Recently discovered Chinese cyber-attacks are becoming more sophisticated taking years to find

Revelations 6:3-4 “when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Wave of Stealthy China Cyberattacks Hits U.S., Private Networks, Google Says
  • Attacks represent new level of ingenuity and sophistication from China, according to researchers
  • State-sponsored hackers from China have developed techniques that evade common cybersecurity tools and enable them to burrow into government and business networks and spy on victims for years without detection, researchers with Alphabet Inc.’s Google found.
  • Instead of infiltrating systems behind the corporate firewall, they are compromising devices on the edge of the network—sometimes firewalls themselves—and targeting software built by companies such as VMware Inc. or Citrix Systems Inc. These products run on computers that don’t typically include antivirus or endpoint detection software.
  • The Chinese Embassy in Washington didn’t immediately respond to a request for comment.
  • The tactics deployed are so stealthy that Mandiant believes the scope of Chinese intrusion into U.S. and Western targets is likely far broader than currently known

Read the original article by clicking here.

Another Cyberattack Warning from U.S. Department of Justice

Important Takeaways:

  • Kansas nuclear plant was hacking target of Russian spies, Department of Justice says
  • A nuclear power plant in eastern Kansas was one target of computer hackers organized by Russia’s spy agency as part of a large-scale international operation to seize control over critical infrastructure assets in the U.S., the Department of Justice alleged in an indictment unsealed Thursday.
  • The agents are accused of computer fraud, wire fraud, identity theft and causing damage to the property of an energy facility.
  • The Wolf Creek Nuclear Operating Corporation, based in Burlington, is named in the indictment as one of hundreds of U.S. energy sector operations targeted by Russian intelligence.
  • Through their efforts, the agents allegedly used a spearphishing method to compromise the company’s computer systems in which they sent emails while posing as employees.
  • Between 2012 and 2017, the three Russian agents were allegedly part of a military unit that intruded computers and attacked supply chains.

Read the original article by clicking here.

President Biden issues warning of potential Cyber Attack

  • Biden releases Russian cyberattack warning to all Americans – here it is
  • This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.
  • I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.
  • Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.
  • We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.

Read the original article by clicking here.

US to fill gap in cyber security jobs with over half a million open positions

Important Takeaways:

  • Amid Heightened Risk of Cyber Attack, US Scrambles to Fill Nearly 600,000 Open Cyber Security Jobs
  • Cyber protection is no longer optional. The future is now, and the war in Ukraine has escalated the threat of destructive ransomware attacks to an all-time high.
  • The intelligence community says it’s focused on four potential scenarios.
  • “We’re very, very focused on ransomware actors that might conduct attacks against our allies or our nation. We’re very, very focused on some type of cyber activity that’s designed for perhaps Ukraine that spreads more broadly into other countries. Third, is any type of attack that an adversary would conduct on an ally. And finally, certainly our critical infrastructure,” said NSA Director Gen. Paul Nakasone.
  • “In today’s society, everything is connected, everything is interdependent, and therefore, everything is potentially vulnerable,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA)
  • “In 2019 in the U.S., you had about a bit less than 50,000 people who…graduated from a master’s in computer science
  • The numbers just don’t add up: 50,000 people to fill nearly 600,000 jobs. So the tech industry is trying to help fill the void.

Read the original article by clicking here.

Heightened warnings from Intel community of potential Cyberattack

Matthew 24:6 You will hear of wars and rumors of wars, but see to it that you are not alarmed. Such things must happen, but the end is still to come.

Important Takeaways:

  • Russia Could Launch Cyber Attacks Against U.S. if Biden Sends Wrong Signals, Intel Warns
  • The Department of Homeland Security has warned:
    • “We assess that Russia would consider initiating a cyber-attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,”
    • The warning came as President Joe Biden sent additional weapons to Ukrainian forces and reportedly weighed the option of sending thousands of U.S. troops to the Baltic states
    • And if these risks turn kinetic, he warned such an escalation could pass the point of no return.
    • “Once the shots are fired, there is no putting the genie back in the bottle,” Vindman said.

Read the original article by clicking here.

Exclusive-Cyber attack disrupts major South African port operations

By Zandi Shabalala and Tanisha Heiberg

JOHANNESBURG (Reuters) – A cyber attack disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said.

Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters.

Cape Town Harbor Carriers Association said in an email to members, seen by Reuters: “Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored.”

Transnet’s official website was down on Thursday showing an error message.

Transnet, which operates major South African ports, including Durban and Cape Town, and a huge railway network that transports minerals and other commodities for export, confirmed its IT applications were experiencing disruptions and it was identifying the cause.

It declined to comment on whether a cyber attack caused the disruption. The sources, who asked not to be named because they are not authorized to speak to the press, said an attack occurred early on Thursday.

The state-owned company already suffered major disruptions to its ports and national freight rail line last week following days of unrest and violence in parts of the country.

The latest disruption has delayed containers and auto parts, but commodities were mostly be unaffected as they were in a different part of the port, one of the sources said.

It will also create backlogs that could take time to clear.

Transnet said its container terminals were disrupted while its freight rail, pipeline, engineering and property divisions reported normal activity.

Most of the copper and cobalt mined in the Democratic Republic of Congo and Zambia, where miners such as Glencore and Barrick Gold operate, use Durban to ship cargo out of Africa.

(Reporting by Zandi Shabalala and Tanisha Heiberg; additional reporting by Helen Reid, editing by Susan Fenton, Pratima Desai and Barbara Lewis)

Colonial Pipeline CEO tells Senate cyber defenses were compromised ahead of hack

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee on Tuesday that the company’s cyber defenses were in place, but were compromised ahead of an attack last month.

The hearing was convened to examine threats to critical infrastructure and the Colonial Pipeline cyber attack that shut the company’s major fuel conduits last month.

The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gasoline prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

Senators questioned whether Colonial was sufficiently prepared for a ransomware attack and the company’s timeline for responding to the attack. Some suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.

Colonial did not specifically have a plan for a ransomware attack, but did have an emergency response plan, Blount said. The company reached out to the FBI within hours of the cyber attack, he said.

“We take cybersecurity very seriously,” Blount said. Still, he said the attack occurred using a legacy VPN (Virtual Private Network) system that did not have multifactor authentication in place.

He said the system was protected with a complex password. “It wasn’t just Colonial123,” he said.

Blount said he made the decision to pay ransom, made the decision to keep the payment as confidential as possible because of concern for security.

“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.

However, he said even after getting the key, the company is still continuing to recover from the attack and is currently bringing back seven finance systems that have been offline since May 7, he said.

The Justice Department on Monday said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

(Reporting By Stephanie Kelly and Jessica Resnick-AultEditing by Marguerita Choy)

U.S. says ransomware attack on meatpacker JBS likely from Russia

By Tom Polansek and Jeff Mason

CHICAGO/ABOARD AIR FORCE ONE (Reuters) -The White House said on Tuesday that Brazil’s JBS SA has informed the U.S. government that a ransomware attack against the company that has disrupted meat production in North America and Australia originated from a criminal organization likely based in Russia.

JBS is the world’s largest meatpacker and the incident caused its Australian operations to shut down on Monday and has stopped livestock slaughter at its plants in several U.S. states.

The ransomware attack follows one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, that crippled fuel delivery for several days in the U.S. Southeast.

White House spokeswoman Karine Jean-Pierre said the United States has contacted Russia’s government about the matter and that the FBI is investigating.

“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said.

“JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre added.

The FBI and Department of Homeland Security did not immediately respond to requests for comment.

JBS sells beef and pork under the Swift brand, with retailers like Costco carrying its pork loins and tenderloins. JBS also owns most of chicken processor Pilgrim’s Pride Co, which sells organic chicken under the Just Bare brand.

If the outages continue, consumers could see higher meat prices during summer grilling season in the United States and meat exports could be disrupted at a time of strong demand from China.

JBS said it suspended all affected systems and notified authorities. It said its backup servers were not affected.

“On Sunday, May 30, JBS USA determined that it was the target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a Monday statement.

“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the company’s statement said.

The company, which has its North American operations headquartered in Greeley, Colorado, controls about 20% of the slaughtering capacity for U.S. cattle and hogs, according to industry estimates.

“The supply chains, logistics, and transportation that keep our society moving are especially vulnerable to ransomware, where attacks on choke points can have outsized effects and encourage hasty payments,” said threat researcher John Hultquist with security company FireEye.

U.S. beef and pork prices are already rising as China increases imports, animal feed costs rise and slaughterhouses face a dearth of workers.

The cyberattack on JBS could push U.S. beef prices even higher by tightening supplies, said Brad Lyle, chief financial officer for consultancy Partners for Production Agriculture.

Any impact on consumers would depend on how long production is down, said Matthew Wiegand, a risk management consultant and commodity broker at FuturesOne in Nebraska.

“If it lingers for multiple days, you see some food service shortages,” Wiegand added.

Two kill and fabrication shifts were canceled at JBS’s beef plant in Greeley due to the cyberattack, representatives of the United Food and Commercial Workers International Union Local 7 said in an email. JBS Beef in Cactus, Texas, also said on Facebook it would not run on Tuesday.

JBS Canada said in a Facebook post that shifts had been canceled at its plant in Brooks, Alberta, on Monday and one shift so far had been canceled on Tuesday.

A representative in Sao Paulo said the company’s Brazilian operations were not impacted.

‘FOOD SECURITY’

The United States Cattlemen’s Association, a beef industry group, said on Twitter that it had reports of JBS redirecting livestock haulers who arrived at plants with animals ready for slaughter.

Last year, cattle and hogs backed up on U.S. farms and some animals were euthanized when meat plants shut due to COVID-19 outbreaks among workers.

A JBS beef plant in Grand Island, Nebraska, said only workers in maintenance and shipping were scheduled to work on Tuesday due to the cyberattack.

U.S. congressman Rick Crawford, an Arkansas Republican, called for a bipartisan effort to secure food and cyber security in the wake of the cyberattack.

“Cyber security is synonymous with national security, and so is food security,” Crawford wrote on Twitter.

(Reporting by Caroline Stauffer, Tom Polansek, Mark Weinraub in Chicago; Additional reporting by Jeff Mason aboard Air Force One and Trevor Hunnicutt in Washington, Ana Mano in Sao Paulo and Joe Menn in San Francisco; Editing by Chizu Nomiyama, Will Dunham and Nick Zieminski)

Microsoft says group behind SolarWinds hack now targeting government agencies, NGOs

By Kanishka Singh and Raphael Satter

WASHINGTON (Reuters) -The group behind the SolarWinds cyber attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft Corp said on Thursday.

“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” Microsoft said in a blog.

Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020, according to Microsoft.

The comments come weeks after a May 7 ransomware attack on Colonial Pipeline shut the United States’ largest fuel pipeline network for several days, disrupting the country’s supply.

“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Microsoft said on Thursday.

While organizations in the United States received the largest share of attacks, targeted victims came from at least 24 countries, Microsoft said.

At least a quarter of the targeted organizations were involved in international development, humanitarian issues and human rights work, Microsoft said in the blog.

Nobelium launched this week’s attacks by breaking into an email marketing account used by the United States Agency For International Development (USAID) and from there launching phishing attacks on many other organizations, Microsoft said.

In statements issued Friday, the Department of Homeland Security and USAID both said they were aware of the hacking and were investigating.

The hack of information technology company SolarWinds, which was identified in December, gave access to thousands of companies and government offices that used its products. Microsoft President Brad Smith described the attack as “the largest and most sophisticated attack the world has ever seen”.

This month, Russia’s spy chief denied responsibility for the SolarWinds cyber attack but said he was “flattered” by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.

The United States and Britain have blamed Russia’s Foreign Intelligence Service (SVR), successor to the foreign spying operations of the KGB, for the hack which compromised nine U.S. federal agencies and hundreds of private sector companies.

The attacks disclosed by Microsoft on Thursday appeared to be a continuation of multiple efforts to target government agencies involved in foreign policy as part of intelligence gathering efforts, Microsoft said.

The company said it was in the process of notifying all of its targeted customers and had “no reason to believe” these attacks involved any exploitation or vulnerability in Microsoft’s products or services.

(Reporting by Kanishka Singh and Sabahatjahan Contractor in Bengaluru; additional reporting by Raphael Satter in Washington; Editing by Robert Birsel and Clarence Fernandez)

U.S. pump prices head for highest since 2014 as hacked fuel pipeline shut

By Devika Krishna Kumar and Laila Kearney

NEW YORK (Reuters) – U.S. gasoline prices at the pump jumped 6 cents in the latest week and could soon be headed for the highest level since 2014 due to the supply disruption caused by a cyber attack on the country’s biggest fuel pipeline system.

The ransomware attack forced Colonial Pipeline to shut down its entire system on Friday. Some smaller lines were restarted Sunday. Colonial on Monday said it expects to “substantially” restore operational service by the end of the week.

The network ships more than 2.5 million barrels per day (bpd) of gasoline, diesel and jet fuel from the Gulf Coast to populous southeast and northeast states.

Gas prices have risen 6 cents per gallon on the week, said the American Automobile Association. The average price stood at $2.967 for regular unleaded gasoline compared with $2.904 a week earlier, the AAA said.

If the trend continues, an increase of 3 more cents would make the national average the most expensive since November 2014.

The southeastern United States will be the first to see price rises at the pumps due to the supply disruption caused by the shutdown of the country’s top fuel pipeline network – and demand has already picked up as drivers fill their tanks, industry experts said.

Areas including Mississippi, Tennessee and the east coast from Georgia into Delaware are most likely to experience limited fuel availability and price increases, as early as this week, said Jeanette McGee, AAA spokesperson, adding that those states may see prices increase three to seven cents this week.

“The shorter the pipeline shutdown, the better news for motorists.”

Parts of Florida, Georgia, Alabama, South Carolina, North Carolina, and Tennessee rely on the line for their fuel supplies and some of them suffered acute localized shortages and spikes in prices at the pump during previous shutdowns. Airlines in the region would also be vulnerable to a prolonged outage, said Tom Kloza, founder of the Oil Price Information Service.

U.S. gasoline demand is picking as more people are vaccinated against COVID-19 and begin to travel more. The peak demand summer driving season begins at the end of May.

Experts also urged drivers to avoid panic buying.

“Motorists are well advised not to strain the system by filling up or beating price adjustments- for they may make the problem much more severe if they do strain the system,” said Patrick DeHaan, head of petroleum analysis at fuel tracking firm GasBuddy.

(Reporting by Devika Krishna Kumar and Laila Kearney in New York; Editing by David Gregorio)