FBI Security Alerts

**SalesServiceGuy** · 06-04-2021, 03:44 PM

Re: FBI Security Alerts

Due to the increasing number of attacks, The White House released an open letter on Thursday titled, "What We Urge You To Do To Protect Against The Threat of Ransomware" from Anne Neuberger, deputy assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.

https://assets.documentcloud.org/documents/20796933/memo-what-we-urge-you-to-do-to-protect-against-the-threat-of-ransomware17.pdf

Despite the startling increase in ransomware attacks in the last few months, Neuberger touted the White House's efforts to deal with the crisis, noting that the US government is currently:

1. Disrupting ransomware networks
2. Working with international partners to hold countries that harbor ransomware actors accountable
3. Developing cohesive and consistent policies towards ransom payments
4. Enabling rapid tracing and interdiction of virtual currency proceeds

She added that it was important for the private sector to do its part in addressing the cybersecurity posture of their organizations.

**SalesServiceGuy** · 06-07-2021, 01:55 AM

Re: FBI Security Alerts

Biden admin mulling cyber attacks against Russian hackers

The Biden administration is moving to treat ransomware attacks as a national security threat, using intelligence agencies to spy on foreign criminals and contemplating offensive cyber operations against hackers inside Russia, U.S. officials and other sources familiar with the matter tell NBC News.

In an example of the new approach, the White House was unusually quick to point the finger at Russia for harboring the attackers, just one day after officials learned of the ransomware strike on meat processor JBS. In previous incidents, it took weeks or months for the U.S. government to publicly blame another country as the source of a cyber attack.

But momentum was building even before Biden took office. As the onslaught of ransomware attacks against hospitals and local governments increased, the National Security Agency in the summer of 2019 began spying on certain foreign criminal hacker groups, according to a former official and three other sources familiar with the matter. Officials say that intelligence collection puts the U.S. in a better position to target the groups if the president orders a strike.

Because they are not carried out directly by governments, ransomware attacks like the ones that hit Colonial Pipeline and JBS have for years been treated as purely criminal matters, investigated by the FBI with an eye toward prosecution. Criminal accountability was rare, though, because most of the hackers reside in Russia and other places outside the reach of American law enforcement. Russia allows the hackers to operate without interference as long as they are attacking the West, U.S. officials say.

Even as the NSA began assembling data on ransomware groups, hospital systems were hit last fall

Spokespersons for the NSA and U.S. Cyber Command declined to comment.

On Thursday, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, issued an open letter to corporate leaders urging them to improve their cyber defenses.

In a typical ransomware attack, hackers break into a corporate network and lock up data, demanding payment in order to release it. Some also threaten to post business secrets on the internet if payment is not made.

Cyber security experts say successful ransomware attacks often take advantage of companies with substandard cyber defenses.

The White House says Biden will put Russian President Vladimir Putin on notice at the June 16 summit between the two leaders that Russia must stop harboring criminal hackers. But Lewis and other experts do not anticipate Putin caving to U.S. demands.

Indictments by the Justice Department also serve a purpose, he said, by blocking the hackers from most travel and access to the U.S. financial system.

Some scholars have urged caution in the use of the military against criminal hackers. Jason Healy, a former White House official who is now a cyber expert at Columbia University, made that argument in an article for the Lawfare blog last month, saying the military should only be used against criminal groups as a last resort, in response to an imminent threat.

Military force has been used against criminals before, in raids to free American hostages, such as when Navy SEALs rescued merchant ship crew members
And in August 2020, current and former officials say, U.S. Cyber Command took down a Trickbot, a botnet used to deploy ransomware. That was the first known use of military force against criminal hackers, and it was justified as a measure to prevent election interference, because Trickbot also could have been repurposed to disrupt the 2020 elections.

**rthonpm** · 06-07-2021, 02:03 AM

Re: FBI Security Alerts

Further reporting on the Colonial Pipeline attack indicates that the attack started through access to their network using credentials for an account that was no longer actively in use that had VPN access. Once they were in, finding a further foothold likely wouldn't take long, especially since it would have looked like regular traffic at first glance.

So the attack could have been prevented just by disabling or removing accounts for staff that were no longer with the company or, at the very least, removing VPN access for those accounts.

Sent from my BlackBerry using Tapatalk

**SalesServiceGuy** · 06-07-2021, 07:41 PM

Re: FBI Security Alerts

US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers

US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.

The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said.

The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

... behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.

**bsm2** · 06-07-2021, 08:36 PM

Re: FBI Security Alerts

Ransomware: US recovers millions in cryptocurrency paid to Colonial Pipeline hackers - CNNPolitics

**rthonpm** · 06-10-2021, 12:54 PM

Re: FBI Security Alerts

Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

$11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

Sent from my BlackBerry using Tapatalk

**SalesServiceGuy** · 06-10-2021, 01:34 PM

Re: FBI Security Alerts

Originally posted by rthonpm

Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

$11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

Sent from my BlackBerry using Tapatalk

... hopefully in a big company like JBS, their information systems were segmented and isolated from each other. A ransomware attack on one system, however critical, did not compromise the entire system.

**SalesServiceGuy** · 06-14-2021, 08:00 PM

Re: FBI Security Alerts

NATO agrees cyberattacks could amount to armed attacks and lead to invocation of mutual self-defense clause

The leaders of the 30 NATO countries agreed “that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack,” an assessment that could lead to the invocation of the organization’s mutual self-defense clause, Article 5.

The countries “(reaffirmed) that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” according to a joint statement released during the NATO leaders’ summit on Monday.

“We will make greater use of NATO as a platform for political consultation among Allies, sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses. If necessary, we will impose costs on those who harm us,” the joint communique said.

Speaking to the press on Sunday, US National Security Adviser Jake Sullivan said that “the notion is that if someone gets hit by a massive cyberattack, and they need technical or intelligence support from another Ally to be able to deal with it, they could invoke Article 5 to be able to get that,” but underscored it would be “on a case-by-case basis.”

The NATO joint communique noted that “Cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent.”

“This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm,” it said.

The allies said that in order to face the “evolving” challenge of cyber attacks, they on Monday “endorsed NATO’s Comprehensive Cyber Defence Policy, which will support NATO’s three core tasks and overall deterrence and defence posture, and further enhance our resilience.”

“Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law,” the joint communique said.

It also noted that NATO as an organization will “continue to adapt and improve its cyber defences” and that they will “further develop NATO’s capacity to support national authorities in protecting critical infrastructure, including against malicious hybrid and cyber activity. We will ensure reliable energy supplies to our military forces.”

**SalesServiceGuy** · 07-03-2021, 01:25 AM

Re: FBI Security Alerts

200 businesses hit by ransomware after breach at Florida IT firm

Cybersecurity company Huntress Labs said on Friday that 200 businesses have been hit by ransomware attacks following an incident at U.S. IT firm Kaseya in Miami.
Kaseya, in a statement posted on its own website, said it is investigating a “potential attack” on a widely used tool to reach into corporate networks across the United States.
In the statement, Kaseya said its VSA tool, which is used by IT professionals to monitor and manage servers, desktops, network devices and printers, may have been attacked.

In the statement, Kaseya said its VSA tool, which is used by IT professionals to monitor and manage servers, desktops, network devices and printers, may have been attacked.

It said it had shut down some of its infrastructure in response and that it was urging customers that used VSA on their premises to immediately turn off their servers.

“This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.

Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.”

Reuters was not immediately able to reach a Kaseya representative for further comment.

Huntress said it believed the Russia-linked REvil ransomware gang — the same group of actors blamed by the FBI for paralyzing meatpacker JBS last month — was to blame for the latest ransomware outbreak.

An email sent to the hackers seeking comment was not immediately returned.

In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya’s VSA product.

Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds.

Kaseya has 40,000 customers for its products, though not all use the affected tool.

**Phil B.** · 07-03-2021, 01:55 AM

Re: FBI Security Alerts

Originally posted by rthonpm

Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

$11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

Sent from my BlackBerry using Tapatalk

Yup it's all on Biden

He built this mess.

Sent from my SM-G960U using Tapatalk

**BillyCarpenter** · 07-03-2021, 02:01 AM

Re: FBI Security Alerts

Originally posted by SalesServiceGuy

NATO agrees cyberattacks could amount to armed attacks and lead to invocation of mutual self-defense clause

**rthonpm** · 07-03-2021, 02:22 AM

Re: FBI Security Alerts

Originally posted by Phil B.

Yup it's all on Biden

He built this mess.

Sent from my SM-G960U using Tapatalk

Funny, I thought Tim Berners-Lee developed the world wide web.

If we're going to go all out ridiculous, let's just blame Charles Babbage for developing the very concept of a computer.

The world has pushed itself into a corner by building reliance on a system (the internet) that was never built with any kind of security built into it. To actually secure it, you need to then bolt on features that weren't part of the original spec, which adds in additional layers of complexity, which leaves open the potential for mistakes or deployment errors that leave something vulnerable.

To get a security focused internet we'd have to all but blow up everything down to the protocols and start over again.

Sent from my BlackBerry using Tapatalk

**slimslob** · 07-03-2021, 03:53 AM

Re: FBI Security Alerts

Originally posted by rthonpm

To get a security focused internet we'd have to all but blow up everything down to the protocols and start over again.

Sent from my BlackBerry using Tapatalk

And someone would immediately try to break it.

**BillyCarpenter** · 07-04-2021, 10:36 PM

Re: FBI Security Alerts

I remember that some weeks back Biden singed a piece of paper declaring war on hackers. Then he begged Putin to "knock it off".

I don't necessarily blame Biden but I have ZERO faith that he's the man for the job. ZERO. Other leaders are gonna push us around until Biden takes REAL action and that isn't gonna happen.

Massive Ransomware Attack May Impact Thousands of Victims
William Turton
(Bloomberg) -- Just weeks after President Joe Biden implored Vladimir Putin to curb cyber crime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.

Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.

**bsm2** · 07-04-2021, 10:47 PM

Re: FBI Security Alerts

Originally posted by BillyCarpenter

I remember that some weeks back Biden singed a piece of paper declaring war on hackers. Then he begged Putin to "knock it off".

I don't necessarily blame Biden but I have ZERO faith that he's the man for the job. ZERO. Other leaders are gonna push us around until Biden takes REAL action and that isn't gonna happen.

We feel the same Zero faith in YOU for any kind of thinking.

Atleast he didn't invite the Russians into the Oval office
How Stupid was THAT!

FBI Security Alerts

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment