Sean Lyngaas – Page 7 – WindowsTechs.com

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

Posted on May 11, 2021 by Sean Lyngaas

The cybercriminal syndicate accused of causing one of the largest U.S. pipeline operators to shut down is known for running an enterprise that vets criminal customers and avoids targeting Russian-speaking organizations, according to analysts who have tracked the group. Since emerging on underground criminal forums in August, the so-called DarkSide malicious software has allegedly been used in dozens of intrusions in the health care, energy and finance sectors. (Ransomware gangs and the software they use often have the same name, but multiple criminal entities sometimes buy access to the same malicious code.) The creators of DarkSide have boasted that their mechanism for encrypting data is the fastest of any, and analysts say the ransomware can encrypt Windows and Linux systems alike. Now, the ransomware developers have gained international attention after hackers last week allegedly deployed DarkSide to encrypt the servers of Colonial Pipeline, a Georgia-based company that transports some 45% […]

The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop.

Continue reading Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack→

Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack

Posted on May 11, 2021 by Sean Lyngaas

The post Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack appeared first on CyberScoop.

Continue reading Meet DarkSide, the ransomware gang blamed for the Colonial Pipeline attack→

FBI blames DarkSide ransomware operators for Colonial Pipeline incident

Posted on May 10, 2021 by Sean Lyngaas

The FBI on Monday said that a cybercriminal enterprise behind a ransomware variant known as DarkSide was responsible for the hack that prompted one of the country’s largest pipeline operators to temporarily shut down. The FBI statement came as Colonial Pipeline, which says it transports some 45% of all fuel consumed on the East Coast, said that it was aiming to “substantially” restore its pipeline operations by the end of the week. In a private advisory to U.S. companies obtained by CyberScoop, the FBI said that it had been tracking the DarkSide ransomware variant since October. “Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare and energy,” the FBI advisory said. The authors of DarkSide lease their hacking tools to other criminals in a “ransomware-as-as-service” model that splits the proceeds among the perpetrators, the bureau added. The Colonial Pipeline incident, which began Friday, is one of […]

The post FBI blames DarkSide ransomware operators for Colonial Pipeline incident appeared first on CyberScoop.

Continue reading FBI blames DarkSide ransomware operators for Colonial Pipeline incident→

US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules

Posted on May 10, 2021 by Sean Lyngaas

After a ransomware attack hampered one of the largest pipeline operators in the U.S., the Transportation Department on Sunday issued an emergency directive allowing drivers in 17 states and the District of Columbia to work longer hours to transport fuel. The “regional emergency declaration” is meant to alleviate any disruptions to supply following the security incident at Colonial Pipeline, which the company revealed Friday. While the Georgia-based company normally delivers more than 100 million gallons of gas, diesel and other products daily to customers from Texas to New York, according to its website, the ransomware infection forced a temporary halt to its operations. Colonial Pipeline says it transports some 45% of all fuel consumed on the East Coast. The Transportation Department’s declaration means that truckers carrying gasoline, diesel, jet fuel and other refined petroleum products are temporarily exempt from laws restricting the amount of time they are allowed to be […]

The post US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules appeared first on CyberScoop.

Continue reading US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules→

Cyberattack disrupts Colonial Pipeline, which transports 100 million gallons of fuel daily

Posted on May 8, 2021 by Sean Lyngaas

A cyberattack has temporarily halted operations at Colonial Pipeline, the largest pipeline system for moving gas and diesel products in the U.S., the company said Friday. Colonial Pipeline, which delivers more than 100 million gallons of fuel daily to customers from Texas to New York, said that after learning of the incident on Friday that it “proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems.” It was unclear at press time Saturday morning who was responsible for the digital intrusion or how long the company’s pipeline operations would be halted. Multiple media reports suggested the incident was a ransomware attack. A Colonial Pipeline spokesperson did not immediately respond to a request for comment. Colonial Pipeline sad it had contacted law enforcement and other federal agencies, and that efforts to restore normal operations were “already underway.” “[W]e […]

The post Cyberattack disrupts Colonial Pipeline, which transports 100 million gallons of fuel daily appeared first on CyberScoop.

Continue reading Cyberattack disrupts Colonial Pipeline, which transports 100 million gallons of fuel daily→

Four men plead guilty to being go-to ‘bulletproof’ hosts for cybercriminals

Posted on May 7, 2021 by Sean Lyngaas

Four Eastern European men pleaded guilty to a scheme overseeing websites that hosted malware used to cause victims hundreds of millions of dollars in losses, the Justice Department said Friday. Russian nationals Aleksandr Grichishkin and Andrei Skvortsov, along with Aleksandr Skorodumov from Lithuania and Pavel Stassi of Estonia, allegedly oversaw an organization that rented IP addresses, computers servers and domains to cybercriminals between 2008 and 2015. The practice, known as “bulletproof hosting,” is popular with digital thieves trying to evade law enforcement agencies. Grichishkin, Skvortsov, Skorodumov and Stassi pleaded guilty to one count of RICO conspiracy. They each face up to 20 years in prison. Crooks have used the hacking tools allegedly hosted by the defendants’ organizations to repeatedly infect U.S. financial institutions and defraud victims. That includes Zeus, a notorious piece of malicious code that a variety of criminals have used to steal over $100 million from victims. Despite […]

The post Four men plead guilty to being go-to ‘bulletproof’ hosts for cybercriminals appeared first on CyberScoop.

Continue reading Four men plead guilty to being go-to ‘bulletproof’ hosts for cybercriminals→

Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say

Posted on May 7, 2021 by Sean Lyngaas

After pulling off a sweeping breach of U.S. government networks last year, Russia’s SVR foreign intelligence agency has been scanning the internet for a vulnerability in Microsoft software previously exploited by Chinese spies, British and American security agencies said Friday. It’s the third time in a month that U.S. security agencies have published information on hacking techniques allegedly used by the SVR, the Russian spy agency accused of exploiting software made by SolarWinds and other vendors to breach at least nine U.S. federal agencies. The discovery underscores how a bug in widely used technology can be valuable to spy agencies around the world, which bank on the possibility that some of the organizations they target fail to promptly update their software. The alert is part of a press from the U.S. and its allies against the same hacking group that broke into the Democratic National Committee ahead of the 2016 […]

The post Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say appeared first on CyberScoop.

Continue reading Russia’s SVR spy agency scanned for Microsoft Exchange Server bug, UK and US say→

US spy agencies review software suppliers’ ties to Russia following SolarWinds hack

Posted on May 6, 2021 by Sean Lyngaas

U.S. intelligence agencies have begun a review of supply chain risks emanating from Russia in light of the far-reaching hacking campaign that exploited software made by SolarWinds and other vendors, a top Justice Department official said Thursday. The review will focus on any supply chain vulnerabilities stemming from Russian companies — or U.S. companies that do business in Russia, according to John Demers, the assistant attorney general for national security. “If there’s back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” Demers said during a Justice Department-hosted cybersecurity conference. Demers said that the FBI and other intelligence agencies will pass any information obtained from the review to the Commerce Department to decide if further action to exclude […]

The post US spy agencies review software suppliers’ ties to Russia following SolarWinds hack appeared first on CyberScoop.

Continue reading US spy agencies review software suppliers’ ties to Russia following SolarWinds hack→

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats

Posted on May 6, 2021 by Sean Lyngaas

The Department of Homeland Security announced on Wednesday that it intends to hire 200 new cybersecurity professionals by July as the Biden administration aims to curb ransomware attacks affecting U.S. corporations, as well as foreign espionage operations. In a speech Wednesday, Homeland Security Secretary Alejandro Mayorkas said the cyber recruiting was part of “the most significant hiring initiative” that DHS has undertaken in its 18-year history. “We are going to be recruiting talent that is already developed, we’re going to be helping develop the talent that is just about to bloom and we’re going to be investing in the seeds to grow the talent of the future,” Mayorkas said at a U.S. Chamber of Commerce event. Half of the new jobs will be with DHS’s Cybersecurity and Infrastructure Security Agency and the other half will be with other DHS agencies that work on cybersecurity, the department said in a press […]

The post DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats appeared first on CyberScoop.

Continue reading DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats→

Intrusion Truth details work of suspected Chinese hackers who are under indictment in US

Posted on May 6, 2021 by Sean Lyngaas

Intrusion Truth, a mysterious group known for exposing suspected Chinese cyber-espionage operations, on Thursday published a new investigation that traced front companies allegedly used by two Chinese men whom a U.S. grand jury indicted last year. The findings shed light on a dynamic that U.S. law enforcement officials say is increasingly common: foreign intelligence services’ use of front companies to try to conceal their hacking operations. The details also come at a time when Biden administration officials are dealing with the fallout of another suspected Chinese hacking campaign in which attackers leveraged widely used Microsoft software. The Justice Department has alleged that the two suspects, Li Xiaoyu and Dong Jiazhi, met at university before embarking on a decade of malicious cyber activity, sometimes for personal financial gain and other times on behalf of the Ministry of State Security, China’s civilian intelligence agency. In some cases, the men allegedly probed the […]

The post Intrusion Truth details work of suspected Chinese hackers who are under indictment in US appeared first on CyberScoop.

Continue reading Intrusion Truth details work of suspected Chinese hackers who are under indictment in US→