FBI Security Alerts

Re: FBI Security Alerts

FBI chief says threat from China ‘more brazen’ than ever before

• The threat to the West from the Chinese government is “more brazen” and damaging than ever before, FBI Director Christopher Wray said Monday night, just days before Beijing is set to occupy the global stage by hosting the Winter Olympics.
• The bureau is opening new cases to counter Chinese intelligence operations every 12 hours or so, Wray said, with Chinese government hackers pilfering more personal and corporate data than all other countries combined.
• Chinese government officials have repeatedly rejected accusations from the U.S. government, with the spokesman for the embassy in Washington saying last July that Americans have “made groundless attacks” and malicious smears about Chinese cyberattacks.

The threat to the West from the Chinese government is “more brazen” and damaging than ever before, FBI Director Christopher Wray said Monday night in accusing Beijing of stealing American ideas and innovation and launching massive hacking operations.

The speech at the Ronald Reagan Presidential Library amounted to a stinging rebuke of the Chinese government just days before Beijing is set to occupy the global stage by hosting the Winter Olympics. It made clear that even as American foreign policy remains consumed by Russia-Ukraine tensions, the U.S. continues to regard China as its biggest threat to long-term economic security.

“When we tally up what we see in our investigations, over 2,000 of which are focused on the Chinese government trying to steal our information or technology, there’s just no country that presents a broader threat to our ideas, innovation, and economic security than China,” Wray said, according to a copy of the speech provided by the FBI.

The bureau is opening new cases to counter Chinese intelligence operations every 12 hours or so, Wray said, with Chinese government hackers pilfering more personal and corporate data than all other countries combined.

“The harm from the Chinese government’s economic espionage isn’t just that its companies pull ahead based on illegally gotten technology. While they pull ahead, they push our companies and workers behind,” Wray said. “That harm — company failures, job losses — has been building for a decade to the crush we feel today. It’s harm felt across the country, by workers in a whole range of industries.”

Chinese government officials have repeatedly rejected accusations from the U.S. government, with the spokesman for the embassy in Washington saying last July that Americans have “made groundless attacks” and malicious smears about Chinese cyberattacks. The statement described China as a “staunch defender of cybersecurity.”

The threat from China is hardly new, but it has also not abated over the last decade.

“I’ve spoken a lot about this threat since I became director” in 2017, Wray said. “But I want to focus on it here tonight because it’s reached a new level — more brazen, more damaging, than ever before, and it’s vital — vital — that all of us focus on that threat together.”

The Justice Department in 2014 indicted five Chinese military officers on charges of hacking into major American corporations. One year later, the U.S. and China announced a deal at the White House to not steal each other’s intellectual property or trade secrets for commercial gain.

In the years since, though, the U.S. has continued to level accusations against China related to hacking and espionage. It’s charged Chinese hackers with targeting firms developing vaccines for the coronavirus and with launching a massive digital attack of Microsoft Exchange email server software, and also blacklisted a broad array of Chinese companies.

In his speech, Wray highlighted as an example the case of a Chinese intelligence officer who was convicted last November of economic espionage for targeting an advanced engine by GE that Chinese state-owned enterprises were working to copy.

But there have also been some setbacks. Though the FBI director mentioned Monday night that the bureau was working to protect academic research and innovation at American colleges and universities, he did not discuss the much-criticized China Initiative.

That Justice Department effort was created in 2018 to counter economic espionage and to protect against research theft, but critics have accused investigators of scrutinizing researchers and professors on the basis of ethnicity and of chilling academic collaboration. Earlier this month, prosecutors dropped a fraud case against a Massachusetts Institute of Technology professor, saying they could no longer meet their burden of proof.

The department is in the process of reviewing the fate of the China Initiative, and expects to announce the results soon.

Re: FBI Security Alerts

This just goes to show how important patching, proper access controls, audit trails, and proper invetory controls can be to an organisation. China sees the US as a target, frankly, because so many companies are too lazy or too worried of issues with keeping their systems up to date. 99% of all hacks use very basic methods to install more sophisticated exploits.

Sent from my BlackBerry using Tapatalk

Re: FBI Security Alerts

Fraudsters are using bots to drain cryptocurrency accounts

• Fraudsters are selling bots on Telegram that are designed to trick investors into divulging their two-factor authentication, leading to accounts being wiped out.
• Crypto investors are being targeted around the country.
• Dr. Anders Apgar, a Coinbase customer, said his account had a balance of more than $100,000 in crypto when it was hacked during a robocall.

Dr. Anders Apgar was out for dinner last month with his family, and his phone would not stop buzzing. It looked like a robocall, so he tried to ignore it.

But the calls would not stop. Then his wife’s phone also started to ring.

“When she picks it up, a banner came across, a notification that says, ‘Your account’s in jeopardy,’” he said.
The warning, which he said was a text message, prompted him to pick up his phone. That was when the couple’s nightmare started.

It’s the kind of nightmare many crypto account holders around the country are facing as hackers target a boom in the industry, cybersecurity experts said.

The Apgars, who are both Maryland-based obstetricians, began investing in cryptocurrency several years ago. By December, their account had grown to about $106,000, mainly held in bitcoin. Like millions of investors across the country, their account is with Coinbase, the country’s largest cryptocurrency platform.

When Apgar picked up the phone, a female voice said, “Hello, welcome to Coinbase security prevention line. We have detected unauthorized activity due to failed log-in attempt on your account. This was requested from a Canada IP address. If this (is) not you, please press 1, to complete precautions recovering your account.” The call lasted just 19 seconds.

Alarmed, Apgar pressed 1.

He said he cannot remember if he manually entered his two-factor authentication code or if it came up automatically on his screen. But what happened in that moment led to his account being locked in less than two minutes. As Apgar has not regained access, he said he assumes the fraudsters stole most if not all of the crypto, but he can’t be sure.

“It was just dread and an emptiness of just, ‘Oh my gosh, I can’t get this back,’” he said.

The Apgars were targeted by a particularly insidious type of fraud that takes advantage of two-factor authentication, or 2FA. People use 2FA, a second level of security that often involves a passcode, to safeguard a range of accounts at crypto exchanges, banks or anywhere else they carry out digital transactions.

But this new type of fraud goes right at that 2FA code, and it uses people’s fear of their accounts being hacked against them. In taking action they think will protect them, they actually expose themselves to thieves.

The fraud tool is called a one-time password, or OTP, bot.

A report produced by Florida-based cybersecurity firm and CNBC contributor Q6 Cyber said the OTP bots are driving substantial losses for financial and other institutions. The damage is hard to quantify now because the bot attacks are relatively new.

“The bot calls are crafted in a very skillful manner, creating a sense of urgency and trust over the phone. The calls rely on fear, convincing the victims to act to ‘avoid’ fraud in their account,” the report said.

The scam works in part because victims are used to providing a code for authentication to verify account information. At first listen, the robocalls can sound legitimate — especially if the victim is harried or distracted by other things at the moment the call comes in.

“It’s human nature,” said Jessica Kelley, a Q6 Cyber analyst who authored the report. “If you receive a call that tells you someone’s trying to sign in to your account, you’re not thinking, ‘Well, I wasn’t trying to.’”
The bots began showing up for sale on messaging platform Telegram last summer. Kelley identified at least six Telegram channels with more than 10,000 subscribers each selling the bots.

While there is no official estimate on the amount of crypto stolen, Kelley said fraudsters routinely brag on Telegram about how well the bots have worked, netting for each user thousands or hundreds of thousands of dollars in crypto. The cost of the bots ranges from $100 a month to $4,000 for a lifetime subscription.
“Before these OTP bots, a cybercriminal would have to make that call himself,” Kelley said. “They would have to call the victim and try to get them to divulge their personal identifiable information or bank account PIN or their 2FA passcode. And now, with these bots, that whole system is just automated and the scalability is that much larger.”

“Once the victim inputs that 2FA code, or any other information that they requested the victim put in their phone, that information gets sent to the bot,” Kelley said. The bot “then automatically sends it to the cybercriminal, who then has access to the victim’s account.”

She said criminals could “potentially steal everything, because with these transactions, they can do them one after the other until the amount is basically drained.”

In a statement to CNBC, a Coinbase spokesperson said, “Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution (whether Coinbase or your bank), do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization’s website.”

David Silver, another Coinbase customer, knew the company would not be calling him. He recently received a robocall saying there was a problem with his account.

“And immediately, it was an electronic voice that told me it was Coinbase Fraud Department,” he said. “And I immediately turned to the lawyer sitting next to me and said, ‘Start videoing.’ I knew instantaneously what this was and what it was going to be.”

Silver knew what the call was about because he is not just a Coinbase client — he is an attorney who specializes in cryptocurrency and financial fraud cases.

Silver pressed 1 and found himself on a live call. A person got on the line pretending to be a Coinbase employee.

“And they immediately started telling me things that I know are in violation of what Coinbase would do,” he said. “For instance, they will never ask for your password. They will never try and take over your computer.”
Silver asked if he could be sent an email verifying that the call was from Coinbase. The answer was no.

“And their answer was no because there’s only certain ways that you can mask the email coming directly from a domain that nowadays, the domain carriers such as GoDaddy, Google — it’s very hard to spoof email coming from the domains,” he said. “And they weren’t willing to send me the email. I would say that was my last shred of hope that they were legitimate is when I asked them to send me the email and they said no.”
After nearly seven minutes, Silver was asked to share his computer screen. He ended the call.

“I’m not surprised I got the call. But I do question how they had my personal cell phone number and where they’re getting that information to tie me to Coinbase,” he said.

Apgar said he wishes he had never answered the phone. To make matters worse, he has been unable to get his account access restored, he said. When CNBC reached out to Coinbase about the Apgars regaining access to their account, a company spokesperson said the matter was turned over to its security team.

Apgar said Monday that he had just responded to an email from Coinbase to help restore access to the account.

Customer service at Coinbase has been a widespread problem, CNBC found last year. Customers around the country said hackers were draining their accounts but when they turned to Coinbase for help they could not get a response. After the story, Coinbase set up a phone support line to help customers, but even that has been fraught with problems.

Asked what he could have done differently, Apgar said it’s simple: not answer the phone.

Re: FBI Security Alerts

Ukraine defence ministry website, banks, knocked offline


KYIV, Feb 15 (Reuters) - The online networks of Ukraine's defence ministry and two banks were overwhelmed on Tuesday and Ukraine's information security centre pointed the finger at neighbouring Russia.

"It is not ruled out that the aggressor used tactics of little dirty tricks because its aggressive plans are not working out on a large scale," the Ukrainian Centre for Strategic Communications and Information Security, which is part of the culture ministry, said in a statement.

Kyiv has blamed Moscow for similar actions in the past and since Russia began massing more than 100,000 troops near the frontier, raising East-West tensions as the West fears Russia is planning to attack Ukraine, which Moscow denies.

The type of disruption reported by Ukrainian authorities on Tuesday is known as a distributed denial-of-service - often abbreviated DDoS - but the scale of it wasn't immediately clear. The manoeuvre, which works by directing a fire hose of internet traffic from a multitude of sources against one set of servers or another, is a common across the internet and such attacks happen periodically in Ukraine and beyond.

A message on the home page of the Ukrainian defence ministry website said it was under maintenance. The ministry tweeted that its website was apparently under a cyberattack and it was working on restoring the access to it.

Oshadbank confirmed the cyberattack saying that it resulted in slowing down of some of its systems. The strategic communications centre said that Privatbank users also had problems with payments and a banking app. Privatbank did not immediately comment.

San Francisco-based Cloudflare, a prominent provider of denial-of-service protection, said that it had seen no evidence of "large DDoS activity" in Ukraine against its data centres or customers there.
"From our perspective today hasn't seen unusual attack traffic against us or our customers on Ukraine," the company said in an email.

The United States and its allies have indicated that they are prepared to respond to Russian digital incursions, even if details remain sparse.

White House press secretary Jen Psaki said there were "a range of means that we could respond - both seen and unseen - to a cyber attack or any other attack."

... cyber attacks on Ukraine from Russia were the expected opening moves in Putin's bid to reclaim Ukraine back into Russia.

Re: FBI Security Alerts

Remember back around 1998 when the internet was actually fun and somewhat safe? I miss those days.

Re: FBI Security Alerts

... I do remember those days. Since then and mostly in the last 10 years, the internet has been weaponized as new technologies for good and bad evolve daily.

Re: FBI Security Alerts

I'm trying to remember which spy movie had the catch-phrase "whoever masters the ones and zeroes will rule the world" I think it was a James Bond flick. How prophetic was that? Even the book 1984, prophetic, only 38 years too early. I've been working on my Sec+ cert for a while now. The more I know the scarier it gets. It all boils down to greed and power. People that have it all, just want more. Say what you want, but computer science will destroy us by the hands of governments influenced by power mongers.

Re: FBI Security Alerts

This is essentially what Sec+ says too. One of the top 10 ways to introduce a virus into a system in the US is to drop a few flashdrives in a company parking lot. I also have read that copier jocks like us are the number 1 recruited/bribed workers for installing bad stuff into corporate networks. Funny, no one has ever approached me about it yet. Just saying.

Re: FBI Security Alerts

The core protocols for the internet were developed 40-50 years ago (TCP/IP, DNS, etc) when the threat models were very different and computers were very large and very expensive. Security wasn't a factor in these early systems at all.

If the internet and its associated technologies were to be developed today, they would look very different. Security and encryption would be built in as opposed to bolted on top.

Overall, the internet is fairly safe as long as you follow some very basic hygiene:

1. Patch all systems in a timely manner. This means operating system, software, BIOS, everything.

2. When a software application is no longer supported upgrade to a supported version, uninstall it, or segment the system from all but necessary traffic.

3. Don't use an administrator account for anything other than admin tasks (I have rules in place on my systems where admin accounts can't even open a browser or email client).

4. Have a list of approved software and standardise your systems as much as possible.

5. Know what's on your network and what it should be connecting to on it.

6. Don't use any link from an email that you are not expecting, and even if you are expecting one go to the site directly to find the information you're looking for.



Sent from my BlackBerry using Tapatalk

Re: FBI Security Alerts

US officials tell businesses to watch for potential ransomware attacks after Biden announces Russia sanctions


Minutes after President Joe Biden announced new sanctions on Russian banks and elites on Tuesday, a senior FBI cyber official asked US businesses and local governments to be mindful of the potential for ransomware attacks as the crisis between the Kremlin and Ukraine deepens.

Russia is a “permissive operating environment” for cybercriminals – one that “is not going to get any smaller” as Russia’s confrontation with the West over Ukraine continues and further sanctions are announced, the FBI’s David Ring said on a phone briefing with private executives and state and local officials, according to two people who were on the call.

Ring asked state and local officials and business executives to consider how ransomware attacks could disrupt the provision of critical services, the people on the call said.

US officials continue to say there are “no specific, credible” threats to the US homeland tied to tensions with Russia over Ukraine, but they are preaching vigilance.

The willingness of Russian-speaking cybercriminals to disrupt US critical infrastructure has been a US concern for years, but it came to a head last year when a ransomware attack forced major fuel transporter Colonial Pipeline to shut down for days.

The phone call was one in a series of briefings that FBI and Department of Homeland Security officials have had for US companies and local governments in the last two months in light of US tensions with Russia over Ukraine. It had been scheduled before it was clear that Biden would address Russia’s latest moves in Ukraine on Tuesday. The US President announced the “first tranche” of sanctions against Russian entities for Russian President Vladimir Putin’s decision to recognize two breakaway regions in Ukraine and send troops there.

The US could also see “a possible increase in cyber threat activity” from Russian state-backed hackers as a result of those sanctions, Ring said, according to the people on the call.

“DHS has been engaging in an outreach campaign to ensure that public and private sector partners are aware of evolving cybersecurity risks and taking steps to increase their cybersecurity preparedness,” a DHS spokesperson said in a statement.

The extortion of Colonial Pipeline had underscored for Biden administration officials the economic and national security threat posed by ransomware. The incident triggered long lines at gas stations in multiple US states and prompted Biden to call on Putin to rein in cybercriminals operating from Russian soil.

While ransomware attacks on US organizations by Russian-speaking hackers have continued, Russian authorities have dangled the prospect of cracking down on some groups in recent months, as the standoff over Ukraine brewed.

US officials said last month that they believe Russia has detained the person responsible for the Colonial Pipeline hack, but any cooperation between the two governments on cybercrime could be elusive if relations further deteriorate over Ukraine, according to some analysts.

After the cyberattacks on Ukrainian government and banking websites last week that the Biden administration blamed on Russia’s military intelligence directorate, US officials continue to see Russian cyber operations as likely playing a role in any further military invasion.

In the event of a larger conflict between Russia and Ukraine, US officials are concerned that transportation networks and broadcast media in Ukraine could be shut down by kinetic or cyberattacks, Matthew Hackner, an official in DHS’ Office of Intelligence and Analysis, said on Tuesday’s phone briefing, according to people on the call.

Re: FBI Security Alerts

President Biden has been given a list of options to cyber attack Russia on the behalf of Ukraine.

Biden Given Russia Cyberattack Options, Including Internet, Transportation Interruptions

Biden Given Russia Cyberattack Options, Including Internet, Transportation Interruptions - YouTube

Re: FBI Security Alerts

Anonymous hacks unsecured printers to send anti-war messages across Russia


Anonymous has carried out a mass “Print Attack” in which it has sent over 100,000 print copies to Russian citizens with messages against war and how to bypass censorship in the country.

Anonymous hacktivists are compromising vulnerable and misconfigured printers across Russia and sending print copies to users with anti-war messages. The modus operandi of this attack is similar to the one that Anonymous used last month in which the group hacked misconfigured cloud databases owned by businesses in Russia and left messages against the ongoing conflict between Russia and Ukraine.

40,000+ Copies Printed Sent

The details of the attack were shared by one of the Anonymous affiliated groups with Hackread.com according to which as of Sunday, March 20th, 2022, the group had targeted 160 devices and printed over 40,000 copies with anti-war and “anti-propaganda” messages in the Russian language.

The printed copies also explained how users can bypass censorship in Russia by using the Tor browser. It is worth noting that the Russian government has blocked Facebook, Instagram, Twitter, BBC News, Voice of America, Deutsche Welle, Bellingcat, Amnesty International, Meduza.io, Ukrayinska Pravda, Interfax-Ukraine, Radio Free Liberty, etc. since the invasion of Ukraine on Thursday, 24th February 2022.

“The printers were misconfigured, and manually forwarded on the Russian routers. In every case we have reviewed, the port was deliberately forwarded.“

PDFs Printed with Anti-Propaganda Messages

In a conversation with Anonymous, Hackread.com was told that the hacked printers were forced to print PDFs with a message informing Russians that “their president, the government, and media all have been feeding them lies.”

Anonymous sides with Ukraine

It is no secret that Anonymous has sided with Ukraine over the ongoing conflict between two countries. The group has so far targeted the government and the private sector to spread its message. The list and timeline of some of the cyberattacks reported by Hackread.com are as follow:

• Feb 28th: Anonymous hacks EV charging station + TV channels
• March 4th: Anonymous hacks Russian space research institute website
• March 7th: Anonymous hacks Russian TV & streaming sites with war footage
• March 10th: Anonymous hacks 90% of misconfigured Russian cloud databases
• Match 12th: Anonymous sent 7M texts & hacked 400 Russian security cams
• March 15th: Anonymous DDoSd Russian Fed Security Service & other sites
• March 19th: Anonymous hacked & leaked 79GB of Russian pipeline giant data

Re: FBI Security Alerts

18% of businesses affected by cybersecurity incidents last year: StatCan


A new Statistics Canada report says 18 per cent of Canadian businesses were impacted by cybersecurity incidents last year, down from 21 per cent in 2019, as they spent more money to prevent attacks.

The report found 16 per cent of small businesses, 25 per cent of medium-sized businesses and 37 per cent of large businesses reported being affected by cybersecurity incidents in 2021.

Statistics Canada said Tuesday businesses most commonly faced attempts to steal money or demand ransom payments and efforts to steal personal or financial data.

Sixty-one per cent of affected businesses identified external parties as the perpetrator of cybersecurity incidents, while 38 per cent could not identify the perpetrator.

The percentage of businesses that reported spending money to detect or prevent cybersecurity incidents remained relatively the same in 2021, at 61 per cent, compared with 62 per cent in 2019.

However, the amount of money Canadian businesses spent to detect or prevent cybersecurity incidents increased by roughly $2.8 billion in 2021 to $9.7 billion when compared with 2019, Statistics Canada said.

Large businesses spent $4.4 billion, small businesses spent $2.9 billion and medium-sized businesses spent $2.4 billion last year.

Businesses that were hit with a cybersecurity incident spent a total of slightly more than $600 million to recover, an increase of about $200 million dollars from 2019.

The report also found that many companies have been implementing policies and procedures to mitigate risks.

More than six in 10 businesses had at least one employee responsible for overseeing cybersecurity risks and threats as of 2021, almost four in 10 had a consultant or contractor to manage threats, and almost one-third had monthly or more frequent updating of operating systems.

Re: FBI Security Alerts

Top US cybersecurity agency hacked and forced to take some systems offline


A federal agency in charge of cybersecurity discovered it was hacked last month and was forced to take two key computer systems offline, an agency spokesperson and US officials familiar with the incident.

One of the US Cybersecurity and Infrastructure Security Agency’s affected systems runs a program that allows federal, state and local officials to share cyber and physical security assessment tools, according to the US officials briefed on the matter. The other holds information on security assessment of chemical facilities, the sources said.

A CISA spokesperson said in a statement that “there is no operational impact at this time” from the incident and that the agency continues to “upgrade and modernize our systems.”

“This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience,” the spokesperson said, adding that the impact from the hack “was limited to two systems, which we immediately took offline.”
The two systems run on older technology that was already set to be replaced.

Part of the Department of Homeland Security, CISA investigates cyber intrusions at federal agencies and advises private critical infrastructure firms on how to bolster their security.

The Record first reported on the hack.

It was not immediately clear who was behind the hack, but it occurred through vulnerabilities in popular virtual private networking software made by Utah-based IT firm Ivanti. For several weeks, CISA has urged federal agencies and private firms to update their software or take other defensive measures in response to widespread exploitation of Ivanti vulnerabilities by hackers.
Among the hackers exploiting the flaws are a Chinese group focused on espionage.

While there is some irony in it, even cybersecurity agencies or officials can be victims of hacking. After all, they rely on the same technology that others do. The US’ top cybersecurity diplomat Nate Fick said last year that his personal account on social media platform X was hacked, calling it part of the “perils of the job.”