They

now browsing by tag

 
 

#deepweb | N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed.

Source: National Cyber Security – Produced By Gregory Evans

The ransom demand was electronic.

In 2017, Newark’s computer system was hijacked by a group of hackers from halfway across the world, shutting down municipal services. Officials were given just seven days to come up with $30,000 in Bitcoin or they could kiss the city’s encrypted computer files goodbye.

They paid the ransom.

Cybercrime continues to explode nationwide, according to the Federal Bureau of Investigation’s most recent internet crime report. Last year, federal authorities received more than 350,000 complaints involving internet-based fraud, an increase of 16.7 percent over the previous year. Victim losses across the country in 2018 related to cybercrime totaled $2.71 billion.

In New Jersey, more than 8,400 victims across the state — including businesses, individuals, and government agencies — reported overall cybercrime losses last year of $79.7 million, making the state ninth in the nation for such high-tech theft, the FBI reported.

While much of that involved scams against individuals, businesses and Fortune 500 companies, the masters of the dark web have also been targeting your local tax collector’s office. Dozens of municipal government agencies in New Jersey have been victimized by hackers over the past two years, but have been reluctant to make those attacks public, officials say.

John Cohen, a senior expert on global threats for the Argonne National Laboratory and a professor at the Georgetown University Security Studies Program, said local governments remain easy targets for cyber criminals.

“Their systems remain vulnerable due insufficient security and local governments continue to pay the criminals,” Cohen said. “Until localities change their practices in the regard, they will continue to be targeted.”

In New Jersey, the state’s Office of Homeland Security and Preparedness said it has been tracking the threat of ransomware since 2015 and officials said municipal governments have long been in the mix.

“Many cyber-threat actors are just looking for low-risk targets and something they can monetize,” said Jared Maples, who heads the state agency. “The availability of hacking tools and the increasing number of unsecured internet-connected devices reduces the need for extensive technical skills to carry out successful cyberattacks.”

Officials at the Municipal Excess Liability Joint Insurance Fund, which helps insure public entities across the state, said they have seen a 540% increase in cyber attacks on local government agencies since 2013. About 80 events have been reported over that time, but officials with the fund said they were aware of 50 others that were never formally reported.

“Nobody wants to acknowledge they’ve been victimized,” said Marc Pfeiffer, assistant director of the Bloustein Local Government Research Center at Rutgers University, of the radio silence. Nobody is going to call a press conference to announce someone made off with taxpayer funds, he said.

Maples, meanwhile, believes that what is happening is only going to get worse.

“Cyberspace is a complex, diverse, and fluid security environment with real, persistent, and evolving threats,” he said. “The impacts of cyberattacks will increase as we enter into an era of autonomous systems, artificial intelligence, smart cities, hyper-connectivity, and the convergence of cyber-physical systems and devices.”

MORPHING SCHEMES

While many of the high profile cybercrime cases that have come to light in recent years have involved ransomware, where malicious software delivered by a link that should never have been clicked is used to corrupt and encrypt computer files, that is only one of many weapons commonly employed. According to the FBI, the attack tactic most gaining favor these days is known as Business Email Compromise, or BEC, which targets those who use wire transfers.

The BEC scam works by compromising the email of corporate executives — and sometimes of municipal officials involved in finance — and seeks to redirect wire transfers meant for suppliers or financial institutions to fraudulent accounts both here and abroad.

Earlier this year, Lawrence Espaillat, 41, of Clifton pleaded guilty in connection with a BEC scheme to steal more than $1 million from corporate victims and individuals. Authorities said Espaillat and others incorporated sham businesses and created email addresses, which mimicked but differed slightly from legitimate email addresses of supervisory employees at various companies. Emails from those sham accounts were then used to send what appeared to be requests for payment of legitimate invoices or debts owed by the victims.

Last year in New Jersey, according to state municipal finance officials, at least one unnamed municipality was sent wiring instructions by such a compromised email to change its bond anticipation note payments from what appeared to be one reputable banking institution to another. They sent $40,000 to the other account, which was fraudulent.

In August 2018, the FBI said received a complaint filed on behalf of another New Jersey town that fell victim of another BEC scam, transferring more than $1 million into the fraudulent account. Michael Doyle, an FBI supervisory special agent in New Jersey, would not identify the town, but said the money was recovered through a “financial fraud kill chain” that moves to quickly freeze funds and recall a wire transfer if they are alerted without delay.

Noting the explosion in BEC complaints nationally, Doyle said the nature of cybercrime is changing. More than $1.2 billion in losses were attributed last year to just on compromised business email scams.

“It dwarfs everything else,” the FBI agent said — far more than the $362 million lost to victims in confidence or romance fraud.

Yet while ransomware complaints do not top the list of cybercrime complaints, Doyle suspects what happened in Newark may be happening more than is being reported to authorities. How the money is taken has also morphed, he added, with the use of “money mules” in the United States who act — sometimes unwittingly — as a go-between, so that suspicions are not raised by having money directly wired overseas.

“It used to be jumping out of the country immediately,” Doyle said. Now, potential victims might think it suspicious to be told to send money to an account in Hong Kong. These days, money may be wired through a series of destination points before in lands in somebody’s pocket.

Last November, two Iranian men were indicted in connection with an international wave of ransomware attacks that shut down Newark’s computer systems, and led to the city’s payment of $30,000 to regain control of the city’s electronic files. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri where charged with running what officials called “an extreme form of 21st century digital blackmail.”

Both men remain at large.

Doyle said cybercrime is still far more likely to target big companies than town hall. Usually municipalities don’t have that kind of money. There’s no revenue stream.

Still, the problem for local government is growing, officials here say.

David N. Grubb, executive director of the Municipal Excess Liability Joint Insurance Fund in Parsippany, said the impact is not insignificant.

“When a municipality gets hit by one of these things, can’t quantify the disruption that occurs. There are things that can’t happen when you are trying to get the system up and running. There is a reputational cost,” he said. It can get residents quite upset.“

A spokeswoman for Newark said the city has made numerous changes and improvements to defend against similar attacks, including improvements to infrastructure, training as well as following professional recommendations that identified security gaps.

“While no amount of preparation protects any organization 100%, the city is in a much better position to thwart similar events,” said the spokeswoman, Crystal Rosa.

At the same time, she said the city is constantly being being targeted.

“Measures put in place, actions following the prior ransomware event, have identified attempts and been successful to date from any in-depth intrusion,” she said.

With three dozen or more New Jersey municipalities the victims of successful hacker attacks in just the last two years, Pfeiffer said local officials are paying more attention, and like Newark, said that the electronic systems of every municipality in the state are under attack daily. Most municipalities now have cyber insurance, he added.

But technology requires management, and that requires time and money.

“There are two things you cannot be without in managing technology,” he said. “You have to have somebody you trust advising you on technology. And you have to have a sound backup plan.”

Ted Sherman may be reached at tsherman@njadvancemedia.com. Follow him on Twitter @TedShermanSL. Facebook: @TedSherman.reporter. Find NJ.com on Facebook.

Have a tip? Tell us. nj.com/tips

Get the latest updates right in your inbox. Subscribe to NJ.com’s newsletters.

Source link
——————————————————————————————————

The post #deepweb | <p> N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed. <p> appeared first on National Cyber Security.

View full post on National Cyber Security

The most #notorious #hacks in #history, and what they mean for the #future of #cybersecurity

Source: National Cyber Security News

Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.

For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.

As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.

Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybersecurity Attacks Don’t Go Away, They Morph

Source: National Cyber Security News

The second day of Mobile World Congress kicked off with talks on three emerging technology areas: 5G, next-gen cybersecurity, and what it means to stay agile and innovative in a rapidly changing world

On stage here, McAfee CEO Christopher Young walked up to an Amazon Echo speaker to debut the McAfee Secure Home Platform Skill with a simple command: “Alexa, launch McAfee.”

The connected device ecosystem has surpassed the world’s population as hard-to-secure devices like smart refrigerators, televisions, and lightbulbs proliferate within the home, Young said. He ran down a greatest hits of recent exploits—from WannaCry and the Mirai botnet to Meltdown and Spectre—and argued that these threats will never truly go away.

“Attacks are increasing in complexity and scale. No attack ever goes away, instead it morphs and evolves over time. WannaCry looked like a ransomware attack, but it was also a worm taking advantage of a specific exploit that drove chaos across the public and private sectors and was eventually attributed to a nation-state,” said Young. “We’ve also already started to see connected devices weaponized out in the ecosystem. 2016 saw Mirai, the largest DDoS attack ever levied against [DNS provider] Dyn. That same botnet is alive and well today, and attacking a new device right now every six minutes, adding to its botnet armies.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Source: National Cyber Security – Produced By Gregory Evans

Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace

Bank heists aren’t what they used to be. With sophisticated underground networks of hackers able to remotely swipe millions from financial institutions within seconds, many now look back wistfully on the days when a bank robbery involved a getaway chase, fat wads of cash and a bandit eye mask.

“Cyber is now the tool of choice for significant financial crime: it is easier to dispose of the stolen assets and the crime is easier to get away with,” says Andrew Moir, head of global cyber security at law firm Herbert Smith Freehills. “Compare the $81m (£61m) Bank of Bangladesh cyber heist [stolen from the bank’s account at the US Federal Reserve last year] to the £25m Hatton Garden jewel raid.”

The City of London is eager to show it is a leader in the fight against computer crime, particularly as Brexit rumbles in the background and threatens London’s status as Europe’s financial centre.

Dominic Raab, the justice minister, said last month that a decision to open a new court in the City to focus on cyber crime was a “terrific advert for post-Brexit Britain” while Catherine McGuinness, the City’s top official, is heading to Israel to meet cyber security experts and academics, with the aim of mirroring Tel Aviv’s success in attracting start-ups.

“[It’s] the first time we’ve made a trip like this, there is a fresh focus on cyber from us as an organisation,” Ms McGuinness made clear, adding that she will be looking at potential partnerships with specialists in Israel. She uses the new court, which is being funded by the City of London Corporation and will be based in the Square Mile, as an example for how the UK is keeping up with financial crime in the 21st century.

The UK was the target of one in eight cyber attacks in Europe between January and September last year, according to research from cyber security firm FireEye. No wonder then that the City is ploughing money into the issue – all too aware that finance is among the most targeted industries. The UK’s National Cyber Security Centre has dealt with more than 600 “significant” cyber attacks since it was opened just a year ago by the Government Communications Headquarters (GCHQ), and today is hosting a summit for EU member states to share what it has learnt.

Few are aware of the importance of tackling this issue more than Robert Hannigan, the former GCHQ boss who joined the intelligence agency just after the Edward Snowden scandal in 2014 and left earlier this year. Credited with preparing the UK for a new era of cyber challenges (he was behind the launch of the cyber centre), he is now advising businesses on how to prepare for future risks.

“Attacks used to be very crude misspelled [emails], now they are sophisticated – we have seen criminals researching targets, seeing where a CEO’s children go to school so an email looks like it comes from there,” he says, illustrating how hard it can be to spot a red flag. “These aren’t teenagers in a bedroom, these are seriously organised groups. They’ve taken the internet and gig economy model and hire people in.”

Having been Tony Blair’s adviser on Northern Ireland peace talks and a former director general of defence and intelligence at the Foreign Office, Mr Hannigan has seen first hand the changes in the way criminal gangs operate. Many have grown up with the internet, and with technology moving so fast one of the biggest challenges is trying to forecast what the techniques will be in 10 or 20 years, he says.

Trying to make that prediction will require a lot more specialists than are currently available. The UK has a shortage of experts, with start-ups competing to recruit convicted hackers for expertise. Lobby group TheCityUK told The Daily Telegraph this year that it wants to see cyber schools in each UK city with a big financial services presence so that institutions aren’t scrabbling for talent, with plans to transform Bletchley Park – used to crack codes in the Second World War – into the UK’s first National College of Cyber Security delayed by a year. Part of Ms McGuinness’s trip to Israel this week will be about learning how to draw cyber entrepreneurs to the UK.

Mr Hannigan, who is currently advising Lloyd’s of London insurer Hiscox on potential cyber risks ,warns that, while the finance sector is miles ahead of many others in terms of cyber security and awareness, institutions can be “naive” when it comes to state-linked cyber threats with many underestimating the extent to which some countries work with crime groups.

“As state and crime threats merge in some areas, that’s something which needs more work,” he said, using North Korea as an example. “Institutions tend to think that states wouldn’t want to damage the international financial system which they have a stake in, but of course North Korea doesn’t have a stake in it and doesn’t really care.

“That crossover of crime and state is here to stay. I think, thinking beyond fraud and crime, companies need to think about the motives of states that might want to access their data. Financial institutions hold very personal data about millions of people.”

“Cyber crime certainly is capable of causing the next financial crisis – anything that undermines confidence in the banking system could have that effect,” adds Mr Moir, underlining the severity of a potential attack. “Suppose hackers penetrate a bank’s systems and manipulate balances or mortgages so they can no longer be trusted?”

 

The post Today’s bank heists aren’t what they used to be with the battle now fought out in cyberspace appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers could take over your computer if they fragged you on some CS:GO servers

Source: National Cyber Security – Produced By Gregory Evans

An exploit in the Counter-Strike: Global Offensive Source (SDK) engine was removed in a June update, according a report from software security company One Up Security yesterday. The vulnerability allowed users in CS:GO community browser and third-party servers to hack into another player’s computer merely through killing them on a…

The post Hackers could take over your computer if they fragged you on some CS:GO servers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why password overload is giving hackers exactly what they want

Source: National Cyber Security – Produced By Gregory Evans

In the United States, the average email address is associated with no fewer than 130 different accounts on the internet. How many accounts do you use on a daily basis? Chances are there are accounts out there you haven’t seen or thought about in decades. Many people report having more…

The post Why password overload is giving hackers exactly what they want appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Police insist they treat cyber crime seriously following critical national report

Police insist they treat cyber crime seriously following critical national reportSource: National Cyber Security – Produced By Gregory Evans Police have stressed how seriously they treat cyber crime following a new report criticising how the growing trend is tackled by forces nationally. The National Audit Office (NAO) said the issue was “not yet a priority” for all local police forces and the problem had been […] View full post on AmIHackerProof.com | Can You Be Hacked?

‘Impossible’ to protect children from online threats and they must be taught how to deal with them

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Trying to protect children from all online risks may be futile as kids keep their cyber lives secret, says a report. It is more important to make children “resilient” to the …

The post ‘Impossible’ to protect children from online threats and they must be taught how to deal with them appeared first on Become007.com.

View full post on Become007.com

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Source: National Cyber Security – Produced By Gregory Evans

ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things?

Companies operating Industrial Control Systems (ICS) have a special set of challenges to deal with. Which is the state of the art? The equipment was expected to be installed and left alone for a long time. Pressures to reduce operating costs led to this equipment being connected, and the easiest…

The post ICS Companies Are Worried About Cybersecurity, But Are They Worried About the Right Things? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It’s almost time for summer camp for kids around the tri-state area. As you pack and plan for the perfect summer, there’s a conversation you may want to have about bullying. …

The post It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp appeared first on Become007.com.

View full post on Become007.com