Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Federal Agency. Show all posts

Cullman County Courthouse Hit by Ransomware

A hostile cyberattack recently affected the Cullman County Courthouse, causing disruptions to regular operations and causing shockwaves throughout the community. The ransomware attack that affected the courthouse's systems had serious repercussions for Cullman County residents as well as the local government.

The malware attack, described as a ransomware assault, targeted the courthouse's systems, crippling operations and causing a delay in the processing of critical tasks. As a result, January payment deadlines for property tag taxes have been pushed back, leaving residents and businesses in a state of uncertainty. This unforeseen circumstance has prompted local authorities to reassess their cybersecurity measures and reinforce defenses to prevent future incidents.

The attack did not go unnoticed by federal representatives. Congressman Robert Aderholt's office has been closely monitoring the situation, emphasizing the need for a comprehensive response to such cyber threats. Aderholt acknowledged the severity of the situation, stating, "It's disheartening to see cyberattacks affecting our local institutions, and we must take steps to safeguard our communities against these evolving threats."

This incident serves as a stark reminder of the pervasive nature of cyber threats and the potential consequences for communities when essential services are compromised. The Cullman County Courthouse joins a growing list of public institutions grappling with the fallout of ransomware attacks, underlining the urgency of bolstering cybersecurity infrastructure at all levels.

In the aftermath of the attack, county officials are working tirelessly to restore normalcy and reinforce their cybersecurity protocols. The incident underscores the need for continuous vigilance and investment in advanced cybersecurity measures to protect sensitive data and maintain the seamless functioning of public services.

As the investigation into the source of the malware attack unfolds, residents are advised to stay informed about the evolving situation. Cybersecurity experts stress the importance of regularly updating antivirus software, practicing safe online habits, and remaining vigilant against phishing attempts to mitigate the risk of falling victim to similar attacks.

The Cullman County Courthouse was the target of a recent cyberattack, which highlights how vulnerable local government organizations are to online attacks. The incident has caused a reevaluation of cybersecurity protocols in addition to causing disruptions to essential services. In an era where interconnection increases the possibility of such malicious attacks, this loss should serve as a sobering warning for other municipalities to strengthen their digital defenses while the community works to recover.

US House Panel Launches Probe Into China's US Gov Email Hack

 

The recent email system hacks at the Commerce and State departments, which China may have been engaged in, are the subject of an inquiry, the U.S. House of Representatives Oversight Committee revealed on Wednesday. 

Representative James Comer, chair of the committee, and the heads of two subcommittees sought staff briefings from Secretaries of State Antony Blinken and the Department of Commerce by August 9. 

"We are also concerned that this attack on federal agencies, including the email account of a senior U.S. government official such as yourself, reflects a new level of skill and sophistication from China’s hackers," the lawmakers Raimondo stated. 

A person with knowledge of the incident claims that Raimondo was one of a number of senior U.S. officials whose emails were stolen at the beginning of this year by a group Microsoft (MSFT.O) believed was based in China. 

In the midst of rising tensions between Beijing and Washington on a variety of issues, from trade to Taiwan, the disclosure that senior State and Commerce department officials' emails had been obtained by Chinese hackers last month sparked controversy. 

At least 20 additional organisations were affected by the breach, but it's unclear how severe it was. The American ambassador to China, Daniel Kritenbrink, reportedly had his email account hacked, according to The Wall Street Journal last month. 

Hundreds of thousands of emails were reportedly stolen in total, The Journal reported. 

Despite the alleged Chinese hacking, Raimondo stated last month that she still intended to travel to China this year. In spite of the fact that the trip is currently being planned, Raimondo told CNBC, "We do not justify any hacking or breach of our security." 

The Chinese embassy in Washington previously issued a statement in which it acknowledged the difficulty of determining the source of cyberattacks and issued a warning against making "groundless speculations and allegations."

Canadian Government Hit by Hackers 2,300,000,000,000 Times Last Year

In the past fiscal year, Canada's electronic intelligence organization revealed that it successfully thwarted an astonishing 2.3 trillion "malicious actions" targeting the federal government. This translates to an average of an astounding 6.3 billion disruptions per day. In its most recent annual report released on Thursday, the Communications Security Establishment (CSE) disclosed a comprehensive account of its endeavors spanning from April 2022 to March 2023. 

The report outlines the agency's endeavors to safeguard the nation, and its critical infrastructure, and counter foreign hacking activities, political manipulation, and cybercrime. The volume of hacking attempts targeting the federal government seems to have surged beyond previous years, as indicated by the latest findings. 

In the 2020-21 report, the CSE stated that its automated defenses typically neutralized an average of two billion to seven billion "malicious actions" against the government daily. Similarly, in the following year (2021-22), the agency reported averting approximately three billion to five billion actions per day. 

According to Robyn Hawco, spokesperson for the CSE, the rise in blocked actions is likely a result of the agency's improved ability to prevent such incidents, in addition to an escalation in the global cyber threat landscape. In an emailed statement, Hawco emphasized that Canada's federal institutions and critical infrastructure face persistent risks from malicious cyber activities. 

These threats encompass criminal endeavors like ransomware attacks, as well as state-sponsored operations aimed at achieving strategic advantages. During the unveiling of Thursday's report, Bill Robinson, a University of Toronto's Citizen Lab fellow, highlighted an interesting revelation. 

The report showcased that the agency had undertaken cyber operations aimed at disrupting and eradicating detrimental terrorist content propagated by foreign extremists driven by ideological motives. Robinson noted that this was the first instance where the agency publicly disclosed its efforts targeting politically motivated foreign extremists, distinct from those motivated by religious factors. 

Within the 2022-23 timeframe, the report acknowledges that the CSE addressed a total of 2,089 "cybersecurity incidents," maintaining consistency with previous years' response levels. Among these incidents, 957 pertained to federal government institutions, while 1,132 targeted "critical infrastructure organizations" operating in sectors such as energy, finance, transportation, healthcare, and others. 

Additionally, the report showcases a noticeable emphasis on Russia compared to other countries, including China. Despite months of political controversy surrounding China's alleged interference in Canadian democracy, the 68-page document merely mentions China twice. 

One instance highlights China's efforts to "monitor and intimidate" diaspora populations in Canada, while the other references the incident involving a Chinese spy balloon entering Canadian and American airspace before being shot down by the United States. 

In contrast, Russia receives more frequent mentions throughout the report. Notably, Canada has expanded its foreign cybersecurity operations to Latvia and Ukraine, as indicated by ministerial orders from Anand in March 2022, which occurred shortly after the Russian invasion. 

Missing Cryptoqueen: Leaked Police Files May Have Alerted the OneCoin Fraudster Ruja Ignatova

 

Best known as the “Missing CryptoQueen,” convicted fraudster Ruja Ignatova who was included on the most wanted list by the US Federal Bureau of Investigation (FBI) is assumed to be receiving the information of the investigation before her disappearance. 
 
The 42-year-old fraudster, based in Bulgaria is convicted of her suspected involvement in the $4 billion OneCoin cryptocurrency fraud. The details of the scam were uncovered in a BBC podcast ‘The Missing Cryptoqueen’ devoted to the infamous fraudster. 

The police documents related to the case were apparently shown in the podcast by Frank Schneider, a former spy and trusted adviser to Ignatova. Following the allegations, Schneider is now facing extradition to the US for his role in the OneCoin fraud. 

While the metadata on the files suggests that Ignatova acquired the said documents through her own contacts in Bulgaria, Schneider denies the claims of obtaining the documents himself, which he says were obtained on a USB memory stick by Ignatova. 
 
Ignatova disappeared on October 25th, 2017, after being made aware of the police investigation into her OneCoin cryptocurrency. Following this, in June 2022 she was included in the FBI's most wanted list.
 
In an interview with the BBC, Schneider informed about the police files containing presentations made at a Europol meeting named ‘Operation Satellite.’ The meeting was attended by officials from Dubai, Bulgaria, the UK, Germany, and the Netherlands along with the FBI, the US Department of Justice, and the New York District Attorney five months before the disappearance of Ignatova. 
 
The said documents contained details of US authorities having a “high-placed confidential informant”, bank accounts from OneCoin receiving investor funds, and failed attempts of the UK's City of London to interview Ignatova. 

On being asked about the aforementioned files, Schneider said "When the Bulgarians participated at certain Europol meetings, it only took hours for her to get a complete rundown and get the minutes of what was said in those meetings.” “I can only deduce that it came from the circles that she was in and the she had through a variety of influential personalities.”

DHS Investigators: Stopped Cyberattack on Undersea Internet Cable in Hawaii

 

An apparent cyberattack on an unknown telecommunication company's servers related to an underwater cable responsible for internet, cable service, and cell connections in Hawaii and the region was "disrupted" by federal agents in Honolulu last week, the agency told in a statement on Tuesday. 

Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a major intrusion involving a private company's servers associated with an underwater cable. "An international hacker group" was involved in the attack, according to the probe, and HSI agents and international law enforcement partners in multiple countries were able to make an arrest.

The statement did not specify the sort of cyberattack, the hacking group responsible, other law enforcement agencies involved, or the location of any arrests. According to the statement, no damage or interruption happened, and there is no immediate threat. Investigators discovered that the attackers had gained credentials that permitted access to an unnamed company's systems, according to John Tobon, HSI's special agent in charge in Hawaii, who informed a local news station. 

“It could have been something to just create havoc, in other words, just shut down communications, or it could have been used to target individuals in ransomware-type schemes,” he stated.

According to the National Oceanic and Atmospheric Administration, hundreds of "submarine" internet cables carry up to 95 percent of intercontinental internet data. According to an Atlantic Council report, the cables are owned and operated by a mix of corporate and state-owned enterprises, and they are experiencing increasing threats to their security and resilience. 

Justin Sherman, the report's author, highlights worries about authoritarian governments' intent to restrict internet access by influencing physical infrastructure like submarine lines. The lines are also appealing targets for government or criminal parties attempting to collect sensitive data through covert surveillance. Another issue, according to Sherman, is that more cable operators are employing remote management tools for cable networks. 

He wrote, “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk. Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.” 

Sherman added, “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”

CISA Issues Warning to Federal Agencies Regarding Actively Exploited Windows Flaw

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability that allows malicious actors to abuse the Microsoft operating system and secure administrator privileges on a device. The vulnerability affects Windows 10, Windows 11, and Windows Server. 

In a CISA notice published February 4, all Federal Civilian Executive Branch Agencies (FCEB) agencies have two weeks to comply and address their systems to mitigate the threat from this actively exploited Windows vulnerability, tracked as CVE-2022-21882. 

Additionally, CISA recommended all private and public sector firms reduce their exposure to ongoing cyber assaults by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws. 

"CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below," the cybersecurity agency said today. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose a significant risk to the federal enterprise."

According to Microsoft's advisory, the attackers with limited access to exploited devices can use the newly obtained user rights to spread laterally within the network, create new admin users, or execute privileged commands. 

"A local, authenticated attacker could gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver," researchers explained. This vulnerability affects systems running Windows 7, Windows 8, Windows 10, and Windows 11 as well as Windows Server 2019 and 2022. The bug is also a bypass of another Windows Win32k privilege escalation bug (CVE-2021-1732), a zero-day flaw patched in February 2021 and actively exploited in attacks since at least the summer of 2020.

Security experts at BleepingComputer also examined an exploit targeting this bug and discovered no issues compiling the exploit and using it to open Notepad with SYSTEM privileges on a Windows 10 system (the exploit didn't work on Windows 11). 

In recent months, Windows patches have hit the headlines for the wrong reasons especially after Microsoft botched not one, but two zero-day patches. This led to security researcher Abdelhamid Naceri, who identified one of the failed patches, sarcastically warning users: “you better wait and see how Microsoft will screw the patch again.”