Malware from notorious FIN7 group is being delivered by snail mail

While hackers all over the world rely on emails and text messages to breach networks, one infamous criminal group appears to be turning to the mailman to deliver their malicious code. Malware authored by FIN7, which researchers say has stolen over $1 billion in recent years, has been delivered by the U.S. Postal Service to multiple organizations in recent months, according to security company FireEye. The code comes on USB sticks that, once inserted into a computer, install a “backdoor,” called Griffon, capable of stealing sensitive information. The malicious code, which multiple security companies have attributed to FIN7, burrows into the target computer and beacons back to the group for further instructions. How many of the USB deliveries led to network breaches remains unclear. The hacking attempts raise questions about how a group thought to be based in Eastern Europe, and one that U.S. officials have hunted for years, has been […]

The post Malware from notorious FIN7 group is being delivered by snail mail appeared first on CyberScoop.

Continue reading Malware from notorious FIN7 group is being delivered by snail mail

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

Researchers say that APT41’s exploits are part of one of the broadest espionage campaigns they’ve seen from a Chinese-linked actor “in recent years.” Continue reading Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign

Earlier this year, state-backed Chinese hackers embarked on one of the most sweeping Chinese espionage campaigns FireEye has seen in years, according to new research the security firm published Wednesday. The campaign, which lasted between January 20 and March 11, targeted 75 organizations ranging in nearly every economic sector: telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation. The campaign, believed to be run by APT41, targeted nonprofit, legal, real estate, travel, education, and media organizations as well. “This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” researchers Christopher Glyer, Dan Perez, Sarah Jones, and Steve Miller said. “While APT41 has previously conducted activity with an extensive initial entry … this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41.” APT41 zeroed in on victims […]

The post Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign appeared first on CyberScoop.

Continue reading Chinese hackers hit Citrix, Cisco vulnerabilities in sweeping campaign

Widely available ICS attack tools lower the barrier for attackers

The general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology (OT) networks and industrial control systems (ICS). “As ICS are a distinct sub-domain to information… Continue reading Widely available ICS attack tools lower the barrier for attackers

How to avoid a costly enterprise ransomware infection

In most cases of human-operated ransomware attacks against enterprises, the hackers don’t trigger the malware immediately: according to FireEye researchers, in most (75%) of cases, at least three days passed between the first evidence of maliciou… Continue reading How to avoid a costly enterprise ransomware infection

State Department pledges $8 million more in cybersecurity aid to Ukraine

U.S. military assistance to Ukraine sparked an impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country continues to flow, unimpeded and under the radar. The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a a quarter of a million Ukrainians into darkness. Ever since then, Washington has tried to ramp up Ukraine’s cyberdefenses with funding and strategic advice, including through a project to help Ukraine develop a national cybersecurity strategy. Some of the new funding will be used for building out Kyiv’s legal and regulatory framework for improving cyberdefenses, the State Department said. The new money is on top of the $10 million in cybersecurity aid the U.S. previously pledged to Ukraine. MITRE Corp., a federally funded not-for-profit, has been contracted […]

The post State Department pledges $8 million more in cybersecurity aid to Ukraine appeared first on CyberScoop.

Continue reading State Department pledges $8 million more in cybersecurity aid to Ukraine

FireEye expands Helix platform capabilities and launches FireEye Messaging Security

FireEye, the intelligence-led security company, announced new cloud security innovations at RSA Conference 2020, including expanded capabilities within the FireEye Helix platform, as well as FireEye Messaging Security – a new offering that protects col… Continue reading FireEye expands Helix platform capabilities and launches FireEye Messaging Security

Increased monetization means more ransomware attacks

Organizations are detecting and containing attacks faster as the global median dwell time, defined as the duration between the start of a cyber intrusion and it being identified, was 56 days. This is 28% lower than the 78-day median observed in the pre… Continue reading Increased monetization means more ransomware attacks

Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out

The Eastern European hacking group FIN7 has stolen an estimated $1 billion in recent years by sweeping up payment card data processed by hotels and other organizations. The fortune amassed by FIN7, despite the arrest of some of its senior members, has made it one of the most potent criminal threats to organizations around the world. Changes the group has made to its hacking tools in recent months have meant more breaches, and likely more money, for FIN7. Now, a U.S. government-funded organization is trying to put a dent in FIN7 hacks by evaluating the group’s attack techniques against widely used cybersecurity software. Vendors will be assessed on their ability to block FIN7-like intrusions and, with the results made public next year, hopefully improve their products. While FIN7 is the subject of the evaluation, the attack techniques tested will “be applicable across a broad spectrum of adversaries,” said Frank Duff, […]

The post Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out appeared first on CyberScoop.

Continue reading Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out