CyberCrime - W/E - 8/2/19
Attacks Use Brute Force and Ransomware to Target NAS Devices (07/30/2019)
While investigating several ransomware incidents, Synology determined that the causes of these attacks were due to dictionary attacks instead of specific system vulnerabilities. This large-scale attack was targeted at various NAS (network attached storage) models from different vendors, including Synology. In each incident, admins' credentials were stolen by brute-force login attacks, and their data was encrypted. Synology's team strongly recommends users check network and account settings to protect data.
While investigating several ransomware incidents, Synology determined that the causes of these attacks were due to dictionary attacks instead of specific system vulnerabilities. This large-scale attack was targeted at various NAS (network attached storage) models from different vendors, including Synology. In each incident, admins' credentials were stolen by brute-force login attacks, and their data was encrypted. Synology's team strongly recommends users check network and account settings to protect data.
BEC Scam Siphons $1.7 Million from NC's Cabarrus County (08/01/2019)
A North Carolina county paid more than $2.5 million USD to a scammer after falling victim to a business email compromise (BEC) scheme that began in November 2018. Cabarrus County officials released details of the scam that diverted a $2,504,601 vendor payment made by the county. Officials have retrieved some of the funds, but more than $1.7 million remains missing. Conspirators posed as representatives of the contracting firm that was to construct a new high school and targeted employees working for the county government by using BEC tactics.
A North Carolina county paid more than $2.5 million USD to a scammer after falling victim to a business email compromise (BEC) scheme that began in November 2018. Cabarrus County officials released details of the scam that diverted a $2,504,601 vendor payment made by the county. Officials have retrieved some of the funds, but more than $1.7 million remains missing. Conspirators posed as representatives of the contracting firm that was to construct a new high school and targeted employees working for the county government by using BEC tactics.
Cisco to Pay $8.6 M for Knowingly Selling Flawed Software to US Government (08/01/2019)
Cisco agreed to settle a case for $8.6 million USD after a whistleblower accused the company of knowingly selling flawed video surveillance software to the US government and other customers, ZDNet reported. The case was handled by the False Claims Act and the suit was filed in May 2011 but was not made public until July 31. James Glenn, a Cisco subcontractor who worked at NetDesign in Denmark, said he discovered security holes in the vendor's Video Surveillance Manager (VSM) and notified Cisco in October 2008. The flaws could have enabled attackers to take control of video surveillance cameras and potentially gain access to networks. Cisco did not fix the vulnerabilities and continued to sell the VSM package to customers, including the US government. When Cisco failed to act, Glenn filed a whistleblower case and 18 states joined in. Cisco patched the bugs in 2013 and retired the VSM package a year later.
Cisco agreed to settle a case for $8.6 million USD after a whistleblower accused the company of knowingly selling flawed video surveillance software to the US government and other customers, ZDNet reported. The case was handled by the False Claims Act and the suit was filed in May 2011 but was not made public until July 31. James Glenn, a Cisco subcontractor who worked at NetDesign in Denmark, said he discovered security holes in the vendor's Video Surveillance Manager (VSM) and notified Cisco in October 2008. The flaws could have enabled attackers to take control of video surveillance cameras and potentially gain access to networks. Cisco did not fix the vulnerabilities and continued to sell the VSM package to customers, including the US government. When Cisco failed to act, Glenn filed a whistleblower case and 18 states joined in. Cisco patched the bugs in 2013 and retired the VSM package a year later.
Financial Institution in Kazakhstan Is Cobalt Group's New Target (08/01/2019)
The Cobalt Group cybercriminal actor has taken aim at a bank in Kazakhstan with a decoy document that Check Point Software researchers say may have been lifted from the bank's actual Web site. The malicious file was hosted among the documents repository of the bank, which makes it easy to confuse with a legitimate document. Once downloaded and launched, the fake document uses socially-engineered content to trick victims into running the embedded malicious macros.
The Cobalt Group cybercriminal actor has taken aim at a bank in Kazakhstan with a decoy document that Check Point Software researchers say may have been lifted from the bank's actual Web site. The malicious file was hosted among the documents repository of the bank, which makes it easy to confuse with a legitimate document. Once downloaded and launched, the fake document uses socially-engineered content to trick victims into running the embedded malicious macros.
Georgia's Public Safety Agency Victimized by Ransomware Attack (07/31/2019)
In a statement posted online, the Georgia In a statement posted online, the Georgia Department of Public Safety's (DPS) announced that its network servers were offline due to a ransomware attack. Government Technology reported that the incident was first observed on July 26 when certain network services and communication systems were disrupted. DPS Chief Technology Officer Steve Nichols said that once the incident was discovered, employees worked to take all servers offline. The Ryuk ransomware was responsible for the attack. 's (DPS) announced that its network servers were offline due to a ransomware attack. Government Technology reported that the attack became apparent on July 26 when certain network services and communication systems were disrupted. DPS Chief Technology Officer Steve Nichols said that once the incident was discovered, employees worked to take all servers offline. The Ryuk ransomware is to blame for the attack.
In a statement posted online, the Georgia In a statement posted online, the Georgia Department of Public Safety's (DPS) announced that its network servers were offline due to a ransomware attack. Government Technology reported that the incident was first observed on July 26 when certain network services and communication systems were disrupted. DPS Chief Technology Officer Steve Nichols said that once the incident was discovered, employees worked to take all servers offline. The Ryuk ransomware was responsible for the attack. 's (DPS) announced that its network servers were offline due to a ransomware attack. Government Technology reported that the attack became apparent on July 26 when certain network services and communication systems were disrupted. DPS Chief Technology Officer Steve Nichols said that once the incident was discovered, employees worked to take all servers offline. The Ryuk ransomware is to blame for the attack.
HEXANE Threat Group Targets Middle Eastern ICS Organizations (07/31/2019)
Dragos identified a new activity group targeting industrial control systems (ICS). HEXANE is targeting oil and gas companies in the Middle East, including Kuwait, as a primary operating region and telecommunication providers in the greater Middle East, Central Asia, and Africa. HEXANE intrusion activity includes malicious documents that drop malware to establish footholds for follow-on activity. The group became operational in mid-2018 but its activity has intensified since early 2019. HEXANE demonstrates similarities to the activity groups MAGNALLIUM and CHRYSENE; all are ICS-targeting activities focusing largely on oil and gas, and some of the behaviors and recently observed tactics, techniques, and procedures are similar. Dragos noted that MAGNALLIUM also has accelerated its activity and has been targeting US government and financial organizations as well as oil and gas companies.
Dragos identified a new activity group targeting industrial control systems (ICS). HEXANE is targeting oil and gas companies in the Middle East, including Kuwait, as a primary operating region and telecommunication providers in the greater Middle East, Central Asia, and Africa. HEXANE intrusion activity includes malicious documents that drop malware to establish footholds for follow-on activity. The group became operational in mid-2018 but its activity has intensified since early 2019. HEXANE demonstrates similarities to the activity groups MAGNALLIUM and CHRYSENE; all are ICS-targeting activities focusing largely on oil and gas, and some of the behaviors and recently observed tactics, techniques, and procedures are similar. Dragos noted that MAGNALLIUM also has accelerated its activity and has been targeting US government and financial organizations as well as oil and gas companies.
Jail Doors Slam on Silk Road Operator (07/30/2019)
Silk Road operator Gary Davis has been sentenced to a 78 month prison term for his role as a member of the cybercriminal marketplace, the Justice Department (DOJ) announced. During its operation from 2011 until 2013, Silk Road was used by thousands of drug dealers and other unlawful vendors to distribute over $200 million USD worth of illegal drugs and other illicit goods and services to more than 115,000 buyers, and to launder hundreds of millions of dollars derived from those unlawful transactions. Davis worked as a forum moderator and a site administrator for Silk Road and also as an administrator for its next implementation, Silk Road 2.0.
Silk Road operator Gary Davis has been sentenced to a 78 month prison term for his role as a member of the cybercriminal marketplace, the Justice Department (DOJ) announced. During its operation from 2011 until 2013, Silk Road was used by thousands of drug dealers and other unlawful vendors to distribute over $200 million USD worth of illegal drugs and other illicit goods and services to more than 115,000 buyers, and to launder hundreds of millions of dollars derived from those unlawful transactions. Davis worked as a forum moderator and a site administrator for Silk Road and also as an administrator for its next implementation, Silk Road 2.0.
Symantec: Email Extortion Schemes Alive, Well, and Thriving (07/30/2019)
Symantec announced that its technologies blocked 289 million extortion scam emails between January 1 and May 29 - 85 million (nearly 30%) of those messages were blocked in one 17-day period alone. It is not clear which threat actors are behind these scams.
Symantec announced that its technologies blocked 289 million extortion scam emails between January 1 and May 29 - 85 million (nearly 30%) of those messages were blocked in one 17-day period alone. It is not clear which threat actors are behind these scams.