Collaborate Disseminate
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive a… Continue reading Cell Networks Hacked by (Probable) Nation-State Attackers
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals…. Continue reading Cell Networks Hacked by (Probable) Nation-State Attackers
An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop. During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo. It is unclear what the goal of the targeting is, or who the victims are, enSilo researchers said. “Both the loader variants and their various payloads that we analyzed share similar tactics, techniques, and procedures, and code associated with APT10,” the firm wrote in research published Friday. The burst of activity could be a short-lived attack or a test run for a future campaign. But the researchers are trying to warn potential victims about changes in the […]
The post Chinese-linked APT10 has been active in the Philippines, researchers say appeared first on CyberScoop.
Continue reading Chinese-linked APT10 has been active in the Philippines, researchers say
WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your app immediately…. Continue reading WhatsApp Vulnerability Fixed
Cybercriminals are catching up to nation-states’ hacking capabilities, and it’s making attribution more difficult, the National Security Council’s senior director for cybersecurity policy said Thursday. “They’re not five years behind nation-states anymore, because the tools have become more ubiquitous,” said Grant Schneider, who also holds the title of federal CISO, at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. Schneider told CyberScoop that he thinks the implants cybercriminals are using in their cyberattacks have been improving. “The actual sophistication of the tool … is better with criminals than we saw in the past.” Steve Grobman, the chief technology officer for McAfee, told CyberScoop that advanced crooks are behaving more corporately, which means they are able to proliferate higher-quality hacking tools. “One of the things we’re seeing on the business-model side is cybercriminals are starting to use innovative processes like franchises — affiliate groups where a cybercriminal will develop technology [and] make it […]
The post National Security Council cyber chief: Criminals are closing the gap with nation-state hackers appeared first on CyberScoop.
FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good — but older — article on Triton. We don’t know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing post…. Continue reading More on the Triton Malware
In only the second known attack of the Russia-linked malware, which shut down an oil refinery in 2017, another Mideast target has been hit. Continue reading SAS 2019: Triton ICS Malware Hits A Second Victim
The notorious SamSam ransomware — which extracted $6 million in payments from more than 200 victim organizations — forced the FBI to adjust its model for handling cyberattack investigations, a senior bureau official said Thursday. Nearly all 56 of the FBI’s field offices responded to SamSam incidents — an inefficient way of keeping up with the malware, said Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division. And so, in an example of how the FBI is trying to adapt to an era of unceasing cyberthreats to U.S. businesses, the bureau changed its investigative structure. “We developed a model whereby when there is a certain type of malicious strain or certain type of threat actor, we have one office that’s in charge, we have other offices running supporting investigations that are feeding up into that,” Ugoretz said at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and […]
The post SamSam outbreak led to FBI restructuring, top official says appeared first on CyberScoop.
Continue reading SamSam outbreak led to FBI restructuring, top official says
A good chunk of the cybersecurity industry is “smoke and mirrors,” with companies hawking shiny products that aren’t needed to block most hacks, Tenable CEO Amit Yoran said in an interview with CyberScoop earlier this month “It’s an industry that has fed and continues to feed, to a large extent, off of fearmongering,” Yoran said on the sidelines of the vendor-happy RSA Conference in San Francisco. The RSA Conference is a feeding frenzy for companies pushing products on the trade-show floor. Vendors spend big on things like booths, parties, and hotel suites to woo potential clients. (Tenable had a booth demonstrating some of its technology.) In a blunt interview, Yoran reflected on where the “hype-driven” side of the business, as he called it, had gotten the cybersecurity industry. “The millions of dollars that people are spending, all the hype and the sexy marketing and the AI and the anomaly-behavioral…whatever buzzword […]
The post Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry appeared first on CyberScoop.
Continue reading Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry
Analysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times that of other types of ransomware. Some victims of Ryuk “either lost their data or took on staggering financial risk to pay the ransom,” the researchers wrote. In some cases, Ryuk’s purveyors took big payouts of over 100 bitcoin (nearly $400,000 at current rates), in others they were satisfied with squeezing smaller sums from the victims, the McAfee-Coveware report said. The research follows a January report from another company, CrowdStrike, saying that hackers had earned $3.7 million from Ryuk since the ransomware emerged in August. Victims have reportedly included a North Carolina water utility and multiple […]
The post Researchers paint different portraits of hackers behind Ryuk ransomware appeared first on CyberScoop.
Continue reading Researchers paint different portraits of hackers behind Ryuk ransomware