Sean Lyngaas – Page 77 – WindowsTechs.com

DHS prepares emergency order to prevent DNS hijacking

Posted on January 22, 2019 by Sean Lyngaas

The Department of Homeland Security is preparing to issue a rare “emergency” directive ordering federal civilian agencies to secure the login credentials for their internet domain records, according to government officials familiar with the matter. DHS is expected to issue the order as soon as Tuesday, officials said, out of concern that federal agencies could be vulnerable to cyberattacks intended to gain access to the platforms used to manage domain name system (DNS) records. The DNS system, dubbed the “phone book of the internet,” translates a domain name to a valid IP address, sending a user to the website they are trying to access. Once compromised, a DNS server or registrar account can be used to redirect users to a malware-laden website. There are at least six civilian agency domains that have been affected by malicious DNS activity, according to people familiar with the matter. The emergency directive, which carries more urgency than DHS’s more-common Binding Operational […]

The post DHS prepares emergency order to prevent DNS hijacking appeared first on CyberScoop.

Continue reading DHS prepares emergency order to prevent DNS hijacking→

Senators worry that new D.C. Metro railcars could carry cyber risk

Posted on January 21, 2019 by Sean Lyngaas

Senators who represent the Washington, D.C., area have raised concerns about added cybersecurity risks in the region’s Metro system after reports that a Chinese state-owned manufacturing company could win a $1 billion procurement for railcars. The four Democrats – Sens. Mark Warner and Tim Kaine of Virginia, and Ben Cardin and Chris Van Hollen of Maryland – wrote to the Washington Metropolitan Area Transit Authority expressing their “serious concerns” of possible foreign bidding on the project, “particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security.” The Jan. 18 letter to WMATA CEO Paul J. Wiedefeld, the lawmakers exhorted him to “take the necessary steps to mitigate growing cyber risks to these cars.” The worry is that technology in the transit system, including video surveillance cameras and the automated aspects of railcars, could be a target of spies or hackers. The state-owned China Railway […]

The post Senators worry that new D.C. Metro railcars could carry cyber risk appeared first on CyberScoop.

Continue reading Senators worry that new D.C. Metro railcars could carry cyber risk→

DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms

Posted on January 18, 2019 by Sean Lyngaas

Hackers linked with the Russian government were likely behind an attempt to breach email accounts of Democratic National Committee officials just days after the 2018 midterm elections, the committee alleged late Thursday. Dozens of DNC officials were targeted with spearphishing emails on Nov. 14, eight days after the elections, the committee said in an updated court filing that is part of its lawsuit against the Russian government. The DNC is the Democratic Party’s top governing body. In this particular incident, there was no breach of email accounts, the committee said. After the infamous 2016 Russian intrusions into the DNC computer network, the party has trained its staff rigorously in cybersecurity. Analysts have said Russian state-sponsored hacking activity has increased recently. The DNC declined to comment beyond the court filing. “The content of these emails and their timestamps were consistent with a spearphishing campaign that leading cybersecurity experts have tied to Russian intelligence,” the court […]

The post DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms appeared first on CyberScoop.

Continue reading DNC officials say Russians unsuccessfully tried to hack them after 2018 midterms→

New code-validation project tries to spot the next industrial supply chain attack

Posted on January 17, 2019 by Sean Lyngaas

A few years ago, Eric Byres, a veteran cybersecurity executive, was studying the aftermath of a clever attack on the supply chain. A Russian hacking group known as Dragonfly had in 2013 and 2014 breached the websites of three vendors of software that supported industrial control systems (ICS). The attackers slipped malicious software into legitimate updates hosted on those websites. The planted malware did not affect critical operations for companies, but Byres was troubled by the notion that outsiders could pull this off at all. The attackers made it clear to him that many companies he had worked with lacked an effective way of verifying whether they were using legitimate software worthy of their trust. The problem is that just comparing digital hashes isn’t necessarily enough to mark software as trusted. A hash, as Byres put it, is “a binary answer to a non-binary problem.” A hash either passes or fails, but the task of validating critical software can be more complex. Two years after […]

The post New code-validation project tries to spot the next industrial supply chain attack appeared first on CyberScoop.

Continue reading New code-validation project tries to spot the next industrial supply chain attack→

Trisis investigator says Saudi plant outage could have been prevented

Posted on January 16, 2019 by Sean Lyngaas

Engineers and others responding to malware that hit a Saudi Arabia petrochemical plant in June 2017 missed a key opportunity to prevent the plant from shutting down a second time in August that year, an investigator of the incident said Tuesday. “The scope of the initial outage investigation that occurred in June [2017] was insufficient,” Julian Gutmanis, an industrial cybersecurity specialist who responded to the second outage, said Tuesday at the 2019 S4 Conference. “It really was a missed opportunity to identify the attackers and prevent the subsequent outage in August [2017].” The investigation of the June 2017 outage, which struck on a Saturday evening when the plant was manned by a skeleton crew, included a mechanical and engineering analysis, but not a cybersecurity one, Gutmanis said. The incident was ruled a malfunction, rather than an attack, and normal operations at the plant were restored. Two months later, the hackers were […]

The post Trisis investigator says Saudi plant outage could have been prevented appeared first on CyberScoop.

Continue reading Trisis investigator says Saudi plant outage could have been prevented→

Look to the sky: How hackers could control cranes by abusing radio frequencies

Posted on January 15, 2019 by Sean Lyngaas

Vulnerabilities in radio frequency protocols used by remote controllers could allow hackers to move cranes and other big machinery at construction sites and factories, security researchers said Tuesday, raising awareness of potential safety issues in widely-used technology. A research team at cybersecurity company Trend Micro examined remote controllers made by seven vendors and found that all of them were susceptible to “replay attacks,” in which an attacker transmits a recorded radio frequency (RF), tricking the machinery into responding to commands. In other words, the researchers said, the remote control you use to open your garage is probably more secure than many controllers used to move industrial equipment. The main problem, Trend Micro said in a paper published Tuesday, is that instead of relying on standard wireless technologies, the industrial remote controllers depend on proprietary RF protocols that are decades old and “are primarily focused on safety at the expense of […]

The post Look to the sky: How hackers could control cranes by abusing radio frequencies appeared first on CyberScoop.

Continue reading Look to the sky: How hackers could control cranes by abusing radio frequencies→

To raise security awareness, researchers spent months hacking mock building systems

Posted on January 15, 2019 by Sean Lyngaas

Security experts have in recent months warned that building-automation lags behind other critical infrastructure sectors when it comes to awareness of cyberthreats and appreciation of their potential impact. Now an 18-month research project, which tested malware and exploits on gear made by top vendors, is trying to change that. “In the 18 months that we’ve been working on this, we’ve engaged with a lot of stakeholders from the domain,” Elisa Costante, a senior director at ForeScout Technologies, told CyberScoop. “And now we really see that the reception has changed and everybody has realized the impact can be actually more critical” than many realized. After all, she said, the building-automation sector doesn’t just mean office buildings, but also includes hospitals, airports, and other critical infrastructure. ForeScout researchers assembled a lab of building-automation equipment, threw their custom malware at it, and then documented how effectively their code manipulated the gear. The project culminates Tuesday, when Costante will present her team’s work […]

The post To raise security awareness, researchers spent months hacking mock building systems appeared first on CyberScoop.

Continue reading To raise security awareness, researchers spent months hacking mock building systems→

APT heist of Singapore health data exploited Microsoft Outlook, inquiry finds

Posted on January 11, 2019 by Sean Lyngaas

An advanced hacking operation that last year stole health data on 1.5 million Singaporeans, including the prime minister, targeted an unpatched version of Microsoft Outlook, an official inquiry has found. The hackers exploited a known vulnerability in Outlook using “a publicly available hacking tool, which allowed the attacker to install malware on compromised workstations,” says a more than 400 page report published Thursday by a government-backed commission. The investigation evoked advice that cybersecurity professionals often give clients: hackers will take the easiest way into a network – without using their top-shelf tools. Although the software upgrade for Outlook was slated to be applied through a regular patching cycle, the workstation was still vulnerable when it was compromised in December 2017, investigators said. The malicious cyber campaign, which lasted more than 10 months, compromised the health data of one of four people living in Singapore, a wealthy city-state in Southeast Asia where tech […]

The post APT heist of Singapore health data exploited Microsoft Outlook, inquiry finds appeared first on CyberScoop.

Continue reading APT heist of Singapore health data exploited Microsoft Outlook, inquiry finds→

Ryuk ransomware shows Russian criminal group is going big or going home

Posted on January 10, 2019 by Sean Lyngaas

A criminal hacking group suspected of operating out of Russia has shifted tactics in recent months from wire fraud to targeting big organizations for ransomware payouts, according to new research. The change in tactics is exemplified by the infamous Ryuk ransomware, which cybersecurity company CrowdStrike said Thursday is being used by a subset of the Russian group to rake in $3.7 million since August. The trend in extorting bigger organizations “has been increasing in the last year and poses a significant challenge to enterprises and businesses,” Adam Meyers, vice president of intelligence at CrowdStrike, told CyberScoop. “We have observed numerous adversaries adopting this tactic and charging substantial fees to unlock data across the entire network.” Ryuk has surfaced in a number of cyber incidents in recent months. A North Carolina water utility said it was hit by the ransomware in October. Last month, Ryuk was reportedly used in an attack […]

The post Ryuk ransomware shows Russian criminal group is going big or going home appeared first on CyberScoop.

Continue reading Ryuk ransomware shows Russian criminal group is going big or going home→

Americans resigned to cyberattacks on infrastructure, elections, survey finds

Posted on January 9, 2019 by Sean Lyngaas

A survey of 26 countries has found that Americans are among the most likely to expect a cyberattack to occur on assets like public infrastructure and national security data. Roughly eight in 10 Americans said it is either “very” or “somewhat likely” that national-security data will be breached (82 percent), public infrastructure will be damaged (83 percent), or elections will be tampered with (78 percent) via hacking, according to data published Wednesday by the Pew Research Center. Those were among the highest percentages of any respondents, indicating a growing acceptance among Americans that sensitive data breaches are a part of life. The answers also came through a partisan filter: 82 percent of U.S. Democrats said cyberattacks on elections infrastructure were likely, compared with 66 percent of Republicans. Of the three categories of cyber incidents distinguished in the survey, the breach of sensitive government information was, on the whole, of greatest […]

The post Americans resigned to cyberattacks on infrastructure, elections, survey finds appeared first on CyberScoop.

Continue reading Americans resigned to cyberattacks on infrastructure, elections, survey finds→