password spraying – WindowsTechs.com

US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets

Posted on July 1, 2021 by Tim Starks

For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks that guess commonly-used passwords to get into target networks, according to the advisory from the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the U.K.’s National Cyber Security Centre. It’s the alleged handiwork of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165. The hackers, often described as Fancy Bear or APT28, have beeen blamed for a number of high profile intrustions, most prominently for interference in the 2016 U.S. presidential election. The […]

The post US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets appeared first on CyberScoop.

Continue reading US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets→

3 Keys to Defending Active Directory

Posted on April 21, 2021 by Carolyn Crandall

While perimeter defenses like firewalls and antivirus software remain essential elements of comprehensive network defense, stopping 100% of attacks at the perimeter is an impossibility with today’s ever-evolving attack surface. Eventually, an attacker… Continue reading 3 Keys to Defending Active Directory→

Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram

Posted on November 24, 2020 by Lindsey O'Donnell

Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram. Continue reading Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram→

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

Posted on September 11, 2020 by Tara Seals

The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations. Continue reading APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins→

State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn

Posted on May 5, 2020 by Sean Lyngaas

Hackers linked with foreign governments continue to target multiple global health care organizations and pharmaceutical companies in a possible bid to gather intelligence or steal research related to the coronavirus pandemic, American and British cybersecurity agencies said Tuesday. The U.S. Department of Homeland Security’s cybersecurity division and the U.K.’s National Cyber Security Centre (NCSC) “are currently investigating a number of incidents in which threat actors are targeting pharmaceutical companies, medical research organizations, and universities,” the agencies said in a joint advisory. They did not point the finger at particular governments. Advanced persistent threat (APT) groups, as state-linked hackers are known, have been scanning public websites of target companies looking for insecure software to exploit, said DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the NCSC. Hackers have also been using a technique called password spraying, which throws common passwords at targets until one of them works, to attack health care organizations in the U.S., […]

The post State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn appeared first on CyberScoop.

Continue reading State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn→

APT33 has shifted targeting to industrial control systems software, Microsoft says

Posted on November 22, 2019 by Sean Lyngaas

In the last two months, an aggressive hacking group linked with the Iranian government has made a troubling shift in its targeting, security researchers at Microsoft say. Instead of simply probing IT networks, the hackers have gone after a series of industrial control system (ICS) products used in the energy sector. Given that the group, known as APT33, has been linked with data-wiping hacks in the past, the new activity has analysts’ full attention. It fits a broader trend in state-linked activity in which attackers have been increasingly willing to probe industrial software to achieve their objectives. “You have an actor that has been linked to deployment of destructive payloads in the past,” said Microsoft security researcher Ned Moran, laying out his concerns. “You have an actor that’s really interested in the energy industry,” including important infrastructure such as pipelines, refineries and power plants. What APT33’s objectives are in its latest activity […]

The post APT33 has shifted targeting to industrial control systems software, Microsoft says appeared first on CyberScoop.

Continue reading APT33 has shifted targeting to industrial control systems software, Microsoft says→

Hackers used password spraying to breach Citrix, investigation confirms

Posted on July 24, 2019 by Sean Lyngaas

The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. The “password spraying” ploy allowed the hackers to steal business files from a Citrix network drive along with a drive linked with its consulting practice, Citrix President David Henshall wrote in a blog post last week. The attackers had access to the drives for a “limited number of days,” between October 2018 and March 2019, he said. Henshall did not say who carried out the hack or what their ultimate objective was. VPN providers could be an enticing target for any set of hackers looking for a foothold in a corporation’s network. “The cybercriminals also may have accessed the individual virtual drives and company email accounts of a very limited number of compromised users and launched without further exploitation […]

The post Hackers used password spraying to breach Citrix, investigation confirms appeared first on CyberScoop.

Continue reading Hackers used password spraying to breach Citrix, investigation confirms→

Citrix Confirms Password-Spraying Heist of Reams of Internal IP

Posted on July 23, 2019 by Tara Seals

Security experts say the attack stemmed from weak cybersecurity controls. Continue reading Citrix Confirms Password-Spraying Heist of Reams of Internal IP→

Can You Crack the Hack?

Posted on April 11, 2019 by Daniel Smith

Let’s play a game. Below are clues describing a specific type of cyberattack; can you guess what it is? This cyberattack is an automated bot-based attack It uses automation tools such as cURL and PhantomJS It leverages breached usernames and pas… Continue reading Can You Crack the Hack?→

Bots 101: This is Why We Can’t Have Nice Things

Posted on March 19, 2019 by Daniel Smith

In our industry, the term bot applies to software applications designed to perform an automated task at a high rate of speed. Typically, I use bots at Radware to aggregate data for intelligence feeds or to automate a repetitive task. I also spend a va… Continue reading Bots 101: This is Why We Can’t Have Nice Things→