Sean Lyngaas – Page 81 – WindowsTechs.com

USB threat to industrial facilities comes into sharp focus with new Honeywell data

Posted on November 5, 2018 by Sean Lyngaas

With their ability to carry malware into sensitive environments, USB drives have long been a red flag for industrial facilities. A new study puts hard data behind those concerns and shows how the drives can propagate advanced threats like Stuxnet and Trisis. Of the 50 industrial sites on four continents where Honeywell International analyzed USB usage, 44 percent of sites detected and blocked at least one malicious file. These weren’t just run-of-the-mill files: 15 percent of the threats detected and blocked were infamous malware packages like Stuxnet and Trisis (2 percent each), Mirai (6 percent) and WannaCry (1 percent). About a quarter of the threats blocked could cause “a major disruption to an industrial control environment,” according to Honeywell, an industrial automation giant. The overall volume of USB-based malware found by Honeywell researchers was relatively small, but the types of threats detected were more serious than researchers had anticipated. “It’s […]

The post USB threat to industrial facilities comes into sharp focus with new Honeywell data appeared first on Cyberscoop.

Continue reading USB threat to industrial facilities comes into sharp focus with new Honeywell data→

Foreign influence ops are adapting to U.S. defenses, DHS chief says

Posted on November 2, 2018 by Sean Lyngaas

Foreign adversaries are adapting their influence operations spreading disinformation to U.S. government and corporate defenses, making them more difficult to detect, Homeland Security Secretary Kirstjen Nielsen said Friday. The Department of Homeland Security has worked with Facebook, for example, to combat influence operations (also known as information operations), but adversaries are modifying their behavior in response, according to Nielsen. “I think the nation-states have become aware of that [work], so what they are doing now is they will take otherwise legitimate content by a non-nation-state actor, and then they will amplify it in a way to continue that conversation,” she said at the Council on Foreign Relations in New York City. Ahead of the midterm elections on Tuesday, Nielsen highlighted the department’s work since 2016 to make election infrastructure more secure from hackers. Election officials have many more security clearances, for example, and there is now a threat-sharing hub specific […]

The post Foreign influence ops are adapting to U.S. defenses, DHS chief says appeared first on Cyberscoop.

Continue reading Foreign influence ops are adapting to U.S. defenses, DHS chief says→

Chinese economic espionage is target of new Justice Department initiative

Posted on November 1, 2018 by Sean Lyngaas

Department of Justice officials say alleged Chinese economic espionage is “increasingly rapidly,” and they have established a high-level initiative dedicated to countering what they call a pervasive threat to U.S. national security. Led by Assistant Attorney General John Demers and staffed by senior DOJ officials, the new initiative will work to counter various forms of Chinese economic espionage, including the targeting of U.S. centers of ingenuity like universities, Attorney General Jeff Sessions said Thursday. The effort could lead the department to make recommendations to Congress for legislation to address the threat, he added. “Chinese economic espionage against the United States has been increasing and it has been increasing rapidly,” Sessions said at a press conference. “We are here today to say, ‘Enough is enough.’ We’re not going to take it anymore.” The Chinese government, Sessions said, was “notorious around the world” for intellectual property theft. Beijing has denied such allegations. The new DOJ […]

The post Chinese economic espionage is target of new Justice Department initiative appeared first on Cyberscoop.

Continue reading Chinese economic espionage is target of new Justice Department initiative→

DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits

Posted on November 1, 2018 by Sean Lyngaas

In unsealing charges Tuesday against 10 Chinese nationals, the Department of Justice showed its focus is on China’s civilian intelligence agency, which analysts say has become Beijing’s preferred arm for conducting economic espionage. The agency, the Ministry of State Security, is more professional and technical in its hacking operations than China’s People Liberation Army, according to CrowdStrike co-founder Dmitri Alperovitch. “We have seen [the MSS], over the years, break into [corporate] organizations,” Alperovitch said Tuesday at an event hosted by The New York Times. “They were always better technically than the PLA.” After a landmark 2015 agreement between the United States and China not to steal intellectual property, Chinese activity in that vein tapered off for about a year, according to Alperovitch. Now, he said, it is back in full force. “[W]e’re seeing, on a weekly basis, intrusions into U.S. and other Western companies from Chinese actors,” with the MSS […]

The post DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits appeared first on Cyberscoop.

Continue reading DOJ indictment spotlights China’s civilian intel agency – and its hacker recruits→

DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies

Posted on October 30, 2018 by Sean Lyngaas

The Department of Justice on Tuesday unsealed charges against 10 Chinese nationals, including intelligence officers and hackers, for a multi-year campaign to steal aerospace technology and other proprietary information from U.S. companies. Partly relying on a “team of hackers,” intelligence officers at a provincial arm of China’s Ministry of State Security (MSS) focused on stealing turbofan-engine technology used in European and U.S. commercial airliners, DOJ said in a statement. The alleged operation lasted from at least January 2010 to May 2015, the department said. The turbofan engine was a joint project between unnamed French aerospace manufacturer and a U.S.-based company, according to DOJ. The Chinese intelligence operation breached the networks of the French manufacturer, as well as those of companies based in Arizona, Massachusetts and Oregon, the department said. The indictment returned by a grand jury in the Southern District of California lays out the hackers’ alleged tradecraft in detail. “The hackers used a […]

The post DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies appeared first on Cyberscoop.

Continue reading DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies→

SamSam ransomware group has hit 67 organizations in 2018, researchers say

Posted on October 30, 2018 by Sean Lyngaas

The group behind the disruptive SamSam ransomware has attacked 67 different organizations in 2018, nearly a quarter of which were health care organizations, new research shows. SamSam, which is deployed in a more targeted way than other ransomware, hobbled Atlanta’s municipal agencies in March, and it was reportedly the malware that struck medical-testing giant LabCorp in July. On Tuesday, cybersecurity company Symantec released data showing that of the 67 organizations targeted by the SamSam group in the last 10 months, more than 80 percent are based in the United States. “SamSam continues to pose a grave threat to organizations in the U.S.,” a Symantec blog post states. “The group is skilled and resourceful, capable of using tactics and tools more commonly seen in espionage attacks.” It is unclear why the group has its sights on the health care sector, Symantec said. “The attackers may believe that health care organizations are easier to infect. […]

The post SamSam ransomware group has hit 67 organizations in 2018, researchers say appeared first on Cyberscoop.

Continue reading SamSam ransomware group has hit 67 organizations in 2018, researchers say→

Center for Internet Security looks to expand threat sharing program to political campaigns

Posted on October 30, 2018 by Sean Lyngaas

While hundreds of millions of dollars in federal money have been put toward securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with states and local officials, is looking to extend its information-sharing initiative to those sparsely-run campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns. The Elections Infrastructure Information Sharing […]

The post Center for Internet Security looks to expand threat sharing program to political campaigns appeared first on Cyberscoop.

Continue reading Center for Internet Security looks to expand threat sharing program to political campaigns→

Here’s how to defend your enterprise from Magecart

Posted on October 29, 2018 by Sean Lyngaas

Magecart, a tool used by a broad set of hackers to steal online payment data, has been rampant in recent months. The group has allegedly breached popular websites like those of British Airways and Ticketmaster UK by injecting malicious scripts directly or through third-parties to siphon off customer data en masse. With the body of forensic evidence tied to Magecart growing, researchers with analytics company Securonix have released recommendations for defending against the groups. The goal is keep online vendors from being Magecart’s next high-profile scalp. The threat data can “increase the chances of early detection of this, and potentially other future variants of the Magecart malicious threat actor activity on your network,” Securonix’s Oleg Kolesnikov and Harshvardhan Parashar wrote in a research paper. There are at least three data channels that organizations need to monitor to boost their chances of detecting Magecart, according to Kolesnikov and Parashar: web server […]

The post Here’s how to defend your enterprise from Magecart appeared first on Cyberscoop.

Continue reading Here’s how to defend your enterprise from Magecart→

Government website encryption needs help from DHS, Sen. Wyden says

Posted on October 26, 2018 by Sean Lyngaas

The Department of Homeland Security should push federal agencies to implement stronger encryption practices for government websites visited by federal workers and everyday citizens alike, Sen. Ron Wyden says. Despite significant improvements to government website encryption, some metadata is still transmitted insecurely, revealing the domain names of sites visited by users, Wyden, D-Ore., wrote to DHS Undersecretary Chris Krebs. “Hackers can intercept or hijack the unprotected metadata, tricking users into visiting a malicious site or spying on their activities,” the Oct. 24 letter states. When possible, DHS should require federal agencies to encrypt the online queries employees make to domain name system (DNS) servers, Wyden suggested. He also asked DHS to work with General Services Administration to make using an encrypted protocol extension a condition of selling web content delivery services to the government. The government can usher in broad industry adoption of that encrypted extension, known as ESNI, according to Wyden. When cybersecurity […]

The post Government website encryption needs help from DHS, Sen. Wyden says appeared first on Cyberscoop.

Continue reading Government website encryption needs help from DHS, Sen. Wyden says→

FBI to private industry: Attribution won’t deter North Korean hacking

Posted on October 26, 2018 by Sean Lyngaas

The FBI has told American companies that North Korean government hackers will continue to target financial institutions worldwide despite the U.S. government’s public attribution of such activity to Pyongyang. The targeting “will continue unabated, regardless of the U.S. government public attribution of North Korea,” the FBI’s cyber division said in an industry advisory dated Oct. 25 and obtained by CyberScoop. “North Korean cyber activities remain a concern based on its historical patterns of behavior,” the notice says. In conceding that attribution will not change North Korea’s calculus in cyberspace, the FBI is reiterating what is widely recognized in the cybersecurity industry: that Kim Jong Un’s regime is too brazen to care about being called out for its hacking. In September, the DOJ announced charges against North Korean spy Park Jin Hyok for his alleged role in the destructive 2014 cyberattack against Sony Pictures Entertainment and the 2017 WannaCry ransomware attack. […]

The post FBI to private industry: Attribution won’t deter North Korean hacking appeared first on Cyberscoop.

Continue reading FBI to private industry: Attribution won’t deter North Korean hacking→