Tag: cyber attack

1
Hospital systems in quarantine after ransomware attack in Victoria
2
Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces
3
Interlopers in Things? IoT devices may be used as backdoors to your network
4
Major political parties join the Federal Parliament in the February data breach
5
China in breach of cyber-security pact
6
China’s main security agency linked to cyber intellectual property theft
7
US, Russia and China don’t pledge to fight cybercrime
8
Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word
9
Ransomware, get your ransomware here, and you too can share in the profits!
10
Step right up and get your malware – no skill required, prices start at $20!

Technology mightier than the Sword: US Military’s Secret Cyber Strike stifles Iranian Forces

By Cameron Abbott and Max Evans

Everyone knows the saying “the Pen is mightier than the sword”. The famous saying has been used for centuries to describe the ultimate power of words and communication over forms of violence. However, the rapid implementation and use of technology as a “combat” method doubts whether this saying is correct in a modern technological era, and begs the question as to whether technology is in fact mightier than the sword!

This dilemma is highlighted through the recent cyberstrike conducted by the United States. According to a Report by the Washington Post, in June of this year the Cyber Command of the US Military utilised a technology cyberstrike to target a significant Iranian database in the Persian Gulf. The relevant database was alleged to have been used by the IRGC, Iran’s elite paramilitary force, to damage oil takers and shipping traffic in the Persian Gulf. According to the Pentagon, the operation was in the works for weeks after Iran’s alleged attacks on two US tankers in the Gulf of Oman earlier in June, and following an attack by Iranian forces on an unmanned U.S. Surveillance drone hours earlier, the cyber-strike was immediately given the go-ahead.

Read More

Interlopers in Things? IoT devices may be used as backdoors to your network

By Cameron Abbott and Karla Hodgson

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

Read More

Major political parties join the Federal Parliament in the February data breach

By Cameron Abbott and Ella Richards

Following an unprecedented surge in cyber attacks against Australian businesses, an attack on Australia’s political infrastructure was imminent. New information reveals that the cyber attack against the Federal Parliament earlier this year was accompanied by yet another directed towards the Liberal, Labour and National parties.

Read More

China in breach of cyber-security pact

By Cameron Abbott and Wendy Mansell

It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australian companies.

The news that the persistent attacks on Australian IP are perhaps a State sponsored campaign by the Chinese government is concerning as it suggests that China are in breach of several international and bilateral agreements.

In 2015, an agreement was made between Chinese President Xi Jinping and former President Obama, that the U.S and China would not steal intellectual property from one another for commercial gain. This was furthered at the November 2015, G20 Summit, where the cyber-theft of IP was accepted as the norm.

Following on from this in September 2017, former Prime Minister Malcolm Turnbull and Chinese Premier Li Kequiang promised that neither country would engage in cyber-theft of intellectual property and commercial secrets.

Reports of cyber-theft declined immediately after these agreements, however in recent months they have ramped up again.

A U.S Trade Representative report released this week confirms that despite any international agreements, China has continued engaging in cyber-espionage and the theft of intellectual property. Further the report states that not only is China likely to be in breach of these agreements, but the attacks have “increased in frequency and sophistication”.

Notably in July of this year, China was linked to the cyber-breach of Australian National University. This attack was particularly disturbing given that ANU is a leading university involved in key areas of Australian technological, scientific, defence and commercial research.  It is fascinating that cyber attacks and theft are a “norm” that is accepted within our overall international relationships.  Physical acts of a similar nature would not be so easily accepted.

China’s main security agency linked to cyber intellectual property theft

By Cameron Abbott and Wendy Mansell

In April 2017, PWC, in collaboration with BAE Systems’ published a report on “Operation Cloud Hopper”, which exposed a cyber espionage campaign being conducted by a China-based threat actor. The report suggests that Operation Cloud Hopper is almost certainly the same threat actor known as “APT10”, a Chinese group thought to be behind cyber-attacks against many countries including Japan, Canada and America.

Recently it has been reported that there are links between China’s Ministry of State Security (MSS) and Operation Cloud Hopper. These allegations are from U.S based firm CrowdStrike who have recognised ties between Operation Cloud Hopper and the MSS Tianjin Bureau.

There is no confirmation that the MSS is behind the Cloud Hopper attacks, however Dr Adrian Nish, Head of Threat of Intelligence at BAE Systems said that there is “no reason to doubt” the claims.

The term “Cloud Hopper” describes a technique where cyber espionage groups “hop” from cloud storage services and infiltrate Australian IT systems. Operation Cloud Hopper is responsible for the theft of intellectual property from a number of Australian companies, primarily focused on mining, engineering and professional services firms.

In a week full of news about China activities in the region, the suggestion of state sponsored hacking thefts is a salient warning to companies that their core intellectual property assets are at risk if not well secured.

US, Russia and China don’t pledge to fight cybercrime

By Cameron Abbott and Wendy Mansell

Fifty countries including Japan, Canada and many EU nations have come together with over 150 tech companies, pledging to fight against cybercrime. United State’s tech giants such as Facebook, Google and Microsoft have also joined the party.

The United States, Russia and China however have decided not to sign on. Each has no doubt very different reasons for this – the disappointment is mostly directed to the US. However it is a shame that Russia and China did not also feel the weight of the international community pressure to accept these principles.

The effort to combat cybercrime is being led by France, with French President Emmanuel Macron claiming that it is urgent that the internet is better regulated.

The countries and companies involved are fighting against illegal online activity like censorship, cyber interference in elections, hate speech and trade secrets theft.

The pledge has been made in a document titled the “Paris call for trust and security in cyberspace”.

Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word

By Cameron Abbott and Colette Légeret

Cymulate, a leading provider of Breach and Attack Simulation solutions and a Gartner 2018 Cool Vendor, announced last week that its Security Research Team had uncovered a security flaw in the Microsoft Office Suite (Office) that may affect Microsoft Word (Word) users.

The Office security flaw identified is a JavaScript code execution within the embedded video component of Word. This has the potential to impact all users of Office 2016 and users of older Office versions. Cymulate noted that no configuration was required to reproduce the issue and no security warning is presented while opening the document with Word.

Read More

Ransomware, get your ransomware here, and you too can share in the profits!

By Cameron Abbott and Colette Légeret

The expansion of the “service industry” into malware-as-as-service (MaaS), is not the only cyber-attack available online, Bleeping Computer found ransomware-as-a-service (RaaS), that not only uses FilesLocker malware and targets Chinese and American victims, it also offers users a sliding commission pay-scale that rises the more ransomware victims infected.

Bleeping Computer was put on the trail of this RaaS by security researcher, Neutral8✗9eR, who saw it being marketed through a Chinese malware forum on TOR.

Read More

Step right up and get your malware – no skill required, prices start at $20!

By Cameron Abbott and Colette Légeret

It seems that the “service industry” has expanded into cyber-crime without us knowing about it as the Fortinet research team recently discovered. They came across malware-as-a-service schemes available on several Dark Web forums, with one designed as an easy-to-use point of entry for beginner Distributed Denial of Service (DDoS) attackers.

The DDoS kit disguises itself as a legitimate “booter” or “stresser” service and as it is relatively easy to set-up, almost anyone can go into the “DDoS a website for a fee” business. Some of the offerings are incredibly customisable. The research team found one such service that went operational on 17 October 2018 called “Ox-booter” which uses the Bushido botnet for its attacks. Bushido itself is relatively new, having only been identified in September 2018.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.