Results 1 to 4 of 4
  1. #1
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,627
    Rep Power
    111

    FBI Security Alerts

    Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7

    An FBI alert sent on Tuesday warns companies about the use of out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer.

    Following Oldsmar attack, FBI warns about using TeamViewer and Windows 7 | ZDNet

    In the aftermath of the Oldsmar incident, where an unidentified attacker gained access to a water treatment plant's network and modified chemical dosages to dangerous levels, the FBI has sent out an alert on Tuesday, raising attention to three security issues that have been seen on the plant's network following last week's hack.

    The alert, called a Private Industry Notification, or FBI PIN, warns about the use of out-of-date Windows 7 systems, poor passwords, and desktop sharing software TeamViewer, urging private companies and federal and government organizations to review internal networks and access policies accordingly.


    TEAMVIEWER CONSIDERED THE POINT OF ENTRY


    The FBI PIN specifically names TeamViewer as a desktop sharing software to watch out for after the app was confirmed as the attacker's entry point into the Oldsmar water treatment plant's network.

    In a Motherboard report published on Tuesday, several well-known security experts criticized companies and workers who often use the software for remote work, calling it insecure and inadequate for managing sensitive resources.

    While the FBI PIN alert doesn't take a critical tone or stance against TeamViewer, the FBI would like federal and private sector organizations to take note of the app.

    "Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs)," the FBI said.

    "TeamViewer's legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to typical RATs.

    The FBI alert doesn't specifically tell organizations to uninstall TeamViewer or any other type of desktop sharing software but warns that TeamViewer and other similar software can be abused if attackers gain access to employee account credentials or if remote access accounts (such as those used for Windows RDP access) are secured with weak passwords.

  2. #2
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,627
    Rep Power
    111

    Re: FBI Security Alerts

    A new phishing campaign is attempting to lure victims into downloading the latest version of a malware trojan – and it has links to one of the most prolific cyber-criminal operations active in the world today.

    The Bazar trojan first emerged last year and a successful deployment of the trojan malware can provide cyber criminals with a backdoor into compromised Windows systems, allowing them to control the device and gain additional access to the network in order to collect sensitive information or deliver malware, including ransomware.

    Now cybersecurity researchers at Fortinet have identified a new variant of Bazar trojan, which has been equipped with anti-analysis techniques to make the malware harder for anti-virus software to detect.

    These include hiding the malicious APIs in the code and only calling on them when needed, additional code obfuscation, and even encrypting certain strings of the code to make it more difficult to analyse.
    The new techniques were added to Bazar towards the end of January and coincided with a phishing campaign designed to distribute the updated version of the malware.

  3. #3
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,627
    Rep Power
    111

    Re: FBI Security Alerts

    Federal prosecutors charge three North Korean hackers accused of conspiring to steal more than $1.3 billion


    Federal prosecutors charged three North Korean hackers with conspiring to steal more than $1.3 billion from banks and companies around the world, the Justice Department announced Wednesday.

    In an indictment unsealed in California, authorities described a range of brazen operations carried out by the trio from 2014 to 2020, targeting high-profile movie studios and cryptocurrency traders with sophisticated technology that national security officials said underscored the country's status as a leading cybercrime threat.

    Members of a military intelligence agency, the three hackers are accused of carrying out the 2014 attack on Sony in retaliation for a movie that lampooned the North Korean leader, as well as a devastating hit on the central bank of Bangladesh in 2016, which netted the rogue nation some $81 million.

    They're also said to have orchestrated digital heists of cryptocurrency and intrusions of ATMs using novel strands of malware.

    "As laid out in today's indictment, North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers," said John Demers, the head of the Justice Department's National Security Division, at a news conference.

    As Western sanctions have crippled the North Korean economy, the Justice Department has warned that the country is developing some of the most advanced capabilities to steal money online, distinguishing it from other US adversaries across the globe.

    "The scope of these crimes by the North Korean hackers is staggering. They are the crimes of a nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime," said Tracy Wilkison, the acting US attorney in Los Angeles.

    Officials acknowledged Wednesday that the new charges and wanted posters distributed by the FBI online are not likely to result in the arrest of the hackers, but national security officials favor publicizing charges like these as part of a "name and shame" campaign that draws attention to the issue and serves as a warning to hackers that authorities are watching.

    The FBI and Department of Homeland Security also on Wednesday released a joint advisory and analysis of some of the malware produced and deployed by the North Koreans in their cryptocurrency heists that authorities said was designed to provide the public with information on how to avoid intrusions and remedy any infections.

    The unsealing of the indictment was timed to coincide with the announcement of a plea deal reached in a related case involving a Canadian-American citizen who allegedly laundered money for the North Korean hackers, Justice Department officials said.

    Ghaleb Alaumary was a high-level and trusted money launderer for the North Koreans who, according to a plea agreement, conspired to steal and launder tens of millions of dollars from cyber bank heists.

    Alaumary and others laundered the money through bank accounts, wire transfers and by converting it to cryptocurrency, according to Jesse Baker, special agent in charge of the Secret Service's Los Angeles field office.

    "This laundering was sophisticated and really extensive, but these methods left an information trail. We really had to collect the dots in order to connect the dots," Baker said.


  4. #4
    Service Manager 2,500+ Posts
    FBI Security Alerts

    SalesServiceGuy's Avatar
    Join Date
    Dec 2009
    Location
    Nova Scotia
    Posts
    3,627
    Rep Power
    111

    Re: FBI Security Alerts

    COMMERCE, Mich., Feb. 22, 2021 /PRNewswire/ -- Nuspire, a leading managed security services provider (MSSP), today announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

    "The volume of sophisticated attacks seen throughout 2020 highlight the criticality of business intelligence and cybersecurity detection and response to improving organizational cyber readiness," said Craig Robinson, Program Director, Security Services at IDC. "Nuspire's latest report puts into perspective the changing nature of cyberattacks. Security leaders must be ready for unexpected situations, consistently revisiting and revamping their cybersecurity strategies."

    2020 was a chaotic year that shifted the threat landscape and changed the way many organizations manage their business operations. In addition to increasingly sophisticated and frequent attacks, Nuspire security experts observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. The report also found a consistent increase of exploitation events trough 2020 with an overall growth of 116% as attackers continued to leverage newly disclosed vulnerabilities.

    "The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business," said John Ayers, Nuspire Chief Strategy Product Officer. "As attack techniques continue to evolve and the frequency of attacks increases, it's critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats."

    During Q4 security experts uncovered a 10,000% increase in ransomware activity—the largest spike in activity Nuspire has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of a numerous SMB brute force login attempts, activity spiked over 90,000% in bursts throughout the quarter.

    Additional notable findings from Nuspire's 2020 Q4 and Year in Review Threat Landscape Report include:


    • Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.
    • Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks.
    • Botnet and Exploit activity remained fairly consistent throughout the year with the largest contenders being ZeroAccess Botnet, which made a significant appearance in May, and DoublePulsar staying at the top of the exploit activity list in 2020.
    • In Q4, attackers increased attempts to exploit new vulnerabilities as they were disclosed. This escalation was driven by the release of known vulnerability in over 49,000 Fortinet devices on the dark web and APT groups - which also targeted the SSL-VPN Vulnerability (CVE-2018-13379). Shortly after this list was release, activity attempting to exploit this vulnerability increased by 4,176%.




Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here