Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label United States Cyber Security. Show all posts

Marshals' Computer System Still Down 10 Weeks After Hack


A computer system used by the U.S. Marshals Service to track and hunt fugitives remains down 10 weeks after a hack, raising concerns about the effectiveness of the agency’s surveillance efforts. The hack, which occurred in February, forced the Marshals to shut down their electronic surveillance system, which tracks fugitives and monitors their movements through GPS-enabled ankle bracelets.

According to a statement from the Marshals, the agency is still working to bring the system back online and has been forced to rely on manual surveillance techniques in the meantime. This includes the use of physical surveillance teams and other traditional methods of tracking fugitives.

The prolonged downtime of the electronic surveillance system has raised concerns about the ability of the Marshals to effectively track and apprehend fugitives, particularly in cases where they may pose a significant threat to public safety. The agency has not provided details on the scope or nature of the hack, nor has it disclosed whether any sensitive data or information was compromised as a result of the breach.

The hack of the Marshals’ electronic surveillance system underscores the growing threat posed by cyber-attacks on critical infrastructure and government agencies. These attacks can have far-reaching consequences, potentially compromising sensitive data, disrupting essential services, and undermining public safety and national security.

As cyber threats continue to evolve and become more sophisticated, it is essential that government agencies and organizations responsible for critical infrastructure invest in robust cybersecurity measures and stay ahead of the curve in detecting and responding to potential attacks. This includes implementing advanced security protocols and regular security assessments, as well as investing in staff training and education to ensure that all employees are aware of the risks and how to respond in the event of a breach.

The prolonged downtime of the Marshals' electronic surveillance system underscores the need for government agencies and critical infrastructure organizations to remain vigilant and proactive in protecting against cyber threats. As the threat of cyber attacks continues to evolve, investment in robust cybersecurity measures, protocols, and staff education is necessary to ensure the protection of sensitive data and essential services.

OFAC Takes Action Against Accused Providing Material Support To North Korean Hackers

 

The U.S. Treasury Department has recently identified three over-the-counter (OTC) cryptocurrency traders in China and Hong Kong, as well as a China-based banker, who is believed to have assisted North Korea’s Lazarus Group in converting stolen crypto into fiat currency. The Department of Foreign Assets Control (OFAC) took action against the accused for providing material support to the North Korea-based Lazarus hacking group.

North Korea’s Lazarus Group is a notorious hacker group responsible for some of the largest crypto heists in recent years. According to OFAC’s report, the group is linked to illicit financial and cyber activity that supports North Korea’s development of weapons of mass destruction (WMD) and ballistic missile programs.

Under-Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson stated that North Korea’s operations to raise funds for WMD and ballistic missile programs directly threaten world security and cited three intercontinental ballistic missiles launched by North Korea this year as evidence of the same.

Chainalysis, a blockchain analysis firm, estimates that North Korean hackers such as the Lazarus Group have stolen an estimated $1.7 billion in cryptocurrencies in 2022 alone through numerous breaches traced to them. Moreover, they were one of the major forces behind the DeFi hacking trend, stealing $1.1 billion in DeFi protocol attacks. 

The accused individuals were allegedly involved in obtaining cryptocurrencies from North Korean citizens who were fraudulently undertaking IT services in other countries and then directing OTC traders to transfer funds to front firms for purchasing items such as tobacco and communication equipment. 

The actions taken by OFAC against those who provided material support to the North Korean hackers serve as a warning that cyber security vulnerabilities must be addressed at all times and malicious actors will be held accountable for their actions. 

Ransomware Attacks Continue Targeting U.S. Industrial Organizations

 

Industrial sectors have been facing a hard hit by ransomware gangs in recent years, with manufacturing companies being exposed to a higher risk. U.S organisations have particularly succumbed to cyberattacks as they experience large spikes. 
 
According to the industrial cybersecurity firm Dragos, 25 of the 48 threat groups known to target industrial organizations and infrastructure were active in the third quarter of 2022. Several new ransomware groups including Sparta Blog, Bianlian, Donuts, Onyx, and Yanluowang are among those on the list. 
 
As per Dragos Q3 analysis regarding the ransomware attacks on industrial organizations, North America was the site of 36% of all reported cases worldwide, with 46 incidents being reported. This represents a significant 10% increase from the previous quarter when the region was hit by 25% of cases. 
 
On the other hand, the analysis also detected that the rate of attacks at a global level remained flat quarter over quarter, with 128 incidents for Q3 vs 125 in Q2. 
 
Most of the observed attacks were targeted at the manufacturing sectors, totaling 68%. Out of the confirmed attacks (those publicly reported, seen in the firm's telemetry, or confirmed on the Dark Web), 88 were against the manufacturing segments, especially those producing metal products, which experienced a total of 12 attacks. 
 
As indicated by Stephen Banda, senior manager of security solutions of Lookout, the manufacturing sector is developing at a swift pace, digitizing manufacturing, inventory tracking, operations, and maintenance increase agility and efficiency, with less production downtime and greater nimbleness. However, it also opens up new attack surfaces for threat actors. 
 
“To remain competitive, manufacturers are investing in intellectual property and new technologies like digital twins […] In short, manufacturers are transforming the way they produce and deliver goods – moving toward industrial automation and the flexible factory. This transformation, known as Industry 4.0, puts pressure on mobile devices and cloud solutions.” States Stephen Banda to Dark Reading. Yet for most manufacturers, security solutions still remain on-premises, he adds. 
 
“This creates efficacy and scalability challenges when tasked with protecting productivity solutions that have moved to the cloud[…]Security therefore must also move to the cloud to adequately safeguard manufacturing operations,” notes the Lookout senior manager.

Ex-NSA Employee Charged with Espionage Case

A former U.S. National Security Agency (NSA) employee from Colorado has been arrested on account of attempting to sell classified data to a foreign spy in an attempt to fulfill his personal problems facing because of debts. 

According to the court documents released on Thursday, the accused Jareh Sebastian Dalke, 30, was an undercover agent who was working for the Federal Bureau of Investigation (FBI). 

Jareh Sebastian said that he was in contact with the representative of a particular nation "with many interests that are adverse to the United States," he was actually talking to an undercover FBI agent, according to his arrest affidavit. 

Dalke was arrested on Wednesday after he allegedly agreed to transmit classified data. "On or about August 26, 2022, Dalke requested $85,000 in return for additional information in his possession. Dalke agreed to transmit additional information using a secure connection set up by the FBI at a public location in Denver,"  eventually it led to his arrest,  the DoJ said. 

Earlier he was employed at the NSA from June 6, 2022, to July 1, 2022, as part of a temporary assignment in Washington D.C as an Information Systems Security Designer. Dalke is also accused of transferring additional National Defense Information (NDI) to the undercover FBI agent at an undisclosed location in the U.S. state of Colorado. 

Following the investigation, he was arrested on September 28 by the law enforcement agency. As per the USA court law, Dalke was charged with three violations of the Espionage Act. However, the arrest affidavit did not identify the country to which Dalke allegedly provided information. 

The affidavit has been filed by the FBI and mentioned that Dalke also served in the U.S. Army from about 2015 to 2018 and held a Secret security clearance, which he received in 2016. The defendant further held a Top Secret security clearance during his tenure at the NSA. 

"Between August and September 2022, Dalke used an encrypted email account to transmit excerpts of three classified documents he had obtained during his employment to an individual Dalke believed to be working for a foreign government," the Justice Department (DoJ) said in a press release.

Rise in Cyber-Attacks Targeting U.S. Defense Security

 

In the context of a cyberattack campaign, which may be related to the act of cyber espionage itself, it is clear that cyber threats are becoming increasingly sophisticated with each passing. Threat actors are engineering the attacks to target defence contractors in the US and throughout the world. 

There have been several covert campaigns against weapons contractors in Europe over the last few months, which have been detected by researchers at Securonix. The campaign has adversely affected a supplier to the US program to build the F-35 Lightning II fighter plane, which has been identified as STEEP#MAVERICK by Securonix. 

According to the security vendor, the campaign is noteworthy for the overall attention the attacker has paid to operations security (OpSec) and in ensuring their malware is difficult to detect, remove, and analyse.  

The report from Securonix stated, the malware stager used in these attacks used an array of tactics, persistence methodology, counter-forensics, and layers upon layers of obfuscation to hide its code. 

As of late summer, it appears that the STEEP#MAVERICK campaign had started to attack two high-profile defence contractors in Europe as part of its attacks on their facilities. There is a similar trend in spear-phishing attacks that begin with an email that contains a compressed (.zip) file and a shortcut link (.lnk) to a PDF document that purports to describe company benefits, like many spear-phishing campaigns.  

According to SecurityTel, the sample email was sent this month via North Koreas APT37 threat group. 

APT37 (also known as Konni) is a North Korean threat group that was found sending emails earlier this month similar to a scam email they encountered earlier this month during another campaign that involved the North Korean threat group.  

The rising number of cyberattacks is indeed a matter of concern, especially for a department like defence which has access to secrets that require to be guarded with extra caution.  

The security research performed by Black Kite on the top 100 defence contractors, showed that 32% of them are having security flaws that can cause ransomware attacks. The major reasons for these defence contractors to be vulnerable to ransomware attacks include leaked credentials, lack of secure personal data management, etc, as per the research.

The US did not invite Russia and China to an online conference on combating cybercrime

The US National Security Council organized virtual meetings this week to discuss countering ransomware operators. In total, 30 countries were invited to the conference, including Ukraine, Mexico, Israel, Germany, and the UK, however, Russia and China were not invited to the discussion.

The cyber threat posed by ransomware is increasingly worrying people at the highest level. The ransoms have already reached over $400 million in 2020 and $81 million in the first quarter of 2021.

US President Joe Biden announced in early October that representatives from more than 30 countries will work together to fight back against cybercriminals distributing ransomware. This initiative was the result of very dangerous and large-scale attacks by ransomware operators that recently hit Colonial Pipeline and Kaseya.

It is interesting to note that recently Russian Deputy Foreign Minister Sergei Ryabkov made it clear that Moscow is interested in discussing the problem of ransomware viruses with Washington, but does not want contacts to be limited only to this topic. “American colleagues are still trying to focus all their work on what interests them,” he complained at the time.

Despite the previously announced cooperation in the field of cybersecurity between Moscow and Washington, no one expected Russian official representatives at the meetings. The organizers of the meetings did not invite China and Russia.

Perhaps the reason lies in a misunderstanding that arose at a certain stage. The United States has repeatedly asked Russia to take measures against ransomware operators located in the country. White House Press Secretary Jen Psaki even promised that Washington itself would deal with these cyber groups if the Kremlin could not.