Archive | Virus Cyberattack Alert RSS for this section

Cyberattack Strikes T-Mobile and Causes a Major Data Breach Targeting 40 Million Customers

Cyber Attack Alert

More than 40 million T-Mobile customers have been hit by a US data breach, the company has admitted.

It blamed the breach on a “highly sophisticated cyberattack”.

It said it is “taking immediate steps to help protect all of the individuals who may be at risk from this cyberattack”.

The firm said that while criminals stole personal information, no financial details were leaked as a result.

The breach only came to light following online reports last weekend that criminals were attempting to sell a large database containing T-Mobile customer data online.

The US telecom giant confirmed that hackers had gained access to its systems on Monday.

“Late last week we were informed of claims made in an online forum that a bad actor had compromised T-Mobile systems,” it said.

“We immediately began an exhaustive investigation into these claims and brought in world-leading cybersecurity experts to help with our assessment.

“We then located and immediately closed the access point that we believe was used to illegally gain entry to our servers.”

The company said its investigations identified approximately 7.8 million current T-Mobile postpaid customer accounts’ information in the stolen files, as well as just over 40 million records of former or prospective customers who had previously applied for credit with T-Mobile.

It said that approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were also exposed but that it had reset all of the PINs on the accounts to protect customers.

It added that no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of the files of customers or prospective customers.

“We take our customers’ protection very seriously and we will continue to work around the clock on this forensic investigation to ensure we are taking care of our customers in light of this malicious attack,” the company said.

“While our investigation is ongoing, we wanted to share these initial findings even as we may learn additional facts through our investigation that cause the details above to change or evolve.”

Hackers previously stole the personal information of 15 million T-Mobile customers and potential customers in the US in 2015.

There is no indication yet that former UK customers of T-Mobile have been hit by the data breach.

The company’s UK operation T-Mobile UK was rebranded as EE in 2012 and sold to BT in 2016 for more than £12bn.

Courtesy of BBC News

https://tinyurl.com/nkvjr9c7

Playstation, Amazon and online banks all down as major internet outage hits users

Major Internet Outage

Users of PlayStation, Amazon and online banks have all reported the services being down in a major internet outage.

Websites of several airlines, banks and technology companies including Amazon’s AWS, Delta Air Lines and American Express were among those facing outages, according to DownDetector.

Websites have not been loading and and have been displaying domain name system (DNS) service errors.

Thousands of gamers are said to be experiencing issues with the PlayStation Network.

PlayStation users took to social media to vent their frustration, reporting receiving messages such as “PlayStation network is currently busy”.

One said: “Gotta love it when the PlayStation servers are down on my day off.”

PlayStation have been advising users to try and use their Fix&Connect tool.

Issues with popular online banking services including HSBC, Lloyds and Barclays have also been reported.

HSBC users have reported issues with the app and internet banking.

One tweeted: “My mobile app has stopped working and the hsbc page online is down, are there problems ?? I needed to transfer money 20 minutes ago.(sic)”

Courtesy of mirror.co.uk

https://tinyurl.com/dtnbp6cu

HACK ATTACK – Hackers breach UK Foreign Office computers sparking fears of hostile state attack

Cyber Attack Alert

A FOREIGN Office outpost has been breached by hackers sparking fears of a hostile state attack, The Sun can reveal.

The Government’s Wilton Park agency based in Sussex was hit by a sophisticated cyber attack last month.

The facility was set up by Winston Churchill in 1944 to bring together diplomats, business and world leaders, and was struck by an attack shortly before Christmas.

Following an investigation by the National Cyber Security Centre, it is understood a significant number of individuals whose data was stored on Wilton Park’s computers servers have been warned their details may have been compromised in the attack.

The Foreign, Commonwealth and Development Office confirmed the digital assault had taken place but declined to comment on suspects.

But sources said they were confident the incident is not connected to the Solar Winds Orion hack that has blighted the US government in recent weeks and was blamed on Russia.

And insiders told The Sun no classified information was breached and the Wilton Park computers servers are separate to top secret Whitehall databases.

The NCSC are now working with the agency to strengthen their cyber defences.

The FCDO said: “We take data security very seriously. There is no evidence that data has been taken following a cyber incident at Wilton Park.”

Last year Foreign Secretary Dominic Raab warned: “There are various objectives and motivations that lie behind these attacks – from fraud on the one hand to espionage.

“But they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims.

“They’re often linked with other state actors, and we expect this kind of predatory criminal behaviour to continue to evolve over the coming weeks and months ahead, and we’re taking a range of measures to tackle that threat.”

An NCSC spokesperson said: “We are aware of this incident and have been working closely with the FCDO and partners to support the investigation.”

Courtesy of thesun.co.uk

https://tinyurl.com/ve7uvxi4

SolarWinds Hackers Breach US Nuclear Weapons Agency

Cyber Attack Alert

Department of Energy is responding to a cyber incident related to the SolarWinds compromise in coordination with our federal and industry partners. The investigation is ongoing and the response to this incident is happening in real-time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network. — Shaylyn Hynes, DOE Spokeswoman

Additional background: As part of its ongoing response, DOE has been in constant communication with our industry partners, including the leadership of the energy sector Subsector Coordinating Councils, and is also in regular contact with Electricity, Oil & Natural Gas (ONG), and Downstream Natural Gas (DNG) Information Sharing and Analysis Centers (ISAC).

Nation-state hackers have breached the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE).

NNSA is a semi-autonomous government agency responsible for maintaining and securing the US nuclear weapons stockpile.

The NNSA was established by the US Congress in 2000 and it is also tasked with responding to nuclear and radiological emergencies within the Unites States and abroad.

Officials familiar with the matter told Politico that federal investigators have found evidence of hackers gaining access to US DOE and NNSA networks as part of the ongoing US govt compromise campaign.

The Federal Energy Regulatory Commission (FERC), the Office of Secure Transportation, the Richland Field Office of the DOE, and Sandia and Los Alamos national laboratories were all hit according to the report.

The hackers have mainly focused their efforts at FERC according to the DOE officials, but they did not provide more details on the incident.

This series of attacks has led to the hacking of multiple US government networks as officially confirmed by the FBI, CISA, and the ODNI for the first time in a joint statement issued earlier today.

The list of US government targets compromised so far in this campaign also includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.

The group behind this compromise campaign, suspected to be the Russian state-sponsored APT29 (aka Cozy Bear), was present on the networks of hacked organizations for long periods of time according to a CISA alert from earlier today.

“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the agency said.

“CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

The backdoor used in these attacks, tracked as Solarigate or Sunburst, was distributed via SolarWinds’ auto-update mechanism onto the systems of roughly 18,000 customers.

SolarWinds’ customer list [1, 2] includes more than 425 US Fortune 500 companies, all top ten US telecom companies, as well as several government agencies including the US Military, the US Pentagon, the US Department of Justice, the State Department, NASA, NSA, Postal Service, NOAA, and the Office of the President of the United States.

However, CISA also said that it has “evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated.”

CISA has also issued an Emergency Directive following the string of confirmed US govt hacks asking federal civilian agencies to immediately disconnect or shut down affected SolarWinds Orion products on their networks.

Additionally, since the campaign was discovered, Microsoft, FireEye, and GoDaddy created a kill switch for the SolarWinds Sunburst backdoor that will terminate the infection on victims’ networks.

Courtesy of bleepingcomputer.com

https://tinyurl.com/y8bmbdvo

Hackney Council hit by ‘serious cyber attack’ London, UK

Cyber Attack Alert

Hackney Council says it has been hit by a “serious cyber attack”, which is affecting many of its services and IT systems.

The council says it is working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

It is not year clear what type of cyber attack has hit the council or whether residents’ data has been exposed.

In a statement on the council’s website, which is still up and running, Mayor Philip Glanville said: “Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.

“In the meantime, some council services may be unavailable or slower than normal, and our call centre is extremely busy,” he added.

“We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues.”

Courtesy of Sky News

https://tinyurl.com/y6drw3nw

#Hackers disrupt #website of #Russian #Embassy in #London, #UK for 20 hours

Cyber Attack Alert

Access to the website of the Russian Embassy in London remained unreliable for almost 20 hours after unidentified ‘hackers’ targeted it with a denial-of-service attack, the diplomatic mission said.

The attack started at about 16:30GMT on Monday, a spokesperson for the embassy told the media. By 12:00 on Tuesday, embassy IT staff managed to restore access, the report said.

“An investigation into what happened is underway,” the spokesperson said, adding that Russian diplomatic staff were apologizing to anyone whose plans may have been affected by the downing of the website.

Courtesy of rt.com

https://tinyurl.com/yxqoko7k

#Gatwick #Airport #Flights #Suspended After #SystemsIssue #CyberAttack?

A British Airways plane lands at Gatwick airport which had been closed after drones were spotted over the airfield Wednesday night and throughout Thursday.

Gatwick Airport says flights have been suspended due to an “air traffic control system issue” in the control tower.

Outbound and inbound flights will be delayed until at least 9pm, according to the Eurocontrol Netowrk Operations Portal.

A statement from Gatwick says: “Due to an air traffic control systems issue in Gatwick’s control tower, flights are currently suspended. We are working with ANS, our air traffic control provider, to rectify this issue as quickly as possible.

“We apologise and passengers should check with their airline directly or on our website flights page for the latest information on their flight.”

Due to an air traffic control systems issue in Gatwick’s control tower, flights are currently suspended. We are working with ANS, our air traffic control provider, to rectify this issue as quickly as possible.

— Gatwick Airport LGW (@Gatwick_Airport) July 10, 2019

UPDATE: 10 July 18.10: Due to an air traffic control systems issue in Gatwick’s control tower, flights remain suspended. We are working with ANS, our provider, to rectify this issue as quickly as possible. We apologise and advise passengers to check flight info with your airline.

— Gatwick Airport LGW (@Gatwick_Airport) July 10, 2019

The issue began at 5.08pm on Wednesday afternoon.

The airport say there is already a divert plan in place, and inbound flights are being sent to other airports.

Gatwick, in West Sussex, is Britain’s second busiest airport, behind Heathrow.

Courtesy of Sky News

https://tinyurl.com/y25jxow7

#YouTube, other #Google services are down in North #America, some parts of #Europe

YouTube, other Google services are down in North America, some parts of Europe

Google services, including YouTube and Gmail, have been down this Sunday afternoon. The US has been apparently affected the most, according to user reports.

Courtesy of rt.com

https://tinyurl.com/y67fo8sh