Tag Archives: cyber attack

WannaCry Ransomware – So Whats Happening?

WannaCry notice

A worldwide ransomware attack launched this past weekend hit computers in over 150 countries. The United States was less affected than other countries. Security experts estimated that the cyber attack crippled 200,000 computers in more than 150 countries. But that number could be low. Scarce reports have Russia and China as being especially hard hit by the malware.

The global attack was carried out by hackers who exploited a flaw in Microsoft’s Windows operating system first discovered by the National Security Agency (NSA).  In April of this year the flaw and a hacked NSA cyber tool to exploit it became public when they were posted on the Internet by a hacker group known as Shadow Brokers.

In Great Britain the loss of computing systems prevented doctors from accessing patient files and caused emergency rooms to divert patients. According to Prime Minister Theresa May there is no evidence that patient data had been stolen. British officials stated 48 of Britain’s 248 public health trusts had come under attack. All but six are back to normal.

A spokesman for FedEx said:  “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”

One reason the U.S. seems to have been spared from this global attack may have been the work of a British researcher.

The unknown attackers included a “kill switch” in the form of a URL in the malicious code. Experts believe it was a way to control the malware. The kill switch would shut down the attack when the virus sent an online request to a specific website. 

A 22-year-old British researcher whose Twitter handle is @MalwareTechBlog discovered the kill switch’s domain name had not been registered. Thinking quickly he purchased the domain name for about $11.00. According to security experts the researcher shut down the malware before the it could reach the U.S. The cyber hero probably stopped a catastrophic malware attack from taking place on U.S. soil. The researcher has confirmed his involvement in a blog post but has insisted on anonymity.

Matthieu Suiche founder of Comae Technologies a cyber security company located in the United Arab Emirates said, “That kill switch is why the U.S. has not been touched so far. But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name.” These variants have sense been discovered on the Internet.

The hackers who launched the attack asked for $300US or $600 in bitcoins to unlock computers but experts advise not paying the hackers. According to security experts victims are left waiting and hoping WannaCry’s hackers will remotely free the hostage computer. The process is done manually over the Internet. That means hackers may have the near impossible task of unlocking thousands of computers one at a time. But the real issues is the payment method, usually in bitcoins. The hackers have no way to know who paid the ransom.

Owners of the locked computer may become desperate and pay the ransom. “But don’t count on getting your files back,”said Matthew Hickey, director of security provider Hacker House.

“The culprits can only restore user’s systems by manually sending the decryption key to each affected computer, which will amount to a time-consuming process,” he said.

“You’re really at the mercy of the human operator. Someone at the other end of the connection,” Hickey said.

Was the malware attack the work of inexperienced cyber criminals or so called script kiddies? Evidence indicates that this could be the case. 

First of all the perpetrators included an obvious kill switch in the code but failed to register the domain name. Perhaps they were afraid it could lead back to them.

According to some reports the hackers did manage to rake in about $56,000 in bitcoin payments. But according to Hickey the inefficiency of the payment model may indicate the hackers were not after money at all. “If it was done for money, it wasn’t the smartest way to get it,” he said.

Hickey pointed out that because of the large number of computers infected the asking price could have been much lower and still brought in a nice pay off.

But these hackers do not appear to be experienced or ambitious cyber criminals. They demanded a large ransom and used, at best, a sloppy payment method leaving victims wondering if they were paying for nothing.

According to Hickey, “It removes the incentive to send any money to the attacker.”

But some experts see the fingerprints of North Korea on the malware attack. A New York Times report revealed that intelligence officials and private security experts have found digital evidence pointing to North Korean connected hackers.

The evidence is not definitive but security experts at Symantec believe they have found the same tools used in previous hacks of Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February in the WannaCry malware attack.

Regardless of who carried out the attack make no mistake WannaCry did indeed work and encrypted any machine unlucky enough to encounter it. Security experts and cyber sleuths are working to rescue computers already infected.

 

Obama Issues Cyber Response Directive

president-cyber-response-directive-gets-mixed-reviews-showcase_image-9-a-9290

President Obama consults with special assistant Lisa Monaco (White House Photo)

President Obama has sealed his legacy as not only America’s first African-American president but also America’s first cyber president. No president before has overseen the development of internet initiatives and cyber warfare capabilities as President Obama.

To add to that legacy President Obama has issued a new Presidential Policy Directive; the United States Cyber Incident Coordination Directive. Like many other of his policies this too has come under scrutiny. Experts in the field disagree on whether the policy is workable in the event of a large scale cyber attack. On the other hand others believe that the policy is right on target.

Announced on July 26th the presidential directive assigns specific roles to the FBI, DHS and the Office of the Director of National Intelligence (ODNI). The agencies are directed to establish three lines of action that include threat response, asset response and intelligence support activities.

The policy places the FBI in charge of coordinating the immediate response to a terror related cyber event. DHS will lead the asset response action by providing technical assistance, locating the cyber attacker, protecting assets and recovering from the attack. Intelligence and analysis responsibilities will fall to the ODNI who will perform an analysis of the threat and identify opportunities to mitigate and disrupt it.

Some cyber experts believe that the new policy is “overly complicated” and has “too many moving parts.”  These experts believe the policy requires new and different parts of the federal government to work together efficiently in a cyber crises without having been tested.

Phil Reitinger is CEO of Global Cyber Alliance and a former DHS deputy undersecretary for the  for cyber security.  Reitinger does not believe the complexity of the directive will hinder its effectiveness.   “I don’t think it’s a huge lift for implementation. I suspect this is the way the government already works,” says Reitinger. “I think it’s more a likely description of the way things now generally work and ought to work as opposed to a notional thing to work toward.”

Lisa Monaco assistant to the president for homeland security and terrorism spoke at a cyber security conference on the day the directive was issued. “Our new policy acknowledges that when businesses and federal agencies are the victim of or experience a significant cyber incident, one of the most important considerations is likely to be restoring operations and getting back online. Our policy makes clear that we will coordinate with the victim to minimize any interference between their incident response and our own.”

Even though the president’s directive is design to integrate both private and federal response to a cyber attack many in the private sector feel that it leaves them out.

Internet Security Alliance chief executive Larry Clinton is happy about federal efforts to clarify its responsibilities in the event of a major cyber event. “However, defining these roles and responsibilities on a government-only basis, as this appears to have done, is bad policy making and counter to the administration’s own oft stated views on the need for government to work with the private sector,” he says. “As far as I can tell, there has been little or no private sector involvement in the development of this new system. Clinton went on to say, “Every Cyber Storm (a combined cyber exercises with industry and government) action report has stressed the need to increase coordination between the public and private sectors. This program seems to move in the opposite direction.” 

See also:

Obama; First Cyber President

President Obama Launches Cyber Offensive, Part 2, Part 3

Obama Launches ConnectedHome Initiative

 

How Not to Get Hacked in Six Easy Steps

canstockphoto22219067Getting hacked is so easy that it is almost comical. Black people need to be aware that most hackers take advantage of human kindness, weakness, curiosity and even stupidity to get inside computer networks. Hacking is simple when the victim is willing to give the hacker a helping hand. Understand how easy it is not to get hacked and you’ll feel a lot better and safer online.

Step 1) Don’t take the bait! Phishing is the first simple step to getting hacked. A Verizon Data Breach Investigation Report revealed 23 percent of phishing recipients open malicious messages and 11 percent open attachments. The report showed that it only takes 82 seconds from when a phishing campaign is launched to when people start biting on the phony lures.  One of the the cardinal rules of email security is to not click on any link or download attachment that you are not absolutely certain of what it is and where it came from. If you receive an unexpected email with a link or attachment then call the person who sent it to you if you know who it is. Ask them what they sent you. Avoid any cute pictures, prayers, or jokes. That is how malware gets in your computer along with getting your email on spam lists. If you don’t know who sent it then delete instantly.

Step 2) Don’t fall for the phoney phone call! Much the same as phishing, the simplest way for attackers to gain access to users machines is to just ask for it. The age-old method of social engineering is still reliable.  This is when a hacker talks their victims out of information sometimes without the person even knowing it. On the phone they pretend to be an executive or someone in authority. Sometimes they smooth talk their victim into giving up information using compliments and encouragement. Or they may bully their victim and frighten them into doing or saying something they shouldn’t.

One of the most popular and effective scams is the IT support scam. A caller contacts the victim posing as IT help and asks for the user’s login and password. Sometime they will tell you things like your computer has a virus and it is spreading to your friends and family. Sometimes they may pretend to be a fellow employee or business partner and ask the employee to open a specific document that is actually something like a remote access Trojan or other malware.

Something to think about is that anti-virus software makers do not make outgoing calls to alert an individual that their computer is spreading viruses. Never, ever, share your user name and password with someone on the phone you do not know. Finally, if they claim to be working in the same company with you make damn sure they are who they say they are. Do not open any attachment or click on any link unless you know for sure that it is your company’s IT department you are dealing with. Most companies suffer hacking attacks as a result of employee actions. And most companies will not hesitate to fire you if you violate computer security rules.

Step 3) Stay up to date! Users are often hacked because their systems are not up-to-date and patched for common attacks. Hackers know what software is vulnerable. They look for computers that are using old outdated software to attack. The simplest way to protect yourself is to make sure your software is up to date. Learn to set your computer to perform automatic updates of all software. And stay up to date on the latest scams. According to Verizon hackers are still finding vulnerabilities in computers that are as much as eight years old.

Step 4) Get a strong a password!  Is your password just stupid? An easy to guess user name and password is simply begging to be hacked. Your user name and password is the key to your computer and all the information contained therein. In addition easy to guess user names and passwords also allow access to your bank and other sensitive online activity.  A good strong password is vital. You may even want to switch to two factor authentication if you conduct sensitive business online.

Step 5) Use caution on free WiFi! Researchers with Cylance recently provided solid evidence why you should consider taking an extra security step when utilizing public WiFi connections.The company strongly suggests using VPN on public WiFi networks.  Cylance discovered 277 hotels, convention centers and data centers in 29 countries used routers  with known vulnerabilities to offer WiFi to guests. Public and free hotspots are wide open for starting man-in-the-middle attacks and other means of establishing footholds in unsuspecting users’ machines. Hackers love to hang out in Starbucks, Panera Bread, public libraries and other places that offers free Internet access. They are waiting and watching you log into your bank account.

Step 6) Don’t put your business in the street!  You talk to much! Social media such as Facebook is another favorite hacker hunting ground.  Hackers do their homework.  The information you share on social media sites is exactly what makes a hacker’s jobs easy.   Sharing the name of your pet, your birthday, place of work and special relationship makes it easier for an attacker to guess passwords or the answer to password reset challenge questions.  For example the question “What city were you born in?” is an easy one to answer just by looking at your Facebook page.

This information can be used against you in order to create an extremely effective spear phishing message. Learn to stop sharing so much information on social media. The more you give away the more that can be taken away.

Now you know

 

ALERT! Anthem Insurance Hacked ALERT!

Anthem Blue Cross Blue ShieldAnthem Health Insurance formerly known as WellPoint and owners of the famed BlueCross BlueShield service reported today that hackers had penetrated its computer network gaining access to a treasure trove of customer and employee information including that of company CEO Joseph Swedish.

Anthem is the nation’s second-largest health insurer covering nearly 37 million people. The company said it was contacting customers impacted by the “very sophisticated” cyberattack and was working to figure out how many of its customer are at risk due to the hack.

Anthem reported that the hackers gained access to customer’s names, birth dates, email addresses, employment details, Social Security numbers, income information and street addresses of people who are currently covered or have been covered in the past.

The Indianapolis-based insurer said credit card information was not lost and it has no evidence that medical information, insurance claims or test results were targeted or obtained.

The insurer admits that all of its product lines were affected including Anthem Blue Cross, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield and Amerigroup. 

Anthem sells mainly private individual and group health insurance and dental and vision coverage. It also sells plans on the public insurance exchange and Medicare and Medicaid. 

Anthem is working with FBI to investigate the attack and the company has hired Internet security company Mandiant to bolster its network defenses. The insurer will provide free credit monitoring and identity protection services.

The FBI urged Anthem customers contacted by the insurer to report suspected instances of identity theft.

Breaking It Down

Another sophisticated attack with millions of identities lost. There are a few things you need to pay careful attention to in this news story because I smell what the bull left in the yard.

First of all a company of this size has the methods and the budget to protect customer information from any attack no matter how sophisticated. I’m betting it was some failure on their part that this happened and if you watch the news in the next few weeks it will come out. I promise you that!

Second, who cares if the CEO’s information was lost?  Thirty-seven million people are at risk from this attack and Anthem thinks it makes a difference that the CEO is one of them. Tell him I said welcome to the club! And who gives a damn if no insurance records or insurance claim information or credit card information were compromised? If I read the reports right what was lost included customer’s names, birth dates, email addresses, employment details, Social Security numbers, income information and street addresses of people who are currently covered or have ever been covered was stolen! So what else does the hacker need? The person or persons took exactly what they wanted and has no need for the rest of that crap!

Finally, when this type of attack is revealed then the FBI should be looking at the company as being criminally negligent in the protection of your data. Why? Because as the customer who lost this sensitive information, you can’t do a damn thing to them! Let me make sure you understand this. The courts have ruled you can’t sue for any compensation for your lost information unless you can prove some harm came to you as a result of the loss. So you need to go through the hell of finding out someone stole your identity, bought a house and car, took a vacation to Fiji and stuck you with the bill. Then you can get a lawyer and file a lawsuit and go up against a major corporation with a multi-million dollar legal budget to fight you. I told you, I smell what the bull left in the yard!

 

ALERT! JP Morgan Suffers MASSIVE Breach ALERT!

110804064152_jpmorgan_chase_logo_640x360_16x9JP Morgan has set yet another record for data breaches. The financial services and banking giant reveled that 76 million households and 7 million small businesses have potentially had their private data stolen in a record setting cyber attack.

According to a new  SEC filing JP Morgan  said, “User contact information — name, address, phone number and email address – and internal JPMorgan Chase information relating to such users has been compromised.” 

JP Morgan pointed out that “…there is no evidence that account information for such affected customers — account numbers, passwords, user IDs, dates of birth or Social Security numbers — was compromised during this attack.” There has been no fraud connected to this data breach.

JP Morgan denies that this data breach was a second attack but instead was connected to a previous attack.  The company has rejected the reports from the New York Times that this previous attack resulted in the loss of checking and savings account information.

Breaking it down

In comparison, Target’s data breach affected 40 million credit and debit card accounts. This was followed by Home Depot’s breach of 56 million accounts. Now JP Morgan has set the bar with 76 million records lost. How much more do we need to experience before something is done. What you are looking at is an escalating trend of warning shots of what is bound to come.

Even if no account information was lost the loss of names, email addresses and other contact information is the exact information needed for phishing attacks. And JP Morgan knows it. That’s why this breach is so dangerous. 

As a nation we are flirting with a financial catastrophe that could bring down an empire! The ability of hackers and thieves to impact the financial sector at this level indicates a hack could bring America to its knees and possibly even ignite a global financial crisis. Am I the only one seeing that Wall Street is the next big target? Or maybe the world banking system?  If you think otherwise then you are fooling yourself. I am not so sure that its not time to take your money out of the bank and put it in your mattress. 

Some might think this is a dire prediction; possibly even a doomsday vision. But look at the numbers again and ask yourself; is it really not possible?

For more information please see 

JP Morgan Discloses Data Breach Affected Millions

JP Morgan Data Reveals Data Breach Affected 76 Million Households

JP Morgan Says Data Breach Hit 76 Million Households