Lithuania Suffers “Most Complex” Cyber-attack in Years

Lithuania Suffers "Most Complex" Cyber-attack in Years

A fastidiously coordinated cyber-attack on Lithuania that occurred final week has been described by the republic’s protection minister as one of many “most complex” safety incidents to focus on the Baltic state in current historical past.

On the night time of December 9, cyber-criminals breached a number of content material administration methods to realize entry to 22 completely different web sites operated by Lithuania’s public sector. The attackers then revealed articles containing misinformation on the websites.

Among the faux information posted by the risk actors was a narrative that alleged a Polish diplomat, carrying unlawful medication, weapons, and cash, had been detained on the Lithuanian border. This fictitious story was shared on the web site of the State Border Guard Service (VSAT). 

Another article claimed that corruption had been uncovered within the Šiauliai airport, the place NATO’s Baltic air-policing mission is housed.

A 3rd piece of misinformation promulgated within the assault inflated figures to make it seem as if extra Lithuanians had been drafted into the army than was the case.  

An investigation into the assault by the Defense Ministry’s National Cyber Security Centre (NKSC) discovered that the web sites focused by the attackers had been largely run by regional municipalities. 

In a press release revealed on Wednesday, Lithuania’s protection minister, Arvydas Anušauskas, described the digital assault as one of many “biggest and most complex” cyber-attacks to hit the republic lately. 

Anušauskas added that the assault, which occurred “on the eve of the government’s transition […] was prepared in advance and with a goal in mind.” 

After hacking into the methods and posting the false articles, the attackers launched an e-mail spoofing marketing campaign to unfold the misinformation so far as doable. The attackers impersonated the protection and international ministries in addition to the Šiauliai Municipality Administration to ship out emails containing hyperlinks to the fallacious tales. 

“This shows huge gaps in cybersecurity of the public sector,” stated Anušauskas.

Following the assault, the NKSC has submitted quite a lot of cybersecurity recommendations to municipalities. These embrace actively trying to find vulnerabilities, limiting entry to content material administration methods, putting in a firewall, and avoiding the usage of passwords which can be straightforward to guess. 

Russia Has Carried Out 20-Years Of Cyber Attacks That Call For International Response

A poster showing six wanted Russian military intelligence officers is displayed as FBI Deputy Director David Bowdich appears for a news conference at the Department of Justice, Monday, Oct. 19, 2020, in Washington.

Twenty Years of Russian Hacking

The current cyber assaults in opposition to 18,000 private and non-private sector customers of SolarWinds’ Orion community monitoring software program transcend conventional espionage; they’re acts of cyber aggression by Russia in opposition to U.S. methods which have continued for twenty years. The Russian assaults on America started in 1996 with the Moonlight Maze assault, one of many first nation state sponsored cyber espionage campaigns. Russia was blamed for the Moonlight Maze assaults, which concerned the theft of a large quantity of labeled info from quite a few authorities businesses, together with the Department of Energy, NASA, and the Defense Department (DoD), in addition to protection contractors, and personal sector entities. It severely compromised U.S. nationwide safety capabilities, methods, and pursuits.

The Moonlight Maze assault was refined for the time; it routed communications by a third-party server to keep away from detection and constructed again doorways in methods so they may reenter later to exfiltrate knowledge. The marketing campaign was carried out over a two-year interval and was labeled as an Advanced Persistent Threat (APT), a software program menace so stealthy that it’s tough to detect. Moonlight Maze was initially considered as a standalone assault however, after time, laptop researchers and investigators started to see related approaches utilized in different assaults. Ultimately, we realized the identical Russian government-backed teams had been behind all of them.

In 2008, a Russian hacking group named Turla, started attacking U.S. army methods utilizing deception, again doorways, rootkits, and infecting authorities web sites. Russian intelligence was blamed for the assault. In 2017 – almost twenty years after Moonlight Maze – four computer researchers from Kaspersky Labs and Kings College in London had been in a position to acquire the third-party server used to route the Moonlight Maze assaults and hyperlink the Moonlight Maze assaults with Turla. The findings confirmed that the Russian state-sponsored assaults had been ongoing.

Fast ahead to 2014-15, and Russia is again. A gaggle referred to as Cozy Bear, or APT 29, that’s aligned with the Russian intelligence company, SVR (the follow-on company to the previous KGB), was accused of hacking U.S. authorities businesses (together with the White House and Pentagon e mail methods), the Democratic National Committee (DNC), non-public sector corporations, and universities. Symantec said in a 2015 report that it believed “that this group has a history of compromising governmental and diplomatic organizations since at least 2010.”  APT-29 is similar group blamed for the SolarWinds assaults.

Another Russian hacking group generally known as APT-28, or Fancy Bear, hacked the DNC, in addition to the White House, the German and Norwegian parliaments, the Organization for Security and Cooperation in Europe, journalists, and big selection of different organizations and personal sector entities.  These assaults vary from 2014 by 2020. The group was additionally accused of interfering with the U.S. elections in 2016 and 2020. 

Capcom hacked in latest cyber-attack on game-makers

Capcom

Video game-maker Capcom said its computer systems were hacked earlier this week, in the latest cyber-attack to hit the games industry.

The Japanese firm is behind major franchises such as Resident Evil, Street Fighter, and Mega Man.

It said some of its internal networks had been suspended “due to unauthorised access” from outside Capcom.

But it said “at present”, there was no sign that customer information had been accessed.

It noticed the attack after its internal networks began to have issues that affected company email and the servers where it stores its files, a statement said.

Read more at BBC.

Malicious cyber-attacks: EU sanctions two individuals and one body over 2015 Bundestag hack

Malicious cyber-attacks: EU sanctions two individuals and one body over 2015 Bundestag hack

The Council today imposed restrictive measures on two individuals and one body that were responsible for or took part in the cyber-attack on the German Federal Parliament (Deutscher Bundestag) in April and May 2015. This cyber-attack targeted the parliament’s information system and affected its ability to operate for several days. A significant amount of data was stolen and the email accounts of several members of parliament, including that of Chancellor Angela Merkel, were affected.

Today’s sanctions consist of a travel ban and an asset freeze imposed on the individuals, and an asset freeze imposed on the body. In addition, EU persons and entities are forbidden from making funds available to those listed.

Read more at European Council Council of the European Union

Isentia hit by cyber attack

Isentia hit by cyber attack

Media monitoring provider Isentia has suffered a “cyber security incident” that is affecting its flagship intelligence and insights service.

The company said in a financial filing on Tuesday that it is “urgently investigating” the incident, which is “disrupting services within its SaaS platform Mediaportal”.

Mediaportal is an all-in-one platform used by communications professionals to stay across media coverage and to target journalists for stories.

“Isentia is working closely with leading external cyber security specialists to assess the extent of the incident and the impact on its systems,” it said.

“The company has also notified the Australia Cyber Security Centre.”

Isentia managing director and CEO Ed Harrison said the company is doing all it can to contain the incident and understand how it occured.

“Isentia is taking urgent steps to contain the incident and conduct a full priority investigation into what happened and how to avoid a repeat occurrence in the future,” he said.

“Our priority is to restore full service as soon as possible but until that occurs, we have put processes in place to support our customers.”

The company’s share price fell 2.7 percent following the announcement.

Stelco operations temporarily halted after cyber attack

Stelco operations temporarily halted after cyber attack

Stelco says its systems were targeted in a cyberattack last week. CHCH News has learned the attack happened Thursday night and came in the form of a ransomware virus. Both on-site and off-site employees were affected.

The company says it was able to limit the scope of the attack through “countermeasures.” Certain operations, including steel production, were suspended as a precaution but have since resumed.

“Stelco is implementing its back-up and recovery plans to fully re-establish its systems as quickly as possible and some business functions may be adversely affected during this recovery process,” said a news release from the company.

The company says it is investigating the incident and the extent of the impact.

Cooperation between Norway’s security agencies planned following cyber attack on parliament

Norway Parliament

Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defense shield to protect the IT systems of public and private organizations.

Norway is to implement a more robust plan to scale up its IT security infrastructure against the backdrop of increasingly malicious attacks from cyber space. This follows a high-profile cyber attack that targeted the email system at the Norwegian parliament (Storting) on 4 August.

The Norwegian government accused Russia of launching the attack, but Moscow has denied any involvement.

In the immediate aftermath of the attack, the Norwegian government called an emergency meeting with the heads of the country’s top security agencies. The meeting resulted in a plan to accelerate the development of an enhanced national IT infrastructure incorporating an embedded early warning system and defense shield to protect the IT systems of public and private organizations.

“The digital domain makes it easier for foreign states to deploy non-military means in an entirely different manner than has been the case,” said Monica Mæland, Norway’s justice minister. “We need to know more about the exact purpose of the attack on the Storting and whether it was part of a specific or broader state-run espionage operation.”

The pivotal agencies at the post-Storting attack emergency meeting included the National Security Authority (Nasjonal Sikkerhets Myndighet), the National Cyber Security Centre (Nasjonalt Cyber Sikkerhets Senter), the Norwegian Police Security Service (Politiets Sikkerhetstjeneste) and the Norwegian Intelligence Service (E-tjenesten).

The Norwegian government’s strengthened cyber protection plan involves fast-tracking collaboration between national security agencies tasked with cyber defense and the private sector. The objective is to create a collaborative platform to develop improved early warning systems, deterrents and defenses against a wide range of common and unconventional cyber threats and attacks on critical IT infrastructure.

A central feature of the new plan is closer cooperation between the Norwegian Intelligence Service¸ the Norwegian Armed Forces’ military intelligence wing and the National Cyber Security Centre to develop a broad range of defensive and offensive options.

“The combined resources of Norway’s security and intelligence services will cooperate in an unprecedented way to deal with cyber threats and attacks at a national level,” said Ine Eriksen Søreide, Norway’s foreign minister.

Naming Russia as the aggressor in the August attack on the Storting, Søreide said the accusation was based on preliminary intelligence provided by Norway’s national security agencies and leading cyber defense experts.

“Based on the intelligence that is available to the government, it is our assessment that Russia was behind the attack on Norway’s most important democratic institution,” said Søreide.

Denying any involvement in the attack on the Storting, Moscow described the accusation as a “serious and deliberate provocation” by Norway that threatened to complicate existing and future bilateral political, trade and security relations.

“Norway has provided no evidence of involvement by Russia,” said Konstantin Kosachev, chairman of the Russian Federation Council’s foreign affairs committee. “This accusation lacks concrete evidence. If evidence exists, it should be examined by experts from our two countries. We received no such invitation from Norway.”

The cyber attack on the Storting targeted the email accounts of MPs and senior government officials. Email accounts breached included those belonging to MPs both in the ruling Conservative (Høyre) and opposition Labour (Arbeiderpartiet) parties. Email messages and data from several compromised accounts was downloaded in the cyber attack.

Cyber Attack On Dr Reddy’s Laboratories: Data Centers Isolated, Production Across Plants Shut

Cyber Attack On Dr Reddy’s Laboratories: Data Centers Isolated, Production Across Plants Shut

New Delhi: It seems that the Indian health sector is on the radar of cybercriminals. The latest victim of a major data breach is Indian drug major Dr. Reddy’s Laboratories. The company on Thursday said that it has temporarily shutdown production across its key plants.

The company admitted a major cyber attack on their digital infrastructure due to which they have isolated all data center services and are taking required preventive actions.

The attack came days after the pharma company got a green signal from Drug Control General of India (DCGI) to conduct an adaptive phase 2/3 human clinical trial for Sputnik V vaccine in India.

Without disclosing much about the attack and leak, the company said that it is anticipating all services to be up within 24 hours. “We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident,” said Mukesh Rathi, CIO, Dr. Reddy’s Laboratories.

The company in its statement said, “In the wake of a detected cyber-attack, we have isolated all data center services to take required preventive actions.”

The magnitude and nature of attack is still unknown but sources claim there has been a data breach.

This clearly shows how critical it is to secure sensitive health data. Earlier this month, Dr Lal PathLabs, one of the largest lab testing labs in India reportedly faced a major data leak after it had kept the huge data of its patients on a public server unprotected for months.

The entire health sector is sitting on huge patients, research and scientific data which makes the sector most vulnerable. Cybercriminals are looking for new ways to extract these data or infect the server with ransomware to extort money from these companies.

Russian cyber-attack spree shows what unrestrained internet warfare looks like

Russian cyber-attack spree shows what unrestrained internet warfare looks like

US indictment of operatives, accused of launching several attacks, gives a detailed account of how they went about their business

The Sandworm team of Russian military intelligence, alleged to have unleashed computer chaos against the Kremlin’s enemies around the world, is said to operate out of a blue-tinted glass skyscraper known simply as “the tower”.

From that address, 22 Kirova Street in the Moscow suburb of Khimki, the Sandworm hackers, also known more prosaically as the unit 74455 and “the main centre for special technologies”, launched attacks on the Ukrainian power system, Emmanuel Macron’s presidential bid in France in 2017, the South Korean Olympics in 2018 and the UK investigation into the 2018 Russian nerve agent attack in Salisbury.

According to cyber security experts, the same unit was involved in the hacking of the Democratic National Committee and Hillary Clinton’s election campaign in 2016, disguised as a hacktivist group dubbed Fancy Bear.

On Monday, US and UK authorities accused the unit of planning a cyberattack on the 2020 Olympics and Paralympics in Tokyo.

They did not just cause confusion and inconvenience. Quite apart from their alleged role in the rise of Donald Trump, they are accused of depriving hundreds of thousands of Ukrainians of light and heat in the middle of winter, and closing down the computer systems of a major Pennsylvania hospital. Their exploits are a foretaste of unconstrained cyber warfare might look like in the real world.

The US indictment of six Sandworm operatives, all GRU military intelligence officers, gives a detailed account of how they went about their business.

In preparation for the attack on the Olympics they studied the tactics and style of their North Korean counterparts, the Lazarus group, so they could mimic them and throw suspicion on Pyongyang.

When the UK’s Defence Science and Technology Laboratory and the Organisation for the Prohibition of Chemical Weapons in the Hague started to investigate the Novichok nerve agent attack on a KGB defector Sergei Skripal and his daughter Yulia in March 2018, the Sandworm hackers sent out spearphishing emails to investigators in both organisations purporting to come from known German and British journalists.

To increase the chances that at least some of the recipients would click on the malware-laced links, the “journalist” claimed to have information relevant to the investigation.

The indictment is based on lengthy investigations by FBI analysts in cooperation with Google, Cisco, Facebook and Twitter as well with allied intelligence agencies, most importantly the from the Five Eyes alliance, of the US, UK, Canada, Australia and New Zealand.

According to the indictment, the investigators were able to keep such a close watch on the hackers that it caught one of them, named as Anatoliy Kovalev, doing a bit of moonlighting, spearphishing Russian real estate companies, and car dealers as well as cryptocurrency exchanges abroad, apparently for private profit.

Thomas Rid, the professor of strategic studies at Johns Hopkins University and author of Active Measure – a book published this year on disinformation operations, said the level of detail in the indictment reflects the degree to which the GRU teams own networks were infiltrated.

“Today’s GRU indictment is an incredible document,” Rid wrote on Twitter. “The Five Eyes intelligence communities, I would suspect, must have stunning visibility into Russian military intelligence operations if today’s disclosures are considered dispensable.”

For all the efforts unit 74455 took to cover its tracks, they seem to have been remarkably sloppy in other ways.

According to Aric Toler of the Bellingcat investigative journalism team, three of the six accused registered their cars to the same address, which is also linked to the Sandworm unit.

“If you search for all of the people registering their cars to this address, you get 47 results – all probably GRU hackers,” Toler said.