now browsing by tag


12 #Connecticut #state agencies #hit by a #cyber attack

The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.

DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.

NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab).,, and join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.

As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.

Read More….


The post 12 #Connecticut #state agencies #hit by a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New York is #quietly working to #prevent a major #cyber attack that could bring down the #financial #system

Source: National Cyber Security News

Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.

“Cyberwar,” read the subject line.

“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”

Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.

It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.

Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.

The internet would be to modern warfare what the airplane was to strategic bombers during World War I.

The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.

Read More….


View full post on National Cyber Security Ventures

2,000 #computers were #shut down due to #SamSam virus #attack to #Colorado Department of #Transportation

Source: National Cyber Security News

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018
SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

Read More….


View full post on National Cyber Security Ventures

Wall #Street Teams Up to Help Save #Client Data in #Cyber Attack

On Wall Street, backing up data now comes with a code name.

Nearly three dozen banks are leading a group called Sheltered Harbor that’s designed to protect consumers’ access to their data in the event a financial institution is hacked. Banks, credit unions and brokerages representing 400 million accounts — or 70 percent of U.S. retail accounts and 60 percent of U.S. brokerage accounts — have signed up to be part of the effort, which went live earlier this year.

Sheltered Harbor requires members to encrypt their customer account data and store it in a vault that is both survivable and accessible in case of a cybersecurity incident, according to the group’s website. If a breach does occur, the affected bank must retrieve and transmit its data to another financial institution, which can load it onto its core platform. That way customers of the hacked bank can still access their account information.

“The focus is on really trying to protect the consumers’ access to their assets,” Steve Silberstein, chief executive officer of Sheltered Harbor, said in a telephone interview. “We have to continue to make the system safer, and it continues to require some amount of sharing and some amount of cooperation to do that.”

For large global banks, it costs $50,000 to participate in Sheltered Harbor, which helps the firms coordinate responses to a cyber attack. For everyone else, fees are based on the amount of assets each one has and can range from $250 to $25,000, according to the group’s website.

The group was formed in November 2016 and its recent progress was reported Sunday by The Wall Street Journal.

Hamilton Series

Sheltered Harbor is a subsidiary of the Financial Services Information Sharing and Analysis Center — or FS-ISAC. Phil Venables, chief operational risk officer at Goldman Sachs Group Inc., and James Rosenthal, former chief operating officer at Morgan Stanley, are co-chairs of the project, according to a press release from FS-ISAC.

The group was formed after banks participated in an exercise in 2015 that was run by FS-ISAC and the U.S. Treasury Department called the Hamilton Series. The exercise exposed how data breaches could hurt consumer confidence in the financial system, even if the incident occurred at a regional or community bank.

Sheltered Harbor does not hold any of the bank account data. Instead, it has created the standards for joining the group and monitors banks’ adherence to those standards, said Silberstein, who was previously the chief technology officer at Sungard Data Systems Inc.

View full post on National Cyber Security Ventures

​Australia #fair game when it comes to the #threat of a #cyber attack

Source: National Cyber Security – Produced By Gregory Evans

For a country with a culture based on taking things as they come, Check Point has said Australia is taking the threat of cybersecurity seriously.

Previously, organisations in Australia were protected by the country’s geographic isolation, but as business is now being carried out at scale via the internet, Tony Jarvis, chief strategist of threat prevention at security vendor Check Point, has said everyone is “fair game” when it comes to the threat of a breach.

Speaking with ZDNet, Jarvis said organisations in Australia used to have the luxury of foresight, watching peers from bigger parts of the world deal with security-related incidents six months before the trend entered Australia, providing them with ample time to prepare.

However, that is no longer the case, as highlighted by the WannaCry ransomware that claimed hundreds of thousands of victims across 150 countries, reaching speed and red-light cameras on state roads in Victoria, and Petya, which even halted chocolate production at Cadbury’s Tasmanian factory.

“When you’re doing business on the internet, which everybody is, everybody is fair game at exactly the same point in time, so we have to be cognizant of that,” Jarvis said.

“Australia is good at taking that seriously, they do appreciate that risk, and translating that into taking the necessary actions and preventative measures is definitely on the agenda.

“Australia is making good progress.”

He said it is important to remember there’s no such thing as cybersecurity in the sense that nothing can be 100 percent secure.

“Rather, cyber resilience, and being prepared as you can be while also acknowledging the fact that something might slip through the cracks, and having a plan in place to deal with that should it happen,” he explained.

“Australia is definitely taking the right steps, everybody faces slightly different risks, but more or less they’re all on the same sort of path.”

Australians have a reputation of being heavy consumers of technology, and with the estimation that there will be 20.4 billion Internet of Things (IoT) devices deployed by 2020, Jarvis said securing these devices should be a priority, given that IoT presents a future that is very difficult to secure.

He said it’s important for everyone involved, including designers, manufacturers, retailers, and consumers, to be aware of the security risks.

“There’s always a lot of hype in the security industry, unfortunately, and a good part of our time is spent on deciphering what is hype and what is fact,” Jarvis explained.

“Unfortunately, when we start talking about IoT, a lot of the hype is real.

“We live in a capitalist society; we have manufacturers and companies whose job is to put products on the shelf that we want to go out and buy and they improve our life somehow, such as fitbits and other fitness trackers,

“Unfortunately, security lags quite a number of years behind bringing these products to market.”

While there are a number of best practice guidelines published by the likes of IoT Alliance Australia and the Cloud Security Alliance, there’s no unanimous decision on which standard to adopt, nor is there an overarching body to make sure every part of the process adheres to agreed guidelines.

“Not all manufacturers will adhere to those standards, but even if they do, if there’s a vulnerability that’s found on a specific device, how do you actually go and remediate or patch that, because it’s not always possible,” Jarvis added.

“A lot of the hype in this case is justified.

“We don’t need to be worried, but we do need to be cognizant.”

The post ​Australia #fair game when it comes to the #threat of a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #hired for #year-long #DDoS attack #against #man’s former #employer

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans US federal prosecutors in Minnesota have charged a 46-year-old man with hiring a cyberhitman – well, technically, three hacking services – to launch a year-long campaign of distributed denial of service (DDoS) attacks on his former employer. Prosecutors say that John Kelsey Gammell, 46, contacted seven […] View full post on | Can You Be Hacked?

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

Source: National Cyber Security – Produced By Gregory Evans

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.

The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.

The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.

The post Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #Attack Global #Banks with Just Found ‘Silence’ #Banking #Trojan

Source: National Cyber Security – Produced By Gregory Evans

One fresh banker Trojan has been detected and found employing techniques resembling ones that the Carbanak employed. The Trojan has been targeting financial institutions mostly in Russia.

According to security researchers from Kaspersky Lab, the new Trojan called “Silence” is used for acquiring continuous access of certain online banking network even as it makes video recordings of computer operations by bank employees, identifies the software they use and the operational activities of the bank. Once equipped with all this knowledge, the attackers controlling the malware apply that knowledge for grabbing cash out of the banks’ customer accounts. posted this, November 1, 2017.

By monitoring victims’ activities in the bank, the attackers get all the necessary details from them for sniffing the bank’s networks while escape unnoticed with stolen money. The victims get an e-mail containing one malicious attachment masquerading as ‘Windows help.’ The attachment contains a CHM file with a JavaScript embedded that by default downloads one Visual Basic programmed script and runs it that thereafter pulls down the Trojan installer via its command-and-control (C&C) server.

The researchers state that the controllers of ‘Silence’ possibly are a Russian-speaking group that has targeted no less than ten financial institutions with some inside Malaysia and Armenia although the majority is inside Russia. This is unlike Russian cyber-criminals who usually spare attacking domestic targets.

Like Carbanak, first victims of Silence are duped with spoofed electronic mails that enable the hackers to gain entry inside the network. The hackers then hang around for as long as it needs them to get all the information for striking attack and stealing huge amounts of funds.

The spoofed e-mails are highly personalized to craft them as spear-phishing e-mails. Kaspersky researchers point out that the hackers had previously attacked to infect banking infrastructure so they could dispatch the malicious messages via the ids belonging to genuine bank employees thus making the e-mails appear inconspicuous while trapping the victims.

The Carbanak gang too was the discovery of Kaspersky Lab back during 2015. According to a particular report then, the infamous hackers managed filching a maximum of $1 billion from over a hundred banks globally.

The post Hackers #Attack Global #Banks with Just Found ‘Silence’ #Banking #Trojan appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The CCleaner Attack Linked to State-sponsored Chinese Hackers

Source: National Cyber Security – Produced By Gregory Evans

Security researchers revealed that the CCleaner chain attack, which resulted in millions of users downloading a backdoored version of the CCleaner PC software utility, was linked to state-sponsored Chinese hackers. The attack started in July with compromising a CCleaner server, which let attackers inject backdoor code in two versions of…

The post The CCleaner Attack Linked to State-sponsored Chinese Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens

Source: National Cyber Security – Produced By Gregory Evans

A cybersecurity firm has announced hacking tools linked to the US National Security Agency are being exploited by cybercriminals. NSA-linked hacking tools are being used by cybercriminals in efforts to remotely steal money and confidential information from online banking users, according to researchconducted by cybersecurity firm Proofpoint. Proofpoint researchers discovered two different banking trojans in the wild, with computer…

The post WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures