Apr 08 2024

Social Engineering Attacks Targeting IT Help Desks in the Health Sector

Category: Cyber Attack,social engineeringdisc7 @ 5:17 pm

Cyberwarfare & Social Engineering

Explore Social Engineering

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: cyberwarfare, social engineering

Aug 29 2022

NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

Category: Cyber Threats,Cyber War,Dark Web,Digital cold warDISC @ 1:23 pm

Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

blue hacker hands over keyboard
Source: Andrey Khokhlov via Alamy Stock Photo

NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report.

The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.

Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.

Contradicting the cyberattackers’ claims in their ads, nothing up for grabs is classified information, MBDA said. It added that the data was acquired from a compromised external hard drive, not the company’s internal networks.

NATO, meanwhile, is “assessing claims relating to data allegedly stolen from MBDA,” a NATO official told Dark Reading on Monday.

“We have no indication that any NATO network has been compromised,” the official said.

Double Extortion

MBDA acknowledged in early August that it was “the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks,” in a post on its website.

The company refused to pay the ransom and thus the data was leaked for sale online, according to the post.

Specifically, threat actors are selling 80GB of stolen data on both Russian- and English-language forums with a price tag of 15 bitcoins, which is about $297,279, according to a report from the BBC, which broke the news about the NATO investigation Friday. In fact, cybercriminals claim to already have sold data to at least one buyer.

NATO is investigating one of the firm’s suppliers as the possible source of the breach, according to the report. MBDA is a joint venture between three key shareholders: AirBus, BAE Systems, and Leonardo. Though the company operates out of Europe, it has subsidiaries worldwide, including MBDA Missile Systems in the United States.

The company is working with authorities in Italy, where the breach occurred.

MBDA reported $3.5 billion in revenue last year and counts NATO, the US military, and the UK Ministry of Defense among its customers.

Classified Info & Ukraine

Hackers claimed in their ad for the leaked data to have “classified information about employees of companies that took part in the development of closed military projects,” as well as “design documentation, drawings, presentations, video and photo materials, contract agreements, and correspondence with other companies,” according to the BBC.

Among the sample files in a 50-megabyte stash viewed by the BBC is a presentation appearing to provide blueprints of the Land Ceptor Common Anti-Air Modular Missile (CAMM), including the precise location of the electronic storage unit within it. One of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is currently operational, according to the report.

This might provide a clue about the motive of threat actors; advanced persistent threats (APTs) aligned with Russia began hitting Ukraine with cyberattacks even before the Russian official invasion on Feb. 24.

After the conflict on the ground began, threat actors continued to throttle Ukraine with a cyberwar to support the Russian military efforts.

The sample data viewed by the BBC also included documents labelled “NATO CONFIDENTIAL,” “NATO RESTRICTED,” and “Unclassified Controlled Information,” according to the report. At least one stolen folder contains detailed drawings of MBDA equipment.

The criminals also sent by email documents to the BBC including two marked “NATO SECRET,” according to the report. The hackers did not confirm whether the material had come from a single source or more than one hacked source.

Nonetheless, MBDA insists that the verification processes that the company has executed so far “indicate that the data made available online are neither classified data nor sensitive.”



Cyber War

Tags: cyber threats, cyberwarfare, dark web

Feb 22 2022

A cyber attack heavily impacted operations of Expeditors International

Category: Cyber Attack,RansomwareDISC @ 9:45 am

American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack

American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend that paralyzed most of its operations worldwide.

Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the attack on February 20, 2022, it doesn’t provide details about the attack and announced to have launched an investigation into the incident.

“Expeditors International of Washington, Inc. (NASDAQ:EXPD) announced that on February 20, 2022, we determined that our company was the subject of a targeted cyber-attack. Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment.” reads the announcement published by the company. ”The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers’ shipments.”

The information publicly available on the attack suggests the company was the victim of a ransomware attack and was forced to shut down its network to avoid the threat from spreading.

The attack impacted the company’s operations, including the capability to arrange for shipments of freight or managing customs and distribution activities for our customers’ shipments.

The company hired cybersecurity experts to investigate the security breach and recover from the attack.

The company warned the incident could have a material adverse impact on our business, revenues, results of operations and reputation

“We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future. Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation.” concludes the advisory.

Expeditors International

Cyber Attacks and the New Normal of Geopolitics

Tags: cyber attack, cyberwarfare, The Hacker and the State

Feb 20 2022

Ukraine: how cyber-attacks became so important to the conflict

Category: Information Warfare,SpywareDISC @ 4:28 pm


For the past few weeks, Russia has been deploying military forces into strategic positions on Ukraine’s borders. However, there is another, virtual dimension to the escalating conflict: cyber-attacks on Ukrainian government and business websites and services.

Although it is impossible to confirm the Russian state is behind these attacks, commentators have suggested that similar tactics form part of a type of hybrid warfare that Russia has been fine tuning for the past couple of decades.

Cyber-espionage and information warfare have become an intrinsic part of recent conflicts and happen on a regular basis between conflicting powers. However, governments do not usually publicly claim responsibility for this type of activity, since this could put them in a position of declaring war against the targeted country and provoking counterattacks and sanctions from the international community. Therefore, evidence that Russia is definitely behind these attacks is hard to establish.

Cyber-attacks are often attributed to hacker groups with nationalist motivations, who justify their political agendas without explicitly verifying any state backing.

In January, there was a spate of attacks by Belarusian hackers believed to be supporting Russia. They launched a series of malware attacks against Ukrainian computer systems with many government and other websites being defaced with provocative and intimidating messages.

In mid February, there was another round of cyber-attacks, this time targeting the Ukrainian army website, ministerial websites and some of the major banks, including PrivatBank, preventing online payments and use of banking apps.

These latest attacks were mainly distributed denial of service (DDOS) attacks, where a huge number of small packets of information are sent to websites and servers from multiple sources. This information overload causes the servers and computer systems targeted to slow down or collapse because of the swarm of information requests.

Russian involvement in those cyber-attacks is suspected, but is hard to confirm. The attacks follow the pattern of similar tactics with alleged Russian backing over the past two decades in Ukraine, Estonia and Georgia, including attacks on communications infrastructures and power grids.

The US president and EU officials are now discussing increasing cyberspace defences against such attacks or imposing sanctions, if required.

Despite all of this, Ukrainian officials have refrained from explicitly mentioning the Russian state as being behind these attacks.

A searing look inside the rise of cyberwarfare as the primary way nations now compete with and sabotage one another – The Perfect Weapon

Tags: cyberwarfare, The Perfect Weapon

Oct 14 2021

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

Category: Cyber War,Digital cold warDISC @ 9:43 am

The former chief software officer for the U.S. Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. In a no-holds-barred interview, he unloads his frustrations, built up over three years of inept bungling at the Pentagon.

He quit his job last month, in disgust. “We are setting up critical infrastructure to fail,” Chaillan warned. And now Defense Department officials will be bracing themselves for more criticism as he vows to testify to Congress.

Lauren Knausenberger now holds the poisoned chalice. In today’s SB Blogwatch, we plan to fail.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fruit salad word salad.

Beijing Back Better

What’s the craic? Katrina Manson reports—“Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’”:

Kindergarten level”
In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told [me] the failure of the US to respond to Chinese cyber and other threats was putting his children’s future at risk. “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it is already over in my opinion,” he said.

Chaillan, 37, who spent three years on a Pentagon-wide effort to boost cyber security and as first chief software officer for the US Air Force, said Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities. He argued these emerging technologies were far more critical to America’s future than hardware such as big-budget fifth-generation fighter jets such as the F-35.

Senior defence officials have acknowledged they “must do better” to attract, train and retain young cyber talent. … Chaillan announced his resignation in a blistering letter at the start of September, saying military officials were repeatedly put in charge of cyber initiatives for which they lacked experience, decrying Pentagon “laggards” and absence of funding.

Chaillan said he plans to testify to Congress about the Chinese cyber threat to US supremacy, including in classified briefings, over the coming weeks. … He added US cyber defences in some government departments were at “kindergarten level.”

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

The New Art of War: China’s Deep Strategy Inside the United States 

Tags: China is Winning, cyberwarfare, New Art of War

May 04 2021


Category: Cyber War,Digital cold warDISC @ 9:20 am

America has a serious infrastructure problem.

America’s most urgent infrastructure vulnerability is largely invisible and unlikely to be fixed by the Biden administration’s $2 trillion American Jobs Plan.

I’m thinking about vulnerabilities that lurk in your garage (your car), your house (your computer), and even your pocket (your phone). Like those devices of yours, all connected to the Internet and so hackable, American businesses, hospitals, and public utilities can also be hijacked from a distance thanks to the software that helps run their systems. And don’t think that the American military and even cybersecurity agencies and firms aren’t seriously at risk, too.

Such vulnerabilities stem from bugs in the programs — and sometimes even the hardware — that run our increasingly wired society. Beware “zero-day” exploits — so named because you have zero days to fix them once they’re discovered — that can attract top-dollar investments from corporations, governments, and even black-market operators. Zero days allow backdoor access to iPhones, personal email programs, corporate personnel files, even the computers that run dams, voting systems, and nuclear power plants.

It’s as if all of America were now protected by nothing but a few old padlocks, the keys to which have been made available to anyone with enough money to buy them (or enough ingenuity to make a set for themselves). And as if that weren’t bad enough, it was America that inadvertently made these keys available to allies, adversaries, and potential blackmailers alike.

The recent SolarWinds hack of federal agencies, as well as companies like Microsoft, for which the Biden administration recently sanctioned Russia and expelled several of its embassy staff, is only the latest example of how other countries can hack basic American infrastructure. Such intrusions, which actually date back to the early 2000s, are often still little more than tests, ways of getting a sense of how easy it might be to break into that infrastructure in more serious ways later. Occasionally, however, the intruders do damage by vacuuming up data or wiping out systems, especially if the targets fail to pay cyber-ransoms. More insidiously, hackers can also plant “time bombs” capable of going off at some future moment.


The Coming Cyber War

Tags: Cyber-warfare, cybergeddon, cyberwar, cyberwarfare

May 15 2014

Cyber Resilience Implementation Suite

Category: BCP,Information Security,ISO 27kDISC @ 11:15 am


Cyber security is not enough – you need to become cyber resilient


The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Whether you know it or not, your organization is under cyber attack. Sooner or later, a hacker or cyber criminal will get through, so you need to ensure that you have the systems in place to resist such breaches and minimize the damage caused to your organization’s infrastructure, and reputation.

You need to develop a system that is cyber resilient – combining the best practice from the international cyber security and business continuity standards ISO22301 and ISO27001.

This specially-priced bundle of eBooks and documentation toolkits gives you all the tools you need to develop a cyber-resilient system that will both fend off cyber attacks, and minimize the damage of any that get through your cyber defenses.

The books in this suite will provide you with the knowledge to plan and start your project, identify your organization’s own requirements and help you to apply these international standards.

The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Download your copy today

This suite includes:

Tags: business continuity, Computer security, Cyber Resilience, cyberwarfare, ISO/IEC 27001

Apr 23 2013

Cyber Security and Risk Assessment

Category: cyber security,Security Risk AssessmentDISC @ 9:19 am

Cyber security is the protection of systems, networks and data in cyber space.

If your system is connected on the internet, you should know and uderstand the risks of cyber space to take appropriate countermeasures.

To understand the risks of cyber security,The first place is to begin with is a risk assessment. By completing a risk assessment you can understand what the risks, threats and vulnerabilities of your networks, systems and data really are and begin to comprehend how to reduce and handle them. The authors of The Information Security Risk Assessment Toolkit provides handy step-by-step guidance on how to undertake a risk assessment. As we said Security Risk Assessment is an important first to assess risks but the second step of mitigating those risks in timely manner is crucial to protect your information assets.

Once you understand what the risks of your business are, you can then decide on how to mitigate those risks based on your organization risk acceptance.

Tools and techniques which work in mitigating cyber risks

The UK’s Cyber-security Framework for Business (published by the Department for Business, Innovation and Skills) is a 10-step framework to stop around 80% of today’s cyber-attacks
1. Board-led Information Risk Management Regime
2. Secure Home and Mobile Working
3. User Education and Awareness
4. User privilege management
5. Removable media controls
6. Activity monitoring
7. Secure Configurations
8. Malware protection
9. Network security
10. Incident Management

Build the resilience in your information security management system (ISMS) to cope with the other 20% of the risk.

The authors of Hacking 7 Exposed cover the latest methods used by third-parties to (logical/physical) access to information assets. They then detail how you can protect your systems, networks and data from unauthorised access.

Cybersecurity standards are an important element in building a strong, resilient information and communications infrastructure. ISO/IEC 27001 is the most significant international best practice standard available to any organisation that wants an intelligently organised and structured framework for tackling its cyber risks

Tags: Computer security, cyberwarfare, Information Security, Information Security Management System, Risk Assessment, Risk management

Nov 30 2012

Cyberattack: dangers, consequences and prevention

Category: cyber security,ISO 27kDISC @ 1:26 pm

Attacks on IT systems can have devastating consequences across industries – among them, the banking and financial sector. In order to protect the best interests of their customers, and the vast tracts of personal data for which they are responsible, banks have already been paying attention to their data protection practices, writes Alan Calder of IT Governance

The heartbeat and Achilles’ heel of every organisation, information technology (IT) is crucial to the functioning of the business world. Given this situation, attacks on IT systems can have devastating consequences across industries – among them, the banking and financial sector. In order to protect the best interests of their customers, and the vast tracts of personal data for which they are responsible, banks have already been paying attention to their data protection practices.

The threat landscape is by its very nature ever-changing, however, and sees the continual emergence of new forms of highly sophisticated cyberattack. As a result, banks and financial institutions are wise to upgrade to a distinctly more comprehensive form of cyber security.

A continually evolving threat

Successful cyberattacks – attacks on a business’ IT infrastructure by a malicious third party – are known to have severe consequences, both operationally and on the business’ reputation. Indeed, the UK government classifies cyberattacks as a ‘Tier 1 threat’ in the National Security Strategy, alongside international terrorism, international military crises and major accidents or natural hazards. The distinction between well-funded, state-sponsored cyberattackers and their ‘private sector’ counterparts is becoming more blurred, meaning that commercial organisations and individuals can increasingly find themselves on the receiving end of extremely sophisticated attacks. Symptomatic of this trend is Google’s move in June 2012 to begin warning Google account holders if they are believed to have been targeted by a state-sponsored attack.

In the world of retail banking, where IT plays such a crucial role, a cyberattack can have serious consequences in terms of practical and reputational damage. The sheer volume of personal customer data held by banks intensifies the threat and consequences of a successful cyberattack. In terms of data compliance and IT security, staff are, and always will be, the weakest link, mainly through a lack of understanding of responsibilities and not comprehending the severity of an IT security breach. These misunderstandings are far from trivial, however.

In addition, the threat landscape is constantly evolving. Today, for example, we are seeing the emergence of cyber fraud and cyber threat into the criminal mainstream. This fact, and the fact modern attacks now combine technological and social elements, means traditional technology-only defences are now inadequate. Thus, forms of security that, two years ago, might have been capable of protecting retail banking institutions, are now insufficient in the face of high-level cyberattacks.

A robust and comprehensive approach

In order to tackle specialised cyberattacks such as cyber fraud and cyber theft, banks and financial institutions would therefore do well to adopt a more robust approach to their cyber security. Ultimately, effective cyber security depends on establishing a defence strategy that is not only all-embracing but also interconnected.

One such strategy is that provided by the ISO27001 security management standard. The most significant international best practice standard currently available to any organisation seeking an intelligently organised and structured framework for tackling cyber risks, ISO27001 is, in essence, a management system. When effectively deployed, ISO27001 improves an organisation’s information security and resilience to ongoing and constantly evolving threats.

Above all, ISO27001 compliance supports organisations in building their defences against cyberattacks. Among other elements, this standard requires organisations to develop and test security incident response plans, or SIRPs; select and implement appropriate controls that reduce risk to an acceptable level, from securing cyber perimeters to training staff and securing inward- and outward-bound communication channels such as e-mails and instant messaging; and carry out risk assessments. Importantly, ISO27001 compliance also requires organisations to put in place a mechanism for auditing and management review of the effectiveness of selected controls – and of the management system that supports them.

Additional steps

In addition to establishing an organisation-wide security management standard, retail banks, as with other organisations, can go a long way towards significantly improving their data protection by introducing a number of basic measures. These measures include the implementation of regular staff awareness training about the threats and ramifications of a cyberattack, enterprise-wide policies on the use of encrypted USB sticks and laptops, and regular website and network penetration testing.

Otherwise known as ‘pen testing’, regular website and network penetration testing, for example, is vital to ensure hackers and cyber attackers are not given easy vulnerabilities to exploit. All internet-facing networks and resources are subject to automated, malicious probing.

When a vulnerability is detected, the exploitation of that vulnerability is also usually automatic. In a world where attacks on networks and applications are growing at an exponential rate, effective pen testing is the only way to establish true security. Quite rightly, the penalties incurred by organisations failing to defend themselves against such attacks are becoming ever steeper. Effective pen testing exposes and documents such weaknesses and recommends steps to reduce the risk.

Preparation is key

If knowledge is power, ignorance is danger – a danger that can impact banks on a number of fronts. If banks and financial institutions fail to refresh their data protection practices on a regular basis, educate their staff about the dangers of cyberattacks or enlighten their employees on the importance of data protection, they are at risk of being caught out by ever-more-sophisticated cyberattacks. Failure to prepare by adopting stringent security management standards is, ultimately, preparation to be vulnerable. .

Tags: Computer crime, Computer security, cyberwarfare, iso 27001, National Security Strategy, USB flash drive

Mar 13 2011

Lessons from Anonymous on cyberwar

Category: cyber security,CybercrimeDISC @ 11:44 am

Cyberwar soldiers

Image via Wikipedia

By Haroon Meer
A cyberwar is brewing, and Anonymous reprisal attacks on HBGary Federal shows how deep the war goes

“Cyberwar” is a heavily loaded term, which conjures up Hollywood inspired images of hackers causing oil refineries to explode.

Some security celebrities came out very strongly against the thought of it, claiming that cyberwar was less science, and more science fiction.

Last year on May 21, the United States Cyber Command (USCYBERCOM) reported reaching initial operational capability, and news stories abound of US soldiers undergoing basic cyber training, which all point to the idea that traditional super powers are starting to explore this arena.

Recent activities with one government contractor and Anonymous, however, show clearly that cyber operations have been going on for a long while, and that the private sector has been only too ready to fill the cyber mercenary role for piles of cash.

To read the remaining article and Anonymous vs. HBGary

Tags: Anonymous (group), cyberwarfare, Haroon, Hollywood, Loaded language, Oil refinery, Organisation for Economic Co-operation and Development, United States Cyber Command

Oct 23 2009

‘China using elite hacker community to build cyber warfare capability’

Category: CybercrimeDISC @ 4:44 pm

The Hacker Files
Image via Wikipedia

Hacking: The Art of Exploitation

London, Oct 23 (ANI): The Communist regime in China with the help of a elite hacker community is building its cyber warfare capabilities and appears to be using a long-term computer attack campaign to collect US intelligence.

An independent study released by a congressional advisory panel found cases that suggested that China’s elite hacker community has ties to Beijing, although there is no substantial proof.

The commission report details a cyber attack against a US company several years ago that appeared to either originate in or came through China and was similar to other incidents also believed to be connected to that country, The Telegraph reports.

The data from company’s network was being sent to multiple computers in the US and overseas, according to an analysis done by the company over several days.

The report contends that the attackers targeted specific data, suggesting a very coordinated and sophisticated operation by people who had the expertise to use the high-tech information.

An Internet Protocol (IP) address located in China was used at times during the episode, the paper reports.

The Chinese Government is said to view such cyber prowess as critical for victory in future conflicts, similar to the priority on offensive cyber abilities stressed by some US officials.

Potential Chinese targets in the US would likely include Pentagon networks and databases to disrupt command and control communications, and possibly corrupt encrypted data, the report says. (ANI)

Reblog this post [with Zemanta]

Tags: chinese hacker, cyberwarfare, elite hacker, hacker, hacker files, uber hacker