TA505 hackers thwarted at the door of a big financial org

A failed attempt to breach a big financial institution is providing new data on a global criminal hacking group known for authoring the widely-used Locky ransomware. The group, dubbed TA505, has stalked financial organizations on multiple continents. Boston-based security company Cybereason says earlier this month it blocked a hack from the group against an unnamed financial institution. “This malware is part of a larger campaign” against organizations that was precise in its targeting, Eli Salem, a Cybereason security analyst, told CyberScoop. The fresh threat intelligence from the breach attempt includes a revamped backdoor and an example of how the hackers are signing their malicious code using a legitimate certificate – a hallmark of advanced groups looking to avoid detection. TA505 is known for writing the Windows-based Locky ransomware that emerged in February 2016. At its height, Locky was one of the most common ransomware strains, employed in mass email campaigns for […]

The post TA505 hackers thwarted at the door of a big financial org appeared first on CyberScoop.

Continue reading TA505 hackers thwarted at the door of a big financial org

Senators ask Trump administration how badly shutdown hurt federal cybersecurity

After former U.S. officials raised concerns that the longest government shutdown in history had weakened federal cybersecurity, lawmakers are asking the Trump administration how bad the damage is. “We are concerned that these circumstances have left our government and citizens vulnerable to cyberattacks,” five Democratic senators wrote in a letter Tuesday to Homeland Security Secretary Kirstjen Nielsen and Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command. The senators – Minnesota’s Amy Klobuchar, Massachusetts’ Ed Markey, New Mexico’s Tom Udall, Nevada’s Catherine Cortez Masto, and New Jersey’s Cory Booker – want to know how agencies are preparing to harden their networks for a future shutdown, citing past experience as a cautionary tale. During the 2013 government shutdown, the senators wrote, Chinese hackers compromised the Federal Election Commission’s computer network, crashing sensitive computer systems that disclose billions of dollars in spending each election cycle. “Shutdowns have severe […]

The post Senators ask Trump administration how badly shutdown hurt federal cybersecurity appeared first on CyberScoop.

Continue reading Senators ask Trump administration how badly shutdown hurt federal cybersecurity

DOD official: Automation can save Pentagon from drowning in data

The Defense Department must do more to take advantage of automation tools to avoid drowning in a sea of network data and risk missing cyber threats, according to a top department official. “Right now, we buy a system for every use case, so we’re probably generating a lot more information than we need to,” Patricia Janssen, director of cybersecurity planning and implementation in the DOD CIO’s office, said Monday at the RSA Public Sector Conference in San Francisco. “How do we bring all that data together to help us manage and identify our vulnerabilities and our weaknesses?” Janssen asked. Automation tools can help DOD cut through the “noise” of unneeded data, she said at a panel discussion of continuous monitoring for cyber threats. The department’s thousands of computer systems make automation imperative to keep those systems patched and identify insider threats, Janssen added. Training staff to carry that out manually simply […]

The post DOD official: Automation can save Pentagon from drowning in data appeared first on Cyberscoop.

Continue reading DOD official: Automation can save Pentagon from drowning in data

Cisco: Malware and encrypted traffic will challenge federal agencies

Hackers will continue to give U.S. government agencies headaches in the coming months thanks to an evolving malware market and their use of encryption to evade detection, Cisco declared in a new report. “The expanding volume of encrypted web traffic, both legitimate and malicious, creates even more challenges and confusion for the public sector as it tries to identify and monitor potential threats,” the networking giant said in a report on government cybersecurity. “The growing number and variety of malware types and families perpetuates chaos in the attack landscape by undermining government efforts to gain and hold ground on threats,” the report said. Malware is evolving to the point that ransomware campaigns can be launched automatically, without human assistance, according to Cisco. Internet of Things botnets are also on the rise and carrying out advanced distributed-denial-of-service (DDoS) attacks, researchers found. Verizon’s annual cybersecurity report also found a rise in ransomware; […]

The post Cisco: Malware and encrypted traffic will challenge federal agencies appeared first on Cyberscoop.

Continue reading Cisco: Malware and encrypted traffic will challenge federal agencies

A week in security (January 22 – January 28)

A compilation of notable security news from January 22 to January 28, featuring multiple bitcoin and ransomware scams, the rise of spyware, human trafficking as a twisted malware service, and more.
Categories:

Security world
Week in security

Ta… Continue reading A week in security (January 22 – January 28)

‘Bring your own device’ policies poison most networks, report says

The IT departments of many major enterprises have no effective control of their networks because of the proliferation of personal smartphones and other connected devices, according to a new survey. Only just under half of 800 IT security professionals surveyed said they could be certain how many connected devices their colleagues bring into work, according to […]

The post ‘Bring your own device’ policies poison most networks, report says appeared first on Cyberscoop.

Continue reading ‘Bring your own device’ policies poison most networks, report says

Network size is no predictor of cyberattack readiness, penetration tests show

There is little predictable difference between the cybersecurity of IT networks in large companies as opposed to small ones, or between those from different business sectors, according to hackers for hire who try to break in to test defenses. The penetration testers, who work for security firm Rapid7, answered a questionnaire last quarter after 128 different engagements with a wide […]

The post Network size is no predictor of cyberattack readiness, penetration tests show appeared first on Cyberscoop.

Continue reading Network size is no predictor of cyberattack readiness, penetration tests show