North Korean Hackers Extend Capabilities
Cybersecurity research firm FireEye published a new report updating North Korean cyber capabilities. FireEye identified APT37 as a North Korean group that has exploited zero-day vulnerabilities to conduct cyber attacks in the U.S., Japan, Vietnam, and the Middle East. North Korea has become increasingly capable in cyber espionage and cybercrime since their attack on Sony Entertainment in 2014 and are now expanding their target set to include a wider range of industries in the chemical, electronics, and manufacturing sectors Fireeye.com
NATO Leaders Predict Increased Cyber Attacks
At the annual Munich Security Conference, the German foreign minister and other NATO leaders predicted an increased focus on cybersecurity due to continuing cyber attacks from Russia. This year’s conference was attended by 22 heads of state, 41 foreign ministers, and intelligence chiefs from the U.S., UK, Israel, several European countries, Saudi Arabia and other Middle Eastern countries. Insidecybersecurity.com and Foreignpolicy.com
Russian Official Challenges U.S. Officials on Cybercrime
In a conference in Washington, D.C. on 21 February, an official from the Russian Embassy complained that the United States refuses to start a dialogue with Russia on cyber issues while at the same time categorizing Russia as a “state sanctuary” of cybercrime. The comment came during the Q&A session of an event focused on a new cybercrime report issued by McAfee and the Center for Strategic and International Studies (CSIS). The U.S. officials, from the FBI and DHS, did not respond, but CSIS senior vice president Jim Lewis commented that he thought a Russia-U.S. dialogue would not be productive in the current climate of tensions between the two countries. Lewis latter said he thought the Russians would make similar comments at other events in Washington. Source: CyberScoop, 21 Feb 2018
Malware Disguised by Fraudulent Code Certificates
Researchers at threat intelligence company Recorded Future reported a surprising increase in the sale of counterfeit cryptographic certificates by cyber criminals. The certificates, which appear to be from trusted providers, serve to disguise malware installations and make it more difficult to detect the presence of malware in an infected system. This technique has been known since 2011 but has become more prevalent since 2015. For under $300, hackers can buy a counterfeit certificate on the Dark Web, giving them a 30-50% better chance of installing malware in operating systems and browsers without being detected. Source: Recorded Future, 22 Feb 2018
Allentown Hit by Major Cyber Attack
Allentown, Pennsylvania has been hit with malware called “Emotet” that has caused major disruptions to government services. The virus infected all city government systems running Microsoft, and some citizens have received emails allegedly from city employees that were generated by Emotet. The city’s finance department can’t complete payments, police surveillance cameras have become inoperable, and the police department can’t access Pennsylvania State Police data bases. Emotet was first observed in 2014 as a Trojan stealing banking credentials in Europe. Allentown estimates that more than one million dollars will be needed to mitigate the damage caused by the virus. Source: Info Security, 21 Feb 2018
Cache of 3,000 Data Bases Found on Dark Web
In researching the Dark Web, breach notification company Hacked-DB found 3,000 data bases containing over 200 million unique user accounts. The accounts included sensitive personal information, IP addresses, financial information, and passwords. People around the world were victimized by these breaches, which extended from 2011 to 2018. This stash of stolen data is just one of many available on the Dark Web containing what is estimated to be more than one billion compromised identities. Source: HackRead.com
Russians Behind Hack of Olympics
Unnamed intelligence sources said that Russia was behind the cyber disruptions that were publicized at the beginning of the PyeongChang Olympics. The 9 February cyber attack disrupted access to the Internet, broadcast systems, and the Olympics website, meaning that spectators were unable to print their tickets for the opening ceremony. The attack is being attributed to the GRU, Russian military intelligence, who apparently gained access to as many as 300 computers associated with the Olympics. (Washington Post, 25 February 2018)
Return to our HOME PAGE.
