Author Archives: Tim Starks

Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says

Posted on by

An apparent espionage campaign from the same Russian hacking group that breached the U.S. federal contractor SolarWinds in 2020 differed from that incident — which sparked congressional hearings and a reckoning throughout the U.S. federal government — in significant ways, according to Tom Burt, Microsoft’s corporate vice president for customer security and trust. The latest effort unveiled Sunday by Microsoft represents an example of how the group, which the company calls Nobelium and says is connected to the Kremlin’s SVR intelligence agency, targeted whole classes of companies, such at technology resellers and cloud service providers. The company said the intruders compromised 14 of the 140 service providers that were targeted, though investigators appear to have caught the effort relatively early, with Microsoft alerting government officials and publishing an advisory on the matter some five months after the activity appeared to begin. Attackers breached SolarWinds in January 2019, nearly two years […]

The post Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says appeared first on CyberScoop.

Continue reading Latest Russian espionage activity is broader than SolarWinds-style hacking effort, Microsoft’s Tom Burt says

‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million

Posted on by

A federal judge sentenced two men to multi-year prison terms for their role in providing services to cybercriminals, including some big name malware that cost victims millions of dollars in losses, the Justice Department announced Wednesday. Chief Judge Denise Page Hood of the U.S. District Court for the Eastern District of Michigan gave Pavel Stassi of Estonia 24 months in prison and Aleksandr Skorodumov of Lithuania received 48 months after pleading guilty to one count each of RICO conspiracy. The two men were part of a larger operation providing “bulletproof hosting,”  which involved hosting rented IP addresses, servers, domains and malware to scammers in a way that provided more anonymity and protection from law enforcement than more legitimate hosting providers would provide. The operation in which Stassi and Skorodumov were members from 2009 to 2015 hosted the Zeus malware, used to steal more than $100 million from victims. It also […]

The post ‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million appeared first on CyberScoop.

Continue reading ‘Bulletproof’ hosting operators sentenced for role in aiding spread of Zeus malware, which stole $100 million

Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros

Posted on by

Soon, a cybersecurity professional at the Department of Homeland Security could make as much money as the vice president of the United States, $255,800 — or more, up to $332,100, if they’re in a geographic market where that salary makes the offer competitive. It’s just one feature of a dramatic overhaul of how DHS hires cyber personnel rolling out on Nov. 15 after seven years in the making. The Cyber Talent Management System dispenses with traditional federal job classifications in place since 1949, changes how applicants prove themselves, ties pay increases to something other than longevity of service and much more. At a time when private sector organizations and government agenies struggle to recruit and retain cyber personnel, DHS officials and outside observers alike are hopeful the system will deliver results. It’s a priority not just for DHS Secretary Alejandro Mayorkas but for the chief of the Cybersecurity and Infrastructure […]

The post Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros appeared first on CyberScoop.

Continue reading Seven years later, DHS set to roll out dramatic changes to system for hiring cyber pros

NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million

Posted on by

A government advisory published Monday warned that BlackMatter ransomware attackers are going after U.S. critical infrastructure, including food and agriculture organizations, and demanding exorbitant payouts. It’s the latest joint alert from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the National Security Agency, this time about a form of ransomware that first emerged in July. It comes just days after a similar alert about ransomware threats to water and wastewater facilities. It’s also part of a recent push by federal security agencies to put a focus on the food and agriculture sector. “This advisory highlights the evolving and persistent nature of criminal cyber actors and the need for a collective public and private approach to reduce the impact and prevalence of ransomware attacks,” said Eric Goldstein, executive assistant director for cybersecurity at CISA. BlackMatter seeks between $80,000 and $15 million in cryptocurrency, including bitcoin and Monero, […]

The post NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million appeared first on CyberScoop.

Continue reading NSA, DHS shine light on BlackMatter ransomware threat to food industry, demands of up to $15 million

Accenture lost ‘proprietary information’ in summer ransomware attack

Posted on by

Accenture has acknowledged in a filing to the Securities and Exchange Commission that outsiders extracted “proprietary information” in a cyber incident this summer. The SEC filing filed Friday provides additional detail on a breach the company first discovered on July 30 and disclosed in early August. The disclosure coincided with the ransomware gang LockBit 2.0 leaking information from the consulting giant after saying Accenture failed to pay a $50 million ransom by its deadline. CyberScoop had previously reported other details of the intrusion. “While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature,” read an internal memo that CyberScoop obtained. A spokesperson didn’t directly answer a question about what kind of “proprietary information” the attackers stole, saying that the company’s original statement covered the matter. […]

The post Accenture lost ‘proprietary information’ in summer ransomware attack appeared first on CyberScoop.

Continue reading Accenture lost ‘proprietary information’ in summer ransomware attack

Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says

Posted on by

Two trends are combining to amplify the threat that cyber poses to the U.S., according to a top Cybersecurity and Infrastructure Security Agency official: nation-states expanding their offensive capabilities, and the wider availability of easily-used hacking tools. Brandon Wales, executive director of the Department of Homeland Security’s cyber wing CISA, said Monday that nations like China, Russia, Iran and North Korea “are investing significantly in tools to target our networks.” A small number of ransomware gangs also are producing malware for wider use as part of their affiliate programs, Wales said at CyberWeek, a Scoop News Group event. “We continue to see a democratization of malicious cyber capabilities,” he said. “Today, hacking tools can be purchased for use by any criminal, regardless of expertise, or even rented to provide as a service capability.” Those separate phenomena are responsible for many of the most troubling developments in cyberspace over the past […]

The post Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says appeared first on CyberScoop.

Continue reading Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says

US, allies pledge to combat money laundering as part of efforts to slow ransomware

Posted on by

Nations must better clamp down on money laundering in order to disrupt ransomware gangs’ illicit financial transactions, according to a statement Thursday from 32 countries that participated in two days of White House meetings focused on slowing hackers and digital extortion. The joint statement also included commitments to other methods of countering ransomware, such as encouraging cyber hygiene practices to the private sector, collaborating across law enforcement and national security agencies and using diplomatic pressure against nations that harbor cybercriminals. The initiative comes after a White House summit that included presentations and intelligence sharing between countries including Australia, Brazil, Bulgaria, Canada, the Czech Republic, Estonia, France and Germany, among others. The two days of meetings were the latest steps the Biden administration has taken to battle ransomware, a frequent focus of the White House since major attacks this summer on Colonial Pipeline, JBS and Kaseya. However, the meetings excluded Russia, […]

The post US, allies pledge to combat money laundering as part of efforts to slow ransomware appeared first on CyberScoop.

Continue reading US, allies pledge to combat money laundering as part of efforts to slow ransomware

A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’

Posted on by

The Cybersecurity and Infrastructure Security Agency’s former lead election security official is recommending comprehensive changes to protect the ballot in future elections, from physical safety upgrades for election workers and federal agency revamps to mandated disclosure of cyber incidents. A report published Thursday from former CISA election adviser Matt Masterson, who now works for Stanford’s Internet Observatory Cyber Policy Center, is a response to the complications that surrounded the 2020 elections. Namely, 2020 was marred by misinformation that undermined public faith in elections, inconsistent funding to mitigate IT vulnerabilities and threats against election officials, the report concludes. The battle over the 2020 presidential race rages on, with the GOP pushing partisan election reviews in several states despite numerous recounts that concluded with Joe Biden as the victor. “Our democracy is in trouble,” Masterson told CyberScoop. “We are in a downward spiral of distrust of the process. If we don’t make […]

The post A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’ appeared first on CyberScoop.

Continue reading A former top US election official urges sweeping security improvements, warning ‘democracy is in trouble’

White House kicks off international ransomware meeting amid global barrage

Posted on by

A parade of nations recounted grim experiences with ransomware at the start of a two-day White House-led summit on Wednesday, where the gathered officials will collaborate on how to counter the rise of digital extortion. Israel was, at the moment, dealing with an ongoing ransomware attack at a major hospital, Hillel Yaffe Medical Center. Ireland and the Czech Republic have experienced similar attacks on their medical centers. South Korea has seen a 70% year-over-year increase in ransomware incidents, and the United Arab Emirates has seen a 200% rise. Each anecdote, each statistic fed into the White House message for the day that ransomware is a global issue that will require collective action. Scheduled sessions will cover resilience, illicit finance, disrupting criminals and diplomacy, each led by officials from a different country. “No one country, no one group can solve this problem,” said U.S. National Security Adviser Jake Sullivan. “Transnational criminals […]

The post White House kicks off international ransomware meeting amid global barrage appeared first on CyberScoop.

Continue reading White House kicks off international ransomware meeting amid global barrage

White House set to lead 30 nations in ransomware discussions, sans Russia

Posted on by

The White House on Wednesday and Thursday will convene meetings with representatives from more than 30 countries to discuss how to counter ransomware, leaving out the country the president most frequently criticizes for hosting gangs of hackers: Russia. “Participants will cover everything from efforts to improve national resilience, to experiences addressing the misuse of virtual currency to launder ransom payments, our respective efforts to disrupt and prosecute ransomware criminals and diplomacy as a tool to counter ransomware,” a senior administration official told reporters on Tuesday. The official didn’t specify why Russia didn’t get an invitation beyond unnamed “constraints.” The lack of an invitation this time “doesn’t preclude future opportunities for them to participate.” The U.S. also has other avenues for discussing ransomware with the Kremlin, the official said. The lack of an invitation for Russia exemplifies the tensions over when the U.S. might involve more adversarial nations in discussions over […]

The post White House set to lead 30 nations in ransomware discussions, sans Russia appeared first on CyberScoop.

Continue reading White House set to lead 30 nations in ransomware discussions, sans Russia