‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says

The National Security Agency’s new Cybersecurity Directorate, charged with helping protect the defense industrial base and sensitive government computers by providing insights on foreign hackers, is now at initial operating capability, senior NSA officials informed reporters at a rare briefing Thursday at Fort Meade. Just this week the fledgling directorate took one of its first public actions, issuing an unclassified alert about nation-state hacking groups actively exploiting vulnerabilities on virtual private networks. Beyond the usual job of such alerts — identifying the bugs and recommending mitigations — the directorate made a point to provide ways for organizations to check whether they have been victimized, something the directorate intends to continue in unclassified ways moving forward. “We need to be sure that people who own networks that are vital to the national security systems and defense systems of this nation can figure out if adversaries have gained access into their networks,” NSA spokesperson Natalie Pittore said. “It’s about […]

The post ‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says appeared first on CyberScoop.

Continue reading ‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says

Email scammers stole more than $150K from defense contractors and a university, FBI says

Cybercriminals defrauded two defense contractors and a university out of more than $150,000 through email scams last year, the FBI has warned companies. Scammers obtained fraudulent lines of credit to buy expensive technical equipment in the organizations’ names, the FBI said last week in an industry advisory obtained by CyberScoop. The suspects spoofed email addresses of the target organizations, convincing suppliers to process payments with fake purchase orders and credit documents. The bureau did not name any organization victimized in the scams, which took place in the first half of 2018. In one case, someone impersonating an employee of a large university placed two orders for 150 digital multimeters, which are devices that measure electric current, from a U.S. Department of Defense supplier, leading to roughly $80,000 in losses, according to the FBI. Two other cases involved defense contractors getting swindled for a total of $90,000. The affected contractors were cleared to handle classified DOD information, but it was the companies’ […]

The post Email scammers stole more than $150K from defense contractors and a university, FBI says appeared first on CyberScoop.

Continue reading Email scammers stole more than $150K from defense contractors and a university, FBI says

Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]

The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.

Continue reading Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

As Trump promises ‘fire and fury,’ North Korean hackers target U.S. defense contractors

Hackers linked to a North Korean cyber espionage group — best known for a global ransomware attack dubbed “WannaCry” — are now actively targeting U.S. defense contractors as part of an apparent, ongoing intelligence gathering operation, according to new research published by U.S. cybersecurity firm Palo Alto Networks. The findings come at time of heightened tension between the U.S. and North Korea while the leaders of each nation have exchanged threats of nuclear warfare. North Korea is a known and well-established adversary of the U.S. in cyberspace. The group responsible for both WannaCry and this newly uncovered intelligence operation is codenamed Lazarus Group by the security research community. Analysts with Palo Alto Network’s Unit 42 found that Lazarus Group recently sent a barrage of spear phishing emails with booby-trapped Microsoft Word attachments to several individuals involved with different U.S. defense contractors. The hackers did very little to obfuscate their identity; they relied on tools, […]

The post As Trump promises ‘fire and fury,’ North Korean hackers target U.S. defense contractors appeared first on Cyberscoop.

Continue reading As Trump promises ‘fire and fury,’ North Korean hackers target U.S. defense contractors

Iranian hackers heisted U.S. defense software for clients blocked by sanctions, indictment says

A group of Iranian hackers broke into multiple U.S. defense contractors between 2007 and 2013 in order to steal intellectual property, software and other proprietary information that they then sold to foreign enterprises and governments, including the Iranian government, according to a newly unsealed indictment by the Department of Justice. The indictment, published Monday, effectively shows how the Iranian government may have been able to circumvent previous export sanctions tied to the sale and purchase of U.S. defense technology by employing a group of contracted freelance hackers who would steal software products through a network of compromised computers based in the United States. The hackers allegedly stole software from Vermont-based engineering consulting and software design company Arrow Tech Associates and sold it to Iranian clients. The product, PRODAS, is a software platform designed for aerodynamics analysis and design for projectiles. It sells for $40,000 to $800,000, and customers receive a dongle to download a software license from […]

The post Iranian hackers heisted U.S. defense software for clients blocked by sanctions, indictment says appeared first on Cyberscoop.

Continue reading Iranian hackers heisted U.S. defense software for clients blocked by sanctions, indictment says

WikiLeaks releases supposed CIA documents detailing U.S. hacking operations

WikiLeaks has published a cache of 8,761 files it claims provide insight into the CIA’s extensive computer hacking operations, including a description of tools and targeted technologies. In what is apparently the first in series of upcoming releases dubbed “Vault 7,” the controversial transparency organization claims that this will be the most comprehensive publication of confidential documents in CIA history. The series’ first installment is named “Year Zero.” It contains information related to dozens of supposed zero-day exploits developed for use against software and hardware created by prominent American technology firms like Apple, Google and Microsoft, among others. In theory, such capabilities would allow spies to compromise older operating systems found on iPhones and Android smartphones. WikiLeaks has yet to release any of the code behind these exploits, claiming that it will not do so “until a consensus emerges on the technical and political nature of the CIA’s program and […]

The post WikiLeaks releases supposed CIA documents detailing U.S. hacking operations appeared first on Cyberscoop.

Continue reading WikiLeaks releases supposed CIA documents detailing U.S. hacking operations