(NEW YORK) #Cyberattack Report: A major US fuel pipeline has reportedly paid cyber-criminal gang DarkSide nearly $5m (£3.6m) in ransom, following a cyber-attack #AceNewsDesk report

#AceNewsReport – May.15: Colonial said on Thursday that it would not comment on the issue: On Friday, Japanese consumer tech giant Toshiba said its European division in France had been hit by the same cyber-criminal gang:

US fuel pipeline ‘paid hackers $5m in ransom’ Colonial Pipeline suffered a ransomware cyber-attack over the weekendand took its service down for five days, causing supplies to tighten across the US: CNN, the New York Times, Bloomberg and the Wall Street Journal all reported a ransom was paid, citing sources.

22 hours ago

The Colonial Pipeline in Georgia
Colonial Pipeline

Price impact

Following the cyber-attack, Colonial announced it would resume operations on Wednesday evening, but warned that it could take several days for the delivery supply chain to return to normal.

The 5,500-mile (8,900km) pipeline usually carries 2.5 million barrels a day on the East Coast.

The closure saw supplies of diesel, petrol and jet fuel tighten across the US, with prices rising, an emergency waiver passed on Monday and a number of states declaring an emergency.

The average price per gallon hit $3.008 (£2.14) – the highest level seen since October 2014, according to the Automobile Association of America.

US President Joe Biden reassured motorists on Thursday that fuel supplies should start returning to normal this weekend, even as more filling stations ran out of gasoline across the Southeast.

According to reports, Colonial had said initially it would not be paying the ransom demanded by the hackers.

Toshiba cyber-attack

Toshiba Tec France Imaging System, which is part of Toshiba, said it was hit by a similar cyber-attack by DarkSide on 4 May.

However, the firm emphasised that no leaks of data had been detected and that only a minimal amount of work data was lost during the event.

It said it had put protective measures in place immediately after the attack.

In light of a sharp increase in ransomware cyber-attacks during the pandemic, on Thursday President Biden signed an executive order to improve US cyber-defences.

Earlier in the week, he said that although there was no evidence that the Kremlin was involved, there was evidence to suggest that the DarkSide gang of hackers was based in Russia. 

The news that Colonial Pipeline paid these criminals is a major blow to President Biden.

Only this week he signed a long-awaited executive order to beef up federal cyber-security and, in turn, make the US more secure from future attacks.

These efforts have, in the view of some in the cyber-security world, been completely undermined.

How can the Biden administration encourage corporations to spend millions securing their computer networks from attack when they’ve just witnessed Colonial, under the glare of the public eye, cave in to criminal demands and pay their way out of trouble?

The news will swell the ranks of those in the security world who want ransomware payments banned.

But with companies, jobs and sometimes lives put at risk when ransomware hits, it is a tough call for policymakers.

The potential silver-lining in this case comes from reports that even after Colonial paid the hackers, the criminals were so slow to help the company that pipeline staff got to work on recovery themselves.

The DarkSide hacker crew can no longer claim that they can restore victims services quickly and this may make others question whether or not to give in to their demands.

‘Our goal is to make money’

Cyber-security firms told the BBC that DarkSide operates by infiltrating an organisation’s computer network and stealing sensitive data.

Typically, a day later the hackers will make themselves known, announcing that they have encrypted all the data in the network and are prepared to leak it onto the internet and delete it, if they are not paid a ransom by a certain deadline.

DarkSide operates by making the software used to execute this attack and then training affiliates to use it, who then give the gang a cut of the ransoms they take. 

Following concerns the Colonial cyber-attack was caused by nation-state hackers with a political motive, DarkSide posted on its website: “Our goal is to make money and not creating problems for society.”

The group also indicated it had not been aware that Colonial was being targeted by one of its affiliates and intended to “introduce moderation and check each company” its partners want to encrypt, “to avoid social consequences in the future”.

On Friday, Reuters reported that DarkSide’s website on the dark web was no longer accessible.

Colonial Pipeline’s website also continues to be offline. 

#AceNewsDesk report ……..Published: May.15: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#cyberattack, #new-york, #ransomeware

(NEW YORK) JUST IN: Cyberattack On Pipeline Running From Texas To The Northeast Linked To Criminal Gang #AceNewsDesk report

#AceNewsReport – May.11: The cyberextortion attempt that has forced the shutdown the largest fuel pipeline in the U.S. was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said on May.09:

NEW YORK: ‘Cyberattack on Fuel Pipeline that runs from Texas to the Northeast that has been linked to a criminal gang according to AP’

Cybersecurity Report:

The shutdown, meanwhile, stretched into its third day, with the Biden administration loosening regulations for the transport of petroleum products on highways as part of an “all-hands-on-deck” effort to avoid disruptions in the fuel supply.

Experts said that gasoline prices are unlikely to be affected if the pipeline is back to normal in the next few days but that the incident — the worst cyberattack to date on critical U.S. infrastructure — should serve as a wake-up call to companies about the vulnerabilities they face.

The pipeline, operated by Georgia-based Colonial Pipeline, carries gasoline and other fuel from Texas to the Northeast. It delivers roughly 45% of fuel consumed on the East Coast, according to the company.

It was hit by what Colonial called a ransomware attack, in which hackers typically lock up computer systems by encrypting data, paralyzing networks, and then demand a large ransom to unscramble it. On Sunday, Colonial Pipeline said it was actively in the process of restoring some of its IT systems.

#AceNewsDesk report ……Published: May.11: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#criminal-gang, #cyberattack, #new-york

(SILICONE VALLEY, Calif.) Private Data Report: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online #AceSecurityDesk report

#AceSecurityReport – Apr.05: The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses:

533 million Facebook users’ phone numbers and personal data have been leaked online: ‘Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number According a Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

2021-04-03T14:41:27Z

  • The personal data of over 500 million Facebook users has been posted online in a low-level hacking forum.
  • The data includes phone numbers, full names, location, email address, and biographical information.
  • Security researchers warn that the data could be used by hackers to impersonate people and commit fraud.

While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts,” Gal told Insider.

Gal first discovered the leaked data in January when a user in the same hacking forum advertised an automated bot that could provide phone numbers for hundreds of millions of Facebook users in exchange for a price. Motherboard reported on that bot’s existence at the time and verified that the data was legitimate.

Now, the entire dataset has been posted on the hacking forum for free, making it widely available to anyone with rudimentary data skills.

—Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021

Insider attempted to reach the leaker through messaging app Telegram but did not get a response.

This is not the first time that a huge number of Facebook users’ phone numbers have been found exposed online. The vulnerability that was uncovered in 2019 allowed millions of people’s phone numbers to be scraped from Facebook’s servers in violation of its terms of service. Facebook said that vulnerability was patched in August 2019. 

Facebook previously vowed to crack down on mass data-scraping after Cambridge Analytica scraped the data of 80 million users in violation of Facebook’s terms of service to target voters with political ads in the 2016 election.

Gal said that, from a security standpoint, there’s not much Facebook can do to help users affected by the breach since their data is already out in the open — but he added that Facebook could notify users so they could remain vigilant for possible phishing schemes or fraud using their personal data.

“Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect,” Gal said. “Users having their personal information leaked is a huge breach of trust and should be handled accordingly.”

#AceSecurityDesk report ……….Published: Apr.05: 2021:

Editor says #AceNewsDesk reports by https://t.me/acenewsdaily and all our posts, also links can be found at here for Twitter and Live Feeds https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com

#california, #cyberattack, #data, #hacked

(PYONGYANG, N.K.) #Coronavirus Report: The North tried to hack at least one South Korean pharmaceutical company developing a #Covid19 vaccine, lawmaker Ha Tae-keung told reporters after attending a closed-door briefing by the National Intelligence Service (NIS) #AceNewsDesk report

#AceHealthReport – Nov.28: North Korea conducted a cyberattack on companies connected with vaccine development, an official in South Korea has said, citing intelligence report: The lawmaker who is a member of the parliamentary intelligence committee, said the NIS did not specify which company had been targeted, but there was no damage from the hacking attempts:

US-based cyber security firm Cybereason said earlier this month a group of hackers from North Korea was targeting companies working on the research and development of Covid-19 vaccines, and similar claims were made by Microsoft: https://t.me/c/1099420761/2094372

The software giant made allegations against Russian hackers as well: However, Russian officials previously said they did not see any reason for such cyber intrusions, as the country is developing several vaccines by itself:

Pyongyang did not comment on the recent allegations: In May, it denounced the accusations of cyber warfare made by the US as a smear campaign: North Korea announced in July that it was developing its own vaccine for Covid-19.

#AceHealthDesk report …………..Published: Nov.28: 2020:

#ans2020, #coronavirus, #covid19, #cyberattack, #pyongyang, #seoul

(MELBOURNE, Australia.) JUST IN: #CyberAttack Report: On Australian government and industry bodies are most likely being directed by China’s premier intelligence agency in retaliation for banning telco Huawei from the 5G network, experts have told the ABC News #AceNewsDesk report

#AceNewsReport – June.19: In August 2018, the Australian Government banned Huawei and other companies from involvement in Australia’s 5G network………..The ABC spoke to two former Australian officials who confirmed that the Huawei ban sparked the malicious cyber campaign. ……..Both spoke on condition of anonymity given the sensitive nature of the story:

#CyberAttack on Australian Government & Industry Bodies most likely being direct by Chinese hackers in retaliation for banning Huawei from 5G network:

One of the former officials said evidence suggested the attackers may be linked to China’s most powerful intelligence service, the Ministry of State Security (MSS) However, cyber security researcher Robert Potter — who has spent years investigating MSS intrusions around the world and has previously attributed breaches to them — said the low level of sophistication of the attacks made attribution difficult……………”Based on the evidence, I’d say it strongly leans towards MSS,” he said……………..”The reality is that the tactics are so simple that it frustrates our ability to make complete attribution.”…………He agreed with the assessment that the campaign has been going on for a long time.

“The campaign dates back some time and correlates to a deterioration in our relationship with China,” he said:

China’s government on Friday evening rejected suggestions of a large-scale hacking attack: A Chinese foreign ministry spokesman says he believes the claims of hacking originate from the Australian Strategic Policy Institute, which he says is funded by US arms companies and is making fictitious claims about China.

Attacks may have targeted COVID-19 data

The Prime Minister held a press conference this morning to discuss the campaign of intrusions.……………..”This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure,” he said.

#AceNewsDesk report …………Published: June.19: 2020:

Editor says #AceNewsDesk reports & #Brittius says are provided by Sterling Publishing & Media News and all our posts, links can be found at here Live Feeds https://acetwitternews.wordpress.com/ Ace News Services Posts https://t.me/acenewsdaily and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com or you can follow our breaking news posts on AceBreakingNews.WordPress.Com or become a member on Telegram https://t.me/acebreakingnews