Tag Archive for: internal

Israel-Iran cyber warfare heats up, exploiting Israeli internal divide


TEL AVIV – Foreign states and groups, primarily Iran, have been conducting for the past few years cyber campaigns designed to destabilize Israel and its institutions, with another such offensive exposed on Saturday. The latest campaign involved thousands of fake posts on Instagram revealing personal details of Israeli police officers and was disguised as an attack staged by Israel’s anti-government protesters.

One of the pro-democracy activists used to expose the police officers was Nitzan Weisberg, who suddenly recognized her picture on a profile disseminating information that she had not posted. The Fake Reporter, an Israeli watchdog that researches and exposes false information, was quick to tweet an alert about the scam. Still, the impact of the warning was limited. 

The affair made headlines only after Israeli National Security Minister Itamar Ben-Gvir took the bait. Ben-Gvir ignored the warnings and instead treated the posts as authentic, accusing the protest movement of posting photos of police officers, along with their personal phone numbers, in order to intimidate them and prevent them from carrying out their duties. 

Israel and Iran are clearly in an undeclared state of war, but paradoxically, the interests of some groups on the opposing sides sometimes seem to overlap. As such, Ben-Gvir played into the hands of the false news campaign, fighting back as if these posts were real news and facts.

“This is a serious and dangerous crossing of a red line designed to harm the police officers and their families,” tweeted Ben-Gvir, chair of the Jewish Power party. 

Ben-Gvir also posted photos of a designated Telegram channel called “Bogdim” (“Traitors”), ostensibly devoted to exposing the police officers. However, according to the assessment of the Shin Bet security agency and the police, the minister was taken in by false information spread by a foreign state, probably by Iranian hackers. The profiles of the users allegedly exposing the police had been taken over by hackers and used to post the information.

Ben-Gvir, the hard-line nationalist in charge of the Israel Police, was not too bothered by the experts’ opinion. His tweet remained online, although he…

Source…

JBS’s cybersecurity was unusually poor prior to 2021 ransomware attack, internal homeland security records show


Key takeaways

* JBS’s cybersecurity was “outside the typical range” for food production companies, experts told the federal government following the 2021 attack. (JBS did not respond to requests for comment.)

* Experts said the range of devices connected to the internet at food companies leaves them vulnerable.

* It’s difficult to gather information on cyberattacks, and they happen more often than what is reported, experts said.

A May 30, 2021, ransomware attack on JBS, one of the world’s largest meat companies, disrupted the company’s operations internationally and ended when the company paid an $11 million ransom to Russian hacker group REvil. 

While food production companies are potentially lucrative targets for cyberattacks, JBS was poorly protected against them compared to similar companies, according to cybersecurity experts.

The food and agriculture industry is designated as a Critical Infrastructure Sector by the U.S. Department of Homeland Security, meaning its “incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”

The whole industry is vulnerable to attacks like the one on JBS — and they happen quietly and often, according to John Hoffman, senior research fellow at the Food Protection and Defense Institute at the University of Minnesota. 

In the aftermath of the JBS ransomware attack, a representative of cybersecurity risk management firm BitSight told national security officials that JBS had “many many issues” with its computer system.

“Overall rating was poor and outside the typical range for Food Production companies,” wrote BitSight Vice President Jake Olcott in a June 2, 2021, email to Jeffrey Greene, who served as the National Security Council chief of cyber response and policy at the time. 

The emails obtained by Investigate Midwest via a public records request shed light on the federal government’s and private industry’s response to the JBS attack. 

“We’ve observed a massive number of malware infections on JBS over the last year (including Conficker),” Olcott wrote in the email. “JBS has been…

Source…

Internal Report Suggests Security Lapses at Hacked Crypto Exchange Bitfinex


Bitfinex told OCCRP the analysis was “incomplete” and “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment. Ledger Lab did not respond to a request for comment.

The hacker covered their tracks with a data destruction tool, used to permanently delete logs and other digital artifacts that might have identified the initial entry point into Bitfinex systems, meaning it’s not clear how they got into the exchange’s systems, only the security weaknesses that they took advantage of once inside. The transfer of the more than 119,000 bitcoins from over 2,000 users’ accounts to wallets under the thief’s control took just over three hours. The cryptocurrency sat there for months until, starting in January 2017,  someone started sending small amounts zig-zagging through other accounts. The money was eventually cashed out or used to make small online purchases.

Investigators managed to follow the money and, six years after the hack, arrested the couple on charges of laundering the stolen bitcoins. Burner phones, fake passports, and USB sticks containing the electronic security keys to the wallet holding $3.9 billion worth of bitcoin were found under the couple’s bed in their New York apartment. Both have pleaded not guilty, and are awaiting trial.

It is unclear whether the lessons from the Bitfinex hack have led to changes in the company’s procedures. The company told OCCRP that the report was “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment.

Karen A. Greenaway, a former FBI agent and cryptocurrency specialist, says she thought Bitfinex’s security lapses were due to its desire to “put through more transactions more quickly” and thereby raise profits. “The fact that [Bitfinex] have not provided a [public] report accepting responsibility and remedying the security failures that led to the hack says more than any admission or denial on their part ever would,” the agent said.

Security experts say that the crypto industry is in general less vulnerable to the kind of relatively…

Source…

India’s Leading Central Securities Depository Says Malware Compromised Its Internal … – Latest Tweet by TechCrunch


(SocialLY brings you all the latest breaking news, viral trends and information from social media world, including Twitter, Instagram and Youtube. The above post is embeded directly from the user’s social media account and LatestLY Staff may not have modified or edited the content body. The views and facts appearing in the social media post do not reflect the opinions of LatestLY, also LatestLY does not assume any responsibility or liability for the same.)

Source…