Cyber Attacks

Cyber Attacks Strike Three Hawaii Government Systems
https://www.govtech.com/security/cyber-attacks-strike-three-hawaii-government-systems

The apparent ransomware attack that infiltrated and shut down the timekeeping services for employees at the Board of Water Supply and Emergency Medical Services, part of a nationwide offensive, could take weeks to fix. ---Continued---

Nice read ReadyMom.

Only a matter of time and a few more or less keystrokes and the power grid will be down. They will have the U.S. by the kahonas, especially if it would happen in the middle of winter.

Only time will tell.   TIC-TOK

Most of these attacks, over the past half dozen years, are on minor and less than critical systems. I suspect they are using them as training targets.

They aren't ready to kill our grid, yet.
They are having too much fun stealing from us.

But I would be surprised of they didn't attack the grid and a lot of other stuff, aw WW4 (or whatever number we are up to) kicks off.

LOG4J is a serious attack on all computers, even home computers. The world is in a uproar over it, especially if the wrong people use it:

I'm computer stupid but maybe some of you smart ones on here can explain it in terms a kid can understand:

https://www.cnet.com/tech/services-and-software/log4j-software-bug-cisa-issues-emergency-directive-to-federal-agencies/

rick1 wrote:LOG4J is a serious attack on all computers, even home computers. The world is in a uproar over it, especially if the wrong people use it:

I'm computer stupid but maybe some of you smart ones on here can explain it in terms a kid can understand:

https://www.cnet.com/tech/services-and-software/log4j-software-bug-cisa-issues-emergency-directive-to-federal-agencies/

From the Article:
"First published on Dec. 14, 2021 at 5:00 a.m. PT."

Might explain the slew of software security updates I have seen in the past week.
Got one coming in, right now.

EDIT to ADD: good news, that patch, like the rest of them, this week, was fairly quick.

In the past couple of days, I have had two more "software updates."

I kinda like the way most software packages update themselves today, although it still unnerves me, a bit, plus the pair of systems that make the automatic updates work eats a lot of processor power, running in the background, a few times every hour. (Wish I could set them to run just one time, each day.)

Cyber espionage tool, VAJRASPY RAT, is infecting Andriod devices by 3rd party:

https://www.foxnews.com/tech/what-you-need-to-know-about-vajraspy-rat-the-cyber-espionage-tool-that-infiltrated-google-play

Cyber attack on United Health, 9 days ago and still spreading. Just imagine if this was our electric grid:

https://www.cbsnews.com/news/unitedhealth-cyberattack-cloud-based-network-cybersecurity/

rick1 wrote:Cyber attack on United Health, 9 days ago and still spreading. Just imagine if this was our electric grid:

https://www.cbsnews.com/news/unitedhealth-cyberattack-cloud-based-network-cybersecurity/

If it was the electric grid, it wouldn't take 9 days.

rick1 wrote:Cyber attack on United Health, 9 days ago and still spreading. Just imagine if this was our electric grid:

https://www.cbsnews.com/news/unitedhealth-cyberattack-cloud-based-network-cybersecurity/

Just read a bit from the link you provided.

Is this a new problem?
Absolutely not. A study published in JAMA Health Forum in December 2022 found that the annual number of ransomware attacks against hospitals and other providers doubled from 2016 to 2021.

"It's more of the same, man," said Aaron Miri, the chief digital and information officer at Baptist Health in Jacksonville, Florida.

And, in seven years, they haven't found a way to stop this?

Or is stopping it, not a priority?

I suspect, it is not a priority.

Thought this was an interesting report that I hadn't heard about the initial incident (from October 2023.)

Article link:
https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

Report link:
https://blog.lumen.com/the-pumpkin-eclipse/

Basically malware was used to brick over 600k routers from Windstream that were connecting home users to the Internet. The affected devices needed to be physically replaced to recover from the infection.

Most concerning from the report:

Chalubo Bot – Main Payload
While our report is focused upon the MIPS variant of the malware, we have discovered payloads designed for all the major SOHO/IoT kernels variants such as ARM, MIPS, PowerPC, etc.

And I have to disagree with their conclusion:

Conclusion
Black Lotus Labs has reported on SOHO activity from hacktivist, cybercriminals and nation-state actors over the past several years. However, this investigation stood out for two reasons. First, this campaign resulted in a hardware-based replacement of the affected devices, which likely indicates that the attacker corrupted the firmware on specific models. The event was unprecedented due to the number of units affected – no attack that we can recall has required the replacement of over 600,000 devices. In addition, this type of attack has only ever happened once before, with AcidRain used as a precursor to an active military invasion. At this time, we do not assess this to be the work of a nation-state or state-sponsored entity. In fact, we have not observed any overlap with known destructive activity clusters; particularly those prone to destructive events such as Volt Typhoon, or SeaShell Blizzard.

Personally I think this was a proof of concept/test run to see if it could be done, and Windstream has a spotty support record (the school I work at has them as a phone provider and I could go on for hours on the screwups from their support personnel....)

If the perpetrator has penetrated enough other ISPs this could be used to disconnect wide swathes of the public Internet. The chaos would be perfect cover for almost anything since the public would be highly distracted.... Or worse, this could be used directly on critical infrastructure routers to disconnect them from each other and the rest of the Internet.

Most troubling is that there is literally nothing we can do about this kind of attack - it's all up to the ISPs to protect our devices. Hopefully cellphones would keep working or over the air TV or radio stations would have news about what's going on. But so many Americans have a serious case of Internet Addiction and withdrawal wouldn't be pleasant.

Isn't technology grand?