Tag: Attack

13
Oct
2020
Posted in website

Ridley-Thomas sends Yoo cease-and-desist letter over attack website

Los Angeles County Supervisor Mark Ridley Thomas
L.A. County Supervisor Mark Ridley-Thomas sent a cease-and-desist letter to Grace Yoo, his rival in the race for City Council District 10, over a new attack website launched by Yoo. (Brian van der Brug / Los Angeles Times)

The race to represent parts of South L.A. and Koreatown on the Los Angeles City Council is turning acrimonious following the launch of an attack website and accusations of cybersquatting.

Grace Yoo, a candidate for the Council District 10 seat, last week launched MarkRidleyThomas.com, which criticizes Yoo’s rival in the race, L.A. County Supervisor Mark Ridley-Thomas. The site includes news coverage of the supervisor, including a Times story about a probe involving his son and donations to USC. The site also attacks the supervisor for not ruling out a potential run for mayor in 2022.

Ridley-Thomas’s team responded by sending Yoo a cease-and-desist letter that accuses her of “cybserquatting” and defaming him with the website.

“You have intentionally prevented our client from registering a website domain name in his own personal name,” wrote Stephen J. Kaufman, attorney for Ridley-Thomas, in an Oct. 9 letter.

“And, by illegally setting up this website, you have confused and lured unsuspecting members of the public who were seeking to access online information from our client to your own fraudulent website in order to assault them with false and defamatory statements about Supervisor Ridley-Thomas.”

Ridley-Thomas and Yoo were the top vote-getters in the March election, pushing them into a November runoff for the 10th District, which stretches from Koreatown to the Crenshaw Corridor and takes in such neighborhoods as West Adams and Mid-City.

The race is turning out to be an insider vs. outside face-off, with Ridley-Thomas highlighting his decades-long experience in political office and Yoo casting herself as a fighter for regular citizens.

Reached Tuesday, Yoo

12
Oct
2020
Posted in software

Software AG Hit by Data-Stealing Ransomware Attack

A major German enterprise software company has become the latest tech name to suffer a likely ransomware attack featuring information theft.

IoT specialist Software AG, which claims to have over 10,000 customers and annual revenue exceeding €800m, revealed the news in a brief update late last week.

The note claimed the attack had been ongoing since Monday and had yet to be fully contained.

“Today, Software AG has obtained first evidence that data was downloaded from Software AG’s servers and employee notebooks. There are still no indications for services to the customers, including the cloud-based services, being disrupted. The company is refining its operations and internal processes continuously,” it explained on October 8.

“Software AG is further investigating the incident and is doing everything in its power to contain the data leak and to resolve the ongoing disruption of its internal systems, in particular to restart its internal systems as soon as possible which had been shut down for security reasons.”

Although the firm’s website appears to be up and running as normal, it is requesting users with support issues to email their problem and leave a number for call back, “due to technical issues with our online support system.”

Researchers MalwareHunterTeam posted on social media that the firm had been hit by the Clop variant, one which usually demands a ransom of $20 million. The group apparently claims to have swiped around a terabyte of data.

The incident is yet another sign of ransomware groups increasingly going after large enterprise targets with deep pockets. They will often perform detailed reconnaissance before striking in advanced multi-stage attacks using APT-style tactics to stay hidden while exfiltrating data and finally deploying the ransomware.

An attack on IT services giant Cognizant cost the firm an estimated $50-70m in Q2 2020, it admitted earlier

11
Oct
2020
Posted in software

German tech giant Software AG hit by Clop ransomware attack

German tech giant Software AG has been hit by a ransomware attack that caused the company to suspend services.

The attack occurred Oct. 3 and has been attributed to Clop ransomware. As is typical in a ransomware attack in 2020, the company’s files were encrypted and those behind the attack demanded a ransom payment of about $20 million or they would publish internal company data.

Software AG did not pay the ransom and, according to a report on ZDNet Friday, those behind the attack have started to publish internal company information. In one screenshot, the personal details of Software AG Chief Executive Officer Sanjay Brahmawar were published, including a scan of his passport.

The company formally disclosed the ransomware attack in a statement Oct. 5, describing it as a “malware attack.” Although its current recovery status is unknown, for now the company has as its lead story on its website “important customer information.” The statement says that “due to technical issues with our online support system, we kindly ask you to send us an email with your problem description and a number for call back.” It would appear that a week later, it’s still having issues due to the ransomware attack.

Clop ransomware and the related ransomware group have been linked to previous attacks, including data being stolen from pharmaceutical industry outsourcing company ExecuPharm in April.

“Ransomware gangs are becoming bolder and more sophisticated, going after larger and more lucrative targets with their criminal attacks,” Saryu Nayyar, chief executive officer of security and risk analytics firm Gurucul Solutions Pvt Ltd A.G., told SiliconANGLE. “Even with a complete security stack and a mature security operations team, organizations can still be vulnerable. The best we can do is keep our defenses up to date, including behavioral analytics tools that can identify new

11
Oct
2020
Posted in software

German tech giant Software AG down after ransomware attack

software-ag-logo.png

Image: Software AG

Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.

A ransomware gang going by the name of “Clop” has breached the company’s internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key.

Earlier today, after negotiations failed, the Clop gang published screenshots of the company’s data on a website the hackers operate on the dark web (a so-called leak site).

The screenshots show employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

saoftware-ag.png

Image: ZDNet

Software AG disclosed the incident on Monday when it revealed it was facing disruptions on its internal network “due to [a] malware attack.”

The company said that services to customers, including its cloud-based services, remained unaffected and that it was not aware “of any customer information being accessed by the malware attack.” This statement was recanted in a later press release two days later, when Software AG admitted to finding evidence of data theft.

The message about the attack remained on its official website homepage all week, including today.

Software AG did not return phone calls today for additional details or comments about the incident.

A copy of the ransomware binary used against Software AG was discovered earlier this week by security researcher MalwareHunterTeam. The $20+ million ransom demand is one of the largest ransom demands ever requested in a ransomware attack.

software-ag-ransom-note.png

Image: supplied

The ID provided in this ransom note allows security researchers to view the online chats between the Clop gang and Software AG on a web portal managed by the ransomware group. At the time of writing, there is no

03
Oct
2020
Posted in technology

Trump Attack On Huawei Imperils US Chipmakers

Slowly but surely politicians in Washington and Beijing are splitting the internet in half, and that is bad news for innovation and technology investors.

The Chinese foreign minister in September announced new initiatives for global data security, clearly aimed at curtailing efforts by the Trump administration to isolate Chinese technology companies.

It’s too little, too late. Investors should lighten up in select technology shares.

For the better part of two years President Trump and his advisors have been intent on killing Huawei, the giant telecommunication equipment maker. Hawks in his administration see the Chinese 5G leader as a threat to American national security. With every global installation of its next generation wireless networks, the perceived threat grows.

President Trump in 2018 signed an executive order that forbid Huawei from selling telecom gear in the United States. A year later, placement on an entities list forced American companies to obtain a special license to sell products and services to Huawei, effectively choking off the supply of key components. The Commerce Department in May went one step further, maneuvering so that even foreign companies could not work with the firm.

Huawei, once a vibrant firm with $100 billion in global sales, is now struggling to survive.

Emboldened, the White House has started to broadened its attack. Using some of the same tools and rhetoric, Mike Pompeo, State Department chief, targeted other best-in-class Chinese firms, ByteDance, the parent company to TikTok, and Tencent Holdings, maker of WeChat,