WebProNews

Tag: cyberattack

  • Cyberattack Takes Out FuboTV During World Cup Semifinals

    Cyberattack Takes Out FuboTV During World Cup Semifinals

    Many FuboTV customers experienced issues watching the World Cup semifinals, the result of a “criminal cyber attack,” according to the company.

    FuboTV is a popular TV streaming service with a strong focus on sports. The company got its start as a soccer-focused streaming service, before branching out into other sports and content. Unfortunately, during the match between France and Morocco, many customers were unable to watch the event.

    The company says the issue was not a result of bandwidth issues, but a “criminal cyber attack.”

    “We have reported the incident to law enforcement and have engaged Mandiant, an industry-leading incident response firm, to assist with our continuing investigation and response,” the company writes in a statement. “Our primary focus currently is on ensuring that the incident is fully contained and that there is no threat of further disruption for any of our customers.

    “Our investigation is at an early stage, but we are committed to transparency regarding this incident. We will provide an update at an appropriate time when we have more information to share.”

  • Ransomware Attack Takes Down Sinclair TV Stations

    Ransomware Attack Takes Down Sinclair TV Stations

    Sinclair appears to be the latest victim of a ransomware attack, with its channels going down over the weekend.

    Ransomware has been a growing issue for organizations around the world and across industries. Sinclair is the latest high-profile victim, and disclosed the attack in a filing with the SEC.

    On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted. Data also was taken from the Company’s network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review.

    The attack disrupted broadcasting on Sinclair-owned channels, and may continue to do so for a time.

    While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.

  • Twitch Suffers Devastating Cyberattack Exposing Source Code

    Twitch Suffers Devastating Cyberattack Exposing Source Code

    Twitch, the popular video game streaming platform, suffered a major cyberattack that exposed its source code and payment model.

    Source code and financial details are some of the most sensitive information that companies take great pains to protect. Unfortunately for the Amazon-owned streaming service, that’s exactly what hackers exposed.

    “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE,” wrote one of the hackers, via Mashable, referencing the “entirety” of Twitch.tv’s source code, dating “back to its early beginnings.”

    It appears Twitch was specifically targeted, with the hackers citing the platform’s “disgusting toxic cesspool” as a motive, along with a desire to foster greater competition in the market.

    The hack also included information about how much Twitch pays its creators, from 2019 to the present.

    The company acknowledged it suffered a breach, and is working hard to investigate the incident.

    We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.

  • Over 40 Million Customers Impacted by T-Mobile Data Breach

    Over 40 Million Customers Impacted by T-Mobile Data Breach

    T-Mobile has provided additional details from its investigation of its recent data breach, sharing that over 40 million people’s records were stolen.

    Earlier this week, news broke that a hacker was trying to sell T-Mobile customer data online, data they claimed to have gotten via compromised T-Mobile servers. The hacker claimed the data contained names, addresses, social security numbers (SSN), driver license information, phone numbers and unique IMEI numbers.

    After confirming a breach occurred, T-Mobile’s investigation has now shed light on the details. The company has confirmed that information for 7.8 million postpaid accounts was included in the stolen data, as well as over 40 million former and customers who had applied for credit. It’s unclear how much overlap there may be between the two groups.

    The company says “some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/ID information for a subset of current and former postpay customers and prospective T-Mobile customers.”

    However, “no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers.”

    The company is taking steps to help protect those impacted, including providing two years of free identity protection via McAfee’s ID Theft Protection Service. The company also recommends all postpaid customer change their account PIN, and the company is offering Account Takeover Protection to make it harder for an imposter to hijack an account.

    We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack. While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.

  • T-Mobile Confirms Data Breach

    T-Mobile Confirms Data Breach

    T-Mobile has confirmed it has suffered a data breach following reports that information for 100 million customers is for sale online.

    News broke yesterday that a hacker was trying to sell T-Mobile customer information. The hacker claimed to have gained access to T-Mobile servers, copying and backing up the data before he was locked out.

    T-Mobile issued a statement saying they were investigating the claims, but the company has now confirmed the breach occurred.

    We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed. This investigation will take some time but we are working with the highest degree of urgency. Until we have completed this assessment we cannot confirm the reported number of records affected or the validity of statements made by others.

    We’ll provide updates as T-Mobile does.

  • 86% of Organizations Expect to Suffer a Successful Cyberattack

    86% of Organizations Expect to Suffer a Successful Cyberattack

    A whopping 86% of organizations expect to suffer a successful cyberattack in the next year.

    Cyberattacks have been on the rise for years, although the last year has seen some particularly devastating examples. The ransomware attacks on Colonial Pipeline, Kaseya and JBS are some of most recent ones that have had far-reaching consequences.

    Unfortunately, the outlook going forward doesn’t look much better. According to the latest research by Trend Micro, some 86% of organizations expect to be the victim of a successful cyberattack within the next 12 months.

    In asking about attacks in the past 12 months and future attacks in next 12 months, the results don’t bode well for 2H’2021. Globally, 81% had 1 or more successful attacks, and 24% had 7 or more successful attacks in the past 12 months. Additionally, 86% say it is somewhat to very likely they will have a successful attack in the next 12 months. This again appears to indicate organizations know they are not prepared enough to defend against new attacks.

    Cybersecurity has been a major focus of the Biden administration, but it looks like there’s still a long way to go before companies feel safe from threats.

  • US Offers $10 Million Reward for Information on ‘Foreign Malicious Cyber Activity’

    US Offers $10 Million Reward for Information on ‘Foreign Malicious Cyber Activity’

    The US is ramping up its fight against cybercriminals, especially those who are state-sponsored, offering a $10 million reward for information.

    Cybersecurity has become the new battleground of the 21st century. To make matters worse, many hacking groups are state-sponsored, as a successful cyberattack carries far less risk for a hostile government than open confrontation.

    The US has been rocked by multiple ransomware attacks, including against critical infrastructure. The Colonial Pipeline attack had a devastating impact on the East Cost fuel supply, the attack against JBS threatened the food chain and the Kaseya attack is believed to have up to 1,500 victims. 

    The State Department is fighting back, using its Rewards for Justiceprogram to offer “a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

    To protect anyone having information, Rewards for Justice has set up a Dark Web, Tor-based method for reporting tips.

    For more information, visit www.rewardsforjustice.net.

  • Cyberattack Cripples JBS, World’s Largest Meat Producer

    Cyberattack Cripples JBS, World’s Largest Meat Producer

    A cyberattack has crippled JBS, the world’s largest meat producer, with plants in the US, Canada and Australia shutting down.

    JBS experienced a cyberattack on May 30, targeting its IT systems. The attack shut down the company’s Canadian operations, as well as those in Australia and the US. The company has not yet indicated exactly what kind of attack it suffered, although ransomware is a likely candidate.

    As Bloomberg points out, the company’s Brooks, Alberta beef plant accounts for more than a quarter of Canada’s entire supply of beef, illustrating how critical JBS is to the world’s meat supply. There are likely to be trickle-down effects, as JBS is warning transactions with its suppliers and customers may also be impacted.

    JBS told Bloomberg its backup servers were not affected, and the company is already working to restore operations using them. The company is also not aware of any of its supplier, customer or employee data being compromised.

    Coming just weeks after the Colonial Pipeline ransomware attack drove up fuel prices on the East Coast, the JBS attack illustrates the increasing threat cyberattacks pose on critical infrastructure and commodities.

    “If the Colonial Pipeline cyberattack didn’t impact enough consumers to spur response by the international community, the JBS meat supplier incident likely will,” Meg King, Director of the Science and Technology Innovation Program at The Wilson Center, told WebProNews. “ Now is the time for a global agreement to break the business model of ransomware. This will keep happening – at great cost to life and treasure – if we don’t identify and stop the biggest actors, gain better early warning, and help companies improve their cybersecurity.”

  • Even Beer Is Threatened by Cyberattacks As Coors Shuts Down Production

    Even Beer Is Threatened by Cyberattacks As Coors Shuts Down Production

    Molson Coors has announced in a regulatory filing that it halted its brewery operations as a result of a cyberattack — just when things were starting to look up.

    Cyberattacks have become a common occurrence across industries, with new ones reported almost daily. Unfortunately, the threat has reached a new low, impacting the nation’s beer supply.

    In a regulatory filing, the company says it suffered an attack on March 11, and is working around the clock to get its systems running again.

    Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments.

    Molson Coors doesn’t provide a timeline when operations will be up and running, but its predicament emphasizes that no companies are safe from cybersecurity threats.

  • SolarWinds Hackers Gained Access to Microsoft Source Code

    SolarWinds Hackers Gained Access to Microsoft Source Code

    Microsoft has revealed that hackers viewed some of its source code as part of the SolarWinds attack that government agencies are still investigating.

    The SolarWinds attack is one of the most devastating cyberattacks perpetrated against US companies and government agencies. Believed to be the work of Russian hackers, the attack was a supply chain attack, compromising SolarWind’s Orion IT monitoring and management software.

    As one of the organizations impacted, Microsoft has now revealed the hackers viewed some of its source code, but did not make any modifications.

    We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.

    Microsoft is not concerned about the source code being viewed, since the company’s security protocols assume its source is being viewed by outside elements.

    At Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.

    As with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access.

    Although Microsoft seems to be containing any damage adequately, the degree to which the attackers compromised one of the biggest tech companies in the world is further evidence just how successful the SolarWinds attack was.

  • Honda Partially Halts Production Due to Cyberattack

    Honda Partially Halts Production Due to Cyberattack

    Honda has had to halt production at some of its facilities as a result of a cyberattack.

    Honda’s car factories in Ohio and Turkey, and its motorcycle plants in South America and India, have been forced to stop production because of what appears to be the SNAKE ransomware, reports Bloomberg.

    This particular variant seems targeted specifically at Honda. According to Bleeping Computer, “a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that checks for the internal Honda network name of “mds.honda.com”.

    In good news for the company, its Japanese facilities were not impacted. What’s more, it does not appear there was an information breach, nor does any personal information appear to have been accessed.

    While the impact to Honda will likely be minimal, this latest attack illustrates the ongoing battle against ransomware. It’s estimated ransomware cost some $7.5 billion in 2019 alone. Needless to say, Honda and countless other companies will continue to be prime targets.

  • PSA: NSA Issues Warning About Windows 10 Vulnerability

    PSA: NSA Issues Warning About Windows 10 Vulnerability

    The National Security Agency (NSA) has issued a press release detailing a severe vulnerability in Windows 10 and encouraging all users to update immediately.

    According the NSA’s press release, the agency discovered the vulnerability in the Windows 10 cryptography functionality. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.”

    It is relatively unusual for the NSA to issue a press release about a vulnerability, but the severity of this particular one warranted it.

    “The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

    The agency recommends all users immediately apply all January 2020 Patch Tuesday patches to mitigate the danger.

  • North Korea Denies Sony Hack, Makes Threats

    The point of North Korea’s lengthy, rambling denial of involvement in the recent Sony hacks is pretty clear – but the way they get to that point is anything but.

    Per usual, broken English is the method of delivery for “The Policy Department of the National Defence Commission of the DPRK”, which has released a statement of sorts re: Sony Hacks and the recent blame placed on them by US officials.

    The statement, titled “U.S. Urged to Honestly Apologize to Mankind for Its Evil Doing before Groundlessly Pulling up Others”, begins by calling the US an “ill-famed cesspool of injustice” and doesn’t really let up from there.

    According to North Korean officials, the US is wrong to blame the country for the recent cyberattacks that targeted Sony Pictures, and eventually led to the dissemination of private documents and had everything to do with the indefinite postponement of the film The Interview.

    “The NDC of the DPRK highly estimates the righteous action taken by the ‘guardians of peace,’ though it is not aware of their residence,” reads the statement.

    Last week, the FBI said it had enough evidence to say that North Korea was behind the attacks.

    “We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior,” said the FBI.

    Although the North Korean government denies involvement in the hacks (as it would no matter their level of involvement), it praises the so-called “Guardians of Peace” for their actions.

    “The grounds cited by the FBI in its announcement were all based on obscure sci-tech data and false story and, accordingly, the announcement itself is another fabrication. This is the DPRK’s stand on the U.S. gangster-like behavior against it,” said the statement.

    But it’s not just denial it’s going for. The threats begin late in the response.

    The DPRK has already launched the toughest counteraction. Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction. Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans.

    The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels.

    Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the “symmetric counteraction” declared by Obama.

    Though President Obama has called this an act of “cybervandalism” as opposed to using the “war” word, he’s said that the US will have an appropriate response to the act – but what that means, exactly, is yet to be seen.

    Image via Wikimedia Commons

  • Identity Theft Could Soon Be A Reality For eBay Users

    Identity Theft Could Soon Be A Reality For eBay Users

    Identity theft is a constant concern for those who entrust their personal information to Internet companies. Now millions of users are at risk following a massive cyber-attack that recently hit eBay.

    Last week, we reported that eBay was hit by a massive cyber-attack when hackers broke into the company’s database that hold customers’ personal information. While no financial information was taken, customers’ email addresses, passwords and physical addresses were exposed. Skilled hackers can use this information to gain access to more personal information through social engineering tactics.

    As with most major cyber attacks, eBay can’t do much now that the damage is done. What it can do is ask that its customers change their passwords:

    EBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

    Unfortunately, the hackers didn’t just take user information. Ebay reports that that the hackers also took some employee log-in credentials. There’s no indication that this information was used to access databases that may contain more sensitive information, but eBay is working with law enforcement to bring in those responsible.

    As you can imagine, people are not pleased with eBay at the moment. Much like the Target hack of last year, Attorneys General from various states are now opening up investigations to see if eBay could have done more to protect user information. The Attorneys General will also be looking into how eBay is planning to prevent future attacks.

    “My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents,” said Connecticut Attorney General George Jepsen. “However, the most important step for consumers to take right now is to change their password and to choose a strong, unique password that is not easily guessed.”

    Image via Wikimedia Commons

  • New York Times Latest SEA Target

    New York Times Latest SEA Target

    In a late Tuesday afternoon digital attack, the New York Times, Twitter and The Huffington Post became the latest reported victims of the Syrian Electronic Army (SEA). If you are looking for the latest crossword or list of best sellers, patience is a virtue.

    The New York Times is offering workaround solutions. Much of Twitter remained accessible and, according to a statement by the company, the hackers only harmed Twitter’s product between approximately 5pm and 6:30pm (Eastern). Neither company has verified the SEA as the culprit but the breach came through the companies’ domain name registrar, Melbourne IT.

    The SEA claims responsibility for site outages beginning late Tuesday afternoon, ominously tweeting (if one can tweet ominously), “Media is going down.” The group supports Syrian President Bashar al-Asad though they deny actual ties to Damascus, and their motives seem tied to 1) self-promotion and 2) punishing what they perceive as anti-Asad Western media, according to Washington Post blogger Max Fisher. The group was initiated with the first Syrian uprisings of May 2011 and their inaugural assaults aimed at media outlets, nonprofits and Facebook pages of President Barack Obama, as an example.

    Previous SEA attacks targeted the Guardian, the Associated Press, Agence France Presse, National Public Radio and the Washington Post, which blogged today, “Just weeks after The Washington Post had our own run-in,” with the group. Twitter suffered a rash of outages last January and the Times suffered an outage last week (due to internal causes).

    These attacks come on the heels of escalating tension between the West and Syria as we witness the aftermath of the 21 August chemical attacks. Tuesday’s statements by US officials directly associate the Syrian regime with the incident. That said, there is no obvious, direct causality between the actions of Asad’s regime and the SEA attacks.

    [Image via Facebook]

  • Internet Down at Pentagon

    Internet Down at Pentagon

    The US military’s Defense Information Systems Agency (DISA) shut down internet access Thursday at the Pentagon, while work was being done to fix an unspecified issue. The blackout began at about 10 AM, and included a lot of military downrange (slang for those deployed overseas), including combatant commands, did not have internet either.

    Pentagon

    DISA is a Defense Department agency that affords command and control support to national level leaders and joint-war fighters “across the full spectrum of operations,” adding that “we (DISA) are leaders enabling information dominance in defense of our Nation,” according to their website.

    A Pentagon employee told FOX that users were able to check email from the Pentagon, but were cut off from the internet. A Pentagon official familiar with network security said the outage was not in response to any kind of cyber-attack, adding, “we’d all know it and DISA would have done what is called a blanket protocol, shutting down all sorts of access until they isolated the source of the attack.”

    DISA has stated that there has not yet been any “indication of an attack,” and it is expected the internet will soon come back online.

    Last year, the Pentagon declared a hack on Lockheed Martin to be potentially classified as an act of war. And regarding the Pentagon, take a look at Apple’s “Retrograde Cocoon” design proposed for its headquarters.