At noon on the same day, discuss with Newspaper Workers, A leader of the Department of Cybersecurity and High-Tech Crime Prevention (A05 – Ministry of Public Security) said that the unit has received an official dispatch from the Voice of Vietnam Electronic Newspaper. Currently, the Department of Cybersecurity and High-Tech Crime Prevention and a number of professional units of the Ministry of Public Security have investigated and clarified. Website VOV Newspaper is not accessible at the time – Photo: Screenshot Like Newspaper Laborer It was reported that from the evening of June 12, the access to Vov.vn electronic newspaper had difficulties, the transmission line was slow. By 12 o’clock on June 13, readers could not access the Vov.vn link at all. According to the technical department of the Voice of Vietnam Electronic Newspaper, this is the result of a denial of service (DDoS) attack that overflows the bandwidth, making access to the newspaper crippled. At the same time, the fanpage of this newspaper also received tens of thousands of negative and offensive comments. The agency has been in contact with Google and Facebook to handle the related issues. A representative of the Voice of Vietnam Electronic Newspaper also said that the attack on the newspaper affected the operation of the editorial office, affecting readers’ access to information. The Voice of Vietnam has sent a dispatch to the relevant authorities to request a settlement, in which it is requested that the Ministry of Public Security search for the perpetrators of the online newspaper attack. Online newspaper Voice of Vietnam (Vov.vn) has had many technical solutions to fix the problem and access normally from the evening of June 13.

A leader of the Department of Cybersecurity and High-Tech Crime Prevention (Ministry of Public Security) also confirmed that he had received an official letter from VOV. Currently, the Department of Cybersecurity and High-Tech Crime Prevention and a number of professional units of the Ministry of Public Security have investigated and clarified. In addition, the Cyber ​​Emergency Response Center (VNCERT) and network operators also participate in supporting and solving problems. At the time of the cyber attack, readers could not access the website of VOV newspaper. Photo: VOV. Exchange with Zing , a representative of VOV’s technical department said that cyberattacks on the agency’s resource system began on June 12. At about 13:00 on June 13, the bandwidth system was overloaded, suspected of being attacked by a denial of service (DDoS). On the morning of June 14, the administrator continued to record a new attack that caused the bandwidth of the system and the website to be overloaded. This is the first time this newspaper has been attacked by DDoS. In addition to the above attacks, the VOV side also believes that the person behind the attacks also discredits the stars of the VOV electronic newspaper on Google or repeatedly makes offensive and threatening comments on the newspaper’s fanpage. The VOV side is reviewing and detecting malicious code in the system, and at the same time limiting the consequences of cyberattacks, calculating damage to coordinate with authorities to solve.

Since the beginning of 2021, the world has experienced a series of large-scale cyber attacks. (Source: Reuters) In an age where technology is creeping into every aspect of life, the term cyberattack is not new. Many people think simply that a cyber attack is an attempt by a hacker to steal data or money by infiltrating a computer network, databases, network infrastructure, websites, and devices. individual or organization. But now, hackers have found a way to make a lot of money illegally by attacking physical infrastructure targets, disrupting essential services, affecting not only to a person, a company that can spread to an entire city, even a country. Cyberattacks on the rise Over the past time, the US has continuously suffered from ransomware attacks targeting large companies, non-governmental organizations and government agencies. Most recently, on June 2, a ferry terminal operator service in the US state of Massachusetts became the target of a cyber attack, partially disrupting the ferry service payment system. Previously, hackers attacked the world’s leading meat processing group JBS SA, a branch in the US. In early May, the largest US oil pipeline operator Colonial Pipeline was also attacked by ransomware and forced to shut down some systems, disrupting supplies and pushing gasoline prices to record highs. green. Not only the US, the targets of hackers are very diverse. According to data from cybersecurity company BlackFog, from the beginning of 2021 to the present, US organizations and businesses have suffered 52 ransomware attacks, three times higher than the second-ranked country, the UK (16 (16). competition), followed by France (7), Canada (7), Australia (4), the Netherlands (4) and India (3). The rest of the world suffered only 39 attacks by hackers. Danger wave According to CNN, hacker groups have found that attacking critical service infrastructure can easily make them more money, in less time. These types of attacks have the potential to cause chaos in life, which can lead to product scarcity, push prices higher… The bigger the disruption, the quicker the hacked companies pay the hacker to fix the problem soon. The US Cybersecurity and Infrastructure Agency (CISA) has listed 16 industries as critical infrastructure sectors, including energy, healthcare, financial services, water, etc. Attacks, disruption of these industries can have a dramatic impact, undermining the US economy and security. More dangerously, most companies in this industry do not consider themselves technology-focused companies, leaving the operating system defenseless against increasingly sophisticated attacks by hackers. In addition, it is no coincidence that cyber attacks have increased sharply in the context of the raging Covid-19 pandemic. Millions of people move to remote work, including employees with access to critical infrastructure, while ransomware is deployed simply by enticing victims to click a link in an email. . Eric Cole, a former cybersecurity official under President Barack Obama, said that in order to promote automation, the internal networks of critical infrastructures are now networked and make the risk more risky. higher attack. In particular, hospital systems and healthcare providers are often targeted because they are busy dealing with Covid-19 and have little time to update their defenses. In response to this new wave of danger, on June 3, the White House sent an open letter, asking essential service companies to “consider ransomware as a threat to our core business.” themselves, rather than simply risk data theft.” US Commerce Secretary Gina Raimondo on June 6 asked the private sector of the country to be vigilant against the increasing wave of cyber attacks, and said that the threat is always present and even present. may become more severe. In order to protect your safety as well as your wallet, according to CNN , not only the US, companies, organizations and agencies also need to quickly close potential vulnerabilities in the system, update software and ensure that the most important functions are “immune” from damage. network attacks. Individuals also need to be cautious and alert before clicking on any link on the internet.

After a hacker attack Meat producer JBS pays ransom

Status: 10.06.2021 7:13 a.m.

The world’s largest meat company JBS has apparently paid a ransom of $ 11 million after a cyber attack by hackers. It was another incident in a series of corporate blackmail cases in the United States. The US subsidiary of the Brazilian meat processor JBS paid the equivalent of eleven million dollars in ransom after a hacker attack. The payment was made to prevent further disruption by the hackers and to restore the smooth operation of the affected locations, said the Dallas-based company. According to the US media, the payment was made in Bitcoin. According to the US government, the company had received a ransom note from a criminal organization likely based in Russia. The attack paralyzed JBS production in Australia and affected Canada and the United States.

“A difficult decision”

“This was a very difficult decision for our company and for me personally,” explained Managing Director Andre Nogueira. “However, we felt that this decision had to be made in order to avoid any potential risk to our customers.” The investigations are still ongoing, but preliminary results have suggested “that no company, customer or employee data has been compromised.”

US investigators suspect Russia is behind it

US President Joe Biden said last week that investigators had linked Russia to the JBS case. “JBS USA was in constant contact with government officials throughout the incident,” the company said. In the USA, the state and business are currently fighting a series of attacks with blackmail software known as “ransomware”. The data of the attacked systems are encrypted. The hackers demand cash payments in cryptocurrency so that they can unlock access again and not publish the data.

Ransom payment in Bitcoin

The US utility company was also last month Colonial pipeline The victim of a hacker attack with a blackmail Trojan that temporarily shut down the entire pipeline network. The US Federal Police FBI blames a hacker group called “Darkside” for the attack and later tracked down the ransom of 75 Bitcoin that Colonial had paid – at the time it was worth $ 4.4 million.

Qubit Report | Public Account QbitAI It is said that everything can be cyberpunk. It’s just that he never expected that Muyu hadn’t even let it go. “Bring your own” cyberpunk RGB, the atmosphere is firmly grasped. Knock on the wooden fish, you can actually output the “Prajna Heart Sutra”! Sri Lanka One! ! ! This wave of operations is really fresh enough, and netizens exclaimed again and again: Some netizens even joked that this kind of practice takes one year or two years. Of course, there are also many netizens who call “want to buy”! Cyber ​​Muyu transformed by Japanese netizens The creator of such cyberpunk muyu is a netizen named ukokq. He posted the video of “Sybo Muyu” on the Internet, and it attracted a lot of attention in just a few days. Although many netizens are holding a curious mentality, look at this “cyber muyu”. But behind the idea that ukokq was born, there is a story. When ukokq was scanning social networking sites, he saw a post like this: Another netizen mistakenly believed that “USB Muyu” was sold on the Internet, but when he took a closer look, it was a label… (Come and feel this feel) Although it was an oolong, ukokq felt that “this idea should be retained.” And about a month ago, ukokq’s grandmother passed away. During his death day, he chanted in front of the Buddha every day and became interested in the Prajna Heart Sutra, which he rarely touches. From this, ukokq gave birth to an interesting idea: If I can express the Prajna Heart Sutra in language or text through a USB wooden fish, will it make me more familiar with the more serious religion in my impression? So let’s do it! Many people will think that this is the age, why do you still get Type-a? In fact, this was done deliberately by ukokq, because he wanted to retain the most authentic look of the wooden fish that inspired him in the first place. The shape of the Type-a mouth is the closest to the label on the back of the product Muyu: I strongly believe that this element cannot be thrown away! So he bought the Type-a mouth and thread from a hundred-yen shop, then used a carving knife to grind a hole in the back of the wooden fish and embedded it in. As for why a color LED is put in the “mouth” of Muyu, ukokq’s explanation is this: Since my original intention was to “spit out” worries without knocking the wooden fish, it would be a good way to express worldly desires if we could create colorful light. But the biggest difficulty is programming, because ukokq is difficult to detect the time each time Muyu is hit. So, in order to study what kind of physical changes happened inside Muyu, he first installed a microphone and carried out data measurements. However, due to the influence of other noises such as the nearby power supply, it is still impossible to obtain good results. Therefore, ukokq additionally installed an acceleration sensor, and achieved higher-precision detection through simultaneous measurement with a microphone. … In the end, ukokq created this one Cyber ​​Muyu. There are also Cyber ​​Buddha beads… I saw a comment from a netizen who said that he had seen the “Cyber ​​Buddha Bead” before. So curious to search. △Source: Hardcore disassembly There really is… The kind with counts when it comes to the disk…

Colonial Pipeline transports 2.5 million barrels of fuel per day. Photo: Colonial Pipeline According to the BBC, the state of emergency allows fuel to be transported by road. The news agency quoted experts as saying that fuel prices could increase by 2-3% on May 10, but the real impact would be much worse if this situation continued for longer. Many sources confirm that the malicious code attack is caused by a cybercriminal gang called DarkSide, which infiltrated Colonial’s system on May 6 and stole nearly 100GB of data as a “hostage”. After taking over the data, the group of hackers locked this data on some computers and servers, demanded a ransom and warned that if they did not receive the money, they would release the data on the internet. Colonial is working with law enforcement, cybersecurity and the US Department of Energy to restore service. On the evening of May 9, the company announced that although the four main pipelines continued to stop, some smaller lines between the terminals and delivery points were still operating. “Immediately after learning of the attack, Colonial proactively shut down certain systems to stop the threat. These actions temporarily halted all pipeline operations and affected some systems. our information technology system, which we are actively working on restoring,” said Colonial. “We are in the process of restoring service to other pipelines and will bring the entire system back online when we believe it is safe and in full compliance with all federal regulations. “. The DarkSide message appears on the victim’s computer screen. DarkSide isn’t the largest cybercriminal gang in the field, but the incident demonstrates the heightened risk that malware poses to critical U.S. industrial infrastructure, not just businesses. This gang lists all types of stolen data and sends the victim the URL of the “personal leak site”, where the data is pre-loaded waiting for automatic publication, if the company or organization does not. payment before the deadline. DarkSide claims to provide proof of the data obtained, and is ready to delete all such data from the victim’s network. According to Digital Shadows, a London-based cybersecurity company that tracks global cybercrime groups to help businesses limit their risk of being hacked, DarkSide acts like a company.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

Illustration. https://tinhtexaydung.petrotimes.vn The attack resulted in higher gas prices, causing drivers to worry about shortages, while Colonial Pipeline Co. is working to restart the fuel line. However, the price of gasoline sold at pumping stations is higher and the possibility of fuel supply shortage is inevitable. After all, it is only temporary and its effects will be fleeting. But there’s a bigger problem: this has to do with America’s energy infrastructure, exactly how secure is its cybersecurity infrastructure? Experts soon said: The team that carried out this attack consisted of seasoned hackers. Later, a ransomware group called DarkSide claimed responsibility for the attack, and the FBI also pointed to this group as the culprit. Here’s what DarkSide said in its statement: “We are apolitical, we do not engage in geopolitics, do not need to tie us to a defined government, and seek our motives. . Our goal is to make money, and not create any other problems for society. Starting today, we’re introducing censorship and vetting of each company that our partners want to encrypt to avoid future social consequences.” The statement was clearly intended to address allegations made that Russia was behind the attack, but even the White House was careful not to point the finger at Moscow. President Biden said there was no evidence that they were involved in the attack. That’s related to geopolitical motives, but the statement also suggests that DarkSide and its partners won’t stop, even if they don’t intentionally cause problems. “Colonial may be at risk of leaking consignor confidential data,” said Vicki Knott, CEO of CruxOCM, a provider of control room operations services to the oil and gas industry. https://tinhtexaydung.petrotimes.vn

The Colonia company had to shut down the fuel pipeline after a cyber attack. Photo: AP. Leading American fuel pipeline company Colonial shut down its entire network that supplies nearly half of the fuel to the US East Coast, following a May 8 ransomware ransomware attack. Every day, the Colonial company ships 2.5 million barrels of gasoline, diesel, jet fuel and other products through a 850-kilometer pipeline connecting the eastern and southern coasts of the United States. The company has shut down systems to stop the threat after learning about the attack. According to sources, hackers are most likely a highly professional cybercrime group. And the malware used in the attack is ransomware. Ransomware is a type of malware designed to lock systems by encrypting data and taps money to regain access. This malware has become popular in the past 5 years. The Colonial Company has invited a third-party cybersecurity company to conduct an investigation and contacted law enforcement and other federal agencies to initiate an investigation. Colonial provided no further details or said how long their fuel lines would be closed. “Cyber ​​vulnerabilities have become a systemic issue,” said Ms. Algirde Pipikaite, Head of Network Strategies at the World Economic Forum’s Cyber ​​Security Center. Without measures to protect cybersecurity, attacks are occurring more often on industrial systems such as oil and gas pipelines or water treatment plants. In 2017, Colonial shut down its gas distillation and production lines during Hurricane Harvey that hit the Gulf Coast. That contributes to tight supply and price increases in gasoline in the US.

The modern world is being “digitized” at a rapid rate. Almost every service, every industry, from finance, industrial enterprises, … to the armed forces, is already networked at one level or another. In the “smart home” with TVs, refrigerators, vacuum cleaners, washing machines, microwave ovens …, and even smart light bulbs are becoming common; On the street, there were the first cars with autonomous driving systems.

Such devices are expected to make people’s lives easier, but certainly these technologies will also be applied in other areas as well. While digital systems and services make the quality of human life much better, in theory all digital systems can be hacked – which is already in practice. positive.

Computer virus

Theoretical basis for the development of the “computer virus” was formed almost simultaneously with the emergence of the computer itself in the mid-20th century. In 1961, engineers Viktor Vysotsky, Doug McIlroy and Robert Morris of the Room Bell’s telephone experiment had developed programs that could make copies of themselves – the first viruses. They are created in the form of a game that engineers call “Darwin”, the purpose of which is to send bots to friends to see which will destroy more of the competitors’ programs and create more copies of itself to fill someone else’s computer.

Cyber ​​weapons are said to be equally complex and are weapons of mass destruction; Source: topwar.ru

In 1981, Virus 1,2,3 and Elk Cloner appeared on Apple II personal computers; a few years later, the first anti-virus programs appeared. The word “computer virus” in fact includes many types of malware: worms, hijackers (rootkits), spyware, zombies, adware, virus blocking (winlock), Trojan viruses (trojans) and their combination. If the first viruses are often written for entertainment, over time they begin to be “commercialized” – to steal personal and financial data, disrupt device operations, encrypt the data. for the purpose of blackmail …

With the advent of electronic money, computer viruses received a new function – bringing the user’s computer “as a slave” to mining cryptocurrency, forming a huge network of computers. botnet infection (before that, botnet also existed, such as to send spam mail or DDoS attack). Opportunities like this cannot help but make the military and intelligence agencies in general with missions – steal something, destroy something …, care.

Computer virus – a strategic weapon

On June 17, 2010, for the first time in history, the win32 / Stuxnet virus – a computer worm that infects not only computers running the Microsoft Windows operating system, but also industrial systems that control the processes. automatic production, detected. This worm can be used as a means of gathering unauthorized data (spying) and sabotaging automated process control systems (APCS) of industrial enterprises, power plants, boilers, etc.

According to cybersecurity experts, this virus is the most complex software product, developed by a professional team of dozens of experts. In terms of complexity, it can be compared to a Tomahawk cruise missile, and is designed for cyber operations. The Stuxnet virus has damaged some uranium enrichment centrifuges, slowing down Iran’s nuclear program. Intelligence agencies of Israel and the US are suspected of developing the Stuxnet virus.

Industrial facilities, infrastructure, services … all can be targets of cyber weapons; Source: topwar.ru

Later, other computer viruses were discovered, with a degree of complexity similar to that of win32 / Stuxnet (most suspected of being an Israeli / US product), such as: Duqu, designed to collect confidential data in a confidential manner; Wiper (late April 2012), destroyed all information on some of the servers of one of the largest oil companies in Iran and completely paralyzed its work for a few days; Flame, a spy virus, is believed to be developed specifically for attacks on Iran’s computer infrastructure (can identify mobile devices with Bluetooth module, track location, stealing confidential information and eavesdropping on conversations); Gauss, aimed at stealing financial information: e-mail, passwords, bank account data, cookies, as well as system configuration data; Maadi (suspected of Iran) – can collect information, remotely change computer parameters, record audio and transmit it to remote users …

Application

In the Middle East, for example, the largest producer of liquid natural gas (LNG), has an interest that seriously conflicts with the interests of another country. The Middle East country has a network of oil and gas pipelines, LNG production lines and a fleet of Q-Flex and Q-Max tankers designed to transport LNG and has a military base of the third country. three are on its territory. An armed attack directly on a Middle Eastern country could do more harm than good. Then, the solution might be the use of cyber weapons.

Modern oil and container ships are becoming more and more automated; No less automation is used in LNG plants. Therefore, specialized malware is loaded into the control systems of the Q-Flex and Q-Max tankers, or their LPG storage systems, theoretically permissible at a certain time ( or on an external command, if there is a network connection) creates an artificial accident that completely or partially destroys selected tanks / tanks. It is very likely that flaws in the LNG production process lead to neutralization, including potentially destroying the plant.

Cyber ​​weapons can easily have the same effects as the recent Suez Canal clogging; Source: topwar.ru

An explosion of an LNG carrier due to an accident at the entrance to a port or the failure of the LNG storage device can not only result in damage to the vessel itself, but also damage to coastal infrastructure. The goals could therefore be: undermine the energy supplier’s reputation, with the possibility of consumers reorienting the natural gas market of another country; increasing prices for world energy sources, helping to generate more revenue for the national budget; undermining political activity and interfering in the internal affairs of other countries in the region, due to a decrease in the financial capacity of the country in question.

Depending on the economic damage inflicted, a complete shift in ruling elites could occur, as well as a limited conflict between that state and its neighbors, who may want to take advantage of neighboring countries’ weaknesses to change the balance of power in the region. The crux of this activity is secrecy, so that there is no direct blame without clear evidence. The United States has repeatedly been accused of conducting hostile operations against even its most staunchest allies.

Another option for using cyber weapons has been suggested by a recent incident. A giant ship – an oil tanker or a container ship, passing through a narrow canal, suddenly the control system gives out a series of commands to dramatically change the direction and speed of movement, resulting in the ship spinning break and completely block the channel. It can even be flipped, making it extremely time-consuming and costly to rescue it. The Evergreen Group’s container ship blocking the Suez Canal shows how congestion of shipping arteries affects the global economy. It is especially effective if such incidents occur simultaneously on several channels.

Or most recently, Iran is accusing Israel of terrorizing its Natanz nuclear base network … In the absence of a clear trace of the culprit, it would be extremely difficult to establish – anyone can also be blamed for this. Therefore, the development of industrial-scale cyber weapons is considered to be a top priority. Information technology along with nanotechnology and biotechnology are the cornerstones of dominance in the 21st century, but the development of cyber weapons is much cheaper than the development of promising nano biotechnology. and conventional modern weapons ./.