Feed aggregator

UK Spooks Give Green Light to Huawei

Info Security - 32 min 49 sec ago
UK Spooks Give Green Light to Huawei

There was finally a bit of good news for Huawei today after UK spies effectively gave the green light for the beleaguered Chinese firm to supply the nation’s 5G infrastructure.

GCHQ’s National Cyber Security Centre (NCSC) has reportedly decided that any risks posed by the Shenzhen giant can be managed, putting it add odds with its Five Eyes counterparts.

Australia, the US and New Zealand have all effectively banned the firm from supplying key infrastructure to build their national 5G networks while Canada is currently assessing the situation.

The fear is that the firm could be instructed by Beijing under local laws to assist in any possible intelligence operation in the future. It has also come under fire for alleged IP theft and breaking US sanctions on Iran — with Washington firing out a series of indictments last month.

However, the UK has always had a more nuanced approach to Huawei, having allowed the firm to compete for contracts as long as its kit can be assessed by GCHQ operatives in the Huawei Cyber Security Evaluation Centre (HCSEC).

This is despite that same centre highlighting significant shortcomings in the firm’s processes last year that “exposed new risks in UK telecoms networks,” meaning it has “only limited assurance” that Huawei equipment poses no threat to national security.

These issues will cost Huawei an estimated $2bn to mitigate over the coming years.

There’s also a chance that, even after the NCSC’s recommendation, the government could decide to align with its Western intelligence allies and order network operators to use equipment from other providers.

A DCMS review into the industry is set to report back in a month or two.

Huawei has consistently argued that it is not a security risk, and that it has instead merely been the victim of an escalating geopolitical dispute between the US and China.

Categories: Cyber Risk News

MPs Repeat Calls for Russian Brexit Meddling Probe

Info Security - 1 hour 9 min ago
MPs Repeat Calls for Russian Brexit Meddling Probe

MPs have repeated their calls for tech companies to be more heavily regulated to combat disinformation online, and for the government to investigate Russian meddling in the EU referendum.

The long-awaited final report into ‘fake news’ from the Digital, Culture, Media and Sport Committee was released yesterday, with some harsh words for Facebook and plenty of recommendations for the government.

Among other things, it recommended that a previously announced 2% tax on social media companies operating in the UK be used to fund regulator the Information Commissioner’s Office (ICO).

It also called for a compulsory Code of Ethics for social platforms overseen by an independent regulator, and legal liability for tech firms to take down any harmful or illegal content on their sites.

There were also wider calls for electoral law in the UK to be reformed to help improve transparency and regulation of online political advertising.

"We are open to meaningful regulation and support the committee's recommendation for electoral law reform,” Facebook said in response. “But we're not waiting. We have already made substantial changes so that every political ad on Facebook has to be authorized, state who is paying for it and then is stored in a searchable archive for seven years. No other channel for political advertising is as transparent and offers the tools that we do."

Another major part of the committee report was devoted to foreign influence in the UK political process. It’s something being investigated by special counsel Robert Mueller in the US, but so far campaigners have been frustrated by Theresa May’s reticence in launching any kind of formal investigation.

“We repeat our call to the government to make a statement about how many investigations are currently being carried out into Russian interference in UK politics,” the report concluded.

“We further recommend that the government launches an independent investigation into past elections — including the UK election of 2017, the UK referendum of 2016, and the Scottish referendum of 2014 — to explore what actually happened with regard to foreign influence, disinformation, funding, voter manipulation, and the sharing of data, so that appropriate changes to the law can be made and lessons can be learnt for future elections and referenda.”

The report also called for a total ban on foreign donations in UK elections.

Leave.EU is currently the subject of a criminal investigation by the National Crime Agency (NCA), referred by the Electoral Commission, after suspicions that Brexit backer Aaron Banks was not the source of a multi-million pound donation as he has claimed.

His firm Eldon Insurance, and Leave.EU, were fined £120,000 earlier this month by the ICO for serious data protection failings related to their use of voter data.

Categories: Cyber Risk News

Call for new UK digital ID policy

Outlaw.com - Fri, 02/15/2019 - 16:59
A new policy to ensure the approach to digital identities (digital IDs) is better joined up across the public and privacy sectors should be developed by the UK government, industry body techUK has said.
Categories: Cyber Risk News

'World-first' rules for online platforms closer in the EU

Outlaw.com - Fri, 02/15/2019 - 16:52
Online marketplaces will have to disclose how they rank goods and services on their platforms, and explain any preferential treatment of their own products on those platforms where they also act as a seller, under planned new EU laws that have moved closer to being finalised.
Categories: Cyber Risk News

Dating App Says Stolen Data Was Sold on Dark Web

Info Security - Fri, 02/15/2019 - 16:18
Dating App Says Stolen Data Was Sold on Dark Web

In the aftermath of multiple reports that millions of stolen records were dumped on the dark web, the dating app Coffee Meets Bagel confirmed that the accounts of approximately six million users were compromised in a breach, according to a Coffee Meets Bagel (CMB) spokesperson.

The company also said that the stolen data was indeed part of the trove of records that were sold by a malicious actor on the dark web marketplace, Dream Market. A Dubsmash spokesperson wrote that on February 8, 2019, the company learned of a data security incident that involved the sale of stolen user information.

In an email sent to Infosecurity, the spokesperson wrote, “With online dating, people need to feel safe. If they don't feel safe, they won't share themselves authentically or make meaningful connections. We take that responsibility seriously, so we informed our community as soon as possible – regardless of what calendar date it fell on – about what happened and what we are doing about it.

“We can confirm that approximately six million users were impacted. Beyond emails and names, no other CMB user information was compromised. This was part of a larger breach affecting 620 million accounts that got leaked across 16 companies.”

After the dark web vendor removed the first round of listings that were up for sale and noted, “All my listings have been removed, to avoid them being bought so many times and being leaked, as a respect for my buyers. But don’t worry, next round of breaches coming soon.”

Dream Market vendor profile

Infosecurity also received confirmation from Dubsmash that the company learned of a data security incident that involved the sale of stolen user information on February 8, 2019.

“Dubsmash also launched an investigation and engaged independent, third-party cybersecurity experts to provide assistance. The investigation is ongoing. Dubsmash responded by notifying the potentially affected users and providing information to assist them.

“Dubsmash takes the security of all user information very seriously and is taking steps to prevent similar events from occurring in the future. We are continuing to strengthen security measures to ensure our networks and systems are secure,” says Dubsmash’s president, Suchit Dash. “We deeply regret any issues or concerns this incident may have caused our users.”

Password reuse is one issue that has led to numerous data breaches, according to Aaron Zander, head of IT at HackerOne. “That password we used hundreds of times in the early 2000s has come back to haunt us. Users can protect themselves with password managers, but it’s up to the operators of websites and apps to prevent themselves from becoming test-beds for valid credentials,” Zander said.

Categories: Cyber Risk News

Two WordPress Plugin Authors Issue Bug Fixes

Info Security - Fri, 02/15/2019 - 16:01
Two WordPress Plugin Authors Issue Bug Fixes

Two different WordPress plugins have caused a few headaches this week. Hackers reportedly exploited an old vulnerability found in the WordPress plugin WP Cost Estimation & Payment Forms Builder, according to Wordfence. A second and critical vulnerability was also found in the Simple Social Buttons plugin, according to WebARX.

The flaw in the WP Cost Estimation plugin, which is present in all versions prior to 9.660, has been fixed. Wordfence wrote in a February 13 blog post that any sites using the plugin are encouraged to update to the latest version.

“Developers of plugins and themes are incentivized to develop a product that sells. Few such developers are incentivized to build security and privacy into the development cycle, especially when product lifecycles are brief,” said Mike Bittner, digital security and operations manager at The Media Trust.

“Companies that hire them too often think of security and privacy testing as an expense rather than an investment in the business's long-term success; it's also possible these businesses are more interested in making a quick buck than longevity.”

The Simple Social Buttons plugin is reportedly prone to privilege escalation, according to Vulners.com. If exploited, an attacker could take complete control of administrator accounts or whole websites.

According to WPBrigade, the plugin has been downloaded more than 500,000 times. “WordPress’s latest vulnerability once again emphasizes the challenges and risks of using a large body of third-party–maintained code,” said Bryan Becker, application security researcher, WhiteHat Security.  

"Because the vulnerability in Simple Social Buttons requires that the attacker have access to a registered user, there aren't going to be much in the way of widespread attacks against the flaw. However, if a site allows open user registration, an attacker could take advantage of the flaw and gain unauthorized access to the affected site," Mikey Veenstra, GWAP, threat analyst, Wordfence wrote in an email.

"We have deployed a firewall rule that prevents this vulnerability from being exploited, though our primary recommendation is that any site using the plugin updates it as soon as possible. At this point, we have yet to see any known threat actors making use of this vulnerability, but it's likely due to how circumstantial an exploitable case would be." 

Categories: Cyber Risk News

J.P. Morgan Launches First US Bank-Backed Crypto-Coin

Info Security - Fri, 02/15/2019 - 15:01
J.P. Morgan Launches First US Bank-Backed Crypto-Coin

As the value of Bitcoin and other cryptocurrencies continues to fluctuate while governments consider marketplace regulations, J.P. Morgan announced that is launching the first US bank-backed cryptocurrency, JPM Coin.

“The JPM Coin is based on blockchain-based technology enabling the instantaneous transfer of payments between institutional accounts,” the press release stated. “Exchanging value, such as money, between different parties over a blockchain requires a digital currency, so we created the JPM Coin.”

According to J.P. Morgan, the coin differs from other cryptocurrencies, such as Bitcoin and Ethereum, because they are not collateralized, making their value specific to the coin. The coin is also distinguishable from fiat-back Stablecoins, which are reserves held at banks that claim to have a 1:1 fiat collateral.

The JPM Coin, though, is “1:1 redeemable in fiat currency held by J.P. Morgan.” The blockchain technology is permissioned, making it enterprise-grade secure because it is built by J.P. Morgan in collaboration with its partners. Use of the JPM Coin is only for institutional customers.

“JPM Coin is currently a prototype that will be tested with a small number of J.P. Morgan’s institutional clients, with plans to expand the pilot program later this year. JPM Coin is currently designed for business-to-business money movement flows, and because we are still in a testing phase, we don’t have plans to make this available to individuals at this stage. That said, the cost-savings and efficiency benefits would extend to the end customers of our institutional clients.”

J.P. Morgan said it has long supported the potentials of blockchain technology and the advancement of properly controlled and regulated cryptocurrencies. As it moves toward production of the JPM Coin, J.P. Morgan will continue to seek feedback and approval from its regulators.

“As a globally regulated bank, we believe we have a unique opportunity to develop the capability in a responsible way with the oversight of our regulators. Ultimately, we believe that JPM Coin can yield significant benefits for blockchain applications by reducing clients’ counter-party and settlement risk, decreasing capital requirements and enabling instant value transfer.”

Categories: Cyber Risk News

J.P. Morgan Launches First US Bank-Banked Crypto-Coin

Info Security - Fri, 02/15/2019 - 15:01
J.P. Morgan Launches First US Bank-Banked Crypto-Coin

As the value of Bitcoin and other cryptocurrencies continues to fluctuate while governments consider marketplace regulations, J.P. Morgan announced that is launching the first US bank-backed cryptocurrency, JPM Coin.

“The JPM Coin is based on blockchain-based technology enabling the instantaneous transfer of payments between institutional accounts,” the press release stated. “Exchanging value, such as money, between different parties over a blockchain requires a digital currency, so we created the JPM Coin.”

According to J.P. Morgan, the coin differs from other cryptocurrencies, such as Bitcoin and Ethereum, because they are not collateralized, making their value specific to the coin. The coin is also distinguishable from fiat-back Stablecoins, which are reserves held at banks that claim to have a 1:1 fiat collateral.

The JPM Coin, though, is “1:1 redeemable in fiat currency held by J.P. Morgan.” The blockchain technology is permissioned, making it enterprise-grade secure because it is built by J.P. Morgan in collaboration with its partners. Use of the JPM Coin is only for institutional customers.

“JPM Coin is currently a prototype that will be tested with a small number of J.P. Morgan’s institutional clients, with plans to expand the pilot program later this year. JPM Coin is currently designed for business-to-business money movement flows, and because we are still in a testing phase, we don’t have plans to make this available to individuals at this stage. That said, the cost-savings and efficiency benefits would extend to the end customers of our institutional clients.”

J.P. Morgan said it has long supported the potentials of blockchain technology and the advancement of properly controlled and regulated cryptocurrencies. As it moves toward production of the JPM Coin, J.P. Morgan will continue to seek feedback and approval from its regulators.

“As a globally regulated bank, we believe we have a unique opportunity to develop the capability in a responsible way with the oversight of our regulators. Ultimately, we believe that JPM Coin can yield significant benefits for blockchain applications by reducing clients’ counter-party and settlement risk, decreasing capital requirements and enabling instant value transfer.”

Categories: Cyber Risk News

EU copyright reforms: deal done by law makers

Outlaw.com - Fri, 02/15/2019 - 11:45
Reforms to EU copyright laws have moved closer after a deal was struck by law makers.
Categories: Cyber Risk News

CISOs Hit the Bottle as Workplace Pressures Build

Info Security - Fri, 02/15/2019 - 11:03
CISOs Hit the Bottle as Workplace Pressures Build

UK and US CISOs are facing burnout as they struggle to cope with escalating cyber-threats, insufficient budgets and a lack of engagement from the board, according to Nominet.

The DNS security provider commissioned Osterman Research to poll over 400 security bosses on both sides of the Atlantic for its report, Life Inside the Perimeter: Understanding the Modern CISO.

It found that the stresses of the modern role are increasingly taking their toll on CISOs’ personal and professional lives.

Almost all (91%) respondents said they suffer moderate or high stress, with 60% saying that they rarely disconnect from their job — that’s despite most (88%) already working over 40 hours per week.

Part of this stress is caused by the pressure of keeping threats at bay: 60% of respondents admitted to finding malware which had been there for an unknown period of time. Nearly a third (32%) said that they’d lose their job or receive an official warning in the event of a breach.

However, a large part of the stress CISOs feel they’re under appears to stem from the attitudes of the board.

Only half (52%) said executive teams value the security team from a revenue and brand protection standpoint and nearly a fifth (18%) claimed board members are indifferent to, or see them as an inconvenience.

These findings chime somewhat with a Trend Micro study from 2018 which found that 43% of global organizations view security as an afterthought in IoT projects and only 38% even consult the CISO at all when deploying solutions.

Nearly two-thirds (65%) of the CISOs Nominet polled claimed this lack of engagement with the board was a major challenge. It may also explain why just 43% claimed they have sufficient budget to tackle current threats.

As a result of these factors, the pressure is reaching boiling point for many.

Over a quarter(27%) of CISOs polled said stress is impacting their mental or physical health, while 23% said the role is damaging their personal relationships. Even worse, 17% admitted they had turned to medication or alcohol to deal with workplace stress.

“CISOs around the world are facing mounting pressures amid a rapidly shifting cyber landscape. Criminals are forever finding ways to exploit vulnerabilities, and do not discriminate against the businesses they attack. Everyone is a target,” argued Nominet CEO, Russell Haworth.

“It’s no surprise that CISOs are facing burnout. Many lack support from within their organizations, and senior business leaders need to face the facts: the threats are real, and CISOs need to be given the resources and support to tackle them. If not, the board must face the consequences.”

Just last month, the newly appointed first CISO of NHS Digital resigned only three months into the job, citing personal reasons.

Categories: Cyber Risk News

GandCrab Ransomware Slingers Target MSPs

Info Security - Fri, 02/15/2019 - 10:30
GandCrab Ransomware Slingers Target MSPs

A software company has been forced to remind customers to patch a two-year-old flaw in a third-party plug-in, after reports it is being exploited to infect scores of companies with GandCrab ransomware via their managed security provider (MSP).

The issue relates to CVE-2017-18362, a flaw which affects the Connectwise Manage plug-in for the Kaseya VSA remote-monitoring tool. ConnectWise Manage is a professional services automation (PSA) product popular among IT support staff in MSPs.

“This vulnerability allows a remote attacker to execute arbitrary SQL commands against the Kaseya VSA database, which means they can create administrative users, change user passwords, or even create tasks to deploy software to all endpoints under management,” explained Chris Bisnett, co-founder of Huntress Labs.

“This week an unknown attacker leveraged the vulnerable integration to attack MSPs and their customers by tasking all managed endpoints to download and execute a ransomware variant known as GandCrab. This type of attack is particularly devastating because the Kaseya RMM tool has remote administrative (SYSTEM) access to all managed endpoints leading to a quick and complete compromise of all customer assets.”

The incident was first revealed in a Reddit post a few days ago with the user claiming if affected a “local mid-sized MSP with about 80 clients” — all of which were apparently infected.

Kaseya was forced to issue an update on the ConnectWise plugin bug.

“Kaseya takes security very seriously and recommends that all customers using the Connectwise Plugin for VSA upgrade to the newly released version of the Plugin immediately or alternatively remove all versions of this Plugin,” it stated.

The news is yet another example of the lengths ransomware authors are now going to in order to get their wares on as many victim machines as possible.

Other threat vectors include email spam, RIG and GrandSoft exploit kits, and compromised websites offering cracked apps for download.

As of last March, GandCrab had infected over 50,000 victims and extorted an estimated $300,000-600,000 from its victims, more than 70% of which are based in the US and UK, according to Check Point.

Categories: Cyber Risk News

Google Play App Suspensions Jump 66%

Info Security - Fri, 02/15/2019 - 09:47
Google Play App Suspensions Jump 66%

Google has claimed it’s getting better at spotting bad apps on its Play Store marketplace, with the number of rejected submissions and suspensions both growing into the double digits last year.

The Android platform has often been criticized by security experts for being more exposed to cyber-threats due to it being relatively open compared to Apple’s ecosystem.

However, Google Play product manager, Andrew Ahn, claimed that thanks to new initiatives the firm has managed to increase rejected app submissions by over 55% and app suspensions by more than 66% in 2018.

“In 2018, we introduced a series of new policies to protect users from new abuse trends, detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before,” he said.

“These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps.”

He added that as well as detecting threats in the Play Store, Google scans over 50 billion apps on users' devices each day to see whether they’re behaving suspiciously.

Among other improvements highlighted by Ahn are enhanced clustering and account matching technologies which help human reviews to better spot persistent “abusive” developers.

“As mentioned in last year's blog post, we fought against hundreds of thousands of impersonators, apps with inappropriate content, and Potentially Harmful Applications(PHAs),” he continued.

“In a continued fight against these types of apps, not only do we apply advanced machine learning models to spot suspicious apps, we also conduct static and dynamic analyses, intelligently use user engagement and feedback data, and leverage skilled human reviews, which have helped in finding more bad apps with higher accuracy and efficiency.”

However, ever-changing tactics and increased use of cloaking tools will continue to give the black hats an advantage, he admitted.

In November last year a researcher found 13 malicious apps on the Play Store, which had been downloaded over half a million times at the time of their discovery.

Categories: Cyber Risk News

Love Bug Found in OkCupid Android App

Info Security - Thu, 02/14/2019 - 19:26
Love Bug Found in OkCupid Android App

Only days after Infosecurity reported that OkCupid users said their accounts had been hacked, Checkmarx disclosed that the OkCupid Android App actually posed risks because of security failures in MagicLinks.

It’s well known that malicious actors love to exploit a good holiday, which puts users at risk on Valentine’s Day. To identify any potential vulnerabilities, researchers dove into the popular Android dating app only to discover that attackers could easily gain access to user information, including personal contact information such as email aliases, names, genders, dates of birth and locations.

In addition, researchers found that they could gain access to a user’s dating preferences, such as whether they’re looking to hook up, find new friends, and date short or long term and whether they’re open to non-monogamy.

According to researchers, most of the URLs that pass through the app are not vulnerable because OkCupid uses WebView, yet some URLs are designated as MagicLink, which Checkmark describes as opening “inside the main OkCupid WebView, which means that the user has no way of knowing whether its content is legitimate or not. For every MagicLink, what is shown on the screen is just part of the OkCupid application as far as the user knows.”

However, in the words of Pedro Umbelino, the researcher who was working on this research, “A MagicLink can be, among others, simply a URL that contains the string /l/. It’s that magic. Essentially, any link that contains /l/ will pass as a MagicLink. It’s hardly a problem for even the most inexperienced hacker to create a URL containing /l/.”

Using that string, an attacker could then create a malicious phishing page and share it with unsuspecting users in hopes that they enter their login credentials. Because users generally wouldn't be concerned by a page that opens inside the app, the average user would not suspect the link is actually malicious.

“By sending a crafted link to a malicious page, we managed to change the app’s interaction URL base from https://api.okcupid.com to our own controlled HTTP page. By changing the API endpoint to an attacker-controlled address, the attacker now permanently controls the flow of information between the victim and the API server,” researchers wrote.

In a statement shared with Infosecurity, an OkCupid spokesperson wrote, “A few months ago, Checkmarx alerted us to a potential security vulnerability in the android app. We quickly resolved the issue and have no reason to believe this impacted any users, on any operating system. Happy Valentines Day.”

Categories: Cyber Risk News

Only 28% of Advisories Help Mitigate Risks

Info Security - Thu, 02/14/2019 - 18:39
Only 28% of Advisories Help Mitigate Risks

In its second annual review of vulnerabilities and threat group activity specific to industrial control systems (ICS), Dragos found that the majority of the public vulnerability advisories it tracked in 2018 were network exploitable.

The Year in Review is comprised of three parts: The Industrial Controls System Vulnerabilities Report, ICS Activity Groups and the Threat Landscape Report and, new this year, Lessons Learned from Hunting and Responding to Industrial Intrusions Reports, authored by Dragos co-founder and CEO Robert M. Lee.

Despite the finding that 68% of the advisories were network-exploitable vulnerabilities, only 28% of these network-exploitable advisories provided mitigation advice sufficient to take effective action, according to the report.

"There was a surprisingly high error rate among the advisories published by ICS-CERT,” said Reid Wightman, senior vulnerability researcher. “I think there is a public perception that the organization fact-checks advisories, but either they don't do it or aren't doing it very well. It is great to see, though, that when vendors collaborate with researchers to disclose vulnerabilities, the error rate significantly decreases. I hope we see more of that in the future."

The second report noted that threat hunters have been tracking three new ICS activity groups since 2017 and have identified a growing trend of adversaries using open source or commercially available penetration testing tools to pivot from IT networks to ICS networks.

"ICS attacks are not ‘bolts from the blue’ but the culmination of steady infiltration, data gathering and capability testing. While 2018 may have been quiet in terms of operational impacts due to malware or network intrusions, what we're seeing instead may be that preliminary period necessary before attack delivery," said Joe Slowik, adversary hunter.

Part three of the collection of reports found that in responding to industrial intrusions, in 37% of the incident response engagements, the initial vector dated back more than 365 days.

“As the threat landscape changes and activity groups increasingly adopt techniques to evade traditional antivirus detection, identifying patterns in adversary behavior and malicious activity can help defenders find and eliminate threats,” said Amy Bejtlich, senior adversary hunter.

“Cyber-threat intelligence helps augment this data collection and analysis and can help ICS entities best prioritize risk management and threat detection."

Categories: Cyber Risk News

DoJ Charges US Agent, Four Iranians with Conspiracy

Info Security - Thu, 02/14/2019 - 18:23
DoJ Charges US Agent, Four Iranians with Conspiracy

The Department of Justice (DoJ) has indicted a former US counterintelligence agent with espionage on behalf of Iran. Additionally, the Treasury Department’s Office of Foreign Asset Controls (OFAC) announced sanctions on a group of six Iranian nationals known as the Cyber Conspirators.

The DoJ indicted former US counterintelligence agent Monica Witt for “conspiracy to deliver and delivering national defense information to representatives of the Iranian government.” Witt, who is currently at large and believed to be hiding in Iran, is reported to have shared information that could be detrimental to national security with Iranian intelligence services.

According to a February 13 press release from the Treasury, OFAC issued additional sanctions against a separate Iran-based entity, which includes six individuals believed to have targeted current and former U.S. government and military personnel as part of a cyber campaign.

“Treasury is taking action against malicious Iranian cyber actors and covert operations that have targeted Americans at home and overseas as part of our ongoing efforts to counter the Iranian regime’s cyberattacks,” said Treasury Secretary Steven Mnuchin.

Four malicious actors allegedly associated with the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF), a unit of Iran’s Revolutionary Guard, are suspected of being involved in a cyber campaign and were also indicted by the DoJ. 

The February 13 indictment included charges against four Iranian nationals, who also remain at large: Mojtaba Masoumpour, Behzad Mesri, Hossein Parvar and Mohamad Paryar. These four alleged members of the Cyber Conspirators stand accused of “conspiracy, attempts to commit computer intrusion and aggravated identity theft, for conduct in 2014 and 2015 targeting former co-workers and colleagues of Witt in the U.S. Intelligence Community.”

The charges are alarming and highlight the reality of the ongoing cyber-threats from foreign adversaries. “This case underscores the dangers to our intelligence professionals and the lengths our adversaries will go to identify them, expose them, target them and, in a few rare cases, ultimately turn them against the nation they swore to protect,” said assistant attorney general for national security John Demers.

“When our intelligence professionals are targeted or betrayed, the National Security Division will relentlessly pursue justice against the wrongdoers.”

Categories: Cyber Risk News

'Confirmation of payee' reforms face delay

Outlaw.com - Thu, 02/14/2019 - 13:35
The implementation of new anti-fraud measures to protect UK banking customers faces delay due to a backlog of changes being worked on by banks and the complexities involved in delivering the new measures, payments industry figures have told MPs.
Categories: Cyber Risk News

Users at Risk of Online Scams this Valentine’s Day

Info Security - Thu, 02/14/2019 - 13:30
Users at Risk of Online Scams this Valentine’s Day

Smartphone users could be leaving themselves vulnerable to online scams this Valentine’s Day, researchers from ESET have warned.

The firm carried out a survey into people’s resolutions for the year and discovered that whilst one in eight are looking for love in 2019, only 39% were sure they had anti-virus software on their mobile phones. That’s a concerning statistic, because those who said they were committed to finding love also stated they would consider downloading an app, entering an online competition or clicking through to a deal received via email to take advantage of limited-time offers to do so.

“Many people will be looking for love via their smartphones this Valentine’s Day, however smartphone users with no anti-virus software are opening themselves up to some serious threats,” said Branislav Orlik, product manager for mobile security at ESET. “While an email deal may seem enticing, clicking through on an unsafe link or entering your details online can make you vulnerable to hackers and leave your personal data at risk. It is crucial to consider how you can best protect your devices.”

Scammers and fraudsters often play on people’s emotions and capitalize on popular holiday seasons and specific calendar dates to maximize the effectiveness of their attacks, and the most romantic day of the year is no exception.

In fact, research from Mimecast has found the threat actors behind GandCrab, or cyber-criminals using GandCrab as Ransomware-as-a-Service, have been using the build up to this year’s Valentine’s Day to target victims.

In its Threat Intelligence Report Mimecast said that GandCrab, which has only been around for just over 12 months, has had “large success and released a number of different versions, the latest being V5.1.6.” The ransomware includes a number of interesting features, including the ability to detect a Russian victim (and stop the infection if they have a Russian configured keyboard) and individual ransom notes.

Categories: Cyber Risk News

Five Billion Records Exposed in 2018

Info Security - Thu, 02/14/2019 - 11:38
Five Billion Records Exposed in 2018

Last year was the second highest on record in terms of data breaches and leaks, with over 6500 reported, according to Risk Based Security.

The security vendor revealed that 6515 incidents were reported globally in 2018, second only in the past 12+ years to 2017’s 6728. When it came to number of records exposed, the figure of around five billion for last year came third to 2016’s 6.4 billion and 2017’s 7.9 billion.

However, the caveat is that just over a quarter of breached organizations were unwilling or unable to disclose the number of records exposed, so the figure could be much higher.

For the purposes of this study, Risk Based Security collated incidents related to traditional hacking-based breaches and increasingly common IT misconfigurations which expose records but don’t necessarily mean they’ve ended up on the dark web.

It also counted “fraud,” which is the category assigned to the Facebook-Cambridge Analytica incident which exposed 87 million social media users to the shady political consultancy.

Although hacking accounted for most breaches, the largest number of records (39%) were exposed via the web, followed by hacking (28%) and fraud (25%), highlighting just how big a problem accidental leaks are. That means insiders were responsible for way more ‘breaches’ than outsiders, roughly 2.1 versus 1.3 billion.

In terms of sectors, business accounted for the vast majority of ‘breaches’ (66%), followed by government (14%), medical (13%) and education (7%).

There were 301 incidents (5%) linked to third-party suppliers. The US accounted for the vast majority of exposed records (44%) and breaches (2264). In terms of breaches, the UK came in a distant second (144) followed by Canada (112).

Despite the advent of the GDPR, the average number of days between breach discovery and reporting did not significantly change between 2017 (48.6) and 2018 (49.6).

However, as the vendor noted, although regulators must be notified within 72-hours, the public need only be told of a breach if there is a high risk of harm, and even then “only without unreasonable delay" rather than a specified three-day window.

Categories: Cyber Risk News

Hackers Target Maltese Bank in €13m Cyber Heist

Info Security - Thu, 02/14/2019 - 10:48
Hackers Target Maltese Bank in €13m Cyber Heist

A leading Maltese bank is resuming its services today after shutting down operations following a major cyber-attack on Wednesday.

The Bank of Valetta (BOV) said in a notice on Thursday morning that customers could once again use ATMs, online banking, mobile Banking and their BOV cards, although at the time of writing, payments to third parties were still suspended.

This is following an attack which directed €13m ($14.7m, £11m) worth of fake payments from the bank to accounts in the UK, US, Hong Kong and the Czech Republic.

In a statement to the island nation's parliament, Prime Minister Joseph Muscat reportedly said that the bank spotted something was amiss during reconciliation of international transfers at the start of business on Wednesday.

A decision was taken within half an hour to shut all of the bank’s services, as word came in from abroad that it had been hit by a cyber-attack.

The illegal transfers have been traced and are reportedly now being reversed.

“The Bank once again wants to reassure its clients that customer deposits and customer accounts were in no way affected by this cyber-attack,” the BOV said. “This unfortunate incident proved that the contingency plans in place and the preventive measures taken by Bank of Valletta were appropriate and that these measures safeguarded the bank, its customers and stakeholders.”

At first sight, this attack shares some characteristics with the audacious $81m cyber heist at Bangladesh Bank in 2015 and other smaller raids on lenders since.

As such, it could be a classic Business Process Compromise (BPC) attack in which hackers research the inner workings of a target organization to covertly manipulate key processes — such as by finding loopholes in money transfer systems or using malware to make unauthorized transfers.

AlienVault security advocate, Javvad Malik, argued that as organizations go digital, they need to find more holistic ways to manage risk.

“It is no longer enough to implement security simply at one level such as the website or the app. Rather security needs to be baked in all the way across the endpoint, network, to the servers,” he added. “Additionally, detection and response controls need to be in place and tested to gain assurance that during an incident core business functions can be maintained."

Categories: Cyber Risk News

Hackers Target Maltese Bank in €15m Cyber Heist

Info Security - Thu, 02/14/2019 - 10:48
Hackers Target Maltese Bank in €15m Cyber Heist

A leading Maltese bank is resuming its services today after shutting down operations following a major cyber-attack on Wednesday.

The Bank of Valetta (BOV) said in a notice on Thursday morning that customers could once again use ATMs, online banking, mobile Banking and their BOV cards, although at the time of writing, payments to third parties were still suspended.

This is following an attack which directed €13m ($14.7m, £11m) worth of fake payments from the bank to accounts in the UK, US, Hong Kong and the Czech Republic.

In a statement to the island nation's parliament, Prime Minister Joseph Muscat reportedly said that the bank spotted something was amiss during reconciliation of international transfers at the start of business on Wednesday.

A decision was taken within half an hour to shut all of the bank’s services, as word came in from abroad that it had been hit by a cyber-attack.

The illegal transfers have been traced and are reportedly now being reversed.

“The Bank once again wants to reassure its clients that customer deposits and customer accounts were in no way affected by this cyber-attack,” the BOV said. “This unfortunate incident proved that the contingency plans in place and the preventive measures taken by Bank of Valletta were appropriate and that these measures safeguarded the bank, its customers and stakeholders.”

At first sight, this attack shares some characteristics with the audacious $81m cyber heist at Bangladesh Bank in 2015 and other smaller raids on lenders since.

As such, it could be a classic Business Process Compromise (BPC) attack in which hackers research the inner workings of a target organization to covertly manipulate key processes — such as by finding loopholes in money transfer systems or using malware to make unauthorized transfers.

AlienVault security advocate, Javvad Malik, argued that as organizations go digital, they need to find more holistic ways to manage risk.

“It is no longer enough to implement security simply at one level such as the website or the app. Rather security needs to be baked in all the way across the endpoint, network, to the servers,” he added. “Additionally, detection and response controls need to be in place and tested to gain assurance that during an incident core business functions can be maintained."

Categories: Cyber Risk News

Pages