Author Archives: Sean Lyngaas

Botnet traced to computer at hacked Florida water plant

Posted on by

On Feb. 5, an unidentified hacker broke into the computer system of a treatment plant in the Florida town of Oldsmar and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, according to local officials. It turns out that hacker wasn’t alone on the network. While law enforcement officials still haven’t publicly identified the perpetrator of the well-publicized hack, industrial security firm Dragos on Tuesday revealed a separate suspected intrusion that same day of one of the Oldsmar Water Treatment Facility’s computers. Dragos has tied the malicious code to a botnet, or horde of infected computers used by spammers, whose code may have also infected customers of local water utilities in Florida in recent months. There is no connection between the incidents — whoever tampered with the Oldsmar facility’s chemical settings is not involved in the botnet — but the revelation shows how two very different types of […]

The post Botnet traced to computer at hacked Florida water plant appeared first on CyberScoop.

Continue reading Botnet traced to computer at hacked Florida water plant

Colonial Pipeline says ransomware recovery efforts caused network outage for shippers

Posted on by

The communication system that Colonial Pipeline customers use to request fuel experienced network issues on Tuesday, a result of the company’s efforts to recover from a ransomware attack. “Our internal server that runs our nomination system experienced intermittent disruptions this morning due to some of the hardening efforts that are ongoing and part of our restoration process,” Colonial Pipeline said in a statement. “These issues were not related to the ransomware or any type of reinfection.” Shippers told Reuters and Bloomberg News that they were unable to access the communication system, which allows Colonial Pipeline customers to “nominate,” or make formal requests for gasoline and other fuel, and to receive updates on fuel shipments. Colonial Pipeline said it “continues to deliver refined products as nominated by our shippers.” “We are working diligently to bring our nomination system back online and will continue to keep our shippers updated,” the company’s statement […]

The post Colonial Pipeline says ransomware recovery efforts caused network outage for shippers appeared first on CyberScoop.

Continue reading Colonial Pipeline says ransomware recovery efforts caused network outage for shippers

Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts

Posted on by

U.S. lawmakers are demanding to know whether Colonial Pipeline paid a ransom to hackers who forced the company to shut down operations for days. Following a Monday briefing with Colonial Pipeline, the heads of the House Homeland Security and Oversight and Reform committees said the company’s refusal to share information on any ransom payment hindered their ability to craft legislation to address the ransomware problem. Bloomberg News reported that Colonial Pipeline, which says it supplies 45% of the fuel consumed on the East Coast, paid cybercriminals nearly $5 million to recover their computer systems. “We’re disappointed that the company refused to share any specific information regarding the reported payment of ransom during today’s briefing,” Democratic Reps. Bennie Thompson of Mississippi and Carolyn Maloney of New York said in a statement. “In order for Congress to legislate effectively on ransomware, we need this information.” When contacted by CyberScoop on Tuesday, a […]

The post Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts appeared first on CyberScoop.

Continue reading Lawmakers say Colonial Pipeline’s refusal to discuss ransom undermines US efforts

Market for software exploits is often focused on Microsoft flaws, years-old technology

Posted on by

Every month Microsoft releases software updates to fix vulnerabilities across the company’s vast line of technology products. The ritual, known as Patch Tuesday, often involves security experts urging users to update their software, and researchers gaining some public recognition after months of quietly working to mitigate the flaws. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, though, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits. The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for 47% of the exploits that forum users requested, according to Trend […]

The post Market for software exploits is often focused on Microsoft flaws, years-old technology appeared first on CyberScoop.

Continue reading Market for software exploits is often focused on Microsoft flaws, years-old technology

Irish Prime Minister says government won’t pay ransom after hack forces hospitals to alter services

Posted on by

Ireland’s public health care system on Friday shut down its IT systems in response to what it called a “criminal ransomware attack.” Emergency departments have continued to operate normally, but health officials said in a statement Monday that they were working to get computer systems supporting maternity, infant care and radiology back online. The ransomware intrusion at Ireland’s Health Service Executive (HSE), the $25 billion public health system, has forced hospitals in various parts of Ireland to alter their services. In some cases, hospital staffers say they have been in touch with pregnant women and encouraged them to not come to the hospital unless they are near their due date. Irish Prime Minister Micheál Martin has said the government will not pay a ransom. ‘We’re very clear we will not be paying any ransom or engaging in any of that sort of stuff’ Taoiseach @MichealMartinTD says of the ransomware attack […]

The post Irish Prime Minister says government won’t pay ransom after hack forces hospitals to alter services appeared first on CyberScoop.

Continue reading Irish Prime Minister says government won’t pay ransom after hack forces hospitals to alter services

Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack

Posted on by

In the wake of the disruption to Colonial Pipeline, a popular Russian-language criminal forum has claimed it will ban the sale of ransomware tools, according to multiple researchers who monitor the site. XSS, a prominent underground forum for hacking tools and other scams, on May 13 said the platform would forbid “ransomware sales, ransomware rental and ransomware affiliate programs,” according to the threat intelligence firm Digital Shadows. The XSS administrator also claimed it would remove all posts mentioning ransomware. The forum post claimed it was because ransomware was attracting too much “hype” and attention from outsiders, but ransomware operators frequently engage in self-serving public relations stunts. The development pointed to newfound pressure that ransomware operators were feeling following the breach of the IT systems at Colonial Pipeline, the main artery for delivering fuel to the East Coast. The ransomware incident forced Colonial Pipeline to shut down for days. Though service […]

The post Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack appeared first on CyberScoop.

Continue reading Russian cybercrime forum XSS claims to ban ransomware following Colonial Pipeline hack

Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement

Posted on by

European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The European subsidiaries of Toshiba Tec Group said Friday that a cyberattack from a criminal gang had prompted the company to disconnect network connections between Japan and Europe to stop the spread of the malware. In a statement, Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had “not yet confirmed a fact that customer related information was leaked externally,” though it suggested a criminal gang is responsible. Toshiba Tec Group did not name DarkSide, which is both a type of ransomware and an Eastern European criminal syndicate that develops and sells access to the code to other criminals. An unnamed company Toshiba Tec spokesperson told CNBC that DarkSide […]

The post Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement appeared first on CyberScoop.

Continue reading Toshiba subsidiary confirms ransomware attack, as reports suggest possible DarkSide involvement

Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Posted on by

For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations. Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences. Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code. Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected […]

The post Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector appeared first on CyberScoop.

Continue reading Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector

Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards

Posted on by

President Joe Biden on Wednesday signed an executive order that will significantly tighten cybersecurity rules for government contractors and set up an incident review board to try to blunt the impact of major hacks. The directive comes as the U.S. government continues to grapple with the fallout from breaches at key software suppliers and the disruption of a national pipeline operator by ransomware. The executive order requires federal contractors to promptly report cyber incidents to agencies, and it establishes a new government entity modeled after the National Transportation Safety Board to review major breaches. It will also require software that the government buys to meet a baseline set of security standards — an effort to make it harder for hackers to tamper with code that ends up on federal networks. “The current market development of build, sell and maybe patch later means we routinely install software with significant vulnerabilities into […]

The post Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards appeared first on CyberScoop.

Continue reading Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards

After Colonial Pipeline hack, lawmakers want more action on pipeline security

Posted on by

As a major fuel delivery operator gradually returns to service five days after suffering a ransomware attack, U.S. lawmakers are pressing federal agencies on what more they can do to secure the nation’s pipelines from hackers. The disruption at Colonial Pipeline, which operates 5,500 miles of pipelines and provides 45% of the fuel consumed on the East Coast, has renewed longstanding concerns that the lead agency for pipeline cybersecurity, the Transportation Security Administration, is ill-equipped to deal with the scale of security challenges in the sector. A multi-agency initiative to bolster pipeline cybersecurity begun in 2018 is a good start, but more can be done, critics say. “I have raised significant concerns with TSA’s focus on surface transportation, including pipelines, for years,” Rep. Jim Langevin, D-R.I., told CyberScoop. He pointed to a 2018 audit from the Government Accountability Office that found that TSA’s pipeline cybersecurity work was inadequate and lacked […]

The post After Colonial Pipeline hack, lawmakers want more action on pipeline security appeared first on CyberScoop.

Continue reading After Colonial Pipeline hack, lawmakers want more action on pipeline security