Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Hackers (Page 1 of 2)

Russia, China and Iran trying to hack presidential race, Microsoft says

200116-msft-gty-773.jpg

Russian, Chinese and Iranian hackers have mounted cyberattacks against hundreds of organizations and people involved in the 2020 presidential race and U.S.-European policy debates, with targets including the campaigns of both Donald Trump and Joe Biden, Microsoft said Thursday.

The report is the most expansive public warning to date about the rapid spread of foreign governments’ efforts to wield hackers to undermine U.S. democracy.

The perpetrators include the same Kremlin-aligned Russian hacking group whose thefts and leaks of confidential Democratic Party documents helped torpedo Hillary Clinton’s presidential hopes in 2016, said Microsoft, which offers products designed to detect such attacks.

Targets this time include the Trump and Biden campaigns, administration officials and an array of national and state parties, political consultants and think tanks, as well as groups such as the German Marshall Fund and Stimson Center that promote international cooperation.

“The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated,” Microsoft said in a blog post. It added that its security tools detected and blocked “the majority of these attacks.”

The company did not answer numerous questions from POLITICO seeking more details about the attacks.

The revelations come amid a feud between congressional Democrats and the administration over what it knows about foreign threats against the election, in particular the Democrats’ accusations that Trump’s intelligence leaders are failing to alert the public about the Kremlin’s activities. Trump and his supporters have pushed a message that the Chinese are trying to help Biden — a claim not supported by intelligence officials, who have told POLITICO that Russia’s efforts pose the most active and acute danger.

An official intelligence community statement last month said China prefers that Trump not be reelected, that Russia is denigrating Biden and that Iran is undermining the president.

Some of the hackers’ targets confirmed Microsoft’s reporting, though none said the cyberattacks had succeeded.

“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,” said Thea McDonald, deputy press secretary for the president’s campaign team. “We work closely with our partners, Microsoft and others, to mitigate these threats. We take cybersecurity very seriously and do not publicly comment on our efforts.”

Likewise, the Republican National Committee has “been informed that foreign actors have made unsuccessful attempts to penetrate the technology of our staff members,” an RNC spokesperson said.

Biden’s campaign did not immediately respond to a request for comment.

Microsoft has also alerted SKDKnickerbocker, one of Biden’s chief communications and strategy firms, that Russian hackers had unsuccessfully targeted its networks, Reuters said early Thursday ahead of the report’s release. Those attempts also failed, Reuters reported. The firm did not respond to later requests for comment.

The attacks on the Stimson Center were first observed in May, spokesperson David Solimini said, and Microsoft notified the think tank about the nature and source in late July. He and German Marshall Fund spokesperson Sydney Simon both said they’d seen no evidence that the attacks succeeded.

Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said Microsoft’s findings are “consistent with earlier statements by the Intelligence Community on a range of malicious cyber activities targeting the 2020 campaign.”

“It is important to highlight that none [of the targets] are involved in maintaining or operating voting infrastructure and there was no identified impact on election systems,” Krebs said in a statement. He added, “Everyone involved in the political process should stay alert against these sorts of attacks.”

The Treasury Department announced its own steps to combat Kremlin interference Thursday, saying it had designated the pro-Russian Ukrainian lawmaker Andriy Derkach for sanctions for promoting discredited allegations against Biden.

Graham Brookie, director of the Atlantic Council’s Digital Forensic Research Lab, confirmed that his group had been the target of apparently unsuccessful attacks from Chinese hackers, but cautioned that those did not appear election-related.

“It is not surprising that we would be targeted by China, based on the substance of our work,” Brookie said. “This appeared to be about information gathering and espionage as opposed to election interference of any kind.”

Among other details, Microsoft reported that:

— The hacking group popularly known as Fancy Bear, which is linked to Russian military intelligence and played a major role in the 2016 attacks on Democrats, has gone after more than 200 organizations in recent months. The targets include political campaigns, national and state party organizations, consultants for both parties and think tanks. (The group is also known as APT28, and Microsoft refers to it as Strontium.)

— A Chinese hacking group called Zirconium or APT31 has attacked high-profile people in Biden’s campaign and at least one prominent person in Trump’s campaign, the tech giant said.

— Phosphorus, an Iranian hacker group often called Charming Kitten, has gone after Trump campaign staffers and administration officials.

Microsoft’s blog post said that it had blocked the majority of the attacks.

The company’s analysis offered some new details on the hackers’ methods.

For instance, in 2016 the Russian group primarily relied on so-called spearphishing, which tricks victims into clicking on malicious email links to gain access to documents that it later released through outlets like WikiLeaks. But in recent months, Russia has shifted toward more crude “brute force” attacks and a technique called password spray, in which hackers input many passwords in a bid to guess their way into a system.

“Strontium also disguised these credential harvesting attacks in new ways, running them through more than 1,000 constantly rotating IP addresses, many associated with the Tor anonymizing service,” wrote Tom Burt, corporate vice president for customer security and trust. “Strontium even evolved its infrastructure over time, adding and removing about 20 IPs per day to further mask its activity.”

This is far from the first time that a company in the cybersecurity business, not the federal government, has been the first to go public with details about major attacks against their customers by nation-states. Previous examples include a landmark 2013 report by the cyber firm Mandiant on Chinese Army-connected hackers conducting cyber espionage against U.S. critical infrastructure like the electrical power grid.

Meridith McGraw and Natasha Bertrand contributed to this report.

Source: https://www.politico.com/news/2020/09/10/russia-china-iran-cyberhack-2020-election-411853
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Tim Starks

Hartford postpones first day of school after ransomware attack

statecapitolbuildings_connecticut_hartfo

The city of Hartford, Conn., postponed its scheduled first day of school on Tuesday after a ransomware virus attack affected school systems over the weekend.  Hartford Public Schools announced …

Source: https://thehill.com/policy/cybersecurity/515446-hartford-postpones-first-day-of-school-after-ransomware-attack
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Justine Coleman

Garmin global outage caused by ransomware attack, sources say

An ongoing global outage at sport and fitness tech giant Garmin was caused by a ransomware attack, according to two sources with direct knowledge of the incident.

The incident began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices. The attack also took down flyGarmin, its aviation navigation and route-planning service.

Portions of Garmin’s website were also offline at the time of writing.

Garmin has said little about the incident so far. A banner on its website reads: “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

The two sources, who spoke on the condition of anonymity as they are not authorized to speak to the press, told TechCrunch that Garmin was trying to bring its network back online after the ransomware attack. One of the sources confirmed that the WastedLocker ransomware was to blame for the outage.

One other news outlet appeared to confirm that the outage was caused by WastedLocker.

Garmin’s online services have been down for days. The cause is believed to be ransomware, according to two sources with direct knowledge of the incident. (Screenshot: TechCrunch)

WastedLocker is a new kind of ransomware, detailed by security researchers at Malwarebytes in May, operated by a hacker group known as Evil Corp. Like other file-encrypting malware, WastedLocker infects computers, and locks the user’s files in exchange for a ransom, typically demanded in cryptocurrency.

Malwarebytes said that WastedLocker does not yet appear to have the capability to steal or exfiltrate data before encrypting the victim’s files, unlike other, newer ransomware strains. That means companies with backups may be able to escape paying the ransom. But companies without backups have faced ransom demands as much as $10 million.

The FBI has also long discouraged victims from paying ransoms related to malware attacks.

Evil Corp has a long history of malware and ransomware attacks. The group, allegedly led by a Russian national Maksim Yakubets, is known to have used Dridex, a powerful password-stealing malware that was used to steal more than $100 million from hundreds of banks over the past decade. Later, Dridex was also used as a way to deliver ransomware.

Yakubets, who remains at large, was indicted by the Justice Department last year for his alleged part in the group’s “unimaginable” amount of cybercrime during the past decade, according to U.S. prosecutors.

The Treasury also imposed sanctions on Evil Corp, including Yakubets and two other alleged members, for their involvement in the decade-long hacking campaign.

By imposing sanctions, it’s near-impossible for U.S.-based companies to pay the ransom — even if they wanted to — as U.S. nationals are “generally prohibited from engaging in transactions with them,” per a Treasury statement.

Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft, said those sanctions make it “especially complicated” for U.S.-based companies dealing with WastedLocker infections.

“WastedLocker has been attributed by some security companies to Evil Corp, and the known members of Evil Corp — which purportedly has loose connections to the Russian government — have been sanctioned by the U.S. Treasury,” said Callow. “As a result of those sanctions, U.S persons are generally prohibited from transacting with those known members. This would seem to create a legal minefield for any company which may be considering paying a WastedLocker ransom,” he said.

Efforts to contact the alleged hackers were unsuccessful. The group uses different email addresses in each ransom note. We sent an email to two known email addresses associated with a previous WastedLocker incident, but did not hear back.

A Garmin spokesperson could not be reached for comment by phone or email on Saturday. (Garmin’s email servers have been down since the start of the incident.) Messages sent over Twitter were also not returned. We’ll update if we hear back.

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=2nMcw3j9EaU:X4K836U5LCA:-BT Techcrunch?i=2nMcw3j9EaU:X4K836U5LCA:D7D Techcrunch?d=qj6IDK7rITs

Source: https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Zack Whittaker

Bill Gates and Elon Musk Didn’t Get Hacked—Twitter Did

9a262dbe.jpg
Last night was a long one for Twitter. Bill Gates, Elon Musk, President Barack Obama, Apple, Uber, and more started tweeting offers to double people’s money if they sent bitcoin to a specific wallet. None of that was true, of course, it was a scam. And now Twitter is admitting its internal tools made the giant hack possible.

Read This Article on Review Geek ›

Source: https://www.reviewgeek.com/47803/bill-gates-and-elon-musk-didnt-get-hacked-twitter-did/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Josh Hendrickson

Do Hackers Really Battle in Real Time? 

hacker-computer.jpg
Everyone knows that hacker-attack scene from NCIS. Working in their dimly lit forensics lab, Abby Sciuto (Pauley Perrette) and Timothy McGee (Sean Murray) have to fend off a cybercriminal, hell-bent on stealing information about their investigation.

Read This Article on How-To Geek ›

Source: https://www.howtogeek.com/676868/do-hackers-really-battle-in-real-time%C2%A0/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Matthew Hughes

What Is a Man-in-the-Middle Attack?

free-wifi-trap.jpg
A man-in-the-middle (MITM) attack occurs when someone sits between two computers (such as a laptop and remote server) and intercepts traffic. This person can eavesdrop on, or even intercept, communications between the two machines and steal information.

Read This Article on How-To Geek ›

Source: https://www.howtogeek.com/668989/what-is-a-man-in-the-middle-attack/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Matthew Hughes

« Older posts