Category Archives: CRIMINALS

Ransomware: These four industries are attacked the most frequently.

Ransomware is a threat to all sectors — but these are the ones most under attack, states a new study

A ransomware attack against any business could be potentially devastating, but there are some sectors which are more at risk from file-encrypting attacks than others, as cybercriminals prey on industries which can’t afford to not have access to their networks.

Ransomware has boomed over the last 18 months, growing from an annoyance which targeted home PC users with moderate ransom demands, to a billion-dollar industry, with cybercriminals holding high-profile or deep-pocketed targets to ransom for tens of thousands of dollars.

While some cybercriminals might be attempting to compromise any organisation possible with a generic attack, professional threat actors will create specially tailored attacks in order to make them look as authentic as possible — even by making the message look like it comes from a colleague.

Ransomware is most often delivered via a phishing email, which arguably provides an explanation as to why NTT Security‘s Global Threat Intelligence Report lists business and professional services as the sector most likely to be targeted by ransomware.

Given that opening financial spreadsheets, job applications, and other email attachments is at the very heart of this modern sector, it makes sense that over a quarter of ransomware attacks (28 percent) were directed at business and professional services firms over the course of a year.

Meanwhile, 19 percent of ransomware attacks were targeted at government and government agencies. Healthcare is the next highest-profile target for cybercriminals, accounting for 15 percent of attacks. It was a ransomware attack against an LA hospital which infamously highlighted the problem, taking the network offline for days until the hospital paid a $17,000 Bitcoin ransom.

Ransomware attacks against the retail industry account for a further 15 percent of all incidents. All other industries make up the remaining 23 percent, according to the NTT Security report.

Ransomware has become one of the biggest menaces on the web. This ZDNet guide contains everything you need to know about it: how it started, why it’s booming, how to protect against it, and what to do if your PC suffers an attack.

Henry Sapiecha


The sun peaks over the New York Times Building in New York August 14, 2013.  REUTERS/Brendan McDermid

The sun peaks over the New York Times Building in New York August 14, 2013. REUTERS/Brendan McDermid

The New York Times said on Tuesday its Moscow bureau was targeted by a cyber attack this month but that there was no evidence the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” Times spokeswoman Eileen Murphy told the newspaper. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

Earlier on Tuesday, CNN, citing unnamed U.S. officials, reported that the Federal Bureau of Investigation and other U.S. security agencies were investigating cyber breaches targeting reporters at the Times and other U.S. news organizations that were thought to have been carried out by hackers working for Russian intelligence.

“Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said,” CNN reported.

The FBI declined a Reuters’ request for comment. Representatives for the U.S. Secret Service, which has a role in protecting the country from cyber crime, did not reply to a request for comment.

A government official briefed on the inquiry told the Times the FBI was looking into the attempted cyber attack but was not carrying out similar investigations at other news organizations.

The Times had not hired outside firms to investigate the attempted intrusion, contrary to the CNN report, Murphy said.

News of the cyber attack comes amid a wave of similar attacks targeting major U.S. political parties that have surfaced in recent weeks ahead of the Nov. 8 presidential election.

The Democratic National Committee, Democratic presidential nominee Hillary Clinton’s campaign and the party’s congressional fundraising committee have all been affected.

Hackers have also targeted the computer systems of Republican presidential nominee Donald Trump and Republican Party organizations, sources have told Reuters.

A breach at the Times would not be the first time foreign hackers infiltrated a news organization. Media are frequently targeted in order to glean insights into U.S. policies or to spy on journalists.

In 2013, a group of hackers known as the Syrian Electronic Army attacked the Times and other media outlets. Chinese attackers also infiltrated the Times that year.

(Reporting by Dustin Volz, John Walcott, Mohammad Zargham and Eric Walsh in Washington, and Jessica Toonkel in New York; Writing by Susan Heavey and Eric Walsh; Editing by Frances Kerry and Peter Cooney



Henry Sapiecha


Phishing, sophisticated attacks most troubling to IT security pros

Staffing, training, budget shortfalls impact ability to protect organization.

black-hat-attendee-survey-graphic-2016 image

IT security professionals fear phishing and sophisticated attacks the most, but worry that staffing, training and budget shortfalls will hinder their ability to protect their organizations.

Adding to the anxiety, 72% of respondents said they felt it is likely their organizations would face a major data breach in the next 12 months. Fifteen percent said they had “no doubt” they would face a major security breach in the next year.

Those results are part of the findings of the 2016 Black Hat Attendee Survey, which was conducted in June with 250 security professionals. The annual Black Hat USA conference kicks off next week in Las Vegas.

The looming threat that eats at IT is phishing and other social engineering attacks. According to this year’s 2015 Verizon Data Breach Investigations Report, 30% of phishing messages were opened by the target recipient, up from 23% just last year. In addition, 12% clicked on the attachment that launched the malicious attachment, up from 11% in 2014.

Those numbers point to another finding in the Black Hat Attendee Survey, 28% of IT security pros said end-users who violate security policy are the weakest part of the corporate security chain. It’s a familiar refrain and a reality that today can come with damaging consequences.

On top of these concerns, the survey showed that companies are facing a serious shortage of qualified security pros. In the survey, 74% of respondents said they don’t have enough staff to deal with the threats they expect to see in the next 12 months.

And it gets worse. Those same IT security pros says they are not spending enough time on the things that most concern them, but instead are tasked with “measuring risk (35%), managing compliance with industry and regulatory requirements (32%), and troubleshooting security vulnerabilities in internally developed applications (27%).”

The survey indicated the gap between concerns and day-to-day actions is growing, and respondents said they were fearful that they are losing the war against cyber crime


Henry Sapiecha


Top secret 9/11 report released into Saudis involvement in September 11 terrorist attacks

UNDER wraps for 13 years, the US has released once-top secret pages from a congressional report into 9/11 that questioned whether Saudis who were in contact with the hijackers after they arrived in the US knew what they were planning.

The newly declassified document, with light redactions, names people the hijackers associated with before they carried out the attacks, killing nearly 3000 people in New York, Washington and on a plane that crashed in Pennsylvania. It identifies individuals who helped the hijackers get apartments, open bank accounts, attend local mosques and get flight lessons. Fifteen of the 19 hijackers were Saudi nationals and several were not fluent in English and had little experience living in the West.

Later investigations found no evidence that the Saudi government or senior Saudi officials knowingly supported those who orchestrated the attacks. But politicians and relatives of victims, who don’t think all Saudi links to the attackers were thoroughly investigated, campaigned for more than 13 years to get the final chapter of the 2002 congressional inquiry released.

top secret pages from a congressional report into 911 image

A section of one of the 28 pages from the once-top secret pages from a congressional report into 9/11 that questioned whether Saudis who were in contact with the hijackers after they arrived in the U.S. Picture: AP

Saudi Arabia has called for the release of the chapter since 2002 so the kingdom could respond to any allegations and punish any Saudis who may have been involved in the attacks.

“Since 2002, the 9/11 Commission and several government agencies, including the CIA and the FBI, have investigated the contents of the ‘28 pages’ and have confirmed that neither the Saudi government, nor senior Saudi officials, nor any person acting on behalf of the Saudi government provided any support or encouragement for these attacks,” Abdullah Al-Saud, Saudi Arabia’s ambassador to the United States, said in a statement. “We hope the release of these pages will clear up, once and for all, any lingering questions or suspicions about Saudi Arabia’s actions, intentions, or long-term friendship with the United States.”

“Saudi Arabia is working closely with the United States and other allies to eradicate terrorism and destroy terrorist organisations,” he said.

Flight 175 closes in on World Trade Center Tower 2 in New York, just before impact image

FAmerican Airlines Flight 175 closes in on World Trade Center Tower 2 in New York, just before impact. Picture: AP

House intelligence committee Chairman Devin Nunes said that while he supported the release, “it’s important to note that this section does not put forward vetted conclusions, but rather unverified leads that were later fully investigated by the intelligence community.”

However, others — including Former Florida Senator Bob Graham, the co-chairman of the congressional inquiry — believe the hijackers had an extensive Saudi support system while they were in the United States.

Mr Graham has said that the pages “point a very strong finger at Saudi Arabia as being the principle financier.”

Former US President George W. Bush classified the chapter to protect intelligence sources and methods, although he also probably did not want to upset US relations with Saudi Arabia, a close US ally.

Two years ago, under pressure from the families of those killed or injured on September 11, and others, US President Barack Obama ordered a declassification review of the chapter.

Director of National Intelligence James Clapper conducted that declassification review and transmitted the document to Congress, which released the pages online a day after Congress recessed ahead of the national political conventions.

Several investigations into 9/11 followed the congressional inquiry, which released its report — minus the secret chapter — in December 2002. The most well-known investigation was done by the 9/11 Commission, led by Republican. Tom Kean and Democrat Lee Hamilton.

Smoke billows from World Trade Center Tower 1 and flames explode from Tower 2 as it is struck by American Airlines Flight 175, in New York image

Smoke billows from World Trade Center Tower 1 and flames explode from Tower 2 as it is struck by American Airlines Flight 175, in New York. Picture: AP

Mr Kean and Mr Hamilton said the 28 pages were based almost entirely on raw, unvetted material that came to the FBI. They said the material was then written up in FBI files as possible leads for further investigation.

They said the commission and its staff spent 18 months investigating “all the leads contained in the 28 pages, and many more.”

The commission’s 567-page report, released in July 2004, stated that it found “no evidence that the Saudi government as an institution or senior Saudi officials individually funded” al-Qaeda. “This conclusion does not exclude the likelihood that charities with significant Saudi government sponsorship diverted funds to al-Qaeda.”

Some critics of the commission’s work say the commission failed to run down every Saudi lead and say various agencies obstructed its work. Mr Kean and Mr Hamilton also complained that various government agencies withheld relevant information.

Saudi minister says 9/11 report exonerates kingdom


Henry Sapiecha

Chinese hacker who stole information on US military gets prison

Su Bin stole confidential data belonging to US defense contractors for clients in China.


A Chinese national has been thrown behind bars after admitting to his part in a year-long conspiracy to steal valuable technical data belonging to military and defense contractors in the United States.

Su Bin, a 51-year-old aviation specialist, pleaded guilty in March to a conspiracy to break into US contractor systems in order to steal sensitive military and “export-controlled” data. Once network defenses were breached and this information ended up in his hands, the data was given to clients in China.

Also known as “Stephen Su” and “Steven Subin,” the Chinese national was arrested in 2014 for his role, which also included telling co-conspirators — believed to be military officers in China — who the best marks were, which files needed to be stolen, and why the information was valuable to China’s military and government.

On Wednesday, US prosecutors said Su Bin has been given a jail term of 46 months in a federal prison.

Su pleaded guilty to one count of conspiring to gain unauthorized access to a protected computer and to violate the Arms Export Control Act by exporting defense articles on the US Munitions List contained in the International Traffic in Arms Regulations.

As part of Su’s trial, the Chinese national also admitted that computers belonging to Boeing — a contractor tasked with producing jets for the US military — were targeted.

Information concerning C-17 strategic transport aircraft and specific military fighter jets were of particular interest to the Su and his co-conspirators.

“Su Bin’s sentence is a just punishment for his admitted role in a conspiracy with hackers from the People’s Liberation Army Air Force to illegally access and steal sensitive U.S. military information,” said Assistant Attorney General Carlin. “Su assisted the Chinese military hackers in their efforts to illegally access and steal designs for cutting-edge military aircraft that are indispensable to our national defense.

These activities have serious consequences for the national security of our country and the safety of the men and women of our armed services. This prison sentence reinforces our commitment to ensure that hackers, regardless of state affiliation, are held accountable for their criminal conduct.”

The sentence was announced by US District Judge Christina Snyder of the Central District of California


Henry Sapiecha

Guarding Against a ‘Cyber 9/11’

hacker at darkened keyboard image

ISIS and other terrorists are more technologically sophisticated than ever.

Two years ago this week, a pair of homegrown Islamic terrorists effectively shut down the city of Boston for two days following an attack with homemade explosives that killed three people during the Boston Marathon. Now imagine the potential loss of life from a terrorist assault on a major U.S. city paired with a cyberattack launched against that city’s police, fire, emergency management, communications and transportation systems.

The Internet provides an easy, low-cost and low-risk means for nonstate actors or terrorist groups to amplify the impact of any attack. But a large-scale cyberattack on critical infrastructure could prove devastating. Whether it’s called “Cyber 9/11” or “Cyber Pearl Harbor,” senior U.S. officials, including the president, have warned of the possibility of attacks launched by foreign hackers that could cripple the country by taking down the power grid, water infrastructure, transportation networks and the financial system.

Islamic State, aka ISIS, recently released a video threatening another 9/11-magnitude attack on the U.S. Clearly well-funded, ISIS has proved to be the most sophisticated terrorist group so far when it comes to utilization of digital media for recruitment and propaganda. Last week a French television network, TV5 Monde, was digitally commandeered by ISIS-inspired hackers who cut the transmission of 11 channels and took over the station’s website and social-media accounts for 24 hours.

A different type of cyberattack occurred in 2010, when Russian-affiliated hackers hit Estonia. The attack consisted partly of “ping attacks,” which overwhelmed servers. There were botnet attacks, which harnessed zombie computers from around the world to flood designated Internet addresses with useless, network-clogging data as part of a distributed denial-of-service (DDoS) attack. Hackers also infiltrated specific individual websites to delete content and post their own messages. Although relatively unsophisticated, these coordinated cyberattacks took down servers and websites related to major government and nongovernment institutions and communications networks—effectively taking the entire country offline for two weeks.

In a major U.S. city, a combined physical and cyber terrorist attack could result in hundreds wounded and killed. It could also impair first responders’ ability to get to the scene of the attack, and the ability of local government to communicate with the city’s population in a chaotic and confusing environment.

Some of these issues arose during al Qaeda’s 2005 suicide bombing attacks in London on three Underground trains and one bus. Cellular networks and radio channels used by emergency responders were severely congested due to the volume of traffic, resulting in delayed responses by medical and security personnel. Adding cyber-enhanced terrorism to the equation could exponentially increase the damage caused by a traditional terrorist attack.

In 2012 Congress took steps to address a long-standing recommendation from the 2004 9/11 Commission report, by mandating the development of a nationwide public-safety broadband network. Three years later, however, the network remains a work in progress.

The threat of cyber-enhanced terrorism must be addressed at the federal and local level. Although federal agencies, such as the National Security Agency, the Pentagon and the Department of Homeland Security, have primary responsibility for countering external cyberthreats, an attack on an American city would also require the mobilization of local law enforcement.

To prepare for the threat of cyber-enhanced terrorism, city governments must gain a more sophisticated understanding of the nature of cyberthreats and their various permutations and implications.

Metropolitan areas also should develop Computer Emergency Response Teams, which can coordinate the responses of local law enforcement and private industry with federal agencies. Intelligence collected at the national level should be shared with metropolitan governments. While federal to local intelligence sharing on counterterrorism has improved markedly in recent years, the sensitivity and difficulty of protecting sources and methods gleaned from cyber-intelligence collection has made this more complicated in the cyberthreat domain.

Perhaps most important, cities should increase their capacity to collect, monitor and analyze threat intelligence—in other words “connecting the dots”—before an attack occurs. The diversity and decentralization of the current terrorism threat, combined with the logarithmic growth in the capabilities of cyber-malefactors, makes doing so more challenging than ever.

But it is possible. For example, actionable intelligence regarding the cyberattack on Estonia—including discussions concerning preparations for the attack—was present in closed forums in the Deep Web and Dark Net in the days leading up to the attack. But that intelligence was never acted on, largely because a plan to counteract such an attack was not in place beforehand.

To successfully prevent future attacks—whether cyber-enhanced terrorism or otherwise—federal and local authorities in likely urban targets will need to increase their cyber situational awareness, preparedness and resilience. Critical to these efforts will be a commitment to the early detection and identification of warning signals from all sources, including the deepest reaches of cyberspace.

Mr. Silber is executive managing director of K2 Intelligence and former director of intelligence analysis for the New York Police Department. Mr. Garrie is the founder and editor in chief of the Journal of Law and Cyber Warfare.


Henry Sapiecha

Police arrest dozens of suspects in cybercrime investigation



THE HAGUE, Netherlands (AP) — Police have arrested dozens of suspects in an international investigation into a cybercrime gang that siphoned millions of euros from victims’ accounts in an identity fraud scam.

European Union justice agency Eurojust announced Wednesday that 49 suspects, most of them from Nigeria and Cameroon, were arrested a day earlier in an investigation by Italian, Spanish and Polish police supported by officers in Belgium, Britain and Georgia.

EU police agency Europol helped coordinate 58 searches during Tuesday’s operation. Eurojust says in a statement that investigations showed that cybercriminals had defrauded victims of 6 million euros ($6.8 million) and transferred it out of Europe.

The fraud involved stealing victims’ data such as usernames and passwords, in a process known as phishing, and diverting money from them and their customers.



Henry Sapiecha