Cyber attacks to government and business objectives in the US

(Spanish CNN) - Computer pirates have been active this year attacking government and business objectives in the United States, the last one to Accenture, a consultant who was the target of a ransomware attack by the Criminal Group Lockbit.

Before this, between May and July, several cyber attacks were announced: to the Kaseya software supplier;to the JBS USA supplier;and to the computer systems of more than 150 US government agencies.UU., according to Microsoft.

On the case of the 150 government agencies, Microsoft said that the most recent illegal intervention in computer systems was perpetrated by the "Nobelium" group.

These are the most recent attacks of a series of acts that have violated cybersecurity and raised alerts of the United States government.

In fact, President Joe Biden launched in April an effort to reinforce cybersecurity in the country's electricity grid, asking industry leaders to install technologies that could frustrate attacks on the supply.

publicidad

Only this year, more than two dozen government agencies in the United States have been affected, according to experts.

The Secretary of National Security, Alejandro Mayor, gave the alarm about these attacks in May, in a speech before the United States Chamber of Commerce before the Pipeline colonial was attacked, qualifying them as "existential threat" for companies.

Here we present a list of the most recent cyber attacks to different entities that have turned on the alarms.

T Mobile

T Mobile (TMUS) confirmed on August 16 that it was affected by data violation, but refused to say whether the personal information of customers was accessed or how generalized the damage can be.

The recognition of the company of a rape occurred after the computer pirates told Vice that they were selling "complete information from the client" obtained from the T Mobile servers, which belonged to what the computer pirates said they were more than100 million people.

Accenture

Accenture, worldwide consultant, was the target of an attack by the Ransomware Lockbit band, according to the cybercriminal group website.

Stacey Jones, an Accenture spokeswoman, confirmed the existence of a cybersecurity incident to CNN Business on Wednesday, August 11, but did not explicitly recognize a ransomware attack.

"Through our security controls and protocols, we identify an irregular activity in one of our environments," Jones said in a statement.

"We immediately contained the matter and isolate the affected servers.We have completely restored our affected systems from a backup.There was no impact on Accenture operations or our customers' systems ".

Kaseya

Kaseya software provider said on Monday, July 5 that "less than 1.500 secondary companies "were affected by a ransomware attack that affected companies around the world.

Los ciberataques a objetivos gubernamentales y empresariales en EE.UU.

"To date, we have knowledge of less than 60 Kaseya clients, all of which were using the local VSA product, who were directly committed to this attack," Kaseya said."While many of these clients provide IT services to many other companies, we understand that the total impact has been in less than 1.500 secondary companies.We have not found any evidence that none of our clients (of the cloud) has been compromised ".

Revil malware affected a wide range of IT management companies and committed hundreds of its corporate clients at the end of last week.

JBS

The JBS meat supplier USA paid a rescue of US $ 11 million in response to a cyber attack that led to the closing of its entire beef processing operation in the United States last week, the company said in a statement on Wednesday 9 ofjune.

The rescue was paid after the majority of the company's facilities were online again, says the JBS statement.

Cyberataque affected the servers that support JBS's IT systems in North America and Australia.The US government.UU.He attributed the ransomware attack on Revil, a criminal gang that is believed to have its headquarters in Russia or Eastern Europe.

Colonial Pipeline

A cyber attack for May 8 to the temporary closure of one of the largest pipelines in the United States, which highlights the already growing concerns about vulnerabilities in the country's critical infrastructure.

The operator, Colonial Pipeline, said the incident involves Ransomware.

Colonial, which transports more than 100 million gallons of gasoline and other daily fuels from Houston to the port of New York, according to its website, said that its operations were paused.

This even caused long lines to be formed in various service stations of several states.

"In response, we proactively disconnect certain systems to contain the threat, which has temporarily stopped all pipelines and has affected some of our IT systems," said the company in a statement in a statement in a statement.

Solarwinds

The US government was seen with effects at the end of last year by a cyber attack that compromised the systems of a third -party software provider and led to data leaks in several federal agencies, including the Department of Commerce, the Department of Energy and the armCybernetics of the National Security Department.

Solarwinds said in an investor presentation that up to 18.000 of its customers (of a total of 300.000) may have been executing software that contains the vulnerability that allowed hackers to penetrate the trade department.American officials suspect that computer pirates linked to Russia are behind hacking.

Solarwinds offers services to more than 425 companies in the American Fortune 500, says on a page on its website that has since been removed but is still accessible in the Internet file Wayback Machine.

Las firmas enumeradas en la página incluían grandes nombres como Cisco, AT&T, Microsoft, Comcast y McDonald's, así como los gigantes financieros Visa y Mastercard.

DC police

Nor the security guardians are safe from the computer pirates.

The personnel archives of some agents of the Washington Metropolitan Police Department were obtained in a ransomware attack in early May, said the interim police chief of the department.

Robert Conse wrote in an email to staff: "I can confirm that human resources related files were obtained with personal identification information (PII).As we continue to determine the size and scope of this infraction, keep in mind that the mechanism that allowed unauthorized access "was blocked".

The attackers had published a rescue note claiming that they had stolen more than 250 GB of data and threatening to publish the material if they were not paid.The Babuk Ransomware Group claimed credit for the attack, publishing screenshots of the note that were marked by cybersecurity researchers.

Press Secure VPN

At least five federal civil agencies seem to have been attacked, according to a senior official of the Cybersecurity and Infrastructure Security Agency.

Computer pirates with alleged links with China repeatedly took advantage of vulnerabilities in Press Secure VPN, a widely used remote connectivity tool, to obtain access to government agencies, defense companies and financial institutions in the United States and Europe, showed a report published toearly May.

"CISA is aware of five federal civil agencies that have executed the Pulse Connect Secure Integrity Tool tool and identified indications of possible unauthorized access," said Deputy Deputy Director Deputy Cybersecurity Matt Hartman in a statement.

For its part, in a blog post, Pulse Secure said that the fault affected a "very limited number of customers" and that a more permanent software update to address this vulnerability will be issued in early May.

LinkedIn

Users learned that the information subtracted from around 500 million LinkedIn users profiles is part of a database published on sale on a popular website among hackers, the company confirmed in the first days of May.

The sale of the data was first reported by the Cybernews cybersecurity news and research site, which said a file that includes user ID, names, email addresses, telephone numbers, genres, professional titles and links to links toOther social media profiles were being auctioned in the forum for a sum of four figures.

According to LinkedIn, the database for sale "is actually an aggregation of data from a series of websites and companies".The data of LinkedIn users include only information that people who appear publicly in their profiles, said the social social media site, which is owned by Microsoft (MSFT), in a statement.

"This is not a LinkedIn data filtration, and no private member account data was included in what we have been able to review," said the company.

Facebook

Personal information of about 500 million Facebook users, including their phone numbers, was published on a website used by hackers, they say cybersecurity experts.

There are records of more than 32 million accounts in the United States, 11 million in the United Kingdom and 6 million in India, according to Alon Gal, the CTO of the cyber intelligence firm Hudson Rock.

The details in some cases included full name, location, birthdays, email addresses, telephone number and relationship status, he said.

"These are old data that were previously reported in 2019.We found and fix this problem in August 2019, "said Facebook Andy Stone spokesman for CNN.

Verkada

The Verkada Security Chamber Company, based in the cloud, confirmed that it recorded a cybersecurity incident after multiple reports that said the hackers had violated customer video sources in a wide range of business.

The incident, which was first reported by Bloomberg, allowed intruders to access the sources of up to 150.000 Security Chambers of Verkada, such as Tesla's manufacturer, the Fitness Equinox company and the Internet Security Company Cloudflare.

Cloudflare told CNN Business that he uses verkada systems to monitor the entrance points to the office and the roads, and that Verkada had contacted to notify the company that its cameras could have been compromised.Cloudflare said that none of the data of their own clients had been affected by the verkada filtration.

"The cameras were located in offices that have been officially closed for almost a year," said the company.

CiberseguridadHackersSeguridad Informática