LW’s NEWS WRAP: Dutch spies corroborate Russia’s meddling in U.S. election — and 19 EU nations

By Byron V. Acohido

Last Watchdog’s News Wrap, Vol. 1, No. 4. Even more substantive corroborating evidence of Russia’s proactive interference in the 2016 U.S. presidential election comes from the Netherlands. European news reports detail how a Dutch intelligence agency secretly hacked into the Kremlin’s most notorious hacking group, Cozy Bear, and tracked Cozy Bear’s election tampering activities.

Dutch spies passed all of this information along to the CIA and NSA, including details of Russia hacking into the Democratic National Committee and other evidence the presumably is contributing to the ongoing FBI investigation, led by Special Counsel Robert Mueller.

What’s more the Dutch agency passed along evidence of Russian attacks targeting elections in at least 19 European nations. Perhaps, Mueller will draw a line the sand that puts a stop to Russian hackers operating with impunity in the U.S., and elsewhere.

Disastrous cloud hack scenarios

Lloyds of London has put out some research that demonstrates just how vulnerable cloud computing really is.  The insurance underwriting behemoth has constructed what it’s calling a “plausible scenario” of how a cyber attack could cause a catastrophic three-day cloud outage.

If just one of the major cloud players goes down for three days – think AWS, Google Cloud or Microsoft Azure – Lloyd’s has 95% confidence that something like this would happen:

•The U.S. would sustain economic losses of $11 billion to $19 billion

•Businesses outside the Fortune 1,000—relying more on the cloud—will incur 63% of losses

•Fortune 1,000 companies will incur 37% of economic losses

• Manufacturing would see direct economic losses of $8.6 billion

•Wholesale and retail trade sectors would see economic losses of $3.6 billion

•Information sectors would see economic losses of $847 million

•Finance and insurance sectors would see economic losses of $447 million

•Transportation and warehousing sectors would see economic losses of $439 million.

Maybe it’s time Amazon, Google and Microsoft start doing more to defend their crown jewels; by that I mean the cloud infrastructure services that are reaping them handsome profits at the moment.

In service of crypto mining

Intelligence sharing this week from Proofpoint peels the curtain back on how hackers are making millions infecting company servers, and then using that stolen computing power to mine crypto-currency, specifically collecting millions of dollars worth of Monero.

Imperva researcher Nadav Avital says the harm caused to the companies whose servers are hijacked and then redirected to cryptocurrency mining tasks is material.

Avital

“The crypto-mining malware uses all CPU computing power, preventing the CPU from doing other tasks,” Avital says. “For example, if the infected machine is a web server, then users browsing the web application will experience major slowdown in pages loading time up to a point where the application cannot be used.”

Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, observes that these Monero miners are leveraging hacking tools stolen from the NSA, and borrowing other techniques from the hacking group responsible for WannaCry.

Bilogorskiy

“We’ve  observed a trend of combining cryptocurrency monetization with self-spreading, exploit-based propagation,” Bilogorskiy says. “This was started by WannaCry last year, which spread through Eternal Blue exploits and asked for ransom.”

Proofpoint details how these innovative bad guys have assembled the collective horsepower of enough infected servers to  mine approximately 8,900 Monero, valued at between $2.8 million and $3.6 million.

Shedding bad apps

Let’s all applaud Google for setting the record straight this week on the extent of its clean-up efforts of Google Play. The search giant

Disclosed that through the course of 2017 it excised 700,000 apps from Google Play for violating marketplace policies.

“Last year we’ve more than halved the probability of a user installing a bad app, protecting people and their devices from harm’s way, and making Google Play a more challenging place for those who seek to abuse the app ecosystem for their own gain,” says Andrew Ahn, via a Tuesday blog post.

Booted apps included those with inappropriate content, potentially harmful applications and malicious copycat apps. Example of rogue apps: 22 Android flashlight and utility apps designed to generated illegal ad revenue and some 60  “AdultSwine” apps that, in some cases,  generated pornographic ads on apps aimed at children.

“Despite the new and enhanced detection capabilities that led to a record-high takedowns of bad apps and malicious developers, we know a few still manage to evade and trick our layers of defense. We take these extremely seriously, and will continue to innovate our capabilities to better detect and protect against abusive apps and the malicious actors behind them,” Ahn wrote.

(Editor’s note: LW’s NEWS WRAP is an aggregation of published articles, postings and releases supplemented by additional reporting.)

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone