Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label FBI. Show all posts
Ransomware
BlackSuit CISA FBI malware Ransomware

From Code to Chaos: BlackSuit Ransomware and The CDK Global Cyber Crisis


In recent days, the automotive industry has been hit by a significant IT outage that has disrupted operations for car dealerships across North America. The culprit? The notorious BlackSuit ransomware gang. In this blog post, we’ll delve into the details of the attack, its impact, and what it means for CDK Global and its customers.

The Incident

According to people familiar with the situation, the BlackSuit ransomware gang is responsible for CDK Global's significant IT failure and interruption to car dealerships throughout North America.

The conversations follow the BlackSuit ransomware assault, which led CDK to lock down its IT infrastructure and data centers, including its car dealership platform, to prevent the attack from spreading. The company attempted to restore services on Wednesday, but a second cybersecurity attack forced it to shut down all IT systems again.

The Attack

CDK Global, a leading provider of technology solutions for auto dealerships, found itself in the crosshairs of cybercriminals

While the company has yet to officially confirm the ransomware attack, multiple sources indicate that BlackSuit is behind the incident. The attack likely exploited vulnerabilities in CDK’s systems, leading to widespread disruption.

Impact on Dealerships

Two of the largest public car dealership companies, Penske Automotive Group and Sonic Automotive, disclosed that they, too, were impacted by the outages.

The fallout from the CDK Global outage has been substantial. Car dealerships rely heavily on CDK’s software for inventory management, sales, and customer service. 

With the systems down, dealers have had to resort to manual processes, including pen-and-paper record-keeping. Imagine the chaos in a busy dealership trying to manage sales, service appointments, and parts inventory without their usual digital tools.

Data Theft Concerns

Beyond the immediate operational challenges, there are serious concerns about data theft. Ransomware attacks often involve stealing sensitive information before encrypting files and demanding a ransom.

CDK Global must now investigate whether customer data, financial records, or other critical information has been compromised. The potential fallout from such a breach could be long-lasting and damaging.

Response and Recovery

In November 2023, the FBI and CISA published in a joint advisory that Royal and BlackSuit's encryptors use similar strategies and have coding overlaps.

CDK Global’s response to the attack is crucial. They need to assess the extent of the breach, restore systems, and enhance security measures. Communication with affected dealerships is equally important. Dealers need transparency about the situation, timelines for resolution, and guidance on how to navigate the outage.

Read more »
Scotland
cyber attack Cyber Attacks FBI Ransomware Scattered Spider Scotland

Young Hacker Linked to Scattered Spider Group Detained


 

Spanish police, aided by the FBI, have made a major breakthrough in combating cybercrime by arresting a 22-year-old man in Palma de Mallorca. The suspect, Tyler Buchanan from Dundee, Scotland, is believed to be a leading figure in the notorious hacking group Scattered Spider. Authorities apprehended Buchanan on June 15 while he was trying to board a flight to Italy. At the time of his arrest, he reportedly controlled $27 million in bitcoin.

Scattered Spider has been responsible for several major cyberattacks over the past two years. These include a significant attack on MGM Resorts in 2023 and breaches affecting companies like Twilio, LastPass, GitLab, Apple, and Walmart. Buchanan is suspected to have played a crucial role in these incidents. He is listed among the top SIM swappers, which is a technique used to take over phone numbers and access sensitive information.

This arrest follows the detention of another key Scattered Spider member, Michael Noah Urban, earlier this year. Urban was charged with stealing over $800,000 in cryptocurrency from multiple victims between 2022 and 2023. Both Buchanan and Urban are part of a broader group of young hackers, usually between 19 and 22 years old, known as 'the Community' or 'the Com'. This global network of hackers often shares their techniques and boasts about their exploits.

In May 2024, the FBI announced a crackdown on Scattered Spider, which had been targeting insurance companies since April. The arrests of Buchanan and Urban show that these efforts are making an impact. However, experts believe that the group's activities are unlikely to stop completely. Cybersecurity specialist Javvad Malik from KnowBe4 explained that cybercriminal groups are often decentralised, meaning they can quickly replace arrested members and continue their operations.

Malik pointed out that groups like Scattered Spider are resilient due to their decentralised nature. The knowledge and tools they use, such as SIM swapping, are widely shared within the cybercrime community. Online tutorials, forums, and dark web marketplaces ensure that these methods continue to spread, even when key individuals are arrested. This means that the group can persist and even grow despite law enforcement efforts.

Although the recent arrests may temporarily disrupt Scattered Spider's activities, experts predict the group will soon resume its operations with new leaders. The capture of Tyler Buchanan is a victory for law enforcement but also a reminder of the ongoing and evolving threat posed by cybercriminal organisations.


Read more »
FBI
Cyber Encryption Cyber Security Cyberattacks CyberCrime Cyberlaw Cybersecurity Researchers CyberThreat FBI

Hill Briefing on Encryption Canceled Suddenly by FBI

 


Based on emails reviewed by POLITICO, the FBI abruptly cancelled two large Hill briefings scheduled for this week about encryption, without telling staffers who were invited. A two-day virtual briefing on “warrant-proof encryption” was scheduled for congressional staff last week. The FBI had invited congressional staff to the briefings last week. During the briefings, a variety of topics would have been discussed, such as how encryption could pose challenges to the FBI in its investigations of "violent crimes against children and transnational organized crime." 

According to Politico, the FBI's second series on "priority topics" for Capitol Hill staffers was scheduled to focus on how encryption has made it difficult for the FBI to investigate "violent crimes against children and transnational organized crime," as part of its priority topics series. There has been no update on the reason for the cancellation of the two briefings, which were planned for Tuesday and Thursday, since last month when the first meeting focused on the fentanyl crisis. The FBI said that they are hopeful of rescheduling the briefings to a future date. 

They are the second in a series of FBI "priority topics" briefings that will be held on the Hill for all Hill staff, as indicated by a copy of the invitation that was reviewed by POLITICO. As part of the first briefing in the series held in February, the FBI's Office of Congressional Affairs announced that the encryption event would be indefinitely delayed. The briefing was focused on fentanyl. Despite the FBI's efforts, technology companies, such as Apple, should provide a backdoor so law enforcement officers can access encrypted data legally if they have a search warrant. 

There are, however, concerns from tech companies that adding a backdoor to social media sites could lead to hackers and other cybercriminals accessing private data more easily. A report from the FBI asserts that the encryption software employed by applications such as Signal makes it much harder for criminals, including terrorists and child sex traffickers, to monitor the conversations on those apps. It has been confirmed that the FBI will hold briefings on its efforts to improve warrant-proof encryption on June 18th and June 20th. However, some circumstances are out of the FBI’s control. However, the FBI has decided to postpone the briefings. 

According to the email, the bureau will reschedule the event, however. Continuing to explain the importance of the FBI's involvement in informing Congress on a wide range of issues, the email continues, that the firm sincerely apologizes for any inconvenience this event may cause for those who are planning to attend. The postponement of the event is likely to be attributed to political pressure, according to one Republican Hill staffer who spoke candidly on condition of anonymity. The issue is politically awkward for Biden's administration, which has made it more likely for the postponement to occur. According to the aide, the briefing was cancelled out of the blue. “It is important for this administration not to let people talk about these issues in an election season which might revolve around precisely those issues.” 

The issue of encryption is a controversial one, particularly among progressives, as it is a very contentious topic. The FBI has been warning for several years now that enhanced privacy protections being implemented by popular app platforms, such as Signal, are putting them at risk of losing sight of communications from terrorists, criminal organizations, and child abuse traffickers through enhanced privacy protections. There has been a long tradition for the bureau to urge companies to develop so-called back doors so that they can lawfully access encrypted communications if a search warrant is obtained, but this trend has picked up in recent years with the proliferation of online child sexual abuse material. 

As a result, some tech companies, security researchers, and privacy advocates have argued that it is impossible to do so without introducing new vulnerabilities which can be exploited by state hackers or cybercriminals, so these companies, security researchers, and privacy advocates have resisted. As a result of a rise in commercial data brokers, smart cameras and more connected devices that hoover up private information, they claim that law enforcement agencies are now able to have access to more personal information than ever before due to the increase in connected devices. 

A wide range of technology companies, including Apple, provide encrypting platforms for communication among themselves. According to an FBI spokesperson, the DOJ will be contacted for further comment on this article. A DOJ representative told the Associated Press that political issues were not the cause behind the cancellation of the event. A spokesperson for the Department of Interior, in response to the request for a congressional staff briefing, commented that it is a ridiculous leap based on the scheduling of the briefing, given the Department's and Bureau's strong and consistent position on this issue, they added.
Read more »
Ransomware threats
Cyber Attacks FBI LockBit 3.0 LockBit cyberattack Ransomware Ransomware threats

FBI Reveals 7,000 Decryption Keys to Combat LockBit Ransomware

 

In a major development against cybercrime, the US Federal Bureau of Investigation (FBI) has disclosed the recovery of over 7,000 decryption keys to assist victims of the notorious LockBit ransomware gang. This revelation follows a disruptive international law enforcement operation against LockBit earlier this year. In February 2024, an international law enforcement effort, codenamed Operation Cronos, targeted LockBit’s infrastructure. 

This operation led to the takedown of LockBit’s data leak website and the seizure of 34 servers containing extensive data on the gang’s activities. Investigators uncovered more than 2,500 decryption keys from these servers, which the FBI is now offering to victims. The data gathered also facilitated the development of a free decryption tool for the LockBit 3.0 Black Ransomware. 

LockBit's Global Impact 

LockBit operates a ransomware-as-a-service model, providing tools to a network of affiliates who carry out cyberattacks globally. By 2022, LockBit had become the most deployed ransomware variant worldwide, causing billions of dollars in damages to victims, according to Bryan Vorndran, the FBI’s cyber assistant director. 

Further he said, “These LockBit scams run the way local thugs used to demand ‘protection money’ from storefront businesses. LockBit affiliates steal and encrypt data, demanding payment for its return. Even if the ransom is paid, victims are often subjected to further extortion as the criminals retain copies of the data and may demand additional payments to prevent its release online. 

FBI's Assistance to Victims 

The FBI is proactively reaching out to known LockBit victims, encouraging those affected to visit the Internet Crime Complaint Center. While the recovered decryption keys enable victims to regain access to their data, Vorndran cautioned that this does not prevent LockBit from potentially selling or releasing the data in the future.
“When companies are extorted and choose to pay to prevent the leak of data, you are paying to prevent the release of data right now—not in the future,” he said. 

Continued Threat 

The fight against ransomware is marked by ongoing challenges. Despite the significant strides made with Operation Cronos, the threat from LockBit remains. In 2022, authorities arrested LockBit associate Mikhail Vasiliev, who received a four-year prison sentence in March 2024. 

Additionally, last month, authorities identified the elusive LockBit leader as 31-year-old Russian national Yuryevich Khoroshev. Vorndran's warning underscores the persistent threat: “Even if you get the data back from the criminals, you should assume it may one day be released, or you may one day be extorted again for the same data.”
Read more »
FBI
Company Breach Cyber Attacks data security Facebook FBI

Behind the Breach: How ARRL Fought Back Against Cyber Intruders


The American Radio Relay League (ARRL), the primary body for amateur radio in the United States, has released new details about the May 2024 cyberattack. The ARRL cyberattack took down its Logbook of the World (LoTW), leaving many members dissatisfied with the organization's perceived lack of information.

ARRL Targeted in Sophisticated Cyber Attack

According to a recent ARRL update, on or around May 12, 2024, the company was attacked by a rogue international cyber gang via its network. When the ARRL cyberattack was discovered, the organization quickly contacted the FBI and enlisted the assistance of third-party specialists in the investigation and cleanup efforts.

The FBI classified the ARRL cyberattack as "unique," owing to its nature of infiltrating network devices, servers, cloud-based services, and PCs.

ARRL's management swiftly formed an incident response team to contain the damage, repair servers, and test apps for appropriate operation.

In a statement, ARRL reiterated its commitment to resolve the issue: thank you for being patient and understanding as our staff works with an exceptional team of specialists to restore full operation to our systems and services. We will continue to provide members with updates as needed and to the degree possible."

The Attack

The cyber attack on ARRL was well-coordinated and multifaceted:

  • Infiltration: The attackers gained unauthorized access to ARRL’s network devices and servers. They exploited vulnerabilities, likely through phishing emails or compromised credentials.
  • Scope: The attack affected various systems, including communication channels, member databases, and administrative tools. The attackers aimed to disrupt services and compromise sensitive information.
  • Attribution: While ARRL has not publicly disclosed the identity of the cyber group, experts believe it to be an international entity with advanced capabilities.

ARRL’s Response

  • Emergency Measures: ARRL immediately isolated affected systems, shut down compromised servers, and engaged cybersecurity experts to assess the damage.
  • Collaboration with Law Enforcement: The organization promptly reported the incident to the FBI, which launched an investigation. Cooperation with law enforcement agencies is crucial in such cases.
  • Transparency: ARRL communicated transparently with its members, providing regular updates via email, website announcements, and social media. Transparency builds trust and helps members stay informed.
  • Recovery Efforts: ARRL worked tirelessly to restore services. Backups were crucial for data recovery, and the organization implemented additional security measures.

Lessons Learned

  • Vigilance: Organizations, regardless of size, must remain vigilant against cyber threats. Regular security audits, employee training, and robust incident response plans are essential.
  • Collaboration: Cybersecurity is a collective effort. Collaboration with law enforcement, industry peers, and security experts enhances resilience.
  • Communication: Transparent communication during a crisis fosters trust and ensures that affected parties receive timely information.
Despite ARRL's efforts, many members believed that the organization was not open with information. A Facebook user wrote a lengthy article criticizing ARRL's communication technique.

Read more »
FBI
911 S5 botnet Botnet attack Computer Attacks Cyber Attacks FBI

FBI Takes Down Massive Global Army of Zombie Computer Device

 

In a significant victory against cybercrime, an international law enforcement team has successfully dismantled the massive "911 S5" botnet, which has been operational for almost a decade. This extensive network, believed to be the largest of its kind globally, involved approximately 19 million compromised computers. As part of the operation, authorities also apprehended a Chinese national linked to the botnet. 

The huge botnet, active in over 190 countries, was rented out to hackers for various illegal activities. FBI Director Christopher Wray pointed out its global impact, mentioning it facilitated financial fraud, identity theft, and even gave access to child exploitation materials. The Department of Justice added that the botnet was involved in bomb threats and cyberattacks, causing potential losses in billions of dollars. 

It was also connected to more than 613,000 IP addresses in the US. Authorities seized internet equipment and assets and took action against YunHe Wang, believed to be the botnet's leader, and his partners, according to Wray. 

What is Botnet Attack? 

Botnets are networks of compromised computers or connected devices, infected with malware by cybercriminals, who then exploit them for malicious purposes. These devices form a "zombie army," operating without the knowledge of their owners. 

Common Botnet Attacks 

Brute Force Attack: A brute force attack is employed by cybercriminals when they lack the target's password(s). This technique involves rapidly and repeatedly guessing passwords using specialized software. The malware interacts directly with the targeted service, providing real-time feedback on password attempts. Additionally, attackers may leverage leaked credentials or personal information to enhance their guessing efforts. 

Distributed Denial of Service (DDoS) Attacks: One of the most prevalent botnet attacks is the Distributed Denial of Service (DDoS) attack. This type of attack overwhelms a service with excessive web traffic, causing it to crash and disrupting normal operations. A notable example is the 2016 Mirai botnet attack, which targeted the domain name service provider Dyn, leading to significant outages and performance issues for major websites like Twitter and Soundcloud in various regions. 

Spam and Phishing Botnets: These attacks are often used to send out massive amounts of spam emails as part of phishing campaigns. These emails aim to deceive recipients into divulging sensitive information or login credentials. Phishing not only compromises individual accounts but can also help expand the botnet by infecting more devices. 

Device Bricking: These attacks involve infecting devices with malware that deletes their contents, often to cover up evidence of a primary attack. This process renders the devices completely inoperative, essentially turning them into "bricks." These attacks are typically carried out in multiple phases, ultimately leaving the affected devices useless. 

What Can You Do? 

Keep Software Updated: Regularly update system and device software, especially on lesser-used devices. Apply updates immediately upon release. 

Secure IoT Configurations: Change default login credentials and remove outdated, unused devices from the network to eliminate potential attack vectors. 

Limit Device Access: Restrict and monitor access to IoT devices. Segregate or air-gap IoT devices from critical systems to minimize attack impact. 

Enhance Authentication: Enable multi-factor authentication and limit the number of users with access to IoT devices.
Read more »
Hacker group
Breach Forums Cyber Crime Dark Web Domain FBI Hacker group

Breach Forums Plans Dark Web Return Despite FBI Crackdown

 

Breach Forums, the infamous cybercrime and hacker forum, is all set to return to the dark web under a new Onion label, Hackread reported. While the exact timing for the resuscitation of its clearnet domain is unknown, officials are trying to revive it this week. 

ShinyHunters, a hacker and Breach Forums administrator, confirmed the latest developments to a local media outlet . According to the hacker, the new Onion domain for Breach Forums is preparing for a comeback, which is scheduled for the following week. 

"The onion is ready, it's not public yet, but it will probably be launched this week." When asked about the status of the clearnet domain, the hacker just stated that "the clearnet will come back," without providing a specific timeline. 

Notably, on May 15th, 2024, the FBI seized Breach Forums V2, apparently after apprehending two admins, one known by the moniker Baphomet. ShinyHunters told Hackread.com that they believe Baphomet may have handed up backend credentials to the FBI, resulting in the entire seizure of the forum's Escrow, as well as its dark web and clearnet domains. 

However, recent developments have taken an unexpected turn, with ShinyHunters announcement last week that they had retrieved access to the seized clearnet domain for Breach Forums from the FBI using an unspecified technique. 

Interestingly, neither the FBI nor the Department of Justice has issued a statement on the seizure or any of the linked events. While the FBI has recognised the seizure and requested victims of data breaches on Breach Forums to come forward and fill out a form to help with further investigations, official statements from authorities are still waiting. 

With ShinyHunters' revelation that they had regained access to the confiscated clearnet domain, the narrative develops, leaving many doubts regarding the forum's future and the role of law enforcement authorities. However, it is clear that Breach Forums is undergoing a huge transition. From its confiscation by the FBI to its probable resurrection with a new Onion domain, the story depicts the dangerous and strange world of cybercrime.
Read more »
rewards
cryptocurrency Cyber Attacks FBI Hackers LockBit LockBit ransomware group ransomware attacks rewards

LockBit Ransomware Group Challenges FBI: Opens Contest to Find Dmitry Yuryevich

 

LockBitSupp, the alleged administrator of the notorious LockBit ransomware group, has responded publicly to recent efforts by the Federal Bureau of Investigation (FBI) and international law enforcement to identify and apprehend him. 

Following the restoration of previously seized domains, law enforcement authorities identified Dmitry Yuryevich Khoroshev as the mastermind behind LockBit operations in a recent announcement. This revelation was accompanied by official sanctions from the U.S., U.K., and Australia, along with 26 criminal charges that collectively carry a maximum sentence of 185 years imprisonment. 

Furthermore, the U.S. Justice Department has offered a substantial $10 million reward for information leading to Khoroshev's capture. Despite these developments, LockBitSupp has vehemently denied the allegations, framing the situation as a peculiar contest on the group's remaining leak site. LockBitSupp has initiated a contest on their leak site, encouraging individuals to attempt contact with Dmitry Yuryevich Khoroshev. They assert that the FBI has misidentified the individual and that Khoroshev is not associated with LockBitSupp. 

The ransomware admin suggests that the alleged identification mistake may have arisen from cryptocurrency mixing with their own funds, attracting the attention of law enforcement. The contest invites participants to reach out to Khoroshev and report back on his well-being, with a reward of $1000 offered for evidence such as videos, photos, or screenshots confirming contact. Submissions are to be made through the encrypted messaging platform Tox, using a specific Tox ID provided by LockBitSupp.  

Additionally, LockBitSupp has shared multiple links to LockBit-associated file-sharing services on the dark web, presumably for individuals to archive details and submit as contest entries. They have also listed extensive personal details alleged to belong to Dmitry Khoroshev, including email addresses, a Bitcoin wallet address, passport, and tax identification numbers. Amidst the contest announcement, LockBitSupp expressed concern for the individual mistakenly identified as them, urging Khoroshev, if alive and aware, to make contact. 

This unusual move by LockBitSupp challenges the assertions made by law enforcement agencies and highlights the complex dynamics of the cyber underworld, where hackers openly taunt their pursuers. LockBitSupp emphasized that the contest will remain active as long as the announcement is visible on the blog. They hinted at the possibility of future contests with larger rewards, urging followers to stay updated for further developments. 

The announcement was uploaded and last updated on May 9, 2024, UTC, leaving the public and cybersecurity community anticipating further developments. Recent indictments have identified Khoroshev as the mastermind behind LockBit operations since September 2019. The LockBit group is alleged to have extorted over $500 million from victims in 120 countries, with Khoroshev reportedly receiving around $100 million from his involvement in the activities.
Read more »
Remote Access Software
Black Basta CISA FBI RaaS Ransomware Remote Access Software

New Ransomware Threat Hits Hundreds of Organisations Worldwide

 


In a recent joint report by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), a new ransomware gang named Black Basta has been identified as breaching over 500 organisations globally between April 2022 and May 2024. This group has targeted various sectors, including healthcare, spanning across North America, Europe, and Australia.

Black Basta, coming through as a Ransomware-as-a-Service (RaaS) operation in April 2022, has quickly gained notoriety by attacking numerous high-profile victims such as Rheinmetall, Hyundai, Capita, and the American Dental Association, among others. Believed to have connections to the former Conti cybercrime syndicate, Black Basta operates with sophistication and a steady stream of initial access to its targets.

One of the key tactics employed by Black Basta involves stealing corporate data before encrypting a company's devices. This stolen data is then used in double-extortion attacks, where victims have demanded a ransom to prevent the publishing of their sensitive information. The gang's data leak site, 'Black Basta Blog' or 'Basta News,' lists victims and progressively releases data to pressure them into paying the ransom.

Technical analysis reveals that Black Basta utilises the ChaCha20 encryption algorithm to encrypt files, rendering them inaccessible without the decryption key. Victims are left with a custom extension appended to their encrypted files (.basta), along with a ransom note providing instructions on how to negotiate with the threat actors.

Responding to this spreading threat, federal agencies advise organisations to maintain up-to-date operating systems, employ phishing-resistant Multi-Factor Authentication (MFA), and train users to identify and report phishing attempts. Moreover, securing remote access software and implementing recommended mitigations are essential steps in blocking the risks posed by Black Basta and similar ransomware attacks.

Healthcare organisations are particularly vulnerable, given their size, technological reliance, and access to sensitive patient information. CISA and the FBI have suggested adhering to the StopRansomware Guide in order to dodge potential attacks in the healthcare sector.

Recent incidents, including an attack on healthcare giant Ascension, accentuate the urgency of addressing the threat posed by Black Basta. With the gang's ability to readily expand its victim pool and employ coercive tactics, organisations must remain particularly careful and implement robust cybersecurity measures to mitigate the risk of falling victim to ransomware attacks.

Considering the course of events, cybersecurity experts emphasise the importance of ardent measures, including regular backups, system updates, and employee training, to strengthen defences against ransomware threats like Black Basta. This calls for collective efforts to combat the growing menace of ransomware and protect critical infrastructure from malicious actors.


Read more »
USA
cyber attack Email Attacks email spam Fake Emails FBI USA

FBI Investigates Thousands of Fake Emails Warning of Cyber Threat You Must Do 1 Thing

 

Over the weekend, an alarming incident unfolded as thousands of fake emails flooded in, purportedly from the US Department of Homeland Security. The messages, titled "Urgent: Threat actor in systems," raised concerns about a cyber threat allegedly posed by a group called the Dark Overlord. According to reports, recipients were warned of a sophisticated chain attack targeting them, adding to the sense of urgency and anxiety. 

What made matters worse was the apparent authenticity of these emails, originating from FBI infrastructure. The scale of the operation was staggering, with over 100,000 of these deceptive emails sent out, causing widespread disruption and confusion among recipients. 

Additionally, it was discovered that the North Korean military intelligence agency, along with a hacking group called APT43 or Kimsuky, carried out a sophisticated cyber attack. They tricked people into giving away important information by pretending to be journalists, researchers, or academics through fake emails. To protect against this, experts suggest updating email security settings, like DMARC, which can help prevent such attacks. 

Let’s Understand Everything About DMARC

DMARC, DKIM, and SPF are like a triple defense system for emails. They work together to stop bad guys from pretending to send emails from places they should not. It is like having three guards at the gate, making sure only the right people get through. Picture your email as a package you are sending out into the world. DKIM and SPF are like seals of approval on the package, showing it is genuine and not tampered with. 

Now, DMARC is your extra security measure. It is like a set of instructions you attach to your package, telling the delivery person what to do if something seems fishy. "If the seal is broken, handle with care!" If you do not have DKIM, SPF, and DMARC set up properly, it is like sending out your package without those stamps and instructions. It might get lost, or worse, someone might try to copy your package and send out fake ones. 

So, by having these protections in place, you ensure your emails are delivered safely and are not mistaken for spam. This warning is a way to stop APT43 from stealing more data and giving it to North Korea. It is important for everyone to act fast and secure their email systems. These steps are crucial because cyber threats like this are always changing and can be really damaging. So, it is essential to stay alert and protect yourself from these kinds of attacks. 

Despite the gravity of the situation, the FBI has remained tight-lipped about further details, leaving many questions unanswered. As investigations unfold, concerns persist about the potential ramifications of such a large-scale deception. The incident serves as a stark reminder of the ever-present threat of cyber attacks and the importance of remaining vigilant in the face of such challenges. Stay tuned for updates as the investigation progresses.
Read more »
Vulnerabilties and Exploits
CISA Company Security FBI Path Traversal Vulnerabilties and Exploits

CISA Ask Companies to Fix Path Traversal Vulnerabilities


CISA and FBI urge companies to take patch actions 

CISA and the FBI recommended software companies today to assess their products and fix route traversal security flaws before selling.

Attackers can leverage path traversal vulnerabilities (also known as directory traversal) to create or overwrite important files used to execute malware or circumvent security systems such as authentication. 

“Additionally, this Alert highlights the prevalence, and continued threat actor exploitation of, directory traversal defects. Currently, CISA has listed 55 directory traversal vulnerabilities in our Known Exploited Vulnerabilities (KEV) catalog,” says the CISA and FBI joint report.

Impact of these security loops

Such security holes can also allow threat actors to acquire sensitive data, such as credentials, which can then be used to brute-force existing accounts and compromise the targeted systems.

Another option is to disable or limit access to vulnerable systems by overwriting, destroying, or altering critical authentication files (which would lock out all users).

CISA and the FBI propose that software buyers ask vendors if they completed formal directory traversal testing. 

To eliminate this type of problem from all goods, manufacturers should ensure that their software developers immediately install the necessary mitigations. Integrating security into products from the start can eliminate directory traversal issues.

About directory traversal vulnerabilities

Directory traversal vulnerabilities occur when users manipulate inputs, such as file paths, to gain unauthorized access to application files and directories. Malicious cyber actors can use these exploits to access restricted directories and read, change, or write arbitrary files, which can have adverse effects.

How Can Software Vendors Avoid Directory Traversal Risks?

To minimize directory traversal vulnerabilities in software products, developers should apply proven mitigations such as:

  • Use random identification and store metadata independently (e.g., in a database) instead of relying on user input for a file name.
  • If the previous strategy is not followed, restrict file names to alphanumeric characters. Please ensure that submitted files do not have executable permissions.

Path vulnerabilities ranked eighth on MITRE's list of the 25 dangerous software issues, trailing only out-of-bounds write, cross-site scripting, SQL injection, use-after-free, OS command injection, and out-of-bounds read flaws.

In March, CISA and the FBI released another "Secure by Design" alert, advising executives of software manufacturing companies to develop mitigations to prevent SQL injection (SQLi) security risks.

SQLi vulnerabilities were listed third among MITRE's top 25 most hazardous software vulnerabilities between 2021 and 2022, trailing only out-of-bounds writes and cross-site scripting.

Read more »
Wireless
Cyber Scammers cyber threat Cyberattacks CyberCrime FBI FCC Financial Loss Reddit SIM SIM swap Swap Scam T-Mobile Technology Verizon Wireless

Inside Job Exposed: T-Mobile US, Verizon Staff Solicited for SIM Swap Scam

 


T-Mobile and Verizon employees are being texted by criminals who are attempting to entice them into swapping SIM cards with cash. In their screenshots, the targeted employees are offering $300 as an incentive for those willing to assist the senders in their criminal endeavours, and they have shared them with us. 

The report indicates that this was part of a campaign that targets current and former mobile carrier workers who could be able to access the systems that would be necessary for the swapping of SIM cards. The message was also received by Reddit users claiming to be Verizon employees, which indicates that the scam isn't limited to T-Mobile US alone. 

It is known that SIM swapping is essentially a social engineering scam in which the perpetrator convinces the carrier that their number will be transferred to a SIM card that they own, which is then used to transfer the number to a new SIM card owned by the perpetrator. 

The scammer can use this information to gain access to a victim's cell phone number, allowing them to receive multi-factor authentication text messages to break into other accounts. If the scammer has complete access to the private information of the victim, then it is extremely lucrative. 

SIM swapping is a method cybercriminals utilize to breach multi-factor authentication (MFA) protected accounts. It is also known as simjacking. Wireless carriers will be able to send messages intended for a victim if they port the victim’s SIM card information from their legitimate SIM card to one controlled by a threat actor, which allows the threat actor to take control of their account if a message is sent to the victim. 

Cyber gangs are often able to trick carrier support staff into performing swaps by presenting fake information to them, but it can be far more efficient if they hire an insider to take care of it. In the past, both T-Mobile and Verizon have been impacted by breaches of employee information, including T-Mobile in 2020 and Verizon last year, despite it being unclear how the hackers obtained the mobile numbers of the workers who received the texts. 

The company stated at the time that there was no evidence that some of the information had been misused or shared outside the organization as a result of unauthorized access to the file, as well as in 2010 a Verizon employee had accessed a file containing details for about half of Verizon s 117,00-strong workforce without the employee's authorization.

It appears that the hackers behind the SIM swap campaign were working with outdated information, as opposed to recent data stolen from T-Mobile, according to the number of former T-Mobile employees who commented on Reddit that they received the SIM swap message. As the company confirmed the fact that there had not been any system breaches at T-Mobile in a statement, this was reinforced by the company. 

Using SIM swap attacks, criminals attempt to reroute a victim's wireless service to a device controlled by the fraudster by tricking their wireless carrier into rerouting their service to it. A successful attack can result in unauthorized access to personal information, identity theft, financial losses, emotional distress for the victim, and financial loss. Criminals started hijacking victims' phone numbers in February 2022 to steal millions of dollars by performing SIM swap attacks. 

The FBI warned about this in February 2022. Additionally, the IC3 reported that Americans reported 1,075 SIM-swapping complaints during the year 2023, with an adjusted loss of $48,798,103 for each SIM-swapping complaint. In addition to 2,026 complaints about SIM-swapping attacks in the past year, the FBI also received $72,652,571 worth of complaints about SIM-swapping attacks from January 2018 to December 2020. 

Between January 2018 and December 2020, however, only 320 complaints were filed regarding SIM-swapping incidents resulting in losses of around $12 million. Following this huge wave of consumer complaints, the Federal Communications Commission (FCC) announced new regulations that will protect Americans from SIM-swapping attacks to protect Americans from this sort of attack in the future.

It is required by the new regulations that carriers have a secure authentication procedure in place before they transfer the customer's phone numbers to a different device or service provider. Additionally, they need to warn them if their accounts are changed or they receive a SIM port out request.
Read more »
USA
Cyber Attacks FBI phishing Road Toll SMS Phishing USA

Nationwide Scam Targets Road Toll Users via SMS Phishing Scheme

 



The Federal Bureau of Investigation (FBI) has alerted the public to a widespread SMS phishing scam sweeping across the United States. The scam, which began in early March 2024, specifically targets individuals with fraudulent messages regarding unpaid road toll fees.

What Does The Scam Entails?

Thousands of Americans have already fallen victim to this harrowing scam, with over 2,000 complaints flooding the FBI's Internet Crime Complaint Center (IC3) from at least three states. The deceptive messages typically claim that the recipient owes money for outstanding tolls, urging them to click on embedded hyperlinks.

The perpetrators behind these attacks employ sophisticated tactics to deceive their targets. By impersonating legitimate toll services and altering phone numbers to match those of the respective states, they create a false sense of authenticity. However, the links provided within the messages lead to fake websites designed to extract personal and financial information from unsuspecting victims.

Cautionary Advice

Authorities are urging individuals who receive such messages to exercise caution and take immediate action. The Pennsylvania Turnpike, one of the affected toll services, has advised recipients not to click on any suspicious links and to promptly delete the messages. Similarly, the Pennsylvania State Police have issued warnings about the scam, emphasising the dangers of providing personal information to fraudulent sources.

To safeguard against falling prey to this scam, the FBI recommends several preventive measures. Victims are encouraged to file complaints with the IC3, providing details such as the scammer's phone number and the fraudulent website. Additionally, individuals should verify their toll accounts using the legitimate websites of the respective toll services and contact customer service for further assistance. Any suspicious messages should be promptly deleted, and if personal information has been compromised, immediate steps should be taken to secure financial accounts and dispute any unauthorised charges.

What Is Smishing?

Smishing, a blend of "SMS" and "phishing," is a form of social engineering attack wherein fraudulent text messages are used to deceive individuals into divulging sensitive information or downloading malware. In this instance, the scam preys on individuals' concerns regarding unpaid toll fees, exploiting their trust in official communication channels.

As the SMS phishing scam continues to proliferate, it is imperative for individuals to remain vigilant and sceptical of unsolicited messages. By staying informed and taking proactive measures to protect personal information, users can mitigate the risks posed by such malicious activities. Authorities are actively investigating these incidents, but it is crucial for the public to be proactive in safeguarding their financial and personal information from exploitation.


Read more »
VPN
2024 cyber crimes CISA Cyber crimes cybersecurity advisory Cybersecurity Experts Data Breach Data protection FBI IMF VPN

Rising Cybercrime Threats and Prevention Measures Ahead of 2024

 

According to projections from Statista, the FBI, and the IMF, the global cost of cybercrime is anticipated to experience a substantial increase. By 2027, it is estimated to surge to $23.84 trillion, marking a significant rise from the $8.44 trillion reported in 2022. 

Security expert James Milin-Ashmore, from Independent Advisor VPN, has provided a comprehensive list of 10 crucial guidelines aimed at enhancing digital safety by avoiding sharing sensitive information online. 

These guidelines serve as proactive measures to combat the rising threat of cybercrime and safeguard personal and confidential data from potential exploitation. 

1. Avoid Sharing Your Phone Number on Random Sites 

Sharing your phone number online can expose you to a range of security risks, warns an expert. Cybercriminals could exploit this information to gather personal details, increasing the likelihood of identity theft and other malicious scams: 

  • Subscriber Fraud: Scammers set up fake cell phone accounts with stolen info. 
  • Smishing: Fraudsters send text messages to trick victims into revealing data or visiting harmful sites.
  • Fake Call Frauds: Scammers pose as legitimate entities to extract sensitive information. 
  • Identity Theft: Phone numbers are exploited to commit financial fraud and impersonate individuals. 

2. Do Not Update Your Current Location 

It is not new or unknown that people share their current locations on social media handles however, experts caution against sharing personal addresses or current locations online, citing heightened risks of theft, stalking, and malicious online activity. 

Such information can be exploited to tailor phishing attempts, rendering them more convincing and increasing the likelihood of falling victim to scams. 

3. Do Not Post Your Holiday Plans 

As the holiday season approaches, many individuals may feel inclined to share their vacation plans on social media platforms. However, security experts are warning against this seemingly innocent practice, pointing out the potential risks associated with broadcasting one's absence from home. 

Announcing your vacation on social media not only informs friends and family of your whereabouts but also alerts criminals that your residence will be unoccupied. This information could make your home a target for burglary or other criminal activities. 

4. Do Not Take Risks of Sharing Password Online 

Passwords serve as the primary defense mechanism for safeguarding online accounts, making them crucial components of digital security. However, security expert emphasizes the importance of protecting passwords and refraining from sharing them online under any circumstances. Sharing passwords, regardless of the requester's identity, poses a significant risk to online security. 

Unauthorized access to sensitive accounts can lead to various forms of cybercrime, including identity theft, financial fraud, and data breaches. 

 5. Protect Your Financial and Employment Information 

Experts caution against sharing sensitive financial or employment details online, highlighting the potential risks associated with divulging such information. Financial details, including credit card numbers and bank account details, are highly sought after by online fraudsters. Similarly, sharing employment information can inadvertently provide criminals with valuable data for social engineering scams. 

 6. Protect Your ID Documentation 

Expert urges individuals to refrain from posting images of essential identification documents such as passports, birth certificates, or driver's licenses online. These documents contain sensitive information that could be exploited by identity thieves for various criminal activities, including opening unauthorized bank accounts or applying for credit cards. 

7. Stop Sharing Names of Your Loved Ones/Family/Pets 

Security experts advise against sharing personal details such as the names of loved ones or pets online. Hackers frequently attempt to exploit these details when guessing passwords or answering security questions. 

 8. Protect Your Medical Privacy 

Your medical history is a confidential matter and should be treated as such, caution experts. Sharing details about the hospitals or medical facilities you visit can inadvertently lead to a data breach, exposing personal information such as your name and address. 

 9. Protect Your Child's Privacy 

Expert warns against sharing information about your child's school online, as it can potentially put them at risk from online predators and expose them to identity theft. 

 10. Protect Your Ticket Information 

Expert advises against sharing pictures or details of tickets for concerts, events, or travel online. Scammers can exploit this information to impersonate legitimate representatives and deceive you into disclosing additional personal data. 

Furthermore, in 2023, the Internet Crime Complaint Center (IC3) reported a staggering surge in complaints from the American public. A total of 880,418 complaints were filed, marking a significant uptick of nearly 10% compared to the previous year. 

These complaints reflected potential losses exceeding $12.5 billion, representing a substantial increase of 22% in losses suffered compared to 2022. Also, according to the Forbes Advisors, Ransomware, Misconfigurations and Unpatched Systems, Credential Stuffing, and Social Engineering will be the most common threats in 2024.
Read more »
Website
Cyber Security FBI Online Data Ransomware TAD Texas Website

Ransomware Strikes Tarrant Appraisal District

 



Tarrant Appraisal District (TAD) finds itself grappling with a major setback as its website falls prey to a criminal ransomware attack, resulting in a disruption of its essential services. The attack, which was discovered on Thursday, prompted swift action from TAD, as the agency collaborated closely with cybersecurity experts to assess the situation and fortify its network defences. Following a thorough investigation, TAD confirmed that it had indeed fallen victim to a ransomware attack, prompting immediate reporting to relevant authorities, including the Federal Bureau of Investigation and the Texas Department of Information Resources.

Despite concerted efforts to minimise the impact, TAD continues to work towards restoring full functionality to its services. Presently, while the TAD website remains accessible, the ability to search for records online has been temporarily suspended. Moreover, disruptions extend beyond the digital realm, with phone and email services also facing temporary outages. This development comes hot on the heels of a recent database failure experienced by TAD, which necessitated the expedited launch of a new website. Originally intending to run both old and new sites concurrently for a fortnight, the agency was compelled to hasten the transition following the database crash.

Chief Appraiser Joe Don Bobbitt has moved seamlessly to reassure the public, asserting that no sensitive information was compromised during the disruption. However, TAD remains vigilant and committed to addressing any lingering concerns. The agency is poised to provide further updates during an upcoming board meeting.

These recent challenges encountered by TAD underscore the critical importance of robust cybersecurity measures and organisational resilience in the face of unforeseen disruptions. Against the backdrop of escalating property values across North Texas, scrutiny of appraisal processes has intensified, with TAD having previously grappled with website functionality issues. Nevertheless, the agency remains steadfast in its commitment to enhancing user experience and fostering transparency.

In light of recent events, TAD remains resolute in prioritising the integrity of its operations and the safeguarding of sensitive data. The deliberate response to the ransomware attack prompts the agency's unwavering dedication to addressing emerging threats and maintaining public trust. As TAD diligently works towards restoring full operational capacity, stakeholders are urged to remain careful and report any suspicious activity promptly.

The resilience demonstrated by TAD in navigating these challenges serves as a testament to its dedication to serving the community and upholding the highest standards of accountability and transparency in property valuation processes.


Read more »
Ransomware
AI Cyber Crime Cyber Extortion FBI Ransomware

Cyber Extortion Stoops Lowest: Fake Attacks, Whistleblowing, Cyber Extortion

Cyber Extortion

Recently, a car rental company in Europe fell victim to a fake cyberattack, the hacker used ChatGPT to make it look like the stolen data was legit. It makes us think why would threat actors claim a fabricated attack? We must know the workings of the cyber extortion business to understand why threat actors do what they do.

Mapping the Evolution of Cyber Extortion

Threats have been improving their ransomware attacks for years now. Traditional forms of ransomware attacks used encryption of stolen data. After successful encryption, attackers demanded ransom in exchange for a decryption key. This technique started to fail as businesses could retrieve data from backups.

To counter this, attackers made malware that compromised backups. Victims started paying, but FBI recommendations suggested they not pay.

The attackers soon realized they would need something foolproof to blackmail victims. They made ransomware that stole data without encryption. Even if victims had backups, attackers could still extort using stolen data, threatening to leak confidential data if the ransom wasn't paid.

Making matters even worse, attackers started "milking" the victims and further profiting from the stolen data. They started selling the stolen data to other threat actors who would launch repeated attacks (double and triple extortion attacks). Even if the victims' families and customers weren't safe, attackers would even go to the extent of blackmailing plastic surgery patients in clinics.

Extortion: Poking and Pressure Tactics

Regulators and law enforcement organizations cannot ignore this when billions of dollars are on the line. The State Department is offering a $10 million prize for the head of a Hive ransomware group, like to a scenario from a Wild West film. 

Businesses are required by regulatory bodies to disclose “all material” connected to cyber attacks. Certain regulations must be followed to avoid civil lawsuits, criminal prosecution, hefty fines and penalties, cease-and-desist orders, and the cancellation of securities registration.

Cyber-swatting is another strategy used by ransomware perpetrators to exert pressure. Extortionists have used swatting attacks to threaten hospitals, schools, members of the C-suite, and board members. Artificial intelligence (AI) systems are used to mimic voices and alert law enforcement to fictitious reports of a hostage crisis, bomb threat, or other grave accusation. EMS, fire, and police are called to the victim's house with heavy weapons.

What Businesses Can Do To Reduce The Risk Of Cyberattacks And Ransomware

What was once a straightforward phishing email has developed into a highly skilled cybercrime where extortionists use social engineering to steal data and conduct fraud, espionage, and infiltration. These are some recommended strategies that businesses can use to reduce risks.

1. Educate Staff: It's critical to have a continuous cybersecurity awareness program that informs staff members on the most recent attacks and extortion schemes used by criminals.

2. Pay Attention To The Causes Rather Than The Symptoms: Ransomware is a symptom, not the cause. Examine the methods by which ransomware infiltrated the system. Phishing, social engineering, unpatched software, and compromised credentials can all lead to ransomware.

3. Implement Security Training: Technology and cybersecurity tools by themselves are unable to combat social engineering, which modifies human nature. Employees can develop a security intuition by participating in hands-on training exercises and using phishing simulation platforms.

4. Use Phishing-Resistant MFA and a Password Manager: Require staff members to create lengthy, intricate passwords. To prevent password reuse, sign up for a paid password manager (not one built into your browser). Use MFA that is resistant to phishing attempts to lower the risk of corporate account takeovers and identity theft.

5. Ensure Employee Preparedness: Employees should be aware of the procedures to follow in the case of a cyberattack, as well as the roles and duties assigned to incident responders and other key players.


Read more »
ransomware attacks
cryptocurrency cryptocurrency scam Cyber Crime FBI Identity Fraud ransomware attacks

FBI Reports Surge in Cryptocurrency Scams, Highlighting Growing Threat of Confidence Scams

 

The FBI has recently brought attention to a concerning trend in cybercrime: the rise of cryptocurrency scams, particularly through romance and confidence schemes, which have outpaced ransomware attacks in terms of financial losses. According to the FBI's data, individuals fell victim to cryptocurrency scams amounting to a staggering $4.57 billion in 2023, marking a significant 38% increase compared to the previous year's losses of $3.31 billion. 

These scams typically unfold over a period of several weeks, with fraudsters assuming false identities, often posing as attractive individuals, to establish relationships with their targets. As the relationship progresses, the scammers introduce the idea of joint cryptocurrency investments, recommending fake platforms or apps under their control. Victims are manipulated into making substantial investments, with the scammers fabricating gains to maintain the illusion of profitability. 

When victims attempt to withdraw their funds, the fraudsters employ various tactics, including impersonating customer support representatives and demanding additional fees, resulting in further financial losses for the victims. In contrast, ransomware attacks, a prevalent form of cyber extortion, generated comparatively minor losses of $59.6 million. 

However, the FBI acknowledges that this figure may not fully reflect the true extent of ransomware-related losses, as it fails to account for indirect costs such as business downtime. Moreover, the reported losses only encompass ransomware incidents reported to the Internet Crime Complaint Center (IC3), suggesting that the actual financial impact of ransomware attacks could be significantly higher. The discrepancy in reported losses between cryptocurrency scams and ransomware attacks underscores the evolving landscape of cyber threats and the shifting tactics employed by cybercriminals. 

While ransomware attacks continue to pose a significant threat to businesses and organizations, the surge in cryptocurrency scams highlights the effectiveness of social engineering techniques in deceiving individuals and extracting substantial sums of money. To combat these threats effectively, individuals and businesses must remain vigilant and exercise caution when engaging in online interactions. It is essential to verify the authenticity of investment opportunities and platforms, especially those related to cryptocurrencies, and to refrain from disclosing sensitive information or transferring funds without proper verification. 

Additionally, organizations should implement robust cybersecurity measures, including regular employee training and the deployment of advanced threat detection technologies, to mitigate the risk of falling victim to cyber scams and attacks. As cybercriminals continue to exploit vulnerabilities and devise increasingly sophisticated schemes, collaboration between law enforcement agencies, cybersecurity professionals, and the public is crucial in combating cybercrime and safeguarding against financial losses and data breaches. By raising awareness of emerging threats and adopting proactive security measures, individuals and organizations can better protect themselves against the pervasive threat of cybercrime in today's digital landscape.
Read more »
State-sponsored Hackers
Cyber Crime cyber espionage FBI I-Soon State-sponsored Hackers

I-Soon Leak: Exposing China's Cyber Espionage

I-Soon Leak

In the dark caves of cyberspace, where secrets are traded like currency and digital shadows gamble, a recent leak of documents reveals that China's hacking community is not as advanced and systematic as it appears.

The leak is likely from a frustrated employee of Chinese cybersecurity company I-soon (Anxun in China), which tells a denting story of China's cyberespionage operations. It provides us with a backstage glimpse of China's hacking ecosystem.

Since 2010, China has leveled up its cyberespionage and cybertheft game to such extremes that FBI Chief Christopher Wray said that China's state-sponsored hackers outnumber U.S. cyber intelligence personnel 50-to-1.

The Players

I-Soon: The Contractor

I-Soon works for Chinese government agencies and private players. It has ties to China's major government contractors such as the Ministry of Public Security (police) and the Ministry of State Security (intelligence). I-Soon is a shadowy figure that plans campaigns crossing borders. Its weapons include zero-day exploits, sophisticated tools, and a diverse team of skilled hackers.

Targets: Foreign Networks to Dissidents

The leaked documents disclose I-Soon's wide range of surveillance. Their spying targets include both Chinese citizens and foreigners. The main targets are:

1. Foreign Networks: I-Soon's reach goes beyond Chinese borders. They hack foreign networks, steal sensitive info, and leave no digital stone untouched. Whether military intelligence, personal data, or corporate secrets, I-soon is involved in everything.

2. Political Dissidents: Regions like Hong Kong and Xinjiang are constantly under I-Soon's surveillance radar. The aim is to keep an eye on any form of dissent and opposition and inform the Chinese government.

The Exposed Data

Darkweb and Hacked Databases

I-Soon has vast databases of hacked info. These databases have stolen credentials, surveillance footage, and hacked emails. But where does it end? The hacked data is sold on the dark web. Chinese police are always on the lookout for this information, they buy these digital assets to improve their surveillance operations.

The Silent War

Cyberespionage is a war fought on an unseen battlefield. Contrary to traditional conflicts, there are no casualties or damage that can be seen in the open. However, cyber espionage destroys firewalls, lines of code are disrupted, and digital footprints disappear. A lot is at stake, economic dominance, national security, and ideological superiority.

The Impact

State-sponsored Cyberattack

I-Soon's operations highlight the murky relationship between state-sponsored cyber operations and private contractors. While the Chinese government shows it has no involvement, contractors like I-soon do their dirty work. The blurred lines between private and public actors create an environment where accountability doesn't exist.

Global Cybersecurity Awareness

The leak serves as a reminder to individuals, corporations, and nations to strengthen their digital defenses. Cybersecurity is a basic need for digital survival, it's not a luxury. Threat intelligence, encryption, and partnership across borders can be the defense against unknown cyber terror.

What have we learned?

The leak is only a glimpse into the dark world of cyberespionage, what we see is just the tip of the iceberg- the iceberg is hiding much more. I-Soon's leak is a wake-up call.

Read more »
Insecurity
Cyber Security Cyberattacks CyberCrime CyberThreat FBI Healthcare Cyberattacks Insecurity

Prescription Insecurity: The Russian Connection to Healthcare Cyber Attacks

 


Pharmacies and hospitals nationwide are experiencing disruptions as a result of ransomware attacks, which leaves patients with difficulties filling prescriptions or obtaining medical care. UnitedHealth Group, a healthcare provider in the United States, announced on Thursday that it had been hacked by a ransomware gang known as Black Cat, otherwise known as AlphV. 

There was a breach of security at Optum last week, causing its digital healthcare payment platform, known as Change Healthcare, to be taken offline as a result of a "cybersecurity issue." Optum, which provides healthcare benefits across the United States, announced last week that it was impacted by a "cybersecurity issue." 

There are a variety of legal issues that have resulted in hospitals, pharmacies and other healthcare providers being unable to access the popular payment platform or purposefully disabling connections to its network so as not to allow hackers to gain access to the sensitive data. In a statement on Monday, UnitedHealth estimates that more than 90% of the 70,000 pharmacies in the U.S. have had to change how they processed electronic claims in response to the outage, as more than 90% of them are going to change how they process claims in the future. 

A UnitedHealth executive on a conference call with cybersecurity officers was quoted as saying that, according to a UnitedHealth executive who spoke on a conference call with cybersecurity officers, the outage could last "weeks," despite UnitedHealth reiterating that there are workarounds to ensure customers get access to medications. 

According to a recording obtained by STAT News, the outage could last up to a week. In a report released by UnitedHealth, it was determined that BlackCat, or AlphV, is responsible for the breach, a conclusion which was supported by the group itself claiming credit on its dark web leak site, as well as the hiring of multiple outside firms, including top cybersecurity companies Mandiant and Palo Alto Networks. 

After a few days, the post had been removed from the website. It is, however, interesting that the ransomware gang may also be responsible for the attack. A few months ago, the FBI broke into the group's internal servers to steal information regarding decryption tools for its victims as well as to seize control of several of its websites. 

In celebration of the disruption, which involved multiple foreign governments, the U.S. government celebrated its success. According to Deputy Attorney General Lisa Monaco, the Justice Department has disrupted the Black Cat ransomware group for the second time by hacking the hackers. As a result of Black Cat's apparent ability to regroup and breach one of the nation's largest healthcare organizations, it is evident that reducing these groups for long periods is quite difficult. 

When a cybercriminal suffers a setback, the criminals will frequently reassemble, especially if their operators reside in countries where their law enforcement agencies are lax about prosecuting their crimes as a result of their laziness.
Read more »
Verizon
911 service AT&T Consumer Cellular customer complaints Cyber Security Downdetector FBI mobile phone Outage service interruptions T-Mobile USCellular Verizon

Cell Service Restored Following Extensive AT&T Outage

 

AT&T has resolved issues affecting its mobile phone customers following widespread outages on Thursday, according to a company announcement.Throughout the day, tens of thousands of cell phone users across the United States reported disruptions.

Reports on Downdetector.com, a platform monitoring outages, indicated instances of no service or signal after 04:00 EST (09:00 GMT).

AT&T issued an apology to its customers and confirmed that services were fully operational again by early afternoon. The company stated its commitment to taking preventive measures to avoid similar incidents in the future. The cause of the outage is currently being investigated.

Verizon and T-Mobile informed the BBC that their networks were functioning normally. However, they acknowledged that some customers may have experienced service issues while attempting to communicate with users on different networks.

According to Downdetector, AT&T received over 74,000 customer complaints, with significant clusters in southern and eastern regions of the country.

Smaller carriers like Cricket Wireless, UScellular, and Consumer Cellular also reported interruptions in service. Complaints ranged from difficulties with calls, texts, to internet access, with many users reporting no service or signal.

Downdetector's data showed that major cities including Los Angeles, Chicago, Houston, and Atlanta experienced high numbers of outages.

Some individuals also faced challenges with 911 services, prompting officials to advise the use of landlines, social media, or cell phones from alternative carriers in emergencies.

The widespread outage has garnered the attention of the US government, with the FBI and Department of Homeland Security launching investigations, as confirmed by John Kirby, spokesperson for the US National Security Council.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, stated that they are collaborating with AT&T to understand the root cause of the outage and are ready to provide assistance as necessary.

Although a confidential memo reported by ABC News suggested no signs of malicious activity, CISA officials are actively investigating the incident.
Read more »
Subscribe to: Posts (Atom)