Archive | Cyber Threat Alert RSS for this section

#Hackers disrupt #website of #Russian #Embassy in #London, #UK for 20 hours

Cyber Attack Alert

Access to the website of the Russian Embassy in London remained unreliable for almost 20 hours after unidentified ‘hackers’ targeted it with a denial-of-service attack, the diplomatic mission said.

The attack started at about 16:30GMT on Monday, a spokesperson for the embassy told the media. By 12:00 on Tuesday, embassy IT staff managed to restore access, the report said.

“An investigation into what happened is underway,” the spokesperson said, adding that Russian diplomatic staff were apologizing to anyone whose plans may have been affected by the downing of the website.

Courtesy of rt.com

https://tinyurl.com/yxqoko7k

#Facebook images broken, #Instagram and #WhatsApp struggling too

Related image

Starting at about 8:00 AM EDT, Facebook began having issues displaying any new images. At about the same time, Facebook image-sharing network, Instagram and its communications program WhatsApp began having similar problems.

Facebook wouldn’t admit to any problem for hours. In the meantime, users from around the globe are reporting issues on Twitter and DownDetector. While Facebook continues to run, people are primarily reporting that they’re unable to upload or view images.

In a statement sent just before 4 PM EDT, a Facebook representative finally addressed the elephant on the internet: “During one of our routine maintenance operations, we triggered an issue that is making it difficult for some people to upload or send photos and videos. We’re working to get things back to normal as quickly as possible and we apologize for any inconvenience.” No time has been given for a fix.

At first, when I encountered the problem, I was unable to upload new photographs. Now I find I’m unable to view many older images. I’m far from alone.

Instagram users are also struggling. Since Instagram is all about images, the site is essentially down.

WhatsApp users are in the same sinking boat. They too can’t share photos or videos.

Several hours later Facebook Messenger users also started reporting similar problems.

In theory, all these social networks and messaging services are still on different platforms. In practice, clearly, they’re at least all sharing media storage mechanisms since they’re all suffering from the same kinds of problems.

Courtesy of zdnet.com

https://tinyurl.com/y3y84sol

This ‘most dangerous’ #hacking group is now probing #PowerGrids

Image result for power grid hacking attack images

Hackers that tried to interfere with the safety systems of an industrial plant are now looking at power utilities too.

A hacking group described at the ‘most dangerous threat’ to industrial systems has taken a close interest in power grids in the US and elsewhere, according to a security company.

The hacking group believed to be behind the attack on the industrial control systems (ICS) of a petrochemical plant in Saudi Arabia are now apparently probing more potential victims around the world including US power grids according to security company Dragos.

“The most dangerous threat to ICS has new targets in its sights,” Dragos said. “This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.”

This particular hacking group is notable because of one incident it was involved with. In late 2017 it was revealed that hackers had infected the industrial control systems of a petrochemical plant in Saudi Arabia with malware – known as Triton or Trisis – which was designed to interfere with industrial safety systems.

The malware targeted the systems which controlled the emergency shutdown capabilities, and security companies warned that the attackers were developing the capability to cause physical damage and potentially shutdown operations. At the time analysts warned the activity was consistent with a nation state preparing for an attack; later analysis by security company FireEye linked the malware to a Russian state owned research lab.

In April, FireEye also said the same malware had been discovered on systems at another, unnamed company. And now Dragos has warned that the group behind the malware – which is calls Xenotime – has been probing US and Asia-Pacific power networks after previously focusing only on oil and gas.

“Starting in late 2018, Xenotime began probing the networks of electric utility organizations in the US and elsewhere using similar tactics to the group’s operations against oil and gas companies,” Dragos said.

Dragos said the 2017 attack on the Saudi Arabian oil and gas facility represented an escalation of attacks on ICS because the malware targeted safety systems and was designed to cause loss of life or physical damage. The company said that since that attack the hacking group has expanded its operations to include oil and gas firms outside the Middle East and said the group compromised several ICS vendors and manufacturers in 2018.

Dragos said that since 2017 the hacking group’s activities have included significant external scanning and research on potential victims and attempts at external access focused on North American and European companies.

In February this year, Dragos said, it spotted attempts to gather information associated with US and Asia-Pacific electric utilities.

“This behavior could indicate the activity group was preparing for a further cyberattack,” the company said. Dragos said it had seen attempts to use lists of previously stolen usernames and passwords to try and force entry into target accounts. But it also said that none of the electric utility targeting events has resulted in a successful intrusion.

Dragos said that evidence of this group’s interest in electric utility operations is “a cause for deep concern given this adversary’s willingness to compromise process safety.”

The security company said most of the activity by the hacking group focuses on initial information gathering and access operations necessary for follow-on ICS intrusion operations and future attacks. But it also said there is no evidence indicating that this group is actually capable of executing a disruptive or destructive attack on electric utility operations

Dragos said that organisations running industrial control systems should prepare for potential breach and disruption scenarios. It said the most important thing a security team can do is improve their awareness of ICS network activity. Companies should also have worked on scenarios that deal with the potential loss of safety instrumented systems integrity, like having incident response teams on call and configuration and process data both for comparison to possible compromised devices, and aid recovery in the event of a breach.

“ICS operators must address such concerns in advance, rather than trying to figure out such sensitive, complex items mid- or post-intrusion,” Dragos warned.

Threats to industrial control systems – the infrastructure which runs everything from power grids to factories and rail networks – are on the rise, according to security experts. “More capable adversaries are investing heavily in the ability to disrupt critical infrastructure like oil and gas, electric power, water, and more,” said Dragos.

Written By By Steve Ranger At zdnet.com

https://tinyurl.com/yyvm2pcc

#YouTube, other #Google services are down in North #America, some parts of #Europe

YouTube, other Google services are down in North America, some parts of Europe

Google services, including YouTube and Gmail, have been down this Sunday afternoon. The US has been apparently affected the most, according to user reports.

Courtesy of rt.com

https://tinyurl.com/y67fo8sh

Facebook: 50 million accounts hit by security breach

Cyber Attack Alert
The social media giant says it does not yet know whether accounts were misused or information accessed, and has informed police.
Facebook has said 50 million user accounts were affected by a security breach which potentially enabled hackers to take over people’s accounts.
 
The social media giant has not yet determined whether the accounts were misused or information was accessed.
 
Nor does it know who is behind the breach or where they are based.
 
Facebook said the hack was discovered on Tuesday afternoon, and stemmed from a change it made to its video uploading feature in July 2017.
 
Something called “View As”, which allows users to see what their profile looks like to someone else, subsequently became vulnerable.
 
Guy Rosen, from the California-based company, said hackers were able to “steal Facebook access tokens which they could then use to take over people’s accounts”.
 
In a statement on the company’s website, he described access tokens as the “equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app”.
 
He added: “It’s clear that attackers exploited a vulnerability in Facebook’s code.
 
“We’ve fixed the vulnerability and informed law enforcement.”
 
About 90 million people will now have to log back in, after an additional 40 million accounts, on top of the initial 50, were reset as a precautionary measure.
 
The “View As” feature has been temporarily turned off as the company conducts a “thorough security review”.
 
While an investigation is still in its early stages, Mr Rosen said Facebook was “working hard to better understand” what had happened.
 
“If we find more affected accounts, we will immediately reset their access tokens,” he added.
 
Mr Rosen said users’ privacy and security were “incredibly important”, and apologised for what had happened.
Courtesy of Sky News