been

now browsing by tag

 
 

IRANIAN #HACKERS HAVE BEEN #INFILTRATING #CRITICAL #INFRASTRUCTURE #COMPANIES

THE INTERNATIONAL INTELLIGENCE agency always has a keen interest in Iran’s hacking activity. And new research published by the security firm FireEye on Thursday indicates the country’s efforts show no signs of slowing. In fact, a new network reconnaissance group— FireEye calls them Advanced Persistent Threat 34—has spent the last few years burrowing deep into critical infrastructure companies.

Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat.

FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but says APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.

New APT in Town

There isn’t definitive evidence of a direct link between APT 34 and APT 33, an Iranian hacking group and malware distributor FireEye published findings on in September. But researchers have seen APT 34 operating concurrently inside many of the same target networks as other Iranian hackers.

“We have seen, and this is with a lot of the Iranian actors, a very disconcerting or aggressive posture towards critical infrastructure organizations,” says John Hultquist, director of intelligence analysis at FireEye. “APT 33 has targeted a lot of organizations in critical infrastructure in the Middle East and so has APT 34. They obviously represent opportunities for intelligence collection. But we always have to think about the alternative use of those intrusions or accesses as possible means for disruption and destruction, especially given the destructive incidents we’ve already seen with other Iranian actors.”

To establish what Hultquist describes as beachheads, APT 34 uses involved operations to move deeper and deeper into a network, or exploit a toehold within one organization to pivot into another. FireEye has observed the group compromising someone’s email account at a target company, rifling through their archive, and restarting threads as old as a year, to trick the recipient into clicking a malicious attachment. The hackers also use compromised email accounts to spearphish other companies, and leapfrog into their systems as well.

While the APT 34 Iranian hacking activity doesn’t appear to target the United States, any Iranian efforts in that space are noteworthy. The countries have a long history of cyber antagonism, which includes the deployment of Stuxnet, malware thought to be a product of the NSA and their Israeli counterparts, to cripple Iran’s uranium enrichment activities. Tensions between the countries have escalated recently as well, with President Donald Trump recently taking steps to decertify the nuclear agreement between the US and Iran.

‘A Multilayered Approach’
APT 34 uses malicious Excel macros and PowerShell-based exploits to move around networks. The group also has fairly extensive social media operations, deploying fake or compromised accounts to scope out high-profile targets, and using social engineering to get closer to particular organizations. FireEye researchers speculate that APT 34 may be a reconnaissance and persistence unit, focused on finding ways into new networks and broadening access within existing targets. Some evidence indicates that the group may work directly for the Iranian government, but it’s also possible that the hackers are effectively contractors, selling backdoors to the government as they find them.

“When you look at this, it’s a multilayered approach,” says Jeff Bardin, the chief intelligence officer of the threat-tracking firm Treadstone 71, which monitors Iranian hacking activity. “They get in and make a lot of modifications, download new malware, manipulate the memory, so it’s definitely pretty sophisticated. And the Powershell activity has been largely a hallmark of Iranian activity lately. They change their tactics constantly. The more we divulge things we know about them, the more they’ll shift and change.”

Though much remains unknown about APT 34, its capabilities and prowess make the group’s interest in critical infrastructure targets all the more noteworthy, whether it’s tasked with carrying out full operations itself, or charged with laying the groundwork for others to do so.

“This is yet another example of Iranian cyber capability, which only seems to grow every day,” FireEye’s Hultquist says. “It’s a challenge for people who are concerned with Iranian actors, and as geopolitics shifts, the number of people who should be concerned with Iranian actors will probably only increase.”

View full post on National Cyber Security Ventures

Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly

Source: National Cyber Security – Produced By Gregory Evans

Nearly all of the top million most popular domains are inadequately protected from “weaponized” email impersonation by hackers, formerly known as spear phishing, according to a new study released today by San Francisco-based email authentication service provider ValiMail.
One out of every five emails today appears to come from a suspicious sender who’s not authorized to use the sending domain, according to ValiMail’s 2017 Email Fraud Landscape Report. The study also found that only 0.5 percent of the top million domains use adequate authentication strategies to protect against email impersonation, even though most systems support stronger defenses.

Better email authentication defenses could help the typical company save $8.1 million each year in costs related to cybercrime, ValiMail reported.

ValiMail’s findings come on the heels of a report released last week from Google and the University of California-Berkeley that identified phishing as the greatest threat to people’s online identities.

‘Vast Majority’ of Businesses are Vulnerable

DMARC (domain-based message authentication, reporting, and conformance) is an email security system designed to protect against malicious actors sending unauthorized emails that appear to come from legitimate domains. The DMARC system enables administrators to set policies that validate the “From:” content in email headers comes from legitimate senders at those domains.

“Email has been weaponized by hackers as the leading way to infiltrate networks, and the vast majority of businesses are leaving themselves vulnerable by either incorrectly configuring their authentication systems or forgoing protection entirely,” ValiMail co-founder and CEO Alexander García-Tobar said in a statement. “Businesses are asking their employees to complete an impossible task: identifying who is real and who is an impersonator, by closely examining every message in their inboxes. The only sustainable solution is for companies to take control of their email security at the technology level and stop placing the onus on employees to prevent phishing attacks.”

Of organizations that use DMARC to validate their emails, 77 percent have either misconfigured the system or set policies that are too permissive, the ValiMail study found. In fact, only 15 percent to 25 percent of companies in various industries have properly implemented and maintained DMARC protections, the study noted.

‘Alarming Lack of Understanding’

Close to 100,000 phishing email campaigns were reported every month in the early part of this year, according to the Anti-Phishing Working Group, an international coalition of businesses, government organizations, and law-enforcement agencies. Several hundred companies see phishing attacks every few weeks, with businesses in the payment, financial services, and Webmail sectors the most vulnerable, the group said.

The year-long study by Google and the University of California-Berkeley released last week found that phishing poses the top threat against people whose online identities were exposed by Internet data breaches. Google said it has taken several steps in response to boost its authentication systems to defend against phishing.

The new research released today “demonstrates the volume of email fraud threats faced by companies today and highlights the alarming lack of understanding of how to combat these threats,” the Global Cyber Alliance’s Shehzad Mirza said in ValiMail’s statement. “These findings highlight that a lack of email authentication is the most prevalent security vulnerability companies face.”

Late last month, the U.S. Department of Homeland Security issued a directive requiring all federal agencies to begin implementing stronger email security defenses, including DMARC, within 90 days. The move is aimed at preventing federal emails and Web sites from spoofing and impersonation by hackers.

DMARC usage by federal agencies has grown since 2016, although only 38 percent had established adequate record policies as of October, according to the Online Trust Alliance. The ValiMail study noted that DMARC protection is available to most domains.

“Over three-fourths (76 percent) of the world’s email inboxes support DMARC and will enforce domain owners’ authentication policies, if those policies exist,” the report noted.

ValiMail offers its own solution to help enterprises fight the fight to keep email safe. Pricing starts at $30K annually, with the total cost dependent on a number of variables including company size, volume of email, number of domains, and so forth.

The post Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked?

Source: National Cyber Security – Produced By Gregory Evans

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…

The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

7 Signs Your WordPress Website Has Been Hacked

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans One of the reasons WordPress is so popular as a content management system is because of its airtight security . But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe. In fact, weak passwords, domain or hosting level breaches, insecure […] View full post on AmIHackerProof.com | Can You Be Hacked?

If there hadn’t been women we’d still be ….

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ If there hadn’t been women we’d still be squatting in a cave eating raw meat, because we made civilization in order to impress our girlfriends. Orson Welles The post If there hadn’t been women we’d still…

The post If there hadn’t been women we’d still be …. appeared first on Become007.com.

View full post on Become007.com

My wife and I have been together…..

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ My wife and I have been together since 1986. I graduated in ’86 and she graduated in ’88. We began dating when she was 17. Actually she turned 18 when we …

The post My wife and I have been together….. appeared first on Become007.com.

View full post on Become007.com

Your Company Has Been Hacked; Should You Call the Government?

Source: National Cyber Security – Produced By Gregory Evans

U.S. companies’ vulnerability to data security incidents through computer hacking has garnered unprecedented public awareness in the last 12 months. Given our increasing volume of user data generated in business and its significant value, hacking will remain a common feature in the data landscape. In one respect, the most sophisticated…

The post Your Company Has Been Hacked; Should You Call the Government? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

You’ve been hacked and probably don’t even know it

Source: National Cyber Security – Produced By Gregory Evans

You’ve been hacked and probably don’t even know it

There is no such thing as a computer network that has not been hacked or compromised, a leading expert said this week on “Nevada Newsmakers.” There are only two types of computer networks, said Ira Victor, digital forensic analyst for DiscoveryTechnician.com: • Compromised networks with owners who know where they…

The post You’ve been hacked and probably don’t even know it appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam

Source: National Cyber Security – Produced By Gregory Evans

The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam

“Federal Law Enforcement and Microsoft and Were Notified of The Threat in 2016. They Did Not Respond” Atlanta, Georgia (PRWEB) May 18, 2017 National Cyber Security News has recorded conversations of the mastermind behind the ransomware known as “WannaCry”, “WanaCrypt0r”, “WeCry”, and “WanaCrypt”. National Cyber Security Ventures (the parent company of National Cyber Security News) owns and runs several cyber …

The post The Culprit Behind the WannaCry Ransomware Attack Has Been Identified As The Same Group Behind the Microsoft Tech Support Scam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Finding A Convenient and Trusted Hookup Site Has Been Made Easier

Source: National Cyber Security – Produced By Gregory Evans

Top50hookupsites.com, a website providing honest and far-reaching reviews of hook up sites has recently been launched. Anyone, therefore, interested in finding a trusted hookup site can now find honest reviews of different sites before finally making up his mind. In …

The post Finding A Convenient and Trusted Hookup Site Has Been Made Easier appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures