TweakTown NewsRefine News by Category:
The issues related to cybersecurity among utilities companies has a unique twist that sounds like something from a hacker movie made in Hollywood. A cyberattack to compromise a utility provider and demand cash ransom in exchange for access to the networks is possible if security measures aren't improved, according to Dr. Larry Ponemon, Ponemon Institute founder.
Ransomware attacks, made up of custom malware designed to encrypt files and interrupt business operations, is a successful technique that hackers from Eastern Europe and China have deployed. If altered to breach utility networks, the same type of attack might be extremely effective.
"With the increased convergence of cyber and physical world's, attacks are no longer limited to office computers and networks," said Steve Durbin, International Security Forum Managing Director, in a statement. "They can now have physical impact in the real-world."
The German government remains upset that the NSA snooped on German Chancellor Angela Merkel and other government leaders, requesting the top U.S. intelligence official in Germany to leave the country. It was an unexpected move by the German government, as the CIA official works at the U.S. embassy in Berlin - as parliamentary inquiries continue in Germany.
The German government wants to speak with Snowden, but the American turned down an in-person meeting that would have taken place in Russia. Even if German investigators are unable to chat with Snowden in the near future, there are obvious political tensions between Germany and the United States at the moment.
"The representative of the U.S. intelligence services as the Embassy of the United States of America has been requested to leave Germany," said Steffen Seibert, a Germany government spokesperson, in a statement. "The Federal Government takes these incidents very seriously. It remains vital for Germany, in the interest of the security of its citizens and its forces abroad, to cooperate closely and trustfully with western partners, in particular with the USA. To do so, however, mutual trust and openness are necessary. The Federal Government continues to be ready for this and expects the same from its closest partners."
As expected, the United States and China again discussed cyberespionage talks with China, following months of tense negotiations and stalemates from both sides. Washington and Beijing have an extremely fragile political relationship, and both sides have accused one another of organized cyberespionage attacks aimed at stealing information and disrupting network traffic.
Although U.S. Secretary of State John Kerry confirmed Washington raised cyber-related topics with China, though a large amount of dialogue is still necessary. The United States still accuses China of state-led global cyberespionage attacks, while Beijing criticized the NSA for its widespread surveillance activities.
"China is making preparations to adopt greater transparency including on foreign exchange, which will accelerate the move to a more market-based exchange rate," said Jack Lew, U.S. Treasury Secretary, when speaking of the cybercrime-related talks between both sides.
The controversial Cyber Information Sharing Act (CISA) was approved by the Senate Select Committee on Intelligence, aimed to help the government and private companies better defend against cyberattacks. The bill received a 12-3 vote, and is the latest step forward in an evolving battle to keep networks and users safe on the Internet.
As part of CISA, the director of national intelligence will need to increase classified and unclassified cyberthreat information - and individuals and companies are authorized to roll out countermeasures to keep their own networks and consenting customers secure.
There is a large amount of concern regarding the controversial program, especially following former NSA contractor Edward Snowden disclosed organized federal government spying operations.
Most companies combat advanced persistent threats (APTs) using anti-virus and anti-malware security software, according to the "Advanced Persistent Threat Awareness" report released by the ISACA non-profit information security group. The study found 96 percent of survey participants note AV or anti-malware solutions as the most popular option - with 60 percent also relying on remote access.
APTs are described as stealthy, prolonged attacks typically aimed at cyberespionage attacks against businesses and governments. Due to large numbers of malware, security experts try to keep end-users and networks secure while pinpointing activity from command and control network traffic.
"The technical controls most often identified as being used to prevent APTs are network perimeter technologies, such as firewalls and access lists within routers, as well as anti-malware and anti-virus," according to the ISACA report. "While these controls are proficient for defending against traditional attacks, they are probably not as well suited for preventing APTs for a number of researchs," including spear phishing or zero-day threats.
E-ZPass customers in Massachusetts, New York and New Jersey are being warned of an email phishing scam from criminals claiming to be from the E-ZPass "Customer Service Center." The email subject is "Payment for driving on toll road," and informs customers that they have unpaid tolls.
The fake email has the following message: "Dear customer, you have not paid a toll for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time. The invoice can be downloaded here."
Security experts point out a couple of different problems with this email, including: bad grammar and the realization that an official summons wouldn't ask recipients to download an invoice. Furthermore, the real E-ZPass Service Center doesn't email customers regarding payment problems and other correspondence.
Security company Kaspersky Lab today announced its updated product lineup for home consumers, including the Kaspersky Anti-Virus 2015, Kaspersky Internet Security 2015 and Kaspersky Internet Security - Multiple-Device 2015. Designed to protect Microsoft Windows, Apple OS X and Google Android devices from current threats in a rather complex security world.
New features include Webcam protection aimed at keeping built-in Web cameras safe and secure from outside hacking. Kaspersky also included a Wi-Fi security notification module that ensures public Wi-Fi hotspots are secure, informing users of vulnerable network connections or unsecured password transmission. Ransomware which encrypts files also is a major threat to PC users, so the Kaspersky Lab System Watcher module verifies all running processes to prevent criminals from encrypting files.
"Today's threat landscape is persistently evolving and at Kaspersky Lab we're continuously staying one step ahead of the cybercriminals," said Justin Priestley, Kaspersky Lab consumer sales SVP, in a statement. "We provide our customers with the most advanced protection tools available, like the innovative Webcam Protection and System Watcher features. Our 2015 suite of products, especially Kaspersky Lab Internet Security, is equipped with technologies that have proven to be effective not only in independent tests, but in the real-world, protection 300 million people across the globe."
A team of researchers at CrowdStrike is claiming China's "Deep Panda" cyber offensive group has begun targeting, and has now compromised, US national security think tanks. In an alarming statement, co-founder Dmitri Alperovitch asserted that the attacks seem to be tied into monitoring activity from the newly founded Islamic State of Iraq and the Levant (ISIS).
In a blog post, CrowdStrike's co-found Dmitri Alperovitch outlined the company's work with human rights groups and security think tanks. Former senior government officials frequently work in organizations like these, and so are a natural target of hostile intelligence services, Alperovitch said, adding that he has "great confidence" the Deep Panda group is affiliated with the Chinese government. It's one of 30 CrowdStrike closely follows in China, but the company points out it is also one of the most sophisticated.
As the armed ISIS faction launched an attack on an oil refinery, Alperovitch claims Deep Panda began a hunt for files from US thinktank employees. He pointed out that China is the top foreign investor in Iraq's oil infrastructure, and so espionage fits in with the country's national interests. "It wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper US military involvement that could help protect the Chinese oil infrastructure in Iraq," Alperovitch wrote. "In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."
Public utility companies and federal governments need to be more aware to the real threat of cyberattacks, with criminals reaching new levels of network penetration. Following suspicions of a cyberattack, companies need to conduct an in-house and third-party security audit to determine how the incident occurred.
It was previously noted that public utility companies struggling to meet growing cyberattack threats - but the realization that eastern European hackers were able to compromise oil and gas companies as part of "Dragonfly" provides a more frantic view of cybersecurity. The U.S. government is mulling over stricter regulations to force utility companies to be more careful with network connections and security from outside threats.
"These infections not only gave the attackers a beachhead in the targeted organizations' networks, but also gave them the means to mount sabotage operations against infected (industrial control system) computers," Symantec noted.
The popular video website Dailymotion was compromised by cybercriminals able to inject malicious code, redirecting visitors and secretly installing malware. The iframe first appeared on June 28 and installed the Sweet Orange Exploit Kit, targeting Oracle Java, Microsoft Internet Explorer and the Adobe Flash Player.
It seems only a small number of users were compromised, and Dailymotion quickly restored videos and ensured they were safe again.
"If the kit successfully exploited any of these vulnerabilities, then Trojan.Adclicker was downloaded onto the victim's computer," according to Symantec researchers. "This malware forces the compromised computer to artificially generate traffic to pay-per-click Web advertisements in order to generate revenue for the attackers."