Page 7 of 14 FirstFirst 1234567891011121314 LastLast
Results 61 to 70 of 134
  1. #61
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    Due to the increasing number of attacks, The White House released an open letter on Thursday titled, "What We Urge You To Do To Protect Against The Threat of Ransomware" from Anne Neuberger, deputy assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.

    https://assets.documentcloud.org/documents/20796933/memo-what-we-urge-you-to-do-to-protect-against-the-threat-of-ransomware17.pdf


    Despite the startling increase in ransomware attacks in the last few months, Neuberger touted the White House's efforts to deal with the crisis, noting that the US government is currently:

    1. Disrupting ransomware networks
    2. Working with international partners to hold countries that harbor ransomware actors accountable
    3. Developing cohesive and consistent policies towards ransom payments
    4. Enabling rapid tracing and interdiction of virtual currency proceeds

    She added that it was important for the private sector to do its part in addressing the cybersecurity posture of their organizations.

  2. #62
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    Biden admin mulling cyber attacks against Russian hackers


    The Biden administration is moving to treat ransomware attacks as a national security threat, using intelligence agencies to spy on foreign criminals and contemplating offensive cyber operations against hackers inside Russia, U.S. officials and other sources familiar with the matter tell NBC News.

    Though using the military to take action against criminals would not be without precedent, it’s controversial in legal circles, and any American cyber action against targets in Russia would risk retaliation. But officials say criminal ransomware attacks from abroad, once a nuisance, have become a major source of economic damage, as the disruption of gasoline and meat supplies in recent weeks has illustrated.

    “Right now, they are hair on fire,” one former government official said of the Biden administration.
    In an example of the new approach, the White House was unusually quick to point the finger at Russia for harboring the attackers, just one day after officials learned of the ransomware strike on meat processor JBS. In previous incidents, it took weeks or months for the U.S. government to publicly blame another country as the source of a cyber attack.

    But momentum was building even before Biden took office. As the onslaught of ransomware attacks against hospitals and local governments increased, the National Security Agency in the summer of 2019 began spying on certain foreign criminal hacker groups, according to a former official and three other sources familiar with the matter. Officials say that intelligence collection puts the U.S. in a better position to target the groups if the president orders a strike.

    Because they are not carried out directly by governments, ransomware attacks like the ones that hit Colonial Pipeline and JBS have for years been treated as purely criminal matters, investigated by the FBI with an eye toward prosecution. Criminal accountability was rare, though, because most of the hackers reside in Russia and other places outside the reach of American law enforcement. Russia allows the hackers to operate without interference as long as they are attacking the West, U.S. officials say.

    Even as the NSA began assembling data on ransomware groups, hospital systems were hit last fall by another wave of attacks. Sources say U.S. officials in charge of cyber policy became further convinced that it was time to get more intelligence resources — and military cyber warriors — focused on the problem.

    “Sometime at the end of last year, everyone decided that this had risen to the level of a threat to national security,” said James Lewis, a cyber expert at the Center for Strategic and International Studies who consults frequently with government officials.
    Spokespersons for the NSA and U.S. Cyber Command declined to comment.

    “While we won’t comment on specific planned or ongoing operations, we provide options through the Department of Defense to the president,” the cyber command spokesperson said.

    Since Biden took office, the impact of ransomware attacks has grown, officials say. An attack on Colonial Pipeline last month led to gasoline shortages, and a strike against meat processing firm JBS threatened a quarter of America’s meat processing capacity. Had JBS not gotten back online quickly —presumably by paying a ransom — experts say Americans might have experienced significant meat shortages.

    On Thursday, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, issued an open letter to corporate leaders urging them to improve their cyber defenses.

    “The number and size of ransomware incidents have increased significantly,” she said. “The U.S. government is working with countries around the world to hold ransomware actors and the countries who harbor them accountable, but we cannot fight the threat posed by ransomware alone. The private sector has a distinct and key responsibility.”

    Neuberger also said the U.S. government was seeking to “disrupt” ransomware networks, though she didn’t say how.

    In a typical ransomware attack, hackers break into a corporate network and lock up data, demanding payment in order to release it. Some also threaten to post business secrets on the internet if payment is not made.

    Cyber security experts say successful ransomware attacks often take advantage of companies with substandard cyber defenses.

    But even if every company and local government had the best defensive technology in place, hackers with enough time and money would find a way to get through, experts say. That’s why the Biden administration is contemplating ways to deter ransomware gangs and the countries that give them sanctuary, principally Russia.

    The White House says Biden will put Russian President Vladimir Putin on notice at the June 16 summit between the two leaders that Russia must stop harboring criminal hackers. But Lewis and other experts do not anticipate Putin caving to U.S. demands.

    If he doesn’t, Biden will have a menu of options in front of him, current and former officials say, including offensive action by U.S. Cyber Command, the military hackers based at Fort Meade who wield cyber weapons that can take down networks and turn computers into bricks.

    The military would be careful to operate in a gray area, just short of the international law definition of an act of war, said Gary Brown, a former Pentagon cyber warrior who now serves as professor of cyber law at the National Defense University. That’s exactly what Russia has been doing to the U.S. over the last decade, he said, with a campaign of disinformation, election interference and hacking.

    Among the things Cyber Command could do, he said, is disrupt the hackers’ ability to access their own networks and tools, “infect their networks with modified tools that have our own little special gifts attached to them,” and harass some of the key players.
    Indictments by the Justice Department also serve a purpose, he said, by blocking the hackers from most travel and access to the U.S. financial system.

    The U.S. could also impose further economic sanctions on Russia, but “we’ve kind of pressed the sanctions button pretty close to the max,” Brown said. “In my opinion, we seem to have kind of run the course on how much you can do with that.”

    Whatever the U.S. response has been, it hasn’t led Russia to stop harboring the criminal hackers, said Glenn Gerstell, who retired in 2020 after five years as NSA general counsel.

    “We’re not going to shut off all the lights in Moscow,” he said, but “whatever it is we’re doing now is clearly not producing the desired effect. We need to do something different.”

    Some scholars have urged caution in the use of the military against criminal hackers. Jason Healy, a former White House official who is now a cyber expert at Columbia University, made that argument in an article for the Lawfare blog last month, saying the military should only be used against criminal groups as a last resort, in response to an imminent threat.

    Military force has been used against criminals before, in raids to free American hostages, such as when Navy SEALs rescued merchant ship crew members from Somali pirates in 2009, an incident later portrayed in the Tom Hanks movie, “Captain Phillips.”

    And in August 2020, current and former officials say, U.S. Cyber Command took down a Trickbot, a botnet used to deploy ransomware. That was the first known use of military force against criminal hackers, and it was justified as a measure to prevent election interference, because Trickbot also could have been repurposed to disrupt the 2020 elections.
    Cyber command’s mission is to defend the United States in cyberspace, Gerstell said.

    “If the country is experiencing malicious effects from a cyber attack, that to me creates a justification for U.S. Cyber Com to be more aggressive,” he said.

  3. #63
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,791
    Rep Power
    108

    Re: FBI Security Alerts

    Further reporting on the Colonial Pipeline attack indicates that the attack started through access to their network using credentials for an account that was no longer actively in use that had VPN access. Once they were in, finding a further foothold likely wouldn't take long, especially since it would have looked like regular traffic at first glance.

    So the attack could have been prevented just by disabling or removing accounts for staff that were no longer with the company or, at the very least, removing VPN access for those accounts.

    Sent from my BlackBerry using Tapatalk

  4. #64
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers


    US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.

    The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said.

    The ransom recovery is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

    ... behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia. US officials have linked the Colonial attack to a criminal hacking group known as Darkside that is said to share its malware tools with other criminal hackers.

  5. #65
    IT Manager 10,000+ Posts bsm2's Avatar
    Join Date
    Feb 2008
    Location
    Biden 2024
    Posts
    25,774
    Rep Power
    333

  6. #66
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,791
    Rep Power
    108

    Re: FBI Security Alerts

    Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

    $11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

    Sent from my BlackBerry using Tapatalk

  7. #67
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    Quote Originally Posted by rthonpm View Post
    Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

    $11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

    Sent from my BlackBerry using Tapatalk
    ... hopefully in a big company like JBS, their information systems were segmented and isolated from each other. A ransomware attack on one system, however critical, did not compromise the entire system.

  8. #68
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    NATO agrees cyberattacks could amount to armed attacks and lead to invocation of mutual self-defense clause


    The leaders of the 30 NATO countries agreed “that the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack,” an assessment that could lead to the invocation of the organization’s mutual self-defense clause, Article 5.
    The countries “(reaffirmed) that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis,” according to a joint statement released during the NATO leaders’ summit on Monday.

    “We will make greater use of NATO as a platform for political consultation among Allies, sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses. If necessary, we will impose costs on those who harm us,” the joint communique said.

    Speaking to the press on Sunday, US National Security Adviser Jake Sullivan said that “the notion is that if someone gets hit by a massive cyberattack, and they need technical or intelligence support from another Ally to be able to deal with it, they could invoke Article 5 to be able to get that,” but underscored it would be “on a case-by-case basis.”

    The NATO joint communique noted that “Cyber threats to the security of the Alliance are complex, destructive, coercive, and becoming ever more frequent.”

    “This has been recently illustrated by ransomware incidents and other malicious cyber activity targeting our critical infrastructure and democratic institutions, which might have systemic effects and cause significant harm,” it said.

    The allies said that in order to face the “evolving” challenge of cyber attacks, they on Monday “endorsed NATO’s Comprehensive Cyber Defence Policy, which will support NATO’s three core tasks and overall deterrence and defence posture, and further enhance our resilience.”

    “Reaffirming NATO’s defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law,” the joint communique said.

    It also noted that NATO as an organization will “continue to adapt and improve its cyber defences” and that they will “further develop NATO’s capacity to support national authorities in protecting critical infrastructure, including against malicious hybrid and cyber activity. We will ensure reliable energy supplies to our military forces.”

  9. #69
    Service Manager 5,000+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    7,705
    Rep Power
    224

    Re: FBI Security Alerts

    200 businesses hit by ransomware after breach at Florida IT firm



    • Cybersecurity company Huntress Labs said on Friday that 200 businesses have been hit by ransomware attacks following an incident at U.S. IT firm Kaseya in Miami.
    • Kaseya, in a statement posted on its own website, said it is investigating a “potential attack” on a widely used tool to reach into corporate networks across the United States.
    • In the statement, Kaseya said its VSA tool, which is used by IT professionals to monitor and manage servers, desktops, network devices and printers, may have been attacked.




    In the statement, Kaseya said its VSA tool, which is used by IT professionals to monitor and manage servers, desktops, network devices and printers, may have been attacked.

    It said it had shut down some of its infrastructure in response and that it was urging customers that used VSA on their premises to immediately turn off their servers.

    “This is a colossal and devastating supply chain attack,” Huntress senior security researcher John Hammond said in an email, referring to an increasingly high profile hacker technique of hijacking one piece of software to compromise hundreds or thousands of users at a time.

    Hammond added that because Kaseya is plugged in to everything from large enterprises to small companies “it has the potential to spread to any size or scale business.”

    Reuters was not immediately able to reach a Kaseya representative for further comment.

    Huntress said it believed the Russia-linked REvil ransomware gang — the same group of actors blamed by the FBI for paralyzing meatpacker JBS last month — was to blame for the latest ransomware outbreak.

    An email sent to the hackers seeking comment was not immediately returned.

    In a statement, the U.S. Cybersecurity and Infrastructure Security Agency said it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya’s VSA product.

    Supply chain attacks have crept to the top of the cybersecurity agenda after hackers alleged to be operating at the Russian government’s direction tampered with a network monitoring tool built by Texas software firm SolarWinds.

    Kaseya has 40,000 customers for its products, though not all use the affected tool.

  10. #70
    Service Manager 10,000+ Posts
    FBI Security Alerts

    Phil B.'s Avatar
    Join Date
    Jul 2016
    Location
    Raleigh NC
    Posts
    22,675
    Rep Power
    659

    Re: FBI Security Alerts

    Quote Originally Posted by rthonpm View Post
    Now it comes out that JBS also paid a ransom to get their data back. After someone else has had access to your data, could you really trust that they didn't exfiltrate sensitive information such as financials or bank account information, or even operational process documents? Could you be certain that they didn't alter the same types of data? Are there other surprises among their data? Malware or other command and control methods?

    $11 million to release systems that will likely need to be rebuilt anyway. That would have bought years of backup software licenses and the hardware to do them...

    Sent from my BlackBerry using Tapatalk
    Yup it's all on Biden

    He built this mess.

    Sent from my SM-G960U using Tapatalk

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here