Tag Archives: NotPetya

Cyber experts question Biden’s tit-for-tat approach with Russia

Posted on by

President Joe Biden said this week that the U.S. government could respond to Russian cyberattacks on Ukraine “the same way, with cyber.” The answer may have been a standard U.S. government response about responding in-kind, especially in the context of a deteriorating security situation on the border between Ukraine and Russia, with Biden predicting a Russian invasion. National security experts, foreign leaders and Biden’s domestic political opponents criticized his overall remarks on the potential Western response to any Russian incursion, but the cyber-specific comments got their own round of questions from cybersecurity experts as well. To some, Biden’s words reflected dated and misguided thinking that sounds good and tough but makes no sense in the real world. “Tit-for-tat cyber has always been a fantasy for policymakers,” tweeted Jacquelyn Schneider, a Hoover Fellow at Stanford University and expert in cyber policy and national security. She pointed to the difficulty that the […]

The post Cyber experts question Biden’s tit-for-tat approach with Russia appeared first on CyberScoop.

Continue reading Cyber experts question Biden’s tit-for-tat approach with Russia

Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

Posted on by

Ransomware is fundamentally about reaping massive profits from victims — payments were on pace to cross the billion-dollar threshold in 2021, according to the U.S. government — but there are signs foreign government-connected groups are increasingly moving into a territory dominated by criminal gangs, and for an entirely different motive: namely, causing chaos. Research that Microsoft and cybersecurity company CrowdStrike recently publicized separately concluded that Iranian hackers tied to Tehran had been conducting ransomware attacks that weren’t about making money, but instead disrupting their enemies. It echoed research from last spring and summer by FlashPoint and SentinelOne, respectively. When disruptive ransomware pays off, those who have studied the phenomenon say, it can embarrass victims. It can be used to steal data and leak sensitive information the public. It can lock up systems, disabling targets. And given the prominence of ransomware, it’s another method that foreign intelligence and military agencies can use […]

The post Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem. appeared first on CyberScoop.

Continue reading Ransomware isn’t always about gangs making money. Sometimes it’s about nations manufacturing mayhem.

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Posted on by

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine. Continue reading At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Deja Vu: What Do NotPetya and SolarWinds Have in Common?

Posted on by

As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a cyber attack. Within about an hour, a Danish power supplier was also knocked offline an… Continue reading Deja Vu: What Do NotPetya and SolarWinds Have in Common?

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Posted on by

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]

The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.

Continue reading Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Navigating the waters of maritime cybersecurity

Posted on by

In January 2021, new International Maritime Organization (IMO) guidelines on maritime cyber risk management went into effect. Around the same time, the U.S. government released a first of its kind National Maritime Cyber Security Plan (NMCP), accompany… Continue reading Navigating the waters of maritime cybersecurity

Review: The Perfect Weapon

Posted on by

John Maggio, an award-winning producer, director, and writer, known for The Newspaperman: The Life and Times of Ben Bradlee (2017), Panic (2018), The Italian Americans (2015) and others, based this documentary on the homonymous best-selling book by Dav… Continue reading Review: The Perfect Weapon

Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology

Posted on by

There’s been a cybersecurity goof in the wake of the US presidential elections, the US fingers the hackers responsible for disrupting the Winter Olympics in South Korea, and we take a long hard look at long hard legal mumbojumbo…

All this and much… Continue reading Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology

Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

Posted on by

There’s a relatively small swath of cyberattacks mixed among the more common variety that are truly extreme, costing tens of million of dollars and beyond, or exposing millions of records. A report out Tuesday identified a little over 100 that fit that description over the past five years. The researchers learned that these massive events cost a median of $47 million and usually came via straightforward hacks or ransomware. They appear to be growing more frequent, and nation-state hackers are behind them to a surprising degree, the report says. But the report from the Cyentia Insitute, a data science firm, also found that these extreme attacks don’t affect all their targets in the same way. Some cost companies nearly 100 times their revenue, while others were still just a drop in the bucket, costing as little as 0.1 % of their revenue. And the financial, information and manufacturing sectors accounted for more than half of the 103 incidents. “What […]

The post Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events appeared first on CyberScoop.

Continue reading Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

GRU Agents Indicted for Hacking Multiple Targets

Posted on by

The DoJ has charged six Russians, allegedly working for the GRU, with a huge range of computer crimes.
The post GRU Agents Indicted for Hacking Multiple Targets appeared first on Security Boulevard.
Continue reading GRU Agents Indicted for Hacking Multiple Targets