Archive for FBI

« Older Entries
Newer Entries »

FBI, HHS & CISA warn US hospitals of targeted BlackCat ransomware attack

Posted in Commentary with tags , , on February 28, 2024 by itnerd

The CISA, the FBI and HHS have released an update on ALPHV/BlackCat ransomware attacks, warning that the group is targeting US healthcare orgs primarily. The three federal agencies warned in the joint advisory that, since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized.

Darren Williams, CEO and Founder, BlackFog:

“The healthcare industry has proven an irresistible target when it comes to ransomware, with publicized attacks in 2023 seeing a 134% increase over the previous year. Healthcare organizations possess troves of valuable and sensitive data just ripe for extortion, and unfortunately in many cases the level of cyber defense simply isn’t up to the task of protecting it.  When it comes to extortion the only way to prevent it is to prevent data exfiltration in the first place. The industry must look to third generation ADX cybersecurity solutions that have been designed to do just that.”

Once again this is an example of threat actors targeting health care. Thus like I said here, this sector needs to up its game in a serious way to take themselves off the target list of threat actors.

Leave a comment »

FBI Warns That Chinese Hackers Are Prepping To ‘Wreak Havoc’On US Critical Infrastructure 

Posted in Commentary with tags , on February 1, 2024 by itnerd

Yesterday, FBI Director Christopher Wray, the head of the NSA and other senior officials addressed the House Select Committee on the Chinese Communist Party with an unprecedented public warning that Chinese hackers are preparing to “wreak havoc and cause real-world harm” to the US:

Chinese government hacking efforts now target the entire American populace, and the escalating urgency of the overall threat that China poses to U.S. national security requires more investment in the FBI’s capabilities, FBI Director Wray warned lawmakers during a January 31 appearance before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party. 

“I do not want those watching today to think we can’t protect ourselves,” he told legislators. “But I do want the American people to know that we cannot afford to sleep on this danger.” 

China’s quest to steal American intellectual property to gain an economic and militaristic edge over the United States—through nefarious cyber means and traditional espionage, alike—hasn’t let up. But the scope of its malicious cyber activities has expanded to target our nation’s critical infrastructure, Wray told lawmakers during the hearing, which looked to gauge the risks that CCP cyber efforts poses to U.S. national security. 

“There has been far too little public focus on the fact that PRC [People’s Republic of China] hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems,” Wray told the committee during his opening remarks. “And the risk that poses to every American requires our attention now.” 

China’s state-sponsored hackers are posturing themselves to be able to take down these vital resources at a moment’s notice. That way, if conflict breaks out between the U.S. and China, they can cripple those resources and do direct harm to U.S. citizens, Wray explained. “Low blows against civilians are part of China’s plan,” he said. 

HYAS CEO David Ratner had this comment:

“Critical infrastructure is unfortunately too vulnerable to a variety of attacks, and we need to focus on cyber resiliency across the board or risk not just the interruption of basic services but potentially loss of human life.   Bad actors will continue to find new vectors to try and wreak havoc; the only path forward is proactive intelligence and overall operational resiliency to ensure that each new attack is handled quickly and efficiently, before damage ensues.  The time to act is now.”

I’m going to go out on a limb and say that the US aren’t the only targets of these hackers. Chances are that other countries are in the same boat. Which means that it’s time for them to step up their security game, or really bad things will happen to those who don’t.

UPDATE: Mark B. Cooper, President & Founder, PKI Solutions adds this comment:

   “The warning from FBI Director Christopher Wray about Chinese hackers targeting US infrastructure emphasizes the sense of urgency needed to improve the security of core systems to critical infrastructure.  It’s no longer safe to assume these core systems like Identity and Encryption are resilient; organizations need to manage the security posture of each of their critical systems. These measures are essential in ensuring vulnerabilities are identified and mitigated properly, reducing the risk of exploitation by malicious actors.”

Leave a comment »

CISA, FBI, EPA Releases A Water And Wastewater Cyber Incident Response Guide

Posted in Commentary with tags , on January 22, 2024 by itnerd

In a joint effort, CISA, the FBI, and the EPA have introduced an incident response guide designed to aid owners and operators in the Water and Wastewater Systems (WWS) Sector.

The agencies partnered with over 25 industry, non-profit and government organizations within the WWS Sector to create the response guide which outlines four pivotal stages of the incident response lifecycle:

  • Preparation
  • Detection and Analysis
  • Containment, Eradication, and Recovery
  • Post-Incident Activities

“The Water and Wastewater Systems Sector is a vital part of our critical infrastructure, and the FBI will continue to combat cyber actors who threaten it. A key part of our cyber strategy is building strong partnerships and sharing threat information with the owners and operators of critical infrastructure before they are hit with an attack,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division.

Mark B. Cooper, President & Founder, PKI Solutions had this to say:

   “Just as we have seen the creation and focus of Critical Infrastructure Protection (CIP) controls for the energy industry, vital infrastructure services such as water, waste treatment, and gas should have similar regulatory and industrial standards for cybersecurity controls. Through enforcing strong CIP standards for all vital services, these critical services can be better prepared for a world that has ever evolving cybersecurity threats and deliberate actors seeking to disrupt services.”

Incident response guides like these are valuable as they save a company or a sector from the trouble of trying to figure out what the best practices are to responding to an incident. Frankly, we need to see more of these out there ASAP.

Leave a comment »

FBI Offers Disclosure Delay Request Guidance Ahead Sf SEC 4-Day Rule Debut 

Posted in Commentary with tags on December 11, 2023 by itnerd

On December 18th, the SEC’s new 4-day rule for “material” cybersecurity incident disclosure takes effect, and as the FBI will be responsible for collecting and assessing delay requests along with the DoJ, they have published guidance for companies hoping to apply.

The document explains that companies may “request disclosure delays for national security or public safety reasons” by emailing the FBI the following information: 

  • When the incident occurred 
  • When the organization determined it was material 
  • What kind of cyberattack occurred 
  • What the intrusion vectors are 
  • What infrastructure or data was affected 
  • How infrastructure or data was affected 
  • Operational impact of the incident 
  • Whether there is confirmed attribution of the attack 
  • Whether they have already been in contact with a local field office 
  • Points of contact 
  • Information about whether it’s the first delay-referral request 

A failure to provide the exact date, time and time zone for the materiality determination and if a delay request is not made alongside the determination of whether the attack was “material,” the delay-referral request will be denied.

After the FBI makes a referral, the DoJ will issue a delay determination and can grant a delay of public filing for 30 business days, with an option to delay for an additional 30 and in “extraordinary circumstances,” for an additional 60 business days due to substantial national security (but not public safety) risks, the FBI said.

Troy Batterberry, CEO and Founder, EchoMark had this to say:

   “The current SEC disclosure rules, while well intentioned to keep investors informed, fail to comprehend the complexity of dealing with such events as they emerge. Prematurely disclosing information can help assist the very criminal(s) involved and make the situation even worse for the victim and their respective investors. Such situations are not just limited to national security.”

Clearly there’s some need to nuance these rules. But I am glad that they exist as they make cybercrime way less profitable for cybercriminals. Not to mention giving the public more transparency in term of companies who get pwned.

UPDATE: George McGregor, VP, Approov Mobile Security added this:

   “With the new SEC reporting guidelines as well as the EU Cyber Resiliency Act 24 hour breach reporting requirement coming into force, companies are having to scramble to be able to quickly report breaches.

   “The process to request a delay by the FBI is welcome, and will take some of the pressure off. Companies are struggling to balance limited investments, and what we don’t want to see is a focus on regulatory reporting to the detriment of spending on upstream cyber defense techniques.”

Leave a comment »

FBI and CISA Release Joint Advisory On The Royal Ransomware Gang

Posted in Commentary with tags , on November 14, 2023 by itnerd

The FBI and CISA have revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.

Since approximately September 2022, cyber threat actors have compromised U.S. and international organizations with Royal ransomware. FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader. After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems. Royal actors have made ransom demands ranging from approximately $1 million to $11 million USD in Bitcoin. In observed incidents, Royal actors do not include ransom amounts and payment instructions as part of the initial ransom note. Instead, the note, which appears after encryption, requires victims to directly interact with the threat actor via a .onion URL (reachable through the Tor browser). Royal actors have targeted numerous critical infrastructure sectors including, but not limited to, Manufacturing, Communications, Healthcare and Public Healthcare (HPH), and Education.

Frankly that’s a staggering number. John Gunn, CEO, Token had this comment:

It is ridiculous that organizations are left to fend for themselves. Imagine there were this many bank robberies without any action against the perpetrators – just more advice from the Feds on how to protect the bank from robbers – never. Our government needs to do more to proactively target and eliminate groups that are making US institutions their targets.

Perhaps he has a point and maybe it’s time to go on offence as being constantly on defence is tiring, and more importantly isn’t stopping these groups from operating. It’s certainly food for thought.

Leave a comment »

NSA, FBI and CISA Release Cybersecurity Information Sheet On Deepfakes And Their Threats To Organizations

Posted in Commentary with tags , , on September 14, 2023 by itnerd

The NSA, FBI and CISA have released a CSI or cybersecurity information sheet called Contextualizing Deepfake Threats to Organizations. Here’s the TL:DR via this media alert:

Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for users of modern technology and communications, including the National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators. Between 2021 and 2022, U.S. Government agencies collaborated to establish a set of employable best practices to take in preparation and response to the growing threat. Public concern around synthetic media includes disinformation operations, designed to influence the public and spread false information about political, social, military, or economic issues to cause confusion, unrest, and uncertainty.

The authoring agencies urge organizations review the CSI for recommended steps and best practices to prepare, identify, defend against, and respond to deepfake threats.

Allen Drennan, Principal & Co-Founder, Cordoniq had this to say:

“The threat of deepfakes has been an ongoing challenge, however with the introduction of unregulated AI data mining that could provide unfettered access to media, this elevates the threat to a whole new level. Consumers who have provided photos, videos, audio and recordings to third-party social networks, email host providers and even online meeting solutions may find that their likeness is easily consumed by AI training models to better recreate deepfakes that not only look and sound like their intended target but also behave like them. Since many of these organizations maintain information for protracted periods of time as part of their terms of service, consumers may find these AI models can train against their likeness retroactively. Federal regulation of privacy as it relates to consumer provided content to companies and organizations is critical in preventing the wide-spread use of deepfakes.”

This cybersecurity information sheet is very much worth reading as this is an emerging threat that all should take seriously. And with emerging threats, it’s better to get out front of them rather than be on the defensive.

Leave a comment »

Zeppelin Ransomware Advisory Issued By The FBI and CISA

Posted in Commentary with tags , on August 23, 2022 by itnerd

The CISA and FBI have put out an advisory on Zeppelin ransomware that is very much reading. The advisory goes into great detail about how the ransomware works and includes some threat mitigation strategies.

Dr Darren Williams, CEO and Founder of BlackFog has this comment to share:

     “Zeppelin ransomware, a fairly well-known malware strain has been in known use since 2019, often to target a wide range of businesses and critical infrastructure organizations. Zeppelin actors have been known to request ransom payments in Bitcoin, with initial amounts ranging from several thousand dollars to over a million dollars.

Zeppelin’s unique attack path is such that the FBI have observed the attackers executing the malware multiple times in the network, leaving a great big sting on the victim, who needs multiple unique decryption keys to combat the attack.

Attacks on hybrid working companies are nothing new, however it is crucial that employees remember they play a part in protecting themselves and the employer, too.

Attacks from vectors such as Zeppelin often start with a simple phishing email – employers must ensure they educate and remind their employees on cyber security best practices, to minimize attack risk. Standard, good cyber hygiene practice is essential here: remembering to regularly change passwords and use MFA as a basic practice. That said, if a threat actor wants to find their way in, they will! What matters is the data they were able to obtain and leave with…

Most cybercriminal gangs aim for extortion – organizations should also consider anti-data exfiltration to block the attacker and prevent data from being exfiltrated.”

I strongly suggest that you read this advisory because if the FBI and the CSI put out an advisory on this, you need to take it seriously.

Leave a comment »

FBI Says To Businesses To Stop Using Windows 7

Posted in Commentary with tags , on August 5, 2020 by itnerd

The Federal Bureau of Investigation sent a private industry notification (PIN) on Monday to partners in the US private sector about the dangers of continuing to use Windows 7 after the operating system reached its official end-of-life (EOL) earlier this year:

“The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status,” the agency said. “Continuing to use Windows 7 within an enterprise may provide cyber criminals access in to computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. “With fewer customers able to maintain a patched Windows 7 system after its end of life, cyber criminals will continue to view Windows 7 as a soft target,” the FBI warned. The Bureau is now asking companies to look into upgrading their workstations to newer versions of the Windows operating system.

The FBI is right. With no security updates coming for this operating system from Microsoft, anyone who is still using Windows 7 is a prime target for cybercriminals. Thus if you are still using Windows 7 for whatever reason, it is in your interest to move to Windows 10 to keep yourself safe. I know that transitioning to a new OS is not a painless process. But it is the right thing to do if you want to stay safe. Microsoft has a blog post that has suggestions on how to make that transition here that can help.

Leave a comment »

Seeing As The FBI Has Unlocked An iPhone 11, Why Do They Need Apple’s Help To Unlock An iPhone 5 & 7?

Posted in Commentary with tags , , on January 16, 2020 by itnerd

Following up on the latest Apple v. FBI fight where the FBI wants Apple to unlock an iPhone 5 and 7 that belongs to a suspect in a terror incident, despite they fact that the FBI has the ability to do this on their own without Apple’s involvement, comes news that the FBI has apparently got the capability to unlock an iPhone 11 which has far higher levels of security than the iPhone 5 and 7 that they want Apple to unlock:

Last year, FBI investigators in Ohio used a hacking device called a GrayKey to draw data from the latest Apple model, the iPhone 11 Pro Max. The phone belonged to Baris Ali Koch, who was accused of helping his convicted brother flee the country by providing him with his own ID documents and lying to the police. He has now entered a plea agreement and is awaiting sentencing.

Forbes confirmed with Koch’s lawyer, Ameer Mabjish, that the device was locked. Mabjish also said he was unaware of any way the investigators could’ve acquired the passcode; Koch had not given it to them nor did they force the defendant to use his face to unlock the phone via Face ID, as far as the lawyer was aware. The search warrant document obtained by Forbes, dated October 16 2019, also showed the phone in a locked state, giving the strongest indication yet that the FBI has access to a device that can acquire data from the latest iPhone. 

So given the facts above, why precisely does the FBI need Apple’s help to unlock an iPhone 5 and 7 given that they’ve unlocked something way more sophisticated from a security standpoint?

They don’t need Apple’s help. This is simply a stunt to get Congress to force companies like Apple to weaken the encryption on smartphones, computers, or anything else so that they can have access to them at any time for any reason. Or put another way, the FBI wants a backdoor into your device. As I have mentioned before, this is a bad idea. And as reports like these come out that show that this is an incredibly cynical attempt to push a political agenda, I would hope that the blowback that results makes those who are pushing this political agenda think twice.

Leave a comment »

The Latest Apple v. FBI Fight Shows That We Need A Middle Ground For Situations Like This

Posted in Commentary with tags , , on January 14, 2020 by itnerd

Yesterday a story hit news that the FBI via US Attorney General William Barr is demanding the help of Apple to unlock the phone of a Saudi citizen who went on a deadly shooting last month at a naval air station in Pensacola, Fla. that killed three and wounded eight.

“This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence,” Mr. Barr said. He called on technology companies to find a solution and complained that Apple had provided no “substantive assistance,” a charge that the company strongly denied on Monday night, saying it had been working with the F.B.I. since the day of the shooting.

Here’s what Apple said in response:

In a statement Monday night, Apple said the substantive aid it had provided law enforcement agencies included giving investigators access to the gunman’s iCloud account and transaction data for multiple accounts.

The company’s statement did not say whether Apple engineers would help the government get into the phones themselves. It said that “Americans do not have to choose between weakening encryption and solving investigations” because there are now so many ways for the government to obtain data from Apple’s devices — many of which Apple routinely helps the government execute.

So it seems like we are headed towards another FBI v. Apple fight. But let’s be clear. What this is all about is to ensure that the FBI or any other law enforcement agency or government can access any smart phone for any reason any time they want. While I understand that the FBI among others wants to protect people from any threat that exists, I don’t believe that this gives them the right to say that the rights of citizens get over-ridden because of this. I say that because if you look at Attorney General Barr’s statement, he wants technology companies to “find a solution” to allow him and those underneath him to get whatever it is they want at will. And it’s safe to say that they want backdoors into iOS, Android, or whatever OS they see fit that gets them past whatever security or encryption that the device in question has. Giving any government a backdoor into any OS is a bad idea as governments tend to have pretty poor track records of keeping stuff like that out of the wrong hands. Which means when the backdoor leaks out, we’re all screwed. This is on top of the potential privacy issues that could be at play.

Thus here’s my ask of everyone that is involved. Tech companies and governments need to find some sort of middle ground for situations like this. One where the needs of both sides are represented and nobody, especially you and I, loses. Because having each of them at their respective extreme ends of the spectrum isn’t working for either party. And as a result this fight will simply keep going on and on with no real resolution. Or worse yet, a government will simply take some draconian action to get what they want and inadvertently affect their citizens in a negative way. And neither of those are desirable outcomes.

 

2 Comments »

« Older Entries
Newer Entries »