Sean Lyngaas – Page 82 – WindowsTechs.com

Cobalt Group tries to slip malicious PDFs past bank employees, researchers say

Posted on October 25, 2018 by Sean Lyngaas

A financially-motivated hacking group is trying to evade detection while it targets bank employees across the globe, according to research from cybersecurity company Palo Alto Networks. The Cobalt Group (also known as the Cobalt Gang) this month sent PDF files to bank employees to try to get them to download malicious macros, said researchers from Palo Alto Networks’ Unit 42 threat intelligence team. It is just the latest in a series of activities from a group known for its brazen multimillion-dollar heists on ATMs and the SWIFT banking-transaction system. The recent attack tracked by Unit 42 is simple – the PDF document doesn’t have code or an exploit. Instead, the attackers use social engineering to try to get the bank employees to download the macros. A link embedded in the PDF redirects the target to a malicious document. “Hiding in plain sight is a well-known tactic and that’s what we see these attackers […]

The post Cobalt Group tries to slip malicious PDFs past bank employees, researchers say appeared first on Cyberscoop.

Continue reading Cobalt Group tries to slip malicious PDFs past bank employees, researchers say→

FireEye links Russia-owned lab to Trisis developers

Posted on October 23, 2018 by Sean Lyngaas

A Russian-owned research institute very likely helped build tools used by an infamous hacking group that caused a petrochemical plant in Saudi Arabia to shut down last year, cybersecurity company FireEye said Tuesday. A series of clues implicates the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a Moscow-based lab, in developing tools used by the group known as Xenotime or TEMP.Veles, according to FireEye. The group is known for malware, dubbed Triton or Trisis, designed to disrupt control-system software that allows industrial plants to safely shut down. FireEye has tied the testing of malware used by TEMP.Veles to CNIIHM, specifically someone who has been identified as a professor at the institute. Further, an IP address registered to CNIIHM has been employed by Triton’s operators for multiple purposes, “including monitoring open-source coverage of Triton, network reconnaissance, and malicious activity in support of the Triton intrusion,” FireEye said in a blog post. […]

The post FireEye links Russia-owned lab to Trisis developers appeared first on Cyberscoop.

Continue reading FireEye links Russia-owned lab to Trisis developers→

Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm

Posted on October 23, 2018 by Sean Lyngaas

Some former National Security Agency officials have strongly criticized ex-NSA Director Adm. Michael Rogers’ decision to join the advisory board of a venture capital firm that is closely linked with an Israeli intelligence agency. The company, Team8, announced Rogers’ position last week. Founded by former members of the elite Israeli army intelligence group known as Unit 8200, Team8 researches cybersecurity market demand, raises investments from big tech companies, and creates startups based on those demand signals. It also describes itself as a think tank, and does its own threat research. Rogers, who headed NSA and U.S. Cyber Command for four years before stepping down this past May, will advise companies in Team8’s portfolio as well as companies under development. The retired admiral will be “instrumental in helping strategize” Team8’s expansion in the United States, the firm said in a statement last week. Rogers’ decision to join Team8 irked Robert Lee, a former Air Force officer and former NSA employee. […]

The post Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm appeared first on Cyberscoop.

Continue reading Ex-NSA employees criticize Mike Rogers’ role with Israeli venture firm→

Lawfare editor on persistent DDoS attack: ‘We wish they’d knock it off’

Posted on October 19, 2018 by Sean Lyngaas

Influential national security blog Lawfare has been the target of a distributed denial-of-service attack since Wednesday, with attackers amplifying their efforts as security measures are used to stop the traffic barrage. The DDoS attack knocked the site offline intermittently for a few hours on Wednesday, Executive Editor Susan Hennessey estimated, but the malicious traffic stubbornly persisted through Thursday. The attack “increased substantially in response to preliminary defense measures,” Hennessey told CyberScoop in an email Thursday. The website appears to have stabilized, she said, despite the continuous pinging of Lawfare’s site. “Previous attacks have taken us offline for longer period, but we now have more sophisticated defenses in place so size doesn’t necessarily correlate to impact,” said Hennessey, a former attorney in the National Security Agency’s Office of General Counsel. “While large, the attack hasn’t been especially sophisticated in morphing, so our current measures of just blocking the traffic seem to be working,” she added later […]

The post Lawfare editor on persistent DDoS attack: ‘We wish they’d knock it off’ appeared first on Cyberscoop.

Continue reading Lawfare editor on persistent DDoS attack: ‘We wish they’d knock it off’→

Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector

Posted on October 18, 2018 by Sean Lyngaas

The U.S. government’s new and reportedly more muscular approach to conducting offensive cyber-operations must carefully consider the potential blowback of such actions to the private sector, a former senior Department of Homeland Security official has warned. “DHS needs to be part of the discussion around the cost-benefit analysis to bring the private sector point of view because we know the private sector often bears the brunt of the retaliation that comes in the wake of more aggressive activity,” Suzanne Spaulding said Wednesday at the Atlantic Council. Asked what public indication there would that those concerns are being addressed, Spaulding, who served as a DHS undersecretary under President Barack Obama, said the answer lies in the private sector. Private companies will have a sense of “whether their equities were adequately considered” before a U.S. government decision to conduct offensive operations, Spaulding said during a panel discussion. “And my guess is they’ll […]

The post Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector appeared first on Cyberscoop.

Continue reading Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector→

New research highlights Vietnamese group’s custom hacking tools

Posted on October 17, 2018 by Sean Lyngaas

Cybersecurity researchers have uncovered remote access tools, or backdoors, linked to an infamous Vietnamese hacking group with a history of targeting government organizations and intellectual-property-rich companies. Analysts with cybersecurity company Cylance say that while investigating a security incident last year, they found multiple custom backdoors used by the cyber-espionage outfit known as APT32 or OceanLotus Group. The hackers used command and control protocols that were tailored to their targets and that supported multiple network communication methods. “The overall design and development of these threats indicate they come from a well-funded development team,” research from Cylance published Wednesday states. “The OceanLotus Group uses an expansive amount of custom library code that can easily be repurposed for maximum effectiveness against their next target.” Tom Bonner, Cylance’s director of threat research, told CyberScoop that the “underlying code for the APT32 backdoors is highly modular,” meaning it can be repurposed by tweaking command and control protocols. APT32, […]

The post New research highlights Vietnamese group’s custom hacking tools appeared first on Cyberscoop.

Continue reading New research highlights Vietnamese group’s custom hacking tools→

Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid

Posted on October 17, 2018 by Sean Lyngaas

Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the evolution of the broad set of hackers behind the attacks in an effort to warn organizations the hackers might strike next. On Wednesday, analysts from cybersecurity company ESET added to that body of knowledge in revealing a quieter subgroup of those hackers that has targeted energy companies in Ukraine and Poland. ESET has dubbed the group GreyEnergy, a derivative of the original group of hackers, which have been known as BlackEnergy. Whereas BlackEnergy is known for the disruptive 2015 attack on the Ukrainian grid that cut power for roughly 225,000 people, GreyEnergy has to date preferred reconnaissance and espionage, according to ESET. The group has taken screenshots of its possible targets, stolen credentials, and exfiltrated files. “Clearly, they want to fly under the radar,” said Anton Cherepanov, the company’s lead researcher on […]

The post Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid appeared first on Cyberscoop.

Continue reading Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid→

Ransomware hits computer networks of North Carolina water utility

Posted on October 15, 2018 by Sean Lyngaas

A North Carolina water utility has been infected by ransomware in a breach the company says has forced key services offline and will require it to rebuild its computing infrastructure. Jacksonville, North Carolina-based Onslow Water and Sewer Authority (ONWASA) said in a statement that it was hit by the Ryuk ransomware virus in the middle of the night on Saturday. That followed the spread of the “polymorphic” EMOTET malware through the utility’s networks beginning Oct. 4, according to the statement, in a pair of infections that overwhelmed IT personnel. The attack has left the utility operating with limited computer capabilities, with workers setting up accounts and fulfilling service orders manually. “We experienced a catastrophic loss inside our computer network,” ONWASA CEO Jeffrey Hudson said in a video posted to the utility’s Facebook page. Customer information wasn’t compromised, and the incident does not affect the safety of the water supply, the utility […]

The post Ransomware hits computer networks of North Carolina water utility appeared first on Cyberscoop.

Continue reading Ransomware hits computer networks of North Carolina water utility→

Breach of Pentagon travel records exposes defense personnel PII

Posted on October 13, 2018 by Sean Lyngaas

The Pentagon is dealing with a breach of Department of Defense travel records that exposed the personally identifiable information of defense personnel, a department spokesman said Friday evening. Pentagon officials on Oct. 4 identified a breach of the personally identifiable information (PII) of DOD personnel “that requires congressional notification,” Lt. Col Joe Buccino, a Pentagon spokesman, said in a statement. “The department is continuing to assess the risk of harm and will ensure notifications are made to impacted personnel whose PII may have been compromised,” Buccino said. The breach involves one commercial vendor — the name of which was not released — that provides DOD with a small percentage of travel services, he added. The Associated Press, which was first to report the news, reported that the breach could have affected up to 30,000 DOD workers and that the number could grow as the investigation proceeds. Buccino told CyberScoop that […]

The post Breach of Pentagon travel records exposes defense personnel PII appeared first on Cyberscoop.

Continue reading Breach of Pentagon travel records exposes defense personnel PII→

Facebook revises impacted account number to 30 million, investigation ongoing

Posted on October 12, 2018 by Sean Lyngaas

Facebook on Friday revealed new details on a widespread security breach of user profiles, revising the number of accounts affected from about 50 million to 30 million. Guy Rosen, Facebook’s vice president of product management, said in a blog post that Facebook is cooperating with the FBI in an ongoing investigation, and that the FBI had asked Facebook “not to discuss who may be behind this attack.” “We have not ruled out the possibility of smaller-scale attacks, which we’re continuing to investigate,” Rosen wrote. A vulnerability in Facebook’s code allowed for attackers to steal digital access tokens – the keys that allow people to access their profiles without having to login every time they visit the site. The hackers then used the tokens to move between accounts. In disclosing the security incident on Sept. 28, the social media giant had said that some 50 million accounts could be affected. But […]

The post Facebook revises impacted account number to 30 million, investigation ongoing appeared first on Cyberscoop.

Continue reading Facebook revises impacted account number to 30 million, investigation ongoing→