Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label U.S. Show all posts
U.S
Cyber Security Cyber Threats Dams FERC U.S

U.S. Dams Vulnerable to Cyber Threats

 



The cybersecurity of America's dams has come under intense scrutiny, with experts warning of the potential for devastating cyberattacks. Concerns were raised during a recent hearing on cybersecurity threats to critical water infrastructure, where Senator Ron Wyden expressed fears of cyberattacks causing catastrophic floods and chaos in communities.

Current Vulnerabilities

Despite the growing cyber threat, most dams under Federal Energy Regulatory Commission (FERC) oversight have not undergone comprehensive cyber audits. With only four full-time employees overseeing 2,500 dams nationwide, experts agree that the sector is vulnerable to cyberattacks that could result in loss of human lives.

Ageing Infrastructure and Lack of Regulation

The majority of U.S. dams are privately operated, with FERC's cybersecurity requirements for commercial dam operators last updated in 2016. Only 5% of the 91,827 dams in the United States fall under federal regulation, and many of them are ageing, with approximately 2,200 classified as "high-hazard" and in poor condition.

Industry Challenges

The water industry, including dam operators, is considered one of the least secure sectors in terms of cybersecurity. Corporate cultures centred around traditional engineering and operational technology pose challenges in adapting to the fast-paced IT and cyber world. 

Government Response

FERC has cited a lack of funding and staff as reasons for not being able to audit remaining dams within the next decade. Additionally, the commission's cybersecurity rules only apply to dams that are remotely managed over the internet, leaving on-site operators unregulated.

Senator Wyden urged Congress to address the lack of comprehensive cybersecurity regulations across critical infrastructure sectors and accelerate the development of cybersecurity standards for dams. Without forceful government mandates, experts warn of the potential for a catastrophic cyberattack that could result in loss of life and severe operational disruptions.

FERC is in the process of developing new cybersecurity guidance for the dam sector, expected to be completed within the next nine months. However, national security experts stress the urgent need for federal support to enhance the cybersecurity posture of dam operators and mitigate the risks posed by cyber threats.

With outdated infrastructure, lack of regulation, and growing cyber threats, urgent action is needed to safeguard critical water infrastructure and prevent potential disasters.


Read more »
U.S
Camera Spy Chinese Official Actors Cyber Secuirty Cyber Security U.S

A Quick Look At The Chinese Spy Balloon Over The US

The United States military reportedly conducted a military campaign in which it shot down a Chinese surveillance balloon off the coast of South Carolina on 4th February 2023. 

The Officials said that the U.S. Navy is planning to collect the debris from the shot balloon, which is in shallow water. As per the data from the officials from U.S. and Canada, the balloon tracked as it crossed the Aleutian Islands, passed over Western Canada, and entered U.S. airspace over Idaho. 

On 2nd February, officials from the U.S. Department of Defense confirmed that the military has been tracking the balloon as it flew over the continental U.S. at an altitude of about 60,000 feet, including over Malmstrom Air Force Base in Montana which houses the 341st Missile Wing – operates nuclear intercontinental ballistic missiles. 

Furthermore, Pentagon officials confirmed that a second suspected Chinese balloon has been seen over Latin America. The balloons are part of a Chinese military surveillance program. Officials also suspected that a third Chinese military surveillance balloon is operating somewhere else in the world and that the balloons are part of a Chinese military surveillance program. 

Following the news, Chinese officials were asked to comment on the matter, they acknowledged that the balloon was theirs, however, they deny accepting that it was intended for spying. 

If you are wondering what and how a spy balloon works and how it looks like it is literally a gas-filled balloon like we see other normal balloons that are flying quite high in the sky, more or less where commercial airplanes fly. 

However, since it is a spy balloon it is designed with sophisticated cameras and imaging technology which collects information on targeted locations by collecting images. 

In addition to this, there is an internationally accepted boundary which is called Kármán Line at 62 miles (100km) altitude. The Chinese balloon was well below that, so definitely, it was in US airspace.
Read more »
U.S
Banking fraud Cyber Crime Scheme Cyber Fraud Tax Fraud U.S

U.S. Charged Eight in $45 Million Cyber Crime Scheme

The United States Department of Justice charged eight people on Wednesday in connection with a racketeering (RICO) conspiracy. 

Following a multimillion-dollar fraud that took place, threat actors stole money from hacked accounts at banks and financial institutions, laundered it, and sent it overseas. 

The defendants, Dickenson Elan, Andi Jacques, Jenkins, Louis Noel Michel, Monika Shauntel Jeff Jordan Propht-Francisque, Vladimyr Cherelus, Michael Jean Poix, and Louisaint Jolteus, allegedly worked together to perform computer fraud and scams. 

According to the Department of Justice, the campaign was started in 2011 when threat actors began to gain access to accounts at 15 big financial institutions including Citibank, E-Trade, PayPal and TD Ameritrade, JP Morgan Chase, payroll processor Automated Data Processing (ADP), and niche organizations including the U.S. military's Defense Finance and Accounting Service. 

As per the data, the defendants along with others from 2015 and 2019, including a now-deceased conspirator referred to as Rich4Ever4430, banded together in a cybercrime and fraud scheme involving tax returns. 

The indictment claims, Jenkins, Michel, Propht-Francisque, Cherelus, and Rich4Ever4430, purchased on the dark web server credentials for Certified Public Accounting (CPA) and tax preparation firms and used the data to gain access and exfiltrate the tax returns of thousands of people. 

"Hackers only need to find one vulnerability to cause millions of dollars of damage," said Mark Rasch, a former federal cyber crimes prosecutor, based in Bethesda, Maryland. 

Overall, they have stolen more than $36 million in false tax refunds. The estimated loss surpasses $4 million however, the exact amount is yet to be confirmed. 

The eight defendants have been charged with conspiracy to commit wire fraud, conspiracy to commit identity theft, and conspiracy to commit money laundering. According to the law, defendants could face fines and up to 20 years in prison on each of the first two charges, and 15 years on the third. 

The case is referred as "United States of America v. Oleksiy Sharapka, Leonid Yanovitsky, Oleg Pidtergerya, Richard Gundersen, Robert Dubuc, Lamar Taylor, Andrey Yarmoltskiy and Ilya Ostapyuk," number 13-06089, at the U.S. District Court for the District of New Jersey.
Read more »
U.S
Cyber Security Ransomware Ransomware attack U.S

Ransomware Hits News Stations in US, Affects Local Broadcast

 

Two local television news stations have been shut down since Thursday, experts say it because of a ransomware attack on their parent company. Parent company Cox media group, which owns NBC affiliate WPXI in Pittsburgh, and ABC affiliate WFTV in Orlando, Florida, told their managers to shut down their company phones and computers. The employees have to communicate using only personal phones and text messages. However, both stations still somehow managed to run local broadcasts at the station, but their operations are somewhat limited. 

Cox has refused to release any statement about the attack, but experts believe that the ransomware was behind the attack where hackers breached the network and held the files hostage in demand of ransom.  

According to experts, if an incident in IT expands to its multiple organizations, it is most likely a ransomware attack. Experts believe that the primary reason for the attack where it is unplanned and widespread IT exploit is a ransomware breach. It can also be malware that is used to plant ransomware software. It is less likely than any other form of cyberattack can cause this shutdown.  

Meanwhile, in Orlando, the employees were asked to not go to the office on Thursday and Friday, however, they weren't told clearly what happened with the computer networks of the company. An employee in Pittsburgh said that the company on Thursday morning shut down its servers as a safety measure to avoid any security breach. 

As of now, the staff has been restricted off the computer networks, so there's not much that they can do, the situation has also become a bit tense at the stations. Actors are continuously attacking US organizations, schools, hospitals, and businesses for a long time. 

But the issue became a major threat when recently, the US federal government faced a major problem when an attack on the country's one of the biggest company Colonial Pipeline led to stoppage of gas supply for 5 days in the US. 

"Many of the most prolific ransomware gangs, including those responsible for the JBS and Colonial hacks, speak Russian and have at least some members based in Russia who appear to operate with impunity, leading President Joe Biden to say he's "looking closely" at retaliating," reports NBC news.  
Read more »
U.S
Cybersecurity FBI Healthcare U.S

U.S Suffers A Massive Wave Of Cyberattacks In Healthcare Industry, FBI Issues Alert

 

Cybercriminals are attacking the U.S. healthcare systems, destroying the network infrastructures, and stealing critical data. The U.S. federal agencies have issued an alarm that healthcare is in great danger of cyberattacks and intrusions. Hackers have become more active in attacking healthcare networks. The rise in hacking attempts had led to a risk of breach of patient privacy, which is a critical issue during the Covid-19 pandemic, as the cases are at an all-time high. 

The FBI and other agencies in a joint report mentioned that they had verified information about cyberattacks on U.S. healthcare providers and hospitals. The warning also emphasized that few criminal groups are now targetting the healthcare industry to steal critical data and disrupt health care services. The ransomware attacks can scramble data into jargon. Only the security keys that the hacker has can reassemble data. The hacker demands payment in turn for providing the security keys. According to cybersecurity experts, the criminal groups had attacked more than five U.S hospitals until this week, and the figures can go up to a hundred. The election is almost near, and a Russian hacking group attacks the healthcare systems. 

According to the Guardian, "The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services." The attack's motive is not clear, but it seems that it was most likely to be money. Cybersecurity firm Mandiant says that this is the most dangerous cyber threat ever witnessed in the U.S. Another firm, Hold Security, states that it is the first time they have seen a massive cyberattack of such scale in the U.S. 

We should note that the attack's timing before the elections and during the pandemic makes it a severe cyber threat. In the past 18 months, the U.S has experienced a wave of ransomware attacks, with targets like schools, government authorities, and cities. "The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October," reports the Guardian.
Read more »
U.S
COVID-19 CyberCrime cybercriminals Healthcare Russia U.S

Federal Agencies Warned the US Healthcare System on Facing An “Increased and Imminent” Threat of Cybercrime

 

A couple of days back the FBI and two federal agencies, the Department of Homeland Security and the Department of Health and Human Services issued a caution that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. 

This news comes after federal agencies cautioned that the US healthcare systems are confronting an “increased and imminent” danger of cybercrime, and that cybercriminals are releasing an influx of coercion endeavors intended to lock up hospital information systems, which could hurt patient care similarly to cases of Coronavirus are on a steady rise. 

The cyberattacks include ransomware, which scrambles information into the hogwash that must be opened with software keys given once targets pay up. Independent security specialists state it has 'already hobbled at least five US hospitals' this week, and might affect hundreds more. 

Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement, “we are experiencing the most significant cybersecurity threat we’ve ever seen in the United States." 

The US has seen a plague of ransomware in the course of the recent 18 months with significant urban cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack shook all 250 US facilities of the hospital chain Universal Health Services, constraining doctors and nurses to 'depend on paper and pencil for record-keeping and slowing lab work'. 

Employees described disorderly conditions blocking patient care, including mounting trauma centers wait and the failure of wireless vital signs monitoring hardware. 

Alex Holden, CEO of Hold Security, which has been intently following the ransomware being referred to for over a year, said he informed the federal law enforcement after monitoring infection endeavors at various hospitals. 

Furthermore, added that the group was demanding ransoms above $10 million for each target and that criminals involved on the dull web were talking about plans to attempt to infect at least 400 or more hospitals, clinics, and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.”

The cybercriminals launching the attacks are said to have been utilizing a strain of ransomware known as Ryuk, and while nobody has proved the speculated ties between the Russian government and groups that utilization the Trickbot platform, Holden said he has “no doubt that the Russian government is aware of this operation – of terrorism”.
Read more »
U.S
GRU Ransomware Russia South Korea U.S

United States Charged Six Russian Intelligence Officers with Involvement in An Unrestricted Huge Hacking Campaign

 


With involvement in an 'unrestricted huge hacking campaign', which incorporates the famous Petya ransomware attacks which have focused mainly on Ukraine in 2015, as of late, the Justice Department has charged six Russian intelligence officers. 

Residents and nationals of the Russian Federation (Russia)the six officials were also in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

 

The government claimed that the group that had attacked Ukraine has likewise hacked different computers promoting the 2018 Winter Olympics in South Korea. It likewise hacked and leaked emails of people related to Emmanuel Macron's 2017 campaign for president of France. 

Besides this, they additionally focused on the companies exploring the poisoning of former Russian operative Sergei Skripal two years ago in Britain. 

All the six hackers are GRU officers; the government said that for over two years, they had battled tirelessly to recognize these Russian GRU Officials who interweaved in a global campaign of hacking, disruption, and destabilization, representing the most dangerous and destructive cyber-attacks ever.

The GRU burrowed into three electrical administration systems and cluttered circuit breakers remotely, it was one of the first cyber-attacks and had a cyber firm that consistently focused on critical infrastructure.

The authorities had at first scrutinized and reprimanded North Korea for the strike yet later found that the GRU utilized North Korean hacking tools to throw off the experts. 

That is the motivation behind why the special agent of FBI Michael Christman insisted that the warrant is the result of over two years of strong investigation by the FBI, a position that was kept up by an agent who worked the case.

Here are the names and the acts done by the hackers referenced below: -

 

The FBI has regularly indicated that Russia is very equipped for a cybersecurity adversary, and the information uncovered in this statement shows how omnipresent and harming Russia's cyber activities are. 

While Russia is probably not going to capture the detainees, it is unlikely that they will attain any trial too.
Read more »
U.S
COVID-19 Cyber Security Hackers Ryuk Ransomware U.S

White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.
Read more »
U.S
Cybersecurity Germany IT Networks Russia U.S

German Intelligence Warns Companies of Potential Hacking Threats from Russia


According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures.


The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive information, along with having complete control over the company's server. The agencies didn't find any damaging evidence against the companies and have refused to offer any comment for the current situation.

The group Berserk Bear is infamous for stealing the U.S. energy companies' data in the year 2018. U.S. President Donald Trump had blamed Russia for the attack. According to cybersecurity experts, Berserk Bear is the group that Moscow is most likely to contact if there is a need to hack the industrial networks. Another hacking team called "Sandworm" was famous for the attack that shut down Ukraine's power supply in 2016 and 2018.

According to Cyberscoop, a cybersecurity website, "Sven Herpig, a cybersecurity expert with the German think tank SNV, welcomed the advisory and urged German companies to heed the warning. The memo has "concrete recommendations of how to spot and protect against an intrusion" from Berserk Bear, he said. The Russian Embassy in Washington, D.C., did not respond to a request for comment on the German agencies' report." Berserk Bear is responsible for various cyberattacks on American and German electrical utilities since 2018, say the cybersecurity experts. The group has been aggressive and attacked several companies.
Read more »
U.S
Cyber Attacks Cyber Intelligence Iran Saudi Arabia U.S

Attack against Saudi Aramco Damages the World's Biggest Oil Producer



With the Saudi government and U.S. intelligence authorities accusing Iran, and Iran accusing the Yemeni rebels, the most recent attack against Saudi Aramco has damaged the world's biggest oil producer and deferred oil production, roiling oil and gas markets.

As of late, Iran has indeed deployed dangerous computer viruses against Saudi Arabia and these attacks have now marked a somewhat "real-world" continuation of this long-stewing cyber war between the two nations, by and by overflowed into other global powers.

Nicholas Hayden, the global head of threat intelligence for cyber intelligence company Anomali, who has served as a cyber-security operator in the electrical sector says that, “There hasn’t been a discernible increase in cyber-attack activity in the region yet but while nothing is standing out right now in the region, there’s a good chance that there are nation-state actors involved, ”

Iran has been notably known for increasing cyber-attacks when it clashes with nations, and that can likewise mean collateral damage in other companies  as well not simply Saudi-owned working together in the area.

“We’re certainly paying more attention than we normally would to that area. When stuff like this happens, we tend to put our ear a little bit closer to the ground.” Says Hayden.

Since, collateral damage is a common symptom of regional cyber conflict, organizations working in Saudi Arabia and beyond ought to likewise be alert for any changes that might hit the region.

The majority of the experts surveyed by CNBC conceded to one end solution, that in spite of the 'economic odds' stacked against them, Iran has turned out to be one of the world's most noteworthy cyber security powers.

John Hultquist, director of intelligence analysis for cyber security company FireEye, included later that, they’ve never been the most technically sophisticated. But they have made up in their brazenness, their willingness to destroy and disrupt. They have really separated themselves on this from others, as if they have nothing to lose.”

Regardless of all this Saudi Aramco yet again declined to comment for the issue when approached.

Read more »
U.S
Cyber Attacks Iran Military Pentagon U.S

U.S. Cyber Military Forces Execute Retaliatory Cyber-attack Against Iran




In a retaliatory cyber-attack against Iran, U.S. cyber military forces cut down a database utilized by its Revolutionary Guard Corps to target ships in the Persian Gulf, just hours after 'the Islamic Republic shot down an American Drone'.

Right now, Iran still can't seem to recuperate the majority of the data lost in the attack and is attempting to re-establish military communication networks connected to the database.

As indicated by the Washington Post, the U.S President Donald Trump purportedly approved the U.S. Cyber Command's strike however the government has not openly recognized its occurrence.

A U.S. official who addressed the Washington Post additionally noted that the cyber-attack was intended to harm for Iran – however not to the degree that would further heighten pressures between the two sides.

Elissa Smith, a Pentagon spokesperson said in a statement, “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning.”

In spite of the attack, the Islamic Republic has stayed rather active in the Strait of Hormuz, holding onto the English oil tanker Stena Impero in mid-July.

Recently discovered Fox News, it happened in June that Iran shut off a portion of its military radar sites around the time the U.S. was ready to dispatch retaliatory strikes, thusly it’s not clear if those radar sites were killed by cyber-attacks or if Iran shut them off intentionally fully expecting them.

In any case these strikes are not first major operations executed by the U.S. Cyber Command, as the organization a year ago had disrupted a Russian entity's endeavours to utilize Internet trolls to cultivate discontent among American voters during the 2018 midterm elections.


Read more »
Subscribe to: Posts (Atom)