News from the World of Computers

Post Reply New Topic

China's cyberattacks against the U.S. and its allies are reaching a "fever pitch," FBI director Christopher Wray warned at the Munich Cyber Security Conference on Thursday.

Wray spoke to allies at the conference about hackers affiliated with the Chinese Communist Party (CCP) that are known to have infiltrated critical U.S. infrastructure and remain "poised to attack" even now. The event is playing host to hundreds of security leaders from Western countries.

"You might find your companies harassed and hacked, targeted by a web of corporate CCP proxies," Wray told the leaders gathered in Germany. "You might also find PRC [People’s Republic of China] hackers lurking in your power stations, your phone companies and other infrastructure, poised to take them down when they decide you stepped too far out of line, and that hurting your civilian population suits the CCP."

"China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011, but these days, it’s reached something closer to a fever pitch," he continued. "What we’re seeing now is China’s increasing build-out of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right."

GOP Sen. Marco Rubio warned on social media that the AT&T outage affecting tens of thousands of Americans pales in comparison to what a potential China cyberattack would look like.

"I don’t know the cause of the AT&T outage," the Florida Republican posted on X on Thursday. "But I do know it will be 100 times worse when #China launches a cyber attack on America on the eve of a #Taiwan invasion.

"And it won’t be just cell service they hit, it will be your power, your water and your bank."

Rubio's warning came as tens of thousands of AT&T customers reported outages on Thursday morning for their home phone, internet and mobile phone services, according to Downdetector.

Change Healthcare has not yet disclosed the specific nature of its cyberattack.

Pharmacies across the U.S. are reporting that they are unable to fulfill prescriptions through patients' insurance due to the ongoing outage at Change Healthcare, which handles much of the billing process.

Several people who work in the healthcare space and whose work is affected by the outage tell TechCrunch that they are experiencing downtime because of the ongoing cyberattack.

Eight years ago, Google came under fire after an artificial intelligence (AI) tool mistakenly labelled pictures of black people as “gorillas” in its photo app.

Now its AI tools have been accused of racial bias once again after its Gemini bot generated ethnically diverse yet utterly implausible images of historical figures.

Its new Gemini AI is able to create images from text prompts alone. Yet the AI inserted black, Asian or American Indian characters into pictures when asked to create people from European or American history, even when those figures were all white.

Among the most absurd images were pictures of “diverse” Nazis, including black and Asian soldiers in Wehrmacht uniforms, and images of black and American Indian “Vikings”.

Relief is coming for hospitals and healthcare providers still reeling from a cyberattack that crippled the nation's largest insurance processing company, leaving them unable to collect payments for weeks.

On Saturday, the Centers for Medicare and Medicaid Services announced it will expand its response to the Feb. 21 cybersecurity breach on Change Healthcare, a subsidiary of UnitedHealth Group, to include advance payments for Medicare Part B providers.

Since the attack, thousands of healthcare providers across the country have struggled to get paid. The emergency funds will allow for upfront payments.

The Biden administration is warning states to be on guard for cyberattacks against water systems, citing ongoing threats from hackers linked to the governments of Iran and China.

“Disabling cyberattacks are striking water and wastewater systems throughout the United States,” Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan wrote in a letter to governors made public Tuesday. “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

Hackers affiliated with the Iranian Government Islamic Revolutionary Guard Corps have attacked drinking water systems, while a People’s Republic of China state-sponsored group, Volt Typhoon, has compromised information technology of drinking water and other critical infrastructure systems, the letter warned.

AT&T said it has begun notifying millions of customers about the theft of personal data recently discovered online.

The telecommunications giant said Saturday that a dataset found on the “dark web” contains information such as Social Security numbers for about 7.6 million current AT&T account holders and 65.4 million former account holders.

The company said it has already reset the passcodes of current users and will be communicating with account holders whose sensitive personal information was compromised.

It is not known if the data "originated from AT&T or one of its vendors,” the company said in a statement. The compromised data is from 2019 or earlier and does not appear to include financial information or call history, it said. In addition to passcodes and Social Security numbers, it may include email and mailing addresses, phone numbers and birth dates.

U.S. adversaries including China and Russia are showing increased interest in disrupting American space assets through cyberattacks that could cripple military communications, a top DOD cyber official said Thursday.

Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang said nation-state hackers are mulling disrupting space assets “at all segments,” and emphasized ground stations that transmit data to satellites and space stations are easiest to target.

“The cybersecurity of the space systems — the ways in which the information from space flows across networks to enable traffic — is something that we’re very worried about,” she told an audience at RSA Conference in San Francisco.

Ground segment space assets like mission control centers, launch facilities and other networking equipment used for relaying data are easiest to breach because defending them from intrusions often involves basic cybersecurity concepts that many other organizations don’t deploy, Eoyang said.

Even if the U.S. government eventually ejects a notorious Chinese hacking operation that has tunneled into critical infrastructure entities, the sweeping digital campaign has permanently altered the cyberthreat landscape, federal officials say.

The hacking activity, labeled Volt Typhoon, remains a major focus of federal national security leaders, who have scrutinized the group’s capabilities as well as its intent — to cause disruption and sow societal panic, especially in the event of a military conflict — and concluded Beijing will not back away from that approach in the future.

The end result is that China has moved beyond the traditional goal of nation-state hacking operations — spying on an adversary — into something more sinister, the officials say.

China remains the biggest cyber threat to the US government, America's critical infrastructure, and its private-sector networks, the nation's intelligence community has assessed.

This is probably not all that shocking to anyone paying attention to recent headlines warning of Beijing's cyber-snoops burrowing into energy facilities, emergency responder networks, and government officials' email inboxes and waiting to unleash some degree of chaos at Chinese President Xi Jinping's command.

But there's an often overlooked threat when it comes to cyber warfare capabilities, according to Crystal Morin, former intelligence analyst for the US Air Force and today cybersecurity strategist at Sysdig.

"A destructive cyber-attack against the United States would come from Iran before someone else," Morin told The Register. Check out our full interview below with Morin to find out her reasoning.

The United States' cyber posture has made steady and significant improvements over the past year despite an ever-changing threat landscape and emerging technologies that stand to reshape the global digital ecosystem, according to the nation's first-ever federal cybersecurity posture report.

The U.S. is "in the midst of a fundamental transformation" in national cybersecurity, the Office of the National Cyber Director said in a Tuesday report that assesses a wide variety of cybersecurity threats. The office also released an accompanying update to the 2023 National Cyber Strategy Implementation Plan that adds 31 new initiatives to the strategy and directs six federal agencies to lead cyber initiatives for the first time.

Despite the White House advancing "an affirmative vision for a safe, prosperous and equitable digital future," National Cyber Director Harry Coker acknowledged in a letter accompanying the report that "the threats we face remain daunting, our defenses are not impregnable and our work continues to evolve to meet the changing landscape."

ONCD described artificial intelligence as "one of the most powerful, publicly accessible technologies of our time" and said advances throughout 2023 in large-language models and other foundational algorithms "presented opportunities and challenges for cyber risk management at scale." The report warned that cybercriminals with limited resources and technical expertise can use AI to conduct malicious cyber activity, while AI-enabled surveillance and censorship have enabled authoritarian regimes "to more effectively and efficiently target journalists, dissidents and human rights defenders."

The implementation plan prioritizes defending critical infrastructure and essential services, calling for healthcare and public health sector-specific cybersecurity performance goals and the establishment of an Education Facilities Subsector Government Coordinating Council. The plan also calls for the adoption of cybersecurity best practices across the water and wastewater systems sector.

ONCD focused on the increasing reliance among critical infrastructure owners and operators on third-party cloud service providers and said that cloud migrations and hybrid deployments can often introduce complex centralized logging and authentication regimes that can allow threat actors to hack identity management systems.

A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time.

Bitdefender researchers who discovered the threat group report that its operations align with Chinese geo-political interests, focusing on intelligence collection and espionage.

Inspections conducted by the EPA since September 2023 found that more than 70% of water systems do not fully comply with the Safe Drinking Water Act. The inspections found that some systems have critical cyber vulnerabilities, including ones introduced by the use of default passwords and authentication systems that can be easily compromised.

Microsoft president Brad Smith in sworn testimony before a congressional committee this week said with humility the company accepts full responsibility for every cybersecurity issue raised in a recent Cyber Safety Review Board report created by multiple officials from several U.S. government agencies including the Department of Homeland Security, the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI).

The investigation was commissioned by President Biden in response to Microsoft disclosing that a Chinese hacking group referred to as “Storm-0558” was responsible for a security breach that led to the access of the email accounts belonging to multiple Federal agencies.

Rep. Mark Green, MD (R-TN), chairman of the House Committee on Homeland Security, noted the unsophisticated attack that the U.S. State Department first discovered, has raised doubts about Microsoft’s ability to ensure U.S. national security. The report concludes that the internal culture at Microsoft needs an overhaul following a cyberattack on Federal agencies that exploited a vulnerability, first disclosed in 2016.

CDK told Reuters it was working to reinstate its services and get its dealers back to business "as quickly as possible".

The company, which provides software to car dealerships, briefly shut down all its systems on Wednesday, saying it was investigating a cyber incident.

The 10 billion passwords included in a file uploaded by a user named ObamaCare are not all new, Cybernews said.

Cybernews said its team "cross-referenced the passwords included in the RockYou2024 leak with data from Cybernews’ Leaked Password Checker, which revealed that these passwords came from a mix of old and new data breaches."

The passwords on the document have likely been collected from more than 4,000 databases over the last 20 years, Cybernews said.

“In its essence, the RockYou2024 leak is a compilation of real-world passwords used by individuals all over the world. Revealing that many passwords for threat actors substantially heightens the risk of credential stuffing attacks,” Cybernews said.

Credential stuffing is when hackers take information, such as passwords, from one data leak and attempt to log onto other websites, which can be very damaging to businesses and consumers, Cybernews said.

The recent wave of hacks targeting several sites including Ticketmaster were the result of credential stuffing attacks, said Cybernews.

Three years ago, a leak of 8.4 billion passwords called RockYou2021 was posted on a hacker site. At the time it was the largest password leak.

Cybernews said its analysis determined that the 10 billion leaked passwords in the RockYou2024 document included 1.5 billion new passwords leaked from 2021 through 2024.

Ransomware attacks are hitting energy and oil and gas sectors harder, costing utilities more in recovery time and funding as victims appear increasingly willing to pay ransom demands, according to a new report from the cybersecurity firm Sophos.

The report looks at ransomware impacts to critical infrastructure organizations and is based on more than 200 responses from a wider survey of 5,000 cybersecurity and IT leaders taken in January and February. Sophos said that the ransomware attack rate appears to be falling globally, but researchers found that recovery times for energy, oil and natural gas, and utilities have been steadily increasing since at least 2022.

“This slowdown may reflect the increased complexity and severity of attacks, necessitating greater recovery work. It may also indicate a growing lack of recovery preparation,” the report notes.

The report found that more than half of energy, oil and gas and utilities ransomware victims took more than a month to recover, up from 19% in 2022.

Russia's surreptitious war in Europe, relying on new-school digital attacks and old-school sabotage, received special attention at last week's NATO summit, including from U.S. Secretary of State Antony Blinken and the alliance's boss, Jens Stoltenberg.

Why it matters: This coordinated chaos — cyberattacks, propaganda, arson, weaponized migration — harries efforts to arm Ukraine as it battles back.

What they're saying: "We have seen a pattern, a Russian campaign, organized by the security services to conduct hostile actions against NATO allies across the alliance," Stoltenberg said at a press conference.

The Environmental Protection Agency is falling far behind on some of the basic duties that come with its responsibilities as the federal lead for helping the water and wastewater sector fight against hackers amid increasing state-backed hacks, a new government watchdog report found.

The Government Accountability Office said in a report on the cybersecurity threats facing the sectors that the EPA “urgently” needs to develop a national strategy in order to address myriad cyber risks. The water sector itself has difficulty “developing a cybersecurity culture,” the GAO report noted, and that has seemingly led to a lack of basic cyber hygiene, which is further exacerbated by scarce resources for digital protections as the costs of maintaining the physical infrastructure increase.

The water sector has significant challenges in the past few years: Iranian-linked hackers defaced Israeli-made industrial equipment at a Pennsylvania water facility, Chinese state hackers dubbed Volt Typhoon burrowed into U.S. water systems with malicious intent, and a Russian nationalist hacktivist group with ties to Moscow’s Main Intelligence Directory military unit hacked into Texas water facilities. While the Biden administration has made protecting the water sector a key cybersecurity priority, the sector has pushed back heavily against regulatory mandates to improve cyber defenses.

A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains.

Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware.

Meanwhile, over a third (35%) of organizations said that they or others they know have already been impacted by nation-state threat actors targeting supply chains to try and insert malicious hardware or firmware into devices.

“System security relies on strong supply chain security, starting with the assurance that devices are built with the intended components and haven’t been tampered with in the factory or during transit,” commented Alex Holland, Principal Threat Researcher in the HP Security Lab.

“If an attacker compromises a device at the firmware or hardware layer, they’ll gain unparalleled visibility and control over everything that happens on that machine. Just imagine what that could look like if it happens to the CEO’s laptop,” he said.

According to the research, security leaders report that they are increasingly being targeted by ransomware actors, averaging nearly eight incidents per year and paying out an average of just under $2.5 million in ransom payments. And while ransomware activity is up across the board, some businesses find themselves to be a more likely target, depending on different demographics, such as the markets in which they operate or size of their organizations.

The U.S. is feeling the heat.

U.S. organizations felt the impact of ransomware the most, experiencing the highest number of incidents on average and paying out the largest ransoms (nearly $2 million more than the global average). German respondents, on the other hand, experienced the fewest incidents.