Yazılar

CISA Reports No Indication of Broader Impact from Treasury Department Cyber Breach

/in /tarafından

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated on Monday that there is “no indication” the recent cyber breach at the U.S. Treasury Department has affected any other federal agencies. This followed a report that Chinese hackers compromised several computers at the Treasury, stemming from a breach at cybersecurity contractor BeyondTrust.

While BeyondTrust confirmed that a limited number of its clients were affected, the company has not provided further details regarding which clients may have been impacted. The forensic investigation into the breach is still ongoing, and BeyondTrust has yet to confirm additional details about the scope of the attack.

Reports have suggested that the hackers specifically targeted the U.S. Treasury office responsible for administering economic sanctions, likely aiming to access information about Chinese entities under consideration for U.S. financial sanctions. This attack is part of an ongoing series of cyber incidents attributed to Chinese state-sponsored actors.

Republican lawmakers have called for a briefing on the incident. In response, Chinese Embassy spokesperson Liu Pengyu dismissed the claims, calling the reports “irrational” and part of “smear attacks” against China.

 

Biden to Order Tougher Cybersecurity Standards Amid Growing China Hacking Threat

/in /tarafından

President Joe Biden is preparing to issue an executive order aimed at enhancing cybersecurity standards for federal agencies and contractors, as part of efforts to combat the escalating threat of cyberattacks linked to China and cybercriminal organizations. The new executive order, expected to be published in the coming days, seeks to address several high-profile cyberattacks attributed to China, targeting critical infrastructure, government agencies, major telecom firms, and most recently, the U.S. Treasury Department. While the U.S. government has attributed these hacks to China, Beijing has consistently denied involvement.

The proposed order emphasizes stricter standards for secure software development, including the need for vendors to provide detailed documentation that verifies adherence to these standards. The Cybersecurity and Infrastructure Security Agency (CISA) will be tasked with evaluating and validating this documentation through its software attestation program. Vendors whose software fails validation may face further legal action, as per the draft.

Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, expressed support for the effort to push for more secure software development but warned that the proposed attestation process might not go far enough. Kellermann pointed out that the timeline outlined in the order appears arbitrary given the urgency of the threat posed by China, Russia, and cybercriminal syndicates. “They’re already here,” Kellermann said, stressing the ongoing cyberattacks against U.S. critical infrastructure and government agencies, which have been fueled by foreign state actors.

The executive order also includes guidelines for the secure management of access tokens and cryptographic keys used by cloud providers. In 2023, Chinese-linked hackers exploited vulnerabilities in this area to access email accounts belonging to senior U.S. government officials, an issue that was highlighted by Microsoft.

Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne, acknowledged that the order builds on efforts from the past five years to strengthen cybersecurity capabilities, and emphasized that the Chinese threat is a major focus. However, he also noted that the U.S. faces a broad range of cybersecurity challenges that require ongoing attention.

The White House has declined to comment on the forthcoming order, and CISA did not respond to requests for comment.

 

Hackers Target Multiple Companies’ Chrome Extensions in Widespread Campaign

/in /tarafından

Hackers have compromised a variety of companies’ Chrome browser extensions in a series of cyberattacks that began in mid-December, according to affected firms and cybersecurity experts. One confirmed victim, Cyberhaven, a California-based data protection company, revealed the breach in a statement to Reuters on Friday.

“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the company said. It referenced cybersecurity experts’ findings, which indicated the breach was part of a broader campaign targeting Chrome extension developers across multiple organizations. The company also confirmed it is cooperating with federal law enforcement authorities in its investigation.

Browser extensions, often used to enhance user experience through features like auto-applying coupons or improving data management, were exploited in this campaign to compromise sensitive data. Cyberhaven’s Chrome extension is specifically designed to help monitor and secure client data across web-based applications.

Jaime Blasco, cofounder of Nudge Security in Austin, Texas, noted that Cyberhaven is not an isolated case. He identified several other compromised extensions, some impacted as early as mid-December. These included extensions related to artificial intelligence and virtual private networks (VPNs), suggesting an opportunistic approach aimed at collecting as much sensitive data as possible from a wide range of sources.

Blasco said, “I’m almost certain this is not targeted to Cyberhaven. If I had to guess, this was just random.”

The geographical reach of the campaign remains unclear. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) declined to comment, referring inquiries to the affected companies. Alphabet, the parent company of Google and maker of the Chrome browser, did not immediately respond to requests for comment.

This incident highlights the vulnerabilities associated with browser extensions and the potential for malicious actors to exploit them for broad data collection efforts. Experts urge developers and users alike to exercise caution and maintain robust security measures for extensions to prevent similar breaches.