Search This Blog

Showing posts with label U.S.. Show all posts

US Spies Lag Rivals in Gathering Data That is Concealed From Plain Sight

As the alarms start to go off globally about the spread of the covid virus in China, official authorities in Washington are now concerned about the threat the virus may pose in America. In regards to this, they have turned to U.S. intelligence for insight. 

Although, according to a recent congressional review of classified reports from December 2019 and January 2020, the most prevalent early warnings did not come from spies or intercepts. Instead, officials relied on citizen journalists, reporting public, and diplomatic cables, as well as analysis from medical professionals – some instances of the so-called open-source intelligence (OSINT). 

Predicting the next potential pandemic or the next government to fall will require better utilization of open-source materials, the review noted. 

In a review conducted by Democrats on the House Intelligence Committee, the authors wrote, “There is little indication that the Intelligence Community’s exquisite collection capabilities were generating information that was valuable to policymakers.” 

This echoes what numerous current and former intelligence officials are increasingly alerting of, i.e. As opponents like China boost their efforts, the $90 billion U.S. spy infrastructure is falling behind because it has not embraced gathering open-source intelligence. 

Traditional Intelligence is Still Prevalent 

While open-source intelligence has become an important tactic in recent times, this does not budge the relevance of conventional intelligence. Spy agencies have unique powers in order to penetrate global communications and cultivate agents. For instance, when the Biden administration made the intelligence conclusions indicating Russian President Vladimir Putin intended to invade Ukraine public, they achieved a high-profile accomplishment. 

Nonetheless, officials and professionals have raised concerns over the fact that the U.S. did not invest sufficient people or finance in analyzing publicly available data. They as well claim that the U.S. did not efficiently utilize advanced technologies in order to yield critical insights. 

Commercial satellite images, social media, and other web data have increased the ability of private enterprises and unbiased analysts to disclose state secrets. And there are rising concerns in Washington about Beijing's influence over popular apps like TikTok, as it is well known that Beijing has stolen or gained control over vast amounts of data on Americans. 

"Open source is really a bellwether for whether the intelligence community can protect the country […] We collectively as a nation aren't preparing a defense for the ammunition that our adversaries are stockpiling," says Kristin Wood, a former senior official at the CIA, currently a chief executive at the Grist Mill Exchange, a commercial data platform. 

Barriers Concerning Open-Source 

Intelligence agencies have noted several barriers in regard to open-source intelligence. Some are technological. For instance, access to unclassified internet or open data sources is frequently difficult for officers working on classified networks. Concerns about civil liberties and upholding First Amendment rights are also present. 

While some experts also raise questions about whether agencies are held back by the reflexive belief that top-secret information is far more valuable. 

Rep. Jim Himes, a Connecticut Democrat, and longtime Intelligence Committee member says that he believed there is needed to be “some cultural change inside places like the CIA where people are doing what they’re doing for the excitement of stealing critical secrets as opposed to reviewing social media pages.” 

Open-Source Capability of the U.S. 

According to Frederick Kagan, a senior authority at the American Institute who looks after the creation of those reports, “There is a lot of open-source capability that the U.S. intelligence community can pretty much rely on to be there […] What it needs to do is figure out how to leverage that ecosystem instead of trying to buy it.” 

Of the 18 U.S. intelligence agencies, most of them utilize open-source programs, from the CIA’s Open-Source Enterprise to a 10-person program in the Department of Homeland Security’s intelligence arm. 

Although, the top officials do acknowledge the lack of consistency across those programs in the way they analyze open-source information or how they use and share it. In regards to the same, Avril Haines, the U.S. director of national intelligence has said, “We’re not paying enough attention to each other and so we’re not learning the lessons that different parts of the (intelligence community) are learning, and we’re not scaling solutions, and we’re not taking advantage of some of the outside expertise and information and work that could be taken advantage of.”  

Ransomware Attacks on U.S. Hospitals Causing Deaths

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use traditional methods, they are also inventing advance technologies to fortify their attacks.

Hospitals and clinics are a top target of malicious attackers since reports suggest that the annual number of ransomware attacks against U.S. hospitals has virtually doubled from 2016 to 2021 and is likely to rise in the future given its pace, according to what JAMA Health Forum said in its recent research. 

As per the report, the security breaches exploited the sensitive information of an estimated 42 million patients. “It does seem like ransomware actors have recognized that health care is a sector that has a lot of money and they're willing to pay up to try to resume health care delivery, so it seems to be an area that they're targeting more and more,” lead researcher Hannah Neprash said. 

JAMA Health Forum conducted research over five years on U.S. medical facilities, in which they have discovered that the attackers exposed a large volume of personal health data over time and in coming years the attacks will increase by large.

According to Neprash’s database, clinics were targeted in 58% of attacks, followed by hospitals (22%), outpatient surgical centers (15%), mental health facilities (14%), and dental offices (12%). 

Threat actors exploit open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites and asking for a ransom to be paid. Unlike other cyber attacks, the goal of malicious actors, here, is to disrupt operations rather than to steal data. 

However, it becomes a great threat because it can jeopardize patient outcomes when health organizations are targeted. 

In 2019, a baby died during a ransomware attack at Springhill Medical Center in Mobile, Ala. As per the data, 44% of the attacks disrupted care delivery, sometimes by more than a month. 

“We found that along a number of dimensions, ransomware attacks are getting more severe. It's not a good news story. This is a scary thing for health care providers and patients,” Neprash added. 

Ponemon Institute, an information technology research group published its report in September 2021, in which they found out that one out of four healthcare delivery organizations reported that ransomware attacks are responsible for an increase in deaths. 

“Health care organizations need to think about and drill on — that is practice — these back-up processes and systems, the old-school ways of getting out information and communicating with each other. Unfortunately, that cyber event will happen at one point or another and it will be chaos unless there is a plan,” said Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society, in Chicago.

Kaiser Permanente Reveals Data Leak of Nearly 70,000 Medical Records


Kaiser Permanente, California’s biggest hospital system has disclosed a data breach in one of its subsidiaries that put the sensitive medical data of almost 70,000 patients at risk. 

In a letter sent to patients on June 3, the healthcare provider termed the breach as a “security incident” that occurred on April 5 and involved unauthorized access to an employee’s emails. 

The leaked data included the first and last names of patients’, medical record numbers, dates of service, and laboratory test result information, the disclosure letter states. Sensitive data such as Social Security numbers and credit card numbers were not leaked in the data breach. 

After discovering that a hacker secured access to employees’ emails, Kaiser Permanente terminated the access within hours and launched an internal investigation to identify the scope of the data breach. Although there was no sign that the unauthorized party accessed the protected health information (PHI) contained in the emails, the healthcare firm could not rule out the possibility. 

Furthermore, the healthcare provider has taken multiple steps to boost the security which includes resetting the employee’s password for the email account where unauthorized activity was detected and additional training on safe email practices. 

“The breach occurred almost three months ago, yet Kaiser Permanente has only recently notified potentially impacted people that their data may have been compromised. During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns. It’s critical that as a part of their larger cybersecurity culture, organizations include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises,” stated Chris Clements, Vice President of Solutions Architecture at cybersecurity firm Cerberus Sentinel. 

Security tips to counter data breach 

The data breach took place nearly three months ago, but the healthcare firm just recently alerted potentially affected individuals that their private data may have been exposed. During the three-month period, the hackers may have exploited data to secure access to other restricted systems and also used it to access financial data such as credit card information, software codes, or online banking passwords.

As data breach attacks are becoming more common, it is critical to understand how to mitigate the risks. Here are some easy tips to shield your data from the threat of a security breach. 

• Change and Secure Your Passwords 
• Update data security features 
• Use Access Controls 
• Safeguard physical data 
• Encrypt data 
• Protect portable devices

U.S. Citizens Lost $39.5 Billion to Phone Frauds Alone Over the Past Year


A recent study estimates that scams have increased threefold in the US in the last 12 months resulting in the loss of $39.5 billion, which is the highest number registered since Truecaller, Swedish caller identification and spam blocking app, began researching scam and spam calls in the U.S. eight years ago. 

According to the report, which was undertaken in partnership with The Harris Poll in March 2022, 33% of US citizens reported having fallen victim to phone scams, and 20% on more than one occasion. 55.6% of those who fell victim to a phone scam were men, compared to only 42.2% of those who were women. 

Furthermore, men aged 65 and above, and Hispanics were more likely to fall for scams and phone frauds than those aged below or belonging to any other ethnicity. Nearly, 74% of Hispanic people were targeted and lost money in the last 12 months when compared to Black or White adult individuals.

Approximately 63% of Americans feel like they may miss legitimate calls due to the fear of spam calls. To protect themselves, 43% of people reported they downloaded a spam blocker and/or caller ID. A whopping 86% of Americans said only pick up when the caller is recognizable, 60% have stopped picking up calls altogether and have shifted to other methods of communicating. These include texts, emails, social media apps, faxes, etc. 

To mitigate risks, adults preferred to take action by downloading Spam Blocker/Caller ID apps while people above the age of 65 preferred blocking their credit cards or altering account numbers after being scammed. 

The study suggests that despite the Federal Communication Commission’s (FCC) efforts to regulate via the STIR/SHAKEN framework (a set of FCC standards aimed at protecting Americans from robocalls/scammers) nearly 68.4 million Americans fell victim to at least a phone scam in the last 12 months, indicating fraudsters are bypassing government regulation and finding more sophisticated methods to target users. 

“The findings from this year are concerning and shed light on the fact that fraudsters and scammers continue to outsmart increased government regulation. Additionally, with many robocalls coming from overseas, the increase in regulation will need to work in parallel with technological advancements provided by caller ID and spam-blocking apps, such as Truecaller,” stated Alan Mamedi, CEO of Truecaller. 

India: 4th most spammed nation 

According to Truecaller’s Global Scam Report 2021, India received 4th position in spam sales and telemarketing calls and was placed right behind Brazil, Peru, and Ukraine. 

The sales-related calls made up a vast majority (93.5%) of all incoming spam calls in the country. The report also made a special mention of a single number in India that apparently made over 202 Mn spam calls – more than 664,000 calls every day or 27,000 calls every hour.

Cyber Threat U.S. Spy Agency Collaborates with Private Sector to Counter Threat


The U.S. National Security Agency, which is renowned globally for its secrecy, on Tuesday opened its arms to the private sector with the aim of strengthening relations and learning about hacking campaigns from the U.S. firms that are repeatedly targeted by hacking groups. 

"I think it is really important for NSA to take a stance where we are engaging and figuring out how to make the environment more secure and everyone is learning from the lessons of the past," he said at a media roundtable,” said NSA Director of Cybersecurity Rob Joyce.

The U.S. law denies NSA from accessing American computer networks, so the agency hopes that increasing partnerships with defense, technology, and telecommunications companies will provide insights the agency can’t get on its own, he further added. However, he denied disclosing the name of the companies the NSA is working with and didn’t expand on what information private companies would share with the agency. 

The NSA’s publicity tour comes after a series of high-profile hacks over the last year, including a massive cyberattack that penetrated numerous federal agencies and another that crippled a major U.S. gas pipeline. 

The center, which started in January 2020, is unique in the NSA's history because it is located in a nondescript office park in suburban Maryland next to defense contractors, including Northrop Grumman Corp., Raytheon Technologies Corp., and General Dynamics Corp., and is across the street from NSA headquarters. But the center doesn’t have the same barbed wire fencing and armed guards as the NSA. 

U.S. officials admitted the lack of total visibility on the cyber threat due to legal restrictions that prevent the NSA and other federal spy agencies from collecting data on domestic computer networks. Foreign hackers know about the controls, former U.S. officials say, so they often stage attacks on U.S. based servers. 

"U.S. companies will also be benefitted from the NSA's vast experience and analytical capability. Cybersecurity is a team sport and NSA is really just stepping up to play its position. Providing services to the defense industrial base and national security systems and a large U.S. market share is what we focus on from a selection criteria," said Morgan Adamski, chief of the center.

British Drug maker AstraZeneca Working to Deploy the Covid-19 Vaccine Targeted by Suspected North Korean Hackers


There is no denying the fact that cyberattacks against health bodies, vaccine scientists and drug makers have risen to an extreme length during the Coronavirus pandemic as state-backed and criminal hacking groups scramble to acquire the most recent research conducted as well as the data about the outbreak.

Yet another example has come across in the recent times, as a British drug maker company races to deploy its vaccine for the Corona virus and a couple of suspected North Korean hackers attempted to break into its systems. 

According to sources, the hacking endeavored to focus on a "broad set of people" including staff working on the COVID research.

The Reuters report that, by posing like recruiters on the networking site LinkedIn and WhatsApp the hackers approached the staff of AstraZeneca with fake job offers and later sent documents which appeared to be job descriptions that were bound with malevolent code intended to access a victim's computer. 

The source, who basically spoke on the condition of anonymity to examine non-public data, said the tools and the methods utilized in the attacks demonstrated that they were important for a continuous hacking campaign that US authorities and cybersecurity researchers have 'attributed' to North Korea. 

The campaign was previously been centered around defence companies and media organizations however pivoted to Coronavirus related targets as of late, as per three people who have investigated the attacks. 

Microsoft said for the current month alone it had observed two North Korean hacking groups target vaccine developers in multiple countries, including by "sending messages with fabricated job descriptions" Microsoft however didn't name any of the targeted organizations.

The North Korean mission to the United Nations in Geneva though didn't react to a request put forth for their comment. Pyongyang has likewise denied carrying out the previously mentioned cyberattacks.

It has no direct line of contact for foreign media. AstraZeneca, which has arisen as one of the top three Coronavirus antibody developers, also declined to comment. 

As North Korea has been accused consistently by the US prosecutors for a portion of the world's 'most audacious and damaging cyberattacks’, including the hack and leak of emails from Sony Pictures in 2014, the 2016 theft of $81 million from the Central Bank of Bangladesh, and releasing the Wannacry ransomware virus in 2017. 

Pyongyang has consequently portrayed the allegations against it as attempts by Washington to malign its image. 

Reuters however has recently reported that hackers from Iran, China and Russia likewise have attempted to break into leading drug makers and even the World Health Organization this year, yet Tehran, Beijing and Moscow have all denied the allegations.

Ransomware Attack Takes Down Massive Food-Supply Chain Providing Distribution of Temperature-Sensitive COVID-19 Vaccines


A company whose cold-storage capacities are extremely integral to the U.S. food-supply chain and the Coronavirus vaccine distribution affirmed an operation affecting cyberattack, as per a filing with the Securities and Exchange Commission (SEC). 

Americold is by far the largest cold-storage provider in the U.S. what's more, it operates 183 temperature-controlled warehouses globally, incorporating Argentina, Australia, Canada, and New Zealand; and just got hold of a similar company in Europe. 

For 'an idea of scale’, it holds the agreement for linking the ConAgra food-producing giant to supermarkets and customers. 

The attack appears all the earmarks of being a ransomware episode that began on Nov. 16 and even influenced the organization's phone systems, email, inventory management, and request satisfaction, as indicated by reports on Twitter. 

The filing with the SEC was brief and read that: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.” 

The attack is probably going to be 'highly targeted' and 'very thought of', as per researchers. 

Chloé Messdaghi, Vice President of strategy at Point3 Security, said by means of email, “Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors. Once a way in is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before encrypting files and the attacks are drawn out, with months of potential compromise adding to the potential harms that can result.” 

She added, “That’s why these types of attacks4 pose a greater threat than automated attacks such as WannaCry or NotPetya – they’re intentional and secretive.” 

Fundamentally, Americold has likewise been in conversion with providing storage and transport to the distribution of temperature-sensitive Coronavirus vaccines, as indicated by reports. 

Andrea Carcano, a fellow benefactor of Nozomi Networks, said through email, “The attack against Americold highlights a concerning trend of attackers targeting larger and more critical organizations, these threats should be a wake-up call for security professionals responsible for keeping not only IT, but operational technology (OT) and internet of things (IoT) networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.”

Warning Issued to End Cyberattacks Risk Running Afoul of Sanctions Rules by The U.S. Treasury Department


The U.S. Treasury Department recently issued a warning to cyber insurers and other financial institutions that 'facilitate payments' to hackers to end cyberattacks hazard crossing paths with sanctions rules. 

The warnings, referred to as 'malignant programs' known as ransomware and came in from Treasury's Office of Foreign Assets Control (OFAC)and Financial Crimes Enforcement Network (FinCEN).

The warnings also added to the additional worries of the cyber insurers, who have been 'ramping up' rates and attempting to control the exposure to vulnerable customers on account of flooding exorbitant ransomware claims as of late.

Hackers utilized ransomware to bring down frameworks that control everything from hospital billing to manufacturing and halted simply in the wake of accepting 'hefty payments', commonly paid in cryptocurrency.

Ransomware payment requests have seen quite a rise amidst the pandemic as people have chosen to work remotely and hackers target online systems. 

The normal ransomware payments bounced by 60% to $178,254 between the first and second quarters, as per Coveware, a firm that arranges and negotiates cyber ransom payoffs. The cyber policies frequently cover such ransoms, data recovery, legitimate liabilities, and arbitrators fluent in hackers' local dialects. 

Sumon Dantiki, a King and Spalding LLC legal advisor who exhorts on national security and cyber matters says that advanced insurers and financial establishments are now mindful of the sanctions concern. “Will victims who are insured still decide to make the payments?” Dantiki said. “This type of public advisory could affect the calculus there.” 

A subsequent FinCEN report even highlighted a developing industry of forensic firms that assist associations with responding to cyberattacks, including handling the payments.

OFAC referred to cyberattacks dating to 2015 that were traced back to hackers in sanctioned nations, like North Korea and Russia.

Nonetheless, while it is clearly evident that the US can force economic and trade sanctions on nations that support terrorism or disregard human rights, it will be the financial institutions that ultimately draw in with them or a few individuals can confront prosecution and penalties in the end.

A New Set of Cybersecurity Principles Issued By the White House

A new set of cybersecurity principles were recently issued by the White House to ensure its commercial and critical infrastructure investments in space.

The short document states: “The United States considers unfettered freedom to operate in space vital to advancing the security, economic prosperity, and scientific knowledge of the Nation.” 

As the US focuses on this unfettered access critical to its future, it additionally increased the utilization of digital services and technologies delivered by satellites. The move was brought about as the focus of the White House goes beyond military operations in space.

The nation is worried about the effect of cybersecurity attacks against a scope of services delivered by satellite, for example, the global positioning systems. GPS is particularly significant, to military activities as well as regular citizen use.

The Space Policy Directive 5 details a list of suggested best practices for making sure that the information systems, netwoRk “radio-frequency-dependent wireless communication channels” that together power US space systems.

“These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade or disrupt space operations, or even destroy satellites,” the document stated.

“Examples of malicious cyber-activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks.”

Among the suggested best practice principles was the utilization of “risk-based, cyber-security-informed engineering” to create and operate space systems, with persistent monitoring for vindictive action and of system configurations. 

 Other elements that will help ensure a good baseline of cybersecurity were mentioned as:
1. Protection against unauthorized access to space vehicle functions 

2. Physical protection of command

3. Control and telemetry receiver systems

4. Measures to counter communications jamming and spoofing

5. Management of supply chain risks and improved collaboration between space system owners. 

The document likewise included that such attacks could bring about the loss of mission data, damage to space systems, and loss of control over space vehicles such as satellites, space stations, and launch vehicles, which could lead to collisions that generate dangerous orbital debris.

JPMorgan hacker to plead guilty next week in New York

One of the key suspects in the enormous JPMorgan Chase hack in 2014, a Russian hacker Andrei Tyurin, is all set to plead next week in New York.

He was one of the several people charged for the case in 2015, and was on the loose until Georgian officials caught hold of him a year ago. Gery Shalon, the supposed instigator of the conspiracy, was arrested in Israel in 2015 and handed over to the US as he has allegedly been in touch with American authorities.

During Tyurin's first New York court appearance; it was proposed that his associations in the criminal world may enable specialists to examine the Russian endeavours to disrupt the 2016 US presidential election through cyber-attacks and hacking.

Tyurin was first produced in a US court in September the previous year after he was handed over from the Republic of Georgia and he had pleaded not guilty to charges including hacking, wire fraud, identity theft and conspiracy.

From that point forward, various hearings for his situation have been cancelled as prosecutors and defence attorneys worked through for an agreement and just last week, the Manhattan US attorney's office endeavoured to solidify his New York case with one in Atlanta, in which he is one of the few accused for hacking E*Trade.

Ransomware and their Proliferation; Major Cyber-Crime Hazards In View

Per latest reports, all around the globe, only last year we faced a hike in losses that occur due to malicious activities or cyber-crime.

Only earlier this year, cities Baltimore and Maryland of U.S. were attacked by a ransomware where computer networks got locked up and made making transactions impossible.

The administrators denied the demands for a ransom of $76,000 in exchange for unlocking systems but now have been encumbered with an estimate of $18 million to rebuild and/or restore the city’s’ computer networks.

Usually when hit by ransomware or any other malicious agent there are some pretty hard-hitting choices that the victim organizations have to face.

Two Florida cities had to pay a sum total of $1 million as ransom this year after which the same malicious group attacked the state court of Georgia.

The above data of losses generating from ransomware attacks rising by 60% was cited by the Internet Society’s Online Trust Alliance.

Since 2013, around 170 county, city and state government networks have been victims with 22 incidents being only this year.

The cities are not prepared against cyber-crime and hence are being repeatedly attacked as mentioned by a researcher at Stanford.

To pay or not to pay? This is a raging question when it comes to ransoms. FBI warns against it but researchers say that there is no clear side that could be chosen by victims who have their important data locked.

It hence becomes obvious that what needs to be done is what happens to be the best for the organization which means considering paying ransom in some cases.

To or not to pay is secondary where primary issue still happens to be with the software updates and lack of backups and security measures the users take.

Hackers Utilize Hosting Infrastructure in the United States and Host 10 Malware Families

Hackers host10 malware families and distribute them through mass phishing campaigns via utilizing the hosting infrastructure method in the US.

The cybercriminals have been said to reuse similar servers so as to easily host diverse malware that demonstrate the coordination of a common entity between the malware operators.

The said hosted malware families incorporate five banking Trojans, two ransomware and three information stealer malware families. The malware incorporates the easily recognizable ones, like the Dridex, GandCrab, Neutrino, IcedID, and others.

Bromium, a venture capital–backed startup working with virtualization technology subsequent to tracking the operations for just about a year says that, “Multiple malware families were staged on the same web servers and subsequently distributed through mass phishing campaigns.”

The malware families hosted in the server have separation with the C2 servers, which shows that one threat actor is in charge of email and 'hosting' and another for the malware tasks.

The malware facilitated servers run the default establishments of CentOS and Apache HTTP, and the payloads are ordered and hosted in less than 24 hours. All the malware are disseminated with phishing messages that convey macro implanted pernicious word documents that consist of links indicating the malware hosted servers.

Bromium said, “63% of the campaigns delivered a weaponized Word document that was password protected, with a simple password in the message body of the email, such as ‘1234’ or ‘321’.”

Albeit strict measures are being taken to predict any further troubles similar to this one however an ongoing report from IBM, states that the major cybercrime groups associated together in 'explicit collaboration' and keeps on exchanging their contents, strategies, and systems to sidestep the security and to dodge from the law  enforcement agencies with ease.