fbpx
Connect with us

Cybersecurity

Swaths of internet down, outage at cloud company Fastly

Associated Press

Published

 on

Numerous websites went offline Tuesday after an apparent widespread outage at the cloud service company Fastly.

Dozens of high-traffic websites including the New York Times, CNN, Twitch, Reddit, and the U.K. government’s home page, could not be reached.

San Francisco-based Fastly acknowledged a problem just before 1000 GMT. It said in repeated updates on its website that it was “continuing to investigate the issue.”

About an hour later, the company said: “The issue has been identified and a fix has been applied. Customers may experience increased origin load as global services return.”

A number of sites that were hit early appeared to be coming back online.

Some visitors trying to access CNN.com got a message that said: “Fastly error: unknown domain: cnn.com.” Attempts to access the Financial Times website turned up a similar message while visits to the New York Times and U.K. government’s gov.uk site returned an “Error 503 Service Unavailable” message, along with the line “Varnish cache server,” which is a technology that Fastly is built on.

Down Detector, which tracks internet outages, said: “Reports indicate there may be a widespread outage at Fastly, which may be impacting your service.”

Fastly describes itself as an “edge cloud platform.” It provides vital behind-the-scenes cloud computing services to many of the web’s high profile sites, by helping them them to store, or “cache,” content in servers around the world so that it’s closer to users.


LONDON (AP).

Advertisement

Cybersecurity

McDonald’s latest company to be hit by a data breach

Associated Press

Published

 on

McDonald's Data Breach

McDonald’s has become the latest company to be hit by a data breach after unauthorized activity on its network exposed the personal data of some customers in South Korea and Taiwan.

McDonald’s Corp. said Friday that it quickly identified and contained the incident and that a thorough investigation was done.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” the burger chain said.

McDonald’s said its investigation determined that only South Korea and Taiwan had customer personal data accessed, and that they would be taking steps to notify regulators and also the customers who may be impacted. No customer payment information was exposed.

McDonald’s said it will look at the investigation’s findings, coupled with input from security resources, to identify ways to further enhance its existing security measures.

Businesses across various sectors are being targeted by cybercriminals, including some very high profile cases in recent weeks. On Wednesday, JBS SA, the world’s largest meat processing company, revealed that it had paid the equivalent of $11 million to hackers who broke into its computer system last month.

And Colonial Pipeline, which transports about half of thec fuel consumed on the East Coast, last month paid a ransom of 75 bitcoin — then valued at roughly $4.4 million — in hopes of getting its system back online. On Monday the Justice Department announced that it had recovered most of the ransom payment.


By MICHELLE CHAPMAN AP Business Writer.

Continue Reading

Cybersecurity

NY transit officials confirm cyberattack; say harm limited

Associated Press

Published

 on

NY transit officials confirm cyberattack; say harm limited

Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America’s largest transit system, MTA officials confirmed on Wednesday.

The officials said in a statement that that agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk.

The MTA insisted that it quickly shut down the attack. It said a follow-up forensic analysis also found that no sensitive information was stolen and that rail service for millions of riders each day and other operations were never compromised or disrupted.

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat,” said Rafail Portnoy, the MTA’s chief technology officer.

The cyberattack was first reported on Wednesday by The New York Times, citing an internal document that was not made public. It was suspected that the breach had links to China, according to the Times.

A statement from the MTA did not mention China. There was no immediate response to requests for comment from the Department of Homeland Security, which is investigating the case.

The MTA systems appear to have been attacked on two days in the second week of April and continued at least until April 20, the Times reported. Hackers gained to systems used by New York City Transit — which oversees the subway and buses — and also the Long Island Rail Road and Metro-North Railroad, according to the MTA document, the newspaper said.


NEW YORK (AP)

Continue Reading

Cybersecurity

US says agencies largely fended off latest Russian hack

Associated Press

Published

 on

The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month’s planned presidential summit.

Officials downplayed the cyber assault as “basic phishing” in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups. Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam.

As of Friday afternoon, the company said it was “not seeing evidence of any significant number of compromised organizations at this time.”

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter.

“I don’t think it’ll create a new point of tension because the point of tension is already so big,” said James Lewis, a senior vice president at the Center for Strategic and International Studies. “This clearly has to be on the summit agenda. The president has to lay down some markers” to make clear “that the days when you people could do whatever you want are over.”

The summit comes amid simmering tensions driven in part by election interference by Moscow and by a massive breach of U.S. government agencies and private corporations by Russian elite cyber spies who infected the software supply chain with malicious code. The U.S. responded with sanctions last month, prompting the Kremlin to warn of retribution.

Asked Friday whether the latest hacking effort would affect the Biden-Putin summit, principal deputy press secretary Karine Jean-Pierre said, “We’re going to move forward with that.”

The U.S., which has previously called out Russia or criminal groups based there for hacking operations, did not blame anyone for the latest incident. Microsoft attributed it to the group behind the SolarWinds campaign, in which at least nine federal agencies and dozens of private sector companies were breached through a contaminated software update.

In this case, hackers gained access to an email marketing account of the U.S. Agency for International Development, and masquerading as the government body, targeted about 3,000 email accounts at more than 150 different organizations. At least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.

The company did not say what portion of the attempts may have led to successful intrusions but said in a separate technical blog post that most were blocked by automated systems that marked them as spam. The White House said even if an email eluded those systems, a user would still have to click on the link to activate the malicious payload.

Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.

Separately, the prominent cybersecurity firm FireEye said it has been tracking “multiple waves” of related spear-phishing by hackers from Russia’s SVR foreign intelligence agency since March — preceding the USAID campaign — that used a variety of lures including diplomatic notes and invitations from embassies.

The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”

Microsoft said the campaign is ongoing and built on escalating spear-phishing campaigns it first detected in January.

USAID spokeswoman Pooja Jhunjhunwala said Friday that it was investigating with the help of the Cybersecurity and Infrastructure Security Agency. Constant Contact spokeswoman Kristen Andrews called it an “isolated incident.”

While the SolarWinds campaign,was supremely stealthy and began as far back as 2019 before being detected in December by FireEye, this campaign is what cybersecurity researchers call noisy, meaning easy to detect.

And though “the spear phishing emails were quickly identified, we expect that any post-compromise actions by these actors would be highly skilled and stealthy,” FireEye’s VP of analysis, John Hultquist, said in a statement Friday. He said the incident “is a reminder that cyber espionage is here to stay.”

Many cybersecurity experts did not consider the operation an escalation of online Russian aggression.

“I think it’s par for the course,” said Jake Williams, president of Rendition Infosec and a former U.S. government hacker. He said it’s naive to think that U.S. cyber operators aren’t engaged in similar operations targeting adversaries.

Bobby Chesney, a University of Texas at Austin law professor specializing in national security, said it is nowhere near as serious as the SolarWinds hack. Nor does it come anywhere near the damage done by the ransomware attack earlier this month — by Russian-speaking criminals tolerated by the Kremlin — that temporarily knocked the Colonial Pipeline offline.

Chesney said he thought it was wrong to regard the USAID targeting as a Russian response to sanctions or a sign the sanctions were somehow feckless.

“I don’t think it proves anything, really,” Chesney said. “It’s no surprise at all that the SVR is still engaged in espionage in the cyber domain. I don’t think we tried to deter them out of doing this wholesale.”


WASHINGTON (AP) — By FRANK BAJAK and ERIC TUCKER Associated Press..

Bajak reported from Boston. Associated Press writer Alan Suderman contributed from Richmond, Va.

Continue Reading

Trending