Sean Lyngaas – Page 41 – WindowsTechs.com

Cyberattack hits internal IT systems of key player in British power market

Posted on May 14, 2020 by Sean Lyngaas

Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees. The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident. “The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack. The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said. The company manages transactions worth some $2 billion a year, resolving the difference between what electricity generators and suppliers say they will produce or use and what they actually do. A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident, calling it a “cyber intrusion on Elexon’s internal […]

The post Cyberattack hits internal IT systems of key player in British power market appeared first on CyberScoop.

Continue reading Cyberattack hits internal IT systems of key player in British power market→

Security incident knocks UK supercomputer service offline for days

Posted on May 14, 2020 by Sean Lyngaas

Britain’s main supercomputing service for academic research has been unavailable since Monday following a security incident that forced administrators to reset user passwords. The ARCHER computing service, which scientists use to model climate change, coronavirus, and other societal challenges, likely won’t be available until at least next week as U.K. government cyber officials continue to help the system recover. ARCHER — a set of powerful hardware and simulation software housed at the University of Edinburgh — recently made available to its users a tool for simulating the extent of the COVID-19 outbreak. Scientific data and know-how has been in the crosshairs of hackers during the COVID-19 pandemic as governments around the world race to understand and treat the disease. It was unclear who was responsible for the security incident. A spokesperson for the U.K.’s National Cyber Security Centre told CyberScoop the agency was aware of the incident and providing support for […]

The post Security incident knocks UK supercomputer service offline for days appeared first on CyberScoop.

Continue reading Security incident knocks UK supercomputer service offline for days→

Researchers expose new malware designed to steal data from air-gapped networks

Posted on May 13, 2020 by Sean Lyngaas

Hacking tools and techniques that are capable of accessing “air-gapped” systems — those cut off from external network connections — are coveted by intelligence agencies and pored over by security researchers. Spies try to conceal them; researchers try to expose them to warn potential victims. That dynamic is behind Slovakian anti-virus company ESET’s decision Wednesday to go public with what it says is a previously unknown malicious software framework designed to steal files from air-gapped systems. Much around the hacking tool — who is using it, who some of its victims are — remains a mystery. But ESET is hoping publicizing it will shake loose more clues in their hunt for the hackers. “We believe Ramsay is intended to be used in targeted attacks only and [has] espionage written all over it,” Alexis Dorais-Joncas, a security intelligence team lead at ESET, told CyberScoop. “‘Normal’ people do not operate in air-gapped environments.” The […]

The post Researchers expose new malware designed to steal data from air-gapped networks appeared first on CyberScoop.

Continue reading Researchers expose new malware designed to steal data from air-gapped networks→

U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research

Posted on May 13, 2020 by Sean Lyngaas

The Department of Homeland Security and the FBI on Wednesday blamed hackers linked with the Chinese government for attempting to steal U.S. research into a coronavirus vaccine, an escalation of the bilateral feud over handling of the global pandemic. The U.S. agencies accused Chinese hackers as well as spies of trying to pilfer intellectual property and other information related to coronavirus treatments. “The FBI is investigating the targeting and compromise of U.S. organizations conducting COVID-19-related research by [People’s Republic of China]-affiliated cyber actors and non-traditional collectors,” the statement says. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options.” Labeling their statement a “public service announcement,” the agencies urged medical research organizations to be vigilant and report suspicious cyber activity. The announcement adds to a slew of charges the Trump administration has made against China for allegedly stealing billions of dollars in U.S. intellectual property. Beijing has […]

The post U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research appeared first on CyberScoop.

Continue reading U.S. accuses Chinese hackers of trying to steal coronavirus vaccine research→

How two researchers used an app store to demonstrate hacks on a factory

Posted on May 12, 2020 by Sean Lyngaas

When malicious code spread through the networks of Rheinmetall Automotive last year, it disrupted the German manufacturing firm’s plants on two continents, temporarily costing up to $4 million each week. The attacks were the latest reminder to factory owners that computer viruses can hobble production. While awareness of the threats has grown, there’s still a risk that too many organizations view such attacks as isolated incidents, rather than the work of a determined attacker that could be visited upon them. Federico Maggi, a senior researcher at cybersecurity company Trend Micro, set out to dispel that mindset. So he used a laboratory housed at Politecnico di Milano School of Management, Italy’s largest technical university, to show how attackers could disrupt production on the factory floor. His goal was to use the hypothetical hacks to help organizations address weaknesses in their defenses before actual attackers strike. “We wanted to look for something different, something that future attackers […]

The post How two researchers used an app store to demonstrate hacks on a factory appeared first on CyberScoop.

Continue reading How two researchers used an app store to demonstrate hacks on a factory→

DHS memo: ‘Significant’ security risks presented by online voting

Posted on May 11, 2020 by Sean Lyngaas

The Department of Homeland Security has told election officials and voting vendors that internet-connected voting is risky to the point that ballots returned online “could be manipulated at scale” by a malicious attacker. The advisory that DHS’s Cybersecurity and Infrastructure Security Agency sent states on Friday is perhaps the federal government’s sternest warning yet against online voting. It comes as officials weigh their options for conducting elections during a pandemic and as digital voting vendors see an opportunity to hawk their products. While the risk of election officials delivering ballots to voters via the internet can be managed, the return of those ballots by voters “faces significant security risks to the confidentiality, integrity, and availability of voted ballots,” CISA said in the guidance, which CyberScoop reviewed. “These risks can ultimately affect the tabulation and results and, can occur at scale.” The guidance, which is marked “For Official Use Only” and […]

The post DHS memo: ‘Significant’ security risks presented by online voting appeared first on CyberScoop.

Continue reading DHS memo: ‘Significant’ security risks presented by online voting→

What one cybersecurity company has learned from responding to Maze ransomware

Posted on May 8, 2020 by Sean Lyngaas

When hackers lock the computer systems of a big company with ransomware, the gears of corporate damage control kick into action. Lawyers are mobilized, spokespeople are tight-lipped, and negotiation experts are sometimes brought in to talk to the hackers. Those triage teams strictly limit the information on the incident available to the public. But forensic experts hired to salvage a company’s computers sometimes reveal the important data they collect on ransomware gangs. Case in point: A new report from cybersecurity company FireEye helps demystify Russian-speaking hackers behind a spate of recent ransomware attacks in hopes of making them easier to disrupt. Maze ransomware has wreaked havoc across North America and Europe in the last year, leading to warnings from the FBI and the Department of Homeland Security. They have hit over a dozen sectors, from construction to financial services to transportation. But some of the hackers’ most effective tactics are less novel than […]

The post What one cybersecurity company has learned from responding to Maze ransomware appeared first on CyberScoop.

Continue reading What one cybersecurity company has learned from responding to Maze ransomware→

Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say

Posted on May 7, 2020 by Sean Lyngaas

Nearly five years ago, researchers unmasked a Chinese hacking group, pinpointing the unit of the People’s Liberation Army that was allegedly sponsoring it. The so-called Naikon group was key to China’s spying efforts in the South China Sea, targeting government agencies from the Philippines to Vietnam, said the report from companies ThreatConnect and Defense Group Inc. Since then, there has been relatively little public documentation of Naikon as other China-linked groups — including one targeted by a U.S. Department of Justice indictment — have taken the limelight. But on Thursday, analysts with Israeli cybersecurity company Check Point said that Naikon has been far from idle in recent months, trying to hack familiar government targets in Australia, Indonesia, the Philippines, Vietnam, and other Southeast Asian countries. The espionage campaign, which has also hit state-owned companies in the region, accelerated in the last half of 2019 and into the first quarter of 2020. Naikon […]

The post Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say appeared first on CyberScoop.

Continue reading Chinese spies hop from one hacked government network to another in Asia Pacific, researchers say→

European health care giant Fresenius Group grappling with computer virus

Posted on May 6, 2020 by Sean Lyngaas

Fresenius Group, a big European health care conglomerate, said Wednesday that a computer virus had infected at least one of its businesses’ IT systems. It’s another sign that malicious hackers see medical organizations as fair game despite a global health crisis. The Germany-based corporation said the security incident had hampered some production in its pharmaceutical business, Fresenius Kabi, which makes everything from nutritional products and infusion therapies to pain relievers that are in high demand during the coronavirus pandemic. Fresenius Group spokesperson Steffen Rinas declined to specify which production units were affected by the malware. He did say that Fresenius’s hospitals — said to be the largest private network in Europe — were not affected by the incident. The company did not specify the nature of the virus. “As a precautionary measure in accordance with the security protocol drawn up for such cases, steps have been taken to prevent further spread,” Rinas said in an email. “Nevertheless, our production […]

The post European health care giant Fresenius Group grappling with computer virus appeared first on CyberScoop.

Continue reading European health care giant Fresenius Group grappling with computer virus→

Taiwan’s state-owned energy company suffers ransomware attack

Posted on May 5, 2020 by Sean Lyngaas

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop. CPC Corp., an important national asset responsible for importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to pay for gas. In Taiwan, CPC represents a high-value target for malicious hackers. Taiwan is heavily reliant on imports for its energy needs, and the company has invested in a number of offshore oil and gas projects. CPC’s official statement did not mention ransomware, but private-sector reports obtained by CyberScoop shed more light on the incident. Two of the malicious files used in the attack are detected as ransomware on VirusTotal, the […]

The post Taiwan’s state-owned energy company suffers ransomware attack appeared first on CyberScoop.

Continue reading Taiwan’s state-owned energy company suffers ransomware attack→