Hacking & Cyberwarfare News and Discussions

User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Ukraine hit by ‘massive’ cyber-attack on government websites
Here is an article that also reports on that attack, with added commentary on the big picture:

The Unorthodox Weapon We Need to Defend Democracy
by Elisabeth Braw
January 16, 2022

https://www.politico.com/news/magazine/ ... acy-527022

Introduction:
(Politico) Early on Friday, following a week of tense negotiations between Russia and the West over Ukraine, a major cyberattack took down a number of official Ukrainian websites. “Ukrainians! … All information about you has become public,” the attackers posted on the website of the Ukrainian foreign ministry. “Be afraid and expect worse. It’s your past, present and future.”

Though it’s not yet clear who was behind the attack, the timing made many observers think immediately of Russia, which has a long history of targeting Ukraine with cyber aggression. As the EU’s chief diplomat put it, “ I can't blame anybody as I have no proof, but we can imagine.”

Regardless of the perpetrator, the incident was a reminder of the many tools Russian President Vladimir Putin has used to weaken Ukraine other than traditional warfare. There is, of course, an actual war being fought in the country’s east. But Russia has supplemented its military efforts with nonmilitary tactics such as cyberattacks, disinformation and propaganda meant to exacerbate political tensions and undermine Ukrainians’ faith in their government and in democracy itself.

Much of Putin’s playbook falls into this murky area between war and peace — what national security analysts have come to call the gray zone. The term has become fashionable, but the concept isn’t new. It describes tactics that fall short of outright military aggression and instead take aim at a country’s social, economic or political cohesion. Gray-zone tactics include disinformation and cyberwarfare, as well as subversive economic practices, like China’s efforts to coerce Western firms into doing its bidding. Another recent example came when Belarusian leader Alexander Lukashenko — a Putin-allied autocrat — manufactured a migrant crisis at the border between Belarus and Poland. This also wasn’t a traditional act of aggression, but it created a feeling of crisis and chaos, forcing Poland and the rest of Europe to prepare for possible conflict.

Though the term can feel overused in national security circles, calling these seemingly disparate practices “gray-zone tactics” helps us see what they have in common: They’re cheaper and easier than using military force, they frequently aren’t overtly illegal, and to date they’ve rarely caused loss of life.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Researcher Will Use National Science Foundation Award to Fortify and Improve Security Operations Centers
February 1, 2022

https://www.eurekalert.org/news-releases/942002

Introduction:
(EurekAlert) LAWRENCE — A prestigious Faculty Early Career Development (CAREER) Program award from the National Science Foundation will enable a researcher from the University of Kansas School of Engineering to investigate how to boost effectiveness of security operations centers (SOCs) — centralized facilities that deal with security issues and protect enterprise computer networks for private industry, academic institutions and government organizations.

“Organizations usually deploy security operations centers to manage their network operations, defend against threats in cyberspace and maintain regulatory compliance,” said Alexandru Bardas, assistant professor in KU’s Department of Electrical Engineering & Computer Science (EECS) and the Information & Telecommunication Technology Center (ITTC). “Automation and metrics play key roles in the effectiveness of security operation centers. Unfortunately, security-driven automation in these environments is often implemented in ad hoc ways and is not accurately reflected in the metrics.”

According to Bardas, current solutions don’t capture all dimensions of automation. He said enterprise networks usually have either partial technical solutions to security challenges that are both social and technical — or social frameworks that don’t fully comprehend the technical components of enterprise network security. The result, he said, is always a one-size-fits-all solution that contributes to inefficiencies in security operations centers.
“We hope to create a framework that tailors security-focused automation for operational environments, assesses the role of humans in this process and reflects the outcomes in the metrics,” Bardas said. “Instead of putting forward another set of generic automation and metrics guidelines for security operations centers, the framework’s main goal is to link technical capabilities of an organization with its social structure. This way, the landscape for security operations centers can evolve from ‘all defenses need to be successful’ to ‘all attacks need to be successful’ to maintain persistent access — turning the tables on adversaries.”

The KU researcher’s work will use an array of research approaches — from designing dynamic abstractions, models and software tools to ethnographic studies and interviews. Bardas said he hoped to account for factors such as stakeholders’ interests and strategic planning as well as provide on-the-ground analysts with ways to input local knowledge about their actual effectiveness into management and policy decisions.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

North Korea Hacked Him, so He Took Down Its Internet
by Andy Greenberg
February 2, 2022

https://www.wired.com/story/north-korea ... ket-newtab

Introduction:
(Wired) For the past two weeks, observers of North Korea's strange and tightly restricted corner of the internet began to notice that the country seemed to be dealing with some serious connectivity problems. On several different days, practically all of its websites—the notoriously isolated nation only has a few dozen—intermittently dropped offline en masse, from the booking site for its Air Koryo airline to Naenara, a page that serves as the official portal for dictator Kim Jong-un's government. At least one of the central routers that allow access to the country's networks appeared at one point to be paralyzed, crippling the Hermit Kingdom's digital connections to the outside world.

Some North Korea watchers pointed out that the country had just carried out a series of missile tests, implying that a foreign government's hackers might have launched a cyberattack against the rogue state to tell it to stop saber-rattling.

But responsibility for North Korea's ongoing internet outages doesn't lie with US Cyber Command or any other state-sponsored hacking agency. In fact, it was the work of one American man in a T-shirt, pajama pants, and slippers, sitting in his living room night after night, watching Alien movies and eating spicy corn snacks—and periodically walking over to his home office to check on the progress of the programs he was running to disrupt the internet of an entire country.

Just over a year ago, an independent hacker who goes by the handle P4x was himself hacked by North Korean spies. P4x was just one victim of a hacking campaign that targeted Western security researchers with the apparent aim of stealing their hacking tools and details about software vulnerabilities. He says he managed to prevent those hackers from swiping anything of value from him. But he nonetheless felt deeply unnerved by state-sponsored hackers targeting him personally—and by the lack of any visible response from the US government.
caltrek's comment: While an interesting read, the article does have a bit of the "it is bad when they do it to us, but ok when we do it to them" flavor about it. Especially in light of one opinion indicating that the original hack attributed to North Korea may not have come from North Korea at all, but from somebody willing and able to frame that country as the likely suspect for their hack.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

$1.7 Million in Non-Fungible Tokens Stolen in Apparent Phishing Attack on OpenSea Users
by Russell Brandom
February 20, 2022

https://www.theverge.com/2022/2/20/2294 ... stolen-nft

Introduction:
(The Verge) On Saturday, attackers stole hundreds of NFTs (non-fungible tokens) from OpenSea users, causing a late-night panic among the site’s broad user base. A spreadsheet compiled by the blockchain security service PeckShield counted 254 tokens stolen over the course of the attack, including tokens from Decentraland and Bored Ape Yacht Club.

The bulk of the attacks took place between 5PM and 8PM ET, targeting 32 users in total. Molly White, who runs the blog Web3 is Going Great, estimated the value of the stolen tokens at more than $1.7 million.

The attack appears to have exploited a flexibility in the Wyvern Protocol, the open-source standard underlying most NFT smart contracts, including those made on OpenSea. One explanation (linked by CEO Devin Finzer on Twitter) described the attack in two parts: first, targets signed a partial contract, with a general authorization and large portions left blank. With the signature in place, attackers completed the contract with a call to their own contract, which transferred ownership of the NFTs without payment. In essence, targets of the attack had signed a blank check — and once it was signed, attackers filled in the rest of the check to take their holdings.

“I checked every transaction,” said the user, who goes by Neso. “They all have valid signatures from the people who lost NFTs so anyone claiming they didn’t get phished but lost NFTs is sadly wrong.”

Valued at $13 billion in a recent funding round, OpenSea has become one of the most valuable companies of the NFT boom, providing a simple interface for users to list, browse, and bid on tokens without interacting directly with the blockchain. That success has come with significant security issues, as the company has struggled with attacks that leveraged old contracts or poisoned tokens to steal users’ valuable holdings.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Here is a rather basic informational piece on what to do if your Facebook account is hacked. Two of my Facebook "friends" have already gone through this experience:

https://techcrunch.com/2022/02/24/facebook-hacked/
Don't mourn, organize.

-Joe Hill
User avatar
wjfox
Site Admin
Posts: 8733
Joined: Sat May 15, 2021 6:09 pm
Location: London, UK
Contact:

Re: Hacking & Cyberwarfare News and Discussions

Post by wjfox »









weatheriscool
Posts: 12972
Joined: Sun May 16, 2021 6:16 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by weatheriscool »

Spending bill includes large funding increase to boost cybersecurity
Source: The Hill

The government funding bill sent to President Biden includes a surge in funding to the agency that oversees the nation's cybersecurity infrastructure and includes language that requires companies in critical sectors to alert the government of potential hacks.

The omnibus spending bill has a total $2.6 billion budget for the Cybersecurity and Infrastructure Security Agency (CISA), a $568 million increase above last year's funding level that surpasses the amount requested by the president.

The funding arrives as the U.S. braces for possible Russian cyberattacks following the West's forceful condemnation of its invasion in Ukraine and punishing economic sanctions.

Included in the budget is an extra $119.5 million increase for threat hunting and a $64.1 million increase for vulnerability management.
Read more: https://www.msn.com/en-us/news/politics ... ar-AAUWVBG
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Mailchimp Says an Internal Tool Was Used to Breach Hundreds of Accounts
by Carly Page
April 4, 2022

https://techcrunch.com/2022/04/04/mailc ... ol-breach/

Introduction:
(TechCrunch) Email marketing giant Mailchimp has confirmed a data breach after malicious hackers compromised an internal company tool to gain access to customer accounts.

In a statement given to TechCrunch, Mailchimp CISO Siobhan Smyth said the company became aware of the intrusion on March 26 after it identified a malicious actor accessing a tool used by the company’s customer support and account administration teams. Access was gained following a successful social engineering attack, a type of attack that exploits human error and uses manipulation techniques to gain private information, access or valuables.

“We acted swiftly to address the situation by terminating access for the compromised employee accounts and took steps to prevent additional employees from being affected,” Smyth said.

But not quickly enough, as hackers viewed approximately 300 Mailchimp accounts, and successfully exported audience data from 102 of those, the company said. Mailchimp declined to say exactly what data was accessed but told TechCrunch that the hackers targeted customers in the cryptocurrency and finance sectors. In addition to viewing accounts and exporting data, the threat actors gained access to API keys for an undisclosed number of customers, allowing the attackers to potentially send spoofed emails, but which have now been disabled and can no longer be used. But Smyth said that Mailchimp received some reports of the hackers using the information they obtained from user accounts to send phishing campaigns to their contacts.

“When we become aware of any unauthorized account access, we notify the account owner and immediately take steps to suspend any further access,” Smyth told TechCrunch. “We also recommend two-factor authentication and other account security measures for our users as added measures to keep accounts and passwords secure.”
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

How Ukraine has Defended Itself Against Cyberattacks – Lessons for the US
by Robert Peacock

https://theconversation.com/how-ukraine ... -us-180085

Introduction:
(The Conversation) In 2014, as Russia launched a proxy war in Eastern Ukraine and annexed Crimea, and in the years that followed, Russian hackers hammered Ukraine. The cyberattacks went so far as to knock out the power grid in parts of the country in 2015. Russian hackers stepped up their efforts against Ukraine in the run-up to the 2022 invasion, but with notably different results. Those differences hold lessons for U.S. national cyber defense.

I’m a cybersecurity researcher with a background as a political officer in the U.S. Embassy in Kyiv and working as an analyst in countries of the former Soviet Union. Over the last year, I led a USAID-funded program in which Florida International University and Purdue University instructors trained more than 125 Ukrainian university cybersecurity faculty and more than 700 cybersecurity students. Many of the faculty are leading advisors to the government or consult with critical infrastructure organizations on cybersecurity. The program emphasized practical skills in using leading cybersecurity tools to defend simulated enterprise networks against real malware and other cybersecurity threats.

The invasion took place just weeks before the national cybersecurity competition was to be held for students from the program’s 14 participating universities. I believe that the training that the faculty and students received in protecting critical infrastructure helped reduce the impact of Russian cyberattacks. The most obvious sign of this resilience is the success Ukraine has had in keeping its internet on despite Russian bombs, sabotage and cyberattacks.
Here is an article also from The Conversation related to this same issue: https://theconversation.com/cyberattack ... ons-178604
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Cyberattack Causes Chaos in Costa Rica Government Systems
April 22, 2022

https://www.courthousenews.com/cyberatt ... t-systems/

Introduction:
SAN JOSE, Costa Rica (AP) — Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.

The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.
Don't mourn, organize.

-Joe Hill
Post Reply