Shannon Vavra – Page 12 – WindowsTechs.com

How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game

Posted on December 18, 2020 by Shannon Vavra

As U.S. government agencies and thousands of companies around the world assess whether they’ve been compromised in the SolarWinds breach, cybersecurity experts are concerned that the full reach of the suspected hackers may only be just coming to light. People familiar with the matter have told outlets including The Washington Post that the culprit is one of the most persistent and savvy hacking groups on the planet: the Russian government-backed APT29, also known as Cozy Bear. Cyber threat intelligence firms have been more cautious in assigning blame, even as they acknowledge significant similarities. The group, reportedly linked to Russia’s foreign intelligence service, the SVR, and sometimes the FSB, is notorious for running multi-pronged efforts, and for not backing down from espionage operations, even after they are discovered. APT29 has historically gone to great lengths to conceal its activities, at times running years-long espionage operations, according to security researchers. “This is […]

The post How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game appeared first on CyberScoop.

Continue reading How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game→

White House quietly activates cyber emergency response

Posted on December 16, 2020 by Shannon Vavra

In the wake of the SolarWinds breach, the National Security Council has activated an emergency cybersecurity process that is intended to help the government plan its response and recovery efforts, according to White House officials and other sources. The activation of the process is a sign of just how seriously the Trump administration is taking the foreign espionage operation, former NSC officials told CyberScoop. The process, which is rooted in a presidential directive issued during the Obama administration known as PPD-41, establishes a Cyber Unified Coordination Group (UCG) that is intended to help the U.S. government coordinate multiple agencies’ responses to the significant hacking incident. The UCG is generally led by the Department of Justice — through the FBI and the National Cyber Investigative Joint Task Force — as well as the Office of the Director of National Intelligence and the Department of Homeland Security. “This cyberattack is the exact type […]

The post White House quietly activates cyber emergency response appeared first on CyberScoop.

Continue reading White House quietly activates cyber emergency response→

SolarWinds hack exposes underbelly of supply-chain attacks

Posted on December 14, 2020 by Shannon Vavra

Hackers of lore are often depicted breaking into prominent targets by typing frantically on keyboards in dark rooms and yelling “I’m in!” when they’ve purportedly breached their victim’s systems. But the sweeping SolarWinds breach, which has reportedly impacted the U.S. Treasury and Commerce departments, shows the reality is much less flashy and can be far more devastating. Details are still emerging about the SolarWinds breach, in which hackers inserted malicious code into software updates for the SolarWinds network management product Orion in order to conduct cyber-espionage against the U.S. federal government and multiple other targets. But the fallout from the attack, which is suspected to be linked with Russian hackers, is still being investigated, and early indications suggest the ramifications — and victims — could be extensive. In many respects, SolarWinds is just another, typical IT provider with government contracts. The company’s website has touted business with numerous U.S. military and civilian […]

The post SolarWinds hack exposes underbelly of supply-chain attacks appeared first on CyberScoop.

Continue reading SolarWinds hack exposes underbelly of supply-chain attacks→

MountLocker ransomware hackers upgrade covert approach

Posted on December 11, 2020 by Shannon Vavra

BlackBerry researchers on Friday revealed new details about a ransomware strain that emerged this summer that hackers are peddling as a ransomware service for hire. It is unclear who exactly is behind the ransomware, called MountLocker. Within the last month, though, the scammers behind the ransomware have updated it several times in an effort to bypass detection, according to the researchers. MountLocker, which security professionals initially uncovered in July, according to the U.K. National Health Service Digital, tends to encrypt targets’ files like traditional ransomware strains. Affiliates now are using MountLocker to run extortion and blackmail schemes in an effort to compel larger payouts from victims, according to BlackBerry. In some cases, the ransom demands have been seven figures. It’s the latest ransomware strain to take part in the extortion tactic, which the FBI and security researchers have been warning about for months. MountLocker affiliates have largely relied on commercially […]

The post MountLocker ransomware hackers upgrade covert approach appeared first on CyberScoop.

Continue reading MountLocker ransomware hackers upgrade covert approach→

Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak

Posted on December 10, 2020 by Shannon Vavra

An Al Jazeera anchor is alleging the crown princes of Saudi Arabia and the United Arab Emirates helped to coordinate a hack-and-leak operation intended to intimidate and disparage her. In a civil suit filed Wednesday in the U.S. District Court for the Southern District of Florida, journalist Ghada Oueiss accuses Saudi Crown Prince Mohammed bin Salman (MBS) and UAE Crown Prince Mohammed bin Zayed (MBZ) of coordinating efforts to break into her iPhone and then share private photos on Twitter and various websites. The lawsuit says the operation is connected to larger efforts by rulers in Saudi Arabia and the UAE to stifle reports about the two regimes’ alleged human rights abuses. Oueiss has been critical of both nations’ leaders as part of her work as a principal anchor and presenter for Al Jazeera, a news agency based in the nearby Persian Gulf state of Qatar, which has strained ties […]

The post Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak appeared first on CyberScoop.

Continue reading Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak→

Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files

Posted on December 9, 2020 by Shannon Vavra

The European Medicines Agency, which is currently helping to roll out two coronavirus vaccines, has been hit by hackers, the agency announced Wednesday. Attackers successfully accessed “some documents relating to the regulatory submission for Pfizer and BioNTech’s COVID-19 vaccine candidate” that were stored on a European Medicines Agency (EMA) server, according to a statement BioNTech released on its investors’ website. The intruders did not breach any BioNTech or Pfizer systems, according to BioNTech’s statement. BioNTech said it is unaware if any study volunteers had been identified in the course of the attack. Moderna, another company working with the EMA on a vaccine candidate, did not immediately return request for comment. The EMA said it is working with law enforcement to investigate the incident further. In the interim, the timeline for the Pfizer and BioNTech vaccine’s review will not be affected, according to BioNTech. “At this time, we await further information […]

The post Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files appeared first on CyberScoop.

Continue reading Hackers breach European agency to access BioNTech, Pfizer COVID-19 vaccine files→

German court forces encrypted email provider Tutanota to create backdoor for blackmail case

Posted on December 9, 2020 by Shannon Vavra

A regional court in Germany has ordered the end-to-end encrypted email provider Tutanota to monitor an account belonging to a user under suspicion in a blackmail case. It’s the latest surveillance-related court decision the email provider is fighting in court, and comes amid a broader, protracted campaign from governments around the world to weaken encryption. The U.S. Department of Justice, for instance, has coordinated with Australia and other nations in recent years to try giving law enforcement more access to encrypted data. Tutanota said it plans to appeal the November ruling from a regional court in Cologne, arguing that it contradicts an earlier decision from another German court. That first court, the Hanover Regional Court, determined earlier this year that Tutanota does not provide telecommunications services, suggesting it cannot be forced to monitor them under German law. The latest ruling from Cologne also could contradict a 2019 ruling by the […]

The post German court forces encrypted email provider Tutanota to create backdoor for blackmail case appeared first on CyberScoop.

Continue reading German court forces encrypted email provider Tutanota to create backdoor for blackmail case→

NSA warns of Russian government-backed hackers aiming at US defense sector targets

Posted on December 7, 2020 by Shannon Vavra

The National Security Agency issued an alert Monday warning U.S. defense contractors to be on alert for Russian state-sponsored hackers exploiting a recently announced vulnerability. The software issue, which affects VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector, is known as a Command Injection Vulnerability, and could allow attackers to execute arbitrary commands on targets. The Russian hackers, which the NSA did not identify more specifically, appear to have successfully accessed protected systems by exploiting the flaw, according to the NSA alert. In order to be able to exploit the flaw, hackers must already have access to the management interface of the device, suggesting they already have password-level access. The agency urges system administrators to patch against the flaw as soon as possible. Exploitation of the vulnerability could lead to the complete compromise of user data, according to VMWare. The company already released a patch for […]

The post NSA warns of Russian government-backed hackers aiming at US defense sector targets appeared first on CyberScoop.

Continue reading NSA warns of Russian government-backed hackers aiming at US defense sector targets→

The EU is making overtures about cybersecurity collaboration under Biden

Posted on December 7, 2020 by Shannon Vavra

European Union members convened a ministerial discussion Monday in an effort to take stock of the 2020 U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on a whole host of issues, including cybersecurity matters. The agenda was focused on a proposal from the European Commission and the office of the EU High Representative that suggests that the EU and the U.S. increase cybersecurity-related information-sharing and coordinate repercussions for bad actors in cyberspace. The commission and high representative — essentially the EU’s foreign minister — also proposed an increase in cybersecurity capacity-building efforts, discussions about 5G, and a meeting in early 2021 to discuss security and military operations. Europe and the U.S. have a long history of partnering on cybersecurity issues, and in the last year the U.S. and some members of the EU have taken steps meant to increase their ability to jointly […]

The post The EU is making overtures about cybersecurity collaboration under Biden appeared first on CyberScoop.

Continue reading The EU is making overtures about cybersecurity collaboration under Biden→

Cyber Command deployed personnel to Estonia to protect elections against Russian threat

Posted on December 3, 2020 by Shannon Vavra

Personnel from the U.S. Department of Defense’s Cyber Command deployed to Estonia in recent months as part of a broader effort to protect U.S. elections against foreign hacking, American and Estonian officials announced Thursday. The mission allowed personnel from U.S. Cyber Command and Estonia’s Defense Forces Cyber Command to collaborate on hunting for malicious hacking efforts on critical networks from adversaries, officials said. Estonia in particular could help the U.S. glean intelligence about Russian cyber-operations, as it has borne the brunt of Russian hacking in the past. Montenegro, a perennial target of Russian hacking, has also worked with Cyber Command on similar missions, known as “Hunt Forward” missions, to protect the 2020 presidential elections against foreign hacking. As the thinking goes, Cyber Command can run these kinds of operations to help protect a foreign ally against intrusions conducted by shared adversaries, while also obtaining information that could help protect U.S. […]

The post Cyber Command deployed personnel to Estonia to protect elections against Russian threat appeared first on CyberScoop.

Continue reading Cyber Command deployed personnel to Estonia to protect elections against Russian threat→