fbpx
Connect with us

Cybersecurity

Microsoft: Russia behind 58% of detected state-backed hacks

Published

 on

Microsoft Russia behind 58% of detected state-backed hacks

Russia accounted for most state-sponsored hacking detected by Microsoft over the past year, with a 58% share, mostly targeting government agencies and think tanks in the United States, followed by Ukraine, Britain and European NATO members, the company said.

The devastating effectiveness of the long-undetected SolarWinds hack — it mainly breached information technology businesses including Microsoft — also boosted Russian state-backed hackers’ success rate to 32% in the year ending June 30, compared with 21% in the preceding 12 months.

China, meanwhile, accounted for fewer than 1 in 10 of the state-backed hacking attempts Microsoft detected but was successful 44% of the time in breaking into targeted networks, Microsoft said in its second annual Digital Defense Report, which covers July 2020 through June 2021.

While Russia’s prolific state-sponsored hacking is well known, Microsoft’s report offers unusually specific detail on how it stacks up against that by other U.S. adversaries.

The report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country, hit by more than triple the attacks of the next most targeted nation. Ransomware attacks are criminal and financially motivated.

By contrast, state-backed hacking is chiefly about intelligence gathering — whether for national security or commercial or strategic advantage — and thus generally tolerated by governments, with U.S. cyber operators among the most skilled. The report by Microsoft Corp., which works closely with Washington government agencies, does not address U.S. government hacking.

The SolarWinds hack was such an embarrassment to the U.S. government, however, that some Washington lawmakers demanded some sort of retaliation. President Joe Biden has had a difficult time drawing a red line for what cyberactivity is permissible. He has issued vague warnings to President Vladimir Putin to get him to crack down on ransomware criminals, but several top administration cybersecurity officials said this week that they have seen no evidence of that.

Overall, nation-state hacking has about a 10%-20% success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit, which is focused on nation-state actors. “It’s something that’s really important for us to try to stay ahead of — and keep driving that compromised number down — because the lower it gets, the better we’re doing,” Goodwin said.

Goodwin finds China’s “geopolitical goals” in its recent cyberespionage especially notable, including targeting foreign ministries in Central and South American countries where it is making Belt-and-Road-Initiative infrastructure investments and universities in Taiwan and Hong Kong where resistance to Beijing’s regional ambitions is strong. The findings further belie as obsolete any conventional wisdom that Chinese cyber spies’ interests are limited to pilfering intellectual property.

Russian hack attempts were up from 52% in the 2019-20 period as a share of global cyber-intrusion bids detected by the “nation-state notification service” that Microsoft employs to alert its customers. For the year ending June 30, North Korea was second as country of origin at 23%, up from less than 11% previously. China dipped to 8% from 12%.

But attempt volume and efficacy are different matters. North Korea’s failure rate on spear-phishing — targeting individuals, usually with booby-trapped emails — was 94% in the past year, Microsoft found.

Only 4% of all state-backed hacking that Microsoft detected targeted critical infrastructure, the Redmond, Washington-based company said, with Russian agents far less interested in it than Chinese or Iranian cyber-operatives.

After the SolarWinds hack was discovered in December, the Russians transitioned back to focus mostly on government agencies involved in foreign policy, defense and national security, followed by think tanks then health care, where they targeted organizations developing and testing COVID-19 vaccines and treatments in the United States, Australia, Canada, Israel, India and Japan.

In the report, Microsoft said Russian state hackers’ recent greater efficacy “could portend more high-impact compromises in the year ahead.” Accounting for more 92% of the detected Russian activity was the elite hacking team in Russia’s SVR foreign intelligence agency best known as Cozy Bear.

Cozy Bear, which Microsoft calls Nobelium, was behind the SolarWinds hack, which went undetected for most of 2020 and whose discovery badly embarrassed Washington. Among badly compromised U.S. government agencies was the Department of Justice, from which the Russian cyber spies exfiltrated 80% of the email accounts used by the U.S. attorneys’ offices in New York.

Microsoft’s nation-state notifications, of which about 7,500 were issued globally in the period covered by the report, are by no means exhaustive. They only reflect what Microsoft detects.


BOSTON (AP)

Cybersecurity

Panasonic confirms cyber breach to its access data

Published

 on

Japanese manufacturing titan, Panasonic, confirmed Friday its network has been infiltrated by a cyberattack directed at its access data, on November 11, by gaining entry via third party.

In its statement, the company revealed that “some data on a file server had been accessed during the intrusion.”

This marks the only information publicized by the tech manufacturing giant. However, homegrown publications Mainichi and NHK alleged the breach was initiated June 22 and terminated November 23.

“After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said in its statement.

“In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/ or sensitive information related to social infrastructure,” it added.

In parallel, NHK disclosed that the breached servers contained data about Panasonic business partners and the manufacturer’s own technology, adding that a previous cyberattack directed at a subsidiary also obtained personal business data.

Panasonic also stated that aside from directing its own probe into the matter, the company is also seeking experts’ assistance by working with a third-party establishment to examine all aspects of the cyberattack. This will help the entity identify whether the infiltration was directed towards clients’ personal data.

“We cannot predict whether it will affect our business or business performance, but we cannot deny the possibility of a serious incident,” the Japanese titan said told one of the publications on Friday.

Earlier in March, Panasonic joined forces with cyber security company McAfee to institute a cybersecurity operations center (SOS) to address the rising risks of these attacks on its infrastructure. The pact will prioritize and strictly focus on detection and response.

Continue Reading

Cybersecurity

Apple suing Israeli hacker-for-hire company NSO Group

Published

 on

Tech giant Apple announced Tuesday it is suing Israel’s NSO Group, seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Apple said in a complaint filed in federal court in California that NSO Group employees are “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Apple said NSO Group’s spyware, called Pegasus, had been used to attack a small number of Apple customers worldwide.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering.

NSO Group has broadly denied wrongdoing and said its products have been used by governments to save lives.

“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” the company said in a statement.

It’s the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.

Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.

The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports.

Also this month, security researchers disclosed that Pegasus spyware was detected on the cellphones of six Palestinian human rights activists. And Mexican prosecutors recently announced they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.

Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app. A U.S. federal appeals court issued a ruling this month rejecting an effort by NSO Group to have the lawsuit thrown out.

Apple also announced Tuesday that it was donating $10 million, as well as any damages won in the NSO Group lawsuit, to cybersurveillance researchers and advocates.


RICHMOND, Va. (AP)

Continue Reading

Cybersecurity

Thousands of Phone Numbers Compromised During Robinhood Hack

Published

 on

Popular investment and trading platform Robinhood stated that “limited information” had been stolen during a cyber-attack targeting the company last week but highlighted that among them were thousands of personal phone numbers.

Robinhood said on Tuesday, that the list obtained by the hackers, which contained email addresses for about five million people and full names for a different group of roughly two million people, included “several thousand entries” with phone numbers.

While the company failed to reveal how many phone numbers were on the list, Motherboard reported that it’s about 4,400.

Motherboard got a copy of the stolen phone numbers “from a source who presented themselves as a proxy for the hackers.” In a statement, Robinhood did not confirm whether the phone numbers Motherboard had obtained, were authentic but did acknowledge that the stolen information included thousands of phone numbers.

However, the blog added: “We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We’ll continue making appropriate disclosures to affected people.”

The company added: “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”

On his side, Robinhood Chief Security Officer Caleb Sima said, “As a Safety-First company, we owe it to our customers to be transparent and act with integrity.”

“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” he noted.

Continue Reading

Trending