Sean Lyngaas – Page 5 – WindowsTechs.com

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Posted on May 25, 2021 by Sean Lyngaas

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]

The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.

Continue reading Suspected Iranian hackers pose as ransomware operators to target Israeli organizations→

TSA to issue cyber directive for pipeline operators following Colonial ransomware attack

Posted on May 25, 2021 by Sean Lyngaas

Following a ransomware attack on an artery for delivering fuel to the East Coast, the Transportation Security Administration plans to issue a security directive requiring pipeline companies to report hacks to federal authorities, according to multiple people familiar with the matter. The Biden administration’s move to issue mandatory requirements for pipeline operators, where there has previously been only voluntary guidelines, follows the days-long shutdown of Colonial Pipeline by a cybercriminal gang known as DarkSide. Gas stations in multiple states ran low on fuel amid a rash of panic buying, and the federal government issued emergency orders to alleviate any fuel shortages. The TSA directive, expected in the coming days, is another signal from the administration that the status quo for federal cyber requirements for critical infrastructure is untenable. President Joe Biden on May 12 signed an executive order that will require federal contractors to promptly report data breaches following the […]

The post TSA to issue cyber directive for pipeline operators following Colonial ransomware attack appeared first on CyberScoop.

Continue reading TSA to issue cyber directive for pipeline operators following Colonial ransomware attack→

Ransomware forced Bose systems offline, exposed personal data of 6 former employees

Posted on May 25, 2021 by Sean Lyngaas

A ransomware intrusion of the computer networks of Bose in March forced some of the electronic giant’s IT systems offline and exposed the personal information of a handful of former employees, the company said in a breach notification letter. Seven weeks into an investigation of the incident, in late April, Bose discovered that hackers had accessed and “potentially exfiltrated” files containing the Social Security numbers and salary information of six former Bose employees based in New Hampshire, according to the statement. Bose could not confirm whether the data was exfiltrated, the company said in a May 19 letter posted to the New Hampshire attorney general’s website. Neither private sector experts nor the FBI have found evidence of the data being sold on the dark web, the letter said. The incident is a reminder that while, high profile ransomware attacks like the one on Colonial Pipeline are impossible to miss, some […]

The post Ransomware forced Bose systems offline, exposed personal data of 6 former employees appeared first on CyberScoop.

Continue reading Ransomware forced Bose systems offline, exposed personal data of 6 former employees→

Alleged North Korean hackers scouted crypto exchange employees before stealing currency, researchers say

Posted on May 24, 2021 by Sean Lyngaas

Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years, according to a new private sector report. The analysis published Monday by the Israeli security firm ClearSky names Lazarus Group, which U.S. officials say works on behalf of the North Korean government, as the suspect in a hacking campaign that began with attackers scouting cryptocurrency exchange employees and ended with money leaving user accounts. Cryptocurrency helps North Korea blunt the financial impact of international sanctions, as virtual payment techniques are popular on black markets, difficult to trace and exist largely outside the global financial system. A United Nations panel in 2019 implicated North Korean hackers in the theft of $571 million from five cryptocurrency exchanges in Asia. Those hacks are “probably” done to fund North Korean “government priorities, such […]

The post Alleged North Korean hackers scouted crypto exchange employees before stealing currency, researchers say appeared first on CyberScoop.

Continue reading Alleged North Korean hackers scouted crypto exchange employees before stealing currency, researchers say→

Hack of IT provider exposes data on 4.5 million Air India passengers

Posted on May 24, 2021 by Sean Lyngaas

Data on 4.5 million Air India passengers was compromised in a hack of a major IT provider to the airline industry, Air India announced last week. The initial breach of the IT provider, SITA — disclosed in March — affected numerous airlines from Lufthansa to Cathay Pacific, but the investigation has now revealed one of its biggest victims yet in India’s flagship air carrier. The breach covers nearly a decade of data on Air India passengers, and includes passport, ticket information and credit card information, Air India said in a statement. Air India said it has secured the hacked servers, notified credit card firms of the breach and reset passwords for frequent flyer accounts. The airline also advised passengers to change their own passwords where applicable. “[O]ur data processor has ensured that no abnormal activity was observed after securing the compromised servers,” the statement said. It is still unclear who is […]

The post Hack of IT provider exposes data on 4.5 million Air India passengers appeared first on CyberScoop.

Continue reading Hack of IT provider exposes data on 4.5 million Air India passengers→

Irish officials analyze decryption tool as long recovery process from ransomware continues

Posted on May 21, 2021 by Sean Lyngaas

The Irish government expects to dedicate significant resources in the coming days to recovery efforts related to a ransomware incident that has hampered the country’s public health service for the last week, officials said Friday. Irish officials have obtained a decryption key that could unlock the data on the networks of the Health Service Executive (HSE), Ireland’s $25 billion public health system, though the key will need to be tested to ensure it does more harm than good. Meanwhile, medical appointments have dropped by as much as 80% in parts of the country following the breach, health officials have said. It’s an example of the pressure that governments face, often under the international spotlight, to promptly restore connectivity to critical systems held hostage by cash-rich cybercriminals. Emergency care has continued throughout the ordeal, but there have been delays in non-urgent services in parts of Ireland as IT systems supporting maternity […]

The post Irish officials analyze decryption tool as long recovery process from ransomware continues appeared first on CyberScoop.

Continue reading Irish officials analyze decryption tool as long recovery process from ransomware continues→

Cyber insurance premiums rise as ransomware, hacks continue, GAO finds

Posted on May 21, 2021 by Sean Lyngaas

A growing number of cybersecurity incidents has led many insurers to raise premiums and some to limit coverage in especially risky areas, such as health care and education, according to new findings from a U.S. government watchdog. “[T]he continually increasing frequency and severity of cyberattacks, especially ransomware attacks, have led insurers to reduce cyber coverage limits for certain riskier industry sectors … and for public entities and to add specific limits on ransomware coverage,” the Government Accountability Office said in a report Thursday, which cited surveys of insurance executives. More than half of the brokers surveyed by an industry group said that their clients saw premiums increase between 10% and 30% in late 2020, the report noted. The findings come amid a period of unprecedented scrutiny for the cyber insurance industry, as multimillion-dollar ransoms come to light and cybercriminals appear to target insurers for a list of their clients to […]

The post Cyber insurance premiums rise as ransomware, hacks continue, GAO finds appeared first on CyberScoop.

Continue reading Cyber insurance premiums rise as ransomware, hacks continue, GAO finds→

‘Cybersecurity incident’ hampers non-urgent care at hospitals in New Zealand

Posted on May 20, 2021 by Sean Lyngaas

Health officials in New Zealand have for multiple days been dealing with a “cybersecurity incident” that has hindered non-urgent care at multiple hospitals south of the capital of Auckland. Local media are reporting that ransomware is the cause. The IT systems of Waikato District Health Board, which oversees health services for 425,000 people on New Zealand’s North Island, have been offline as government cyber officials investigate the cause of the incident. The investigation is ongoing, “but [we] are working on the theory that the initial incursion was via an email attachment,” the health board said in statement Wednesday. Emergency care continues, but the disruption has caused some elective surgeries to be postponed at one of the health board’s facilities, Waikato Hospital, “while a number of outpatient clinics have been reduced,” the board said. Some of the outpatient clinics that have been affected include those dealing with respiratory illness and infectious […]

The post ‘Cybersecurity incident’ hampers non-urgent care at hospitals in New Zealand appeared first on CyberScoop.

Continue reading ‘Cybersecurity incident’ hampers non-urgent care at hospitals in New Zealand→

Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment

Posted on May 19, 2021 by Sean Lyngaas

After Colonial Pipeline CEO Joseph Blount confirmed Wednesday that his company had paid hackers $4.4 million to recover its data, lawmakers said they would press Blount for more information at a congressional hearing next month. “I’ll have some questions about Blount’s judgement when he appears before [the committee] in a couple weeks,” tweeted Rep. Jim Langevin, D-RI., an influential member of the House Homeland Security Committee. The FBI has advised companies for years not to pay a ransom, and cybersecurity experts warn that doing so fuels yet more ransomware hacks that have already cost U.S. companies hundreds of millions of dollars.But the breach of Colonial Pipeline’s IT systems, which caused a multi-day shutdown of the pipeline system and indirectly resulted in shortages at gas stations in multiple states, has thrust the issue of ransomware payments into the national limelight. Blount defended the decision in an interview with The Wall Street […]

The post Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment appeared first on CyberScoop.

Continue reading Colonial Pipeline CEO to face questions from Congress on $4.4 million ransom payment→

Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident

Posted on May 19, 2021 by Sean Lyngaas

Irish officials say it will take “many weeks” to fully restore the IT infrastructure of the country’s $25 billion public health system following a ransomware attack last week. While emergency departments continue to operate normally, Ireland’s Health Service Executive (HSE), as the public health system is known, said Wednesday that patients seeking non-urgent care should expect long delays. “Work continues today in assessing the impact and beginning to restore HSE IT systems,” the statement said. “This work will take many weeks and we anticipate major disruption will continue due to the shutdown of our IT systems. We should start to see some early signs of recovery in some sites over the coming days.” The incident, which Irish officials have blamed on a popular strain of ransomware called Conti, has rocked the Irish public health system. One maternity hospital in Dublin told pregnant women not to come to the hospital unless they […]

The post Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident appeared first on CyberScoop.

Continue reading Irish officials warn of ongoing disruptions to health system, long recovery following ransomware incident→