Your Tech Story

cyberattack

Swiss-Based Schlatter Faces IT Network Disruption After Cyberattack

Swiss-Based Schlatter Faces IT Network Disruption After Cyberattack

Swiss engineering firm Schlatter Industries announced on Monday that its IT network had been compromised by a cyberattack on Friday. The company, based in Switzerland, confirmed that the attack involved sophisticated malware, indicating it was likely executed by professional cybercriminals. The attackers attempted to extort the company, although Schlatter refrained from providing additional details on the nature or extent of the blackmail attempts.

Swiss-Based Schlatter Faces IT Network Disruption After Cyberattack

Image Source: thecyberexpress.com

The breach has prompted Schlatter to initiate an in-depth investigation to determine if any sensitive data was stolen during the incident. The company’s cybersecurity experts are currently working to restore all affected systems to full operational status. The incident marks a significant security challenge for Schlatter, a company known for its advanced engineering solutions, as it strives to safeguard its operations and data integrity.

Immediate Security Response and Authorities Involved

In response to the attack, Schlatter Industries took immediate action to secure its network. The company swiftly implemented a series of security measures designed to contain the breach and prevent further unauthorized access. Schlatter has also engaged with relevant authorities to assist in the investigation and to mitigate the impact of the attack.

While the company did not disclose specific details about the security measures or the nature of the malware used, the prompt involvement of authorities suggests a high level of concern regarding the potential risks posed by the cyberattack. Schlatter’s decision to work closely with cybersecurity experts and law enforcement underscores the seriousness of the situation and the importance of protecting its assets and reputation.

Ongoing Investigation and Restoration Efforts

As Schlatter Industries continues to assess the damage, the company’s primary focus remains on determining whether any data was compromised and ensuring that its IT systems are fully restored. The company has not yet confirmed the extent of the disruption or how long it will take to bring all systems back online. 

Schlatter Industries’ proactive approach to managing the fallout from the attack highlights the growing importance of cybersecurity in today’s business environment. As cyber threats continue to evolve, companies like Schlatter are increasingly finding themselves on the front lines of a digital battle to protect their operations and customer data. The incident serves as a stark reminder of the potential vulnerabilities that even well-established firms face in an increasingly interconnected world.

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Ukraine’s telecommunications infrastructure was rattled today as Kyivstar, the country’s largest mobile operator, fell victim to a significant cyberattack, disrupting cellular and Internet services across the region. The company reported a technical failure resulting from the attack, leading to a temporary blackout of mobile communication and Internet access for its subscribers.

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Image Source: sg.news.yahoo.com

In an official statement released today, Kyivstar acknowledged the targeted assault, describing it as a “powerful hacker attack” that impacted their network systems. The outage disrupted services, leaving many customers unable to use their mobile phones or access the internet.

Despite the severity of the breach, Kyivstar moved swiftly to reassure its subscribers that their personal data remained secure. The company affirmed that despite the disruption, there had been no compromise of sensitive user information. This announcement aimed to allay concerns regarding potential data breaches or leaks arising from the cyberattack.

Kyivstar Assures Subscribers’ Personal Data Uncompromised

Deputy Prime Minister Oleksandr Kubrakov addressed the situation, providing assurance that Kyivstar was diligently working to restore its services. He estimated that normal operations would resume within four to five hours, offering a glimmer of hope to the affected users and businesses reliant on uninterrupted communication.

Amidst the turmoil, Interior Minister Ihor Klymenko emphasized that despite the service disruption, emergency services’ mobile numbers continued to function without any impediments. This assurance aimed to maintain public confidence in essential services, assuring citizens that critical emergency communication channels remained operational.

The cyberattack on Kyivstar underscores the persistent threat posed by hackers to critical infrastructure and essential services, highlighting vulnerabilities within telecommunication networks. Such incidents raise concerns not only about service disruptions but also about the potential exposure of sensitive user data, prompting calls for enhanced cybersecurity measures and vigilance within the telecommunications sector.

As Ukraine grapples with the aftermath of this cyber assault, attention is drawn to the pressing need for robust cybersecurity protocols to safeguard against future threats. The incident serves as a stark reminder of the ever-evolving landscape of cyber threats and the necessity for proactive measures to protect vital communication infrastructure.

Kyivstar’s resilience in swiftly addressing the attack and safeguarding user data stands as a testament to the significance of proactive cybersecurity measures in defending against sophisticated cyber threats targeting telecommunications networks.

WormGPT

What is WormGPT? The new AI behind the cyberattacks

In recent news, a dangerous AI tool named WormGPT has been gaining popularity on cybercrime forums within the dark web. Marketed as a “sophisticated AI model,” WormGPT is specifically designed to generate human-like text for hacking campaigns, enabling cybercriminals to execute attacks on an unprecedented scale.

According to cybersecurity expert Daniel Kelley, who shared his findings on the platform Slashnext, WormGPT was trained on a diverse range of data sources, with a particular emphasis on malware-related data. This training allows the AI tool to create text that can be utilized for various malicious activities.

WormGPT
Image Source: dataconomy.com

The implications of WormGPT’s emergence are concerning for everyday internet users and businesses alike. One of the key issues lies in the speed and volume of scams that a language model like this can generate simultaneously.

The rapid text generation capability of AI models, combined with WormGPT’s malicious intent, poses a significant threat. Cyberattacks such as phishing emails can now be replicated easily, even by those with minimal cybercriminal skills.

Adding to the danger is the promotion of “jailbreaks” on ChatGPT, a similar AI language model by OpenAI, which essentially allows for the manipulation of prompts and inputs to create harmful content or reveal sensitive information. The consequences of such manipulation can be severe, leading to potential data breaches, inappropriate content dissemination, and the development of harmful code.

Also Read: The Future of AI: How Artificial Intelligence Will Change Future

Kelley pointed out that generative AI, like WormGPT, can produce emails with impeccable grammar, making them appear legitimate and decreasing the chances of being flagged as suspicious. This democratizes the execution of sophisticated Business Email Compromise (BEC) attacks, providing access to powerful hacking tools for a broader spectrum of cybercriminals, including those with limited technical expertise.

While companies such as OpenAI ChatGPT and Google Bard are actively working to combat the misuse of large language models (LLMs), there are concerns about the capabilities of these countermeasures.

A recent report by Check Point highlighted that Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to ChatGPT, making it easier to generate malicious content using Bard’s capabilities.

The introduction of WormGPT to the dark web follows a disconcerting trend. Researchers from Mithril Security recently revealed their successful modification of an existing open-source AI model named PoisonGPT, aimed at spreading disinformation. The potential consequences of such AI technology are still largely unknown.

As AI has already demonstrated the ability to generate and spread disinformation, manipulate public opinion, and even influence political campaigns, the emergence of bootleg AI models like WormGPT only exacerbates the risks faced by unsuspecting users.

In conclusion, the rise of WormGPT on the dark web signifies a troubling development in the world of cybercrime. The ease with which this AI tool can generate realistic and malicious content poses a significant threat to cybersecurity.

As cyber threat actors find new ways to exploit AI technology, it becomes crucial for AI developers and cybersecurity experts to remain vigilant and take proactive measures to safeguard against potential abuses of AI language models.

Additionally, internet users and organizations must stay informed about these developments and implement robust security measures to protect themselves from the ever-evolving landscape of cyber threats.

trellix

Trellix – A Cybersecurity Company That Was Founded By A Former Engineer Of Sun Microsystems.

Trellix is a cybersecurity company based in California, United States. Recently, FireEye and McAfee enterprise businesses combined together to launch this extended detection and response company in January 2022. So, the roots of Trellix originally date back to the foundation of FireEye by Ashar Aziz, a former engineer at Sun Microsystems.

FireEye was founded in 2004 and after a gap of a few years, the company started commercializing its products. Today, Trellix represents the products of FireEye and some of its main products are email security, endpoint security, file security, cross-vendor, etc. Trellix has approximately 3,400 employees and the company’s recent research claims that most of the hacking groups are either linked to China or Russia.

About Trellix

Trellix is a privately-held cybersecurity company that has evolved in the past 18 years and expanded the ways and techniques in threat detection. The company has been responsible for the detection and prevention of some of the major cyber-attacks across the world. Currently, the Trellix Advanced Threat Research (ATR) team has anticipated cyber attacks targeting Ukraine, and hence team of wipers has been deployed.

Trellix offers both hardware and software products for investigating cyberattacks, preventing malicious activities, and analyzing IT risks. The initial focus of the company was on developing virtual machines to test internet traffic. But after the company started acquisitions it diversified. In 2013, the company went public but then it was privatized once again in 2021. In 2021, FireEye sold both its brand name and products to Symphony Technology Group which then launched Trellix after a year.

Trellix
Image source: indianexpress.com

History

The history of Trellix began in 2004 with the foundation of FireEye. Though the company was established in 2004, its first product was publicly released in 2010, after a gap of six years. After it released its first product, the company decided to expand in the Middle Eastern market in the same year. By the end of 2010, FireEye opened new offices in the Asia Pacific region, and in 2011 opened new offices in Europe. In 2013, the company expanded into the African market as well. Till 2012, the founder of FireEye, Ashar Aziz played the role of CEO in the company but stepped down in December and he was replaced by David DeWalt, former CEO of McAfee. The main reason why DeWalt was recruited was to prepare the company for an IPO. In 2013, the company raised $50 million in funding and went public after which it raised another $300 million.

Recent Operations

FireEye was growing rapidly especially after it became a public company. The annual revenue of the company increased by eight folds within a couple of years between 2010 and 2012. As the company grew and expanded to various other international markets, the employees also increased from 175 in 2011 to 900 in 2013. Though FireEye was growing rapidly the net profit was not increasing sharply because of the high operating cost, especially in the research division. FireEye also started making acquisitions during this time and started with Mandiant, an information security company in 2013. The deal was closed for $1 billion. Mandiant was a famous cybersecurity company that was known for investigating high-profile hacking groups. In 2014, it acquired another information security company called nPulse Technologies for $60 million.

After making a few acquisitions and launching new products, the annual revenue of the company was $100 million in 2015. But even at this point, the company wasn’t profitable yet due to large research expenditure. In 2016, FireEye acquired two new companies called iSight Partners and Invotas. In the same year, DeWalt stepped down from the CEO of the company and he was replaced by Mandiant CEO Kevin Mandia. In 2021, after STG acquired both FireEye and McAfee Enterprise, the company decided to roll out Trellix.

Bryan Palma – CEO of Trellix

Bryan Palma has become the CEO of Trellix in 2022. He is new to the company as he joined FireEye only a year ago as the Executive Vice President of FireEye Products. He went to the University of Richmond for his bachelor’s and later acquired an MBA degree from Duke University.

SolarWinds Inc

SolarWinds Inc – A Software Development Company that has Recently Fallen Victim to the World’s Largest Cyberattack.

In the past year, the name of SolarWinds Inc has been crawling in every news website speaking of cyberattacks. SolarWinds is a major software developing company based in America which has many reputed multinational companies as its clients. Last year, the company was the victim of the most sophisticated and the largest cyberattack the world has ever witnessed. After this attack, a security firm called Trustwave raised some concerns regarding the security flaws in the products of SolarWinds which questioned if the company can protect its client’s privacy at all. The cyberattack followed by these allegations had a negative impact on the company’s reputation and the share price fell.

About SolarWinds Inc

SolarWinds Inc is an American software company with headquarters based in Austin, Texas. The company develops software for enterprises that helps in managing networks, IT infrastructure, and systems. SolarWinds has several offices in the US and overseas with more than 3,200 employees working for the company. Donald Yonce and David Yonce founded the company in 1999 and it became a publicly-traded company in 2009. The company has approximately 300,000 customers which include most of the Fortune 500 companies. There was a huge investigation last year when Orion, one of the SolarWinds products was compromised by a cyberattack.

SolarWinds Inc
Image source: owler.com

Early days

Donald Yonce, who was a former executive at Walmart along with his brother, David Yonce started SolarWinds in Tulsa, Oklahoma. Though the company was established in 1999, the two brothers started working on their products ahead of time. Trace Route and Ping Sweep were the first two products rolled out by the company. In November 2001, SolarWinds released its first web-based network performance monitoring application. In 2006, Michael Bennett became the CEO of the company and the headquarters were shifted from Tulsa to Austin. During 2007, the company raised funds from Bain Capital, Insight Venture Partners, and Austin Ventures. After the fundings, the company decided to file its first IPO of $112.5 million and became public in 2009.

After the first IPO, the company made several acquisitions and expanded rapidly. In 2011, it was featured in Forbes magazine as one of the top fastest-growing companies. Bennett’s leadership ended in 2010 and he was replaced by the former CFO of the company, Kevin Thompson. In 2013, the company announced that it will be investing in an operations hub in Utah. The company’s target was to develop high-functioning products at a low cost which is desirable by every enterprise. The same year, SolarWinds was named the Best Small Company in America by Forbes. The number of employees in SolarWinds doubled from 2011 to 2013 as the total count became 900. In 2016, the company had more than 1700 employees and generated annual revenue of half a billion dollars. During this time the company was taken private and again filed a public offering in 2018. Last year, Kevin Thompson retired and he was replaced by Sudhakar Ramakrishna. Currently, the company is trying to cope up with the losses it faced during the recent cyberattack.

Acquisitions

In 2007, the company received good funding and it decided to invest the money in new acquisitions. So, the company acquired Neon Software and monitor Corp. The company also opened a new office in Ireland for sales purposes. The company didn’t just acquire companies but also focused on acquiring products that matched the interest of the company. After the company became public in 2009, it acquired many companies including Kiwi Enterprises, Hyper9 Inc, TriGeo, EminentWare, etc. By this time the company opened offices outside the US, including Australia, Czech Republic, India, and Singapore. The recent companies acquired by the company are Capzure Technology, Librato, SpamExperts, VividCortex, etc.

Sudhakar Ramakrishna – CEO of SolarWinds

Sudhakar Ramakrishna has recently become the CEO of the company. He has 25 years of professional experience in different fields including networking, security, mobility, etc. He is the former CEO of Pulse Secure and also worked at Citrix, Motorola, 3Com, etc. Ramakrishna is an alumnus of Kansas State University.

Colonial Pipeline

The White House working to aid the recent Colonial Pipeline Cyberattack.

Colonial Pipeline is the top U.S. pipeline operator which was recently attacked by a ransomware group. The U.S. government said that this group of hackers might be new but they aren’t amateur hackers. This attack has plummeted the oil supply thus forcing the company to shut down the oil supply in the eastern states of the nation. The White House is working closely with Colonial Pipeline to help them recover the losses after the cyberattack.

The suspect behind this Colonial Pipeline cyberattack is not yet made official but a couple of industry resources have informed Reuters that the group DarkSide is one of the suspects. Cybersecurity has mentioned that veteran cybercriminals constitute the group of DarkSide whose main focus is to squeeze as much as possible from their target. Tension among government officials and lawmakers has increased and this attack is one of the most disruptive digital ransom schemes ever reported. (Reuters)

Colonial Pipeline

After the change of the political scenario in the U.S., the pipeline fix became one of the top priorities for the Biden administration and Washington, said Gina Raimondo, Commerce Secretary. The U.S. government was working vehemently so that Colonial Pipeline could restart the 8,850km pipeline network stretching from Texas to New Jersey. She further mentioned that the White House is working closely with the company, state, and local officials so that the company gets back and up running as soon as possible.

Colonial Pipeline
Image Source: bloombergquint.com

Colonial Pipeline has mentioned on Sunday that the main pipeline network is not in operation at this moment. But there are some smaller lines between the terminals and delivery points which are currently operational. The company is uncertain as to when the company can resume the entire pipeline network again.

Oil Supply Disrupted

Colonial Pipeline is responsible for transporting approximately 2.5 million barrels of gasoline per day and other fuels. It is shipped from the Gulf Coast refiners to the mid-Atlantic and southeastern United States consumers. This pipeline network supports the major airports of the U.S. including  Atlanta’s Hartsfield Jackson Airport. One spokesperson from the Charlotte Douglas International Airport said that the airport has a supply on hand which is supplied by another major pipeline along with Colonial.

The compromise of the oil supply network will have a significant impact on the regional fuel supplies. Since the company is uncertain about when the company will be fully operational again, this outage will affect the southeastern United States, said American Automobile Association. Once the crisis tends to continue prices will accelerate substantially in the southeastern states. Some of the U.S. states that are very vulnerable to this situation are Tennessee, Georgia, and Maryland.

Suspected Criminals for the Cyberattack

The investigation led by the U.S. government is in its early stage but still many of the industrial experts and a former U.S. official suspect it to be the cybercriminal group called DarkSide. DarkSide is a professional ransomware group that avoids setting targets in the post-Soviet states. Their goal is to break into a network and then use software to encrypt the data while they steal data at times. Once this is done they ask for payment to decrypt the data. Additional payments are charged as they continuously threaten to publish the stolen content.

An unnamed source has said that this time the hackers stole more than 100 gigabytes of data from Colonial. While the FBI was working with both government and private officials, the hackers took the cloud computing system offline that they used to collect the stolen data. It seems that the data of Colonial was not further transported to any other system. The company has declined to make any further comments regarding DarkSide.

The Biden Administration

On Saturday, President Joe Biden was briefed about the Colonial Pipeline cyberattack and that the government was trying to restore the company and prevent disruption in supply. The lawmakers are looking forward to working more with privately-held critical infrastructure companies to guard against cyberattacks. (Reuters) U.S. Senator, Bill Cassady has said that this is a question and threat to national security and something that the Democrats and Republicans can work on together.

The Federal Motor Carrier Safety Administration is issuing temporary hours of service exemption so that refined products are transported to 17 southern and east coast states including Alabama, Delaware, Florida, Georgia, New Jersey, and New York. Alternative transportations can be required at any hour and the oil refining companies are looking into it.