Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Firms. Show all posts

Chinese-Sponsored Hacking Group Targeting Critical U.S. Infrastructure, Microsoft Claims

 

The employment of hackers to gather intelligence data is prevalent in practically every nation on earth. Intelligence organisations like the Fancy Bear and Equation Group are used by both the US and Russia. 

Microsoft Corp. stated last week that Volt Typhon was "pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises." Concern over the relationship between China and the US on Taiwan immediately arose after this statement. Pacific-wide cyberattacks may result from disputes between the US and China.

What precisely is a Volt Typhoon? 

A suspected hacker organisation goes by the name of "Volt Typhoon." The gang is thought to have China's support. The Volt Typhoon is reported to be capable of both digital sabotage and intelligence gathering. 

Is the Volt Typhoon a genuine threat to the infrastructure of the United States, or is it merely a new network of digital spies? 

Potential threats 

The American infrastructure is thought to be seriously threatened by the Volt Typhoon. The following are potential risks to the group: 

Espionage concerns: Spying is a concern for experts. In the midst of tensions over Taiwan, experts believe Volt Typhoon is a group of hackers ready to attack the American infrastructure. 

The assessment of Microsoft is given a "moderate confidence" rating, which denotes that the idea is plausible and backed by reliable sources but is not yet fully supported. Few experts believe there is any proof of sabotage planning, despite the fact that many researchers have discovered and evaluated the group's many elements.

According to Marc Burnard and Secureworks, the Volt Typhoon currently appears to be designed to steal data from organisations that hold information about the U.S. government or military.

Volt Typhoon is known as the "Bronze Silhouette" by Secureworks, and according to Marc Burnard, its primary function is espionage. 

Sneaky storm: Almost all cyber spies try to hide their tracks; Microsoft and other analysts believe Volt Typhoon was a quiet operator who camouflaged its activity by passing it through hijacked network equipment such as residential routers. These are well-planned wiped proof of intrusion from the victim's logs. 

China, on the other hand, has consistently denied any involvement in the Volt Typhoon cyberattack. However, Beijing has been preparing documentation of cyberespionage efforts for more than two decades. Spying has become a major emphasis in the recent decade, since Western experts have linked breaches to specific units of the People's Liberation Army. US law enforcement has indicted a slew of Chinese operatives with eavesdropping on US secrets. 

According to Secureworks in a blog post, the Volt Typhoon's interest in operational security may stem from the US claims, as well as increased pressure from Chinese leaders to refrain from scrutinising cyberespionage acts. 

Mitigation tips

In line with Microsoft's research on Volt Typhoon, spotting an activity that exploits standard sign-in channels and system binaries necessitates behavioural monitoring, and remediation necessitates shutting or resetting credentials for compromised accounts. In these circumstances, Microsoft recommends that security operations teams investigate the activities of compromised accounts for any dangerous actions or exposed data.

Experts Warn of Advanced Evasion Techniques as Rorschach Ransomware Emerges

 

Security researchers are concerned about a new ransomware strain that they characterise as a hybrid of the most potent ransomwares currently in use. 

Researchers from the Israeli cybersecurity company Check Point named the new ransomware "Rorschach" and claimed their incident response team came across it while looking into an attack on a U.S.-based corporation.

Rorschach is "the fastest and one of the most sophisticated ransomware we've seen so far," according to Sergey Shykevich, threat intelligence group manager at Check Point Research. Each person who looked at it saw something slightly different, similar to the renowned psychological test, which is why the researchers termed it Rorschach. 

“Just as a psychological Rorschach test looks different to each person, this new type of ransomware has technically distinct features taken from different ransomware families – making it special and different from other ransomware families,” Shykevich stated.

The company stated in a research released on Tuesday that Rorschach looks to be unique, sharing no overlaps that might easily attribute it to any known ransomware strain and does not have the kind of branding common of most ransomware groups. 

Researchers were taken aback by a number of characteristics in addition to how quickly it encrypted data on average, which was several minutes faster than other regularly used ransomware like LockBit. They tested LockBit through five different encryption performance tests in controlled settings, claiming that the ransomware was the "new speed demon in town." 

Because a portion of the ransomware is autonomous, attackers can complete operations that would normally need manual labour. Due to the ransomware's high degree of adaptability, attackers can use a broad variety of methods when handling situations. In the incident that Check Point handled, the attackers used a signed component of a commercial security product to distribute the ransomware, which is unusual for ransomware attacks. 

But the responders found the attack odd. The hackers had no affiliations with any other groups and did not use aliases to conceal their identities. Automatically spreading throughout a system and erasing compromised devices' event logs were two features of the ransomware. 

Similarities and distinctions 

The malware was unique in several ways, but it also borrowed ideas from a number of earlier ransomware variants. The ransom note that was issued to victims mirrored those from the Yanluowang and DarkSide organisations and borrowed some of its code from the Babuk and LockBit ransomware strains' exposed source code.

In order to make recovery more challenging, the ransomware has the ability to erase backups and disable some services, such as firewalls. The fact that the ransomware not only encrypts an environment but also employs novel strategies to get beyond security measures shocked the researchers. 

Additionally, the ransomware's creators made sure to include two system checks that, depending on the victim's chosen language, can block its operations. The ransomware will not function if the language is one from a member of the Commonwealth of Independent States (CIS), such as Armenia, Azerbaijan, Kazakhstan, Russia, Ukraine, Belarus, Tajikistan, Georgia, Kyrgyzstan, Turkmenistan, Uzbekistan, or Moldova.

The ransomware also uses a special encryption method that makes it more challenging to decode files by just encrypting a piece of them rather than the whole item. This helps it operate more quickly than previous malware encryption techniques. 

“Our analysis of Rorschach reveals the emergence of a new ransomware strain in the crimeware landscape. Its developers implemented new anti-analysis and defense evasion techniques to avoid detection and make it more difficult for security software and researchers to analyze and mitigate its effects,” the researchers explained. "The operators and developers of the Rorschach ransomware remain unknown. They do not use branding, which is relatively rare in ransomware operations."

Sundar Pichai Promises the Release of an Upgraded Bard AI Chatbot Soon

 

Sundar Pichai, CEO of Alphabet and Google, has announced that the company will soon offer more competent AI models in response to criticism of his ChatGPT rival, Bard. 

According to Pichai, Bard is now competing with "more powerful automobiles" like a "souped-up Civic," but Google has "more capable models" that will be made available in the upcoming days.

He made these comments in an interview with the NYT's Hard Fork podcast. "We knew when we were putting Bard out we wanted to be careful," Pichai stated. "Since this was the first time we were putting out, we wanted to see what type of queries we would get. We obviously positioned it carefully." 

More powerful PaLM (Pathways Language Model) versions of the Bard chatbot will be released "over the course of next week," l Google CEO added. That will imply that Bard significantly improves in various areas, including reasoning and coding.

Calculative approach 

Pichai's general attitude was a mix of caution over trying out what Bard could achieve and enthusiasm regarding where it might ultimately lead. These "very, very strong technologies" may be tailored to businesses and individuals, according to Pichai.

The Google CEO also addressed questions about data protection and the rapid advancement of AI engines like Bard and ChatGPT. The development of artificial intelligence should be put on hold for six months, according to some of the biggest names in technology. 

Pichai said in the podcast that he supports these kinds of debates and wants to see governments enact laws because AI is too crucial an area not to control. Moreover, the area is too crucial to lack proper regulation. I'm delighted that these discussions are starting now. 

This most recent podcast interview exemplifies the multitude of important questions surrounding AI at the moment, including how it will affect data protection, the types of professions it may eliminate, the effect it will have on publishers if Google and Bing become one-stop shops, and so forth. 

To be fair to Pichai, he handled those issues in a very thoughtful manner, but that does not necessarily mean that all of our concerns about AI will be allayed. We're in the midst of a significant change in the way we live our lives and access information online. 

Pichai acknowledged that the technology "has the capacity to bring harm in a deep sense" but is also "going to be incredibly beneficial". While it's important to recognise this, businesses like Google are more motivated by financial success than by any sense of moral obligation.

Cyber Attack on Bridgestone Lead to Plant Closures Across North America & Latin America

 

After sending workers home for several days, Bridgestone-Firestone tyre manufacturers across North America and Latin America are still fighting to recuperate from a cyberattack. 

Despite numerous attempts for comment, the corporation has remained silent. However, the factory's union, USW 1155L, used Facebook to inform employees that the company was still dealing with the cyberattack and that nobody needed to come in. 

The union wrote on Monday, "Warren hourly teammates who are scheduled to work day shift, March 1st, will not be required to report to work (no-hit, no pay, or you have the option to take a vacation)". 

The outages were originally reported on Sunday when the union posted on Facebook that Bridgestone Americas was investigating a potential source of the information security incident. The notice looked to be sent straight from the firm, rather than from the union. 

The company explained, "Since learning of the potential incident in the early morning hours of February 27, we have launched a comprehensive investigation to quickly gather facts while working to ensure the security of our IT systems. Out of an abundance of caution, we disconnected many of our manufacturing and retreading facilities in Latin America and North America from our network to contain and prevent any potential impact, including those at Warren TBR Plant. First shift operations were shut down, so those employees were sent home." 

"Until we learn more from this investigation, we cannot determine with certainty the scope or nature of any potential incident, but we will continue to work diligently to address any potential issues that may affect our operations, our data, our teammates, and our customers." 

The firm reiterated on Tuesday evening that hourly staff scheduled to work on Wednesday will not be required to report to work. Bridgestone Americas employs nearly 50,000 people in dozens of locations across North America, Central America, and the Caribbean. Outages affecting factories in Iowa, Illinois, North Carolina, South Carolina, Tennessee, and Canada were reported by local news outlets across the United States.

A 'Colossal' Ransomware Attack Paralyzes Hundreds of US Companies

 

Ahead of the US Independence Day weekend, a ransomware attack crippled the networks of at least 200 American companies on Friday, according to cybersecurity firm Huntress Labs. Threat actors targeted Miami-based IT firm Kaseya by employing the technique of hijacking one piece of software to exploit hundreds of thousands of users at a time.

We are investigating a “potential attack” on Virtual System Administrator (VSA), a widely used tool to monitor and manage our customers' IT networks across America, reads the statement posted by Kaseya on its website.

“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business. This is a colossal and devastating supply chain attack. Such cyber attacks typically infiltrate widely used software and spread malware as it updates automatically,” John Hammond, a senior security researcher with Huntress said in a direct message on Twitter. 

In the statement, Kaseya said the tool offers to monitor and manage servers, desktops, network devices, and printers and that it may have been attacked. Such an attack can be particularly insidious to address, said Chris Grove, a security expert at the cybersecurity firm Nozomi Networks.

“Once a breach happens, the victim would generally reach for these tools to work their way out of a bad situation, but when the tool itself is the problem or is unavailable, it adds complexity to the recovery efforts,” Chris Grove added.

Kaseya also noted that it suspected REvil, a Russian-based hacking group of paralyzing the company’s network. It is the same group of actors blamed by the FBI for paralyzing meat packer JBS last month. It also added that having learned of the incident around midday on Friday, it immediately brought in forensic cybersecurity experts to begin a probe. 

As a precautionary measure, the IT firm also contacted the Federal Bureau of Intelligence as well as the Cybersecurity Infrastructure and Security Agency (CISA), a branch of the US Department of Homeland Security. Shortly after, the CISA issued its own advisory, also directing Kaseya's customers to shut down its VSA platform. 

Following the security breach, Kaseya said a small number of companies had potentially been affected. The company said it had shut down some of its infrastructure and was urging customers who used the tool on their premises to immediately turn off their servers. However, Huntress Labs said the number was greater than 200.

According to the analysis firm Chainalysis, ransomware gangs extorted more than $412 million in ransoms last year. A report from a task force of more than 60 experts said nearly 2,400 governments, healthcare systems, and schools in the country were hit by ransomware in 2020.

Workings of US Firms Disturbed Due to Covid Surge in Banglore

 

To say that Bengaluru’s epidemic is huge is an understatement. Bengaluru has more than 65 percent of all active cases recorded in Karnataka in a virulent second wave where the test positivity rate in the State is touching new highs. On May 7, Bengaluru recorded 346 deaths due to COVID-19, according to a bulletin released by the Karnataka government. 

Health experts have warned that the situation could be more threatening in the coming weeks, with one model predicting as many as 1,018,879 deaths by the end of July, quadrupling from the current official count of 230,168. A model prepared by government advisers suggests the wave could peak in the coming days, but the group's projections have been changing and were wrong last month. 

As a result, US firms like Goldman Sachs Group Inc. and UBS Group AG have come under intense strain. These firms played critical roles in everything from risk management to customer service and compliance. A growing number of employees are either sick or scrambling to find critical medical supplies such as oxygen for relatives or friends.

An employee at UBS said their bank has nearly 8,000 workers but due to Covid-19, many are absent. As a result, work is being shipped to centers such as Poland. The Swiss bank's workers in India handle trade settlement, transaction reporting, investment banking support, and wealth management. Many of the tasks require same-day or next-day turnarounds.

Standard Chartered Plc issued a statement last week that nearly 800 of its 20,000 employees in India were infected. As many as 25% of employees in some teams at UBS are absent, said an executive at the firm who spoke on condition of anonymity for fear of losing his job.

For now, back-office units are managing part-time workers or asking employees to perform multiple roles and re-assigning staff to make up for those who are absent. They are scheduling overtime, deferring low-priority projects, and conducting pandemic continuity planning exercises for multiple locations should the virus wave intensify. 

Similarly, thousands of Goldman employees are working from home, doing high-end business tasks such as risk modeling, accounting compliance, and app building. A representative for the bank said workflows can be absorbed by the wider team if needed and there's been no material impact so far.