Crossroads Blog | Institute National Security and Counterterrorism

critical infrastructure, cyber attack, Cyber Espionage, Cybersecurity, hackers, hacking, law enforcement, malware

Cyber Round Up: Hacking Wall Street; FBI Warning Post Sony Malware; Hacking E-Cigs, Parking Lots, and Issues with Cryptography

  • Hacking underlying a sophisticated cyber scheme to rig the stock market was revealed on Monday by the security firm FireEye.  FireEye warned the FBI that a group of hackers, which FireEye has designated FIN4, had stolen highly sensitive secrets from over a hundred companies for the purpose of gaming the stock market.  The primary targets of the scheme were companies in the healthcare sector, as well as attorneys and other consultants who worked with those companies.  The types of documents that were taken include press releases about mergers, as well as drafts of FCC Filings.  FireEye was unable to identify the hackers because they used Tor, a service for making web traffic anonymous and untraceable.  According to a report by Reuters, the next step to identifying the hackers is to follow the money to determine if any trades were made that from this information that resulted in profits.  FireEye is releasing indicators to help organizations detect FIN4 activity. Those indicators can be downloaded here. The full FireEye report, including examples of FIN4 targeted attacks, can be accessed here: FireEye Report Hacking the Street. For an analysis of the report by the New York Times, click here.
  • The FBI is warning companies that cyberattackers are launching destructive malware in the U.S., Reuters reports.  The five-page “flash” warning comes in the wake of a crippling attack on Sony Pictures Entertainment last week, though the FBI would not say whether the Sony hack prompted the warning.  It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.  As for the Sony attack, the technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company’s backing of the film “The Interview,” a comedy which follows two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un.  According to Reuters, the technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.  See also reports on the Sony attack by the Chicago Tribune, Bloomberg, and Washington Post.
  • POST THANKSGIVING CYBER NEWS WRAP UP:
    • Cryptology Inhibits Law Enforcement: Economist reports that technology companies are beefing up the encryption of data to protect users’ privacy making it more difficult for law-enforcement agencies to find out what people have been up to online.
    • Hacking into Parking Garages: InfoSecurity Reports that between Sept 29 and Nov 10, cybercriminals were able to gain access to payment card data at garages in the Chicago area, Philidelphia and Seattle.
    • Chinese Hacking through E-Cig Chargers: TheHackerNews reports that China-made electronic cigarette chargers could infect your computer with viruses.
    • Cybersecurity Training for Bank Examiners: Wall Street Journal reports that Federal and state regulators are ramping up plans to train bank examiners about cybersecurity risks at a time when the financial institutions they oversee face growing threats from hackers.
    • Poland’s Weak Cybersecurity: ZDNet reports that an upcoming audit has found massive failings across Polish institutions when it comes to digital threats.
    • Cybersecurity for Unmanned Systems: According to HelpSecurityNet, the University of Virginia School of Engineering and Applied Science Department of Systems and Information Engineering announced the success of an early-stage demonstration to improve defenses for unmanned aerial vehicles against cyber attacks. Read the full article here.

Leave a Reply

critical infrastructure, cyber attack, Cyber Espionage, Cybersecurity, hackers, hacking, law enforcement, malware

Cyber Round Up: Hacking Wall Street; FBI Warning Post Sony Malware; Hacking E-Cigs, Parking Lots, and Issues with Cryptography

  • Hacking underlying a sophisticated cyber scheme to rig the stock market was revealed on Monday by the security firm FireEye.  FireEye warned the FBI that a group of hackers, which FireEye has designated FIN4, had stolen highly sensitive secrets from over a hundred companies for the purpose of gaming the stock market.  The primary targets of the scheme were companies in the healthcare sector, as well as attorneys and other consultants who worked with those companies.  The types of documents that were taken include press releases about mergers, as well as drafts of FCC Filings.  FireEye was unable to identify the hackers because they used Tor, a service for making web traffic anonymous and untraceable.  According to a report by Reuters, the next step to identifying the hackers is to follow the money to determine if any trades were made that from this information that resulted in profits.  FireEye is releasing indicators to help organizations detect FIN4 activity. Those indicators can be downloaded here. The full FireEye report, including examples of FIN4 targeted attacks, can be accessed here: FireEye Report Hacking the Street. For an analysis of the report by the New York Times, click here.
  • The FBI is warning companies that cyberattackers are launching destructive malware in the U.S., Reuters reports.  The five-page “flash” warning comes in the wake of a crippling attack on Sony Pictures Entertainment last week, though the FBI would not say whether the Sony hack prompted the warning.  It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at U.S. companies.  As for the Sony attack, the technology news site Re/code reported that Sony was investigating to determine whether hackers working on behalf of North Korea were responsible for the attack as retribution for the company’s backing of the film “The Interview,” a comedy which follows two journalists recruited by the CIA to assassinate North Korean leader Kim Jong Un.  According to Reuters, the technical section of the FBI report said some of the software used by the hackers had been compiled in Korean, but it did not discuss any possible connection to North Korea.  See also reports on the Sony attack by the Chicago Tribune, Bloomberg, and Washington Post.
  • POST THANKSGIVING CYBER NEWS WRAP UP:
    • Cryptology Inhibits Law Enforcement: Economist reports that technology companies are beefing up the encryption of data to protect users’ privacy making it more difficult for law-enforcement agencies to find out what people have been up to online.
    • Hacking into Parking Garages: InfoSecurity Reports that between Sept 29 and Nov 10, cybercriminals were able to gain access to payment card data at garages in the Chicago area, Philidelphia and Seattle.
    • Chinese Hacking through E-Cig Chargers: TheHackerNews reports that China-made electronic cigarette chargers could infect your computer with viruses.
    • Cybersecurity Training for Bank Examiners: Wall Street Journal reports that Federal and state regulators are ramping up plans to train bank examiners about cybersecurity risks at a time when the financial institutions they oversee face growing threats from hackers.
    • Poland’s Weak Cybersecurity: ZDNet reports that an upcoming audit has found massive failings across Polish institutions when it comes to digital threats.
    • Cybersecurity for Unmanned Systems: According to HelpSecurityNet, the University of Virginia School of Engineering and Applied Science Department of Systems and Information Engineering announced the success of an early-stage demonstration to improve defenses for unmanned aerial vehicles against cyber attacks. Read the full article here.

Leave a Reply

Bitnami