More allegations of hacked Supermicro motherboards, reports of ransomware group arrested and warning to tax professionals.
Welcome to Cyber Security Today. It’s Monday December 15th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
It’s a holiday in most Canadian provinces and territories, and President’s Day in the U.S., so thanks for listening.
There are more allegations that someone has been modifying motherboards of computer manufacturer Supermicro for years to siphon data from unknowing organizations to China. However, the latest story alleges U.S. government agencies have known about it for some time but largely kept the information quiet. The allegation comes from Bloomberg News. It first reported on suspicious chips on Supermicro motherboards in 2019. Its latest story says as far back as 2010 the Pentagon noticed unusual behaviour on thousands of military servers with Supermicro boards on unclassified networks. The servers were secretly copying data and forwarding it to China. While taking precautions, the servers were allowed to continue their work so U.S. intelligence agencies could learn from what they were doing.
The story also quotes a member of a venture capital firm saying in 2018 the FBI told two companies he advised of finding chips capable of executing malware on Supermicro motherboards. The story says the FBI has evidence that suggests Supermicro was infiltrated by people working knowingly or unknowingly for China.
The story also states that neither Supermicro or any employees has been accused of wrongdoing. Supermicro says it has never been contacted by the U.S. about alleged investigations.
In response a spokesperson for China’s Foreign Ministry said the story was an attempt to discredit the country and Chinese firms.
This podcast was recorded Sunday morning. At that time there was an unconfirmed report that police in Ukraine had arrested affiliates of the gang allegedly behind the Egregor ransomware group. The ZDNet news service says this was first reported by a French radio station, which said the arrests were part of a joint investigation involving police in France and Ukraine. Egregor is a ransomware-as-a-service operation. The developers rent out code to attackers, and then share proceeds of any ransoms paid. French radio said the suspected arrested were affiliates who provided hacking, logistical and financial support for the gang. By coincidence, or not, ZDNet quotes a security researcher saying the Egregor computer infrastructure has been offline for a few days.
It’s income tax season in the U.S. and Canada, and already scammers are making their annual attempts to take advantage. The U.S. Internet Revenue service issued a warning last week to tax professionals to watch out for email that pretends to be from the agency. What crooks are looking for are Electronic Filing Identification Numbers. Their goal is to steal tax preparers’ identities and client data to file fraudulent tax returns for refunds. Scams will include messages that ask accountants to verify their Electronic Filing Identification Number before filing electronic tax returns. Scammers are also after Preparer Tax Identification Numbers of e-services usernames and passwords. Tax preparers also are warned to watch for scammers who pretend to be potentials clients, and send email with attachments that claim to be tax information. Those attachments may be loaded with malware. Finally, tax and accounting firms are warned to be prepared for ransomware, which they may be particularly susceptible to because they hold important personal information of clients.
That’s it for today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.