fbpx
Connect with us

Cybersecurity

FBI email system spammed by hackers’ cybersecurity spam alerts

Published

 on

Cybersecurity spam alerts reached Friday and Saturday the Federal Bureau of Investigation’s (FBI) external email servers by unleashing a wave of fake emails addressing a misleading cyberattack warnings to thousands of people and companies.

In a statement, the FBI revealed that the spam alerts emitted from its Law Enforcement Enterprise Portal (LEEP) system, utilized for communicational purposes between local officials and the states. LEEP’s system acts as a gateway for these authorities to disclose intel on ongoing investigations.

Contradictory to emerging public opinion on the matter, the cybersecurity breach did not address the FBI’s largest corporate email service.

“No actor was able to access or compromise any data or (personally identifiable information) on FBI’s network,” the federal entity disclosed.

“Once we learned of the incident we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks,” it added.

The cybercriminals gained access to LEEP by implementing a “software misconfiguration,” followed by an email blast addressing what happened from a digital ID ending with “@ic.fbi.gov,” to ensure legitimacy, according to the Bureau’s press release.

Once the Federal entity detected the malicious threat, the FBI took offline all its compromised hardware, and any existing vulnerability was “quickly remediated.” In parallel, with reference to the governmental agency, the hackers foundered in accessing the FBI files.

“While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the agency revealed in its updated statement on Sunday.

The compromised cybersecurity spam alerts informed people of a high threat of a “sophisticated chain attack,” with the emails incorporating cybersecurity expert Vinny Troia as the mastermind behind the misleading attacks. The emails also went to wrongly allege that Troia has close associations with the cybercriminal group The Dark Overlord.

The non-profit entity that trails spam and cyber threats, The Spamhaus Project’s research revealed that intruders sent the digital alerts to addresses extracted from the American Registry for Internet Numbers (ARIN) database. In parallel, different non-ARIN-associated emails were incorporated into the spam lead deployed to more than 100,000 inboxes, according to the organization’s Twitter account.

Also, computer security reporter Brian Krebs connected an individual who goes by the label Prompompurin to the scene, claiming that the individual contacted him via an FBI email address the minute the attacks were deployed.

“Hi, it Prompmpurin. Check header to this email it’s actually coming from FBI server,” the email states. Then, KrebsOnSecurity also revealed that had the opportunity to communicate with the individual, who for his part alleges that the hack was mostly directed at showcasing security weaknesses with the bureau’s email system.

“I could’ve 1000 percent used this to send more legit-looking emails, trick companies into handing over data, etc.,” he stated to KerbsOnSecurity.

Then, he further elaborated that he and his team manipulated a security flaw on LEEP’s portal and succeeded in registering for an account by utilizing a one-time credential inserted in the page’s HTML, to control email addresses and their body, resulting in the execution of the colossal spam campaign.

Daryn is a technical writer with thorough history and experience in both academic and digital writing fields.

Cybersecurity

Australia to ‘fight back’ against hostile states in cyber – minister

Published

 on

Australia and Britain will “fight back” against cyber attacks from China, Russia, and Iran, defense minister Peter Dutton said ahead of consultations with Britain in Sydney.

Australia’s defense and foreign affairs ministers will meet with Britain’s defense secretary Ben Wallace and foreign secretary Liz Truss on Friday for the annual Australia-United Kingdom Ministerial Consultations (AUKMIN).

Australia and Britain would coordinate cyber sanction regimes to increase deterrence, raising the costs for hostile state activity in cyberspace, said foreign affairs minister Marise Payne, after signing an agreement on Thursday with Truss.

“Australia is committed to working with partners such as the UK to challenge malign actors who use technology to undermine freedom and democracy,” Payne said in a statement.

Dutton said Friday’s meeting would have a big focus on cyber.

“Both the UK and Australia get regular attacks from Russia and from China, Iran and other countries,” he said on radio, adding they would “fight back”.

Discussions will also identify areas where Australia and the Britain can work together in the Indo-Pacific region, and Australia’s nuclear submarine program.

The new Aukus defence alliance with Britain and the United States, which last year prompted Australia to cancel a contract for a conventional French submarine in favour of a nuclear submarine prpgram supported by the United States and Britain, was crucial for Australia, he said.

“They are big countries and they have big military machines and are important allies and friends for us as a smaller country of only 25 million people if we are going to deter countries from aggressive behaviour,” he said.


SYDNEY (Reuters)

Continue Reading

Cybersecurity

China drafts rules on security reviews for apps influencing public opinion

Published

 on

China’s cyber regulatory body issued on Wednesday draft rules governing mobile apps, including a requirement for security reviews of apps whose functions could influence public opinion.

The proposed regulations are part of a campaign run by the Cyberspace Administration of China (CAC) over the past year to increase oversight of the country’s tech companies.

The public has been invited to give feedback on the draft rules by Jan. 20.

The proposals will require application providers to carry out a security assessment before launching “new technologies, new applications, and new functions” capable of influencing opinion or mobilising the public.

The CAC did not specify any specific apps or outline the security assessment process other than to say it should be carried out in accordance with national regulations.

The proposed rules would apply to “text, picture, voice, video and other information production”, as well as instant messaging, news dissemination, forum communities, livestreaming, and e-commerce, the regulator said.

The regulator added that mobile app providers must not conduct activities that endanger national security, or force users to share non-essential personal information.

News apps must obtain licenses granting permission to publish news, it said.

Over the past year, Chinese authorities have tightened regulations across a number of industries, ranging from gaming to real estate to education.

The CAC has led a number of initiatives targeting the country’s tech sector.

On Tuesday, CAC announced it would implement two new rules. One rule requires platform companies with over 1 million users to undergo security assessments before listing overseas, which would take effect in February. The other rule governs companies’ use of recommendation algorithms, which would take effect in March.


SHANGHAI (Reuters)

Continue Reading

Cybersecurity

China to order cybersecurity reviews for some firms seeking overseas listings

Published

 on

China said on Tuesday it would put in force new rules that will boost oversight over how its platform companies make plans to list abroad or use recommendation algorithms, in moves set to tighten Beijing’s grip over its sprawling technology sector.

The Cyberspace Administration of China (CAC) said it would from Feb. 15 implement new rules that require platform companies with data for more than 1 million users to undergo a security review before listing their shares overseas.

In a separate statement, the CAC also said it would implement new rules governing the use of algorithm recommendation technology from March 1, requiring companies to give users the right to switch off the service and increasing oversight of news providers that use such technology to disseminate information.

Both sets of rules were proposed last year and are expected to potentially impact a large swathe of companies, such as TikTok owner ByteDance, e-commerce giant Alibaba Group and many more smaller players.

ByteDance and Alibaba did not immediately respond to Reuters’ request for a comment.

The CAC move comes amid a slew of regulatory changes in China over the past year that have dampened the appetite of firms to list overseas but bankers hope the new rules will provide more clarity in 2022.

The CAC did not specify whether the rules will apply to companies seeking listings in Hong Kong. But lawyers and bankers said based on its wording it appeared that Chinese companies with more than 1 million users seeking to list in the city would not be required to seek the cybersecurity review.

“Hong Kong is being treated as part of China, offshore though not foreign market, and this paves the way for more deals to return to Hong Kong,” one investment banker at a Western institution told Reuters, asking not be named as he was not permitted to speak to the media.

In Hong Kong, the Hang Seng Index fell 0.36% and the city’s tech index lost 1.44%.

Shares in Hong Kong Exchanges and Clearing Ltd, the operator of the Hong Kong stock exchange, were last down 1.9%. They fell as much as 2.4% following the announcement.

“If this is not retrospective then it would only affect listing aspirants and not companies already listed. Having said that, companies in the latter camp already have a lot on their minds,” said Justin Tang, head of Asian research at investment adviser United First Partners in Singapore.

The rules published on Tuesday did not specify whether the planned changes would be retrospective.

NARROWED SCOPE

The CAC first proposed the cybersecurity reviews in July https://www.reuters.com/world/china/china-widens-clampdown-overseas-listings-with-pre-ipo-review-firms-with-large-2021-07-10, saying they would put a focus on the risks of data being affected, controlled or manipulated by foreign governments after overseas listings.

Alex Roberts, who tracks data policy at law firm Linklaters in Shanghai, said the new rules appeared to have shrunk the scope of the companies likely to be affected by the changes, as compared to the proposal made in July.

“The most significant change in these cybersecurity review measures seems to be the narrowing of the review’s application to only critical information providers, data processors that may impact national security, or platform operators holding over 1 million individuals’ personal data,” said Roberts, but he added the rules still do not provide ample specificity as to what types of companies will be affected.

“This ambiguity will be a real concern for successful multi-channel businesses in China’s digital economy given the current uncertainty of the review process.”

The CAC changes come after a slew of recent moves by Chinese authorities to boost oversight over Chinese companies’ offshore listings.

China’s state planner said last week it would demand regulatory clearance https://www.reuters.com/world/china/china-tightens-scrutiny-offshore-listings-sectors-off-limits-foreign-investment-2021-12-27 for overseas Chinese listings in sensitive sectors such as internet news and publishing.

Separately, the China Securities Regulatory Commission (CSRC) said on Dec. 24 it would require companies wishing to list overseas to submit filings to the agency first for registration, under a system that also involves close coordination among various regulatory bodies.


SHANGHAI (Reuters)

Continue Reading

Trending