U.S.

now browsing by tag

 
 

#hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report

Source: National Cyber Security – Produced By Gregory Evans

The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.”

With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.”

None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against.

The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”

And the answer, Check Point concluded, was to analyse all the known data on threat actors, attacks and malware to mine for patterns and draw out all the connections. “This research is the first and the most comprehensive of its kind—thousands of samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations of a superpower country.”

The team expected to find deep seated linkages, connections between groups working into different Russia agencies—FSO, SVR, FSB, GRU. After all, one can reasonably expect all of the various threat groups sponsored by the Russian state to be on the same side, peddling broadly the same agenda.

But that isn’t what they found. And the results from the research actually carry far more terrifying implications for Russia’s capacity to attack the U.S. and its allies on a wide range of fronts than the team expected. It transpires that Russia’s secret weapon is an organisational structure which has taken years to build and makes detection and interception as difficult as possible.

“The results of the research was surprising,” Cohen explains as we talk through the research. “We expected to see some knowledge, some libraries of code shared between the different organizations inside the Russian ecosystem. But we did not. We found clusters of groups sharing code with each other, but no evidence of code sharing between different clusters.” And while such findings could be politics and inter-agency competition, the Check Point team have concluded that it’s more likely to have an operational security motive. “Sharing code is risky—if a security researcher finds one malware family, if it has code shared with different organizations, the security vendor can take down another organisation.”

The approach points to extraordinary levels of investment. “From my perspective,” Yaniv Balmas, Check Point’s head of cyber research tells me. “We were surprised and unhappy—we wanted to find new relationships and we couldn’t. This amount of effort and resources across six huge clusters means huge investment by Russia in offensive cyberspace. I have never seen evidence of that before.”

And the approach has been some time in the making. “It’s is an ongoing operation,” Cohen says, “it’s been there for at least a decade. This magnitude could only be done by China, Russia, the U.S. But I haven’t seen anything like it before.”

The research has been captured in “a very nice map,” as Balmas described it. This map has been built by Check Point and Israeli analytics company Intezer, a complex interactive tool that enables researchers to drill down into malware samples and attack incidents, viewing the relationships within clusters and the isolated firewalls operating at a higher level.

The research has been angled as an advisory ahead of the 2020 U.S. elections. Russia has the capability to mount waves of concerted attacks. It’s known and accepted within the U.S. security community that the elections will almost certainly come under some level of attack. But the findings actually point to something much more sinister. A cyber warfare platform that does carry implications for the election—but also for power grids, transportation networks, financial services.

“That’s the alarming part,” Check Point’s Ekram Ahmed tells me. “The absence of relationships. The sheer volume and resource requirements leads us to speculate that it’s leading up to something big. We’re researchers— if it’s alarming to us, it should definitely be alarming to the rest of the world.”

So what’s the issue? Simply put, it’s Russia’s ability to attack from different angles in a concerted fashion. Wave upon wave of attack, different methodologies with a common objective. And finding and pulling one thread doesn’t lead to any other cluster. No efficiencies have been sought between families of threat actors. “Offense always has an advantage over defense,” Balmas says, “but here it’s even worse. Given the resources Russia is putting in, it’s practically impossible to defend against.”

“It’s alarming,” Check Point explains in its report, “because the segregated architecture uniquely enables the Russians to separate responsibilities and large-scale attack campaigns, ultimately building multi-tiered offensive capabilities that are specifically required to handle a large-scale election hack. And we know that these capabilities cost billions of dollars to build-out.”

I spend lot of time talking to cybersecurity researchers—it’s a noisy space. And given current geopolitics, the Gulf, the trade war, the “splinternet,” there is plenty to write about. But I get the sense here that there’s genuine surprise and alarm at just what has been seen, the extent and strategic foresight that has gone into it, the implications.

And one of those implications is that new threats, new threat actors if following the same approach will be harder to detect. The Check Point team certainly think so. “This is the first time at such a scale we have mapped a whole ecosystem,” the team says, “the most comprehensive depiction yet of Russian cyber espionage.”

And attacks from Russia, whichever cluster might be responsible, tend to bear different hallmarks to the Chinese—or the Iranians or the North Koreans.

“Russian attacks tend to be very aggressive,” Balmas explains. “Usually in offensive cyber and intelligence, the idea is to do things that no-one knows you’re doing. But the Russians do the opposite. They’re very noisy. Encrypting or shutting down entire systems they attack. Formatting hard drives. They seem to like it—so an election attack would likely be very aggressive.”

With 2020 in mind, Ahmed explains, “given what we can see, the organization and sheer magnitude of investment, an offensive would be difficult to stop—very difficult.”

Cohen reiterates the staggering investment implications of what they’ve found. “This separation shows Russia is not afraid to invest enormous amount of money in this operation. There’s no effort to save money. Different organisations with different teams working on the same kind of malware but not sharing code. So expensive.”

All the research and the interactive map is available and open source, Cohen explains, “researchers can see the connections between families, better understanding of evolution of families and malware from 1996 to 2019.”

The perceived threat to the 2020 election is “speculation,” Check Point acknowledges. “But it’s based on how the Russians are organizing, the way they’re building the foundation of their cyber espionage ecosystem.”

So, stepping back from the detail what’s the learning here? There have been continual disclosures in recent months on state-sponsored threat actors and their tactics, techniques and procedures. The last Check Point research I reported on disclosed China’s trapping of NSA malware on “honeypot” machines. Taken in the round, all of this increased visibility on Russian and Chinese approaches, in particular, provides a better sense of the threats as the global cyber warfare landscape becomes more complex and integrated with the physical threats we also face.

On Monday [September 23], 27 nation-states signed a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” citing the use of cyberspace “to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”

The statement was made with Russia and China in mind, and a good working example of how such attack campaigns are supported in practice can be viewed by exploring Check Point’s Russian cyber espionage map, which is now available online.

Source link

The post #hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report appeared first on National Cyber Security.

View full post on National Cyber Security

Computer #Hackers Are #Demanding #Money From #Cities, #States, And #Companies In The #U.S.

Computer hackers are getting more sophisticated. They are not afraid to hold cities, states, and companies’ hostage until they pay a ransom. Hackers are modern day tech pirates that disrupt computer programs and turn shareholders into anxiety-ridden puppets. Computer networks in Denver, Atlanta, and Baltimore, as well as a computer network of Boeing Airlines, are recent victims. Atlanta’s computers went down on March 22nd when a hacker locked important data behind an encrypted wall. The wall would stay in place, according to the hackers, until the city pays the hackers $51,000 in Bitcoins. Atlanta has a week to comply. If the city doesn’t pay, all that important data will vanish, according to the computer pirates. No one is sure if Atlanta paid the money, according to a Fox News report. But Mayor Keisha Lance Bottoms didn’t rule out payment.

The hacking group calls itself “SamSam.” SamSam is not new to the hacking world. The group pocketed more than $800,000 in 2017. The city of Leeds, Atlanta paid SamSam $12,000 in February 2018 to release their data. But Atlanta is not the only city that SamSam has in its hacking sights this month. Officials in Baltimore said their 911 dispatch system was under attack. The system was down for 17 hours recently to prove the hackers were serious. The hackers were able to get into the system after the city made an internal change to their firewall. But the Baltimore hackers didn’t ask for money, and that is concerning, according to Frank Johnson, Baltimore’s chief information officer.

Boeing, the world’s top aerospace company, is also under attack by the now famous WannaCry ransomware. WannaCry is the same ransomware that crippled Britain’s healthcare services in 2017. The Boeing attack is not as serious as the attack in Britain, according to Boeing’s head of communications Linda Mills. Mills also said the 777 jet program was not part of the hack. Mills said only a few company machines were under attack.

Denver also had a suspicious outage when denvergov.org and pocketgov.org, as well as other online services, suddenly stopped in March. Some city staffers lost access to their email account. Denver officials claim the shutdown was the work of a computer bug, but Colorado’s Department of Transportation was a SamSam victim in February. The hackers said the information would come back to them if Colorado paid in Bitcoins, according to a news report by Denver7.

advertisement:

The post Computer #Hackers Are #Demanding #Money From #Cities, #States, And #Companies In The #U.S. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #Safety of U.S. #Data Could #Rest in #Georgia

Source: National Cyber Security News

At one point or another, much of the U.S.’s data passes through Georgia.

The state is a financial technology capital, with 70 percent of all payment transactions handled in Atlanta. And Georgia is a major internet access point for not only the Southeast but also the Caribbean and part of South America, says Stanton Gatewood, the state’s chief information security officer.

“We have a tremendous amount of information flowing through the state of Georgia,” he says.

But as more data is generated online, cybersecurity resources struggle to keep up. In 2017, the cybersecurity workforce gap was expected to hit 1.8 million people by 2022, a 20 percent increase since 2015. Sources say a shortage exists because cybersecurity is a relatively new academic field, so people haven’t had ample opportunity to undergo the proper training and gain necessary skills. “The crush of demand is coming at once, and academia can’t really keep up,” says Michael Farrell, co-executive director of the Georgia Institute of Technology’s Institute for Information Security & Privacy.

In the face of this issue, Georgia is working to become a cybersecurity hub, amassing an arsenal of initiatives. The U.S. Army Cyber Command is moving from Virginia to Fort Gordon army base, right next to Augusta, Georgia.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Democrats #Seek $1 #Billion To #Boost #Cybersecurity For U.S. #Elections

Source: National Cyber Security News

Congressional Democrats introduced legislation on Wednesday that would provide more than $1 billion to boost cybersecurity of U.S. voting systems, and Vice President Mike Pence defended the administration’s efforts to protect polls from hackers.

The measure followed warnings on Tuesday from U.S. intelligence officials that midterm races in November are likely to see renewed meddling from Russia and possibly other foreign adversaries.

“We cannot let the Russians laugh about and take joy in the success they had in the last election,” Nancy Pelosi, the Democratic leader in the House of Representatives, told a news conference. “Their goal is to undermine democracy.”

Lawmakers have introduced several bills, some with bipartisan support, to bolster election security since the 2016 polls in which Republican Donald Trump was elected president. None have become law.

The new bill is the most comprehensive to date and is aimed at bolstering protection for the midterms and subsequent elections. It has no Republican co-sponsors in the House, which the party controls, and is therefore unlikely to succeed.

Pence, speaking at an event hosted by the online news site Axios, said Americans could trust the 2016 election results and that it was an “ongoing effort” of Trump’s administration to protect election infrastructure.

Read More….

advertisement:

View full post on National Cyber Security Ventures

NSA #hacking #code lifted from a #personal #computer in #U.S

Source: National Cyber Security – Produced By Gregory Evans

NSA #hacking #code lifted from a #personal #computer in #U.S

Moscow-based multinational cybersecurity firm Kaspersky Lab on October 25 said that it obtained suspected National Security Agency (NSA) hacking code from a personal computer in the U.S. During the review of file’s contents, a Kaspersky analyst discovered it contained the source code for a hacking tool later attributed to what it calls the Equation Group.

Kaspersky said it assumed the 2014 source code episode was connected to the NSA’s loss of files. The antivirus software-maker spokeswoman Sarah Kitsos was quoted saying as “we deleted the archive because we don’t need the source code to improve our protection technologies and because of concerns regarding the handling of classified materials”.

Another spokeswoman Yuliya Shlychkova told Reuters that removals of such uninfected material happen “extremely rarely.”

Meanwhile, Democratic Senator Jeanne Shaheen sent a letter to the Department of Homeland Security (DHS) acting Secretary Elaine Duke and Director of National Intelligence Dan Coats, urging the U.S. government to declassify information about Kaspersky products.

In October this year, the U.S. NSA contractor came under scanner, whose personal computer was equipped with Kaspersky anti-virus software and confidential details were shared with the Russian company. The unidentified NSA contractor had reportedly downloaded a cache of classified information from his workplace, even though he was aware of the consequences that moving such a classified and confidential data without approval is not only against NSA policy, but it also falls under criminal offence.

Kaspersky Lab repeatedly denied that it has any unethical ties to any government and said it would not help a government with cyber espionage or offensive cyber efforts. It also highlighted that more than 85% of its revenue comes from outside Russia. It maintains that it has no connection with Russian intelligence but it is registered with the Federal Security Service.

To restore people’s and government’s trust again, Kaspersky on October 23 allowed to have his company’s source code audited independently by internationally recognized independent authorities in the first quarter of 2018. As part of comprehensive transparency initiative, the firm plans to open three transparency centers across the U.S., Europe and Asia by 2020.

According to Wall Street Journal, it was reported earlier this month that hackers working for the Russian government appeared to have targeted an NSA worker by using Kaspersky software to identify classified files in 2015.

The New York Times reported on October 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Following allegations Russian hackers interfered in 2016 U.S. elections, the DHS had banned the Kaspersky Lab software in September 2017, citing concerns the company may be linked to the Kremlin and Russian spy agencies.

The post NSA #hacking #code lifted from a #personal #computer in #U.S appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #targeting #NATO and #U.S. military #cyber-experts

Source: National Cyber Security – Produced By Gregory Evans

Hackers #targeting #NATO and #U.S. military #cyber-experts

Hackers backed by the military intelligence agency of Russia are apparently targeting security researchers with their latest campaign, which uses a document advertising a cybersecurity conference in Washington D.C. as the lure.

Security researchers are being sent a document titled ‘Conference_on_Cyber_Conflict.doc’, containing information about the upcoming 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.). While the conference is real, the document is not, reports ZD Net.

The real conference is being hosted by the US Army and NATO Cooperative Cyber Defence Centre of Excellence and will run from November 7 through 8 this year at the Ronald Reagan Building in Washington D.C. CyCon U.S. is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence.

APT28 or Fancy Bear linked to Russia
Over the weekend, security researchers at Cisco Talos revealed that an operation called Group 74, or APT28 aka Fancy Bear (that was also responsible for the DNC hack last year), has “weaponized” a real Word document titled “Conference_on_Cyber_Conflict.doc” with malware.

The hackers used a variant of a malware called Setuploader, commonly used in espionage. “This is clearly an attempt to exploit the credibility of Army Cyber Institute and NATO CCDCOE in order to target high-ranking officials and experts of cybersecurity,” said a CCDCOE spokesperson.

Setuploader has the ability to take screenshots, extract data, execute code and download additional fake files, and more, according to the researchers. This points to the hackers wanting to steal information with the goal of espionage. One thing is different about this particular document – It doesn’t contain an Office exploit or a zero-day.

Instead, it uses a malicious Visual Basic for Applications (VBA) macro, designed to run code within the selected application — in this case, Microsoft Word. This shows the extent that some groups will go to in extracting information from a particular group, in this case, cybersecurity experts.

The Sunday report comes just a few days after Proofpoint’s report had suggested APT28 was actively leveraging a security exploit that was patched by Adobe last week, in hopes of infecting as many targets in government departments and aerospace companies as it could before the breach was discovered.

 

The post Hackers #targeting #NATO and #U.S. military #cyber-experts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers are #targeting schools, #U.S. Department of Education warns

Source: National Cyber Security – Produced By Gregory Evans

Hackers are #targeting schools, #U.S. Department of Education warns

When Superintendent Steve Bradshaw first received a threatening text message in mid-September, he didn’t know it was coming from a hacker trying to exploit his Montana school district.
But soon, students and other schools around Flathead County were receiving threatening messages, too. More than 30 schools in the district shutdown for three days.
“The messages weren’t pleasant messages,” Bradshaw said. “They were ‘splatter kids’ blood in the hallways,’ and things like that.”
The U.S. Department of Education is now warning teachers, parents, and K-12 education staff of a cyberthreat targeting school districts across the country.
So far, at least three states have been targeted by the extortion attempt from hackers asking schools to give them money or the group will release stolen private records, according to the department.

“In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received,” the department wrote in an advisory this week.
Bradshaw, the superintendent of schools in Columbia Falls, Montana said a hacking group broke into multiple school servers and stole personal information on students and possibly staff. He said after the threatening messages came, hackers asked for ransom.
In a ransom note sent to a number of Columbia Falls school district members and released by the county’s sheriff’s department, the hacking group called the Dark Overlord threatened the district and demanded up to $150,000 in bitcoin to destroy the stolen private data.
The threatening letter talked about use of force, mentioned the name “Sandy Hook,” the elementary school in Connecticut where 20 small children and six adults were shot dead, and said victims would suffer financial and reputational damage.
Law enforcement said they did not believe the threats and determined the attackers were located outside of the U.S.
“We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money,” the Flathead County Sheriff’s Office said in a Facebook post last month.
Bradshaw said the district is not paying the ransom, and he is still receiving threatening messages.

The same hackers also targeted the Johnson Community School District in Iowa earlier this month, and the district canceled all classes on October 3. According to local media reports, the hackers also sent threatening text messages to children and their parents.
The hacking group previously attempted to extort Netflix (NFLX, Tech30) after hacking its production studio, Larson Studios. The group released episodes of Orange is the New Black online last spring.
It’s unclear why the Dark Overlord began targeting schools but someone from the hacking group told the Daily Beast they are “escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us.”
The Department of Education says the hackers are probably targeting districts “with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” It advises districts to conduct security audits and patch vulnerable systems, train staff on data security best practices, and review sensitive data to make sure no outside actors can access it.
According to Mary Kavaney, the chief operating officer of the Global Cyber Alliance, school environments often don’t have a lot of technology resources dedicated to security, but have some of the richest personal information on people, including social security numbers, birth dates, and, potentially, medical and financial information.
“If bad actors can access student [personal data], that information can be exploited for the purpose of fraud and committing crimes for years before it is detected,” Kavaney says. “It’s often only upon application for a job, or application for financial aid to attend college that students find out that their social security number has been used fraudulently — they may have poor credit due to false applications against their history, or worse, find that crime has been committed in their name.”
Bradshaw says the ordeal has been stressful and troubling. Because the district hasn’t paid the hackers, they’re still threatening to release the data online. But, he said, the response from law enforcement and the Flathead County community has been positive.
“We still got people in this country that believe in one another, and it’s been easier to get through than you would have thought,” Bradshaw said. “People care about people in this state.”

The post Hackers are #targeting schools, #U.S. Department of Education warns appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

China, U.S. Reaffirm Cybersecurity Consensus

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans China and the United States will continue to cooperate on cybersecurity issues as outlined in the 2015 consensus by the nations’ two presidents. Attorney General Jeff Sessions and Acting Secretary of Homeland Security Elaine Duke co-chaired the first U.S.-China Law Enforcement and Cybersecurity Dialogue (LECD) on […] View full post on AmIHackerProof.com | Can You Be Hacked?

Russian government hackers used antivirus software to steal U.S. cyber capabilities

Source: National Cyber Security – Produced By Gregory Evans

Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The employee had taken classified material home to work on it on his computer, and his use of…

The post Russian government hackers used antivirus software to steal U.S. cyber capabilities appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian hacker wanted by U.S. tells court he worked for Putin’s party

Source: National Cyber Security – Produced By Gregory Evans

A Russian hacker arrested in Spain on a U.S. warrant said on Thursday he previously worked for President Vladimir Putin’s United Russia party and feared he would be tortured and killed if extradited, RIA news agency reported. Peter Levashov was arrested while on holiday in Barcelona in April. U.S. prosecutors…

The post Russian hacker wanted by U.S. tells court he worked for Putin’s party appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures