight this threat,” JBS USA CEO Andre Nogueira said in a statement Tuesday evening. The breach at JBS, the world’s largest meat supplier, has caused disruptions to the company’s facilities in Colorado, to Canada and Australia. Workers were sent home from some plants in an industry that has already faced disruptions because of the coronavirus pandemic. Nogueira said that JBS USA and Pilgrim’s, one of the company’s brands, were able to ship product from nearly all facilities in the U.S. on Tuesday. “The company also continues to make progress in resuming plant operations in the U.S. […]

The post Meat chain JBS says US production is returning after ransomware attack appeared first on CyberScoop.

Continue reading Meat chain JBS says US production is returning after ransomware attack

Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing

Posted on by

An ex-U.S. ambassador to Russia, anti-corruption activists in Ukraine and election observers in other parts of Eastern Europe were among the apparent targets of a suspected Russian state-sponsored hacking effort, according to data linked to the spying operation that a researcher shared with CyberScoop. The list offers classic examples of organizations that Russian spies might want to infiltrate, including those working to expose graft, combat disinformation and promote secure elections. It also points to the persistent threats that small nonprofits face from well-resourced hackers, as well as the long-running alleged Russian efforts to undermine democratic institutions. Microsoft on May 27 said hackers had used a breached account belonging to the U.S. Agency for International Development, a U.S. government agency, to send phishing emails to some 3,000 email accounts at 150 organizations in 24 countries (U.S. officials estimated an even broader set of targets: 7,000 accounts and 350 organizations.) Microsoft blamed […]

The post Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing appeared first on CyberScoop.

Continue reading Ex-US ambassador, anti-corruption activists in Ukraine were targets of suspected Russian phishing

SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

Posted on by

The same Russian spies who exploited SolarWinds software to infiltrate U.S. government agencies have in the last week launched a phishing campaign that aimed to hack some 150 organizations in 24 countries, Microsoft said Thursday. The suspected Russian hackers have posed as the U.S. Agency for International Development, a government agency that funds aid projects around the world, to target some 3,000 individual accounts in a blitz of phishing emails since May 25, Microsoft said in a blog post. The majority of the target organizations are in the U.S., and at least a quarter of them work in international development, humanitarian aid and human rights, Microsoft said. The hackers blasted out the nefarious messages by using a breached account that USAID uses to send marketing emails, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. A USAID spokesperson said that a forensic investigation into the breach […]

The post SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says appeared first on CyberScoop.

Continue reading SolarWinds hackers are behind a widespread phishing campaign impersonating USAID, Microsoft says

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

Posted on by

A sprawling Chinese espionage operation against U.S. and European government organizations extends to additional commercial sectors than previously known and involves four new hacking tools, security firm FireEye said Thursday. All told, two China-linked groups — and other hackers that investigators did not name — are exploiting virtual private network software in breaches that have touched the transportation and telecommunication sectors, according to FireEye. The firm had previously only named the defense, financial  and government sectors as affected by the breaches. The attackers are exploiting popular VPN software known as Pulse Connect Secure to burrow into networks and steal sensitive data. Many of the breached organizations “operate in verticals and industries aligned with Beijing’s strategic objectives” that are outlined in the Chinese government’s latest “Five Year Plan” for economic growth, according to Mandiant, FireEye’s incident response arm. The majority of the intrusions have been carried out by a group called […]

The post Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says appeared first on CyberScoop.

Continue reading Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

TSA cyber requirements would fine pipeline operators for lax security practices

Posted on by

The Transportation Security Administration will for the first time require pipeline operators to meet mandatory cybersecurity requirements in the wake of a ransomware attack that caused a days-long shutdown of the main artery for delivery fuel to the East Coast. The TSA security directive, expected to be released Thursday, requires certain pipeline operators to report hacking incidents to the Department of Homeland Security’s cybersecurity agency within 12 hours, and would levy fines starting at approximately $7,000 on operators for failing to comply with security guidelines, department officials told reporters in a call. DHS officials estimate that the requirements will apply to roughly 100 pipeline companies, including some of the country’s largest operators. The rules signal a shift to the traditional federal approach to pipeline security, which for years has rested on voluntary guidelines that critics said fell short of meeting the threat. A DHS official said the update is “part […]

The post TSA cyber requirements would fine pipeline operators for lax security practices appeared first on CyberScoop.

Continue reading TSA cyber requirements would fine pipeline operators for lax security practices

Security researchers suggest naming state-harbored hackers ‘privateers’

Posted on by

The ransomware-induced disruption of Colonial Pipeline, which supplies 45% of fuel consumed on the East Coast, has already forced big changes to U.S. government policies on pipeline security and brought heightened scrutiny of organizations’ decisions to pay hackers ransoms. Now, the incident has factored into one prominent security firm’s decision to change how it publicly classifies the relationship between criminal hacking groups and the governments that host them. Talos, the threat intelligence unit of Cisco, said Wednesday that it would begin using the term “privateers” to describe hacking groups that aren’t controlled by governments but which “benefit from government decisions to turn a blind eye toward their activities.” Other cybersecurity executives have compared the safe havens that some governments provide cybercriminals today with 17th century piracy. “If it were the 17th century, and pirates harassing the English merchant fleet were ducking into Dutch harbors, at what point would the Dutch […]

The post Security researchers suggest naming state-harbored hackers ‘privateers’ appeared first on CyberScoop.

Continue reading Security researchers suggest naming state-harbored hackers ‘privateers’