Cybersecurity & Espionage Articles
https://www.zdnet.com/article/businessman-charged-with-intent-to-steal-general-electrics-secret-silicon-technology/#ftag=RSSbaffb68
A Chinese businessman has been charged with intent to steal General Electric's (GE) processor technology. On Friday, the US Department of Justice (DoJ) said that Chi Lung Winsman Ng, a 64-year-old resident of Hong Kong, allegedly plotted to steal MOSFET intellectual property with the overall goal of developing a business -- and rival -- based on GE's technology. According to the DoJ indictment, between roughly March 2017 and January 2018, Ng teamed up with a co-conspirator, a former GE engineer, to hash out a plan to steal the company's proprietary data. General Electric's silicon carbide metal-oxide semiconductor field-effect transistors (MOSFETs) are semiconductor designs that the company has been working on for more than a decade. GE's chips are used in a variety of products and have landed the firm contracts in both the automotive and military space. Assistant Attorney General John Demers of the DoJ's National Security Division said that Ng and co-conspirators "chose to steal what they lacked the time, talent or money to create."
0 Comments
https://www.dni.gov/files/NCSC/documents/news/20210319-Insider-Threat-Mitigation-for-US-Critical-Infrastru-March-2021.pdf
The National Counterintelligence Strategy of the United States of America, 2020-2022 highlights the expanding and evolving nature of threats to U.S. critical infrastructure organizations from foreign state and non-state actors. Foreign adversaries are no longer simply targeting the U.S. government, as was often the case during the Cold War, but today are using their sophisticated intelligence capabilities against a much broader set of targets, including U.S. critical infrastructure and other private sector and academic entities. These U.S. industry and academic organizations are now squarely in the geopolitical battlespace. https://www.ehackingnews.com/2021/02/american-telecommunications-firm-t.html
After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a data breach. The organization believes that this malicious conduct has been detected very easily and that it has taken steps to stop it and discourage it from continuing in the future. SIM swap attacks (or SIM hijacking) permits scammers who use social engineering or bribing mobile operator workers to a fraudster-controlled SIM to gain a charge of their target telephone number. They then receive messages and calls from victims and enable users to easily bypass multi-factor authentication (MFA) through SMS, steal user identifiers, and take over the victims' Online Service Accounts. Criminals will enter the bank accounts of the victims and take money, swap passwords for their accounts, and even lock the victims out of their own accounts. T-Mobile disclosed that an anonymous perpetrator had access to customer account details, including contact information and personal id numbers- in the communication of violation sent to affected consumers on 9 February 2021. As the attackers have been able to port numbers, it is not known whether or not they have been able to access an employee's account by means of the affected account users. https://www.zdnet.com/article/cybercrime-groups-are-selling-their-hacking-skills-some-countries-are-buying/
Cyber-criminal hacking operations are now so skilled that nation-states are using them to carry out attacks in an attempt to keep their own involvement hidden. A report by cybersecurity researchers at BlackBerry warns that the emergence of sophisticated cybercrime-as-a-service schemes means that nation states increasingly have the option of working with groups that can carry out attacks for them. This cyber-criminal operation provides malicious hacking operations, such as phishing, malware or breaching networks, and gets paid for their actions, while the nation state that ordered the operation receives the information or access it requires. https://www.helpnetsecurity.com/2021/02/26/use-work-passwords-for-consumer-websites/
Employees working from home on a company-provided computer are demonstrating a clear lack of cybersecurity knowledge through high-risk behavior, according to a report released by Ivanti. The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic. As consumers often recycle passwords, the report findings indicate enterprises are at risk every time credentials are stolen from breached consumer websites, making it paramount for organizations and consumers to ensure there is a separation between login information used for work and personal apps or websites. https://www.spoke.com/press_releases/6034ff5a38f3abfada019ac6
Lessons Learned The most common causes of data breaches are weak or stolen credentials, back doors/vulnerabilities, malware, social engineering, excessive permissions, insider threats and improper configuration/user error, so businesses need to be diligent. Cybersecurity needs to be top of mind and systems and setups need to be routinely assessed. Any organization can become the victim of phishing schemes, ransomware, DDoS, malware, and other attacks leading to data breaches. Stress to customers that taking all necessary precautions is the best chance they have at staying secure. Along with detection and response tools, authentication protocols and ongoing employee security awareness training can make the biggest difference. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |