Hackers are Hijacking Smart Buildings for DDoS Attacks; Pentagon Sets Cybersecurity Benchmark for Contractors

Attackers are hijacking vulnerable smart building access systems and using them to launch distributed denial-of-service (DDoS) attacks. There has been increased scanning for Nortek Security & Control (NSC) Linear eMerge E3 systems that are vulnerable to a known critical command injection flaw.

Read more in

The US Defense Department (DoD) has released the Cybersecurity Maturity Model Certification version 1.0. The framework describes the cybersecurity standards that DoD contractors must meet if they want to win contracts. CMMC will be applied to some contracts starting later this year; by 2026, all DoD contracts are expected to include CMMC.

Read more in

Ransomware known as EKANS not only encrypts data on infected systems, it also interrupts Industrial Control Systems (ICS) applications. Prior to encrypting data, EKANS kills 64 different ICS processes named in a static list. Some versions of MegaCortex ransomware target the same list of ICS processes.

Read more in

A French construction company was hit with Maze ransomware on January 30. Bouygues Construction has shut down its network to prevent the ransomware from encryption additional data. The operators of Maze ransomware have gained a reputation for stealing data from targeted organizations and uploading it if the victims do not pay the ransom.

Read more in

Tillamook (Oregon) County Commissioners have voted unanimously to negotiate with hackers for the decryption key to regain access to the county's computer systems. Tillamook County systems were with with ransomware on January 22, 2020.

Read more in

Computer systems belonging to the city of Racine, Wisconsin were infected with ransomware on January 31. As of February 3, the city's website, email, and online payment systems were still down. The attack did not affect 911 and public safety systems. Tax collection systems are also operating as usual.

Read more in

Broadcast media monitoring company TVEyes was hit with ransomware early on Thursday, January 30. The company's CEO said on Friday, January 31 that they had restored servers from backups.

Read more in

Prosecutors in Iowa have dropped burglary charges against two people who broke into a county courthouse after hours as part of a penetration test. The two are employees of Coalfire labs, which had been hired by Iowa's State Court Administration to test the security of its IT systems and its buildings. Gary DeMercurio and Justin Wynn were arrested in September 2019 and held for hours before being released on bail. The case illustrates the need for establishing pen testing best practices.

Read more in

Australian freight and logistics company Toll Group has shut down several of its IT systems to contain damage from a cybersecurity incident. Toll customers have experienced problems tracking shipments. The company has not released details about the nature of the cyberattack.

Read more in

The UK's National Crime Agency (NCA) has arrested six people in connection with a cyberattack against Malta's Bank of Valletta. The suspects allegedly gained access to the bank's IT systems in February 2019 and made several large transfers totaling [euro]13 million (US $14.4 million). The Bank of Valletta said in May 2019 that it had recovered [euro]10 million (US $11.1 million) of the stolen funds.

Read more in

US federal law enforcement agents have arrested a Raytheon engineer after he took a work laptop containing missile defense systems information to China. Wei Sun has worked at Raytheon since December 2008. In December 2018, Sun traveled abroad with his work laptop in defiance of Raytheon's exhortations not to bring it on his travels. In January 2019, Sun emailed Raytheon and informed them he was resigning his position so he could study and work abroad. Sun returned to the US later that month. He initially told Raytheon security officials that he had traveled to Singapore and the Philippines, but eventually admitted that he had traveled to China, Cambodia, and Hong Kong.

Read more in

The ownership of a 200-year-old painting by British artist John Constable is in question after hackers infiltrated email conversations regarding payment for the artwork. A museum in the Netherlands had agreed to purchase the painting from a British art dealer for #2.4 million ($3.1 million). Hackers sent a spoofed message directing the museum to transfer the payment into a bank account they controlled. Each party blames the other: the museum maintains that the dealer should have known that spoofed messages were sent, while the dealer maintains that the museum should have verified the details of the bank transfer.

Read more in

Japan's NEC Corp. has disclosed that its systems were breached in December 2016. The company did not detect the breach until June 2017, when it noticed encrypted traffic being sent from a company server. NEC decrypted the traffic in July 2018, and found that the attackers had exfiltrated data from the company's defense business division.

Read more in

A hacker group with ties to Iran has been sending spear phishing emails to customers and employees of a company that works with US federal, state, and local governments. The phony messages sent to Westat employees contain malicious Excel spreadsheet attachments. The spreadsheets appear to be black; if recipients enable macros, the content - a phony job satisfaction survey - appears and malware that installs the TONEDEAF backdoor is downloaded in the background.

Read more in

A vulnerability in certain emergency alert systems (EAS) that was disclosed in 2013 remains unpatched on at least 50 systems across the US. The issue lies in the web interfaces for Monroe/Digital Alert Systems EAS hardware.

Read more in