Archive for the ‘cybercrime/malcode’ category: Page 17
Dec 17, 2020
NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources
Posted by Quinn Sena in category: cybercrime/malcode
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory Thursday “Detecting Abuse of Authentication Mechanisms.” This advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud. It builds on the guidance shared in the cybersecurity advisory regarding VMware with state-sponsored actors exploiting CVE 2020–4006 and forging credentials to access protected files, though other nation states and cyber criminals may use this tactic, technique, and procedure (TTP) as well.
Detecting abuse of authentication mechanisms infographic.
Dec 17, 2020
Russian Hackers Have Been Inside Austin City Network for Months
Posted by Quinn Sena in category: cybercrime/malcode
Russia appears to have used Austin’s network as infrastructure to stage additional cyberattacks.
Dec 17, 2020
Report: Hackers target City of Austin networks
Posted by Quinn Sena in categories: cybercrime/malcode, government, transportation
According to a report from the Intercept, “state-sponsored hackers believed to be from Russia have breached the city network.” City officials told KVUE they are aware of the hacking group but cannot comment on an ongoing investigation.
The breach is believed to have started in October as part of a series of hacks allegedly carried out by the group Berserk Bear, as reportedly revealed by Microsoft Threat Intelligence Center documents obtained by the Intercept.
According to an October CISA alert, a Russian state-sponsored actor was targeting federal, state, territorial and tribal government networks and aviation networks. CISA urged entities to perform a full password reset and systematically rebuild the network. A statement following the alert named Berserk Bear as the actor, with Texas included in a map of compromised targets.
Continue reading “Report: Hackers target City of Austin networks” »
Dec 17, 2020
Microsoft president sounds alarm on ‘ongoing’ SolarWinds hack, identifies 40 more precise targets
Posted by Raphael Ramos in categories: cybercrime/malcode, government
Microsoft wants you to know this hack is even bigger than you think.
Microsoft president Brad Smith warned that the wide-ranging hack of the SolarWinds’ Orion IT software is “ongoing,” and that investigations reveal “an attack that is remarkable for its scope, sophistication and impact.” The breach targeted several US government agencies and is believed to have been carried out by Russian nation-state hackers.
Smith characterized the hack as “a moment of reckoning” and laid out in no uncertain terms just how large and how dangerous Microsoft believes the hack to be. It “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Smith argues.
Dec 17, 2020
Reports: Nuclear weapons agency breached amid massive cyberattack
Posted by Raphael Ramos in categories: cybercrime/malcode, military
“What we’re looking at now is not just an attack that is ongoing, that is not just highly sophisticated, but also we cannot trust the supply chain. We can no longer trust that any third-party application in these systems has not been compromised by Russia,” says NYT’s Nicole Perlroth.
Dec 17, 2020
FireEye, Microsoft find ‘killswitch’ to hamper SolarWinds-related malware
Posted by Quinn Sena in categories: cybercrime/malcode, government
As the U.S. government works to contain a sprawling hacking campaign that relies on software in technology from SolarWinds, a federal contractor, technology firms are disabling some of the hackers’ key infrastructure.
Cybersecurity giant FireEye on Wednesday said that it had worked with Microsoft and the domain registrar GoDaddy to take over one of the domains that attackers had used to send malicious code to victim machines. The move is no panacea for stopping the suspected state-sponsored hacking campaign, though it could help stem the tide of victims, which reportedly includes the departments of Treasury and Homeland Security.
The seized domain, known as a “killswitch,” will “affect new and previous” infections of the malicious code coming from that particular domain, FireEye said in a statement that was first reported by independent journalist Brian Krebs. “Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution.”
Dec 17, 2020
Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy
Posted by Quinn Sena in category: cybercrime/malcode
Ransomware attackers using evolved SystemBC malware with a Tor proxy and remote control tool.
Dec 17, 2020
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach
Posted by Quinn Sena in categories: cybercrime/malcode, law
“Now witness the firepower of this fully armed and operational Battle Station.” – Emperor Palpatine, Return of the Jedi
This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.
Dec 17, 2020
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay
Posted by Quinn Sena in category: cybercrime/malcode
FBI says ransomware group has been calling victims, threatening to send individuals to their homes if they don’t pay the ransom.