Tagged: attack Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 4:17 am on December 10, 2017 Permalink | Reply
    Tags: attack, , Fortinet, recovers,   

    DUHK attack recovers secret keys from Fortinet devices 

    “Absurd” flaw in government-certified crypto.

    Cryptographers have devised an attack that allows the recovery of secret digital keys from network devices and therefore full, silent interception of traffic.

    Researchers Nadia Heninger, Shaanan Cohen and Matthew Green from the John Hopkins University found that devices using the American National Standards Institute X9.31-based pseudo-random number generator (PRNG) can be reliably attacked to guess the keys used to encrypt communications.

    Although deprecated since 2016, X9.31 is still used in government-certified hardware.

    The attack – dubbed Don’t Use Hard-coded Keys, or “DUHK” – works against devices in which the X9.31 seed key is included in the implementation of the PRNG.

    If the output from the PRNG is also used to directly generate the cryptographic keys, the device in question is vulnerable to the DUHK attack.

    The attack is passive and would not be noticed by victims.

    The researchers targeted Fortinet devices running the FortiOS 4.x operating system to test their attack. They found around 25,000 Fortinet devices are vulnerable to the DUHK attack.

    While recovering the keys is time-consuming – around four minutes per connection – the researchers said the attack was practical to carry out.

    They suggested developers stop using the X9.31 PRNG.

    Fortinet has patched its device firmware in later versions of FortiOS to remove the weak X9.31 PRNG.

    View the Original article

    Advertisements
     
  • jkabtech 4:17 am on October 26, 2017 Permalink | Reply
    Tags: $11.9m, attack, , ,   

    University loses $11.9m in phishing attack 

    In one of the biggest ever heists.

    Canada’s MacEwan University has been lured into handing over C$11.8 million (A$11.9 million) to malicious actors after falling victim to a phishing attack.  

    The university today revealed it had earlier this week been tricked into changing the electronic banking details for one of its major vendor partners through a series of fraudulent emails.

    It resulted in the transfer of C$11.8 million to a bank account university staff had believed belonged to the vendor.

    “There is never a good time for something like this to happen. But as our students come back to start the new academic year, we want to assure them and the community that our IT systems were not compromised during this incident,” university spokesman David Beharry said in a statement.

    “Personal and financial information, and all transactions made with the university are secure. We also want to emphasise that we are working to ensure that this incident will not impact our academic or business operations in any way.”

    After discovering the fraud the university began pursuing efforts to recover the money.

    It is working with the Edmonton police force as well as law enforcement in Montreal and Hong Kong and the affected banks to trace and recoup the funds.

    So far it has managed to trace C$11.4 million to accounts in Canada and Hong Kong. The money has been frozen as lawyers attempt to recover the funds.

    The university said it had no information on the status of the remaining balance at this time.

    The theft is one of the largest disclosed cash heists to be perpetrated through a single phishing attack.

    MacEwan said it has put in controls to prevent any recurrence and has established an internal audit group to investigate the matter.

    “Preliminary assessment has determined that controls around the process of changing vendor banking information were inadequate, and that a number of opportunities to identify the fraud were missed,” the university said in a statement.

    View the Original article

     
  • jkabtech 8:17 pm on October 3, 2017 Permalink | Reply
    Tags: attack, , , , ,   

    Ships are turning back to radio to avoid cyber attack 

    Threats prompt return of WW2 tech for navigation.

    The risk of cyber attacks targeting ships’ satellite navigation is pushing nations to delve back through history and develop back-up systems with roots in World War Two radio technology.

    Ships use GPS and other similar devices that rely on sending and receiving satellite signals, which many experts say are vulnerable to jamming by hackers.

    About 90 percent of world trade is transported by sea and the stakes are high in increasingly crowded shipping lanes. Unlike aircraft, ships lack a back-up navigation system and if their GPS ceases to function, they risk running aground or colliding with other vessels.

    South Korea is developing an alternative system using an earth-based navigation technology known as eLoran, while the United States is planning to follow suit. Britain and Russia have also explored adopting versions of the technology, which works on radio signals.

    The drive follows a series of disruptions to shipping navigation systems in recent months and years. It was not clear if they involved deliberate attacks; navigation specialists say solar weather effects can also lead to satellite signal loss.

    Last year, South Korea said hundreds of fishing vessels had returned early to port after their GPS signals were jammed by hackers from North Korea, which denied responsibility.

    In June this year, a ship in the Black Sea reported to the US Coast Guard Navigation Centre that its GPS system had been disrupted and that over 20 ships in the same area had been similarly affected.

    US Coast Guard officials also said interference with ships’ GPS disrupted operations at a port for several hours in 2014 and at another terminal in 2015. It did not name the ports.

    The NotPetya ransomware attack that hit AP Moller-Maersk’s IT systems in June and made global headlines did not involve navigation but underscored the threat hackers pose to the technology dependent and inter-connected shipping industry. It disrupted port operations across the world.

    The eLoran push is being led by governments who see it as a means of protecting their national security. Significant investments would be needed to build a network of transmitter stations to give signal coverage, or to upgrade existing ones dating back decades when radio navigation was standard.

    US engineer Brad Parkinson, known as the “father of GPS” and its chief developer, is among those who have supported the deployment of eLoran as a back-up.

    “ELoran is only two-dimensional, regional, and not as accurate, but it offers a powerful signal at an entirely different frequency,” Parkinson said.

    “It is a deterrent to deliberate jamming or spoofing, since such hostile activities can be rendered ineffective.”

    Korean stations

    Cyber specialists say the problem with GPS and other global navigation satellite systems (GNSS) is their weak signals, which are transmitted from 12,500 miles above the Earth and can be disrupted with cheap jamming devices that are widely available.

    Developers of eLoran – the descendant of the loran (long-range navigation) system created during World War II – say it is difficult to jam as the average signal is an estimated 1.3 million times stronger than a GPS signal.

    To do so would require a powerful transmitter, large antenna and lots of power, which would be easy to detect, they add.

    Shipping and security officials say the cyber threat has grown steadily over the past decade as vessels have switched increasingly to satellite systems and paper charts have largely disappeared due to a loss of traditional skills among seafarers.

    “My own view, and it is only my view, is we are too dependent on GNSS/GPS position fixing systems,” said Grant Laversuch, head of safety management at P&O Ferries.

    “Good navigation is about cross-checking navigation systems, and what better way than having two independent electronic systems.”

    Lee Byeong-gon, an official at South Korea’s Ministry of Oceans and Fisheries, said the government was working on establishing three sites for eLoran test operations by 2019 with further ones to follow after that.

    But he said South Korea was contending with concerns from local residents at Gangwha Island, off the west coast.

    “The government needs to secure a 40,000 pyeong (132,200 square metre) site for a transmitting station, but the residents on the island are strongly opposed to having the 122 to 137 metre-high antenna,” Lee said.

    In July, the United States house of representatives passed a bill which included provisions for the US Secretary of Transportation to establish an eLoran system.

    “This bill will now go over to the senate and we hope it will be written into law,” said Dana Goward, president of the US non-profit Resilient Navigation and Timing Foundation, which supports the deployment of eLoran.

    “We don’t see any problems with the President signing off on this provision.”

    The previous administrations of Presidents George W. Bush and Barack Obama both pledged to establish eLoran but never followed through. However, this time there is more momentum.

    In May, US Director of National Intelligence Daniel Coats told a senate committee the global threat of electronic warfare attacks against space systems would rise in coming years.

    “Development will very likely focus on jamming capabilities against … global navigation satellite systems, such as the US global positioning system,” he said.

    Spoofing dangers

    Russia has looked to establish a version of eLoran called eChayka, aimed at the Arctic region as sea lanes open up there, but the project has stalled for now.

    “It is obvious that we need such a system,” said Vasily Redkozubov, deputy director general of Russia’s Internavigation Research and Technical Centre.

    “But there are other challenges apart from eChayka, and

    View the Original article

     
  • jkabtech 12:17 pm on September 19, 2017 Permalink | Reply
    Tags: attack, , , , ,   

    Ships are turning back to radio to avoid cyber attack 

    Threats prompt return of WW2 tech for navigation.

    The risk of cyber attacks targeting ships’ satellite navigation is pushing nations to delve back through history and develop back-up systems with roots in World War Two radio technology.

    Ships use GPS and other similar devices that rely on sending and receiving satellite signals, which many experts say are vulnerable to jamming by hackers.

    About 90 percent of world trade is transported by sea and the stakes are high in increasingly crowded shipping lanes. Unlike aircraft, ships lack a back-up navigation system and if their GPS ceases to function, they risk running aground or colliding with other vessels.

    South Korea is developing an alternative system using an earth-based navigation technology known as eLoran, while the United States is planning to follow suit. Britain and Russia have also explored adopting versions of the technology, which works on radio signals.

    The drive follows a series of disruptions to shipping navigation systems in recent months and years. It was not clear if they involved deliberate attacks; navigation specialists say solar weather effects can also lead to satellite signal loss.

    Last year, South Korea said hundreds of fishing vessels had returned early to port after their GPS signals were jammed by hackers from North Korea, which denied responsibility.

    In June this year, a ship in the Black Sea reported to the US Coast Guard Navigation Centre that its GPS system had been disrupted and that over 20 ships in the same area had been similarly affected.

    US Coast Guard officials also said interference with ships’ GPS disrupted operations at a port for several hours in 2014 and at another terminal in 2015. It did not name the ports.

    The NotPetya ransomware attack that hit AP Moller-Maersk’s IT systems in June and made global headlines did not involve navigation but underscored the threat hackers pose to the technology dependent and inter-connected shipping industry. It disrupted port operations across the world.

    The eLoran push is being led by governments who see it as a means of protecting their national security. Significant investments would be needed to build a network of transmitter stations to give signal coverage, or to upgrade existing ones dating back decades when radio navigation was standard.

    US engineer Brad Parkinson, known as the “father of GPS” and its chief developer, is among those who have supported the deployment of eLoran as a back-up.

    “ELoran is only two-dimensional, regional, and not as accurate, but it offers a powerful signal at an entirely different frequency,” Parkinson said.

    “It is a deterrent to deliberate jamming or spoofing, since such hostile activities can be rendered ineffective.”

    Korean stations

    Cyber specialists say the problem with GPS and other global navigation satellite systems (GNSS) is their weak signals, which are transmitted from 12,500 miles above the Earth and can be disrupted with cheap jamming devices that are widely available.

    Developers of eLoran – the descendant of the loran (long-range navigation) system created during World War II – say it is difficult to jam as the average signal is an estimated 1.3 million times stronger than a GPS signal.

    To do so would require a powerful transmitter, large antenna and lots of power, which would be easy to detect, they add.

    Shipping and security officials say the cyber threat has grown steadily over the past decade as vessels have switched increasingly to satellite systems and paper charts have largely disappeared due to a loss of traditional skills among seafarers.

    “My own view, and it is only my view, is we are too dependent on GNSS/GPS position fixing systems,” said Grant Laversuch, head of safety management at P&O Ferries.

    “Good navigation is about cross-checking navigation systems, and what better way than having two independent electronic systems.”

    Lee Byeong-gon, an official at South Korea’s Ministry of Oceans and Fisheries, said the government was working on establishing three sites for eLoran test operations by 2019 with further ones to follow after that.

    But he said South Korea was contending with concerns from local residents at Gangwha Island, off the west coast.

    “The government needs to secure a 40,000 pyeong (132,200 square metre) site for a transmitting station, but the residents on the island are strongly opposed to having the 122 to 137 metre-high antenna,” Lee said.

    In July, the United States house of representatives passed a bill which included provisions for the US Secretary of Transportation to establish an eLoran system.

    “This bill will now go over to the senate and we hope it will be written into law,” said Dana Goward, president of the US non-profit Resilient Navigation and Timing Foundation, which supports the deployment of eLoran.

    “We don’t see any problems with the President signing off on this provision.”

    The previous administrations of Presidents George W. Bush and Barack Obama both pledged to establish eLoran but never followed through. However, this time there is more momentum.

    In May, US Director of National Intelligence Daniel Coats told a senate committee the global threat of electronic warfare attacks against space systems would rise in coming years.

    “Development will very likely focus on jamming capabilities against … global navigation satellite systems, such as the US global positioning system,” he said.

    Spoofing dangers

    Russia has looked to establish a version of eLoran called eChayka, aimed at the Arctic region as sea lanes open up there, but the project has stalled for now.

    “It is obvious that we need such a system,” said Vasily Redkozubov, deputy director general of Russia’s Internavigation Research and Technical Centre.

    “But there are other challenges apart from eChayka, and

    View the Original article

     
  • jkabtech 10:17 pm on July 15, 2017 Permalink | Reply
    Tags: attack, , installation, , , , Ukraine   

    Petya attack ‘likely cover’ for malware installation in Ukraine 

    Disguise for unknown motive.

    The primary target of a crippling virus that spread from Ukraine across the world this week is highly likely to have been that country’s computer infrastructure, a top Ukrainian police official said.

    Cyber security firms are trying to piece together who was behind the ransomware, dubbed NotPetya by some experts, which has paralysed thousands of machines worldwide, shutting down ports, factories and offices as it spread through internal organisational networks to an estimated 60 countries.

    Ukrainian politicians were quick to blame Russia, but a Kremlin spokesman dismissed “unfounded blanket accusations”. Kiev has accused Moscow of two previous cyber strikes on the Ukrainian power grid and other attacks since Russia annexed Crimea in 2014.

    A growing consensus among security researchers, armed with technical evidence, suggests the main purpose of the attack was to install new malware on computers at government and commercial organisations in Ukraine. Rather than extortion, the goal may be to plant the seeds of future sabotage, experts said.

    International firms appear to have been hit through their operations in the country.

    Slovakian security software firm ESET released statistics today showing 75 percent of the infections detected among its global customer base were in Ukraine, and that all of the top 10 countries hit were located in central, eastern or southern Europe.

    Arne Schoenbohm, president of BSI, Germany’s federal cyber security agency, said most of the damage from the attack had hit Ukraine, and Russia to a lesser extent, with only a few dozen German firms affected.

    “In all of the known cases, the companies were first infected through a Ukrainian subsidiary,” the German official said.

    Smokescreen

    Ukraine’s cyber police said it had received 1500 requests for help from individuals and companies in connection with the virus.

    The malware ncrypted data on computers and demanded victims pay a US$300 ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May.

    A top Ukrainian police official said the extortion demands were likely a smokescreen, echoing working hypotheses from top cyber security firms, who consider NotPetya a “wiper”, or tool for destroying data and wiping hard disks clean, that is disguised as ransomware.

    “Since the virus was modified to encrypt all data and make decryption impossible, the likelihood of it being done to install new malware is high,” the official, who declined to be identified, said.

    Information Systems Security Partners (ISSP), a Kiev-based cyber research firm that has investigated previous cyber attacks against Ukraine, is pursuing the same line of inquiry.

    ISSP said that given that few people actually paid the US$300 demanded for removing the virus, money was unlikely to be the primary object of the attack.

    “It’s highly likely that during this attack new attacks were set up,” said ISSP chairman Oleg Derevianko.

    “At almost all organisations whose network domains were infected, not all computers went offline. Why didn’t they all go offline? We are trying to understand what they might have left on those machines that weren’t hit.”

    Ukraine’s National Security and Defence Council secretary Oleksandr Turchynov said the virus was first and foremost spread through an update issued byaccounting services and business management software provider MeDoc.

    “Also involved was the hosting service of an internet provider, which the SBU (Ukraine’s state security service) has already questioned about cooperation with Russian intelligence agencies,” he said..

    Destructive intent

    Technical experts familiar with the recent history of the cyber escalation between Russia and Ukraine, say these latest attacks are part of the wider political and military conflict, although no “smoking gun” has been found to identify the culprits.

    John Hultquist, a cyber intelligence analyst with FireEye, said the failed ransomware attack disguises an as yet unseen destructive motive.

    “If it were an attack masquerading as crime, that would not be unprecedented at all,” Hultquist said.

    Some cyber security researchers have said the fact that the Kremlin’s two flagship energy companies are victims of the attack could suggest Moscow was not behind it.

    Russian oil major Rosneft was one of the first companies to reveal it had been compromised by the virus and sources said computers at state gas giant Gazprom had also been infected.

    For technical reasons, NotPetya appears to be more targeted than last month’s global ransomware attack, known as WannaCry. When first infected by WannaCry, computers scanned the internet globally for other vulnerable machines.

    By contrast, NotPetya does not randomly scan the internet to find new computers to infect. It only spreads itself inside organisational networks, taking advantage of a variety of legitimate network administration tools.

    This makes it far harder for anti-virus software or network security technicians to detect. It also gives it the capacity to infect other Windows computers, even those with the latest security patches, several security firms warned.

    “Petya is proving to be more sophisticated than WannaCry in terms of scope, ability to be neutralised, and apparently, the motivation behind its launch,” corporate security consulting firm Kroll has advised its clients.

    So far, NotPetya appears only to have been distributed inside Ukraine via a handful of so-called “watering-hole attacks” – by piggy-backing on the software updating feature of a popular national tax accounting program known as MeDoc.

    Kaspersky also said it found a second distribution point on a local news site in the city of Bakhmut, Ukraine, which infected visitors who clicked on the site with the ransomware-like attack.

    “Our analysis indicates the main purpose of the attack was not financial gain, but widespread destruction,” said Costin Raiu, Kaspersky’s global head of research.

    “NotPetya ..combined elements of a targeted watering hole attack we’ve traditionally seen used by nation states with traditional software exploitation to devastate a specific user base,” Lesley Carhart, a Chicago-based security researcher, wrote in a blog.

    View the Original article

     
  • jkabtech 6:17 am on July 14, 2017 Permalink | Reply
    Tags: , attack, , , remediate, , struggling   

    TNT Express still struggling to remediate after Petya attack 

    Potentially “material” business impact.

    International courier giant TNT Express is still struggling to make deliveries in Australia and all over the world almost a week on from the globally destructive Petya malware attack.

    The cyber attack – which has been dubbed everything from Petya to NotPetya and GoldenEye – took out computers across an estimated 60 countries early last week. 

    FedEx-owned TNT Express was hit hard by the malware, which ravaged its business-critical systems globally.

    The disruptions mean TNT has had to fall back to unspecificed “contingency plans” to continue operating, albeit at a reduced capacity.

    Customer deliveries are delayed, the myTNT user portal is not operational, nor are the company’s internal communications networks functioning.

    “To mitigate the impact of a virus that affected TNT IT systems globally last week, TNT continues to implement contingency plans,” a spokesperson said.

    “Teams are making solid progress on remediating systems and methodically bringing business critical systems and services back online.” 

    It warned that customers may experience service delays and restrictions “in the short term”.

    “We regret any inconvenience this may cause and ask for their understanding,” the spokesperson said.

    The company did not provide an estimated time of restoration, nor detail on the extent to which its IT environment had been impacted.

    Some TNT Express customers have sympathised with the company’s situation, but are growing frustrated at the ongoing problems. Others have expressed anger over a lack of communication from the courier.

    “It would be nice to have an update on the situation considering it’s now 3 July. I too am waiting for a parcel to be delivered which is affecting my business but I do realise how serious the cyber attack was,” one customer wrote on its Facebook page.

    “Also I understand that your phone lines are probably getting absolutely flogged right now so I won’t bother to ring. An update on the situation would be awesome. I’m just worried my parcel is floating around somewhere in the world completely untracked and unaccounted for. Best of luck on getting the systems back up and running.”

    “No update, no change in the tracking service, HUGE delays in shipping and absolutely no communication and info,” another said.

    “I understand that you have been under serious IT attack but it should not be the reason for this amateur handling of the situation.”

    TNT Express upgraded to Windows 7 prior to its acquisition by FedEx in August 2015. It is unclear what version of the Microsoft system is currently in use. The company has been contacted for detail.

    FedEx has indicated the financial impact of the malware could be “material”. TNT Express claims to deliver almost one million packages across the globe every day.

    FedEx said all other group companies were unaffected. The business temporarily suspended trading of its shares on the New York Stock Exchange for about an hour last Wednesday following the initial attack.

    Security researchers suspect the malware that attacked TNT Express and many others masquerades as ransomware – victims aren’t actually able to restore their files if they pay the US$300 demand – to hide its true intention of destruction.

    Ukraine has gone as far as to blame Russia for the malware, which the country claims is part of an ongoing series of attacks designed to spread destruction and fear, and install malware for future sabotage, amidst political tensions.

    The virus – which appears to be almost identical to the GoldenEye variant of the Petya malware that surfaced last year – uses similar exploits to the WannaCry malware to crash and reboot computers after rewriting the hard disk master boot record.

    Unlike Petya, however, it overwrites the first 25 sector blocks of a victim PC’s hard disk to do “permanent and irreversible damage”, meaning files can’t be decrypted after the ransom is paid.

    The exploits target vulnerable computers that run the Windows System Message Block (SMB) version 1 file sharing protocol.

    View the Original article

     
  • jkabtech 6:17 am on July 13, 2017 Permalink | Reply
    Tags: , attack, , , seize, , , Ukrainian   

    Police seize servers of Ukrainian software firm after cyber attack 

    Ukrainian cyber police chief Serhiy Demedyuk REUTERS/Valentyn Ogirenko Hacked software updates contain “cunning” backdoor.

    Ukrainian police have seized the servers of an accounting software firm suspected of spreading a malware virus that crippled computer systems at major companies around the world last week, a senior police official said.

    The head of Ukraine’s cyber police, Serhiy Demedyuk, said the servers of MeDoc – Ukraine’s most popular accounting software – had been seized as part of an investigation into the attack.

    Though they are still trying to establish who was behind last week’s attack, Ukrainian intelligence officials and security firms have said some of the initial infections were spread via a malicious update issued by MeDoc, charges the company’s owners deny.

    The owners were not immediately available for comment.

    Premium Service, which says it is an official dealer of MeDoc’s software, wrote a post on MeDoc’s Facebook page saying masked men were searching MeDoc’s offices and the software firm’s servers and services were down.

    Premium Service could not be reached for further comment.

    Cyber police spokeswoman Yulia Kvitko said investigative actions were continuing at MeDoc’s offices, adding that further comment would be made on Wednesday.

    The police move came after cyber security investigators unearthed further evidence that the attack had been planned months in advance by highly-skilled hackers, who they said had exploited a vulnerability into the MEDoc progam.

    Ukraine has also taken steps to extend its state tax deadline by one month to help businesses hit by the malware assault.

    Researchers at Slovakian security software firm ESET said they had found a backdoor written into some of MeDoc’s software updates, likely with access to the company’s source code, which allowed hackers to enter companies’ systems undetected.

    “Very stealthy and cunning backdoor”

    “We identified a very stealthy and cunning backdoor that was injected by attackers into one of MeDoc’s legitimate modules,” ESET senior malware researcher Anton Cherepanov said in a technical note.

    “It seems very unlikely that attackers could do this without access to MeDoc’s source code.

    “This was a thoroughly well-planned and well-executed operation.”

    ESET said at least three MeDoc updates had been issued with the backdoor vulnerability, and the first one was sent to clients on April 14, more than two months before the attack.

    ESET said the hackers likely had access to MeDoc’s source code since the beginning of the year, and the detailed preparation before the attack was testament to the advanced nature of their operation.

    Oleg Derevianko, board chairman at Ukrainian cyber security firm ISSP, said an update issued by MeDoc in April delivered a virus to the company’s clients which instructed computers to download 350 megabytes of data from an unknown source on the internet.

    The virus then exported 35 megabytes of company data to the hackers, he said.

    “With this 35 megabytes you can exfiltrate anything – emails from all of the banks, user accounts, passwords, anything.”

    Little known outside Ukrainian accounting circles, MeDoc is used by around 80 percent of companies in Ukraine. The software allows its 400,000 clients to send and collaborate on financial documents between internal departments, as well as file them with the Ukrainian state tax service.

    Ukraine’s government said it would submit a draft law to parliament for the country’s tax deadline to be extended to July 15, and waive fines for companies who missed the previous June 13 cutoff because of the attack.

    “We had progra failures in connection to the cyber attack, which meant that businesses were unable to submit account reports on time,” Prime Minister Volodymyr Groysman told a cabinet meeting.

    Separately, Ukraine’s security service, the SBU, said it had discussed cyber defence with NATO officials and had received equipment from the alliance to better combat future cyber attacks. Ukraine is not in NATO but is seeking closer ties.

    On Saturday Ukrainian intelligence officials accused Russian security services of being behind the attack, and cyber security researchers linked it to a suspected Russian group who attacked the Ukrainian power grid in December 2016.

    A Kremlin spokesman dismissed charges of Russian involvement as “unfounded blanket accusations”.

    Derevianko said the hacker’s activity in April and reported access to MeDoc’s source code showed Ukraine’s computer networks had already been compromised and the intruders were still operating inside them.

    “It definitely tells us about the advanced capabilities of the adversaries,” he said. “I don’t think any additional evidence is needed to attribute this to a nation-state attack.”

    View the Original article

     
  • jkabtech 8:36 am on April 29, 2016 Permalink | Reply
    Tags: attack, , ,   

    News sites hit by malicious ad attack: Report 

    8:57 AM ETCNBC.comSHARES

    News sites hit with ransomware

    Major news websites are getting hit with a malicious ad attack, causing some users to be infected by ransomware.

    Several leading news websites have been affected by malicious adverts which have caused some users to be infected by ransomware, according to the BBC.

    The U.K. broadcaster reported that its own website had been targeted. It also reported that sites including MSN, the New York Times, AOL and Newsweek had been effected. MSN and Newsweek were not immediately available for comment when contacted by CNBC.

    A spokesperson for the NYT told CNBC that it was still investigating whether it was affected and said the software was impacting ads from third parties that were beyond their control. AOL declined to comment.

    View the Original article

     
  • jkabtech 3:28 am on March 20, 2016 Permalink | Reply
    Tags: attack, , ,   

    News sites hit by malicious ad attack: Report 

    Wednesday, 16 Mar 2016 | 8:57 AM ETCNBC.com

    Several leading news websites have been affected by malicious adverts which have caused some users to be infected by ransomware, according to the BBC.

    The U.K. broadcaster reported that its own website had been targeted. It also reported that sites including MSN, the New York Times, AOL and Newsweek had been effected. MSN and Newsweek were not immediately available for comment when contacted by CNBC.

    A spokesperson for the NYT told CNBC that it was still investigating whether it was affected and said the software was impacting ads from third parties that were beyond their control. AOL declined to comment.

    Hacker hacking

    Ransomware is a type of malware – or malicious software – that has become increasingly common. It steals your files and data, encrypts it, and then asks you to pay money to get it back.

    The BBC added, citing security researchers, that the malicious ads had been sent to the sites via four separate ad networks. It added that the attack was aimed mainly at people browsing these sites in the U.S.

    Click here to read the full report on the BBC’s website.

    —CNBC’s Arjun Kharpal contributed to this article.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 8:59 pm on February 27, 2016 Permalink | Reply
    Tags: , attack, , prepared   

    Most companies aren’t prepared for a hack attack 

    Ralph de la Vega, vice chairman at AT&T Monday, 22 Feb 2016 | 9:44 AM ETCNBC.com

    The Internet of Things is changing the world around us. It’s advancing the future of business and bringing new capabilities and efficiencies to companies to help them stay competitive. It’s disrupting industries, from health care to hotels to hair salons.

    Catch Ralph de la Vega today on CNBC’s “Squawk Alley” on Monday Feb. 22 at 11:15am ET.

    Cyber security weerapatkiatdumrong | Getty Images

    The impact of IoT is being likened to a new industrial revolution. But, with its great potential comes new opportunities for cybercriminals.

    A single cyberattack can inflict millions of dollars in damage. These threats are unfortunately inherent to IoT technology, which is reshaping almost every element of modern life, from driving our cars to taking medication and adjusting the thermostat. In just the past two years, AT&T observed an astonishing 458 percent increase in vulnerability scans of IoT devices, according to AT&T’s second Cybersecurity Insights Report, this one on Exploring IoT Security.


    Unlike data and privacy breaches, which threaten to compromise medical records and credit-card information, the security risks to IoT devices could have far greater consequences — for example putting patients, automobile drivers and others at risk. According to the AT&T report, the threat is likely to increase as the number of connected devices swells to an estimated 50 billion devices by 2020.

    There are clear signs, however, that businesses aren’t yet effectively addressing IoT security.

    According to the report, less than half of respondents (47 percent) say their organizations analyze connected device security logs and alerts more than once a day — a pace that will need to quicken as the risk profile rises. Only 14 percent of companies have instituted a formal audit process to help understand whether their devices are secure and how many devices they have, and just 17 percent involve their boards in decision-making around IoT security.

    Perhaps most startling, among health care/life sciences professionals, just 30 percent of respondents are analyzing the logs and alerts of connected devices in real time, even though 64 percent say they are confident or extremely confident in their IoT cybersecurity defenses.

    What more can be done?

    The good news is that efforts are underway to create standards for securing IoT devices that will help make them safer from cyberattacks. To help businesses address the urgent need for IoT security, we recently announced plans to work with Bayshore Networks to explore innovation in virtualized security protections and capabilities for IoT customers.

    While Bayshore has been a leader in developing industrial IoT security solutions, most other efforts are still largely in their early stages, making it all the more imperative that business leaders find ways to maximize the tremendous benefits IoT technology can provide to their customers and their workforce while minimizing the risks it presents.

    To help do that, the AT&T report identifies six principles business leaders should adopt to protect their companies and their customers from IoT cyberattacks.

    Adopt a risk-driven approach. Identify your most critical assets or highest risks — which in IoT may extend beyond data to physical impacts – and then apply security controls that are commensurate with each level of risk.

    Look beyond IoT device security. It’s important to secure not just device-based data and operations, but also the many levels and types of communications networks and applications that support IoT solutions.

    Don’t reinvent the wheel. Existing security controls and procedures may be sufficient for many IoT deployments, but be mindful of unique IoT devices, applications and increased scale that require new controls and protections.

    Address the entire IoT ecosystem and know your supply chain. Evaluate the security capabilities and responsibilities of your IoT product and service providers, as well as those of your business partners.

    Automate security where possible. Given the massive increase in connected endpoints and the data volumes they can generate, IoT deployments are driving the need for increased automation in data monitoring, threat identification, and other facets of security.

    Involve your board. Communicating often with your board of directors will see to it that corporate leaders clearly understand both the opportunities and risks of IoT deployments.


    The Internet of Things has the potential to reshape the way we work, live and communicate. But with this great promise comes great responsibility to provide products and services that are highly secure.

    Commentary by Ralph de la Vega, the vice chairman of AT&T and CEO of AT&T Business Solutions & AT&T International.


    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: