A ransomware attack has paralyzed the networks of at least 200 U.S. companies

WASHINGTON -- A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.

The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond's assessment.

“Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.”

Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.

It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.

Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.

“This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.

Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. It’s no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added.

“There’s zero doubt in my mind that the timing here was intentional,” he said.

Hammond of Huntress said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers. He said thousand of computers were hit.

“We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted," Hammond said.

Hammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi.” The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processer.

The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it is closely monitoring the situation and working with the FBI to collect more information about its impact.

CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.

The privately held Kaseya says it is based in Dublin, Ireland, with a U.S. headquarters in Miami. The Miami Herald recently described it as “one of Miami’s oldest tech companies” in a report about its plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.

Brian Honan, an Irish cybersecurity consultant, said by email Friday that “this is a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers.”

He said it can be difficult for smaller businesses to defend against this type of attack because they “rely on the security of their suppliers and the software those suppliers are using.”

The only good news, said Williams, of Rendition Infosec, is that “a lot of our customers don’t have Kaseya on every machine in their network,” making it harder for attackers to move across an organization’s computer systems.

That makes for an easier recovery, he said.

Active since April 2019, the group known as REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.

REvil is among ransomware gangs that steal data from targets before activating the ransomware, strengthening their extortion efforts. The average ransom payment to the group was about half a million dollars last year, said the Palo Alto Networks cybersecurity firm in a recent report.

Some cybersecurity experts predicted that it might be hard for the gang to handle the ransom negotiations, given the large number of victims — though the long U.S. holiday weekend might give it more time to start working through the list.

Source: abc

Can Washington and Tokyo counter Beijing's rapid rise?

Cyber capabilities are now a potent instrument of national power. This fact was dramatized last month when hackers shut down the Colonial Pipeline, which supplies almost half of the motor fuel consumed on the U.S. east coast, for five days. The hackers, according to U.S. officials, were from a Russian ransomware group named DarkSide, which successfully received payment from U.S. authorities.

The case represented one of the most visible recent examples of the mushrooming phenomenon of cybercrime. But it should also be recognized that state actors -- as well as crime syndicates -- are ramping up cyber capabilities to engage in grey zone warfare.

A new study published this week by the International Institute for Strategic Studies (IISS), a London-based think tank, said that China is on a trajectory to reach parity with the U.S. as a "tier one" cyber power about a decade from now.

Japan was ranked as a "third tier" cyber power alongside India, Indonesia, Malaysia and North Korea. Nevertheless, the report said, Japan is the most likely country to graduate in coming years to "second-tier" status alongside China, the U.K., France, Canada, Australia, Israel and Russia.

The IISS made the rankings based on assessments of seven different criteria, including cyber intelligence capabilities, cybersecurity and resilience, offensive cyber capabilities and global leadership in cyberspace affairs, as well as considerations such as strategy and governance.

The issue of cyber power is important, the IISS report said, because state and private actors are able to use their prowess to obtain secrets from each other, steal intellectual property, threaten to disrupt financial institutions and utilities and, in wartime, disrupt military capabilities.

"The [IISS] takes the view that U.S. digital-industrial superiority, including through alliance relations, is likely to endure for at least the next 10 years," the IISS report said. "[But] with its current trajectory, and providing it addresses its weaknesses in cybersecurity, China would be best placed to join the U.S. in the first tier."

The specific weaknesses that China suffers in its cyber capacities are mostly twofold. It does not have a U.S.-style cyber-industrial complex with input from universities, industry and government. Second, China would need to improve its educational outcomes in cyber sciences, including cybersecurity, the report said.

Nevertheless, a range of impressive Chinese tech companies and an online population of around one billion means that China has immense residual cyber strength and dynamism. The scale of the country's value-added digital economy reached 35.8 trillion renminbi ($5.1 trillion) in 2019, representing an industry big and lucrative enough to drive strong corporate innovation.

In areas of broader scientific endeavor too, China is making strong headway. It has about 410 satellites in orbit, including a network of Beidou satellites to guide its missiles. It recently finished laying some 4,600 km of quantum communications cable, a new technology which -- in theory at least -- provides for unhackable telecommunications.

Japan also has the advantage of a leading high-tech industry, with 10 of the 51 tech and telecoms companies in the 2020 Fortune Global 500 list -- a total that puts it ahead of China and western Europe and second only to the U.S.

Where Japan cedes ground in the IISS rating system is in cybersecurity, an area in which constitutional constraints have prevented the development of an offensive cyber capability, according to the IISS report. There are signs that this could change, the report added.

Cyber capabilities are becoming an increasingly fraught arena in international relations. The U.S. and China have traded barbs recently, with Beijing calling the U.S. the "world's top hacking empire" after allegations that American intelligence agents used Denmark's underwater cables to spy on top European officials.

German Chancellor Angela Merkel and French President Emmanuel Macron said they expect an explanation from the U.S. and Danish governments.

"As facts have proven time and again, the U.S. is the world's top empire of hacking," Chinese foreign ministry spokesman Wang Wenbin said in early June. "With targets including not only competitors but also its allies, the U.S. is a real master of large-scale, indiscriminate tapping and theft of secrets."

U.S. officials, meanwhile, have accused Chinese state-backed hackers of pillaging huge amounts of American intellectual property in numerous attacks, such as several by a squad called APT10, which targeted US companies in finance, telecoms, consumer electronics, medical industries and defence.

Source: Nikkei Asia

Washington (dpa) - US President Joe Biden pledged to never allow Iran to develop nuclear weapons, in comments ahead of a meeting with Israel's outgoing President Reuven Rivlin on Monday.

"What I can say to you: Iran will never get a nuclear weapon on my watch," Biden said ahead of the White House meeting.

Rivlin is due to leave office on July 9.

Negotiations are under way to try to salvage the 2015 Iran nuclear deal.

After the US unilaterally withdrew from the international nuclear agreement in 2018, Tehran turned its back on the limitations the deal placed on its nuclear programme.

The Islamic Republic then gradually expanded its nuclear activities in contravention of the agreements and restricted international nuclear inspections.

Diplomats from Germany, France, Britain, Russia and China have been trying to mediate between the US and Iran at talks under way in Vienna since April, aiming to save the nuclear pact.

Former US president Donald Trump, who chose to back out of the deal, and Israel's former prime minister Benjamin Netanyahu, who repeatedly criticized the agreement, have both now been replaced and the US and Israel are adjusting their relations.

Israel's new Foreign Minister Yair Lapid said earlier this week the two countries would fix mistakes made over the past few years, but stressed he had "serious" concerns about the negotiations for the US to return to the nuclear agreement.