Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

The chief executive of SolarWinds on Monday said his company is still seeking a fuller understanding of the scope of the hack on its Orion software — and laying the groundwork for what SolarWinds, as well as the federal government, should be doing next. “What we are… still learning is the breadth and depth of the sophistication of the attackers, number one,” Sudhakar Ramakrishna said at a Center for Strategic and International Studies online event where he noted that the company’s investigation into what happened is ongoing. “Number two is the patience with which they carried out these attacks, and obviously the persistence,” he said, citing as an example that the hackers appeared to use earlier versions of Orion code as a test bed for their eventual attack. Ramakrishna took over as CEO weeks after news about the hack of SolarWinds’ updates to its Orion software had become public. The […]

The post SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings appeared first on CyberScoop.

Continue reading SolarWinds CEO talks hack, remaining questions before Capitol Hill hearings

SolarWinds Hack and the Case of DNS Security

It’s not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it’s the reason I didn’t have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after malicious code was inserted into a software patch that was downloaded by the companies and agencies. The installation of the patch executed malicious code, called SUNBURST, which created an entry point for other malicious codes (TEARDROP/RAINDROP). These additional codes were used to allow attackers to move laterally within the network and exfiltrate sensitive customer information to a public command and control server. Continue reading SolarWinds Hack and the Case of DNS Security

SolarWinds Hack and the Case of DNS Security

It’s not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it’s the reason I didn’t have a smoother transition back into work-life following a long vacation. As I un… Continue reading SolarWinds Hack and the Case of DNS Security

‘Cyberpunk 2077’ game studio says hackers exposed data

Video game company CD Projekt says a cyberattack exposed some of its data, and the intruders left a ransom note claiming they accessed the source code for “Cyberpunk 2077” and other games. The Poland-based studio said in a tweet Tuesday that “an unidentified actor gained unauthorized access to our internal network” and “collected certain data belonging to CD PROJEKT capital group.” The attackers encrypted some devices, but backups remained intact, CD Projekt said. The alleged ransom note — published in CD Projekt’s tweet about the incident — indirectly refers to recent troubles for the company, which was criticized for the bug-filled rollout of the much-ballyhooed “Cyberpunk 2077” in December. Sony removed it from its PlayStation Store about a week after the release. Some investors sued the company over the rollout. “Your public image will go down the shitter even more,” if the attackers’ demands aren’t met, the note says. It […]

The post ‘Cyberpunk 2077’ game studio says hackers exposed data appeared first on CyberScoop.

Continue reading ‘Cyberpunk 2077’ game studio says hackers exposed data

Health insurer Excellus penalized $5.1M by HHS for data breach

The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015. The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR). The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020. The OCR said the breached data included names, addresses, dates of birth, email addresses, Social Security numbers, bank account information, health plan claims and clinical treatment information. “The hackers installed malware […]

The post Health insurer Excellus penalized $5.1M by HHS for data breach appeared first on CyberScoop.

Continue reading Health insurer Excellus penalized $5.1M by HHS for data breach

T-Mobile: Breach exposed call information for some customers

T-Mobile says that it “recently identified and quickly shut down” a data breach that included call-related information about some accounts. The wireless telecommunication firm said in a notice mailed to some customers in late December that the incident “may have included phone number, number of lines subscribed to on your account and, in some cases, call-related information collected as part of the normal operation of your wireless service.” It’s the fourth data breach that the company has acknowledged within the last three years. T-Mobile, which completed a merger with Sprint in April 2020, also disclosed incidents that occurred in March 2020, November 2019 and August 2018. The company called the intrusion “malicious, unauthorized access,” but did not release details about the suspected intruders or their methods. Personally identifiable information was not affected in this latest breach, T-Mobile said. “The data accessed did not include names on the account, physical or […]

The post T-Mobile: Breach exposed call information for some customers appeared first on CyberScoop.

Continue reading T-Mobile: Breach exposed call information for some customers

UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

It’s been almost a year since an international sting took down WeLeakInfo, a site that marketed stolen personal data, but its alleged customers are still drawing the attention of law enforcement. The U.K.’s National Crime Agency says that 21 people have been arrested across the country recently for using data purchased on WeLeakInfo for criminal activity, including hacking and fraud. “Of those 21 arrested — all men aged between 18-38 — nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both,” the agency said in a Dec. 25 release. The operation began Nov. 16 and will continue into next year, the agency said. Some WeLeakInfo users are being threatened with legal action rather than arrested outright. “A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially […]

The post UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data appeared first on CyberScoop.

Continue reading UK arrests suspects tied to WeLeakInfo, a site shuttered for selling breached personal data

Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology. The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards. The attorneys general held that Sabre responded poorly to the incident, particularly in notifying people that their information might be compromised. “Sabre first failed its customers with a susceptible security system, then failed them when it came to provide proper notifications,” said New York Attorney General Letitia James. “Today’s agreement not only imposes a hefty fine on Sabre but will ensure that the company has the appropriate security and incident response plan in place so that its failure does not take place again.” In announcing the breach […]

The post Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data appeared first on CyberScoop.

Continue reading Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

FireEye’s Mandia on SolarWinds hack: ‘This was a sniper round’

The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special operations. And it was going to take special operations to detect this breach.” Mandia estimated that about “only about 50 companies or organizations” were the true targets of the operation, which is suspected to be the work of the Russian intelligence agency known as the SVR. Texas-based SolarWinds reportedly has about 300,000 customers overall in government and industry, and the malware in the spy campaign was pushed out to about 18,000 of those, including U.S. government agencies and major corporations. In the CBS […]

The post FireEye’s Mandia on SolarWinds hack: ‘This was a sniper round’ appeared first on CyberScoop.

Continue reading FireEye’s Mandia on SolarWinds hack: ‘This was a sniper round’