ReportWire

Tag: Cybercrime/Hacking

  • Russian hacking group accessed Microsoft executive emails, company says

    Russian hacking group accessed Microsoft executive emails, company says

    Microsoft Corp. said Friday a Russian hacking group illegally gained access to some of its top executives’ email accounts.

    In a regulatory filing, the software giant
    MSFT,
    +1.22%
    said a group called Nobelium was responsible for the attack.

    In late November, the group accessed “a legacy non-production test tenant account and [gained] a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft’s Security Response Center wrote in a blog post.

    Microsoft’s senior leadership team, which includes Chief Financial Officer Amy Hood and President Brad Smith, routinely meets with Chief Executive Satya Nadella.

    The company reported that there were no signs Nobelium had obtained customer data, production systems or proprietary source code.

    A Microsoft spokesperson provided this comment late Friday: “Our security team recently detected an attack on our corporate systems attributed to the Russian state-sponsored actor Midnight Blizzard. We immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. More information is available in our blog.”

    Nobelium, also known as APT29 or Cozy Bear, is a shadowy hacking group that attempted to crack the systems of the U.S. Defense Department and did breach the Democratic National Committee’s systems in 2016.

    Netskope Threat Labs, which tracks Nobelium, said the hacking group uses a variety of techniques to compromise accounts, including compromised Azure AD accounts to collect victim emails. “This hack underscores the importance of securing corporate email accounts, even those in non-production and test environments,” a Netskope spokesperson said. “Even if the email account isn’t regularly used or doesn’t contain anything sensitive, it can still be used to launch additional attacks.”

    Microsoft’s disclosure comes amid new U.S. requirements to report cybersecurity incidents.

    Source link

  • How ransomware attack on ICBC rattled the Treasury market and shook up a 30-year bond auction

    How ransomware attack on ICBC rattled the Treasury market and shook up a 30-year bond auction

    It was a trading day unlike any other for traders in the $25 trillion Treasury market, with a 30-year bond auction seen as having been partially undermined by a cyberattack on the U.S. unit of a Chinese bank.

    In recapping Treasury’s poorly received $24 billion bond auction on Thursday, traders said the weaker-than-expected results likely had at least something to do with this week’s ransomware hit on the American arm of Industrial & Commercial Bank of China, known as ICBC. That attack reportedly caused disruptions across the market and had some impact on liquidity, with the Financial Times citing unnamed sources as saying hedge funds and asset managers were forced to reroute trades.

    Traders were grappling on Friday to answer the question of what created the sudden lack of interest at the auction, which went so badly that it also shook up U.S. stock investors. Thursday’s sale was the worst since November 2021, based on the extent to which primary dealers were forced to step in and pick up the slack in demand, one trader said. And it reinforced a recent pattern of weak auctions for the 30-year bond that may not bode well for future sales of that long-dated maturity.

    It’s possible that bonds simply “look much less attractive” following a recent “explosive rally” since late October, according to Charlie McElligott, a cross-asset macro strategist at Nomura Securities in New York. However, “this might be the case of ‘more than meets the eye’ to this ‘ugly auction evidencing low demand for duration’ story,” he wrote in a note.

    “One dynamic that makes yesterday’s ugly auction results murky was the ICBC cyberattack described across various financial media, which gunked-up anybody who clears UST trades through them, and made it so that many dealers were then likely unable to trade with those clients until resolved, on account of unsettled trades which weren’t able to be matched,” McElligott said.

    Adding to Thursday’s uncertainty was another random event. Federal Reserve Chairman Jerome Powell appeared on stage in an International Monetary Fund panel, was interrupted by a climate protester, and then uttered a seven-letter expletive that could be heard on the event’s livestream.

    Powell’s policy-related remarks, which indicated the central bank might take further action to control inflation, “didn’t help things and kind of spooked people again,” said John Farawell, head of municipal trading at New York bond underwriter Roosevelt & Cross.

    Read: Fed’s Powell Made Cryptic Comments. How He’s Guiding the Market.

    On Friday, the Treasury market found stabilization as buyers returned to segments of government debt in a sign that calm was being restored. A rush of buying was seen on the 30-year bond
    BX:TMUBMUSD30Y,
    sending its yield down to 4.733% and to a third straight weekly decline.

    Meanwhile, Bloomberg News reported that the repercussions of the ICBC cyberattack included an inability to deliver U.S. debt that was being pledged as collateral. ICBC’s U.S. unit was forced to rely on a messenger carrying a USB stick across Manhattan to complete disrupted trades, according to the news service, which also described Thursday’s $24 billion 30-year bond auction as one of the worst in a decade.

    The ICBC attack “might have had a dramatic impact on the auction. I don’t know how much, but I also can’t imagine it didn’t,” said Tom di Galoma, co-head of global rates trading for BTIG in New York. “When people see that there are trade-settlement issues, there’s a willingness to back off and that’s exactly what happened yesterday. Institutional accounts were saying, ‘We don’t know who is settling this trade.’ If the cyberattack hadn’t happened, I think the auction would have gone a lot better.”

    Ben Emons, a senior portfolio manager and head of fixed income for NewEdge Wealth in New York, said that once the Treasury market got upended by the ICBC cyberattack, the bad auction, and the interruption during Powell’s appearance, liquidity on U.S. government debt “was, for a moment, a dark matter.”

    Source link

  • Clorox slashes forecast due to effects of cyberattack; stock falls

    Clorox slashes forecast due to effects of cyberattack; stock falls

    Clorox Co. shares fell in the extended session Wednesday after the company slashed its outlook stemming from the impact of a cybersecurity attack over the summer.

    Clorox
    CLX,
    +1.21%
    shares fell about 3% after hours, following a 1.2% gain to close the regular session at $131.83. At Wednesday’s close, Clorox shares were down 6.1% for the year, while the S&P 500 index
    SPX
    has gained 11.1%.

    The company forecast a loss of 75 cents to 35 cents a share, or a loss of 40 cents to break-even per share on an adjusted basis, for the quarter ending Sept. 30.

    Also see: A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    Clorox said sales are expected to decrease by 28% to 23% from the year-ago first quarter of $1.74 billion, or in a range between $1.25 billion and $1.34 billion.

    Analysts surveyed by FactSet had forecast first-quarter earnings of $1.29 a share on revenue of $1.77 billion.

    In a statement late Wednesday, Clorox said the reduced outlook was “due to the impacts of the recent cybersecurity attack that was disclosed in August, which caused wide-scale disruption of Clorox’s operations, including order-processing delays and significant product outages.”

    The company said shipment and consumption trends prior to the cyberattack factored in its prior forecast.

    In early August, Clorox forecast sales in 2024 would be flat to 2% higher than 2023’s $7.39 billion, and adjusted earnings between $5.60 and $5.90 for the year, while analysts had expected $5.62 a share on revenue of $7.4 billion at the time.

    Analysts currently forecast, on average, adjusted earnings of $5.78 a share on revenue of $7.5 billion.

    Based on the company’s current assessment, Clorox said it expects “to experience ongoing, but lessening, operational impacts in the second quarter as it makes progress in returning to normalized operations,” and restocking retailers.

    Analysts also forecast second-quarter earnings of $1.18 a share on revenue of $1.77 billion.

    Clorox said it was “in the process of assessing the impact of the cybersecurity attack on fiscal-year 2024 and beyond,” and said it would provide an update during its first-quarter earnings call scheduled in November.

    Back in mid-September, Clorox said the cyberattack would weigh on its results, and by the end of the month shares were on their longest losing streak since 2009.

    Clorox shares have fallen nearly 18% since the company first disclosed the attack in a filing with the Securities and Exchange Commission on Aug. 14.

    Source link

  • A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.

    It was past midnight when Alessandra Millican and a friend entered the Bellagio hotel room that was costing them hundreds of dollars a night, but unexpected noises made them stop cold.

    “We started hearing grunts,” she said. “It’s somebody waking up — we were halfway through the room and we realized there’s somebody sleeping in here.”

    Millican…

    Source link

  • Palo Alto Networks earnings, outlook top Street expectations as SEC cyberattack reporting rule drives demand

    Palo Alto Networks earnings, outlook top Street expectations as SEC cyberattack reporting rule drives demand

    Palo Alto Networks Inc. shares rallied Friday after hours as the cybersecurity company topped expectations with its latest earnings, as well as with its forecasts for profit and billings, outlining that new reporting rules and AI-backed adversaries are driving adoption.

    The stock
    PANW,
    +1.02%
    was rallying more than 9% in the extended session, following a 1% gain in the regular session to close at $209.69.

    Palo Alto Networks forecast first-quarter adjusted earnings of $1.15 to $1.17 a share on revenue of $1.82 billion to $1.85 billion and billings of $2.05 billion to $2.08 billion. Analysts were estimating $1.11 a share on revenue of $1.93 billion and billings of $2.04 billion for the first quarter.

    For the year, the company expects $5.27 to $5.40 a share on revenue of $8.15 billion to $8.2 billion on billings of $10.9 billion to $11 billion. Analysts tracked by FactSet had been projecting $4.98 a share on revenue of $8.38 billion and billings of $10.81 billion for the year.

    The company defines billings as “total revenue plus the change in total deferred revenue, net of acquired deferred revenue, during the period,” and is a metric used to account for subscriptions.

    On the extended call with analysts, Nikesh Arora, the company’s chairman and chief executive, said that while strong fourth-quarter results did not come as a surprise, what did come as a surprise was the speed of adoption of its Cortex XSIAM AI-driven security platform, especially now that regulators are going to start requiring quick disclosures for material cyberattacks.

    Palo Alto Networks reported fiscal fourth-quarter net income of $227.7 million, or 64 cents a share, compared with $3.3 million, or a penny a share, in the year-ago period. Adjusted earnings, which exclude stock-based compensation expenses and other items, were $1.44 a share, compared with 80 cents a share in the year-ago period.

    Revenue rose to $1.95 billion from $1.55 billion in the year-ago quarter, while billings rose 18% to $3.2 billion. Analysts surveyed by FactSet had forecast $1.29 a share in adjusted earnings on revenue of $1.96 billion and billings of $3.18 billion.

    The company launched XSIAM in October, and set a goal of booking more than $100 million in the first year. Arora said that in less than a year, XSIAM has already brought in $200 million, indicating that interest in applying AI to enhance security is “very high.”

    In late July, the Securities and Exchange Commission adopted new rules requiring companies to disclose cyberattacks within four days of making the determination the intrusion has a material effect on results.

    “Our customers have told us loud and clear that the legacy products powering their stacks are no longer working and they need to reduce by an order of magnitude,” Arora told analysts. “This becomes increasingly important with the new SEC rules detailing that all public companies will be required to report material breaches within four business days.”

    On the call, Lee Klarich, Palo Alto Networks chief product officer, told analysts that it wasn’t long ago that the average time between an initial hack and stealing data was about 44 days. Now, that can happen in a matter of hours, which is a huge problem, Klarich said, noting that attackers are adopting AI to perform attacks.

    “On average the industry is able to respond and remediate attacks in about six days: That doesn’t work,” Klarich said. “And even more challenging now with the SEC new rules of being able to disclose within four days, none of the math adds up.”

    Five years ago, Palo Alto Networks was already in the middle of an M&A spree to transform itself from a firewall company to a multiproduct security platform, and showed no signs of slowing down until August 2021, when the company decided to report earnings without announcing an M&A deal, after having acquired 14 companies over the previous three-and-a-half years.

    Nvidia Corp.
    NVDA,
    -0.10%    ,
    which also has a huge stake in AI, reports results after the bell on Wednesday.

    Palo Alto Networks is a new entrant to the S&P 500 index
    SPX,
    having gotten the nod in June. As of Friday’s close, Palo Alto Networks shares have gained 50.3% year to date, compared with a 12.4% gain on the ETFMG Prime Cyber Security exchange-traded fund
    HACK,
    a 13.8 % gain on the S&P 500, and a 27% rise on the tech-heavy Nasdaq Composite
    COMP.

    Source link