Cyber Ops
The Senate Armed Services Committee is asking the Department of Defense for greater clarity and formalization of its cyber operations.
- 200-201 CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals. The Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) exam is a 120-minute assessment for the Cisco Certified CyberOps Associate certification and is aligned with the associate-level cybersecurity operations analyst job role.
- Cyberspace operations management, utilization, and planning principles; These are just the entry level knowledge tasks that all cyberspace operations officers will learn, after which you will move on to a more specialized education and training. Related Article – Air Force Cyber Warfare (1B4X1): Career Details.
Cyber operations (Cyber Ops) is a specialization of information security that is in high demand within areas of the government and military, including the National Security Agency (NSA). If you have an interest in working for the NSA, or a similar organization, certification in. The National Security Agency designated the University of Arizona’s Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 20 Cyber programs in the nation.
In its version of the annual defense policy bill — which passed the committee last week, though full text of the language was only made public this week — the committee takes aim at U.S. Cyber Command’s so-called hunt forward operations.
Hunt forward operations involve teams from Cyber Command physically deploying to other nations to assist them with cyber defense. These operations provide American cyber teams insight into tactics that could be turned against U.S. networks or used to disrupt the elections process, officials have maintained.
How ‘hunt forward’ teams can help defend networks
The Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy systems that would help cyber operators perform “hunt forward” missions, where teams deploy to other countries to stop malicious cyber activity.
Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government security officials said on Sunday that they were fighting to contain.
“We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this time.”
Reuters reported that foreign nation-backed hackers have been monitoring email traffic at the Treasury Department and Commerce Department’s National Telecommunications and Information Administration, and the attackers apparently used similar tools to breach other agencies.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the White House’s National Security Council.
NTIA has been breached and U.S. investigators suspected that other agencies have been, too, said a U.S. official familiar with the investigation. A common denominator in the malicious activity appears to be an interest in leveraging Microsoft 365, the person said. The FBI is on site responding to the NTIA breach, and U.S. Cyber Command is also assisting with the investigation, the official added.
“We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” a CISA spokesperson said.
The Washington Post first reported that the Russian hacking group known as APT29, or Cozy Bear, was behind the campaign. The breaches were reportedly carried out on behalf of the Russian intelligence agency SVR. The same hacking group is suspected to be behind the breach at FireEye, announced last week.
The Treasury Department did not respond to requests for comment.
Sean Lyngaas contributed to this story.
The post Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers appeared first on CyberScoop.
BlackBerry researchers on Friday revealed new details about a ransomware strain that emerged this summer that hackers are peddling as a ransomware service for hire.
It is unclear who exactly is behind the ransomware, called MountLocker. Within the last month, though, the scammers behind the ransomware have updated it several times in an effort to bypass detection, according to the researchers.
MountLocker, which security professionals initially uncovered in July, according to the U.K. National Health Service Digital, tends to encrypt targets’ files like traditional ransomware strains. Affiliates now are using MountLocker to run extortion and blackmail schemes in an effort to compel larger payouts from victims, according to BlackBerry. In some cases, the ransom demands have been seven figures.
It’s the latest ransomware strain to take part in the extortion tactic, which the FBI and security researchers have been warning about for months.
MountLocker affiliates have largely relied on commercially available tools, such as AdFind, to conduct network reconnaissance, and a hacking tool known as Cobalt Strike Beacon, to spread laterally in victim networks, according to BlackBerry.
Affiliates typically use remote desktop tools and stolen credentials to gain access to targets, researchers say. BlackBerry did not share specific details about the victims.
Prior reports suggested that the MountLocker hackers were behind a recent cyberattack against Sonoma Valley Hospital, though the hacking group has denied involvement, according to DataBreaches.net. Sonoma Valley Hospital attributed the attack to a suspected Russian “threat actor” earlier this week.
Other reported victims include Swiss security firm Gunnebo, Germany-based ThyssenKrupp System Engineering, Germany-based biotechnology firm Miltenyi Biotec, U.S.-based manufacturer Memry and Taiwan-based Makalot, a garment manufacturer.
It is still early days for tracking MountLocker, says Allan Liska, an analyst at Recorded Future. “While other ransomware actors boast dozens or hundreds of victims on their extortion site, MountLocker has yet to crack double digits,” Liska said.
MountLocker remains worth observing because it expands the playing field for hackers who are interested in leveraging ransomware against targets, according to Liska.
“The problem is more with the affiliates who participate in their [ransomware-as-a-service] program, they tend to be inexperienced, especially when compared to … other offerings,” Liska said. “If the affiliates do manage to gain access the tools these teams use, such as AdFind and Cobalt Strike — tools used by most ransomware actors at this point — have become so easy to use that everything can be heavily scripted, giving even less experienced ransomware operators a chance at success.”
The BlackBerry researchers warned that the hackers have struck a range of targets, even if its public list of victims is much smaller.
“The site is currently listing five victims; we believe the actual number to be far greater,” the researchers write. “The MountLocker Operators are clearly just warming up. After a slow start in July they are rapidly gaining ground, as the high-profile nature of extortion and data leaks drive ransom demands ever higher.”
The post MountLocker ransomware hackers upgrade covert approach appeared first on CyberScoop.