Author Archives: Shannon Vavra

Cyber Command’s latest VirusTotal upload has been linked to an active attack

Posted on by

The malware sample that U.S. Cyber Command uploaded to VirusTotal last week is still involved in active attacks, multiple security researchers tell CyberScoop. Researchers from Kaspersky Lab and ZoneAlarm, a software security company run by Check Point Technologies, tell CyberScoop they have linked the malware with APT28, the same hacking group that breached the Democratic National Committee during the 2016 election cycle. A variant of the malware is being used in ongoing attacks, hitting targets as recently this month. The targets include Central Asian nations, as well as diplomatic and foreign affairs organizations, Kaspersky Lab’s principal security researcher Kurt Baumgartner tells CyberScoop. While ZoneAlarm can’t confirm the targets the attack is focused on, the company detected the specific malware hash in an active attack in the Czech Republic last week, Lotem Finkelsteen, ZoneAlarm’s Threat Intelligence Group Manager, tells CyberScoop. “Although we cannot confirm such an attack, Finkelsteen said, referring to the […]

The post Cyber Command’s latest VirusTotal upload has been linked to an active attack appeared first on CyberScoop.

Continue reading Cyber Command’s latest VirusTotal upload has been linked to an active attack

Political parties are still struggling with cybersecurity basics

Posted on by

Political parties in Europe and the U.S. have cybersecurity practices that fail to meet basic standards, leaving them vulnerable to hackers and foreign influence operations with elections rapidly approaching, according to security researchers. An assessment of 29 political parties in 11 countries released Tuesday by SecurityScorecard found that a party in France relies on end-of-life technology that has not had a security update in four to five months, for example. There also is a strain of malicious software emanating from an IP address assigned to an economic subcommittee of the European Union in Brussels right now, SecurityScorecard’s Director of Threat Intelligence, Paul Gagliardi, tells CyberScoop. And while American political parties tend to fare better than European political parties, according to the report, the Democratic National Committee and the Republican National Committee still have weak spots. Malware in the EU The details of the report arrive just as the European Parliament elections kick off Thursday. The malware SecurityScorecard […]

The post Political parties are still struggling with cybersecurity basics appeared first on CyberScoop.

Continue reading Political parties are still struggling with cybersecurity basics

Middle East-linked hacking group is working hard to mask its moves

Posted on by

A group that’s been linked to Iranian-based hackers has been working to obfuscate its activities to evade detection, according to new research from Cisco’s Talos researchers. The hackers, whose attacks are ongoing, are working to avoid host-based signatures and Yara signatures by using a Visual Basic for Applications (VBA) script, PowerShell stager attacks, and a separate command and control server, researchers write in a blog post. In some cases the group, which Talos has dubbed “BlackWater,” has been successful in avoiding detection mechanisms. Some of the code the group has used in its attacks is the same as that used by a group known as MuddyWater. Talos writes the code was used in attacks against Kurds in Turkey. This code overlap and the fact that BlackWater and MuddyWater have had similar targets, including those in Turkey, lead Talos researchers to report they have “moderate confidence” that the actors behind BlackWater […]

The post Middle East-linked hacking group is working hard to mask its moves appeared first on CyberScoop.

Continue reading Middle East-linked hacking group is working hard to mask its moves

Election Assistance Commission pleads for more money in Senate hearing

Posted on by

The Election Assistance Commission is straining to secure elections in advance of the 2020 cycle with its current level of funding, the organization’s leadership told lawmakers Wednesday during a hearing on Capitol Hill. EAC chairwoman Christy McCormick said during a Senate Rules Committee hearing on election security that the commission has seen its budget halved from where it was in 2010, despite the fact that its responsibilities have greatly increased since the 2016 election. “That’s unbelievable,” Sen. Angus King, I-Maine, said of the cuts. “That’s like cutting the budget of the fire department in the middle of a five alarm fire. We’ve never had such a serious attack on our political systems that we’ve had in the last three years and your budget is 50 percent what it was.” All four EAC commissioners who testified Wednesday agreed that information sharing with local election officials needs to improve in advance of the 2020 elections. Two […]

The post Election Assistance Commission pleads for more money in Senate hearing appeared first on CyberScoop.

Continue reading Election Assistance Commission pleads for more money in Senate hearing

Facebook bans Israeli company that’s been sharing disinfo on West African politics

Posted on by

Facebook has banned an Israeli political consulting and lobbying firm after it found coordinated disinformation campaigns on its platform. In total, Archimedes Group was behind the majority of 265 Facebook and Instagram accounts, pages, groups and events originating from Israel, according to Nathaniel Gleicher, Facebook’s head of cybersecurity policy. The actors attempted to imitate individuals and local news organizations, posting about news, elections, and criticism of political candidates, all while concealing their true identity through fake accounts. In some cases, accounts purported to be candidates themselves. The activity targeted Nigeria, Senegal, Togo, Angola, Niger and Tunisia, as well as Latin America and Southeast Asia. Although not all of the activity is tied to Archimedes Group, it underscores the fact that nation-states are not the only entities interested in abusing social media platforms to spread disinformation. Businesses seemingly want in on the acrimony, too, and are willing to pay up, according […]

The post Facebook bans Israeli company that’s been sharing disinfo on West African politics appeared first on CyberScoop.

Continue reading Facebook bans Israeli company that’s been sharing disinfo on West African politics

White House executive order sets path for ban on Huawei

Posted on by

President Donald Trump issued an executive order Wednesday that is intended to prevent U.S. companies from using telecommunications technology made by firms that are beholden to foreign adversaries. The goal of the order is to protect the security, economy, and critical infrastructure of the U.S., a senior administration official told reporters Wednesday. The intent is to prevent economic and industrial espionage, especially those activities that pose “undue risk of sabotage” through technologies that are “owned by, controlled by, or subject to the jurisdiction or direction” of foreign adversaries. Although the order, which invokes the International Emergency Economic Powers Act and the National Emergencies Act, does not name any country or company in particular, the order is thought to impinge on business with China-based Huawei. The order comes as tension has risen over the U.S.-China trade war. Earlier this week, the Chinese government said it will impose tariffs on $60 billion worth of U.S. […]

The post White House executive order sets path for ban on Huawei appeared first on CyberScoop.

Continue reading White House executive order sets path for ban on Huawei

Microsoft patches critical vulnerability comparable to WannaCry

Posted on by

Microsoft released fixes Tuesday for a “wormable” remote code execution flaw reminiscent of the vulnerability that allowed WannaCry ransomware to propagate to computers around the globe in 2017. The Remote Desktop Services vulnerability, which Microsoft has rated as critical, could allow hackers to install programs, and view, change, or delete data. It requires no user interaction to work, meaning users don’t have to click on anything, such as a link, document, or message box, and attackers don’t need to run social engineering projects to dupe users. Microsoft took the unusual step of launching security updates for all users, including unsupported operating systems like XP and Windows 2003, due to the risk that the flaw can lead to self-propagating attacks. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the […]

The post Microsoft patches critical vulnerability comparable to WannaCry appeared first on CyberScoop.

Continue reading Microsoft patches critical vulnerability comparable to WannaCry

The NSA knows its weapons may one day be used by its targets

Posted on by

U.S. military commanders say that when Cyber Command and the National Security Agency use a capability against targets abroad, they understand it might eventually be used by an adversary. The risk of having the NSA’s tools leaked has been an issue inside the agency for years now — former NSA contractor Edward Snowden brought the issue into the public domain when he revealed a trove of NSA programs in 2013 — but the risk of having adversaries detect, obtain or reverse engineers NSA-used tools has become especially salient in the last week. Researchers from cybersecurity firm Symantec revealed last week that a Chinese-linked hacking group had repurposed tools linked with the NSA as early as March of 2016 and used them to attack various targets around the world. Although Cyber Command’s Director of Capabilities and Resource Integration, Maj. Gen. Karl Gingrich, did not directly address this report, when asked how Cyber Command protects […]

The post The NSA knows its weapons may one day be used by its targets appeared first on CyberScoop.

Continue reading The NSA knows its weapons may one day be used by its targets

Former NSA analyst charged in leak of classified documents to reporter

Posted on by

A former National Security Agency analyst has been charged and arrested for illegally obtaining classified national defense information, including files on drone warfare, and disclosing it to a reporter. The charges, which were filed originally in March of this year in federal court in Alexandria, Virginia, include obtaining, retaining, transmitting, and causing the communication of national defense information, disclosure of classified communications intelligence information, and theft of government property. The Department of Justice unsealed the charges against the former analyst, Daniel Hale of Tennessee, Thursday. Some of the documents that Hale illegally obtained and shared with the reporter detailed top secret information the NSA gathered on specific named targets, several counterterrorism operations, an overseas military campaign targeting al-Qaeda, and the effects of that operation. At least one document revealed classified technical capabilities of the U.S. military. Hale served in the U.S. Air Force from 2009-13, during which he was assigned […]

The post Former NSA analyst charged in leak of classified documents to reporter appeared first on CyberScoop.

Continue reading Former NSA analyst charged in leak of classified documents to reporter

Cyber Command has redeployed overseas in effort to protect 2020 elections

Posted on by

U.S. Cyber Command is still working overseas with allies to try preventing election interference, Brig. Gen. Timothy Haugh, the commander of Cyber Command’s cyber national mission force said Tuesday. As part of the military’s operation to defend the U.S. midterm elections in 2018, an operation known internally in the Department of Defense as “Synthetic Theology,” Cyber Command deployed cyber warriors to Ukraine, North Macedonia, and Montenegro to  help defend those countries’ networks, and to collect intelligence on adversaries. Cyber Command has since “redeployed” out of “some of those” countries, Haugh said during a reporters’ roundtable at the Integrated Cyber Center and Joint Operations Center in Fort Meade, Maryland. Haugh did not specify in which countries Cyber Command has ongoing operations right now in preparation for 2020, but said these kinds of partnership will continue to grow. “When we look to do partnerships overseas … we want to do that anywhere where […]

The post Cyber Command has redeployed overseas in effort to protect 2020 elections appeared first on CyberScoop.

Continue reading Cyber Command has redeployed overseas in effort to protect 2020 elections