Connect with us

Business

Scale, details of massive Kaseya ransomware attack emerge – CTV News

Published

 on


BOSTON —
Cybersecurity teams worked feverishly Sunday to stem the impact of the single biggest global ransomware attack on record, with some details emerging about how the Russia-linked gang responsible breached the company whose software was the conduit.

An affiliate of the notorious REvil gang, best known for extorting $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries on Friday, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said. They reported ransom demands of up to $5 million.

The FBI said in a statement Sunday that it was investigating the attack along with the federal Cybersecurity and Infrastructure Security Agency, though “the scale of this incident may make it so that we are unable to respond to each victim individually.”

President Joe Biden suggested Saturday the U.S. would respond if it was determined that the Kremlin is at all involved. He said he had asked the intelligence community for a “deep dive” on what happened.

The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat.

A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported. Ransomware criminals break into networks and sow malware that cripples networks on activation by scrambling all their data. Victims get a decoder key when they pay up.

The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit.

In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported. Also among reported victims were two big Dutch IT services companies — VelzArt and Hoppenbrouwer Techniek. Most ransomware victims don’t publicly report attacks or disclose if they’ve paid ransoms.

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like “dental practices, architecture firms, plastic surgery centers, libraries, things like that.”

Voccola said in an interview that only between 50-60 of the company’s 37,000 customers were compromised. But 70% were managed service providers who use the company’s hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks.

Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. The vast majority of end customers of managed service providers “have no idea” what kind of software is used to keep their networks humming, said Voccola,

Kaseya said it sent a detection tool to nearly 900 customers on Saturday night.

John Hammond of Huntress Labs, one of the first cybersecurity firms to sound the alarm on the attack, said he’d seen $5 million and $500,000 demands by REVil for the decryptor key needed to unlock scrambled networks. The smallest amount demanded appears to have been $45,000.

Sophisticated ransomware gangs on REvil’s level usually examine a victim’s financial records — and insurance policies if they can find them — from files they steal before activating the data-scrambling malware. The criminals then threaten to dump the stolen data online unless paid. It was not immediately clear if this attack involved data theft, however. The infection mechanism suggests it did not.

“Stealing data typically takes time and effort from the attacker, which likely isn’t feasible in an attack scenario like this where there are so many small and mid-sized victim organizations,” said Ross McKerchar, chief information security officer at Sophos. “We haven’t seen evidence of data theft, but it’s still early on and only time will tell if the attackers resort to playing this card in an effort to get victims to pay.”

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a “zero day,” the industry term for a previous unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing.

“The level of sophistication here was extraordinary,” he said.

When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn’t just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software.

It was not the first ransomware attack to leverage managed services providers. In 2019, criminals hobbled the networks of 22 Texas municipalities through one. That same year, 400 U.S. dental practices were crippled in a separate attack.

One of the Dutch vulnerability researchers, Victor Gevers, said his team is worried about products like Kaseya’s VSA because of the total control of vast computing resources they can offer. “More and more of the products that are used to keep networks safe and secure are showing structural weaknesses,” he wrote in a blog Sunday.

The cybersecurity firm ESET identified victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Indonesia, New Zealand and Kenya.

Kaseya says the attack only affected “on-premise” customers, organizations running their own data centers, as opposed to its cloud-based services that run software for customers. It also shut down those servers as a precaution, however.

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.

Active since April 2019, REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. U.S. officials say the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said that while he does not believe the Kaseya attack is Kremlin-directed, it shows that Putin “has not yet moved” on shutting down cybercriminals.

——

AP reporters Eric Tucker in Washington, Kirsten Grieshaber in Berlin, Jari Tanner in Helsinki and Sylvie Corbet in Paris contributed to this report.

Adblock test (Why?)



Source link

Continue Reading

Business

Stock market news live updates: Stock turn lower following last week's rebound – Yahoo Canada

Published

 on


U.S. stocks closed a choppy session lower Monday, weighed down by losses in technology shares, after the major indexes failed to sustain momentum from last week’s rally.

The S&P 500 fell 0.3%, and Dow Jones Industrial Average dipped 60 points, or 0.2% after each benchmark wavered between the red and the green throughout the trading day. The Nasdaq Composite declined 0.9%.

The moves follow a sharp rebound Friday that saw the S&P 500 surge 3% during the session and over 6% for the week, its second-best week this year and its first weekly rise since late May. Still, the benchmark index is on pace for its worst opening six months since 1970.

During the previous session, the Dow rose more than 800 points, or 2.7%, while the Nasdaq increased by more than 3.3%, leading to weekly gains for the indexes of more than 5% and 7%, respectively.

Some Wall Street strategists are hopeful that markets may have found a bottom.

“As bad as [this year] has been for investors, the good news is previous years that were down at least 15% at the midway point to the year saw the final six months higher every single time, with an average return of nearly 24%,” LPL Financial chief market strategist Ryan Detrick said in a note last week.

J.P. Morgan strategist Marko Kolanovic also predicted that U.S. equities may climb as much as 7% this week as investors rebalance portfolios amid the end of the month, second quarter, and first half of the year.

While sentiment on Wall Street appears optimistic, investors are in for a bevy of key economic reports and earnings that may sway markets this week and put hopes of a comeback to the test.

Quarterly results from Nike (NKE) and Micron (MU) will be closely watched for signs of rising inventories and slowing orders like Target and some other retailers have warned about recently, which may renew worries of an economic slowdown among Corporate America.

Traders also face a fairly loaded economic calendar this week, with the latest read on core PCE inflation – the Federal Reserve’s preferred measure of consumer prices, the Conference Board’s consumer sentiment survey, and manufacturing and housing reports due out through Friday.

A trader works on the floor of the New York Stock Exchange NYSE in New York, the United States, June 16, 2022. U.S. stocks fell sharply on Thursday as steep sell-off continued on Wall Street amid rising recession fears. (Photo by Michael Nagle/Xinhua via Getty Images)A trader works on the floor of the New York Stock Exchange NYSE in New York, the United States, June 16, 2022. U.S. stocks fell sharply on Thursday as steep sell-off continued on Wall Street amid rising recession fears. (Photo by Michael Nagle/Xinhua via Getty Images)

A trader works on the floor of the New York Stock Exchange NYSE in New York, the United States, June 16, 2022. U.S. stocks fell sharply on Thursday as steep sell-off continued on Wall Street amid rising recession fears. (Photo by Michael Nagle/Xinhua via Getty Images)

On the move

  • Robinhood Markets (HOOD)‘s stock surged 14% to close at $9.12 per share following a report from Bloomberg that cryptocurrency exchange FTX is considering a deal to acquire digital trading platform. Earlier in the day, Robinhood was in the spotlight after Goldman Sachs upgraded the brokerage to Neutral, about two months after the bank downgraded shares to Sell.

  • Coinbase (COIN) shares plunged nearly 10.8% to $55.96 after analysts at Goldman Sachs on Monday downgraded the cryptocurrency exchange to Sell from Neutral and slashed their price target on the stock to $45 from $70. Goldman also noted that while Coinbase recently announced it would cut 18% of staff, these layoffs will not be enough to bring the company’s costs in line with lowered sales.

  • AMC Entertainment (AMC) rallied to cap trading up 13.6% despite a turbulent session for the broader markets. The stock rose amid increased mentions across forums such as Reddit’s WallStreetBets and Stocktwits. AMC was also added to the Russell 1000 Index after an annual rebalancing.

Alexandra Semenova is a reporter for Yahoo Finance. Follow her on Twitter @alexandraandnyc

Click here for the latest stock market news and in-depth analysis, including events that move stocks

Read the latest financial and business news from Yahoo Finance

Download the Yahoo Finance app for Apple or Android

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and YouTube

Adblock test (Why?)



Source link

Continue Reading

Business

Man uses Apple Airtags to find stolen Range Rover | CTV News – CTV News Toronto

Published

 on


An Ontario man whose car was stolen from his driveway in midtown Toronto twice in three months is revealing how he tracked and located his second vehicle.

“It’s pretty scary, but you can’t live your life in fear,” Lorne, whose surname CTV News Toronto has omitted due to safety concerns, said on Monday.

On April 1, his family moved to the Avenue Road and Lawrence Avenue area.

The following day, employees from an electronics company arrived at his house to install televisions. He placed the keys of his Range Rover Autobiography into a faraday box, which is designed to prevent criminals from copying a key fob and gaining access to a vehicle.

However, within minutes of the employees leaving his house, his car was stolen in broad daylight.

“The thieves were able to disable the tracker in my car, put there by the manufacturer,” Lorne said.

Meanwhile, his wallet, along with his kids phones, which were in the car, were thrown out of the vehicle before it was stolen, which Lorne said he believes was a preventive measure to avoid him from tracking the location of his car.

His Range Rover was never recovered.

Thirty days later, he got a new car of the same model, but this time, he placed three Apple AirTag tracking devices inside – one in the glovebox, another in his spare tire in the trunk and a third under his back seat.

While Lorne said he typically parks in his garage, last Wednesday night, he didn’t.

At 8:30 a.m. the next morning, he said his kids ran into his bedroom screaming, ”Daddy, daddy, your car is gone.” 

Right away, he logged into his Find My app and located all three of his AirTags near Manville and Comsock roads in Scarborough, listed as a metal recycling plant. 

After dropping his kids at school, he headed to that location and called the police. With no success reaching an officer, he drove to the 41 Division police station.

Toronto police spokesperson David Hopkinson confirmed to CTV News Toronto that a report of this nature was received by police on Thursday.

“I pressed my panic button and you heard it going off,” Lorne said. “The next day I was told they recovered nine cars.”

Due to an ongoing investigation, police could not comment further on the incident.

This time, however, Lorne said police recovered his vehicle and he anticipates it should be back in his possession soon.

While he said his AirTags worked in this case, he anticipates car thefts will only get increasingly sophisticated.

“It’s not foolproof,” he said.

Adblock test (Why?)



Source link

Continue Reading

Business

Company buying Trump's social media app faces subpoenas – Yahoo Canada Finance

Published

 on


NEW YORK (AP) — The company planning to buy Donald Trump’s new social media business has disclosed a federal grand jury investigation that it says could impede or even prevent its acquisition of the Truth Social app.

Shares of Digital World Acquisition Corp. dropped almost 10% Monday as the company revealed that it has received subpoenas from a grand jury in New York.

The Justice Department subpoenas follow an ongoing probe by the Securities and Exchange Commission into whether Digital World broke rules by having substantial talks about buying Trump’s company starting early last year before Digital World sold stock to the public for the first time in September, just weeks before its announcement that it would be buying Trump’s company.

Trump’s social media venture launched in February as he seeks a new digital stage to rally his supporters and fight Big Tech limits on speech, a year after he was banned from Twitter, Facebook and YouTube.

The Trump Media & Technology Group — which operates the Truth Social app and was in the process of being acquired by Digital World — said in a statement that it will cooperate with “oversight that supports the SEC’s important mission of protecting retail investors.”

The new probe could make it more difficult for Trump to finance his social media company. The company last year got promises from dozens of investors to pump $1 billion into the company, but it can’t get the cash until the Digital World acquisition is completed.

Stock in Digital World rocketed to more than $100 in October after its deal to buy Trump’s company was announced. The stock closed at $25.16 Monday.

Digital World is a special-purpose acquisition company, or SPAC, part of an investing phenomenon that exploded in popularity over the past two years.

Such “blank-check” companies are empty corporate entities with no operations, only offering investors the promise they will buy a business in the future. As such they are allowed to sell stock to the public quickly without the usual regulatory disclosures and delays, but only if they haven’t already lined up possible acquisition targets.

Digital World said in a regulatory filing Monday that each member of its board of directors has been subpoenaed by the grand jury in the Southern District of New York. Both the grand jury and the SEC are also seeking a number of documents tied to the company and others including a sponsor, ARC Global Investments, and Miami-based venture capital firm Rocket One Capital.

Some of the sought documents involve “due diligence” regarding Trump Media and other potential acquisition targets, as well as communications with Digital World’s underwriter and financial adviser in its initial public offering, according to the SEC disclosure.

Digital World also Monday announced the resignation of one of its board members, Bruce Garelick, a chief strategy officer at Rocket One.

The Associated Press

Adblock test (Why?)



Source link

Continue Reading

Trending