Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DHS. Show all posts

DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security

 

The cybersecurity arm of the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical infrastructure and U.S. national security. The advisory, released on Wednesday, emphasizes the likelihood of Chinese drones being used to pilfer American data, citing Chinese laws permitting government access to data held by private entities as a cause for concern.

The document underscores the necessity for careful consideration and potential mitigation when employing Chinese-manufactured Unmanned Aircraft Systems (UAS), as their use may expose sensitive information to Chinese authorities, thereby endangering national security, economic security, and public health and safety. The White House has identified China as the most formidable cyber threat, attributing this to their adept exploitation of data utilized by American consumers.

A 2021 law, according to the agencies, has expanded China's authority over companies and data within its borders, imposing strict penalties for non-compliance. The data collected by these companies is deemed crucial to China's Military-Civil Fusion strategy, aimed at gaining a strategic advantage over the United States by accessing advanced technologies and expertise.

As critical infrastructure sectors increasingly rely on UAS for cost-effective operations, the agencies express concern about the potential exposure of sensitive information due to the use of Chinese-manufactured drones. Chinese drones are noted as capable of receiving and transmitting data, and the potential avenues for exploitation include data transfer, collection through software updates, and the use of docking stations as data collectors.

The consequences of data harvesting by Chinese drones could be severe, including exposing intellectual property, divulging critical infrastructure operations details, compromising cybersecurity and physical security controls, and facilitating easier access for Chinese hackers into systems. To address these risks, CISA and the FBI recommend isolating Chinese-made drones from networks and implementing regular maintenance to uphold adequate security measures.

PUMA Network: Unmasking a Cybercrime Empire

A massive cybercrime URL shortening service known as "Prolific Puma" has been uncovered by security researchers at Infoblox. The service has been used to deliver phishing attacks, scams, and malware for at least four years, and has registered thousands of domains in the U.S. top-level domain (usTLD) to facilitate its activities.

Prolific Puma works by shortening malicious URLs into shorter, more memorable links that are easier to click on. These shortened links are then distributed via email, social media, and other channels to unsuspecting victims. When a victim clicks on a shortened link, they are redirected to the malicious website.

Security researchers were able to track Prolific Puma's activity by analyzing DNS data. DNS is a system that translates domain names into IP addresses, which are the numerical addresses of websites and other devices on the internet. By analyzing DNS data, researchers were able to identify the thousands of domains that Prolific Puma was using to deliver its malicious links.

Prolific Puma's use of the usTLD is particularly noteworthy. The usTLD is one of the most trusted TLDs in the world, and many people do not suspect that a link with a usTLD domain could be malicious. This makes Prolific Puma's shortened links particularly effective at deceiving victims.

The discovery of Prolific Puma is a reminder of the importance of being vigilant when clicking on links, even if they come from seemingly trusted sources. It is also a reminder that cybercriminals are constantly developing new and sophisticated ways to attack their victims.

Here are some tips for staying safe from Prolific Puma and other malicious URL shortening services:

  • Be wary of clicking on links in emails, social media posts, and other messages from unknown senders.
  • If you are unsure whether a link is safe, hover over it with your mouse to see the full URL. If the URL looks suspicious, do not click on it.
  • Use a security solution that can detect and block malicious links.
  • Keep your web browser and operating system up to date with the latest security patches.

The security researchers who discovered Prolific Puma have contacted the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (DHS) about the service. Both agencies are working to take down Prolific Puma's infrastructure and prevent it from being used to launch further attacks.

Prolific Puma is not the first malicious URL-shortening service to be discovered. In recent years, there have been a number of other high-profile cases of cybercriminals using URL shortening services to deliver malware and phishing attacks.

The discovery of Prolific Puma is a reminder that URL shortening services can be abused for malicious purposes. Users should be cautious when clicking on shortened links, and should take steps to protect themselves from malware and phishing attacks.

Johnson Controls Breach Allegedly Leaked Sensitive DHS Data

 

A king-sized ransomware attack that targeted Johnson Controls forced certain parts of its IT systems to go offline and disrupted some of its operations. The attack on the renowned manufacturer of industrial control systems is reportedly the work of the Dark Angels hacker group. 

According to BleepingComputer, which broke the story first, the ransomware group is demanding $51 million in exchange for a decryptor and a complete wipeout of stolen data. 

As part of the hack, the company's ESXi servers were allegedly encrypted and some 27 terabytes of data were stolen by the digital hijackers. 

Theft of DHS data? 

The data hoard's potential exposure of private Department of Homeland Security (DHS) information, including physical floor plans of some agency buildings and security details on contracts with third parties, is of particular concern, CNN reported.

According to an internal DHS email reviewed by CNN, uncertainty exists around whether the Dark Angels or other digital hackers have taken control of Johnson Controls' private information. 

“Until further notice, we should assume that [the contractor] stores DHS floor plans and security information tied to contracts on their servers,” the memo stated. “We do not currently know the full extent of the impact on DHS systems or facilities.” 

Researchers believe that the ransomware employed in the attack is essentially an identical RagnarLocker Linux ransomware designed in 2021. In an 8K regulatory filing with the Securities and Exchange Commission (SEC), Johnson Controls stated that while some of its systems had been attacked by ransomware, many of its applications "remain operational." 

In the repair process, Johnson Controls' insurers are collaborating with external cybersecurity experts, perhaps managed security service providers (MSSPs), and possibly forensics experts. The attack commenced at the company's Asia offices and then extended to its subsidiaries. The cyber attackers reportedly launched the infiltration last weekend.

Statement from Johnson Controls 

Johnson Control reported in an 8K filing that the incident is expected to continue to hinder certain parts of the company's business operations: 

"Johnson Controls International plc (the “Company”) has experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident. Promptly after detecting the issue, the Company began an investigation with assistance from leading external cybersecurity experts and is also coordinating with its insurers. 

The Company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate. " 

At this time, it's unclear whether Johnson Controls will be able to announce fourth-quarter and full-year fiscal year results, as well as the financial impact of the attack.

Emergency Alert System Bugs Can Help Actors Distribute Fraud Messages

 


The U.S Department of Homeland Security (DHS) has issued a warning of critical vulnerability in the Emergency Alert System (EAS) encoding/decoding devices. If not fixed, the bugs will allow threat actors to send out fraud emergency alerts on cable networks, TV, and radio. 

The advisory came on August 1 from DHS' Federal Emergency Alert Agency (FEMA). Cybersecurity experts Ken Pyle found out about the vulnerabilities. 

FEMA said the EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. 

During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish. 

"The EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish," reports FEMA.

EAS is a U.S. national public warning system that allows state authorities to send out information in less than 10 minutes if there's an emergency. These warnings can interrupt TV and radio to show emergency alert information. 

Information about the bugs has not been disclosed to prevent threat actors from exploiting them, but we can expect the details publicly soon as a proof-of-concept at the DEF CON conference going to take place in Las Vegas next week. 

Basically, the flaws are public knowledge and will be shown to a large audience in the following weeks. 

To control the vulnerability, users are advised to update the EAS devices to the latest software versions, use a firewall to secure them, and keep an eye on audit and review logs for signs of any suspicious access (unauthorised). 

"The testing process is designed to evaluate the effectiveness of the IPAWS Open Platform for Emergency Networks and assess the operational readiness of the infrastructure for distribution of a national message and determine whether technological improvements are needed," reports FEMA.