Tag Archives: Extortion

Security News for the Week Ending December 6, 2019

Caller Poses as CISA Rep in Extortion Scam

Homeland Security’s CISA (Cybersecurity and Infrastructure Security Agency) says that they are aware of a scam where a caller pretends to be a CISA rep and claims to have knowledge of the potential victim’s questionable behavior.  The caller then attempts to extort the potential victim.

CISA says not to fall for the scam, do not pay the extortion and contact the FBI.  Source: Homeland Security.

Senate Committee Approves $250 Mil for Utility Security

The PROTECT  program would provide grants for utilities to improve their security.  Given that a carefully distributed government report says that the Russians (and not the Chinese) have compromised a number of US utilities already, improving security is probably a smart idea. The nice part is that it is a grant.  The important part is that the money would be spread out over 5 years, so in reality, we are talking about spending $50 million a year.  It also seems to be focused on electric and doesn’t seem to consider water or other utilities.  There are around 3,300 electric utilities alone in the US.  If we ignore everything but electric and spread the money equally (which of course, they won’t), every utility would get $15,000.  That will definitely get the job done.  NOT!  Source: Nextgov

Smith & Wesson’s online Store Hacked by Magecart

Lawrence Abrams of Bleeping Computer fame tried to warn Smith & Wesson that their online store had been compromised by the famous Magecart malware.  The join the likes of British Airways (183 million Euro fine) and thousands of others.  Abrams did not hear back from them by publication time.  Source: Bleeping Computer

Another MSP Hit by Ransomware Attack

CyrusOne, one of the larger MSPs was hit by a ransomware attack which affected some of their customers.  As I said in my blog post earlier this week, attacks against MSPs are up because they are juicier targets.

In CyrusOne’s case, they said the victims were primarily in a data center in New York (which hopefully means that they have segmented their network), it did not affect their colo customers, only their managed customers (because in a colo, the provider does not have credentials to their customer’s servers) and they are investigating.

This just is one more reminder that you can outsource responsibility to a service provider, but the buck still stops with you when the provider is hacked.  Source: MSSP Alert

Reuters Says Census Test Run in 2018 Was Attacked By Russia

Commerce outsourced the first digital census to Pegasystems and at last check the cost has doubled to $167 million.  More importantly, in a 2018 test, Russian hackers (not China) were able to penetrate a firewall and get into places where they should not have been.  In addition, the test was hit with DNS attacks.

Sources say this raises concerns whether T-Rex Solutions, the Commerce Department’s main security contractor, can keep the Russians out when the site actually goes live.  Or the Chinese. Or other countries that would like to embarrass us.

Census said (a) no comment, (b) no data was stolen (this was likely a reconnaissance test by the Russians, so no surprise) and (c) the system worked as designed (i.e. the Russians got in and we panicked).

Clearly if the Russians are able to compromise the Census, that would be a HUGE black eye for this President and the Executive Branch.

They can hide things during a test, but cannot hide them when it goes live, so lets hope they are able to fix it.  Source: Reuters

Russian Hackers Extorting Liberal U.S. Groups

The Great Email Hack of 2016 is becoming the Great Email Hack of Forever.

It appears that Russian hackers are targeting progressive groups in the U.S., hacking their emails and threatening to release embarrassing emails if they do not pay an extortion, in bitcoin.

According to Bloomberg News, at least a dozen groups have been hit with extortion attempts post the 2016 election.  To prove that the hackers really have the emails, they provide samples of the stolen emails.

In one case, a non-profit and a prominent liberal donor discussed how to use grant money to cover costs for anti-Trump protesters.

Demands have ranged from about $30,000 to $150,000 –  payable in bitcoin.

Organizations such as The Center for American Progress and Arabella Advisors are two organizations who sources say  have been asked to pay ransoms.

Not surprisingly, CAP has denied the whole thing.

Assuming all this is true, the groups being targeted are likely not very happy.

According to cyber security researchers, the day after the election, the FSB  targeted the personal emails of hundreds of people, mostly with a Democratic leaning.

Of course, today it might be liberal groups and tomorrow it might be conservative groups.  It could be about money.  Or about politics.  It could be one group.  Or several.  With different agendas.

Until people start taking cyber security seriously, it’s going to be pretty easy pickings for the bad guys.

Take the DNC hack, for example.  Reports are that the email telling Podesta to click on a link because his email was hacked was an obvious fake.  That his I.T. group told him it was OK was embarrassing.

There are a few encrypted email solutions that are way more secure than traditional email.  And less convenient to use.

Alternatively, people could stop sending emails that would be embarrassing if discovered.

There are actually many things that people can do to improve security.  Most cost money.  And require people to change their habits.  But they only work if people take the problem seriously and are willing to change their ways to deal with it.

In the case of these extortionists, it is never safe to assume that if you pay the extortion that you will keep your secrets safe.  They might leak them anyway.  Ponder that.

Information for this post came from Bloomberg.