CBS News Logo String of cyber attacks threat to U.S. security?

Japanese video game developer Sega announced Sunday that hackers broke into its database and stole the personal information of more than one million customers. The breach, CBS News Correspondent Elaine Quijano reports, is just the latest in a string of cyber-attacks on corporations, government contractors, and even the CIA. Last week, computer hackers forced a shutdown of the CIA's public website for more than two hours. It claims no sensitive information was at risk, but Internet security experts say it was still a huge embarrassment for the for the government's top spy agency.Games company Sega becomes latest hacking victimLulSec offers to help Sega "destroy" hackersJim Stickley, co-founder of TraceSecurity, a cyber security company, told CBS News, "It's never a good thing when you're the CIA and your website has data talking about a hacker. " While the attack was deemed harmless, the same can't be said of the breach of government contractor Lockheed Martin last month. That's when the nation's top weapons manufacturer discovered the system enabling employee's remote access may have been compromised. Some suspect foreign governments were responsible for the attack. Stickley said, "Now, with governments getting involved, it's moved from the personal attacks to going after the government attacks and going at a much more scary level." It's this threat of foreign cyber-espionage that prompted the National Security Agency to announce it's stepping in to assist government contractors like Lockheed Martin better secure their data. A wave of attacks has hit private businesses, as well. On Friday, banking giant Citigroup revealed that more than 360,000 customers had credit card information compromised - nearly double its original estimate from a month ago. But it's all par for the course in an era of online consumers, according to experts. TraceSecurity's Stickley says, "Someone is going to get your data eventually. I don't think it's a matter of if.  ... Continue Reading

US accuses Russia of cyber attacks on power grid

Washington (CNN)The US government has accused Russia of remotely targeting the US power grid, as part of its newly unveiled sanctions on the country. The Department of Homeland Security released details Thursday of what it called a multi-stage effort by Russia to target specific government entities and critical infrastructure. The Trump administration announced extensive sanctions against Russia on Thursday morning, which included sanctions on the Internet Research Agency, a Russian troll farm that produced divisive political posts on American social media platforms during the 2016 presidential election. According to the DHS, Russia accessed US government networks by initially targeting with malware small commercial third-party networks that were less secure. Russia has attempted to attack targets that include "energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors" since March 2016, DHS said. Read More Gaining access to the networks that are tied to various aspects of US infrastructure is extremely difficult, said Vikram Thakur, of Symantec Security Response. Thakur, a technical director at Symantec, added that cyberattacks like the one DHS described Thursday have the potential to cause significant damage, unlike those in which the attacker is solely looking for information. "The only thing that holds an attacker back is political motivation," Thakur said, noting the potential for retaliation by the country that gets hit. "Usually the bar for flipping the switch is extremely high" for the attacker, he later added in a phone interview. Past encounters In 2015 Ukraine experienced an unprecedented cyberattack on its electric grid that led to widespread power outages, which it said was caused by Russia. The attack raised concerns about vulnerabilities in the US system that could make it a victim of similar attacks. Energy Secretary Rick Perry released a response to the DHS announcement Thursday, saying the Continue Reading

German officials warn cyber attacks on its government computers are ‘ongoing’

Rosie Perper, provided by Published 8:07 pm, Thursday, March 1, 2018 Thomson Reuters A cyberattack on Germany's defense and interior ministry's private network is "ongoing," officials confirmed. A security breach that was "a very serious attack" was confirmed on Wednesday, but it was said to have been "brought under control." Local media reported Russian cyber espionage group Fancy Bear for the attack, but German officials have not confirmed the reports. A "serious" cyberattack on Germany's defense and interior ministry's private network is still ongoing, despite officials saying on Wednesday they were in control of an attack. Recommended Video: Now Playing: According to the Times newspaper in the U.K., British intelligence officials say Iran is responsible for the 9,000 email account hack. Media: Buzz 60 "It is an ongoing affair, an ongoing attack," Armin Schuster, who chairs the parliamentary committee overseeing intelligence services, said according to the BBC. "It is a very serious cyber-attack," Schuster said. The news comes a day after German officials confirmed they were investigating the breach, which was speculated to have occurred in December, but had said it was an "isolated" attack that had been "brought under control." Local media contributed the hack to suspected Russian cyber espionage group Fancy Bear, also known as APT28. However, German officials have not confirmed the reports. The German Press Agency (DPA) reported, citing unnamed security sources, Russian hackers breached the government network with a piece of malware likely placed in a central government network potentially remaining for up to a year. According to public broadcasterDeutsche Welle, hackers reportedly targeted the government's "Informationsverbund Berlin-Bonn" (IVBB) network, a communication platform that facilitates fast and secure data exchanges within German government offices. Domestic Continue Reading

Ukraine points finger at Russian security services in recent cyber attack

By Pavel Polityuk KIEV (Reuters) - Ukraine said on Saturday that Russian security services were involved in a recent cyber attack on the country, with the aim of destroying important data and spreading panic. The SBU, Ukraine's state security service, said the attack, which started in Ukraine and spread around the world on Tuesday, was by the same hackers who attacked the Ukrainian power grid in December 2016. Ukrainian politicians were quick to blame Russia for Tuesday's attack, but a Kremlin spokesman dismissed "unfounded blanket accusations". Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts, which conked out computers, hit banks, disrupted shipping and shut down a chocolate factory in Australia. The attack also hit major Russian firms, leading some cyber security researchers to suggest that Moscow was not behind it. The malicious code in the virus encrypted data on computers, and demanded victims pay a $300 ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May. But Ukrainian officials and some security experts say the ransomware feature was likely a smokescreen. Relations between Ukraine and Russia went into freefall after Moscow's annexation of Crimea in 2014 and the subsequent outbreak of a Kremlin-backed separatist insurgency in eastern Ukraine that has killed more than 10,000 people. Hacking Ukrainian state institutions is part of what Ukraine says is a "hybrid war" by Russia on Kiev. Russia denies sending troops or military equipment to eastern Ukraine. "The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy," the SBU said. "This testifies to the involvement of the special services Continue Reading

Cyber attack eases, hacking group threatens to sell code

By Dustin Volz WASHINGTON (Reuters) - Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked U.S. hacking tools used to launch the global WannaCry "ransomware" attack warned it would release more malicious code. The fast-spreading cyber extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased for second day on Tuesday, but the identity and motive of its creators remain unknown. The attack includes elements that belong to the U.S. National Security Agency and were leaked online last month. Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world's most widely used computers, software and phones. A blog post written by the group promised from June to release tools every month to anyone willing to pay for access to some of the tech world's biggest commercial secrets. It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June," it promised. The spread of the WannaCry attack - which encrypts a user's data and demands a "ransom" be paid electronically to free it up again - slowed to a trickle on Tuesday, with few, isolated examples being reported. In Canada, the Universite de Montreal was hit, with 120 of the French-language university’s 8,300 computers affected, according to a university spokeswoman. There were no new, major incidents in the United States. Fewer than 10 U.S. organizations have reported attacks to the Department of Homeland Security since Friday, a U.S. official told reporters on Tuesday. The attack has caused most damage in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. The United States likely avoided greater harm as the attack targeted older versions of Microsoft Continue Reading

NJ election systems safe from cyber attacks: Officials

HAMILTON - As New Jersey primary voters head to the polls Tuesday, election and security officials said the state's voting apparatus is largely immune from cyber attacks.Erin Henry, a principal planner with the state Office of Homeland Security and Preparedness, discussed election security with state Chief Information Security Officer Michael Geraghty and Division of Elections Director Robert Giles in a recent episode of the state Office of Homeland Security and Preparedness' Intelligence Unclassified podcast. PRIMARY 2017: Front-runners maintain leads While some states with more centralized voter registries may fall prey to high-tech meddling, officials say New Jersey, with 21 counties and each responsible for its own voters, has more of a bulwark against cyber attacks."Back in the election in the fall, what happened is there were reports of attacks against the Illinois and Arizona voter registration systems — whether they were done from Russians or other bad actors, that hasn't been determined yet," Geraghty said.In both Arizona and Illinois voters may register online. In New Jersey, residents must register to vote in person or by mail through the counties in which they vote or at a Motor Vehicle Commission office."As a result, that attack vector doesn't exist for our voter registration system," Geraghty said. "We don't have that particular threat vector — but there are others." ELECTION 2017: Gov hopefuls buck Christie on marijuana Voter registration is not the only part of the process that the Garden State does old-school."There was a lot of talk initially about the voting machines used around the country, and it's important to note that in New Jersey, our voting machines never touch the internet," Giles said. "So the ability for a bad actor to try and attack us from the outside is impossible from a cyber-security standpoint — it would require a physical attack on the machines." PRIMARY 2017: Continue Reading

Hacked! Microsoft, Pinterest, Tumblr and Twitter join Apple, Facebook, as the latest victims of cyber attacks

If the past few weeks have made anything clear, it’s that the Internet if full of hacks. Just days after tech giants Apple and Facebook announced they had been the victims of a sophisticated hacking operation, Microsoft, Pinterest, Tumblr and Twitter said they too had been targeted. “As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process,” Matt Thomlinson, general manager of Microsoft’s Trustworthy Computing Security unit, said in a written statement. “During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.” Pinterest, the social networking site, emailed its users on Friday to inform them that their personal information had been leaked. “We recently learned that the vendor we use to answer support requests and other emails (Zendesk) experienced a security breach,” Pinterest’s warning stated. “We're sending you this email because we received or answered a message from you using Zendesk. Unfortunately your name, email address and subject line of your message were improperly accessed during their security breach.” Tumblr and Twitter also use Zendesk for security. On Thursday, announced that its website had been hacked and infected with malware that could harm the computers of users who visited their site, and as news spread of the latest cyber attacks, Facebook said on Friday that a security hacker had identified a hole in the company’s software that allowed developers to access anyone’s personal page and private data. Continue Reading

Pentagon hacked, 24,000 files stolen by ‘foreign intruders’ in cyber attack

Foreign hackers broke into the Pentagon computer system this spring and stole 24,000 files - one of the biggest cyber-attacks ever on the U.S. military, according to a Department of Defense official. William Lynn, the deputy secretary of defense, acknowledged the brazen theft during a speech on Thursday while detailing a plan to strengthen the country's cyber-security. Lynn would not disclose what kind of files were stolen or what country was behind the attack, which took place sometime in March. But he did say the confidential documents were swiped from a defense industry computer network in a single intrusion. Several cyber-attacks have previously been blamed on China or Russia. American officials fear that a terrorist group - and not a foreign government - will eventually acquire the tools to break into U.S. computer networks. "If a terrorist group gains disruptive or destructive cyber-tools, we have to assume they will strike with little hesitation," Lynn said during his speech at the National Defense University. Lynn said the Defense Department's new strategy involves developing stronger computer networks so officials can continue to operate even if critical systems are taken down. "Our strategy's overriding emphasis is on denying the benefit of an attack," Lynn said, according to the Washington Post. "Rather than rely on the threat of retaliation alone to deter attacks in cyberspace, we aim to change our adversaries' incentives in a more fundamental way. If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place." With News Wire Services Join the Conversation: Continue Reading

Petya attack on TNT Express takes $300 million bite out of FedEx earnings

FedEx on Tuesday reported a $300 million hit to earnings from a cyberattack on subsidiary TNT Express in late June.The impact of Hurricane Harvey and lower-than-expected results at FedEx Ground also contributed to a year-over-year decline in earnings per share, the company said.The company also lowered its earnings forecast for the full year ending next May 31 because of the cyberattack, which hammered worldwide operations of Europe-based TNT Express.The June 27 cyber-attack spread an information technology virus to TNT Express systems through a Ukrainian tax software product."This was not an ordinary cyberattack," FedEx chief information officer Rob Carter told analysts. "We believe this attack was the result of a nation-state targeting Ukraine and companies that do business there. It is widely believed that these were weaponized cyber tools that were stolen from the U.S. government."Nearly three weeks after the attack, in mid-July, FedEx was still evaluating the attack's financial impact, which was expected to include loss of revenue due to decreased volumes and costs of implementing contingency plans and restoring affected systems.“The first quarter posed significant operational challenges due to the TNT“We are confident of our prospects for long-term profitable growth," Smith continued, "and we reaffirm our commitment to improve operating income at the FedEx Express segment by $1.2 billion to $1.5 billion in fiscal 2020 versus fiscal 2017.”The earnings were significantly lower than the $3.17 a share prediction of analysts surveyed by Zacks Research. Multiple factors affecting earningsFedEx said results benefited from higher base rates at each transportation segment, but that boost was more than offset by the cyberattack, TNT Express integration expenses, higher costs at FedEx Ground, a higher tax rate and Hurricane Harvey's impact.FedEx services were disrupted after Hurricane Harvey swamped the Texas Gulf Coast in late August. The Continue Reading

FedEx targeted in cyber attack as hackers hit companies across globe

Memphis-based FedEx said Friday it was taking steps to recover from a cyber attack on some of its Windows-based information technology systems.FedEx was one of numerous companies around the world that were reportedly hit by a worldwide ransomware campaign.FedEx spokesman Jim McCluskey released the following company statement: “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.” More: Massive, fast-moving cyberattack hits as many as 74 countries The BBC said computers in thousands of places in up to 74 countries had apparently been locked by a program that demands payment in an online currency called Bitcoin.It wasn't immediately clear what impact the attack might have on FedEx's global pickup and delivery network and deliveries scheduled for the next few days.McCluskey said the company was investigating whether the attack was part of a global campaign using ransomware known as WannaCry.McCluskey said it was too early to tell whether it would lead to a service alert about potential shipment delays.FedEx employees in Memphis received a text notification: “Virus spreading through FedEx with ransomware threat. Could be US wide. I would recommend you turn off your computer if it’s windows just in case.” Related:  Cyber-attacker 'bombs' Memphis medical records, seeks ransom Some employees were told company systems globally were affected and that non-critical systems and PCs were to remain turned off until further notice from management.FedEx founder Frederick W. Smith has long espoused the belief that the information about a package is as important as the package itself.“He said it 25 years ago,” said Satish Jindel, a former FedEx insider who is president of SJ Consulting and ShipMatrix, which tracks the shipping Continue Reading