Skip Navigation

Critical Infrastructure News


Police warn of new phone scam in Maryland

PIKESVILLE, Md. - On Monday a Baltimore County woman called Maryland State Police stating she had received a call from the number 410-653-4241 which read on her caller id as “Maryland State Government,” which is a number for the Maryland State Police Office of Media Communications. However, when she answered the call, it was a recording to offer credit card services.

Maryland State Police want to make it clear that they have no connection to any credit card company and would never solicit such information or services over the phone from any resident.

If anyone receives such a phone call they should hang up, then contact their local state police barrack.


UK government: North Korea was behind the WannaCry cyber-attack that crippled health service

North Korea was behind a cyber-attack that derailed Britain's state-owned health service's IT systems, the U.K. government said Friday.

"I think we should perhaps remember that this attack, we believe quite strongly, that this came from a foreign state," U.K. Security Minister Ben Wallace told the BBC.

Asked which foreign state he believed was involved, Wallace said: "North Korea was the state we believe was involved in this worldwide attack on our systems."

Malicious software called "WannaCry" targeted a number of businesses, government entities and the U.K.'s National Health Service (NHS) earlier this year. A form of "ransomware", the software blocked access to a user's computer until a sum of money was paid to the attacker.

Asked how sure he was that North Korea was the actor behind the cyber-attack, Wallace said: "We can be sure as possible. I can't obviously go into the detail of intelligence, but it is widely believed in the (intelligence) community and across a number of countries that North Korea had taken this role."

Wallace called on Western nations to develop a "doctrine of deterrent," similar to nuclear deterrent strategy, to prevent further cyber-attacks.

"On a weekly basis, our systems are under attack from serious organized criminals using malware from abroad or even at home," he said.

Get Ready for the ‘Reaper’ Botnet: It’s Already Infected Over a Million Devices

Just in time for Halloween, a growing hacked device botnet named "Reaper" could put the internet in the dark.

Over a million internet-connected cameras and routers have already been infected, researchers with the Israeli-based firm Check Point says — and the number is growing.

"Our research suggests we are now experiencing the calm before an even more powerful storm," they warned last week. "The next cyber hurricane is about to come."

Related: Internet Outage Shows How Vulnerable Your Home Is

"Botnets" consist of vast networks of thousands and even millions of computer that have been infected with malware, enslaving them to do someone else's bidding. They can be commanded — usually without their owners' knowledge — to provide the raw computing power to take down websites and launch further cyberattacks.

Last fall, chunks of the internet went offline for hours when a botnet of hacked cameras called "Mirai" was used to launch a "distributed denial of service" or DDoS attack on a major internet infrastructure provider. Sites like the New York Times, Twitter, and Netflix were unreachable via their web addresses for several hours.

Now "Reaper" could make that botnet look like child's play.

"It's a very big deal," Avivah Litan, an analyst at Gartner, told NBC News.

Worse than last year's massive attack

The botnet spreads from hacked device to hacked device, sneaking in via known security vulnerabilities, according to an analysis by Chinese researchers at 360 netlab. The at-risk devices include several webcams and routers, including those by popular makers such as Linksys, Netgear, and dlink, none of whom provided a comment to NBC News in time for publication.

This is different from the attack last fall, which only used weak and default passwords to get into devices. It could easily be wiped just by rebooting the device. But the new botnet has automated basic hacking techniques in order to spread further. And by using known exploits it can get in and spread without raising any alarms.

"The potential here is even bigger than what Mirai had,” Maya Horowitz, the manager of Check Point’s research team, told Wired magazine. “With this version it’s much easier to recruit into this army of devices.”

Study Shows 30% of CEOs Have Been “Pwned,” Passwords Exposed

Nearly one in three major CEOs has been “pwned” using their company email address, according to a new F-Secure study of CEO email exposure. In other words, a service they access using their company email has been hacked and the password they use for that service has leaked. Without proper password practices, this potentially increases their susceptibility to targeted attacks.

The study, CEO Email Exposure: Passwords and Pwnage, delves into known company email addresses used by top executives from more than 200 of the biggest companies in ten countries. Researchers compared those addresses with F-Secure’s database of credentials leaked from breaches of online services. Among other findings:

  • The most common previously breached services for CEOs to link their company email with are LinkedIn and Dropbox.
  • The countries with the highest percentages of CEOs who’ve linked their email to these breached services are Denmark, at 62%, and the Netherlands, at 43%.
  • 81% of CEOs have had their email address and other personal information such as birthdates, addresses, and phone numbers exposed online in the form of spam lists or leaked marketing databases.
  • The countries with the greatest level of CEO info exposed on spam and marketing lists are the Netherlands, the UK and the USA, all at 95%.
  • Just 18% of CEOs have no leaks associated with their email address.

“This study once again underscores the importance of proper password hygiene,” said Erka Koivunen, Chief Information Security Officer at F-Secure. “The CEO’s credentials may have leaked even when they have done nothing wrong. We can assume that a many of the services we’ve created an account in have already been compromised and the old passwords are out there on the internet, just waiting for targeted, motivated attackers to try them against other services.”

U.S. warns public about attacks on energy, industrial firms

The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.

The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.

U.S. authorities have been monitoring the activity for months, which they initially detailed in a confidential June report first reported by Reuters. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

Department of Homeland Security spokesman Scott McConnell declined to elaborate on the information in the report or say what prompted the government to go public with the information at this time.

“The technical alert provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors and reiterated our commitment to remain vigilant for new threats,” he said.

The FBI declined to comment on the report, which security researchers said described an escalation in targeting of infrastructure in Europe and the United States that had been described in recent reports from private firms, including Symantec Corp.