Tag: ‘led | SpinSafe

U.S. Disrupts Hacking Operation Led by Russian Intelligence

February 15, 2024/in Internet Security

The F.B.I., working with other countries, disrupted a Russian hacking operation that infiltrated more than 1,000 home and small-business internet routers in the United States and around the world, the Justice Department announced on Thursday.

Russian intelligence, collaborating with cybercriminals, created a botnet, or a network of private computers infected with malicious software, to spy on military and security organizations and private corporations in countries like the United States.

Using a court order, the F.B.I. secretly copied and deleted stolen data and malware from hacked routers. Doing this stopped Russia’s ability to use the routers without affecting how they function, officials said.

The F.B.I. director, Christopher A. Wray, shared details of the operation at an annual security conference in Munich.

The disruption is part of a broader effort to stymie Russia’s cybercampaigns against the United States and its allies, including Ukraine. The details of the operation come a day after the Biden administration said it told Congress and its European allies that Russia is seeking to create a space-based nuclear weapon to target the U.S. network of satellites.

For weeks, the White House and proponents in Congress have been trying to persuade House Republicans to continue funding Ukraine’s military operations in its fight against Russia because doing so is critical to American national security.

Speaking in Munich, Mr. Wray said Russia continued to target critical infrastructure, such as underwater cables and industrial control systems, around the world.

“For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector,” Mr. Wray said. “And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack quickly and without notice.”

Mr. Wray warned that China’s abilities in cyberwarfare have also continued to improve.

“The cyberthreat posed by the Chinese government is massive,” Mr. Wray said. “China’s hacking program is larger than that of every other major nation combined.”

Last month, the F.B.I. announced it

Source…

Poor security led to pathology hack | Information Age

December 5, 2023/in Computer Security

Pathology company Australian Clinical Labs has come under fire from Australia’s privacy watchdog for a 2022 cyber attack which saw credit card details and health records for more than 200,000 people leaked to the dark web.

The Office of the Australian Information Commissioner (OAIC) has taken ACL to court with allegations the company had “serious and systemic” failures leading to the attack.

In October of last year, while Australia had its focus on a landmark data breach at health insurer Medibank, the parent company of medical testing company Medlab – Australian Clinical Labs (ACL) – revealed it had suffered a significant cyber attack of its own.

The incident was largely overshadowed by similar happenings at Medibank and Optus, however, it saw the personal information of at least 223,269 individuals exposed to a hacker group known as Quantum, which exfiltrated 86GB of data including passport numbers, health information and credit card details.

Notably, the attack took place in February last year – eight months before being publicly confirmed by ACL.

Much of the stolen data appeared on the dark web in June 2022 – approximately four months prior to ACL’s public confirmation of the incident.

Serious allegations levied at ACL

The OAIC alleges ACL “seriously interfered with the privacy of approximately 21.5 million individuals”, whose personal information it held, by “failing to take reasonable steps” to protect said information from unauthorised access or disclosure.

In its concise statement, the commissioner notes ACL still does not know the precise time or method of the attack, but that it started “on or before” 25 Feb 2022 when Quantum attacked the Medlab computer network operated by ACL.

According to the statement, an employee discovered the attack at approximately 5:00am when they attempted to access a computer on the Medlab network, only to find a ransomware demand sitting on the desktop.

The employee soon after notified Medlab’s IT team, and by 9.00am the ransom note had appeared on other computers on the Medlab network in Brisbane and Sydney.

The OAIC notes ACL – which hit nearly $1 billion in revenue during financial year 2022 – did…

Source…

Bad Password May Have Led to Pennsylvania Water System Hack

November 30, 2023/in Internet Security

(TNS) — Federal and state security officials said a poor or even default password could be the weak link that enabled hackers to break into a Pittsburgh-area water system.

The Municipal Water Authority of Aliquippa suffered the cyberattack on Saturday, with several media outlets displaying images of a screen from the authority equipment that claimed to target Israeli-made products.

In a Tuesday alert, the federal Cybersecurity and Infrastructure Security Agency (CISA) said the hackers, who some media outlets have identified as the pro-Iran group CyberAvengers, “likely accessed the affected device … by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet.”

CISA is a federal agency that falls under the Department of Homeland Security.

The Pennsylvania Criminal Intelligence Center shared CISA’s advisory Wednesday and reminded security experts “to ensure the default ‘1111’ password is not in use” on their networks, according to an email obtained by TribLive.

The center also recommended that systems’ “programmable logic controllers,” or PLCs, use multifactor authentication and update to the most current software.

No customers of Aliquippa’s service lost access to water due to the attack, said Robert Bible, general manager of the Aliquippa Municipal Authority, in an interview with TribLive news partner WTAE.

Bible said the hackers targeted a small substation in Racoon Township. They disabled a device that is used to automatically control water levels at the authority’s tanks, he said.

Bible did not return phone calls Wednesday to the municipal authority. Aliquippa Mayor Dwan B. Walker also could not be reached for comment.

CISA officials, in their Tuesday advisory, identified equipment hacked at the Pennsylvania utility as a “Unitronics Vision Series PLC with a Human Machine Interface (HMI).”

Unitronics, which is based in Israel and operates a U.S. office in Quincy, Mass., a Boston suburb, did not respond to numerous emails and phone calls this week seeking comment.

Pittsburgh-based Jewish security officials said they also have grappled with cybersecurity issues related to the…

Source…

MGM cyber attack: How a phone call may have led to the ongoing hack

September 23, 2023/in Computer Security

Did prominent casino chain MGM Resorts gamble with its customers’ data? That’s a question a lot of those customers are probably asking themselves after a cyberattack took down many of MGM’s systems for several days. And it may have all started with a phone call, if reports citing the hackers themselves are to be believed.

MGM, which owns more than two dozen hotel and casino locations around the world as well as an online sports betting arm, reported on September 11 that a “cybersecurity issue” was affecting some of its systems, which it shut down to “protect our systems and data.” For the next several days, reports said everything from hotel room digital keys to slot machines weren’t working. Even websites for its many properties went offline for a while. Guests found themselves waiting in hours-long lines to check in and get physical room keys or getting handwritten receipts for casino winnings as the company went into manual mode to stay as operational as possible. MGM Resorts didn’t respond to a request for comment, and has only posted vague references to a “cybersecurity issue” on Twitter/X, reassuring guests it was working to resolve the issue and that its resorts were staying open.

It took about 10 days, but MGM announced on September 20 that its hotels and casinos were “operating normally” again, although there may be some “intermittent issues” and MGM Rewards may not be available.

“We thank you for your patience,” the company said in its statement. It did not provide any additional information on the reason why its systems went down in the first place.

The attacks show how even organizations that you might expect to be especially locked down and protected from cybersecurity attacks — say, massive casino chains that pull in tens of millions of dollars every day — are still vulnerable if the hacker uses the right attack vector. And that’s almost always a human being and human nature. In this case, it appears that publicly available information and a persuasive phone manner were enough to give the hackers all they needed to get into MGM’s systems and create what is likely to be some very expensive havoc that will hurt both the…

Source…

Tag Archive for: ‘led