Search This Blog

Showing posts with label threat. Show all posts

Cyber-attacks on Port of Los Angeles Doubled Since Pandemic


According to recent research, one of the world's biggest ports has witnessed an unusual spike in cyber-attacks since the outbreak began. The Port of Los Angeles' executive director, Gene Seroka, told the BBC World Service over the weekend that the facility receives roughly 40 million attacks every month. 

"Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce. We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo,” he further added. 

Ransomware, malware, spear phishing, and credential harvesting attacks appear to be among the threats aimed against the facility, which is the busiest in the Western Hemisphere. The goal seems to harm the US economy in many situations, however, profits through extortion and data theft will also be a factor. 

Such dangers, if not adequately managed, can potentially exacerbate COVID-era supply chain snarls. Seroka said that port blockages will not be cleared completely until next year, even though the number of container ships waiting more than two days to offload has reportedly reduced from 109 in January to 20 today. 

"The past two years have proven the vital role that ports hold to our nation's critical infrastructure, supply chains and economy. It's paramount we keep the systems as secure as possible," Seroka expressed. 

The challenge is so acute that the port established one of the world's first Cyber Resilience Centers in collaboration with the FBI. It provides a single site for port stakeholders such as shipping corporations to receive, evaluate, and exchange threat intelligence. 

Ports have become such a popular target for cyber-criminals, particularly those aiming to undermine operations and extort businesses, due to their strategic significance to global trade.

Google Blocked Dozens of Domains Used by Hack-for-hire Groups


Google's Threat Analysis Group released a blog post on Thursday detailing the actions of hack-for-hire groups in Russia, India, and the United Arab Emirates. More than 30 domains used by these threat groups have been added to the internet giant's Safe Browsing system, preventing users from accessing them. 

Hack-for-hire groups are sometimes confused with businesses that provide surveillance tools. As per Google, surveillance vendors often give the tools required for spying but leave it up to the end-user to run them, whereas hack-for-hire groups perform the attacks themselves. Several hack-for-hire groups have been found in recent years. Google's investigation focuses on three groups thought to be based in India, Russia, and the United Arab Emirates. 

Google has been tracking the threat actor linked to India since 2012, with some of its members formerly working for offensive security firms. They now appear to be employed by Rebsec, a new firm that publicly sells corporate espionage services. The group has been observed phishing credentials for AWS, Gmail, and government services accounts from healthcare, government, and telecom firms in the Middle East. 

The Russia-linked threat actor, known as Void Balaur by others, has targeted journalists, politicians, NGOs and organisations, and persons who looked to be ordinary residents in Russia and neighbouring nations. Phishing was also used in these assaults. 

“After the target account was compromised, the attacker generally maintained persistence by granting an OAuth token to a legitimate email application like Thunderbird or generating an App Password to access the account via IMAP. Both OAuth tokens and App Passwords are revoked when a user changes their password,” explained Shane Huntley, director of Google’s Threat Analysis Group. 

This group also had a public website where it advertised social media and email account hacking services. The UAE group primarily targets government, political, and educational groups in North Africa and the Middle East. This threat actor also employs phishing emails, but unlike many other organisations, it employs a custom phishing kit rather than open source phishing frameworks. 

“After compromising an account, the actor maintains persistence by granting themselves an OAuth token to a legitimate email app like Thunderbird, or by linking the victim Gmail account to an attacker-owned account on a third-party mail provider. The attacker would then use a custom tool to download the mailbox contents via IMAP,” Huntley said. 

Google believes Mohammed Benabdellah, who was sued by Microsoft in 2014 for developing the H-Worm (njRAT) malware, is associated with the group.