Author Archives: Sean Lyngaas

Middle East group goes on hacking spree against telecoms, embassies and more

Posted on by

A group likely operating out of the Middle East has compromised 131 victims in 30 organizations since September, including telecommunications firms, a Russian oil and gas company and unidentified government embassies, new research shows. The hackers have hit organizations in Pakistan, Russia, Saudi Arabia, Turkey, and North America, among other places, in an espionage operation designed to acquire “actionable information” on targets, cybersecurity company Symantec said Monday. After breaching a system, the group runs a password-stealing program with the likely aim of accessing victims’ email and social media accounts, researchers found. The group, dubbed Seedworm by Symantec and MuddyWater by others, gained notoriety earlier this year for threatening to kill security researchers investigating it. That followed a spearphishing campaign from January to March against government and defense organizations in Central and Southwest Asia, which cybersecurity company FireEye documented. While there has been no definitive public attribution of MuddyWater, Ben Read, FireEye’s senior manager […]

The post Middle East group goes on hacking spree against telecoms, embassies and more appeared first on Cyberscoop.

Continue reading Middle East group goes on hacking spree against telecoms, embassies and more

House panel: Equifax breach was ‘entirely preventable’

Posted on by

The devastating 2017 breach of credit-reporting company Equifax, which exposed data on 148 million people, was “entirely preventable” had the company applied proactive security measures, a congressional investigation has concluded. “Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented,” says the report issued Monday by the House Oversight and Government Reform Committee. The committee’s 96-page report lays out why the hack, which compromised people’s names, social security numbers, addresses, credit card numbers, and other identifiers, has become a case study in failed IT leadership and software patching. A “lack of accountability and no clear lines of authority in Equifax’s IT management structure” meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains. Furthermore, the company did not spot data being exfiltrated from its […]

The post House panel: Equifax breach was ‘entirely preventable’ appeared first on Cyberscoop.

Continue reading House panel: Equifax breach was ‘entirely preventable’

Sen. Warner calls for a ‘whole-of-society’ U.S. cyber doctrine

Posted on by

Russian interference in the 2016 U.S. election laid bare the vulnerabilities in American society and institutions to hacking and information operations. Two years later, policymakers are still searching for a comprehensive strategy for dealing with those vulnerabilities. In a speech Friday, Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee, proposed a “whole-of-society” cyber doctrine rather than one that treats the cybersecurity challenges in government and private sector separately. “It’s not enough to simply improve the security of our infrastructure, computer systems, and data,” Warner said at the Center for New American Security in Washington, D.C. “We must also deal with adversaries who are using American technologies to exploit our freedom, our openness, and basically attack our most important asset — our democracy.” Warner called on the U.S. to redouble its pursuit of global cyber norms; social-media companies to do more to combat disinformation; the Pentagon […]

The post Sen. Warner calls for a ‘whole-of-society’ U.S. cyber doctrine appeared first on Cyberscoop.

Continue reading Sen. Warner calls for a ‘whole-of-society’ U.S. cyber doctrine

Suspected North Korean hackers target universities using Chrome extension

Posted on by

While North Korean hackers are known for stealing money to finance Kim Jong Un’s authoritarian regime, Pyongyang may also be engaging in a cyber-espionage campaign targeting universities, new research shows. The hacking operation, which began in May, if not earlier, uses malicious Google Chrome extensions to gain a foothold into a victim’s computer, according to ASERT, the threat intelligence group of Netscout’s Arbor Networks. Once the hackers compromised a target network, they used “off-the-shelf tools,” like remote desktop protocol, to retain access to the network, according to ASERT.  The goal of the operation, dubbed “Stolen Pencil,” appears to be maintaining persistent access; researchers found no evidence of data theft. “A large number of the victims, across multiple universities, had expertise in biomedical engineering, possibly suggesting a motivation for the attackers’ targeting,” states the research, which was published Wednesday. The malicious extensions have been removed from the Google Play Store, ASERT says. Although […]

The post Suspected North Korean hackers target universities using Chrome extension appeared first on Cyberscoop.

Continue reading Suspected North Korean hackers target universities using Chrome extension

Hoarding threat information ‘not a competitive advantage,’ DHS official tells corporate leaders

Posted on by

Companies that view cybersecurity as a competitive advantage and fail to exchange threat data make the broader private sector more vulnerable to hacking, a Department of Homeland Security official has warned. “Cybersecurity, infrastructure security, is not a competitive advantage,” Bradford Willke, a top official in DHS’s Cybersecurity and Infrastructure Security Agency, said Tuesday. If a good product or company fails because of a breach that could have been thwarted by sharing threat information, “there’s something that we’ve all lost,” Willke said at the Public Sector Innovation Summit. By citing reported communication failures elsewhere, DHS officials hope to spur U.S. companies to work more closely with each other to harden their networks against advanced threats. In doing so, the department is trying to overcome historical reluctance in the private sector — fueled by concerns over revealing sensitive corporate information — to share threat data. Willke cited a December 2015 blackout in Ukraine caused by suspected Russian government hackers as a […]

The post Hoarding threat information ‘not a competitive advantage,’ DHS official tells corporate leaders appeared first on Cyberscoop.

Continue reading Hoarding threat information ‘not a competitive advantage,’ DHS official tells corporate leaders

House Republican campaign arm hacked during 2018 election

Posted on by

The National Republican Congressional Committee – the House GOP’s campaign organization – suffered a cyber intrusion during the 2018 election, a committee spokesman said Tuesday. “The NRCC can confirm that it was the victim of a cyber intrusion by an unknown entity,” NRCC spokesman Ian Prior said in a statement. “The cybersecurity of the committee’s data is paramount, and upon learning of the intrusion, the NRCC immediately launched an internal investigation and notified the FBI, which is now investigating the matter,” said Prior, a vice president at Mercury Public Affairs, a firm helping the NRCC respond to the breach. The NRCC had no further details beyond the statement. The breach exposed thousands of NRCC emails and appears to be the work of a sophisticated actor, a source familiar with the matter told CyberScoop. Politico was first to report on the NRCC breach, citing three senior party officials. Those officials would […]

The post House Republican campaign arm hacked during 2018 election appeared first on Cyberscoop.

Continue reading House Republican campaign arm hacked during 2018 election

‘London Blue’ cybercriminals turn to large-scale email scam

Posted on by

Email users the world over are familiar with the “Nigeria prince” scam in which someone posing as a foreign dignitary requests a money transfer. While this ruse may not fool many, it has grown more clever and industrialized in recent years – to the point of threatening big businesses. A prime example is London Blue, a network of cybercriminals exposed by new research from email-security firm Agari. The group has laid the groundwork for large-scale business email compromise (BEC) attacks by compiling a list of more than 50,000 corporate officials, including dozens of executives from the world’s biggest banks, according to Agari.  Over half of the 50,000 targets were in in the United States. “The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” Agari researchers wrote. BEC attacks use personalized emails, sent using spoofed email-name […]

The post ‘London Blue’ cybercriminals turn to large-scale email scam appeared first on Cyberscoop.

Continue reading ‘London Blue’ cybercriminals turn to large-scale email scam

Dell reveals ‘unauthorized’ attempt to extract customer passwords

Posted on by

Earlier this month, Dell detected and thwarted “unauthorized activity” on its network that was an attempt to extract customer names, email addresses, and hashed passwords from Dell.com, the computing giant announced Wednesday. “Though it is possible some of this information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted,” Dell said in a statement. The attempted extraction occurred Nov. 9. The Round Rock, Texas, company said protections liked hashed passwords and mandatory password resets would limit the impact of any potential exposure. Hashing is the application of an algorithm that allows a web service to store an encrypted version of a password without storing the password itself. “Credit card and other sensitive customer information was not targeted,” and the incident did not impact any Dell products or services, the statement said. Dell said it had contacted law enforcement about the incident and hired a […]

The post Dell reveals ‘unauthorized’ attempt to extract customer passwords appeared first on Cyberscoop.

Continue reading Dell reveals ‘unauthorized’ attempt to extract customer passwords

How cyberwarfare is playing into Yemen’s civil war

Posted on by

The bloody war in Yemen has been accompanied by a digital conflict in which combatants have used surveillance and cryptocurrency to their strategic advantage, new research shows. “[T]he dynamics of the Yemeni civil war are manifesting themselves online through a struggle over Yemeni access, use, and control of the internet,” Boston-based Recorded Future wrote in a blog post about the research on Wednesday. As the Yemeni conflict gains greater attention in Washington, the research highlights how cyber operations have become intrinsic to kinetic wars. In Yemen, the internet has become “another front” in a multi-faceted war, according to Recorded Future threat intelligence analyst Allan Liska told CyberScoop, The conflict, which has left tens of thousands people dead and created a widespread famine, has been fought by Houthi rebels, backed by Iran, and the Hadi government, supported by Saudi Arabia. U.S. intelligence, and weapons, have been used by the Saudi-led coalition. The new research […]

The post How cyberwarfare is playing into Yemen’s civil war appeared first on Cyberscoop.

Continue reading How cyberwarfare is playing into Yemen’s civil war

Ex-NSA chief welcomes more U.S. offensive operations in cyberspace

Posted on by

Former National Security Agency director Michael Rogers has welcomed the Trump administration’s willingness to use cyber-operations to deter foreign adversaries, adding that the United States’ previous reluctance to do so was counterproductive. “My argument when I was [in government was]: “We want to keep the full range of options and capabilities available,” Rogers said Tuesday at the Center for Strategic and International Studies. “One of the things that frustrated me at times was: Why are we taking one element just straight off the table?” said Rogers, who left the administration in May for the private sector. “I just thought, boy, if you’re in Moscow or Beijing, you are loving this approach to life because it doesn’t really change your risk calculus,” Rogers added. While NSA director from 2014 to 2018, he also led U.S. Cyber Command. Presidential Policy Directive 20, which then-President Barack Obama signed in 2012, had installed an intricate inter-agency legal […]

The post Ex-NSA chief welcomes more U.S. offensive operations in cyberspace appeared first on Cyberscoop.

Continue reading Ex-NSA chief welcomes more U.S. offensive operations in cyberspace