Russian

now browsing by tag

 
 

#school | #ransomware | Dutch University Pays $220K Ransom to Russian Hackers

Source: National Cyber Security – Produced By Gregory Evans University president says damage from the ransomware attack “can scarcely be conceived.” The University of Maastricht located in the Netherlands experienced a ransomware attack on December 24 and wound up paying the hackers 200,000 euros or $220,000 in bitcoin to unblock its computers, reports Reuters. “The […] View full post on AmIHackerProof.com

#hacking | Russian Cybercrime Boss Burkov Pleads Guilty — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans Aleksei Burkov, an ultra-connected Russian hacker once described as “an asset of supreme importance” to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak

Source: National Cyber Security – Produced By Gregory Evans

LONDON — Fears of Russian interference reared their head in the U.K. election this weekend after social media platform Reddit said it believed confidential British government documents were posted to the site as “part of a campaign that has been reported as originating from Russia.”

Reddit launched an investigation after opposition Labour Party leader Jeremy Corbyn brandished the leaked documents at a press conference last month.

The 451-page dossier appeared to reveal rounds of trade negotiations with the U.S. for a post-Brexit trade deal included mention of the country’s beloved National Health Service. Labour claimed they proved Prime Minister Boris Johnson would put the NHS “up for sale” to secure a deal with President Donald Trump.

The British government has not denied the authenticity of the documents. NBC News has not verified their authenticity.

Johnson, whose ruling Conservative Party leads in the polls entering the final week, has denied Corbyn’s claims about what they show.

A British government spokesperson told NBC News Sunday that “online platforms should take responsibility for content posted on them, and we welcome the action Reddit have taken.”

“The U.K. government was already looking into the matter, with support from the National Cyber Security Centre,” the spokesperson said.

Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.

“We do not comment on leaks, and it would be inappropriate to comment.”

Reddit said late Friday that its investigation into the posts related to the leak revealed “a pattern of coordination” by suspect accounts that were similar to a Russian campaign called “Secondary Infektion” discovered on Facebook earlier this year.

The site also said it had banned 61 accounts suspected of violating policies against vote manipulation related to the original post, which was published in October.

Corbyn has not revealed how his party obtained the documents but defended the decision to use them.

Asked about Reddit’s conclusions at a campaign stop Saturday, Corbyn said the news was an “advanced stage of rather belated conspiracy theories.”

“When we released the documents, at no stage did the prime minister or anybody deny that those documents were real, deny the arguments that we put forward. And if there has been no discussion with the USA about access to our health markets, if all that is wrong, how come after a week they still haven’t said that?” he added.

He also criticized the government for failing to release a Parliamentary intelligence committee report on Russian interference in British politics before the election campaign began.

Thursday’s vote was called in an effort to break the deadlock that has left the future of the country’s relationship with the European Union uncertain.

But the future of Britain’s health care has emerged as a powerful rejoinder to the notion of a purely ‘Brexit election.’

Asked about the source of the leak this weekend, Johnson said: “I do think we need to get to the bottom of that.”

Culture minister Nicky Morgan claimed the leak raises concerns of Russian influence on British democracy and said the government is taking steps and “watching for what might be going on.”

“From what was being put on that (Reddit) website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference,” Morgan told the BBC. “And if that is the case, that obviously is extremely serious.”

But if Russia was behind the leak, its aim may not have been to help any particular side in the election, Lisa-Maria Neudert, a researcher at Oxford University’s Project on Computational Propaganda, told Reuters.

“We know from the Russian playbook that often it is not for or against anything,” she said.

“It’s about sowing confusion, and destroying the field of political trust.”

Michele Neubert contributed.

Source link

The post #nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Russian Hacking and Spoofing Threat to NATO Members

Source: National Cyber Security – Produced By Gregory Evans

  • Belgian military will stop using GPS due to the Russia threat.
  • There have been 9,883 suspected incidents of GNSS hacking.
  • Russia can utilize low cost software to send spoofed GPS signals.

The Belgian army will stop using a GPS system due to a heightened risk of Russia’s disruption of the GPS signal. The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the US Air Force. The Belgian military will revert to the use of topographic maps and old fashioned compasses.

In modern mapping, a topographic map is a type of map characterized by large-scale detail and quantitative representation of relief, usually using contour lines. The announcement was made via De Morgen, a Flemish newspaper with a circulation of 53,860. The paper is published in Brussels.

Furthermore, Russia has been accused previously by Finland and Norway of interfering with the GPS signal during the NATO Trident Juncture Training exercise. The Trident Juncture 18, abbreviated TRJE18, was a NATO-led military exercise held in Norway in October and November 2018 with an Article 5 collective defence scenario. The exercise was the largest of its kind in Norway since the 1980s.

NATO publicly acknowledged the reckless Russian behavior of GPS signal interference. GPS is also a widely used application in the civilian world, including vehicles, phones, laptops, etc.

The US also believes that GPS is vulnerable to Russian and Chinese hacking. Merchant ships entering the Black Sea have reported the loss of the GPS signal near the Crimea. The same was reported previously in Syria, where the Russian troops were located. Israel accused Russia too of meddling with the GPS signal in their airports.

The Center for Advance Defense (C4ADS) released a report pertaining to the GPS Spoofing in Russia and Syria earlier this year.  C4ADS is a US based nonprofit organization dedicated to data-driven analysis and evidence-based reporting of conflict and security issues worldwide.

C4ADS undertook a year-long study on the numerous attacks that have happened to the Global Navigation Satellite Systems (GNSS), including the U.S.-owned Global Positioning System (GPS). The study shows that there have been 9,883 suspected incidents of GNSS hacking at more than 10 locations, including 1,311 civilian maritime vessel navigation systems since February 2016.

All these instances have a Russian footprint. Navigation systems sound alarms when they recognize jammers. Spoofing systems create false signals that confuse GNSS systems, leading to severe consequences. As per C4ADS, Russia easily can utilize low cost, commercially available ‘software-defined radios’ (SDR) and open-source code capable of transmitting spoofed GPS signals.

Full Report

Russia poses a true danger to the military and civilians in the West using GPS technology. Russia is notorious for hacking and has been utilizing a cyber warfare strategy for some time. The Kremlin conceptualizes cyber operations within the broader framework of information warfare, a holistic concept that includes computer network operations, electronic warfare, psychological operations, and information operations.

Russia is dangerous, due to their assumption of a more assertive cyber posture and based on its willingness to target critical infrastructure systems (GPS) and conduct espionage operations even when detected and even under public scrutiny.

Source link

The post #hacking | Russian Hacking and Spoofing Threat to NATO Members appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

Source: National Cyber Security – Produced By Gregory Evans

LONDON (Reuters) – Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and U.S. officials said on Monday.

FILE PHOTO: A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. Kacper Pempel//File Photo

The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.

The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.

Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.

In a statement accompanying a joint advisory with the U.S. National Security Agency (NSA), GCHQ’s National Cyber Security Centre said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.

“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.

Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.

GLOBAL HACKING CAMPAIGNS

Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.

Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including FireEye FEYE.O say works for the Iranian government.

Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.

Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.

The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former U.S. intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.

GCHQ declined to comment on Western operations.

By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.

The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.

Additional reporting by Vladimir Soldatkin in Moscow and Babak Dehghanpisheh in Geneva; Editing by Frances Kerry

Our Standards:The Thomson Reuters Trust Principles.

Source link

The post #hacking | Hacking the hackers: Russian group hijacked Iranian spying operation, officials say appeared first on National Cyber Security.

View full post on National Cyber Security

#hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report

Source: National Cyber Security – Produced By Gregory Evans

The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.”

With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.”

None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against.

The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”

And the answer, Check Point concluded, was to analyse all the known data on threat actors, attacks and malware to mine for patterns and draw out all the connections. “This research is the first and the most comprehensive of its kind—thousands of samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations of a superpower country.”

The team expected to find deep seated linkages, connections between groups working into different Russia agencies—FSO, SVR, FSB, GRU. After all, one can reasonably expect all of the various threat groups sponsored by the Russian state to be on the same side, peddling broadly the same agenda.

But that isn’t what they found. And the results from the research actually carry far more terrifying implications for Russia’s capacity to attack the U.S. and its allies on a wide range of fronts than the team expected. It transpires that Russia’s secret weapon is an organisational structure which has taken years to build and makes detection and interception as difficult as possible.

“The results of the research was surprising,” Cohen explains as we talk through the research. “We expected to see some knowledge, some libraries of code shared between the different organizations inside the Russian ecosystem. But we did not. We found clusters of groups sharing code with each other, but no evidence of code sharing between different clusters.” And while such findings could be politics and inter-agency competition, the Check Point team have concluded that it’s more likely to have an operational security motive. “Sharing code is risky—if a security researcher finds one malware family, if it has code shared with different organizations, the security vendor can take down another organisation.”

The approach points to extraordinary levels of investment. “From my perspective,” Yaniv Balmas, Check Point’s head of cyber research tells me. “We were surprised and unhappy—we wanted to find new relationships and we couldn’t. This amount of effort and resources across six huge clusters means huge investment by Russia in offensive cyberspace. I have never seen evidence of that before.”

And the approach has been some time in the making. “It’s is an ongoing operation,” Cohen says, “it’s been there for at least a decade. This magnitude could only be done by China, Russia, the U.S. But I haven’t seen anything like it before.”

The research has been captured in “a very nice map,” as Balmas described it. This map has been built by Check Point and Israeli analytics company Intezer, a complex interactive tool that enables researchers to drill down into malware samples and attack incidents, viewing the relationships within clusters and the isolated firewalls operating at a higher level.

The research has been angled as an advisory ahead of the 2020 U.S. elections. Russia has the capability to mount waves of concerted attacks. It’s known and accepted within the U.S. security community that the elections will almost certainly come under some level of attack. But the findings actually point to something much more sinister. A cyber warfare platform that does carry implications for the election—but also for power grids, transportation networks, financial services.

“That’s the alarming part,” Check Point’s Ekram Ahmed tells me. “The absence of relationships. The sheer volume and resource requirements leads us to speculate that it’s leading up to something big. We’re researchers— if it’s alarming to us, it should definitely be alarming to the rest of the world.”

So what’s the issue? Simply put, it’s Russia’s ability to attack from different angles in a concerted fashion. Wave upon wave of attack, different methodologies with a common objective. And finding and pulling one thread doesn’t lead to any other cluster. No efficiencies have been sought between families of threat actors. “Offense always has an advantage over defense,” Balmas says, “but here it’s even worse. Given the resources Russia is putting in, it’s practically impossible to defend against.”

“It’s alarming,” Check Point explains in its report, “because the segregated architecture uniquely enables the Russians to separate responsibilities and large-scale attack campaigns, ultimately building multi-tiered offensive capabilities that are specifically required to handle a large-scale election hack. And we know that these capabilities cost billions of dollars to build-out.”

I spend lot of time talking to cybersecurity researchers—it’s a noisy space. And given current geopolitics, the Gulf, the trade war, the “splinternet,” there is plenty to write about. But I get the sense here that there’s genuine surprise and alarm at just what has been seen, the extent and strategic foresight that has gone into it, the implications.

And one of those implications is that new threats, new threat actors if following the same approach will be harder to detect. The Check Point team certainly think so. “This is the first time at such a scale we have mapped a whole ecosystem,” the team says, “the most comprehensive depiction yet of Russian cyber espionage.”

And attacks from Russia, whichever cluster might be responsible, tend to bear different hallmarks to the Chinese—or the Iranians or the North Koreans.

“Russian attacks tend to be very aggressive,” Balmas explains. “Usually in offensive cyber and intelligence, the idea is to do things that no-one knows you’re doing. But the Russians do the opposite. They’re very noisy. Encrypting or shutting down entire systems they attack. Formatting hard drives. They seem to like it—so an election attack would likely be very aggressive.”

With 2020 in mind, Ahmed explains, “given what we can see, the organization and sheer magnitude of investment, an offensive would be difficult to stop—very difficult.”

Cohen reiterates the staggering investment implications of what they’ve found. “This separation shows Russia is not afraid to invest enormous amount of money in this operation. There’s no effort to save money. Different organisations with different teams working on the same kind of malware but not sharing code. So expensive.”

All the research and the interactive map is available and open source, Cohen explains, “researchers can see the connections between families, better understanding of evolution of families and malware from 1996 to 2019.”

The perceived threat to the 2020 election is “speculation,” Check Point acknowledges. “But it’s based on how the Russians are organizing, the way they’re building the foundation of their cyber espionage ecosystem.”

So, stepping back from the detail what’s the learning here? There have been continual disclosures in recent months on state-sponsored threat actors and their tactics, techniques and procedures. The last Check Point research I reported on disclosed China’s trapping of NSA malware on “honeypot” machines. Taken in the round, all of this increased visibility on Russian and Chinese approaches, in particular, provides a better sense of the threats as the global cyber warfare landscape becomes more complex and integrated with the physical threats we also face.

On Monday [September 23], 27 nation-states signed a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” citing the use of cyberspace “to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”

The statement was made with Russia and China in mind, and a good working example of how such attack campaigns are supported in practice can be viewed by exploring Check Point’s Russian cyber espionage map, which is now available online.

Source link

The post #hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report appeared first on National Cyber Security.

View full post on National Cyber Security

CISCO #STOCK #DIPS ON POSSIBLE #RUSSIAN #HACKING

Cisco Systems, Inc. (NASDAQ:CSCO) is trading lower today, after the company announced that a group of hackers have compromised more than 500,000 routers and other devices in several countries. Cisco suspects this was the work of the Russian government, and its ultimate plan was to launch a major cyber attack on Ukraine. Shares of CSCO have shed 0.8% on the news, last seen at $43.28, falling back below the 80-day moving average and pacing for their lowest close since April 13. This trendline, a previous level of support, was brought back into play by the stock’s post-earnings bear gap last Thursday.

Longer term, the networks specialist has been strong on the charts, up 36.4% over the last year. This technical success has earned the stock almost exclusively bullish attention from analysts, with 18 of the 20 in coverage saying to buy the shares. Also, the average one-year price target from this group is $49.74, which prices in upside of almost 15%.

Options traders across the International Securities Exchange (ISE), Chicago Board Options Exchange (CBOE), and NASDAQ OMX PHLX (PHLX) have been bullish, too. CSCO sports a 10-day call/put volume ratio of 3.07 across these exchanges, a number that ranks in the top quartile of its annual range. So not only has call buying tripled put buying, but such a preference for calls over puts is pretty rare.

It’s a similar setup in today’s trading, despite the pullback, with call volume tripling put volume, and the July 44 call coming in as the most popular. But considering Cisco has a Schaeffer’s Volatility Index (SVI) of 18%, which ranks in the low 12th annual percentile, even put buyers can at least rest assured they’re getting relatively low volatility premiums at the moment.

advertisement:

The post CISCO #STOCK #DIPS ON POSSIBLE #RUSSIAN #HACKING appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian #hackers could #instantly cut #off the #internet for #half a #million people

Russian hackers have infected more than half a million routers across 54 countries with sophisticated malware that contains a killswitch to instantly cut internet access to users, security researchers have revealed.

The VPNFilter malware also allows attackers to monitor the web activity of anyone using the routers, including the their passwords, potentially opening up the possibility of further hacks.

“Both the scale and capability of this operation are concerning,” William Largent, a researcher at the cybersecurity firm Talos, said in a blogpost describing the vulnerability.

“The destructive capability particularly concerns us. This shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware.”

The malware has been attributed to a group of Russian hackers, who are variously known as Sofacy Group, Fancy Bear and Apt28. The group has been in operation since the mid-2000s and has previously been blamed for attacks ranging from the Ukrainian military to the 2017 French elections.

Security researchers tell The Independent that the discovery of the malware highlights a broader issue of how vulnerable internet-connected infrastructure is to cyber attacks.

“No longer can we afford to keep our critical infrastructure connected to, and therefore directly accessible to, the internet,” said Eric Trexler, vice president of global governments and critical infrastructure at cybersecurity firm Forcepoint.

“VPNFilter proves that time tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks.”

Routers found to be vulnerable to the VPNFilter malware include Linksys, MikroTik, Netgear and TP-Link, all of which are often used in homes or small offices. The researchers say they have not yet completed their research but they are making it public now to draw attention to it.

“Defending against this threat is extremely difficult due to the nature of the affected devices,” Mr Largent said.

“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”

The FBI responded to the revelations by granting court permission to seize a web domain believed to be in control of the Russian hackers.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement on Wednesday.

advertisement:

FBI Special Agent Bob Johnson added: “Although there is still much to be learned about how this particular threat initially compromises infected routers and other devices, we encourage citizens and businesses to keep their network equipment updates and to change default passwords.

The post Russian #hackers could #instantly cut #off the #internet for #half a #million people appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Norway and #US #Busted #Hacking Russian #Networks to #Gain #Data on #Leadership

This is the first time Norwegian hacking efforts to obtain intelligence information on Russia have been documented. According to formerly classified documents, Norway and the US have been pooling their spying efforts since 2011.

Norwegian and US intelligence services have collaborated on hacking Russian networks in order to retrieve information on Russia’s political leadership and energy policy, as proceeds from the formerly classified documents by the National Security Agency (NSA) published by The Intercept.

Previously, only a small part of the three-page document was available, but now the document has been made available in its entirety.

It was in September 2011 that Norway’s Intelligence Service (NIS) first informed the NSA that they were running espionage programs in computer networks, whereupon an agreement on data-sharing was reached. The NSA would then expand and strengthen cooperation with Norway, focusing on targets in the Russian political leadership and Russia’s management of natural and energy resources.

An annual planning meeting between the NSA and the NIS was held on March 7, 2013. Some of the topics discussed were Norway’s access to data cables, data processing and external data storage, as well as obtaining information from commercial satellites.

Read More….

advertisement:

The post Norway and #US #Busted #Hacking Russian #Networks to #Gain #Data on #Leadership appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian group #hacked German #government’s secure #computer #networks

Source: National Cyber Security News

A Russian-backed hacker group known for many high-level cyber attacks was able to infiltrate the German government’s secure computer networks, the dpa news agency reported Wednesday.

Dpa cited unidentified security sources saying the group APT28 hacked into Germany’s foreign and defence ministries and managed to steal data.

The attack was noticed in December and may have lasted a year, dpa reported.

The Interior Ministry said in a statement that “within the federal administration the attack was isolated and brought under control.” The ministry said it was investigating.

A spokesman wouldn’t give further details, citing the ongoing analysis and security measures being taken.

“This case is being worked on with the highest priority and considerable resources,” the ministry statement said.

APT28, which has been linked to Russian military intelligence, has previously been identified as the likely source of an attack on the German Parliament in 2015, as well as on NATO and governments in eastern Europe.

Also known by other names including “Fancy Bear,” APT28 has also been blamed for hacks of the U.S. election campaign, anti-doping agencies and other targets.

Read More….

advertisement:

View full post on National Cyber Security Ventures