Author Archives: Sean Lyngaas

Microsoft: U.S. presidential campaign, government officials targeted by recent hacking effort

Posted on by

Microsoft said Friday that an Iranian government-linked hacking group had targeted email accounts associated with an unnamed U.S. presidential campaign along with current and former U.S. government officials. The Iranian hackers’ other targets included “journalists covering global politics and prominent Iranians living outside Iran,” said Tom Burt, a corporate vice president at Microsoft. Over 30 days between August and September, hackers tried to breach 241 email accounts belonging to certain Microsoft customers, according to Burt. With that came over 2,7000 attempts by the hackers to identify those specific email accounts. Four accounts were compromised as a result of the attempts. None of the breached accounts were associated with the U.S. presidential campaign, or current or former U.S. government officials, according to Microsoft. The company is working with the affected customers to secure their accounts, Burt said. The Democratic National Committee on Tuesday sent an advisory to Democratic presidential campaigns flagging the Microsoft announcement. The Iranian hackers have been “attacking […]

The post Microsoft: U.S. presidential campaign, government officials targeted by recent hacking effort appeared first on CyberScoop.

Continue reading Microsoft: U.S. presidential campaign, government officials targeted by recent hacking effort

FBI, DHS advise states on potential Russian voter suppression tactics in 2020

Posted on by

The FBI and Department of Homeland Security have issued an advisory to state election officials that the Russian government could use voter suppression tactics in an attempt to interfere in the 2020 U.S. election, according to U.S and state officials familiar with the memo. The advisory sent this week to states’ secretaries of state and security advisers cautions that Moscow could try to keep Americans away from the polls next year by, for example, trying to breach voter registration databases or fanning political tensions online, said the officials familiar with memo, which is titled, “Russia May Try to Discourage Voter Turnout and Suppressing Votes in 2020 US Election.” The document is marked “For Official Use Only.” The officials described the advisory as a proactive effort to stay on top of the threat. “We want to make sure we’re pushing out as much information as possible to the front lines,” a senior Trump administration […]

The post FBI, DHS advise states on potential Russian voter suppression tactics in 2020 appeared first on CyberScoop.

Continue reading FBI, DHS advise states on potential Russian voter suppression tactics in 2020

An ongoing hacking campaign targets dissidents in Egypt, researchers say

Posted on by

Security researchers on Thursday detailed an ongoing hacking campaign against Egyptian human rights activists and journalists, showing how the attackers have planted their own malware in the Google Play Store to track their victims. An analysis of the hacking campaign by Check Point Software Technologies highlights how the hackers have not only used third-party apps to gain access to victim emails but also employed stealthy mobile apps that log the date and duration of calls, or the location of the caller. Evidence suggests the Egyptian government could be behind the activity, which dates back to 2016 and is more multifaceted than previously documented. If definitively tied to Egyptian authorities, it would be just the latest example of an autocratic regime aiming software tools at activists and critics. Under President Abdel Fattah al-Sisi, the Egyptian government has cracked down further on dissent, j­ailing activists and, NGOs say, abusing human rights. “We saw [the […]

The post An ongoing hacking campaign targets dissidents in Egypt, researchers say appeared first on CyberScoop.

Continue reading An ongoing hacking campaign targets dissidents in Egypt, researchers say

How Uzbekistan’s security service (allegedly) began developing its own malware

Posted on by

For years, Uzbekistan’s feared intelligence service, the National Security Service, has been accused of aggressively spying on citizens and abusing human rights in the Central Asian country under the guise of its counterterrorism and security operations. Now, the NSS’s reported use of hacking tools in that activity is coming into clearer view, thanks to new research. The ex-Soviet state’s security service appears to be shedding its hacking training wheels and making a lot of noise in the process. After burning multiple zero-day exploits acquired from vendors, an NSS-linked group dubbed SandCat has over the last year been testing malware it developed on its own, according to Brian Bartholomew, security researcher at cybersecurity company Kaspersky. The evolution shows how a proliferation of surveillance vendors has made it easier for relatively obscure governments to acquire and develop their own hacking tools. Before this project, Bartholomew hadn’t tracked any cyber activity out of Uzbekistan. “I […]

The post How Uzbekistan’s security service (allegedly) began developing its own malware appeared first on CyberScoop.

Continue reading How Uzbekistan’s security service (allegedly) began developing its own malware

As health sector grapples with ransomware, a search for better incident data

Posted on by

In recent years, a slew of ransomware infections has forced health care organizations across the U.S. to confront their security weaknesses. The fact that the file-locking malware can disrupt medical services or compromise sensitive patient data has brought urgency to the struggle. Yet largely missing from the equation has been a reliable and thorough set of public data on health care ransomware incidents that tracks things like payouts, the number of victims, and strains of malware. On Wednesday, Allan Liska, a ransomware connoisseur and threat intelligence analyst at cybersecurity company Recorded Future, took a stab at filling the void by releasing data on ransomware incidents over the last three and half years. Some of Liska’s findings, which he shared exclusively with CyberScoop, surprised him. From 2016 through 2018, for example, the number of documented ransomware incidents in the health care sector stayed relatively flat at around 30 per year, fewer […]

The post As health sector grapples with ransomware, a search for better incident data appeared first on CyberScoop.

Continue reading As health sector grapples with ransomware, a search for better incident data

Thriving ‘disinformation-as-a-service’ market could make smearing corporate rivals easy

Posted on by

While disinformation campaigns are often associated with governments, new research indicates there is a robust, easy-to-navigate market for anyone looking to buy their own propaganda arms. It is “alarmingly simple and inexpensive” to launch a sophisticated disinformation campaign, analysts from threat-intelligence company Recorded Future concluded after studying the issue. “Disinformation services are highly customizable in scope, costing anywhere from several hundreds of dollars to hundreds of thousands of dollars, or more depending on the client’s needs.” The analysts set up their own fake company and commissioned disinformation projects from two different “threat actors” active on Russian-language forums. One of the hired hands generated positive press for the fake company, while the other pushed out smears. A network of inauthentic social media accounts posted articles about the fake company that gained traction on news sites. Like any effective disinformation campaign, the social media interactions included a mix of bots, trolls and […]

The post Thriving ‘disinformation-as-a-service’ market could make smearing corporate rivals easy appeared first on CyberScoop.

Continue reading Thriving ‘disinformation-as-a-service’ market could make smearing corporate rivals easy

Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet

Posted on by

Every two years, the Department of Homeland Security hosts a large-scale exercise to test critical infrastructure companies’  ability to respond to a disruptive, hypothetical cyberattack. With more threat data to draw on than ever, DHS officials hope next spring’s Cyber Storm exercise will be the most rigorous test of participants’ response plans to date, driving home the interdependence of critical infrastructure sectors in new ways. Cyber Storm 2020 will focus more on collaborating with state and local officials to recover from an incident than previous drills, according to Brian Harrell, assistant director for infrastructure security at DHS’s Cybersecurity and Infrastructure Security Agency (CISA). In another twist, planners are looking to incorporate insider threats into the scenario, he said. Participants, which are expected to include representatives of the energy, financial and communications sectors, cyberthreat information-sharing organizations, and other federal agencies, will have to “bring a [hypothetical] cyber incident to resolution as quickly as possible… [to] restore some of these key services as quickly as […]

The post Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet appeared first on CyberScoop.

Continue reading Cyber Storm 2020 could be DHS’s most rigorous drill for critical infrastructure yet

German manufacturer says malware has caused ‘significant disruption’ to plants in three countries

Posted on by

A malware infection at German car parts manufacturer Rheinmetall Automotive has caused “significant disruption” to production at company plants in Brazil, Mexico, and the United States, the company disclosed Thursday. Rheinmetall Group, the manufacturer’s parent company, said it expects to lose 3 to 4 million euros, or $3.28 to $4.38 million, per week due to the incident, starting next week. Rheinmetall Automotive provides top car manufacturers with auto parts such as pistons, engine blocks, and emissions control equipment, according to its website. Rheinmetall Group’s IT systems outside of plants in those three countries do not appear to be affected, the company said. Since late Tuesday, Rheinmetall Automotive said in a statement, it has been grappling with “malware attacks” and the “length of the disruption cannot be predicted at this time. The most likely scenarios suggest a period lasting between two and four weeks.” Shares in the company dropped early Friday on the heels […]

The post German manufacturer says malware has caused ‘significant disruption’ to plants in three countries appeared first on CyberScoop.

Continue reading German manufacturer says malware has caused ‘significant disruption’ to plants in three countries

DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits

Posted on by

After finding security weaknesses in two ballot-marking devices at this year’s DEF CON Voting Village, researchers are calling for “more comprehensive studies” of equipment that is increasingly a part of the voter experience. The findings come as states consider the security advantages of election systems that create a paper trail. Ballot-marking devices, or BMDs for short, allow voters to mark their choices on a screen and then print them out. The paper ballots are then counted by hand or scanned by a separate machine. “The security implications of ballot marking devices should be studied more,” researchers said in the 2019 Voting Village report, which sums up more than two days of hacking and tinkering at a Las Vegas casino in August. “Current and proposed next-generation ballot marking devices  have not been designed with security considerations in mind,” they argued. The researchers say that data stored by the two BMDs they studied could […]

The post DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits appeared first on CyberScoop.

Continue reading DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits

Russian hackers go after diplomatic targets in Eastern Europe and Central Asia, researchers say

Posted on by

After adapting their code, a group of Russian-government-linked hackers last month launched a phishing campaign against embassies and foreign affairs ministries of countries in Eastern Europe and Central Asia, researchers said Tuesday. The hackers, dubbed Sednit by Slovakian cybersecurity company ESET, haven’t been too discreet in their attempts to breach the diplomatic organizations: No less than six malicious packages of code are dropped on the target computer before the payload is executed, ESET researchers said in a blog post. Each of those bursts of activity is an opportunity for the target organization to detect the hackers. The malware takes screenshots of target desktop computers. The end goal is dropping a malicious “backdoor” on the computer that allows the attackers persistent access. The hackers seem to be implementing their malicious code in various programming languages to try to avoid being detected, according to ESET. “It’s probably easier that way and it […]

The post Russian hackers go after diplomatic targets in Eastern Europe and Central Asia, researchers say appeared first on CyberScoop.

Continue reading Russian hackers go after diplomatic targets in Eastern Europe and Central Asia, researchers say