Tag: Cyber Attacks

DARPA uses a remote island to stage a cyberattack on the US power grid

Earlier this month, on a small island 1.5 miles off the shore of Long Island, the Defense Advanced Research Projects Agency (DARPA) staged a cyberattack on the US power grid.

Plum Island is currently run by the Department for Homeland Security (DHS), the federal facility comprises 70 mostly decrepit buildings. You couldn’t ask for a better spot to stage an attack on the electric power grid, according to Stan Pietrowicz, a researcher at Perspecta Labs who’s working on a network analysis and threat detection tool that can be used in so-called “black-start” situations, when power has to be restored to a dead grid.

Read more about the staged cyberattack by DARPA on NakedSecurity.

Russian Banks Under Phishing Attack

Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers. The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector.

The fraudulent emails purported to come from the Central Bank of Russia (CBR) and contained a malicious attachment. The message body lured the recipients to open the attachment in order to check the latest details on the “standardization of the format of CBR’s electronic communications.” International cybersecurity company Group-IB investigated the attack.

Read more about the attack on Russian banks on BleepingComputer.

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019

WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems.

“Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO at WatchGuard Technologies.

Read more about the infosec predictions for 2019 on Help Net Security.

Researchers discover seven new Meltdown and Spectre attacks

A team of nine academics has revealed today seven new CPU attacks. The seven impact AMD, ARM, and Intel CPUs to various degrees. Two of the seven new attacks are variations of the Meltdown attack, while the other five are variations on the original Spectre attack — two well-known attacks that have been revealed at the start of the year and found to impact CPUs models going back to 1995.

Researchers say they’ve discovered the seven new CPU attacks while performing “a sound and extensible systematization of transient execution attacks” — a catch-all term the research team used to describe attacks on the various internal mechanisms that a CPU uses to process data.

Read more about the new Meltdown and Spectre attacks on ZDNet.

Sophos 2019 Threat Report unveils the rise of targeted cyberattacks

Sophos today launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. The report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.

The SophosLabs 2019 Threat Report found that capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom -2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails.

Read more about the findings of the new Sophos report on AP News.

60% of firms believe a major security event will hit in the next few years

Only 30 percent of 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years, according to eSentire.

In terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 percent are optimistic in their firm’s ability to cope with a breach. This is in stark contrast to technical leaders on the front lines, who are approximately 20 percent more likely to predict an attack.

Read more about the findings of the eSentire report on Help Net Security.

European Security Pros Wrestling With Potential Breaches, Privacy Issues

While 50 nations and 150 global companies gathered in Paris last week to boost the call for better cybersecurity, European IT security professionals this week are registering their concerns that the region isn’t ready for an anticipated attack on critical infrastructure. The 2018 Black Hat Europe Attendee Survey found that nearly two-thirds (65%) of security pros in Europe believe a successful cyberattack affecting the critical infrastructure of multiple EU nations will occur in the next two years.

And concerns are not limited to critical infrastructure. Some three-quarters of European security pros said a major data breach will occur in their own organizations in the coming year.

Read more about the findings of the Black Hat survey on DarkReading.

Chinese Hackers Target UK Engineering Company: Report

Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors. The hacking group, which is referred to as TEMP.Periscope and is also known as Leviathan, has been active for half a decade and was observed targeting engineering and maritime entities earlier this year

In July 2018, the group targeted the employees of a U.K.-based engineering company in a spear-phishing campaign, Recorded Future reports. As part of this campaign, the group is believed to have reused publicly reported, sophisticated Tactics, Techniques and Procedures (TTPs) from Russian threat groups Dragonfly and APT28.

Read more about the TEMP.Periscope attack campaigns on SecurityWeek.

Cinema Chain Sees Bad Movie Script Play Out As It Loses Millions In Email Scam

It was not a good week for the Pathé cinema chains. First, their UK branch’s Twitter account was hacked and used in a cryptocurrency scam and then it became known that their Dutch branch had lost more than 19 million euros (US$21.5m) trough a business email compromise (BEC) scam.

The scam began in March with an email to the company’s CFO, allegedly from Pathé’s French parent firm, which told him to transfer more than 800,000 euros as part of a “strictly confidential” acquisition, Dutch business site Quote reports. Though the CFO and the CEO did discuss among themselves that the request was rather strange, they dutifully obliged.

Read more about this elaborate and successful BEC scam on Forbes.

APT Group Uses Windows Zero-Day in Middle East Attacks

Windows zero-day vulnerability addressed this week by Microsoft with its November 2018 Patch Tuesday updates has been exploited by an advanced persistent threat (APT) group in attacks aimed at entities in the Middle East.

Microsoft learned about the vulnerability on October 17 from Kaspersky Labs. According to Kaspersky, the vulnerability has only been used in a “very limited number of attacks,” with all the victims located in Middle Eastern countries. The company could not say which threat group may be behind these attacks, but noted that the exploit is being used by “at least one APT actor.”

Read more about the attacks leveraging the Windows flaw on SecurityWeek.