Tag: Intrusion | SpinSafe

Suffolk cyber intrusion has hallmarks of ransomware attack, Bellone says

September 13, 2022/in Internet Security

Suffolk officials said they have detected malware in their probe of a cyber intrusion of county government systems, but had no timeline for when applications will be restored, County Executive Steve Bellone said Tuesday.

The incident, which was discovered last Thursday, had the hallmarks of a ransomware attack, although no monetary amount has been demanded, Bellone said during a news conference in Hauppauge.

Officials did not disclose a possible motive for the attack or say how it began.

“We’re doing everything in our power to ensure as little disruption as possible,” Bellone said. “One of our top priorities is maintaining continuity of operations while our team of experts investigate and determine the full scope and nature of this incident.”

There was no indication the data of county residents has been compromised, Bellone said.

The county immediately shut down its systems after the discovery to contain and eradicate the threat, Bellone said.

Bellone said all county agencies were functioning, although internal operations may be working differently.

The county will soon launch a temporary “landing website” with frequently requested information, he said.

Suffolk had a contract in place with a cybersecurity vendor and previously had conducted staff training and a contingency plan was in place, Bellone said.

“In Suffolk, we’ve been working to harden our infrastructure over the years,” he said. “We have continued to provide our employees with tools to help … mitigate these types of incidents.”

Vera Chinese covers Suffolk County government and politics.

Source…

Intrusion Preclusion: BIS Issues Long-Awaited Controls on Cybersecurity Items, Creates New License Exception | Wilson Sonsini Goodrich & Rosati

October 28, 2021/in Computer Security

On October 21, 2021, the Department of Commerce’s Bureau of Industry and Security (BIS) issued an interim final rule (the rule) implementing expanded export controls on cybersecurity items based on the belief that these items “could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.” The new controls on cybersecurity items stem from the 2013 addition by the Wassenaar Arrangement¹ (WA) of cybersecurity items, including intrusion software to Wassenaar’s list of controlled items. Public comments in 2015 indicating significant concerns over BIS’s implementation and scope of the proposed controls resulted in renegotiation of these controls at the WA’s 2017 meeting. Last week’s rule implements the WA 2017 controls. The rule is intended to prevent malicious “intrusion software” from being exported to certain countries of concern without a BIS license and not to hinder responses to cybersecurity flaws and incidents.

New Cybersecurity Related ECCNs

The rule creates new controls on hardware and software (ECCNs 4A005 and 4D004, respectively) specially designed or modified for the generation, command and control, or delivery of intrusion software. The EAR defines intrusion software as software specially designed or modified to avoid detection by monitoring tools² or to defeat protective countermeasures,³ of a computer or network capable device (such as a mobile device or smart meter). Intrusion software either 1) extracts data or information (from the computer or network-capable device) or modifies system or user data or 2) modifies the standard execution path of a program or process in order to allow the execution of externally provided instructions. According to the proposed rule, it does not include any of the following: Hypervisors, debuggers or Software Reverse Engineering (SRE) tools; Digital Rights Management (DRM) software; or software designed to be installed by manufacturers, administrators, or users, for the purposes of asset tracking or recovery.

The rule also adds paragraph 5A001.j “IP network communications surveillance systems or equipment” to ECCN 5A001 which is similar to controls on…

Source…

Next-Generation Intrusion Prevention System Market – New ERA of Cyber Security – TMR

October 1, 2021/in Computer Security

Key players operating in the global next-generation intrusion prevention system market are McAfee Corp., Trend Micro Inc., Palo Alto Networks, Inc., Check Point Software Technologies, Fortinet Inc., Cisco Systems, Inc., iValue InfoSolutions India Pvt. Ltd., NSFOCUS Technologies Group Co. Ltd., OSSEC Inc., BluVector, Inc., and IBM.

Cyber-attacks are becoming more sophisticated, making it more difficult to detect intrusions accurately. Malicious attacks have become more sophisticated, posing the greatest challenge in identifying them, as malware creators employ various evasion techniques for information concealment to avoid detection by an IPS system. Hence, increasing cybersecurity breaches and a rise in complexity of cyber threats are expected to drive the demand for next-generation intrusion prevention system in the next few years.

Want to know the obstructions to your company’s growth in future? Request a Brochure

Furthermore, security threats and attacks targeting internet users and organizations, such as DDoS, APTs, and zero-day attacks have been increasing for the last few years. Consequently, computer security has become increasingly important, as the use of information technology has become ingrained in people’s daily lives. Therefore, the demand for next-generation intrusion prevention system is expected to increase during the forecast period.

Improvement in BYOD-related technology is prompting companies to mobilize their employees. Increasing use of BYOD is further compelling organizations to protect not only devices in offices but also devices with remote access to the corporate network. This has increased the demand for next-generation intrusion prevention solutions, which in turn is expected to drive the next-generation intrusion prevention system market during the forecast period.

However, the lack of an adequate budget remains a major issue for cybersecurity professionals to effectively conduct their IT security operations, which is expected to restrain the next-generation intrusion prevention system market during the forecast period.

The COVID-19 pandemic crisis prompted…

Source…

Four Chinese Nationals Working With the Ministry of State Security Charged With Global Computer Intrusion Campaign – Homeland Security Today

July 21, 2021/in Computer Security

A federal grand jury in San Diego, California, returned an indictment in May charging four nationals and residents of the People’s Republic of China with a campaign to hack into the computer systems of dozens of victim companies, universities, and government entities in the United States and abroad between 2011 and 2018. The indictment, which was unsealed on Friday, alleges that much of the conspiracy’s theft was focused on information that was of significant economic benefit to China’s companies and commercial sectors, including information that would allow the circumvention of lengthy and resource-intensive research and development processes. The defendants and their Hainan State Security Department (HSSD) conspirators sought to obfuscate the Chinese government’s role in such theft by establishing a front company, Hainan Xiandun Technology Development Co., Ltd. (海南仙盾) (Hainan Xiandun), since disbanded, to operate out of Haikou, Hainan Province.

The two-count indictment alleges that Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民) and Zhu Yunmin (朱允敏), were HSSD officers responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities. The indictment alleges that Wu Shurong (吴淑荣) was a computer hacker who, as part of his job duties at Hainan Xiandun, created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers.

The conspiracy’s hacking campaign targeted victims in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom. Targeted industries included, among others, aviation, defense, education, government, health care, biopharmaceutical and maritime. Stolen trade secrets and confidential business information included, among other things, sensitive technologies used for submersibles and autonomous vehicles, specialty chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology…

Source…

Tag Archive for: Intrusion