NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

Cautioning that foreign government-backed hackers are actively exploiting vulnerabilities in virtual private network devices, the National Security Agency and the Department of Homeland Security’s cyber wing on Tuesday published guidelines for securing VPNs. While the advice is broad, the NSA and DHS’ Cybersecurity and Infrastructure Security Agency specifically said it would help protect the Defense Department, national security systems and defense contractors against such advanced persistent threat groups, a term that typically refers to state-sponsored hacking groups. The NSA has specifically warned in the past about Chinese hackers exploiting VPN vulnerabilities, as has CISA, but the history of advanced groups seizing on VPN vulnerabilities is far broader and lengthier. “VPN servers are entry points into protected networks, making them attractive targets,” Rob Joyce, director of cybersecurity at the NSA, said on Twitter. “APT actors have and will exploit VPNs.” In one case, the FBI warned in May about hackers leveraging […]

The post NSA, CISA share guidelines for securing VPNs as hacking groups keep busy appeared first on CyberScoop.

Continue reading NSA, CISA share guidelines for securing VPNs as hacking groups keep busy

US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets

Chinese government-backed hackers’ rampant appetite for intellectual property represents a “major threat to U.S. and allied cyberspace assets,” according to a U.S. government assessment obtained by CyberScoop. The analysis from the National Security Agency, FBI and Department of Homeland Security’s cyber agency warns that Beijing-linked hackers are still “aggressively” targeting U.S. and allied defense and semiconductor firms, medical institutions and universities to steal sensitive corporate data and personally identifiable information. The advisory is a reminder that, despite the Biden administration’s heightened attention on ransomware gangs based in Russia, Chinese state-backed hacking remains a formidable threat to U.S. interests. The document is scheduled to be released publicly in the coming weeks, perhaps as soon as Monday. “NSA, [the Cybersecurity and Infrastructure Security Agency], and FBI have observed increasingly sophisticated Chinese state-sponsored cyber activity targeting U.S. political, economic, military, educational, and [critical infrastructure] personnel and organizations,” says the advisory. “These cyber operations […]

The post US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets appeared first on CyberScoop.

Continue reading US agencies circulate warning about ‘aggressive’ Chinese hacking effort to steal secrets from a range of targets

International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

A security tool that hackers used to disguise their ransomware attacks, email scams and other nefarious activity is offline following a global law enforcement action. Servers and web domains belonging to DoubleVPN, a virtual private network (VPN), were seized during an investigation by the Dutch National Police, the FBI, the U.K.’s National Crime Agency and Europol, authorities said Wednesday. Accused cybercriminals advertised DoubleVPN throughout Russian and English-speaking hacker markets as a means of helping customers hide their location and internet traffic from police for prices as low as $25. “Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” a seizure notice on the site advised. “DoubleVPN’s owners failed to provide the services they promised.” The police announcement did not identify the specific ransomware gangs that allegedly used DoubleVPN. Internet users throughout the world rely on […]

The post International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators appeared first on CyberScoop.

Continue reading International cops seize DoubleVPN, a service allegedly meant to shield ransomware attacks from investigators

Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

For the last six years, hackers have stalked Iranian dissidents with spying tools that mimic the software those dissidents use to protect their communications, security firm Kaspersky said Wednesday. Researchers from Kaspersky and other firms only recently pieced together the activity, showing the limits of the cyber industry’s knowledge of Tehran-linked hacking against those who often bear the brunt of it: Iranian citizens. While Kaspersky researchers did not attribute the hacking to the Iranian government, FireEye, another security firm, said it suspected the hackers were affiliated with Tehran. The findings are consistent with a surveillance dragnet that Iranian authorities have used to jail and beat protesters who challenge the regime. Iranian security services killed 304 people in a 2019 crackdown, according to Amnesty International. The hackers, Kaspersky said, have sent their targets malware-laced images and videos claiming to be from prisoners in Iran. When opened, the malicious documents hijack users’ […]

The post Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents appeared first on CyberScoop.

Continue reading Suspected Iranian hackers exploit VPN, Telegram to monitor dissidents

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

A sprawling Chinese espionage operation against U.S. and European government organizations extends to additional commercial sectors than previously known and involves four new hacking tools, security firm FireEye said Thursday. All told, two China-linked groups — and other hackers that investigators did not name — are exploiting virtual private network software in breaches that have touched the transportation and telecommunication sectors, according to FireEye. The firm had previously only named the defense, financial  and government sectors as affected by the breaches. The attackers are exploiting popular VPN software known as Pulse Connect Secure to burrow into networks and steal sensitive data. Many of the breached organizations “operate in verticals and industries aligned with Beijing’s strategic objectives” that are outlined in the Chinese government’s latest “Five Year Plan” for economic growth, according to Mandiant, FireEye’s incident response arm. The majority of the intrusions have been carried out by a group called […]

The post Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says appeared first on CyberScoop.

Continue reading Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says

Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

A hacking group exploited a SonicWall zero-day software flaw before a fix was available in order to deploy a previously unreported ransomware strain, FireEye researchers said Thursday. The disclosure of the ransomware comes one week after FireEye revealed three previously unknown vulnerabilities in SonicWall’s email security software. But the latest hacking tool emerges from an earlier zero-day  found in SonicWall’s mobile networking gear. Mandiant, FireEye’s incident response unit, dubbed the malware FiveHands, which bears similarities to another hacking tool, dubbed HelloKitty, that attackers deployed against a video game company. The security firm linked it to a group they call UNC2447. “UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums,” reads a blog post from the company. “UNC2447 has been observed targeting organizations in Europe and North America and has […]

The post Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says appeared first on CyberScoop.

Continue reading Hacking group exploited SonicWall zero-day for ransomware attacks, FireEye says

Is VPN or Zero Trust Best for Remote Working Security?

For the past few decades, a corporate virtual private network (VPN) was the go-to answer for connecting to work when away from the office. It was simple, affordable and relatively secure. But debate has been brewing for several years regarding whether or not the corporate VPN security is dead — or at least not the […]

The post Is VPN or Zero Trust Best for Remote Working Security? appeared first on Security Intelligence.

Continue reading Is VPN or Zero Trust Best for Remote Working Security?

At least 24 agencies run Pulse Secure software. How many were hacked is an open question.

At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. CyberScoop’s review of agency records found that multiple U.S. government-funded labs conducting national security-related research appear to run Pulse Connect Secure virtual private network software, which allows employees to log […]

The post At least 24 agencies run Pulse Secure software. How many were hacked is an open question. appeared first on CyberScoop.

Continue reading At least 24 agencies run Pulse Secure software. How many were hacked is an open question.

State-linked hackers hit American, European organizations with Pulse Secure exploits

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday.   Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and  governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits

How VPNs Are Changing to Manage Zero Trust Network Access

What do a growing number of cyberattacks, emerging tech, such as artificial intelligence, and cloud adoption have in common? They’re all helping fuel the rise of zero trust. Zero trust network access is, in turn, changing the way we access the internet for work. Let’s take a look at how another common tool today — the […]

The post How VPNs Are Changing to Manage Zero Trust Network Access appeared first on Security Intelligence.

Continue reading How VPNs Are Changing to Manage Zero Trust Network Access