The Week in Breach News: 04/07/21 – 04/13/21

Massive LinkedIn breach impacts millions, ransomware shuts down colleges again, and new tips for controlling supply chain risk.
The post The Week in Breach News: 04/07/21 – 04/13/21 appeared first on Security Boulevard.
Continue reading The Week in Breach News: 04/07/21 – 04/13/21

The Week in Breach News: 03/24/21 – 03/30/21

Big trouble for Hobby Lobby, Aussie Channel 9 gets knocked off the air by hackers and lessons learned from the FBI IC3 Report.
The post The Week in Breach News: 03/24/21 – 03/30/21 appeared first on Security Boulevard.
Continue reading The Week in Breach News: 03/24/21 – 03/30/21

Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain

Healthcare cyberattacks are expanding, putting any company with even a tangential healthcare relationship at risk. Here’s what to do.
The post Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain appeared first on Security Boulevard.
Continue reading Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain

Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain

Healthcare cyberattacks are expanding, putting any company with even a tangential healthcare relationship at risk. Here’s what to do.
The post Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain appeared first on Security Boulevard.
Continue reading Healthcare Cyberattacks Disrupt COVID-19 Vaccine Supply Chain

Biden’s DHS pick was a ‘quick study’ of cybersecurity issues as the department’s deputy

Alejandro Mayorkas, President-elect Joe Biden’s choice to run the Department of Homeland Security, gained an appreciation for how cyberthreats factor into national security challenges when he was deputy of the department from 2013 to 2016, former U.S. officials who know Mayorkas told CyberScoop. As DHS’s No. 2, the Cuban-American lawyer took a close interest in the department’s work on cyberthreat-sharing with the private sector, and was involved in negotiations with China over a 2015 agreement forbidding intellectual property theft. Mayorkas also witnessed the U.S. response to major state-sponsored hacking operations, from China’s alleged breach of the Office of Personnel Management to Russia’s probing of election infrastructure in 2016. Mayorkas is now poised to be a central figure in how the incoming Biden administration responds to such threats. “He clearly understood [cybersecurity] issues and why they were important and was a good advocate for DHS’s part in that,” said Christopher Painter, […]

The post Biden’s DHS pick was a ‘quick study’ of cybersecurity issues as the department’s deputy appeared first on CyberScoop.

Continue reading Biden’s DHS pick was a ‘quick study’ of cybersecurity issues as the department’s deputy

How the Pentagon is trolling Russian, Chinese hackers with cartoons

There’s little that Russian hackers hate more than being seen as soft. So when U.S. military hackers saw a way to publicly portray them as bumbling and unthreatening in recent weeks, they seized the moment. It all began when Cyber Command, the U.S. Department of Defense’s offensive cyber arm, started working with a graphics company to illustrate foreign government hackers. The military realized it could punch up the reports it releases on foreign hacking operations by adding illustrations, and try to embarrass or infuriate the foreign hacking shops along the way, one U.S. official told CyberScoop. In one case, when Cyber Command started making plans to expose some state-sponsored espionage operations tied to Russia’s Federal Security Service (FSB), the country’s KGB successor, they turned to the graphics company to develop images that would goad the Russians, the official said. “Russia hates to be seen as cuddly or cozy so we want to tick them off,” said the official, who was not authorized […]

The post How the Pentagon is trolling Russian, Chinese hackers with cartoons appeared first on CyberScoop.

Continue reading How the Pentagon is trolling Russian, Chinese hackers with cartoons

Global cyber community can do more to stop state-sponsored malware, EFF researcher says

When it comes to defending against foreign cyber powers, many U.S. national security experts tend to hype up countries with powerful hacking capabilities, such as China, Iran, Russia, and North Korea. Regarding state-sponsored malware campaigns, though, the security community needs to dig deeper, says Cooper Quintin, a security researcher and programmer at the Electronic Frontier Foundation. “We’ve found lots of countries now are starting to get hacking programs. It’s a lot of countries you wouldn’t expect,” Quintin said Friday during CyberTalks, a virtual event produced by Scoop News Group. “We’ve seen state-sponsored malware coming out of Kazakhstan, Lebanon, Morocco, Ethiopia, and all sorts of countries that haven’t previously been well known for their hacking capabilities.” The countries themselves haven’t necessarily developed hacking capabilities, though they appear to be outsourcing cyber-operations to third parties, or shopping around for commercial hacking tools in an effort to mask government involvement, according to Quintin. The government of Kazakhstan, for […]

The post Global cyber community can do more to stop state-sponsored malware, EFF researcher says appeared first on CyberScoop.

Continue reading Global cyber community can do more to stop state-sponsored malware, EFF researcher says

Chinese cyber power is neck-and-neck with U.S., Harvard research finds

As conventional wisdom goes, experts tend to rank the U.S ahead of China, U.K., Iran, North Korea, Russia, in terms of how strong it is when it comes to cyberspace. But a new study from Harvard University’s Belfer Center shows that China has closed the gap on the U.S. in three key categories: surveillance, cyber defense, and its efforts to build up its commercial cyber sector. “A lot of people, Americans in particular, will think that the U.S., the U.K., France, Israel are more advanced than China when it comes to cyber power,” Eric Rosenbach, the Co-Director of Harvard’s Belfer Center, told CyberScoop. “Our study shows it’s just not the case and that China is very sophisticated and almost at a peer level with the U.S.” Overall, China’s cyber power is only second to the U.S., according to the research, which was shared exclusively with CyberScoop. But the study also found […]

The post Chinese cyber power is neck-and-neck with U.S., Harvard research finds appeared first on CyberScoop.

Continue reading Chinese cyber power is neck-and-neck with U.S., Harvard research finds

Hackers are still running coronavirus-related campaigns, CrowdStrike warns

Although many municipalities around the world have begun to ease up on stay-at-home orders, hackers are still running spearphishing and disinformation campaigns taking advantage of the pandemic. Adam Meyers, CrowdStrike’s Vice President of Intelligence, says nation-state and criminal spearphishing campaigns that leverage COVID-19 themed lures are still on the rise. “We’ve been seeing an increase of … behavior of social engineering where they’re impersonating things like the WHO, CDC, HHS, hospitals, healthcare [entities], and even insurance companies to entice people to click links or to click on on phishing [and] open files,” Meyers said Wednesday while speaking at the virtual CrowdStrike’s Fal.Con for Public Sector Conference, produced by FedScoop and CyberScoop. “This is an increasing problem and it demonstrates that the threat actors have found an unprecedented level of awareness around COVID-19…and they’re taking advantage of that and they’re capitalizing on it.” Hackers working for China, Russia, Iran, North Korea, Pakistan, […]

The post Hackers are still running coronavirus-related campaigns, CrowdStrike warns appeared first on CyberScoop.

Continue reading Hackers are still running coronavirus-related campaigns, CrowdStrike warns

Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spearphishing email campaigns, Google’s Threat Analysis Group said Wednesday. The hack-for-hire campaign, which has targeted healthcare companies, consulting firms, and financial services entities primarily in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike WHO websites. From there, victims are urged to sign up for healthcare alerts related to the coronavirus pandemic, according to Google. When signing up, however, users are prompted to reveal their Google account credentials or other personal information such as their cell phone numbers. It’s just the latest example of criminals and nation-state actors seizing upon the uncertainty during the COVID-19 pandemic to send spam emails purporting to have information from health authorities about the coronavirus, but are actually seeking to steal credentials or are laced with malware. Other spearphishing email campaigns have imitated the U.S. Centers […]

The post Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes appeared first on CyberScoop.

Continue reading Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes