Making Sense of the Security Sensor Landscape
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors. Continue reading Making Sense of the Security Sensor Landscape
Collaborate Disseminate
Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors. Continue reading Making Sense of the Security Sensor Landscape
The security sector is ever frothy and acquisitive. Just last week Palo Alto Networks grabbed Expanse for $800 million. Today it was FireEye’s turn snagging Respond Software, a company that helps customers investigate and understand security incidents, while reducing the need for highly trained and scarce security analysts. The deal has closed, according to the […] Continue reading FireEye acquires Respond Software for $186M, announces $400M investment
An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday. The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm. “UNC1878 is one of most brazen, heartless and disruptive threat actors I’ve observed over my career,” Carmakal said. The group’s activity “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” he said. The company did not detail any specific attacks, or the timing of the activity it says it observed. The announcement coincides with multiple reported ransomware incidents, including an attack earlier this week on Oregon-based Sky Lakes Medical Center. The medical center carried on with emergency and urgent […]
The post European ransomware group strikes US hospital networks, analysts warn appeared first on CyberScoop.
Continue reading European ransomware group strikes US hospital networks, analysts warn
Scenes like what happened to Florida’s voter registration site on Oct. 6 has played out over and over again: A system goes down, and questions fly. Was there a cyberattack, specifically a distributed denial-of-service (DDoS) attack meant to overwhelm a website site with traffic, knocking it offline? Could there have been too many legitimate visitors rushing to the site to beat the voter registration deadline — that surged past what the system could handle? Or, was it something weirder, as in this case, like pop singer Ariana Grande urging fans on Twitter to register to vote? Florida’s chief information officer eventually blamed misconfigured computer servers. The incident, though, was one of several over the course of the past month that exposed ongoing anxieties about how cyberattacks, accidental outages and other technical failures could upend a polling place, or even an election. Few, if any, election security experts would rank the […]
The post The lowly DDoS attack is still a viable threat for undermining elections appeared first on CyberScoop.
Continue reading The lowly DDoS attack is still a viable threat for undermining elections
The U.S. Treasury Department sanctioned a Russian government research institute on Friday that it said was connected to the strain of destructive malware frequently labeled the most dangerous in the world. Known as Trisis or Triton, the malicious software is designed to target systems used to safely control emergency shutdowns of industrial plants. Last year, security researchers at Dragos determined that the hackers behind the tool had scanned the networks of U.S. electrical utilities, after the malware initially surfaced in 2017 at a Saudi petrochemical plant. The sanctions mark the first time any government has publicly connected Trisis to Russia. “In recent years, the Triton malware has been deployed against U.S. partners in the Middle East, and the hackers behind the malware have been reportedly scanning and probing U.S. facilities,” Treasury said it its sanctions announcement. “The development and deployment of the Triton malware against our partners is particularly troubling given the Russian government’s involvement in malicious […]
The post US sanctions Russian government institution in connection with Trisis malware appeared first on CyberScoop.
Continue reading US sanctions Russian government institution in connection with Trisis malware
Suspected Russian hackers were behind multiple recent intrusions of U.S. state and local computer networks, according to an industry analysis obtained by CyberScoop. The group responsible is known as TEMP.Isotope, according to a private advisory distributed by Mandiant, the incident response arm of security company FireEye. The alert notes that the same group has also been described as Energetic Bear, which multiple security firms have linked to Russia. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Oct. 9 publicized a hacking campaign in which attackers breached some “elections support systems,” or IT infrastructure that state and local officials use for a range of functions. Those systems are not involved in tallying votes, and the advisory from U.S. officials noted that there was no evidence that the “integrity of elections data has been compromised.” The federal advisory did not blame a particular hacking group for the activity, saying only that the campaign was the work of “advanced persistent […]
The post Industry alert pins state, local government hacking on suspected Russian group appeared first on CyberScoop.
Continue reading Industry alert pins state, local government hacking on suspected Russian group
If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory — like cybersecurity incident response firms and insurance providers — reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences. The worst case scenarios involve ransomware victims in the health sector having to make a life-or-death decision on whether to pay to unlock their systems while at risk of incurring Treasury’s wrath, or situations where victims try even harder to keep attacks quiet to avoid OFAC fines, which sometimes total millions […]
The post US advisory meant to clarify ransomware payments only spotlights widespread uncertainty appeared first on CyberScoop.
Chinese government-linked hackers are suspected to be behind an ongoing global cyber-espionage campaign that U.S. officials are actively tracking, CyberScoop has learned. Malicious software used in the campaign, which the departments of Defense and Homeland Security have dubbed “SlothfulMedia,” is linked with “high confidence” to the Chinese government, according to one U.S. government official. Another U.S. government source said the hackers are suspected of having ties to Beijing, while a third government official described the group as operating a concerted hacking campaign based in China. Each person spoke with CyberScoop on the condition of anonymity because they were not authorized to speak to the media. The advisory is part of a broader effort to expose foreign hacking, including from China, to help protect American companies, two of the U.S. officials said. “This was a high-value disclosure because it demonstrates China’s targeting of Russian targets,” said one U.S. government source. The revelation comes after U.S. Cyber Command, the Pentagon’s […]
The post Chinese hackers suspected in cyber-espionage operation against Russia, India appeared first on CyberScoop.
Continue reading Chinese hackers suspected in cyber-espionage operation against Russia, India
Professional hackers who already try to hide their activity through an array of technical means now seem to be trying on more corporate disguises, by creating front companies or working as government contractors to boost their legitimacy. U.S. law enforcement in September accused hackers based in Iran and China of conducting global espionage operations while appearing to exist as otherwise innocuous technology firms. While the public nature of the charges are proof the efforts weren’t entirely successful, the tactic marks an evolution of the use of dummy corporations since a group of financial scammers stole a reported $1 billion by posing as a cybersecurity testing firm. “It just makes it harder to figure out who’s doing what, and what are their motivations,” John Demers, the U.S. assistant attorney general for national security, said of the apparent motivation in a recent interview. “For a company that’s suffered a breach, it may […]
The post Foreign spies use front companies to disguise their hacking, borrowing an old camouflage tactic appeared first on CyberScoop.
FireEye announced the formation of Mandiant Solutions. “Over the past 15 years, the crown jewels of Mandiant have historically been our incident response expertise, and the intelligence that comes from it,” said Kevin Mandia, Chief Executive Officer at… Continue reading FireEye forms Mandiant Solutions to bring new, controls-agnostic offerings to market