Tag: Cyberattack

Categories
World News

A whole bunch of Companies, From Sweden to U.S., Affected by Cyberattack

Hundreds of Businesses, From Sweden to U.S., Affected by Cyberattack

Hundreds of businesses around the world, including one of Sweden’s largest grocery chains, grappled on Saturday with potential cybersecurity vulnerabilities after a software provider that provides services to more than 40,000 organizations, Kaseya, said it had been the victim of a “sophisticated cyberattack.”

Security researchers said the attack may have been carried out by REvil, a Russian cybercriminal group that the F.B.I. has said was behind the hacking of the world’s largest meat processor, JBS, in May.

In Sweden, the grocery retailer Coop was forced to close at least 800 stores on Saturday, according to Sebastian Elfors, a cybersecurity researcher for the security company Yubico. Outside Coop stores, signs turned customers away: “We have been hit by a large IT disturbance and our systems do not work.”

Mr. Elfors said a Swedish railway and a major pharmacy chain had also been affected by the Kaseya attack. “It’s totally devastating,” he said.

Asked about the cyberattack after he landed in Michigan on Saturday on a trip to celebrate Covid-19’s retreat in the United States, President Biden said he had been delayed in getting off the plane because he was being briefed about the attack. He said he had directed the “full resources of the federal government” to investigate. “The initial thinking was it was not the Russian government, but we’re not sure yet,” he said.

Victims of the breach were hit through a Kaseya software update, Kevin Beaumont, a threat researcher, said. Instead of getting Kaseya’s latest update, they received REvil’s ransomware. Kaseya was initially breached through a previously unknown vulnerability in its systems — known as a “zero day” because when such vulnerabilities are discovered, software makers have zero days to fix it. In the meantime, cybercriminals and spies can use the vulnerability to wreak havoc.

Mr. Beaumont said the attack marked a serious escalation in the tactics of ransomware gangs. In previous attacks, REvil was known to break in through a combination of phishing, stolen passwords or a lack of multifactor authentication.

Dutch researchers said they had reported the vulnerability to Kaseya, but the company was still working on a patch when it was breached and its software updates were compromised, according to people briefed on the timeline.

The attack became public on Friday, when Kaseya said that it was investigating the possibility that it had been the victim of a cyberattack. The company urged customers that use its systems management platform, called VSA, to immediately shut down their servers to avoid the possibility of being compromised by attackers.

“We are experiencing a potential attack against the VSA that has been limited to a small number of on-premise customers only,” Kaseya posted on its website, referring to organizations that keep their software at their own sites rather than housing it with a cloud provider. “We are in the process of investigating the root cause of the incident with the utmost vigilance.”

Fred Voccola, Kaseya’s chief executive, said in a statement on Saturday that less than 40 customers had been affected by the attack, but those customers include so-called managed service providers, which can each provide security and tech tools to dozens or even hundreds of companies.

That has magnified the attack’s severity, said John Hammond, a researcher at the cybersecurity company Huntress Labs.

“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Mr. Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

Some of the affected companies were being asked for $5 million in ransom, Mr. Hammond said. Thousands of companies were at risk, he said.

The United States Cybersecurity and Infrastructure Security Agency described the incident in a statement on its website on Friday as a “supply-chain ransomware attack.” It urged Kaseya’s customers to shut down their servers and said it was investigating.

Hackers have carried out a slate of prominent cyberattacks against U.S. companies in recent months, including JBS and Colonial Pipeline, which moves fuel along the East Coast. Both were ransomware attacks, in which hackers try to shut down systems until a ransom is paid. The video game company Electronic Arts was also recently hacked, but its data was not held for ransom.

Nicole Perlroth and David E. Sanger contributed reporting.

Categories
Business

JBS cyberattack might strain restaurant margins, analysts say

JBS cyberattack could pressure restaurant margins, analysts say

A worker walks past a mural outside the JBS SA pork processing facility in Louisville, Kentucky, United States on Friday, June 5, 2020.

Luke Sharrett | Bloomberg | Getty Images

The cyberattack on JBS, the world’s largest meat packer, could make restaurants painful if the situation is not resolved quickly, analysts say.

On Tuesday, the Brazilian company said in a statement that it had made “significant strides” in resolving the ransomware attack that was affecting operations in North America and Australia. JBS expects the vast majority of its factories to be back up and running on Wednesday. She initially disclosed the attack on Monday.

Meanwhile, beef prices have risen. The U.S. Department of Agriculture reported that select cuts of beef rose 1.1% to $ 334.56 per 100 pounds on Tuesday. According to the Steiner Consulting Group, JBS accounts for about 23% of the total cattle capacity in the USA.

Andrew Strelzik, an analyst with BMO Capital Markets, wrote in a statement Tuesday that he expects the price environment to normalize once the plants go fully into production. Most large restaurant chains have contracts with their main suppliers to protect them from short-term outages like the JBS attack, according to Strelzik.

“We don’t expect any significant margin impact for restaurants that adopt a relatively quick fix,” he said.

Longer impacts on JBS operations could have bigger ramifications for restaurants that serve beef, including shortages or prolonged inflation.

Truist analyst Jake Bartlett compared the situation to a fire at a Tyson Foods plant in 2019 that affected 5% to 6% of US supply and led to a surge in beef prices the following month.

“The shutdown of the JBS facility is affecting more of the supply, but the supply disruption is likely to be for a much shorter period of time (the Holcomb facility reopened in ~ 5 months),” wrote Bartlett. “This is a bad time to disrupt supply, however, as increasing demand is already straining the supply chain.”

The summer months are already a time of higher demand for beef as the barbecue season begins. Bartlett said he didn’t know which restaurant chains depend on JBS for their beef supplies, but pointed out that Texas Roadhouse, Shake Shack, Burger King franchisees Carrols Restaurant Group, Cracker Barrel and Darden Restaurants are the companies he’s working with covers the highest exposure to beef.

Categories
Business

Gasoline futures bounce as a lot of significant pipeline stays shutdown following cyberattack

Ransomware attack forces shutdown of largest fuel pipeline in the U.S.

Signage will be displayed on a fence at the Colonial Pipeline Co. Pelham intersection and terminal in Pelham, Alabama, USA on Monday, September 19, 2016.

Luke Sharrett | Bloomberg | Getty Images

Fuel prices rose in stores on Sunday evening as one of the largest pipelines in the US remains closed after a cybersecurity attack.

West Texas Intermediate’s crude oil futures, the US oil benchmark, rose 47 cents to $ 65.37 a barrel. The international benchmark Brent crude was trading at $ 68.76 a barrel, which translates into a profit of 48 cents. Natural gas futures were trading at $ 2.96 per million British thermal units, while gasoline futures rose 3% to $ 2.193 per gallon.

Colonial Pipeline announced Sunday evening that some of its smaller side lines between terminals and delivery points are back online, but the main lines are still down.

“We are in the process of restoring service to other side panels, and will only bring our entire system back online if we believe it is safe and fully comply with all federal regulations,” the company said in a statement.

How quickly service is restored in the pipeline remains the deciding factor. While fuel depots are usually stored for a few days in tank farms, a prolonged outage can lead to an increase in fuel prices.

The Colonial Pipeline, which operates the largest pipeline transporting fuel from the Gulf Coast to the northeast, “suspended all pipeline operations” on Friday evening as a proactive measure following a ransomware cyberattack.

The pipeline is an essential part of the US petroleum infrastructure and transports around 2.5 million barrels of gasoline, diesel fuel, heating oil and jet fuel every day. The pipeline is more than 5,500 miles and carries nearly half of the east coast’s fuel supply. The system also supplies fuel to airports, including in Atlanta and Baltimore.

“Without this there is no transport in the region, so it is important that the pipeline is back on stream as soon as possible,” said Patrick De Haan, Head of Petroleum Analysis at GasBuddy. “The effects will potentially increase exponentially after about day 5,” he added.

President Joe Biden was notified of the pipeline’s closure Saturday morning, and the Department of Homeland Security’s cybersecurity and infrastructure security agency is coordinating with the Colonial Pipeline.

US Secretary of Commerce Gina Raimondo said on Sunday that “everything is on deck at the moment”.

“We are working closely with the company, state and local authorities to ensure that they are back to normal operations as soon as possible and that there are no disruptions in supply,” she told CBS ‘Face the Nation.

The pipeline failure comes as Americans start traveling again as restrictions are lifted and Covid vaccination rollout accelerates. On Friday, the TSA checked more than 1.7 million passengers, the highest figure in more than a year.

“The colonial outage comes at a critical time for the recovering US economy: the start of the summer driving season,” said ClearView Energy Partners. “Persistent disruption that causes pump prices to rise significantly could increase the prospect of domestic policy intervention,” the company added.

The national average for a gallon of gasoline was $ 2,962 on Sunday, up 60% year over year, according to AAA.

Become a smarter investor with CNBC Pro.
Get stock picks, analyst calls, exclusive interviews and access to CNBC TV.
Sign in to start a free trial today

– CNBC’s Emma Newburger contributed to the coverage.

Categories
Politics

Cyberattack Forces a Shutdown of a High U.S. Pipeline Operator

Cyberattack Forces a Shutdown of a Top U.S. Pipeline Operator

A cyber attack forced the shutdown of one of the largest pipelines in the United States in what appeared to be a major attempt to disrupt the vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the east coast from Texas to New York.

The system’s operator, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500-mile pipeline, which carries 45 percent of the east coast’s fuel supplies, to contain the attack on its computer networks. There was disruption along the pipeline earlier on Friday, but it was unclear whether this was a direct result of the attack.

Colonial’s pipeline transports 2.5 million barrels daily, transporting refined gasoline, diesel fuel, and jet fuel from the Gulf Coast to New York Harbor and major New York airports. Most of it goes to large storage tanks, and since the pandemic has dampened energy consumption, the attack was unlikely to cause immediate disruption.

In the statement, the company said it learned on Friday that it was “a victim of a cybersecurity attack,” but did not provide details. Such an attack could be malware that terminates its operation or ransomware that requires payment to unlock computer files or systems.

“In response, we have proactively taken certain systems offline to contain the threat that has temporarily halted all pipeline operations and impacted some of our IT operations,” the company said regarding information technology systems.

It said it contacted law enforcement and other federal agencies. The FBI is leading such investigations, but critical infrastructure is the responsibility of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

The breach comes just months after two major attacks on American computer networks – the penetration of SolarWinds by the main Russian intelligence agency and another attack on a Microsoft email service attributed to Chinese hackers – that illustrate the vulnerability of the networks where the government operates and businesses rely.

While both of these attacks were initially aimed at stealing email and other data, the nature of the intrusions created “back doors” that experts say could ultimately allow attacks on the physical infrastructure. So far, it is believed that none of the efforts resulted in anything other than data theft.

The Biden government announced sanctions against Russia for SolarWinds last month and is expected to issue an executive order in the coming days that will take measures to secure critical infrastructure, including calling for more security for providers providing services to the federal government.

The United States has long warned that Russia implanted malicious code on power grids, and the United States responded a few years ago by injecting similar code into the Russian grid.

However, actual attacks on energy systems are rare. About a decade ago, Iran was blamed for an attack on the computer systems of Saudi Aramco, one of the world’s largest manufacturers, in which 30,000 computers were destroyed. This attack, which appeared to come in response to the US-Israeli attack on the Iranian nuclear centrifuges, had no effect on operations.

Another attack on a Saudi petrochemical plant in 2017 nearly triggered a major industrial disaster. But it was quickly closed, and investigators later attributed it to Russian hackers. That year someone briefly took control of a water treatment plan in a small Florida town in what appeared to be an attempt to poison the supply, but the attempt was quickly stopped.

Categories
Politics

After Russian Cyberattack, In search of Solutions and Debating Retaliation

After Russian Cyberattack, Looking for Answers and Debating Retaliation

Testimony at the hearing included Sudhakar Ramakrishna, the new CEO of SolarWinds, who took over weeks after the breach was discovered and has since withdrawn from the intruder. He informed the Senate Committee that the Code had been removed from the company’s products. However, this is of little use to government agencies and companies that have already been breached, as the hackers can roam free once they are on their target computer networks.

Mr Ramakrishna also said that SolarWinds is still unclear how the Russian hackers got into the software they developed and embedded themselves there as early as fall 2019. When asked about the possibility of JetBrains making software tools, which will speed development and testing, Mr. Ramakrishna said there is still no evidence. The New York Times reported in January that an investigation was underway against JetBrains, but the company’s officers, some of whom are Russian, said there was no evidence.

Mr Smith, who has called for a “Geneva Digital Convention” that would create standards that preclude some types of attack, estimated that “at least a thousand very skilled, capable engineers” were involved in the hacking.

“This was an act of ruthlessness in my opinion,” he said, as it infected thousands of systems that the Russians had no interest in giving them access to only a few. “It was done in a very indiscriminate way.”

Mr Warner, Senator Marco Rubio of Florida, the senior Republican on the committee, and others repeatedly stated that Amazon – which runs the CIA’s network cloud services and seeks other major federal contracts – was the only company that refused to join Sending senior executives to explain his role in hacking. Amazon has not publicly said anything about what it knew about the command and control operation performed by its servers in the United States.

This is a critical problem as the hackers seem to have understood that American intelligence agencies are prohibited from investigating network activity in the United States. By initiating the attack within American borders, they took advantage of domestic privacy to avoid being detected.

Several senators said they were concerned that once such a technique was known, it would be widely used by others. “The basic question is how we missed that and what are still missing.” Mr Rubio said.

Categories
World News

Pompeo Says Russia Was Behind Cyberattack on U.S.

Pompeo Says Russia Was Behind Cyberattack on U.S.

They injected malware that would give them widespread access to computer systems after government agencies and corporations installed the updates. From there, they were able to build “back doors” that allowed them to come and go, steal data, and – although it does not seem to have happened yet – modify data or launch destructive attacks.

“This was a very common cybersecurity event,” said Brad Smith, president of Microsoft Corporation, in an interview on Thursday evening. “And I would argue that this is more than just espionage. It is the creation of a broad vulnerability in the supply chain that requires a different type of response. It has created a vulnerability to the world in a way that other spying techniques do not. “

Mr. Smith called it “a moment of reckoning”.

While Mr Trump began his tenure with a strong cybersecurity team in the White House, his third national security adviser, John R. Bolton, ousted them and eliminated the post of cyber czar with direct access to the president. The new National Defense Approval Act, which Mr Trump threatens to veto for other reasons, would re-create such a post. This is one of several recommendations from a non-partisan Cyberspace Solarium commission that issued a report earlier this year before the Russian attack became known.

But by the time Mr. Pompeo, who headed the CIA for the first two years of the Trump administration, made his assessment in an interview on “The Mark Levin Show,” the administration had all but ignored the attack in public – perhaps it realized that it was an administration, which came into office after Russia interfered in the 2016 elections, fell victim to one of Russia’s best-executed cyberattacks.

“This has been a very significant effort,” said Pompeo, adding, “we’re still unwrapping exactly what it is.” He said he expected most of the details to be kept secret.

He didn’t mention that the hackers had come to his own place of work – the State Department – nor did he say if they were just in unclassified rooms. Nor did he mention the fact that the Treasury Department and American nuclear laboratories like Los Alamos were hit.

“We failed to scare off the Russians,” said Delaware Senator Chris Coons, a Democrat close to Mr Biden, on Thursday. “We’ll see Putin stop this action if we stop him,” he said. “It’s just as aggressive for our intelligence and military systems as anything in my life.”