Tag: critical infrastructure
It’s official…It definitely IS the Russians
The US Federal Bureau of Investigation (FBI) has laid the blame for escalating worldwide ransomware attacks squarely at Russia’s door. Speaking at the 2024 Boston Conference on Cyber Security last week, FBI Cyber Division Assistant Director Bryan Vorndran said: “Almost all of the criminals developing sophisticated malware to enable ransomware attacks are based in Russian-speaking countries and operate as organized crime syndicates, similar to traditional organized crime elements.” He focused on the FBI’s earlier this year disruption of Dark Web ransomware gang LockBit, stressing that organized cybercriminal gangs, particularly Russian ones, are essentially the same as old-school mafia mobsters. They differ only in their methods and avenues of attack.
TikTok Confirms Account Hack Targeting CNN – June 5th
In a public statement, Alex Haurek, TikTok's spokesperson, announced the hack on CNN's TikTok account, among other high-profile accounts. "We have taken measures to stop this attack and prevent it from happening in the future. We're working directly with affected account owners to restore access if needed," he added.
Cox Communications Patched Flaw that Placed Millions at Risk – June 4th
Cox Communications fixed an authorization bypass vulnerability that could have enabled threat actors to abuse backend APIs to reset millions of modems and steal customer data. Discovered by Sam Curry, the exploit gave a similar set of permissions as the ISP tech support.
New cyber threat from North Korea
Microsoft has identified a new North Korean threat actor, Moonstone Sleet. Also known as Storm-1789, Moonstone Sleet has set up fake companies and job opportunities to engage with potential targets and has even created a fully functioning computer game designed to trap the unwary. The potentially hostile nation-state of North Korea has long been suspected of resorting to cybercrime, targeting the West to fund its military build-up and commit ongoing cyber espionage against countries such as the US and the UK. But Moonstone Sleet is taking cyber-attacks on the West to new levels of sophistication, posing a threat to all organizations. Microsoft says Moonstone Sleet “uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives.”
EPA Issues Warning for US Drinking Water Systems – May 21st
On Monday, May 20th, the Environmental Protection Agency (EPA) issued a warning, urging water utility systems in the US to take action to prevent vulnerabilities. The EPA says 70% of water systems inspected don't fully comply with the Safe Drinking Water Act requirements, stating that some have "critical cyber vulnerabilities" such as default passwords that may be easily compromised.
Critical infrastructure at risk from modem flaws
“Critical flaws” have been identified in modems deployed in millions of devices worldwide. Cybersecurity firm Kaspersky has issued a report warning companies of severe security vulnerabilities in Cinterion cellular modems. According to Kaspersky, Cinterion modems are cornerstone components in machine-to-machine (M2M) and Internet of Things (IoT) communications and now offer a back door for all kinds of threat actors. They support various applications, ranging from industrial automation and vehicle telematics to smart metering and healthcare monitoring. Gemalto, the initial developer of the modems, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.
Boeing Discloses $200M Ransomware Attempt – May 13th
Boeing made a significant disclosure: The LockBit ransomware group targeted the company, which demanded a staggering $200M extortion payment. Boeing did not pay LockBit a ransom despite 43 GB of company data leaked on the ransomware group's website in November 2023. Boeing is now in contact with the FBI to mitigate the breach.
UK Government Launches Updated Cyber Regulations – April 29th
As a testament to the UK's £2.6 billion National Cyber Strategy, the UK Government has proactively launched regulations to safeguard UK consumers and businesses from cyber-attacks. The updated regulations now mandate that manufacturers of consumer electronics adhere to minimum security standards. Additionally, consumers are prohibited from using easily guessable default passwords, a measure aimed at bolstering their personal cyber security.
73% of SME Security Professionals Failed to Act on a High Priority Security Alert – April 17th
According to a survey from Coro, 73% of SME cybersecurity professionals admittedly say that they've missed, ignored, or failed to act accordingly on a high-priority security alert. The survey also found respondents to spend an average of 4 hours and 43 minutes managing their cyber security tools daily, with an average of 11.55 tools in their security stack.
Cyber-attackers try to divert a commercial flight
Airline security has just entered a new era with the news that on Saturday, cybercriminals hacked the communications network on a commercial flight and tried to divert the plane to a fake destination, putting it in the hands of the gang. On Sunday, EL AL Israel Airlines confirmed the attack on one of its planes. During the attack, instructions were given to the El Al crew that differed from their set route, alerting them to the possibility that terrorists were planning to crash the plane or that their attackers were planning a kidnapping. However, despite the nationality of the airline concerned, the motive behind hacking into the airline’s communications is thought not to have been primarily political. Although the attack took place over an area where Iran-backed Houthis are known to be active, it is believed that the hackers are most likely based in Somaliland, which last month signed a controversial territorial agreement with neighboring Ethiopia.
US Government Sanctions 7 Chinese Hackers – March 26th
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the 'APT31' hacking group. According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.
US blocks sales of citizens’ data to hostile powers
In what is being seen by some on the Hill as a case of too little too late, Washington has this week finally blocked the sale of US citizens’ personal sensitive data to four hostile foreign powers: North Korea, China, Russia, and Iran. Sensitive data includes ordinary people’s social security numbers, financial account numbers, biometric information, genetic information, precise geolocation information, and most of their private communications. Washington’s Energy and Commerce Committee top Democrat, Congressman Frank Pallone Jr, simultaneously issued a statement highlighting the massive threat foreign data sales present to ordinary people.