Device42 aims to identify Log4j vulnerabilities

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), recently issued a statement to address a major security flaw in Log4j. “To be clear, this vulnerability poses a severe risk,” Easterly said. “We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join […]

Israeli cybersecurity firm Pentera, formerly Pcysys, raises a $150M Series C led by K1 Investment Management at a $1B valuation, bringing total funding to $190M (Ofir Dor/Globes Online)

Ofir Dor / Globes Online:
Israeli cybersecurity firm Pentera, formerly Pcysys, raises a $150M Series C led by K1 Investment Management at a $1B valuation, bringing total funding to $190M  —  The Israeli company’s platform tests IT infrastructures, reveals risk and creates a surgical remediation plan …

Microsoft discloses malware attack on Ukraine govt networks

In this undated handout photo released by Ukrainian Foreign Ministry Press Service, the building of Ukrainian Foreign Ministry is seen during snowfall in Kyiv, Ukraine. Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack. While it is not immediately clear who was behind the attacks, they come amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week. (Ukrainian Foreign Ministry Press Service via AP)

Microsoft said on Saturday that dozens of computer systems in an unknown number of Ukrainian government agencies were infected with destructive malware disguised as ransomware, a revelation that suggests a defacement attack that draws attention to official websites was a diversion. 

The extent of the damage was not immediately clear. The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense standoff appear to have stalled. Microsoft said in a short blog post that this amounted to the sound of an industry alert that it first detected the malware on Thursday.

This would coincide with the attack which temporarily took some 70 government websites offline. The disclosure followed a Reuters report earlier in the day quoting a senior Ukrainian security official as saying the disfigurement was indeed a cover for a malicious attack.

Separately, a senior private sector cybersecurity official in Kyiv told The Associated Press how the attack was successful: intruders entered government networks through a shared software vendor in a self -so-called SolarWinds 2020 Russian cyber-espionage campaign-style supply chain attack against Microsoft said in another technical article that the affected systems “spread across multiple government, non-profit, and  technology and information Technology Organization.

 “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” Microsoft said. In short, there is no ransom recovery mechanism. 

Microsoft said the malware “runs when an associated device is turned off,” a typical initial reaction to a ransomware attack. Microsoft said it was not yet able to assess the purpose of the destructive activity or associate the attack with a known threat actor. 

Ukrainian security official Serhiy Demedyuk was quoted by Reuters for claiming that the attackers used malware similar to that used by Russian intelligence services. He is Deputy Secretary of the National Security and Defense Council.


This Week In Techdirt History: January 9th – 15th

Five Years Ago

This week in 2017, ISPs were getting straight to work pushing for elimination of new FCC broadband privacy rules, an FCC report clearly said that AT&T and Verizon were violating net neutrality. At the same time, AT&T was planning to dodge a review of the Time Warner merger, and Verizon was claiming nobody wants unlimited data. We took a look at the effects of Oracle v. Google on copyright litigation, and Backpage officially killed its adult ads section under widespread pressure.

Also, and most notably, this was the week we announced that we had been sued for $15 million by Shiva Ayyadurai.

Ten Years Ago

This week in 2012, the SOPA fight continued. There was some Reddit drama that led to Paul Ryan coming out strongly against the bill, concerned tech experts finally got a chance to talk to congress (but not the Judiciary Committee), the co-chair of the Congressional Cybersecurity Caucus said SOPA would interfere with online security, and a study showed that news networks owned by SOPA supporters were largely ignoring the subject. Wordpress became the latest big tech company to oppose the bill, then Reddit announced its plan to black out the site for a day — an idea that gained steam with the Cheezburger Network announcing its sites would do the same, and Jimmy Wales saying he favored Wikipedia joining too but wanted the community to decide. As the bill became toxic, Congress started talking about dropping the DNS blocking provisions, which led to some uninspiring promises to “delay” them, and then it started to look like the entire bill would be delayed.

Fifteen Years Ago

This week in 2007, cable companies were twisting themselves in knots trying to explain how price increases were actually price decreases, the fight over the broadcast flag continued, and the PERFORM Act was back from the dead. A judge in Brazil freaked out about YouTube and ordered ISPs to block it until Google followed a previous order to shut it down, but that judge apparently learned a few things about the internet and rescinded that previous order the next day.

Also, this was the week that the rumor mill was replaced by reality and Steve Jobs officially announced the iPhone in his Macworld keynote address.

North Korean hackers said to have stolen nearly $400 million in cryptocurrency last year

North Korean hackers stole nearly $400 million worth of cryptocurrency in 2021, making it one of the most profitable years yet for cybercriminals in the severely isolated country, according to a new report

Hackers launched at least seven different attacks last year, mostly targeting corporate investments and centralized exchanges with a variety of tactics including phishing, malware and social engineering, according to a report by Chainalysis, a company that tracks cryptocurrencies. 

Cybercriminals attempted to gain access to organizations’ “hot” wallets: Internet-connected digital wallets, and then transfer funds to accounts controlled by the DPRK. The thefts are the latest indication that the heavily sanctioned country continues to rely on a network of hackers to help fund its domestic programs. 

A confidential UN report previously accused North Korean regime leader Kim Jong Un of carrying out “operations against formerly moving financial institutions and virtual currency” to pay for weapons and keep the country afloat North Korean economy. 

Last February, the US Department of Justice  charged three North Koreans with conspiring to steal more than $1.3 billion from banks and businesses around the world and orchestrating crypto thefts. digital currency.

“North Korea is, in most respects, cut off from the global financial system by a long sanctions campaign by the United States and its foreign partners.” said Nick Carlsen, an analyst at blockchain intelligence firm TRM Labs. “As a result, they have taken to the digital battlefield to steal cryptocurrencies, essentially [a] high-speed internet bank robbery, to fund weapons programs, nuclear proliferation and other activities. 


North Korea’s hacking efforts have benefited from this.The rise in value of Rising prices and the use of cryptocurrencies have generally made digital assets increasingly attractive to malicious actors, which led to more successful cryptocurrency thefts in 2021. 

According to Chainalysis, most of the thefts in the past year were committed by the Lazarus Group, a hacker group with ties to North Korea that was previously  linked to the  Sony Pictures hack, among other incidents. ie North Koreans, in addition to sanctiones cybersecurity defensive measures such as crimes such as criminql have no real chance of being extradited. 

As the cryptocurrency market becomes more popular, “we are likely to see continued interest from North Korea in targeting cryptocurrency companies that are young and that are building  cyber defenses and anti-virus controls. -money laundering,” Carlsen said.

Gang that stole MacBook Pro blueprints completely shut down by Russian law enforcement

The Russian government says it has dismantled and detained criminal ransomware group REvil, which extorted Apple and launched high-profile ransomware campaigns, at the request of the United States.

REvilRussia’s Federal Security Service (FSB) announced that it and the Internal Affairs Ministry carried out a special operation to take down REvil, which was responsible for a number of high-profile ransomware attacks in 2020 and 2021.In a press release Friday, the FSB said that the “organized criminal community has ceased to exist,” and “the information infrastructure used for criminal purposes was neutralized.”

Read more…

Massive cyberattack hits Ukrainian government websites as West warns on Russia conflict

Image Credit: REUTERS/Valentyn Ogirenko/Illustration

A massive cyber attack warning Ukrainians to “be afraid and expect the worst” hit government websites  on Thursday night, leaving some websites inaccessible on Friday morning and prompting Kyiv to open an investigation.

Ukrainian Foreign Ministry spokesman told Reuters it was too early to say who could be behind the attack, but said Russia had launched similar attacks in the past.
The cyberattack, which affected the Foreign Ministry, the Cabinet of Ministers and the Security and Defense Council, among others, comes as Kyiv and its allies sound the alarm on a possible new Russian military offensive against Ukraine.
“It’s too early to draw conclusions, but there is a long history of (cyber) Russian attacks on Ukraine in the past,” the Foreign Ministry spokesman told Reuters.
The Russian foreign ministry did not immediately respond to a request for comment, and Russia has previously denied cyberattacks against Ukraine.

“Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” said a message visible on the hacked government websites, written in Ukrainian, Russian and Polish.

“All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

After a wave of inconclusive talks this week on security in Europe, the United States  on Thursday warned that the threat of a Russian military invasion of Ukraine was high.

Russia said the dialogue continued but reached an impasse as it tried to persuade the West to prevent Ukraine from joining NATO and roll back decades of alliance expansion in Europe, demand that Washington has called “non-starters”.

Commenting on a cyber attack a senior Ukrainian security official told Reuters: “All cybersecurity subjects  were aware of such possible provocations from the Russian Federation. Therefore, the response to these incidents is being carried out in accordance with the government.

The government later claimed that he had restored most of the affected sites and that no personal data had been stolen. Many other government websites were suspended to prevent the attack from spreading, it said .

Relations between Ukraine and Russia collapsed after Moscow’s annexation of Crimea in 2014 and the outbreak of war between the same year. Kyiv forces and Russian-backed separatists in eastern Ukraine.

The United States said on Thursday that Russia could try to create a pretext to launch a new military assault on Ukraine by comparing the situation with the circumstances of 2014.

Russia warned of possible “catastrophic consequences” if there was no agreement on what the Kremlin called the security red lines, but said Moscow had not abandoned diplomacy and would even speed it up.

The Russian comments reflect a trend in which Moscow claims to want to pursue diplomacy but rejects calls to reverse the training of its troops near Ukraine and warns of unspecified consequences for Western security if its demands are not heard.

Ukraine has suffered a series of cyberattacks since 2014, which have cut power, frozen supermarket checkouts and forced  authorities to back the hryvnia currency after the bank’s computer systems crashed. Ukraine believes the attacks are part of what it calls Russia’s “hybrid war” against Ukraine and its allies.

In 2017, a virus called NotPetya by some experts hit Ukraine and spread around the world, crippling thousands of machines as it spread to dozens of countries.

The Kremlin has denied any involvement, dismissing “general unfounded accusations”.

The FCC proposes new data breach rules for phone companies

Illustration by Alex Castro / The Verge

Phone companies could have to follow new rules about how they notify customers and the government following a data breach if a proposal from the Federal Communication Commission’s chairwoman Jessica Rosenworcel passes. The notice of proposed rulemaking, released on Wednesday, cites the “increasing frequency and severity of security breaches involving customer information” as a risk to consumers.

The current rules give telecommunication providers seven business days to notify the FBI and Secret Service of data breaches that leak customer proprietary network information, or CPNI. In most cases, the company cannot notify customers about the breach until seven business days after information has been relayed to federal law enforcement. The…

Continue reading…