Search This Blog

Showing posts with label United States. Show all posts

AI Knife Detection System Fails at Hundreds of US Schools

 

A security company that provides AI weapons scanners to schools is facing new doubts about its technology after a student was assaulted with a knife that the $3.7 million system failed to identify.

Last Halloween, Ehni Ler Htoo was strolling in the corridor of his school in Utica, New York, when another student approached him and attacked him with a knife. The victim's lawyer told BBC that the 18-year-old received many stab wounds to his head, neck, face, shoulder, back, and hand. 

Despite a multimillion-dollar weapons detection system built by a company called Evolv Technology, the knife used in the attack was carried inside Proctor High School. 

Evolv claims that its scanner "combines powerful sensor technology with proven artificial intelligence" to detect weapons rather than just detecting metal. The system issues an alert when it discovers a concealed weapon, such as knives, bombs, or weapons. It previously promised that its scanners might aid in the creation of "weapons-free zones" and has openly asserted that their equipment is very accurate. 

According to Peter George, the company's chief executive, its systems "have the signatures for all the weapons that are out there." Knives, explosives, and firearms are among the weapons that the system can locate, according to earlier news releases. 

After Evolv's scanner missed 42% of large knives in 24 walk-throughs, a BBC investigation conducted last year discovered that testing proved the technology could not reliably detect large blades. 

Major American stadiums as well as the Manchester Arena in the United Kingdom employ the system. According to the testers, Evolv should alert prospective customers. Despite this, the company has been growing in the educational sector and currently claims to be present in hundreds of schools across the US. 

Stabbing incident

The Utica Schools Board purchased the weapons scanning system from Evolv in March 2022 for 13 schools. Over the summer break, it was erected.

The attacker who attacked Ehni Ler Htoo was seen on CCTV entering Proctor High School and going through the Evolv weapons detectors on October 31.

"When we viewed the horrific video, we all asked the same question. How did the student get the knife into the school?" stated Brian Nolan, Superintendent of Utica Schools.

The knife employed in the stabbing was more than 9in (22.8cm) long. The attack prompted the school system in Utica to conduct an internal investigation.

"Through investigation it was determined the Evolv Weapon Detection System… was not designed to detect knives," Mr Nolan added. 

Ten metal detectors have taken the place of the scanners at Proctor High School. The remaining 12 schools in the district, though, are still using the scanners.

According to Mr. Nolan, the district cannot afford to remove Evolv's system from its remaining schools. Since that attack, three additional knives have been discovered on kids at different schools in the district where the Evolv systems are still in use. 

One of the knives measured 7 inches. Another had a blade with finger holes that was bent. There was also a pocket knife. According to Mr. Nolan, none of them were discovered by the weapons scanner; instead, all of them were discovered because staff members reported them. 

Evolv's stance 

The language on Evolv's website was altered following the stabbing. 

Evolv had a title on its homepage that bragged about having "Weapons-Free Zones" up until October of last year. The corporation afterwards modified the language to "Safe Zones" and omitted that phrase. Now it says "Safer Zones" after another modification. 

The company asserts that its system locates firearms using cutting-edge AI technology. However, its detractors claim that not enough is understood about the system's operation or how well this technology detects various kinds of weaponry. 

Evolv has overstated the effectiveness of the device, according to Conor Healy of IPVM, a company that evaluates security technology. 

"There's an epidemic of schools buying new technology based on audacious marketing claims, then finding out it has hidden flaws, often millions of dollars later. Evolv is one of the worst offenders. School officials are not technical experts on weapons detection, and companies like Evolv profit from their ignorance."

Digitally Crafted Swatting Service Is Wreaking Havoc Across United States

 

A Telegram user who claimed to have left bombs in places like high schools by using a digitally synthesised voice has been linked to a series of swatting calls that have occurred over several months across the United States. 

According to Vice, the user going by the alias "Torswats" on the messaging app Telegram provides a paid service to make swatting calls. Swatting is the act of lying to law authorities about a bomb threat or falsely accusing another person in a specific location of committing a crime or storing illegal materials. 

Customers may purchase "extreme swattings" for $50, which typically involve cops handcuffing a suspect and searching their home, and for $75, Torswats can reportedly lock down a school. In accordance with a story from Vice, Torswats would take bitcoin as payment, give loyal clients a discount, and will haggle over prices for well-known targets.

“Hello, I just committed a crime and I want to confess. I placed explosives in a local school,” says the voice on a tape of a Torswats call with law police. 

Torswats' voice is artificial intelligence generated digitally, however, it's not immediately clear whether this is the same technology that has made some voice performers obsolete by so expertly simulating human vocalisations. Vice found two recordings out of 35 that didn't employ a digital voice. Torswats threatened to detonate a bomb at Hempstead High School in Dubuque, Iowa, according to a phone call tape obtained by Vice. Local media reported on the threat. 

Torswats allegedly also targeted a CBD store in Florida, a business in Maryland, and homes in Virginia, Massachusetts, Texas, and California. 

Steve Bernd, FBI Seattle's public affairs officer, said, "The FBI takes swatting extremely seriously because it puts innocent people at harm." Since at least ten years ago, police have been discussing the "swatting" issue, and more recent headlines have been made about other incidents.

Indictments for extortion and threats were issued against a Seattle man just last month after more than 20 swat calls to the police were made by him. It is said that the man would broadcast these calls live to a certain Discord group.

Netherlands Restricts Key Tech Exports in US-China Chip Battle

According to sources, the Netherlands government would impose export limits on the nation's most cutting-edge microprocessor technology in order to safeguard national security.

Products manufactured by ASML, a significant company in the worldwide semiconductor supply chain, will be subject to the embargo. China has filed a formal complaint about the action in response.

The administration of US President Joe Biden has put restrictions on semiconductor exports to its chief superpower rival in an effort to halt the development of cutting-edge technology that might be employed in military modernization and human rights abuses as geopolitical tensions between the US and China increase. The US has also pressed its international allies to follow suit.

The Dutch trade minister, Ms. Schreinemacher, said that the Dutch government had taken into account the technological changes and geopolitical environment, but did not specifically mention China or ASML. To export technology, including the most modern Deep Ultra Violet (DUV) immersion lithography and deposition, enterprises would now need to apply for licenses.

The firm stated that it "does not expect these steps to have a major impact on our financial projection that we have released for 2023 or for our longer-term scenarios as indicated during our Investor Day in November last year."

No matter where in the globe the chips were produced, Washington stated in October that it would want licenses from businesses exporting them to China using US equipment or software.

The US position on semiconductors has drawn criticism from South Korea's trade ministry this week. The South Korean government shall make it abundantly clear that the terms of the Chips Act may increase economic uncertainty, undermine companies' management and intellectual property rights, and lessen the allure of investing in the United States. 


Southeastern Louisiana University & Tennessee State Hit by Breaches

After a possible incident last week forced the Southeastern Louisiana University to shut down its network and call in Louisiana State Police to investigate, the University is now on its fifth day without a website, email, or mechanism for submitting assignments.

Due to hacks that have paralyzed school services and forced students to look for substitute tools, two institutions in Tennessee and Louisiana are currently experiencing difficulties.

Another cyberattack on Tennessee State with more than 8,000 students at Tennessee State University, a historically black public land-grant university in Nashville, was informed on Wednesday that a ransomware attack had taken down the school's IT infrastructure.

Internet problems have also emerged due to the event. Still, Louisiana State said that they were not brought on by a ransomware attack and that there has been no indication of any breach of personal data.

According to a university spokesperson, Southeastern's outages started on Thursday night, making it difficult for students and teachers to finish assignments and hold online classes. Facebook was used by some teachers in an effort to connect with their pupils.

According to Forbes, ransomware attacks are the most prevalent sort of recent cyberattacks that have hurt higher education. Universities paid a ransom in the amount of $112,000 on average during these attacks, despite the fact that experts claim that ransom demands can reach millions.

The Louisiana State Police is looking into the event after Louisiana University reported it to them. The University is diligently restoring services for the University community, therefore we ask that everyone continue to be patient at this time.

The federal cybersecurity & infrastructure security service advises everyone to exercise caution when clicking on URLs or opening attachments in emails, check website security before providing passwords, authenticate email senders, and use antivirus software to protect against ransomware attacks.



Video Calling Apps Target Children

 

Eden Kamar, a Ph.D. student in cybersecurity at the Hebrew University of Jerusalem, and Dr. C. Jordan Howell, a cybercrime specialist at the University of South Florida, collaborated to highlight the various methods that pedophiles prey on young children in the US. 

Howell explained that the team intended to understand how sexual predators first approach kids in chatrooms to start a dialogue before using devious means to gain their trust and record child porn. Around October 2021 and May 2022, the study was conducted.

The research started by developing a number of automated chatbots which never initiated a conversation and were set to only respond to users that identified as being at least 18 years old.

In 30 randomly chosen chatrooms for teenagers, the chatbots had roughly 1,000 conversations with potential pedophiles. Then, 38 percent of online predators emailed unwanted links, according to Howell. In text chats seen on public platforms, the bots asked predators for their "a/s/l"—age, sex, location—after which, once the bot identified herself as a 13 or 14-year-old female, the predators returned with a video link.

A surprising 41% of links went to Whereby, a competitor of Zoom that offers video and audio conferencing. According to the company's website, it was founded in Norway ten years ago and has worked with organizations like Spotify and Netflix.

Howell added that after exploring the company's website, the researchers discovered that Whereby permits users to manage other participants' webcams without their knowledge.

19% of the links contained malicious malware, and another 5% sent users to well-known phishing websites. Phishing sites are intended to obtain personal information, including home addresses, while malware sites can be used to remotely access a child's computer. Phishing attempts can also offer a predator access to a child's computer password, which can be used to log in and manage a camera from a distance.

Where Do the Most Ransomware Attacks Take Place in the United States?

 

Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances. 

However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought. 

What is Ransomware? 

Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.

Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.

Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.

In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.

Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.

Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.

Where do most attacks take place?

Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.

In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.

Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.

Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
  • Take regular backups and store them securely
  • Employ a good antivirus
  • Train your staff
  • Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.

FBI Takes Down the Infamous Ransomware Gang's Website

 

In a statement last week, the US Department of Justice claimed to have made progress against the significant ransomware organisation known as Hive. 

Since last July, the FBI has been infiltrating Hive's computer networks, and its disruption of the hackers' operations has resulted in the cancellation of more than $130 million in ransom demands.

The FBI infiltrated the gang's network as part of the operation and stole Hive's decryption keys before providing them to the gang's victims. 

The notorious gang has been targeting victims all around the world for some time. Since 2021, it has targeted over 1,500 victims, collecting hundreds of millions of dollars in ransom. Healthcare systems have frequently been the target of ransomware attacks.

“The Department of Justice’s disruption of the Hive ransomware group should speak as clearly to victims of cybercrime as it does to perpetrators,” stated US deputy attorney general Lisa O Monaco. 

The US agencies investigating the Hive hackings collaborated with international authorities in Germany and the Netherlands.

“In a 21st century cyber stakeout, our investigative team turned the tables on Hive,” Monaco added. “We will continue to strike back against cybercrime using any means possible and place victims at the centre of our efforts to mitigate the cyber threat.” 

For years, the FBI and other international organisations have been watching Hive's methods. 

Hüseyin Can Yuceel, a security researcher at Picus Security, urged the authorities against getting comfortable in response to their most recent success in foiling the hacker group's attempts. 

One of the most successful ransomware gangs in the previous five years was the Hive ransomware group. Hive became a significant player in the ransomware-as-a-service industry by embracing all of the current trends in the ransomware arena, Yuceel explained. 

He continued, stating that ransomware threat actors "are likely to rebuild and continue their activities" since the industry is still too profitable for hackers to give up on. 

According to Check Point Software security engineer Muhammad Yahya Patel, the FBI's Hive "takedown is a win that we should celebrate." It sends a clear message to ransomware groups and may have alarmed some of them because they don't know if they are also being watched. He also emphasised that we shouldn't get ahead of ourselves because groups "do usually reorganise under a new name or spread into other gangs."

Patel thinks that the government's ability to impair Hive's operations in this particular way marks a new step forward in the fight against cybercrime.

North Korean Hackers Target Crypto Users with Phony Job Offers

 

In an effort to commit cryptocurrency heists, North Korean hackers are exhibiting a "startup mentality," according to a report released on Wednesday by cybersecurity company Proofpoint. 

The Sunnyvale, California-based company claimed that in December, a group they call TA444, which is similar to the notorious hacking gang Lazarus, unleashed a massive wave of phishing assaults against the banking, education, government, and healthcare sectors in the United States and Canada. 

The group's emails adopted strategies that were distinct from the methods researchers had previously connected them with, such as attempts to obtain users' passwords and login information. 

According to the study, "this extensive credential harvesting operation is a variation from standard TA444 activities, which normally include the direct deployment of malware." 

The hackers generated information like job offers and salary modifications to entice targets and employed email marketing tools to get through phishing systems. In addition, they used LinkedIn, a social networking site, to communicate with victims before sending them links to malware, the report further reads. 

According to Proofpoint, the spam wave in December nearly doubled the number of emails the group sent over the whole year.

TA444 has a "startup attitude," according to Greg Lesnewich, senior threat researcher at Proofpoint, and is "trying a variety of infection chains to help grow its revenue streams." 

He claimed that the threat actor "embraces social media as part of their M.O. and quickly ideas new attack tactics." By bringing in movable money, TA444 "leads North Korea's cashflow generation for the leadership." 

North Korea, which is still subject to strict international sanctions, has grown more dependent on cybercrime to fund its illegal weapons programme. 

The astonishing heist of more than $600 million in bitcoin from an online video game network in March was perpetrated by a group with ties to Pyongyang, according to the FBI. 

On Monday, the FBI also declared that the Lazarus Group was in charge of a $100 million theft from Horizon Bridge, a cryptocurrency transfer service run by the American Harmony blockchain, in June. North Korea has stolen bitcoin assets worth $1.2 billion worldwide since 2017, with the majority of that value coming in 2022, as per South Korea's National Intelligence Service, which made the revelation last month. 

The spy service forewarned that Pyongyang was likely to speed up its efforts this year to obtain vital defence and intelligence technology from the South.

37 Million Accounts' Data were Stolen from T-Mobile in a Data Breach Involving APIs

 

T-Mobile, a wireless provider in the United States, reported earlier this week that an unidentified malicious intruder broke into its network in late November and stole information on 37 million customers, including addresses, phone numbers, and dates of birth. 

The breach was found Jan. 5, according to T-Mobile, which disclosed this in a filing with the U.S. Securities and Exchange Commission. According to the company's investigation to date, the stolen data didn't include passwords or PINs, bank account or credit card information, Social Security numbers, or other official identifications. 

The malicious activity "appears to be fully contained at this time, but our investigation is still ongoing," T-Mobile said, adding that the data was first accessed on or around Nov. 25.

In recent years, the company has experienced numerous hacks. In its filing, T-Mobile stated that it did not anticipate the most recent breach to materially affect its business.

However, Neil Mack, a senior analyst at Moody's Investors Service, stated in a statement that the breach raises concerns about management's cyber governance, may alienate customers, and may draw the attention of the Federal Communications Commission and other regulators. 

The frequency of these cybersecurity incidents at T-Mobile is alarmingly high compared to that of its telecom competitors, Mack said, even though they may not be systemic in nature. 

T-Mobile announced in August 2021 that personal information including Social Security numbers and driver's licence information had been stolen. As a result, the company agreed to pay $350 million to customers who brought a class action lawsuit. There were almost 80 million affected Americans. 

Additionally, it announced at the time that it would invest $150 million in other technologies and data security through 2023. Prior to the August 2021 intrusion, the company disclosed breaches in which customer information was accessed in January 2021, November 2019 and August 2018. 

After acquiring rival Sprint in 2020, Bellevue, Washington-based T-Mobile rose to prominence as one of the nation's major providers of mobile services. After the merger, it claimed to have more than 102 million clients.

5 Updates to Secure Data as Workers Return to Work

According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years.

Employees should be aware of data security practices since the 2022 Verizon Data Breach Investigations Report states, 82% of data breaches are caused by human error, placing companies of all sizes at risk.

5 Upgrades to Data Security


1. Protect data, not simply the barrier

With approximately 90% of security resources going toward firewall technology, it appears that many firms are focusing on protecting the walls around their data. However, there are potential ways for firewalls, including via clients, partners, and staff. Such individuals can all get beyond external cyber security and abuse sensitive data. 

2. Be aware of threats

Insider threats can be challenging to identify and stop due to their nature. It might be as simple as a worker opening an email attachment that is from a credible source and activating a ransomware worm. Threats of this nature are the most frequent and expensive worldwide.

3. Encrypt each device

A growing number of individuals prefer to work on personal devices. A solid, unchangeable data backup strategy might aid a business in making a speedy incident recovery. 

4. Create secure passwords

Most firms tend to display weak password policies, resulting in basic, generic, and hackable passwords for vital accounts that have access to private and priceless data. Passwords should be fairly complex; they should be updated every 90 days. 

5. Develop a company safety strategy

Each person who has a username and password is responsible for data security. IT administrators must regularly remind managers and employees that they are never permitted to share their login information with any third parties.

Data security is identified as the largest disruptor in 2023 by researchers as businesses continue to boost their cybersecurity resilience. According to the poll, 68% of managers say that the company has a cybersecurity unit and another 18% indicate companies are in process of building one. Only 6% of participants claimed to have no cybersecurity section.

A breach could cost significantly more than an audit from a data security firm. The estimated cost of a data breach in the US increased from $9 million to $9.4 million in 2022, as per Statista.

FCC Wants Telecom Companies to Notify Data Breaches More Quickly

 

The Federal Communications Commission of the United States intends to improve federal law enforcement and modernise breach notification needs for telecommunications firms so that customers are notified of security breaches as soon as possible.

The FCC's proposals (first made public in January 2022) call for getting rid of the current requirement that telecoms wait seven days before notifying customers of a data breach. 

Additionally, the Commission wants telecommunications providers to notify the FBI, Secret Service, and FCC of any significant breaches. 

According to FCC Chairwoman Jessica Rosenworcel, "We propose to eliminate the antiquated seven business day mandatory waiting period before notifying customers, require the reporting of accidental but harmful data breaches, and ensure that the agency is informed of major data breaches.

In a separate press release, the FCC stated that it was considering "clarifying its rules to require consumer notification by carriers of inadvertent breaches and to require notification of all reportable breaches to the FCC, FBI, and U.S. Secret Service." 

In 2007, the Commission passed the first regulation mandating that telecoms and interconnected VoIP service providers notify federal law enforcement agencies and their clients of data breaches. 

The severity of recent telecom hacks demonstrates the need for an update to the FCC's data breach rules to bring them into compliance with federal and state data breach laws governing other industries. For instance, Comcast Xfinity customers reported in December that their accounts had been compromised as a result of widespread attacks that avoided two-factor authentication.

Verizon informed its prepaid customers in October that their accounts had been compromised and that SIM swapping attacks had used the exposed credit card information.

According to reports, T-Mobile has also experienced at least seven breaches since 2018. The most recent one was made public after Lapsus$ hackers broke into the business' internal systems and stole confidential T-Mobile source code.

Finally, in order to end an FCC investigation into three separate data breaches that affected hundreds of thousands of customers, AT&T paid $25 million in April 2016.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," Rosenworcel stated. "To better protect consumers, boost security, and lessen the impact of future breaches, this new proceeding will take a much-needed, fresh look at our data breach reporting rules."

TSA: New Cybersecurity Directives Issued for US Passenger and Freight Railroad Carriers

 

The Transportation Security Administration (TSA) has recently announced a new cybersecurity security directive. The directive is issued in order to improve the cybersecurity of railroad operations and regulate passengers and freight railroad carriers. 
The TSA announcement demonstrates the Biden-Harris Administration’s commitment to strengthening the cybersecurity of U.S critical infrastructure. The security directives will further improve the nation’s railroad operations’ cyber security preparedness and resilience, building on the TSA's work to fortify defenses in other modes of transportation. 

Why are the new directives important?  


The latest measures are taken by US officials following the series of ransomware attacks and hacking incidents in the past years.  

In 2016, San Francisco Municipal Transportation Agency was targeted by a ransomware attack, which caused administrators to disable ticketing machines and turnstiles for metro stations for a weekend. 

Last year, the US witnessed the disruptive potential of a cybercrime incident, where a major pipeline company had to halt its operations for days following a ransomware attack. 

The new TSA directive instructs rails companies to report hacking incidents to the Department of Homeland Security, having a strategy in place to prevent a cyberattack from affecting their business operations. 

The directive essentially focuses on creating access controls to prevent unauthorized access to critical systems.  

The operators must ensure that these systems are constantly monitored and detected by policies and procedures. Additionally, they must also make sure that the operating systems, applications, drivers, and firmware of the critical systems are patched and up to date. 

About the new directives, TSA Administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.” 

“We are encouraged by the significant collaboration between TSA, FRA, CISA and the railroad industry in the development of this security directive.”  

As per Anne Neuberger, a senior White House official, the US officials are also working on cybersecurity measures for the water and healthcare sectors. Alongside regulations for the communications sector, including emergency warning systems are also underway.

US Government Says Election Hacking Does Not Pose Any Threat

 

Despite the U.S. government's efforts to chill everyone out about election hacking less than a month before the midterm elections, the topic is still on many minds. 
 
According to a public service announcement, carried out on Tuesday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) said they are aware that, as far as they know, an election hack has never been successful in the United States, and that it's unlikely there will be one anytime soon if it strikes.  
 
As stated in the announcement, "Neither the FBI nor CISA believes there is any evidence that cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, and affected the accuracy of voter registration information in their investigations" (emphasis in original). Considering the extensive safeguards in place and the distributed nature of election infrastructure, the FBI and the CISA continue to assess that it would be very difficult for any attempts to manipulate votes at scale to be unwittingly carried out."  
 
There has been a persistent campaign by some pro-Trump and GOP operatives and sympathizers for the past two years, including MyPillow CEO Mike Lindell, who spread unfounded conspiracy theories and sometimes even flat-out made-up claims of vote manipulation and hacking against voting systems across the country, leading to the announcement. Election security experts believe that the FBI and CISA's announcement appears to be all set to pre-empt these types of allegations. 
 
Matt Bernhard, a research engineer at the non-profit organization Voting Works, which focuses on election cybersecurity, told Motherboard in an online chat that this feels like a pre-bunking exercise.   
 
According to Professor Dan Wallach, an expert in electronic voting systems who taught at Rice University for many years. He has studied them; electronic voting systems are the future.  
 
“If we take it for what it says, it both focuses our attention on misinformation and ‘pre-bunks’ more sophisticated hacking operations,” Dan told Motherboard via email. 
 
It is pertinent to clarify, however, that “this does not mean we can relax about these sorts of sophisticated attacks. The election administrators are, to a specific degree, implementing cyber defenses, and they are currently working on improving them," he added. “Even though it is much easier to convince people that there has been tampering with the election than to do the tampering itself.”

Although election hacks have been rare and ineffective, and are unlikely, federal and state governments are prepared for any eventuality.  
 
"At the Department of Homeland Security, we are very intensely focused on the security of the elections," Minister Mayorkas, who serves as the secretary for the Department of Homeland Security, said earlier this week. There have been past reports on potential vulnerabilities in voting machines by Motherboard as well. However, there has not been any evidence that voting machines have been breached during an actual election that has happened in the past.

Rise in Cyber-Attacks Targeting U.S. Defense Security

 

In the context of a cyberattack campaign, which may be related to the act of cyber espionage itself, it is clear that cyber threats are becoming increasingly sophisticated with each passing. Threat actors are engineering the attacks to target defence contractors in the US and throughout the world. 

There have been several covert campaigns against weapons contractors in Europe over the last few months, which have been detected by researchers at Securonix. The campaign has adversely affected a supplier to the US program to build the F-35 Lightning II fighter plane, which has been identified as STEEP#MAVERICK by Securonix. 

According to the security vendor, the campaign is noteworthy for the overall attention the attacker has paid to operations security (OpSec) and in ensuring their malware is difficult to detect, remove, and analyse.  

The report from Securonix stated, the malware stager used in these attacks used an array of tactics, persistence methodology, counter-forensics, and layers upon layers of obfuscation to hide its code. 

As of late summer, it appears that the STEEP#MAVERICK campaign had started to attack two high-profile defence contractors in Europe as part of its attacks on their facilities. There is a similar trend in spear-phishing attacks that begin with an email that contains a compressed (.zip) file and a shortcut link (.lnk) to a PDF document that purports to describe company benefits, like many spear-phishing campaigns.  

According to SecurityTel, the sample email was sent this month via North Koreas APT37 threat group. 

APT37 (also known as Konni) is a North Korean threat group that was found sending emails earlier this month similar to a scam email they encountered earlier this month during another campaign that involved the North Korean threat group.  

The rising number of cyberattacks is indeed a matter of concern, especially for a department like defence which has access to secrets that require to be guarded with extra caution.  

The security research performed by Black Kite on the top 100 defence contractors, showed that 32% of them are having security flaws that can cause ransomware attacks. The major reasons for these defence contractors to be vulnerable to ransomware attacks include leaked credentials, lack of secure personal data management, etc, as per the research.

US Forex Scam Lasted for Ten Years

Two US men, Patrick Gallagher, 44, of Middleborough, Massachusetts, and Michael Dion, 49, of Orlando, Florida, both pled guilty to one charge of conspiracy to commit financial crimes in a foreign exchange operation that spanned a decade. 

Forex: Is it a con?

The world's currencies are traded on the Forex market, a credible platform.  It would be tricky to trade the currencies required to pay for imports, sell exports, travel, or conduct cross-border business without the Forex market. However, because there is no centralized or regulated exchange and massive leverage positions (which theoretically have the potential to earn traders a lot of money), are available, con artists use the scenario and rookie traders' desire to join the market. 

Since the forex market is a 'zero-sum' market, in order for one trader to profit, another dealer must lose money. As a result, the forex market does not by itself increase market value. 

About the Scam  

According to the Department of Justice, hackers established a fake organization called Global Forex Management and lured investors by assuring them large profits based on falsified trading performances from the past.

Hackers alleged that IB Capital, the business of a conspirator, would use an online trading platform to trade the victims' money. Rather, Gallagher and Dion were stealing the money from the victim investors while collaborating with other criminals in the Netherlands.

Gallagher and Dion carried out their scheme in May 2012 by deliberately setting up negative trades for the investors, effectively stealing $30 million from their victims.

After fabricating the enormous trading loss, Gallagher and Dion used shell businesses they had built up all across the world to transfer the stolen funds.

How can we detect a forex scam?

Learning how to correctly trade on the Forex market is the single most crucial thing a person can do to avoid getting conned. Finding reliable Forex brokers, on the other hand, is a challenge in this situation. Before trading with real money, practice making long-term profits on demo accounts. Be aware that it can take years to thoroughly learn the Forex trade, just like it does with any professional ability. Avoid any claim that suggests 'you can generate money quickly.'

Furthermore, don't accept the assertions made at face value; instead, take the time to conduct your own investigation. The legitimacy of the business that makes the claims or offers the course or expertise is something else a person might wish to investigate. 

Taiwanese Government Sites Suffered DDoS Attacks Following Nancy Pelosi Visit

 

Multiple Taiwanese government sites were disrupted by distributed denial-of-service (DDoS) attacks following the much-publicized arrival of U.S. House Speaker Nancy Pelosi who became the first high-ranking U.S. official in 25 years to visit the democratic island nation. 

Pelosi reportedly met Taiwanese President Tsai Ing-wen and reiterated America’s support for the country of 24 million. 

The cyber attacks caused intermittent outages across the government English portal, some websites of the presidential office, foreign ministry, and defense ministry. 

According to Taiwan's foreign ministry, the attacks on its website and the government's English portal were linked to Chinese and Russian IP addresses that tried to access the websites up to 8.5 million times per minute. 

A separate statement from a Tsai spokesperson on Facebook said the attack had funneled 200 times more traffic than usual to the site. However, it was back up and running just 20 minutes later, it added. 

“While the PRC is more than capable of this type of attack, DDoS is fairly unsophisticated and somewhat brutish, and it's not a tool they are known to deploy,” explained Casey Ellis, founder, and CTO at Bugcrowd. China has an enormous population of very clever technologists, large security research and hacking community, and a large government-sponsored team with offensive capability ranging from information warfare to targeted exploit development and R&D.” 

Experts believe that the attacks were likely launched by Chinese activist hackers rather than the Chinese government as retaliation for the visit of Nancy Pelosi. 

Taiwan has accused China of ramping up cyber assaults since the 2016 election of President Tsai Ing-wen, who views the island as a sovereign nation and not a part of China. In 2020, Taiwanese authorities said China-linked hackers breached at least 10 Taiwan government agencies and secured access to nearly 6,000 email accounts in an attempt to exfiltrate data. 

Earlier this year in February, Chinese APT group APT10 (aka Stone Panda, Bronze Riverside) targeted Taiwan’s financial trading sector with a supply chain attack. The malicious campaign was launched by the threat actors in November 2021, but it hit a peak between February 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported.

As the Ukraine Conflict Escalates, US Braces for Russian Cyberattacks

 

Some of the most serious cyberattacks on US infrastructure in the last two years have been traced back to Russian hackers. The SolarWinds hack, which infiltrated multiple government departments in 2020, the ransomware attack that forced the suspension of one of America's main fuel pipelines for several days last year, and another attack on JBS, one of the world's largest meat producers, are also on the list. 

The US administration is on high alert for signs of Russian cyberattacks on banks and other financial institutions, following Moscow's broad strike on Ukraine on Thursday, which drew harsh international sanctions. According to a homeland security source with knowledge of the situation, Russia's cyberthreat to the United States is still active and has not changed since Russian President Vladimir Putin started a full-scale invasion of Ukraine. 

Threats to the national grid and big American institutions, according to the source, are a definite possibility. The Department of Justice and the FBI are both bracing for a potential attack and closely monitoring any strange cyber activity. The Department of Justice has a whole national security division devoted to this.

If Russia entered and hacked the US power system, intelligence believes that it will take between one and two weeks to restore full functioning. The US government has previously disclosed information indicating that Moscow mounted a vast hacking campaign to breach America's "critical infrastructure," which includes power plants, nuclear power plants, and water treatment plants.

Russia has also been accused of conducting online disinformation campaigns aimed at the United States, including efforts to meddle with US elections and cause unrest. This week, US authorities again accused Russian intelligence of spreading misinformation about Ukraine. 

While many online attacks cannot be explicitly traced to the Russian state, Herb Lin, a senior research scholar for cyber policy and security at Stanford University's Center for International Security and Cooperation, believes that hackers work with Russia's support. 

"They don't operate directly for the Russian government, but they operate under a set of rules that says: 'you guys do what you want, don't target Russian stuff and we won't bother you,'" Lin said. 

Even if Russian hackers do not directly target US organisations, Ukraine's reliance on foreign technology, according to Lin, can cause significant problems for the US. If the crisis in Ukraine worsens, "all the stuff in the US that directly aids the Ukrainian military machine becomes fair game for the Russians to target," Lin added.

Ukraine: DDoS Attacks on State Websites Continue

 

Since February 23, some Ukrainian government websites have been subjected to DDoS attacks: web resources of the Ministry of Defense, the Verkhovna Rada of Ukraine, the Ministry of Foreign Affairs and others have suffered interruptions. 

The Insider publication (the organization is included in the list of foreign agents by the Ministry of Justice of Russia), referring to the data of the independent cyber analyst Snorre Fagerland, stated that the hacker group ART23 (Fancy Bear), which is attributed to links with the Main Intelligence Directorate of the Russian Federation, was behind the attacks. 

However, Igor Bederov, head of the Information and Analytical Research Department at T.Hunter, called this statement a provocation. "The investigation of a cyberattack (attribution) is a long and complex process that cannot be carried out from beginning to end in hours. Analysis of hacker software and malicious code is always a long and painstaking process," Mr. Bederov said. 

According to him, even if traces leading to Fancy Bear were indeed found, it's still impossible to say that this particular group was behind the attack. Mr. Bederov thinks that other hackers could have also taken advantage of the malware previously used by Fancy Bear. It's possible because hacker tools are openly resold on the Darknet. 

"Primary attribution is based on matching the hacker code used in today's attack with the code used in yesterday's attack, as well as special characters specific to a language group. This approach is fundamentally wrong, because the code can be stolen or bought, and the linguistic features can be imitated," said the expert. 

Mr. Bederov also noted that within the framework of pro-state activity, mainly Chinese groups like to engage in substitution of attribution. In addition, according to him, the NATO cyber intelligence center located in Tallinn was previously noticed for the substitution of attribution. 

Earlier it was reported that DDoS attacks on the website of the Ministry of Defense of Ukraine could have been deliberately set up by the United States. Earlier, Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection of Ukraine, said that the government of Ukraine is ready for the scenario of forced destruction of secret data on servers. According to him, the authorities do not want to take risks and are not going to leave documentation and detailed information about the population of Ukraine to the enemy. 

He also said that if Russia gets access to government passwords, Ukrainian specialists "will quickly block access to hacked accounts."

Russian Man and his Wife Arrested in U.S. for Stealing Record $4.5 billion in Bitcoins

Russian citizen Ilya Lichtenstein and his wife Heather Morgan were arrested in the United States on Tuesday. The U.S. Justice Department in a statement called them the largest Internet fraudsters in history. 

The spouses are suspected of hacking the Hong Kong cryptocurrency exchange Bitfinex in 2016 and withdrawing 120,000 bitcoins from its accounts, which is $4.5 billion at current prices. Intelligence agencies managed to confiscate $3.6 billion worth of bitcoins stored in the Russian's e-wallets. 

On Tuesday night, after the arraignment in the Court of the Southern District of New York, Magistrate Judge Debra Freeman decided to release the suspects on bail of $8 million for two. However, the spouses were unable to leave federal prison as the judge's decision was put on hold by Washington. 

According to the prosecution, the couple should remain in custody because "they are sophisticated cybercriminals and money launderers, and there is a serious risk of their escape." Prosecutors admit that the couple may have passports in other names. 

In particular, agents found a file named Passport_ideas on Liechtenstein's computer. And a plastic container with disposable phones was found under the bed in the apartment of the defendants. Under American law, Ilya Lichtenstein and Heather Morgan face up to 25 years in prison. 

A few years ago, 34-year-old Ilya Lichtenstein unsuccessfully tried to create a technology startup and become an investor. He came to the United States from Russia at the age of six, when his family was granted asylum for religious reasons. 

His wife, Heather Morgan, called herself an economist, a journalist, and a "Crocodile of Wall Street", was a freelance writer for Forbes magazine and even performed as a rapper under the name Razzltkhan. According to the New York Times, giant billboards with her image decorated Times Square. 

According to the investigation conducted by the FBI and the US Internal Revenue Service, Lichtenstein and Morgan hacked the Bitfinex protection system and made about 2 thousand illegal transactions, transferring funds from the accounts of the exchange's clients to their electronic wallet. 

In subsequent years, the suspects managed to launder about 25 thousand bitcoins through third-party exchanges and online services on the darknet. A new hearing on Lichtenstein and his wife's bail application will be held in Washington on February 11.

Suspected Founder of Hacker Group The Infraud Organization Arrested in Moscow

 

It became known that Russia will not extradite the possible leader of the hacker group The Infraud Organization to the United States. Russian FSB officers and Russian law enforcement agencies, with the assistance of US law enforcement agencies, detained four members of the hacker group The Infraud Organization on January 22. Prior to that, the alleged founder Andrei Novak was put on the wanted list in the United States on charges of cyber fraud. 

According to the FSB, Novak has been arrested, and three other alleged hackers have been placed under house arrest. The investigation continues to identify other members of The Infraud Organization. The detained members of the group are accused of illegal access to computer information and illegal turnover of payment funds. 

Russia has no plans to extradite Andrei Novak, the possible leader of the international hacker group The Infraud Organization, to the United States. Thus, Russian law prohibits the extradition of citizens of one's own country to a foreign state. 

It is noted that if among the detained members of the organization there is a person without Russian citizenship, then after the investigation of a criminal case in Russia and the trial he will be extradited to the country where the case was opened against him. 

It is worth noting that in February 2018, it was reported that law enforcement officers detained 13 persons in the United States accused of involvement in a criminal scheme, the damage from which amounted to at least $530 million. In total, 36 people have been charged, and one Russian, Andrei Novak, was included in this list. 

The detained 13 people are citizens of the United States, Australia, Great Britain, France, Italy, and Serbia. The criminal group was organized by a citizen of Ukraine in 2010. 

The company Group-IB, which in Russia is engaged in the investigation and prevention of cybercrime (its founder Ilya Sachkov was arrested in Russia on charges of treason), said at the time that the defendants were not an organized group, but united on hacker sites solely to carry out attacks. Group-IB suggested that their main field of activity could be carding. In addition, cybercriminals could manage cardershops (sites for the sale of bank cards), sell accounts and accounts.