Author Archives: Shannon Vavra

U.S. intelligence community details destructive cyber capabilities, growing influence threats

Posted on by

The intelligence community made its most direct public attribution yet that Russia was behind weaving malicious code into a SolarWinds software update to facilitate a sweeping espionage operation, impacting hundreds of companies and U.S. federal agencies. The intelligence community said Russia was behind the software supply chain hack in the intelligence community’s Annual Threat Assessment, which the Office of the Director of National Intelligence released Tuesday. “A Russian software supply chain operation against a US-based IT firm exposed approximately 18,000 customers worldwide, including enterprise networks across US Federal, state, and local governments,” the assessment notes, without naming SolarWinds. The intelligence community under the Trump administration had only previously stated that the operation was “likely” Russian in origin. The publication of the threat assessment coincides with President Joe Biden’s call with Russian President Vladimir Putin Tuesday, during which Biden “made clear that the United States will act firmly in defense of […]

The post U.S. intelligence community details destructive cyber capabilities, growing influence threats appeared first on CyberScoop.

Continue reading U.S. intelligence community details destructive cyber capabilities, growing influence threats

Fed chair deems cyber threat top risk to financial sector

Posted on by

Federal Reserve Chairman Jerome Powell said he is on alert for cyberattacks against U.S. financial systems and companies, above and beyond any other risks to the economy. “The world evolves. And the risks change as well,” Powell said during an interview aired Sunday on CBS 60 Minutes, noting he is far more concerned about a cyber incident than he is about encountering a collapse akin to the global financial crisis of 2008. “And I would say that the risk that we keep our eyes on the most now is cyber risk.” Other government agencies and major companies — in particular financial companies — are also on alert, Powell said. Particularly of concern to Powell are scenarios in which cyberattacks cripple financial institutions to the point that they can’t track payments or to the point that payment systems don’t function. “There are scenarios in which a large payment utility, for example, breaks […]

The post Fed chair deems cyber threat top risk to financial sector appeared first on CyberScoop.

Continue reading Fed chair deems cyber threat top risk to financial sector

US intelligence report warns of increased offensive cyber, disinformation around the world

Posted on by

Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly “volatile and confrontational” global security landscape, according to a new U.S. intelligence assessment. The U.S. intelligence community’s Global Trends report, issued on Thursday, notes many of theses offensive cyber-operations will likely target civilian and military infrastructure. Nation-states will likely increasingly favor tools that allow them to operate below the level of armed conflict in order to avoid the geopolitical and resource costs that come with violence and traditional warfare, the report adds. Countries also will leverage proxies such as hackers or military contractors to disrupt their adversaries, according to the assessment, which is issued by the National Intelligence Council, which reports to the Director of National Intelligence. “Proxies and private companies can reduce the cost of training, equipping, and retaining specialized units and provide manpower for countries with […]

The post US intelligence report warns of increased offensive cyber, disinformation around the world appeared first on CyberScoop.

Continue reading US intelligence report warns of increased offensive cyber, disinformation around the world

Fake job listings help suspected Iranian hackers aim at targets in Lebanon

Posted on by

Suspected Iranian hackers have zeroed-in on a target in Lebanon, according to Check Point research published Thursday. Researchers caught attackers sending an unidentified Lebanese target documents that purported to contain details about job opportunities. If accessed in certain ways, those documents would deploy malware against victims. One such document imitated Ntiva IT, a consulting firm based in Virginia, Check Point said. In order to be infected, targets would have needed to enable macros on the documents, triggering a process that launches malware every five minutes. The hackers, which Check Point suspects belong to a hacking group known as APT34 or OilRig, have been using a new backdoor to access their targets, according to the researchers. APT34, which researchers say has been operating since 2014, is believed to frequently rely on decoy job opportunities to trap targets in their campaigns. The group used LinkedIn in 2019 to go after espionage targets […]

The post Fake job listings help suspected Iranian hackers aim at targets in Lebanon appeared first on CyberScoop.

Continue reading Fake job listings help suspected Iranian hackers aim at targets in Lebanon

What gets lost in ‘cyber Pearl Harbor’-style rhetoric

Posted on by

Over a year into the coronavirus pandemic, more people have become accustomed to doomsday talk. Americans following public officials’ remarks about cybersecurity, though, may have been expecting a kind of digital apocalypse for decades.  Phrases like “cyberbombs” and “cyber 9/11” have for years served as rhetorical catchphrases for national security officials trying to amplify their messaging or secure cyber-related funding from Capitol Hill. In 2012, then-Defense Secretary Leon Panetta warned the U.S. was under threat from a “cyber Pearl Harbor” that could involve foreign hackers derailing trains carrying lethal chemicals. While the use of dire language might be helpful in generating attention, some former Western intelligence officials now are wondering whether the use of fear-inducing language has had its intended effect.  In recent weeks, the U.K. issued its Integrated Defense Review, a strategic national security document which describes how the government might use nuclear weapons in the event that an adversary […]

The post What gets lost in ‘cyber Pearl Harbor’-style rhetoric appeared first on CyberScoop.

Continue reading What gets lost in ‘cyber Pearl Harbor’-style rhetoric

Hackers are abusing Discord, Slack file-sharing to distribute malware

Posted on by

Hackers are increasingly using Slack and Discord to distribute malware to unsuspecting victims, according to Cisco Talos research published Wednesday.  Suspected cybercriminals have been uploading files to the platforms, which are then stored within the apps’ content delivery networks, resulting in a link to malicious content. Attackers then share the links outside of Slack and Discord — over email or on other chat applications, for instance — allowing hackers to share the link wherever they want. It’s the kind of workaround that could allows hackers to meet targets where they already are — on platforms they trust and need to conduct business or socialize — which could allow them to boost the success of any social engineering efforts.  Hackers have long abused people’s trust in chat applications to deliver malware to targets. Hackers previously used Discord to distribute Thanatos ransomware, according to Talos. In recent months, a hacking group that targets victims in […]

The post Hackers are abusing Discord, Slack file-sharing to distribute malware appeared first on CyberScoop.

Continue reading Hackers are abusing Discord, Slack file-sharing to distribute malware

Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find

Posted on by

Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday. The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro. One version of EtterSilent imitates the digital signature product DocuSign, thought when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware. EtterSilent also offers another benefit for criminals looking for the latest tools to run their schemes — the malicious document builder has been crafted to conceal the activities of its operators, and has been constantly updated in recent months to avoid detection, according to Intel 471. “The widespread use of EtterSilent shows how commoditization is a big part of […]

The post Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find appeared first on CyberScoop.

Continue reading Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find

533 million Facebook users’ personal data leaked online

Posted on by

Information belonging to approximately 533 million Facebook users has leaked online in recent days, according to security researcher Alon Gal, raising concerns about a spike in scams targeting vulnerable Facebook users. The data, which comes from people from over 100 countries, includes users’ phone numbers, email addresses, full names, birthdates and location, among other identifiers, according to Insider, which first reported the news. The dataset includes 32 million records for users in the U.S. The existence of the leak was first reported by Motherboard in January. Facebook users’ personal data was available for sale online then — criminals could pay a couple of dollars to a Telegram bot in order to gain access to Facebook users’ phone numbers. Now, a suspected cybercriminal has posted the data to a hacking forum, free of charge. Facebook said in a comment that the information leaked due to a vulnerability that had been fixed in […]

The post 533 million Facebook users’ personal data leaked online appeared first on CyberScoop.

Continue reading 533 million Facebook users’ personal data leaked online

Suspected North Korean hackers set up fake company to target researchers, Google says

Posted on by

North Korean-linked hackers have set up a fake security company and social media accounts as part of a broad campaign targeting cybersecurity researchers with malware, according to Google research published Wednesday. Hackers have leveraged at least two fake accounts on LinkedIn that impersonate recruiters appearing to be from antivirus software and security companies, Google said. One of the recruiters, supposedly named “Carter Edwards,” works at a company allegedly named “Trend Macro,” which someone quickly searching for a new information security job may confuse with the legitimate security firm Trend Micro. The campaign also relies on a smattering of Twitter accounts. The fake Turkey-based company, which the hackers call “SecuriElite,” claims to be based in Turkey and focused on offensive security, penetration tests, software security assessments and exploits, according to Google. The hackers set up the apparent company in March, Google said. The Twitter account that appears to be linked with the […]

The post Suspected North Korean hackers set up fake company to target researchers, Google says appeared first on CyberScoop.

Continue reading Suspected North Korean hackers set up fake company to target researchers, Google says

The latest malware hiding in video game cheat codes

Posted on by

Gamers have long used cheat codes to enhance their performance in video games. But buyer beware — hackers have recently been lacing malware in video game cheat codes that could allow attackers to hack victims’ microphones or web cameras, according to research Cisco Talos researchers published Wednesday. The campaign, which appears to have targeted video game players and PC modders, features malware hidden in seemingly legitimate files that users can download to run game patches, tweaks or modding tools. The malware hackers have used in this campaign, XtremeRAT, can capture audio or video through victims’ microphones or web cameras, take screenshots, upload and download files or log keystrokes. The victims involved in this campaign have generally accessed the booby-trapped downloads from YouTube videos about game cheats or social media forums about specific games of interest, Cisco Talos said. “This goes to show how dangerous it is to install random software from questionable […]

The post The latest malware hiding in video game cheat codes appeared first on CyberScoop.

Continue reading The latest malware hiding in video game cheat codes