Author Archives: Tim Starks

Iranian spies tried hacking US military personnel by posing as job recruiters on Facebook

Posted on by

Facebook said on Thursday it upended Iranian government-backed hackers who targeted U.S. military personnel and defense companies on its platform before trying to move conversations elsewhere to infect victims with malware. In a blog post, Facebook linked the campaign to a group known alternately as Tortoiseshell or Imperial Kitten, which primarily had focused on Middle East targets before. This time, they were mainly preoccupied with the United States. “In an apparent expansion of malicious activity to other regions and industries, our investigation found them targeting military personnel and companies in the defense and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe,” wrote Mike Dvilyanski, Facebook’s head of cyber-espionage investigations, and David Agranovich, director of threat disruption. As part of a social engineering effort, the hackers posed via fake online personas as defense and aerospace industry recruiters, or claimed to work in hospitality, journalism, […]

The post Iranian spies tried hacking US military personnel by posing as job recruiters on Facebook appeared first on CyberScoop.

Continue reading Iranian spies tried hacking US military personnel by posing as job recruiters on Facebook

An espionage campaign spread its wings from Myanmar to the Philippines, raising new questions

Posted on by

A cyberespionage campaign that spread through Myanmar last fall at first looked like many others of the genre: a handpicked set of targets affected by highly tailored break-in methods. After all, scattershot attacks historically are not only less likely to hit valuable victims, but they also equal a greater chance of being caught and halted before the hackers gather the information they want. Then something changed, according to the security firm Kaspersky. What began as a small campaign — ultimately affecting approximately 100 Myanmar victims that Kaspersky identified — leapfrogged to another country, the Philippines, where the victim count exploded to 1,400 and included some government entities. Kaspersky researchers on Wednesday detailed the extent of the campaign, and who they believe is behind it. But they remain unsure why it evolved the way it did, even if they have some informed guesses. The investigators attributed the infections to a group […]

The post An espionage campaign spread its wings from Myanmar to the Philippines, raising new questions appeared first on CyberScoop.

Continue reading An espionage campaign spread its wings from Myanmar to the Philippines, raising new questions

CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw

Posted on by

The Cybersecurity and Infrastructure Security Agency late Tuesday ordered federal agencies to disable the Microsoft Windows Print Spooler service because of an alarming flaw that could allow attackers to take over systems remotely. CISA, part of the Department of Homeland Security, gave agencies until midnight Wednesday to disable the service in response to the so-called “PrintNightmare” bug. Its “emergency directive” also ordered agencies to implement Microsoft security updates by July 20. The PrintNightmare issue has given Microsoft fits for weeks. It issued a patch last week that some security pros said didn’t work properly. On Tuesday, Microsoft issued another Print Spooler fix as part of its “Patch Tuesday” update, the latest of which also included answers for 13 “critical vulnerabilities” and four under active attack. “CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action,” CISA said in its PrintSpooler […]

The post CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw appeared first on CyberScoop.

Continue reading CISA orders agencies to disable Microsoft Print Spooler in response to ‘PrintNightmare’ flaw

Senate confirms former White House, NSA official Jen Easterly as CISA director after delay

Posted on by

Seven months into Joe Biden’s presidency, an administration confronting several cybersecurity crises finally has a permanent director en route to take over one of the top few cyber posts in the federal government. The Senate on Monday confirmed Jen Easterly as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency by voice vote. Once she’s sworn in, Easterly — the departing head of Morgan Stanley’s Fusion Resilience Center and a former White House and National Security Agency official — will be busy with the aftermath of a spree of ransomware attacks that have attracted the attention of policymakers like none before. They include incidents at fuel supplier Colonial Pipeline, meat processor JBS and software company Kaseya, where a compromise opened the door for attackers to claim perhaps thousands of victims. In the early months of the Biden administration, officials also have contended with a cyber-espionage operation that […]

The post Senate confirms former White House, NSA official Jen Easterly as CISA director after delay appeared first on CyberScoop.

Continue reading Senate confirms former White House, NSA official Jen Easterly as CISA director after delay

Suspected Chinese hackers return with unusual attacks on domestic gambling companies

Posted on by

It’s rare for Chinese hackers to turn their gaze inward on domestic companies. But a well-known group appears to have been targeting online gambling firms in China with new malware. The malware, which Trend Micro dubbed BIOPASS RAT, goes after Chinese gambling companies with a watering hole attack, where hackers try to infect websites commonly used by its targets. “Notably, a large number of features were implemented to target and steal the private data of popular web browsers and instant messengers that are primarily used in Mainland China,” Trend Micro said in a report on Friday. Digital clues that Trend Micro identified point to the Chinese hacking outfit the Winnti Group as a culprit. Its activity overlaps with that of the Chinese government hackers known as APT41, such that it’s sometimes mentioned as a second name for the group. That’s a joint cybercrime and espionage organization of hackers whose goals […]

The post Suspected Chinese hackers return with unusual attacks on domestic gambling companies appeared first on CyberScoop.

Continue reading Suspected Chinese hackers return with unusual attacks on domestic gambling companies

Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Posted on by

Ransomware has never been more of a national security concern after a string of hacks against the fuel supplier Colonial Pipeline, meat giant JBS and perhaps thousands of others compromised after breach at a large IT firm. Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network.  That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them. That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs. “Having public transparency around the impact of ransomware, especially as we’re proposing and considering different […]

The post Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details appeared first on CyberScoop.

Continue reading Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Critical ‘PrintNightmare’ bug in Microsoft’s Windows tech is still causing headaches

Posted on by

More than a week later, Microsoft is still trying to shake off its PrintNightmare. That’s the nickname for a bug for a proof-of-concept exploit accidentally published online on June 30. Microsoft on Tuesday issued an emergency update for the critical flaw, which affects all versions of Windows’ Print Spooler that manages interactions between computers and printers. The vulnerability could allow hackers to take over computers remotely. But on Thursday Microsoft had to fend off claims from researchers that its patch didn’t work. “Our investigation has shown that the … security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare,” the company wrote. “All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.” Previously, the patch had encountered other problems, such as breaking connections […]

The post Critical ‘PrintNightmare’ bug in Microsoft’s Windows tech is still causing headaches appeared first on CyberScoop.

Continue reading Critical ‘PrintNightmare’ bug in Microsoft’s Windows tech is still causing headaches

Houston man sentenced to 7 years for attempted $2 million romance scam

Posted on by

A U.S. federal judge sentenced a Nigerian national to 87 months in prison for his role in trying to steal more than $2 million from victims via romance scams and spoofed email requests for wire transfer payments. The judge on Wednesday also ordered Akhabue Ehis Onoimoimilin, who lives in Houston, to pay back nearly $900,000 to victims of the money laundering scheme to which he pleaded guilty. The indictment in the case indicates that Onoimoimilin and a co-defendant, whose name is redacted, caused $1.7 million in actual losses from the scheme. Onoimoimilin’s role involved opening bank accounts in the name of “David Harrison” to launder money for co-conspirators. Law enforcement identified more than $400,000 in attempted losses in the accounts, for which Onoimoimilin received 10 to 15% of the funds. Onoimoimilin opened the accounts in 2015, according to prosecutors. The indictment offers few details on the romance and business email […]

The post Houston man sentenced to 7 years for attempted $2 million romance scam appeared first on CyberScoop.

Continue reading Houston man sentenced to 7 years for attempted $2 million romance scam

How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Posted on by

The Russian ransomware gang REvil is loud, ambitious and particularly nasty. Even by hackers’ standards. Before claiming responsibility for a breach at the software company Kaseya, which has resulted in breaches at perhaps thousands of other businesses and newfound attention from the White House, the group accounted for less than 10% of known ransomware victims, according to the threat intelligence firm Recorded Future. Now, it accounts for 42%. As U.S. national security officials and much of the cybersecurity community race to mitigate the fallout from the Kaseya incident, the incident serves as yet another reminder of how groups of scammers are making millions of dollars after years of honing their tradecraft. A “conservative estimate” by IBM placed REvil’s 2020 profits at $123 million, first among ransomware gangs, while multiple firms said the gang’s malware was the most common digital extortion tool. That was before the REvil group also struck the […]

The post How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS appeared first on CyberScoop.

Continue reading How REvil evolved into a ransomware collective capable of extorting Kaseya, JBS

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

Posted on by

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […]

The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop.

Continue reading Malware spammers aim to leverage Kaseya ransomware drama in email campaign