Jump to content

Search the Community

Showing results for tags 'cyberattack'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 10 results

  1. (UPI) -- Investigators can't say for sure yet what caused a power blackout for tens of millions of people in South America over the weekend, but they know it didn't come from a cyberattack. In the dark, people vote in gubernatorial elections in Rosario, Argentina, on Sunday after a national power outage. The blackout cut electricity to more than 40 million people in Argentina, Paraguay and Uruguay on Sunday. Officials called the power failure "unprecedented." Half of Argentina's power had been restored by late Sunday, including Buenos Aires. Lights are also being turned back on in parts of Uruguay and Paraguay. At the height of the blackout, an estimated 44 million people were without power. "At this moment, we do not rule out any possibilities but ... a cyberattack is not within the preliminary alternatives being considered," Argentina energy minister Gustavo Lopetegui said Sunday. Lopetegui said the blackout "shouldn't have happened" because the "Argentine system is pretty robust." Traffic lights failed, water supplies were disrupted and mobile phones and Internet services were interrupted by the blackout, which also disrupted train and subway services. The emergency also coincided with provincial elections in some Argentinian provinces, leaving some voters to cast their ballot in the dark. The blackout is the first in Argentina's history, Alejandra Martinez told CNN affiliate TN. It started with a collapse in the interconnection system at the Yacyreta Dam, utility Edenor said. The outage quickly spread to Paraguay and Uruguay. Some parts of Chile and Brazil were also affected. Source
  2. People across the world are expecting major cyber-attacks against their own country. A Pew Research survey of more than 27,000 respondents across 26 countries shows that the majority of people expect that sensitive national security information will be accessed (74%), the public infrastructure will be damaged (69%), and elections will be targeted (61%). In all these areas, American concerns are higher than average. Eighty-three percent are worried about attacks on the infrastructure, 82% fear that national security information will be accessed, and 78% expect election tampering. The breakdown within each area follows political party associations. For example, Democrats (87%) in the U.S. are more concerned about election tampering than Republicans (66%). While the expectation of future cyber-attacks is higher than average in the Americas, so too is confidence that their country is well-prepared to withstand them. The global median for not well-prepared is 49% against 43% who believe their country is well-prepared. The U.S. and Canada both score 43% in not well-prepared, but 53% and 52% respectively believe their country is well-prepared. The two most confident nations are Israel (73% believe they are well-prepared) and Russia (67%). Europe veers towards pessimism, with France the only nation where more people believe they are well-prepared. The UK is ambivalent: with 43% for and 43% against. In all the rest of the European nations, more people are pessimistic than optimistic about their country's preparedness -- peaking in Sweden (a relatively rich country) where 61% are pessimistic compared to 36% who are optimistic. The largest gap between pessimists and optimists is in Greece (a relatively poor country) at 34 percentage points. In general, the Americas are both the most concerned about future major cyber-attacks while also being confident about their countries' preparedness. Europe tends to be somewhat pessimistic, while (apart from Japan), APAC is fairly confident. Africa is more confident than pessimistic, but Latin America is the least confident of all. Only 9% of respondents in Argentina believe their country is well-prepared for a major cyber-attack, while 81% believe they are not. While these figures are interesting and it is tempting to draw parallels with the history of cyber-attacks in each region, this is probably futile. South Korea, for example, is adjacent to one of the countries most-blamed for cyber-attacks against other nations (North Korea), and has indeed suffered numerous attacks alleged to be conducted by the North Korean Lazarus group. Despite this, 50% of South Koreans consider their country to be well-prepared against a major cyber-attack, while only 47% consider it not well-prepared. Possibly a bigger differentiator is each respondent's political affiliation within their own country. For example, in the U.S., Republicans are generally more optimistic than Democrats (61% of Republicans against 47% of Democrats). In Russia, three-quarters of the pro-Putin United Russia party are optimistic, while only 61% of those who do not support that party are optimistic. It is not clear from this survey whether relative cyber optimism or pessimism bears any relation to actual cyber preparedness, or is more a statement of confidence in the prevailing government party. Source
  3. A former U.S. official calls the 2017 Pentagon policy document an ‘exercise to legally justify a potential attack on a North Korean missile on the launchpad.’ The Pentagon has embraced a controversial policy of destroying enemy nuclear missiles before they launch, an internal policy document from May 2017 shows. It’s an effort that appears to include executing cyberattacks against missile control systems or components. The Pentagon document does not name adversaries. But experts who reviewed it for The Daily Beast considered it aimed at North Korea—and may represent a fallback option for the Trump administration should its June 12 summit with Kim Jong Un fail to result in the denuclearization President Trump desires. Former State Department nonproliferation official Alexandra Bell called the Pentagon plan an “exercise to legally justify a potential attack on a North Korean missile on the launchpad.” [...] If interested, please read the entire article < here >.
  4. In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion. The attack was a dangerous escalation in international cyberwarfare, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage. And United States government officials, their allies and cybersecurity researchers worry that the culprits could replicate it in other countries, since thousands of industrial plants all over the world rely on the same American-engineered computer systems that were compromised. Investigators have been tight-lipped about the August attack. They still won’t identify the company or the country where it is based and have not identified the culprits. But the attackers were sophisticated and had plenty of time and resources, an indication that they were most likely supported by a government, according to more than a dozen people, including cybersecurity experts who have looked into the attack and asked not to be identified because of the confidentiality of the continuing investigation. The only thing that prevented an explosion was a mistake in the attackers’ computer code, the investigators said. The assault was the most alarming in a string of cyberattacks on petrochemical plants in Saudi Arabia. In January 2017, computers went dark at the National Industrialization Company, Tasnee for short, which is one of the few privately owned Saudi petrochemical companies. Computers also crashed 15 miles away at Sadara Chemical Company, a joint venture between the oil and chemical giants Saudi Aramco and Dow Chemical. Within minutes of the attack at Tasnee, the hard drives inside the company’s computers were destroyed and their data wiped clean, replaced with an image of Alan Kurdi, the small Syrian child who drowned off the coast of Turkey during his family’s attempt to flee that country’s civil war. The intent of the January attacks, Tasnee officials and researchers at the security company Symantec believe, was to inflict lasting damage on the petrochemical companies and send a political message. Recovery took months. Energy experts said the August attack could have been an attempt to complicate Crown Prince Mohammed bin Salman’s plans to encourage foreign and domestic private investment to diversify the Saudi economy and produce jobs for the country’s growing youth population. “Not only is it an attack on the private sector, which is being touted to help promote growth in the Saudi economy, but it is also focused on the petrochemical sector, which is a core part of the Saudi economy,” said Amy Myers Jaffe, an expert on Middle East energy at the Council on Foreign Relations. Saudi Arabia has cut oil exports in recent years to support global oil prices, a strategy central to its efforts to make a potential public offering of shares of government-controlled Saudi Aramco more attractive to international investors. The kingdom has tried to compensate for its lost revenue by expanding its petrochemical and refining industry. Some technical details of the attack in August have been previously reported, but this is the first time the earlier attacks on Tasnee and other Saudi petrochemical companies have been reported. Security analysts at Mandiant, a division of the security firm FireEye, are still investigating what happened in August, with the help of several companies in the United States that investigate cyberattacks on industrial control systems. A team at Schneider Electric, which made the industrial systems that were targeted, called Triconex safety controllers, is also looking into the attack, the people who spoke to The Times said. So are the National Security Agency, the F.B.I., the Department of Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, which has been supporting research into forensic tools designed to assist hacking investigations. All of the investigators believe the attack was most likely intended to cause an explosion that would have killed people. In the last few years, explosions at petrochemical plants in China and Mexico — though not triggered by hackers — have killed several employees, injured hundreds and forced evacuations of surrounding communities. What worries investigators and intelligence analysts the most is that the attackers compromised Schneider’s Triconex controllers, which keep equipment operating safely by performing tasks like regulating voltage, pressure and temperatures. Those controllers are used in about 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants. “If attackers developed a technique against Schneider equipment in Saudi Arabia, they could very well deploy the same technique here in the United States,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a Washington think tank. The Triconex system was believed to be a “lock and key operation.” In other words, the safety controllers could be tweaked or dismantled only with physical contact. So how did the hackers get in? Investigators found an odd digital file in a computer at an engineering workstation that looked like a legitimate part of the Schneider controllers but was designed to sabotage the system. Investigators will not say how it got there, but they do not believe it was an inside job. This was the first time these systems were sabotaged remotely. The only thing that prevented significant damage was a bug in the attackers’ computer code that inadvertently shut down the plant’s production systems. Investigators believe that the hackers have probably fixed their mistake by now, and that it is only a matter of time before they deploy the same technique against another industrial control system. A different group could also use those tools for its own attack. The August attack was also a significant step up from earlier attacks in Saudi Arabia. Starting on Nov. 17, 2016, computer screens at a number of Saudi government computers went dark and their hard drives were erased, according to researchers at Symantec, which investigated the attacks. Two weeks later, the same attackers hit other Saudi targets with the same computer virus. On Jan. 23, 2017, they struck again, at Tasnee and other petrochemical firms, deploying a computer virus known as Shamoon, after a word embedded in its code. The Shamoon virus first surfaced five years earlier at Saudi Aramco, wiping out tens of thousands of computers and replacing the data with a partial image of a burning American flag. Leon E. Panetta, the United States defense secretary at the time, said the attack could be a harbinger. “An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” he said. Government officials and cybersecurity experts in Saudi Arabia and the United States attributed the 2012 Shamoon attack to Iranian hackers. “Another attacker could have adopted that code” for the January 2017 attacks, said Vikram Thakur, a senior researcher at Symantec, “but our analysis showed the likelihood it was the same perpetrator was pretty high.” The attack in August was not a Shamoon attack. It was much more dangerous. Investigators believe a nation-state was responsible because there was no obvious profit motive, even though the attack would have required significant financial resources. And the computer code had not been seen in any earlier assaults. Every hacking tool had been custom built. The attackers not only had to figure out how to get into that system, they had to understand its design well enough to know the layout of the facility — what pipes went where and which valves to turn in order to trigger an explosion. Investigators believe someone would have had to buy the same version of the Triconex safety system to figure out how it worked. The components, investigators said, could be purchased for $40,000 on eBay. The attack has also shown the challenge of attributing with unquestionable evidence an attack to one country. Cybersecurity experts said Iran, China, Russia the United States and Israel had the technical sophistication to launch such attacks. But most of those countries had no motivation to do so. China and Russia are increasingly making energy deals with Saudi Arabia, and Israel and the United States have moved to cooperate with the kingdom against Iran. That leaves Iran, which experts said had a growing cyberspace military program, although the Iranian government has denied any involvement in cyberattacks. Tensions between Iran and Saudi Arabia have steadily escalated in recent years, and the conflict has drifted into cyberspace. United States officials and security analysts blamed Iranian hackers for a spate of attacks on American banks in 2012 and more recent espionage attacks on the airline industry. Iranian hackers were blamed for the 2012 Aramco attack and are also the leading suspects in the more recent Shamoon attacks. The August attack was far more sophisticated than any previous attack originating from Iran, Mr. Thakur of Symantec said, but there is a chance Iran could have improved its cyberwarfare abilities or worked with another country, like Russia or North Korea. Tasnee said in an email that it had hired experts from Symantec and IBM to study the attack against it. The company said it had also “completely overhauled our security standards” and started using new tools to prevent cyberattacks. “Being a global business,” the company said, “we believe that cybersecurity is a concern wherever you are in the world.” Source: https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
  5. Germany is investigating a security breach of its defence and interior ministries' private networks, a government spokesman has confirmed. A notorious Russian hacking group known as Fancy Bear, or APT28, is being widely blamed in German media. They are thought to be behind a number of cyber-attacks on the West, including breaches in the 2016 US election. The hack was first realised in December and may have lasted up to a year, the DPA news agency reported. The group is reported to have targeted the federal government's internal communications network with malware. "We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cyber-security incident concerning the federal government's information technology and networks," a German interior ministry spokesman said on Wednesday. He said the attack was "isolated" and had been "brought under control" but declined to comment on reports of Russian involvement. Fancy Bear was blamed for a similar attack on the lower house of the German parliament in 2015 and is also thought to have targeted the Christian Democratic Union party of Chancellor Angela Merkel. Officials in the country issued repeated warnings about the potential of "outside manipulation" in last year's German election. The hacking group has been linked to the Russian state by multiple security experts investigating its international hacks. They are also known by other names including Sofacy, Pawn Storm, Sednit and Tsar Team. The group played a key role in 2016's attack on the Democratic National Committee (DNC) in the US, according to security experts. Bbc.com
  6. A .NET malware abusing legitimate ffmpeg Malwarebytes has discovered a new cyberattack modus operandi that has hackers incorporating legitimate apps into their malware to make it stronger and accomplish specific tasks. Although the cybersecurity firm did not name the malware used as an example in its report, the company did note that this hacking methodology is representative of what is happening in the wild and becoming more prevalent. The example used by Malwarebytes recently found a banking trojan that once installed on the victims machines downloaded FFmpeg, a free software that produces libraries and programs for handling multimedia data. This ability, along with several others already included in the malware, allows the hacker to not only grab screenshots, but full video of the victim's computer. Essentially, once the malware recognizes that the computer is on a banking site it turns on its various capture capabilities to grab login credentials and other personal data. The malware itself is unsophisticated, easily defeated and poorly obfuscated, but Malwarebytes warns that despite these shortcomings it is highly capable of spying and even backdooring the victim's computer. This malware is prepared by an unsophisticated actor, Malwarebytes said. Neither the binary nor the communication protocol is well obfuscated. The used packer is well-known and easy to defeat. However, the malware is rich in features and it seems to be actively maintained. It's capabilities of spying on the victim and backdooring the attacked machine should not be taken lightly because even a simple threat actor can cause a lot of damage when neglected. Article source
  7. BEER-SHEVA, Israel...March 28, 2017 - A typical office scanner can be infiltrated and a company's network compromised using different light sources, according to a new paper by researchers from Ben-Gurion University of the Negev and the Weizmann Institute of Science. "In the paper, "Oops! I Think I Scanned Malware," we demonstrated how to use a laser or smart bulb to establish a covert channel between an outside attacker and malware installed on a networked computer," says lead author Ben Nassi, a graduate student in the BGU Department of Software and Information Systems Engineering as well as a researcher at the BGU Cyber Security Research Center (CSRC). "A scanner with the lid left open is sensitive to changes in the surrounding light and might be used as a back door into a company's network." The researchers conducted several demonstrations to transmit a message into computers connected to a flatbed scanner. Using direct laser light sources up to a half-mile (900 meters) away, as well as on a drone outside their office building, the researchers successfully sent a message to trigger malware through the scanner. Watch a video of the drone attack. In another demonstration, the researchers used a Galaxy 4 Smartphone to hijack a smart lightbulb (using radio signals) in the same room as the scanner. Using a program they wrote, they manipulated the smart bulb to emit pulsating light that delivered the triggering message in only seconds. Watch a video of the smart bulb attack. To mitigate this vulnerability, the researchers recommend organizations connect a scanner to the network through a proxy server -- a computer that acts as an intermediary -- which would prevent establishing a covert channel. This might be considered an extreme solution, however, since it also limits printing and faxing remotely on all-in-one devices. "We believe this study will increase the awareness to this threat and result in secured protocols for scanning that will prevent an attacker from establishing such a covert channel through an external light source, smart bulb, TV, or other IoT (Internet of Things) device," Nassi says. Article source
  8. On Monday, representatives of New Zealand’s National Institute of Water and Atmospheric Research (NIWA) confirmed that the organization’s FitzRoy supercomputer was targeted in a cyberattack last Thursday. In a statement, NIWA noted that the attempts to breach the supercomputer were unsuccessful. However, the system was taken offline until Saturday evening while IBM, the company that built it, and NIWA performed a series of tests. NIWA representatives have highlighted that the supercomputer doesn’t store any sensitive personal or client information. The country’s National Cyber Security Centre, which is part of the Government Communications Security Bureau intelligence agency, has been informed of the incident. New Zealand’s Prime Minister John Key has requested a briefing from the National Cyber Security Center on the hack attempt. According to Fairfax NZ News, the official revealed that the cyberattack was traced back to a Chinese IP address. However, the official admitted that this doesn’t necessarily mean that a Chinese entity is behind the attack. As is the challenge with attribution, the real attackers might have used compromised computers located in China to hide their tracks. FitzRoy is an IBM System p575 POWER6 supercomputer in which NIWA invested around NZ$12.7 million (US$10.8 million). The system, which has a peak speed of 34 Tflops, is used to run scientific models and services, particularly for environmental forecasting and modeling. Supercomputers are often targeted by hackers because their computing power can be abused for various purposes. For instance, in February, a member of the Harvard community hijacked the university’s Odyssey supercomputer to mine Dogecoins, a virtual currency similar to Bitcoin. In December 2013, a 23-year-old from Pennsylvania was sentenced to 18 months in prison for selling access to various compromised systems, including supercomputers at the Lawrence Berkeley National Laboratory in Oakland, Calif. Source
  9. Summary: After using cold storage funds to compensate users who lost Bitcoin to cyberattacks, Vircurex has bowed to the inevitable and is freezing user accounts. Vircurex has chosen to freeze all user accounts as it teeters towards financial ruin caused by cyberattacks. The Beijing-based cryptocurrency trading post, a victim of two cyberattacks last year, began dipping into its own cold wallet to release currency -- stored offline -- in order to compensate users affected by the security breaches, in which "significant" losses were suffered by the company. By using its own funds, the company hoped that users would be kept happy and positive cashflow would eventually boost the firm's financial resources, bringing its monetary health back up over time. However, following in the footsteps of Mt. Gox, recent "large fund withdrawals in the last weeks" have left Vircurex with two options -- close down the site entirely or freeze all user deposits and withdrawals while a solution is found. Having chosen the latter, Bitcoin, Litecoin and all other cryptocurrencies are frozen, and users are not permitted to withdraw funds from their accounts. In a statement, the Bitcoin exchange said: We are now facing the option of either closing the site with significant unrecoverable losses for all or to work out a solution that allows the exchange to continue to operate and gradually pay back the losses. .We will introduce an additional balance type called "Frozen Funds." Funds in this balance type cannot be used to trade or withdraw. Those are the balances that the exchange will gradually pay back and hence transfer back to the available balance over time. .We will move all current balances for BTC, LTC, TRC and FTC to the "Frozen Balance", i.e. your balance will be set to 0. .We'll take the current available cold storage balance and distribute it based on the below described distribution logic. .Monthly we will take the net profit of the exchange and credit back that amount distributed to the users based on the described distribution logic. Current user accounts will be labeled "frozen balance," so deposits and withdrawals will not be permitted for the time being. Using top-down logic, every month, users will receive funds based on the amount of cryptocurrency they have in their wallets. Half of the proceeds will be distributed top-down, and half bottom-up, based on these values. The funds to pay back users stem from any profit the exchange makes. "Funds in this balance type cannot be used to trade or withdraw,” Vircurex said. "Those are the balances that the exchange will gradually pay back and hence transfer back to the available balance over time. The freezing of the balances is a one-time action, it does not affect future deposits in any ways." While a small Bitcoin exchange, Vircurex is the latest in a long list of trading posts that have either closed their doors or are facing financial problems due to cyberattacks. After filing for bankruptcy several weeks ago, the once-dominant Bitcoin exchange Mt. Gox admitted that poor accounting and security failures resulted in the loss of Bitcoin worth at least $450 million in today's rates. Smaller trading posts Flexcoin and Poloniex have also been the victims of cyberattacks, losing thousands in the virtual currency. The former was forced to close down with immediate effect, whereas the later has promised to pay investors back -- although it will take some time. Source
  10. The director of the FBI said last week that the agency plans to introduce a malware-analysis system later this year that will let businesses and the public, report newly identified malware attacks, upload malware samples and receive reports on them. Speaking at the RSA Security Conference in San Francisco, FBI Director James Comey didn’t spend much time discussing this newly proposed interactive malware-analysis system, but he did say it would be derived from something the FBI already uses called “Binary Analysis Characterization and Storage System.” This is an internal malware-analysis tool used by the FBI in its own cybercrime investigations. Comey said the new system for interaction with the public would be called “Malware investigator.” He didn’t go into great detail about how it would work, but said the idea behind it is to treat malware and viruses much like “fingerprints and DNA” that let the FBI identify crime suspects. “Later this year we’ll roll out Malware Investigator,” said Comey during his keynote address, in which he mainly spoke on the topic of how the FBI wants to expand its interaction with businesses and others in cybercrime matters in order to better fight growing problems such as massive denial-of-service attacks. System would accept samples, track attacks It’s not clear how the FBI plans on interfacing with the public in order to share malware samples. But Comey suggested Malware Investigator would offer a way to send a sample into the system and receive a report on it quickly. The idea, he said, is to gather intelligence from many sources on where certain types of malware-oriented cyberattacks may be occurring. It might act as a unified threat-reporting system. Comey, who is only five months into his position as FBI director, said his predecessor advised him that his job would be increasingly focused on cybercrime issues, such as tracking dangerous botnets, cybercrime syndicates and carrying out computer forensics. He said he has found that to be the case. Comey voiced some frustration that interactions with businesses hit by cybercrime can be rocky, with the victimized business reluctant to report an incident out of worry that law enforcement will turn the network into a crime scene or that business competitors will use a setback to their advantage. In addition, Comey noted, “Some suggest there is a conflict between fighting cybercrime and preserving liberty,” but he added, “We’re looking for security that embraces liberty.” Source
  • Create New...