Tag: Cyberattack

US to give ransomware hacks similar priority as terrorism, official says

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The US Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cybercriminals, a senior department official told Reuters.

Internal guidance sent on Thursday to US attorney’s offices across the country said information about ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington. ”It’s a specialized process to ensure we track all ransomware cases regardless of where it may be referred in this country, so you can make the connections between actors and work your way up to disrupt the whole chain,” said John Carlin, the acting deputy attorney general at the Justice Department.

Last month, a cybercriminal group that the US authorities said operates from Russia, penetrated a pipeline operator on the US East Coast, locking its systems and demanding a ransom. The hack caused a shutdown lasting several days, led to a spike in gas prices, panic buying, and localized fuel shortages in the southeast.

Colonial Pipeline decided to pay the hackers who invaded their systems nearly $5 million to regain access, the company said.

”To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking,” said the guidance seen by Reuters and previously unreported.

The Justice Department’s decision to push ransomware into this special process illustrates how the issue is being prioritized, US officials said. ”We’ve used this model around terrorism before but never with ransomware,” said Carlin. The process has typically been reserved for a shortlist of topics, including national security cases, legal experts said.

Also Read: Explained: Why ransomware is so dangerous and hard to stop

In practice, it means that investigators in US attorney’s offices handling ransomware attacks will be expected to share both updated case details and active technical information with leaders in Washington.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Explained: Why ransomware is so dangerous and hard to stop

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Recent high-profile ransomware attacks on the world’s largest meat-packing company and the biggest US fuel pipeline have underscored how gangs of extortionist hackers can disrupt the economy and put lives and livelihoods at risk. Last year alone in the US, ransomware gangs hit more than 100 federal, state, and municipal agencies, up/wards of 500 health care centers, 1,680 educational institutions, and untold thousands of businesses, according to the cybersecurity firm Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

More recent known targets include a Massachusetts ferry operator, the Irish health system, and the Washington, D.C., police department. But the broadly disruptive hacks on Colonial Pipeline in the US in May and Brazilian meat processor JBS SA this week have drawn close attention from the White House and other world leaders, along with heightened scrutiny of the foreign safe havens where cybercriminal mafias operate.

WHAT IS RANSOMWARE? HOW DOES IT WORK?

Ransomware scrambles the target organizations data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files.
Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments. That can present problems even for companies that diligently back up their networks as a hedge against ransomware, since refusing to pay can incur costs far greater than the ransoms they might have negotiated.

HOW DO RANSOMWARE GANGS OPERATE?

The criminal syndicates that dominate the ransomware business are mostly Russian-speaking and operate with near impunity out of Russia and allied countries. Though barely a blip three years ago, the syndicates have grown in sophistication and skill. They leverage dark web forums to organize and recruit while hiding their identities and movements with sophisticated tools and cryptocurrencies like Bitcoin that make payments and their laundering harder to track.

Some top ransomware criminals fancy themselves software service professionals. They take pride in their customer service, providing help desks that assist paying victims in file decryption. And they tend to keep their word. They have brands to protect, after all.

The business is now highly specialized. An affiliate will identify, map out and infect targets using ransomware that is typically rented from a ransomware-as-a-service provider. The provider gets a cut of the payout; the affiliate normally takes more than three-quarters.

Other subcontractors may also get a slice. Those can include the authors of the malware used to break into victim networks and the people running so-called bulletproof domains behind which the ransomware gangs hide their command-and-control servers. Those servers manage the remote sowing of malware and data extraction ahead of activation, a stealthy process that can take weeks.

WHY DO RANSOMS KEEP CLIMBING? HOW CAN THEY BE STOPPED?

Colonial Pipeline confirmed that it paid USD 4.4 million to the gang of hackers who broke into its computer systems last month.

The FBI discourages paying ransoms, but a public-private task force including tech companies and US, British and Canadian crime agencies says it would be wrong to try to ban ransom payments altogether. That’s largely because ransomware attackers continue to find sectors and elements of society that are woefully underprepared for this style of attack.

The task force recognizes that paying up can be the only way for an afflicted business to avoid bankruptcy. Worse, the sophisticated cybercriminals often have done their research and know a victims cybersecurity insurance coverage limit. Theyve been known to mention it in negotiations.

That degree of criminal savvy helped drive average ransom payments to more than USD 310,000 last year, up 171 percent from 2019, according to Palo Alto Networks, a task force member.

WHAT’S BEING DONE ABOUT IT?

President Joe Biden signed an executive order in May meant to strengthen US cybersecurity defenses, mostly in response to Russias hacking of federal agencies and interference in US politics. But headline-grabbing ransomware attacks on private companies have started to dominate the cybersecurity conversation as Biden prepares for a June 16 summit with his Russian counterpart Vladimir Putin.

White House principal deputy press secretary Karine Jean-Pierre said this week that the ransom demand of JBS meat came from a criminal organization likely based in Russia. She said the White House is engaging directly with the Russian government” and ”delivering the message that responsible states do not harbor ransomware criminals.

The new industry task force set up to combat ransomware says it’s important to have concerted diplomatic, legal, and law enforcement cooperation with key allies.

Ransomware developers and their affiliates should be named and shamed though they’re not always easy to identify and regimes that enable them punished with sanctions, its report urges.

It calls for mandatory disclosure of ransom payments and a federal response fund to provide financial assistance to victims in hopes that, in many cases, it will prevent them from paying ransoms. And it wants stricter regulation of cryptocurrency markets to make it more difficult for criminals to launder ransomware proceeds.

The task force also calls for something potentially controversial: amending the US Computer Fraud and Abuse Act to let private industry actively block or limit online criminal activity, including of botnets, the networks of hijacked zombie computers that ransomware criminals use to sow infections.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

World’s biggest meat supplier JBS under cyberattack; what we know so far

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Sao Paulo-headquartered JBS, the world’s largest meat processing company, suffered from a cyberattack in its North America and Australia systems on May 30, resulting in work being disrupted for thousands of employees.

Well-known hacker collective REvil Group is behind the cyberattack on JBS, CNBC reported quoting a source.

Nearly 7,000 workers in its Australian abattoirs and at least 3,000 workers across Canada and the US have been asked to quit. The company has issued a statement that they would commence operations from Wednesday.

JBS holds 20 percent of the meat processing market share in the US.

Where was the Cyberattack?

After the group realised that they had been attacked on May 30, they immediately swung into action by suspending operations of the affected systems and notifying concerned authorities. The cyberattack has hit some servers supporting its Australian and Northern American information technology systems.

Has JBS been Compromised?

As officials sift through data and try and get operations up and running, the company said they are not aware of any breach of data for customers, suppliers or employees. It would take time to sort out and there are chances of a delay in transactions for some customers and suppliers.

How it Affects JBS?

The systems for JBS run smoothly as the company and the industry per se relies on software and IT systems for tracing and sorting of animals. Also, records are to be maintained meticulously to meet the strict regulatory standards. With these plants closed, the US Department of Agriculture had to delay its reports on livestock and meat prices. The reason they shared was “packer submission issues.”

Plants Closed

JBS’ beef plant in Cactus, Texas, Brooks, Alberta, and the Greeley plant, which is the largest US slaughterhouse, were closed. Further, JBS has not given any indication as to when they will open processing of cattle, pigs and sheep at its 47 facilities in Australia.

Meat on the Table?

The longer the shutdown, the more severe will be the impact on food production. Since JBS exports about 60 percent of its products, the impact will be minimal in the US market for now.

Market Reaction

The Financial Times reported that cattle futures declined on the expectation that herds would back up outside slaughterhouses and the benchmark contract in Chicago fell almost 4 percent at one point on June 1.

White House Steps in

After the Colonial Pipeline ransomware attack last month, JBS is the second serious cyberattack on a large US corporate house.

The White House has engaged directly with the Kremlin on this matter and has delivered a strong message that responsible states do not harbour ransomware criminals. Even the FBI has launched an investigation into this attack. US President Joe Biden has also directed the administration to look at ways to mitigate supply disruptions, according to a Financial Times report.

The government is getting into the act as JBS is the world’s largest meat processor, controlling a 20 percent market share of meat processing in the US alone. A shutdown or attacks like this one can lead to massive implications for the US national food supply.

Kremlin Reacts

The Kremlin denied that it has any knowledge of these attacks. If any official request for assistance is asked, the Russian government will be happy to oblige, it has said.

The likelihood of cybercrime figuring on the agenda of the proposed meeting between Putin and Biden at Geneva this month is high.

Other Attacks on US food cos

Three months ago, JFC International, a subsidiary of Japanese food manufacturer Kikkoman and a major distributor and wholesaler of Asian food products, faced a similar cyberattack. The company was targeted in a ransomware attack that disrupted some of its IT systems and affected its subsidiary Europe Group.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

World’s largest meat producer JBS getting back online after cyberattack

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

The world’s largest meat processing company is getting back online after production around the world was disrupted by a cyberattack just weeks after a similar incident shut down a U.S. oil pipeline.

Brazils JBS SA said late Tuesday that it had made significant progress in dealing with the cyberattack and expected the vast majority of its plants to be operating on Wednesday.

Our systems are coming back online and we are not sparing any resources to fight this threat, Andre Nogueira, CEO of JBS USA, said in a statement.

Earlier, the White House said JBS had notified the U.S. of a ransom demand from a criminal organization likely based in Russia. White House principal deputy press secretary Karine Jean-Pierre said the White House and the Department of Agriculture have been in touch with the company several times this week.

JBS is the second-largest producer of beef, pork and chicken in the U.S. If it were to shut down for even one day, the U.S. would lose almost a quarter of its beef-processing capacity, or the equivalent of 20,000 beef cows, according to Trey Malone, an assistant professor of agriculture at Michigan State University.

The closures reflect the reality that modern meat processing plants are heavily automated, for both food- and worker-safety reasons. Computers collect data at multiple stages of the production process, and orders, billing, shipping and other functions are all electronic.

JBS, which has not stated publicly that the attack was ransomware, said the cyberattack affected servers supporting its operations in North America and Australia. Backup servers werent affected and it said it was not aware of any customer, supplier or employee data being compromised.

JBS plants in Australia resumed limited operations as of Wednesday in New South Wales and Victoria states, Agriculture Minister David Littleproud said. The company hoped to resume work in Queensland state on Thursday, he said.

JBS is the largest meat and food processing company in Australia, with 47 facilities including abattoirs, feedlots and meat processing sites.

Littleproud said his department and Australian law enforcement officials were due to meet with their counterparts in the U.S. on Wednesday.

Even before the attack, U.S. meat prices were rising due to coronavirus shutdowns, bad weather and high plant absenteeism. Malone said the disruption could further raise meat prices ahead of summer barbecues. The U.S. Department of Agriculture estimates beef prices will climb 1%-2% this year, poultry as much as 1.5% and pork 2%-3%.

JBS, which is a majority shareholder of Pilgrims Pride, didnt say which of its 84 U.S. facilities were closed Monday and Tuesday because of the attack. It said JBS USA and Pilgrims were able to ship meat from nearly all of its facilities Tuesday. The company also said it was making progress toward resuming plant operations in the U.S. and Australia. Several of the companys pork, poultry and prepared foods plants were operational Tuesday and its Canada beef facility resumed production, it said.

Earlier Tuesday, a union official confirmed that two shifts at the companys largest U.S. beef plant, in Greeley, Colorado, were canceled. Some plant shifts in Canada were also canceled Monday and Tuesday, according to JBS Facebook posts.

Jean-Pierre said the White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals. The FBI is investigating the incident, and the Cybersecurity and Infrastructure Security Agency is offering technical support to JBS.

In addition, USDA has spoken to several major meat processors in the U.S. to alert them to the situation, and the White House is assessing any potential impact on the nations meat supply.

JBS has more than 150,000 employees worldwide.

Its not the first time a ransomware attack has targeted a food company. Last November, Milan-based Campari Group said it was the victim of a ransomware attack that caused a temporary technology outage and compromised some business and personal data.

In March, Molson Coors announced a cyber attack that affected its production and shipping. Molson Coors said it was able to get some of its breweries running after 24 hours; others took several days.

Ransomware expert Brett Callow, a threat analyst at the security firm Emsisoft, said companies like JBS make ideal targets.

They play a critical role in the food supply chain and threat actors likely believe this increases their chances of getting a speedy payout, Callow said.

Mark Jordan, who follows the meat industry as the executive director of Leap Market Analytics, said the disruption would be minimal if JBS recovers in the next few days. Meat processers are accustomed to delays because of various factors including industrial accidents and power outages. They make up for lost production with extra shifts, he said.

Several plants owned by a major meatpacker going offline for a couple of days is a major headache, but it is manageable assuming it doesnt extend much beyond that, he said.

U.S. meat demand generally eases for a few weeks between Memorial Day and the July 4 Independence Day holiday.

But such attacks can wreak havoc. Last month, a gang of hackers shut down operation of the Colonial Pipeline, the largest U.S. fuel pipeline, for nearly a week. The closure sparked long lines and panic buying at gas stations across the Southeast. Colonial Pipeline confirmed it paid $4.4 million to the hackers.

Jason Crabtree, the co-founder of QOMPLX, a Virginia-based artificial intelligence and machine learning company, said Marriott, FedEx and others have also been targeted by ransomware attacks. He said companies need to do a better job of rapidly detecting bad actors in their systems.

A lot of organizations arent able to find and fix different vulnerabilities faster than the adversaries that theyre fighting, Crabtree said.

Crabtree said the government also plays a critical role, and said President Joe Bidens recent executive order on cybersecurity which requires all federal agencies to use basic security measures, like multi-factor authentication is a good start.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Cyberattack on US pipeline: Officials hope most service will be back by weekend

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Hit by a cyberattack, the operator of a major US fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers. US officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward substantially restoring operational service by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

We need to invest to safeguard our critical infrastructure, Biden said Monday. Energy Secretary Jennifer Granholm said the attack tells you how utterly vulnerable we are to cyberattacks on US infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries, such as water and natural gas.

Despite that, the challenge facing the government and the private sector remains immense.

In this case, the FBI publicly assigned blame Monday by saying the criminal syndicate whose ransomware was used in the attack is named DarkSide. The group’s members are Russian speakers, and the syndicates malware is coded not to attack networks using Russian-language keyboards.

Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said at a briefing that the group has been on the FBI’s radar for months. She said its business model is to demand ransom payments from victims and then split the proceeds with the ransomware developers, relying on what she said was a new and very troubling variant.

She declined to say if Colonial Pipeline had paid any ransom, and the company has not given any indication of that one way or the other. Though the FBI has historically discouraged victims from making payments for fear of promoting additional attacks, she acknowledged the very difficult situation that victims face and said the administration needs to look thoughtfully at this area” of how best to deter ransomware.

”Given the rise in ransomware, that is one area were definitely looking at now to say, What should be the government’s approach to ransomware actors and to ransoms overall?

Speaking later in the day at a conference on national security, Neuberger said the administration was committed to leveraging the government’s massive buying power to ensure that software makers make their products less vulnerable to hackers.

Security can’t be an afterthought, Neuberger said. We don’t buy a car and only then decide if we want to pay for seatbelts and airbags.

The US sanctioned the Kremlin last month for a hack of federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation.

In this case, though, the hackers are not known to be working at the behest of any foreign government. The group posted a statement on its dark website describing itself as apolitical. Our goal is to make money, and not creating problems for society, DarkSide said.

Asked Monday whether Russia was involved, Biden said, Im going to be meeting with President (Vladimir) Putin, and so far there is no evidence-based on, from our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, is in Russia.

They have some responsibility to deal with this, he added.

U.S. officials have sought to head off anxieties about the prospect of a lingering economic impact and disruption to the fuel supply, especially given Colonial Pipeline’s key role in transporting gasoline, jet fuel, diesel and other petroleum products between Texas and the East Coast.

Colonial is in the process of restarting portions of its network. It said Monday that it was evaluating the product inventory in storage tanks at its facilities. Administration officials stressed that Colonial proactively took some of its systems offline to prevent the ransomware from migrating from business computer systems to those that control and operate the pipeline.

In response to the attack, the administration loosened regulations for the transport of petroleum products on highways as part of an all-hands-on-deck effort to avoid disruptions in the fuel supply.

The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices, said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said when gas prices rose 15 to 20 cents per gallon. The Northeast had significantly more local refining capacity at that time.

The pipeline utilizes both common and custom technology systems, which could complicate efforts to bring the entire network back online, according to analysts at Third Bridge.

Granholm, the Energy Secretary, said Cyber attacks on our critical infrastructure especially energy infrastructure are not going away. “This is a serious example of what were seeing across the board in many places and it tells you that we need to invest in our systems, our transmission grid for electricity. We need to invest in cyber defense in these energy systems,” she told Bloomberg TV.

The attack has not affected the supply of gasoline, she said, but if it goes on too long, of course, that will change.

Gasoline futures ticked higher Monday. Futures for crude and fuel, prices that traders pay for contracts for delivery in the future, typically begin to rise anyway each year as the driving season approaches. The price you pay at the pump tends to follow.

The average US price of regular-grade gasoline has jumped 6 cents over the past two weeks, to $3.02 per gallon, which is $1.05 higher than a year ago. The year-ago numbers are skewed somewhat because the nation was going into lockdown due to the pandemic.

The attack on the Colonial Pipeline could exacerbate the upward pressure on prices if it is unresolved for a period of time.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Microsoft Exchange hack: All you need to know about the cyberattack

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Microsoft released security patches last week after disclosing that Chinese hackers had gained access to users’ accounts through vulnerabilities on its Exchange Server email software. As Exchange is still used widely around the world, it could lead companies to spend more on security and move to cloud-based email instead of running their own email servers.

A Guardian report from Monday said that the Biden administration was launching an emergency taskforce to address the cyberattack.

Here’s all that you need to know about the cyberattacks:

Microsoft disclosed on March 2 about vulnerabilities on its Exchange Server email software for corporate and government data centres. Following this, it released patches for Exchange 2010, 2013, 2016 and 2019 versions.

Following the breach, Microsoft deviated from its schedule of releasing updates on Tuesday — the second Tuesday of each month. This month, the announcement about the attacks on the Exchange software came on the first Tuesday.

Besides, Microsoft issued a patch for the 2010 edition, even as its support ended in October. “This means the vulnerabilities, the attackers exploited, have been in the Exchange Server code base for more than 10 years,” security blogger Brian Krebs wrote on Monday.

Microsoft said Hafnium, based in China, is the main group exploiting the vulnerabilities.

When did the attacks start?

The attacks started in early January, according to security company Volexity and Microsoft had identified some of the issues.

Will the flaws affect Office 365?

No.

What are the attackers targeting?

The group aimed to gain information from defence contractors and schools among other entities in the US, a senior Microsoft official wrote in a blog. According to security company FireEye, the victims also include US retailers. The city of Lake Worth Beach was also a target, says Palm Beach Post. The European Banking Authority said it had been hit too.

Last Friday, the Wall Street Journal published that there could be 2,50,000 or more victims.

Will the patches banish attackers from compromised systems?

Although Microsoft said no, the company is asking customers to install the security patches it delivered last week, immediately. That apart, it has released information to help customers know if their networks had been hit. On Monday (March 8), the company also released security patches for the versions of Exchange Server that did not have the most recent available software updates.

What are the implications?

Interestingly, the cyberattacks could be beneficial for Microsoft, because the company also makes security software that clients may want to start using because of the cyberattacks. However, many Microsoft customers have switched to cloud-based email, while some organisations rely on Google’s cloud-based Gmail, which is not affected by the Exchange Server flaws.

On Tuesday, DA Davidson analysts Andrew Nowinski and Hannah Baade wrote that the attacks could increase adoption of security products from companies such as Cyberark, Proofpoint and Tenable.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Honda motorcycle production halted across India after global network outage at company

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Japanese automobile major Honda Motor Company has suffered a cyberattack on its servers across the globe leading to a temporary disruption in business operations. The manufacturing operations of its Indian subsidiary Honda Motorcycle and Scooter India (HMSI) have also been impacted due to the network outage.

The cyberattack is reported to have occurred in the wee hours of Monday that caused an internal network glitch. This resulted in a temporary suspension of vehicle shipments from factories in Japan.

“A company-wide network outage has been reported by Honda companies globally. While the cause of the problem is currently under investigation, the recovery process is underway. The disruption in the network has impacted some business operations leading to a temporary adjustment in the production schedule. There is no effect on the invoicing process at our dealership network,” the company said in a statement.

Honda Two Wheelers India said that the sales mapping tool had been impacted and had to be shut down as a precautionary measure. However, the software was restored after a temporary disruption and production has not been impacted, it added.

While production plants of Honda Motorcycles in India have been impacted, operations of Honda Cars India Ltd (HCIL) have not as they are yet to resume production after the lockdown.

“Since we were in the preparatory phase of resuming production in HCIL plants after COVID-19 related shutdown, the network disruption has not impacted the production,” a statement from Honda Cars read.

Further, HMSI said that its dealer network has not been impacted.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

Kerala saw about 2,000 COVID-19-themed cyberattacks in February-April: Report

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Kerala was among the top targets of cybercrooks with netizens in the state facing over 2,000 COVID-19-themed attacks between February and mid-April this year, according to a report by K7 Computing.

Also, more phishing attacks were noticed in tier II and III cities compared to tier I cities.

“The sudden surge in the frequency of attacks witnessed from February 2020 to mid-April 2020 indicates that scamsters across the world were exploiting the widespread panic around coronavirus at both the individual and corporate level,” K7 Computing’s Cyber Threat Report said.

These attacks aimed to compromise computers and mobile devices to gain access to users’ confidential data, banking details, and cryptocurrency accounts, it added.

The key threats seen during this period ranged from phishing attacks to rogue apps disguised as COVID-19 information apps that targeted users’ sensitive data, the report said adding that smaller cities saw over 250 attacks being blocked per 10,000 users.

Eighty-six attacks were blocked for netizens in Ghaziabad and 53 in Lucknow (per 10,000 users) as compared to 15 such attacks on users in Bengaluru, it said.

“In Kerala, regions like Kottayam, Kannur, Kollam, and Kochi saw the highest hits with 462, 374, 236, and 147 attacks respectively (attacks blocked per 10,000 users), while the state as a whole saw around 2,000 attacks during the period – the highest thus far in the country. This was followed by Punjab with 207 attacks and Tamil Nadu at 184 attacks,” the report noted.

About 7 attacks (per 10,000 users) were blocked in Delhi, 10 in Mumbai, 24 in Chennai, 5 in Kolkata, 16 in Hyderabad and 26 in Pune, the report said.

These attacks were aimed at heightening users’ fears and creating a sense of urgency to take action. There were phishing attacks where scamsters posed as representatives of the US Department of the Treasury, the World Health Organization (WHO), and the Centers for Disease Control and Prevention (CDC).

The report said users were encouraged to visit links that would automatically download malware on the host computer such as the Agent Tesla keylogger or Lokibot information-stealing malware, infamous banking Trojans such as Trickbot or Zeus Sphinx, and ransomwares.

Other attacks included infected COVID-19 Android apps like CoronaSafetyMask that scam users with promises of masks for an upfront payment; the spyware app Project Spy; and seemingly genuine apps that are infected with dangerous malware like banking Trojans such as Ginp, Anubis and Cerberus, the report added.

“COVID-19 has created an ideal situation for various threat actors to target individuals and enterprises alike. The panic caused by the stringent lockdown measures and rapid spread of this virus has left many people looking for more information on the situation,” K7 Computing founder and CEO J Kesavardhanan said.

He added that threat actors exploit this fear to their advantage and scam users into downloading malicious software and divulging sensitive information like banking codes, and the need to be “cyber cautious” has never been greater.

“This is more so in the case of corporates who have adopted a work from home policy hurriedly without adequate cyber hygiene. We have seen an increase in attacks on enterprises and SME employees as well,” he said.

The report said the number of COVID-themed attacks will continue increasing till normalcy returns.

Social engineering attacks targeted at winning users’ trust will gain momentum, and healthcare institutions, well-known government offices, and international organisations will continue to be a prime target throughout the pandemic, it added.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

A cyberattack could wreak destruction comparable to a nuclear weapon

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

People around the world may be worried about nuclear tensions rising, but I think they’re missing the fact that a major cyberattack could be just as damaging – and hackers are already laying the groundwork.

With the US and Russia pulling out of a key nuclear weapons pact – and beginning to develop new nuclear weapons – plus Iran tensions and North Korea again test-launching missiles, the global threat to civilization is high. Some fear a new nuclear arms race.

That threat is serious – but another could be as serious, and is less visible to the public. So far, most of the well-known hacking incidents, even those with foreign government backing, have done little more than steal data. Unfortunately, there are signs that hackers have placed malicious software inside US power and water systems, where it’s lying in wait, ready to be triggered. The US military has also reportedly penetrated the computers that control Russian electrical systems.

Many Intrusions Already

As someone who studies cybersecurity and information warfare, I’m concerned that a cyberattack with widespread impact, an intrusion in one area that spreads to others or a combination of lots of smaller attacks, could cause significant damage, including mass injury and death rivaling the death toll of a nuclear weapon.

Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile, the death toll from most cyberattacks would be slower. People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system. This could happen over a wide area, resulting in mass injury and even deaths.

This might sound alarmist, but look at what has been happening in recent years, in the US and around the world.

In early 2016, hackers took control of a U.S. treatment plant for drinking water, and changed the chemical mixture used to purify the water. If changes had been made – and gone unnoticed – this could have led to poisonings, an unusable water supply and a lack of water.

In 2016 and 2017, hackers shut down major sections of the power grid in Ukraine. This attack was milder than it could have been, as no equipment was destroyed during it, despite the ability to do so. Officials think it was designed to send a message. In 2018, unknown cybercriminals gained access throughout the United Kingdom’s electricity system; in 2019 a similar incursion may have penetrated the U.S. grid.

In August 2017, a Saudi Arabian petrochemical plant was hit by hackers who tried to blow up equipment by taking control of the same types of electronics used in industrial facilities of all kinds throughout the world. Just a few months later, hackers shut down monitoring systems for oil and gas pipelines across the US This primarily caused logistical problems – but it showed how an insecure contractor’s systems could potentially cause problems for primary ones.

The FBI has even warned that hackers are targeting nuclear facilities. A compromised nuclear facility could result in the discharge of radioactive material, chemicals or even possibly a reactor meltdown. A cyberattack could cause an event similar to the incident in Chernobyl. That explosion, caused by inadvertent error, resulted in 50 deaths and evacuation of 120,000 and has left parts of the region uninhabitable for thousands of years into the future.

Mutual Assured Destruction

My concern is not intended to downplay the devastating and immediate effects of a nuclear attack. Rather, it’s to point out that some of the international protections against nuclear conflicts don’t exist for cyberattacks. For instance, the idea of “mutual assured destruction” suggests that no country should launch a nuclear weapon at another nuclear-armed nation: The launch would likely be detected, and the target nation would launch its own weapons in response, destroying both nations.

Cyberattackers have fewer inhibitions. For one thing, it’s much easier to disguise the source of a digital incursion than it is to hide where a missile blasted off from. Further, cyberwarfare can start small, targeting even a single phone or laptop. Larger attacks might target businesses, such as banks or hotels, or a government agency. But those aren’t enough to escalate a conflict to the nuclear scale.

Nuclear Grade Cyberattacks

There are three basic scenarios for how a nuclear grade cyberattack might develop. It could start modestly, with one country’s intelligence service stealing, deleting or compromising another nation’s military data. Successive rounds of retaliation could expand the scope of the attacks and the severity of the damage to civilian life.

In another situation, a nation or a terrorist organization could unleash a massively destructive cyberattack – targeting several electricity utilities, water treatment facilities or industrial plants at once, or in combination with each other to compound the damage.

Perhaps the most concerning possibility, though, is that it might happen by mistake. On several occasions, human and mechanical errors very nearly destroyed the world during the Cold War; something analogous could happen in the software and hardware of the digital realm.

Defending Against Disaster

Just as there is no way to completely protect against a nuclear attack, there are only ways to make devastating cyberattacks less likely.

The first is that governments, businesses and regular people need to secure their systems to prevent outside intruders from finding their way in, and then exploiting their connections and access to dive deeper.

Critical systems, like those at public utilities, transportation companies and firms that use hazardous chemicals, need to be much more secure. One analysis found that only about one-fifth of companies that use computers to control industrial machinery in the U.S. even monitor their equipment to detect potential attacks – and that in 40 percent of the attacks they did catch, the intruder had been accessing the system for more than a year. Another survey found that nearly three-quarters of energy companies had experienced some sort of network intrusion in the previous year.

But all those systems can’t be protected without skilled cybersecurity staffs to handle the work. At present, nearly a quarter of all cybersecurity jobs in the US are vacant, with more positions opening up than there are people to fill them. One recruiter has expressed concern that even some of the jobs that are filled are held by people who aren’t qualified to do them. The solution is more training and education, to teach people the skills they need to do cybersecurity work, and to keep existing workers up to date on the latest threats and defense strategies.

If the world is to hold off major cyberattacks – including some with the potential to be as damaging as a nuclear strike – it will be up to each person, each company, each government agency to work on its own and together to secure the vital systems on which people’s lives depend.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow

World Password Day: Here’s how you can create strong and unique passwords

KV Prasad Jun 13, 2022, 06:35 AM IST (Published)

Listen to the Article (6 Minutes)

Is your password strong enough to keep your data safe or are you using something very easy and predictable to secure your important files or social media?

Network and endpoint security expert recently revealed that ‘123456’ is the most commonly used password globally in its report, Exposed: Cyberattacks on Cloud Honeypots. The said password was attempted at least 1.376 times by cyberattackers to login in the Mumbai cloud server honeypot within a span of 30 days.

A honeypot is a system intended to mimic likely targets of cyberattackers so that security researchers can monitor cybercriminal behaviours, Sophos said, adding that honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.

“Passwords are an important aspect of computer security – they are the front line of protection for user accounts in a very wide variety of services and systems. Unfortunately, people are not changing factory default passwords, which cybercriminals are counting on to carry out their attacks.  Building strong, unique passwords and using a password manager to keep track of them is a best security practice everyone should use in this digital age,” Sunil Sharma, managing director sales, Sophos India & SAARC said.

On World Password Day, here are a few tips on how you can protect your data online with a stronger password: 

• Use complex passwords not just for your email or social media accounts but for laptop and mobile phone logins. This also applies to Netbanking, as well as, digital wallets or apps.
•  Sophos recommends enabling multi-factor authentication wherever possible. This adds an additional layer of protection against someone trying to access personal accounts.
• Use a properly secured password manager that helps you create and store secure passwords and secures it from not appearing on Pwned passwords. Pwned passwords are such passwords which have been previously used for data breaches and are not recommended to use.
• Learn how to choose proper passwords. Since most people end up with a dozen of online accounts and have to create passwords all the time, Sophos recommends to create one really excellent password and lock the central ‘password vault’ of your password manager.
• Sensitive accounts like that of banking and other accounts where financial data is accessed and stored, try to create a unique password, Sophos said.

Elon Musk forms several ‘X Holdings’ companies to fund potential Twitter buyout

3 Mins Read

Thursday’s filing dispelled some doubts, though Musk still has work to do. He and his advisers will spend the coming days vetting potential investors for the equity portion of his offer, according to people familiar with the matter

KV Prasad Journo follow politics, process in Parliament and US Congress. Former Congressional APSA-Fulbright Fellow