Neuberger, United States, Neff discussed on The CyberWire

The CyberWire


Trend micro. This morning released. A study of ransomware is growing infestation of industrial control systems riot. Neff limb so dinner key and lock bit variance accounted for a majority of the incidents trend micro investigated the researchers wrote quote ransomware in ics could lead to loss of you and control the physical processes since such attacks in crypto variety of files including image and configuration files that are necessary for rendering the interface. This in turn leads to loss of revenue. Due to disrupted operations victims could also lose money from extortion schemes as more ransomware operators also threatened to publicize stolen data and quote. Their report. lead with ransomware. Which seems right. Given the current prominence that particular kind of threat has now but they also discussed coin. Minors these can have a bad effect on the operation of ics end points rendering them slow and unresponsive particularly when those end points are running old operating systems or have limited cpu capacity. Both of these conditions are common enough in ics. Environments trend micro also discusses the effect legacy malware like configure can continue to have on industrial control systems. A lot of that legacy. Malware is propagated via removable media. Industrial countries are infected in different ways and at different rates. China is the leading sufferer of legacy. Malware the us has to put up with the highest rates of ransomware. Infections and india is the unfortunate leader. In the tally of coin. Jacking victims trend micros recommendations will surprise few. But they're good advice. Nonetheless patch systems with security updates a lot of the infestations. They observed found their way. In through eternal blue exploits there are fixes for that implement micro segmentation in the network or use virtual patching technologies restrict network shares and enforce strong username and password. Combinations us intrusion detection systems and intrusion prevention systems install anti malware solutions. These are particularly useful in controlling legacy. Malware set up usb scanning kiosks and get people to use them before they plug removable media into a network apply the principle of least privilege consider regional differences insecurity security awareness and implementation. This is especially important for multinationals and identify an audit systems with low risk tolerance. Also this morning guard. Corps issued an update on the index. Seen as sm. Be worm also known as nsa buff minor. The worm has been in use since twenty. Nineteen and recently has been most active against targets in the healthcare hospitality education and telecommunications sectors the victims us snb servers vulnerable to eternal blue and the campaign makes massive use of equation group exploit kit that includes both the eternal blue exploit and the double pulsar back door. The us government expects to issue a formal attribution of microsoft exchange server hacks in the coming weeks. Deputy national security adviser for cyber and neuberger said yesterday the hill reports microsoft announced the discovery of that campaign back in march and redman was quick to attribute the hostile activity to half neom. A chinese government run threat actor neither neuberger nor other. Us officials have tipped their hand on attribution. But if you're betting on form there's a pretty good chance microsoft. Has this one right straight up. It was the chinese services double. Vpn a service. Based in russia that catered to cybercriminals by helping them obscure both their physical location and originating ip address was taken down yesterday in an international law enforcement operation bleeping computer reports as its name suggests double vpn double encrypted at least data that transited it service the take down notice on what's left of double vpn dot com says quote on twenty nine. Th of june twenty twenty one law enforcement took down double. Vpn law enforcement gained access to the servers of double vpn and seized personal information logs and statistics kept by double vpn about all of its customers double. Vpn's owners failed to provide the services. They promised international law enforcement continues to work collectively against facilitators of cybercrime wherever and however it is committed. The investigation regarding customer data of this network will continue and quote britain's nca which credited the netherlands with leading the effort tweeted that double vpn was advertised on both russian and english speaking cybercrime forums as a service which provided anonymity to those seeking to carry out cyber attacks. It's cheapest virtual private network connection cost as little as nineteen pounds. Nca assess the action as extremely significant adding that not only have we successfully affected the take down of double vpn but it is the first time law enforcement has been able to take direct action against a criminal enabling service of this type. Europol in particular isn't just tweeting. It's crowing large over the operation with a hand emoji waving in triumph. That quote the golden age of criminal. Vpn's is over and in another law enforcement action colombian authorities have arrested the alleged distributor of the e virus the washington post reports maha yano two pound ness coup was taken into custody as he was passing through the airport in bogota. He faces the prospect of extradition to new york where us authorities intend to try him for computer intrusion and bank fraud ghozi infected computers in at least eight countries the united states germany finland and the united kingdom among them and both individuals and organisations were affected. Mr panisse coup is the third person the us has pursued for their roles in gauzy nikita kouzmin. A russian national and creator of the gauzy virus was arrested in the us and november twenty ten. He took a guilty plea in may of twenty eleven dennis columbus who went by the hacker. Name miami a latvian national who improved ghozi's code was arrested in latvia and in january two thousand sixteen. He was sentenced in the us to the twenty one months served while awaiting trial. Mr panisse coups. Alleged role in the criminal activity was different from those played by misters kouzmin and clubs gifts they coded he provided the bulletproof hosting service. Used to distribute ghozi and other malware mr.

Coming up next