Cyber Risk News

"Misguided" #COVID19 Facebook Post Lands American in Handcuffs

Info Security - 6 hours 31 min ago
"Misguided" #COVID19 Facebook Post Lands American in Handcuffs

Police in the United States have arrested a 39-year-old man for spreading false information about COVID-19 on social media. 

San Antonio resident Christopher Charles Perez is accused of starting a coronavirus hoax with a post on his Facebook page.

A federal criminal complaint unsealed April 8 charges Perez with one count of violating 18 United States Code § 1038, which criminalizes the spread of false information and hoaxes related to biological weapons and weapons of mass destruction. 

The complaint alleges that Perez posted a threat on Facebook in which he claimed to have paid someone to deliberately spread the novel coronavirus around grocery stores in the San Antonio area of Texas. 

In his defense, Perez claimed that the post was a misguided attempt to help prevent the spread of the virus. He said that he posted the bizarre threat in the hope of deterring people from visiting stores and coming into contact with other shoppers. 

An anonymous online tipster sent a screenshot of the threat allegedly posted by Perez to the Southwest Texas Fusion Center (SWTFC) on Sunday. After reviewing the Facebook post, the SWTFC contacted the Federal Bureau of Investigation (FBI) office in San Antonio for further investigation.  

Perez was arrested by the FBI without incident at his home on Chateau Drive late in the afternoon of Tuesday, April 7. The accused is currently being held in federal custody. 

If convicted of the charges against him, Perez could be handed a jail term of up to five years in a federal prison. 

The FBI’s Weapons of Mass Destruction Squad and the Joint Terrorism Task Force are investigating this case. Assistant US Attorney Mark Roomberg is prosecuting the case on behalf of the government.

The San Antonio grocery stores that Perez allegedly paid someone to infect with COVID-19 were not mentioned in the criminal filings. 

A spokesperson for the Department of Justice said: "To be clear, the alleged threat was false; no one spread coronavirus at grocery stores, according to investigators."

At the time of writing, 177 people had died from COVID-19 in Texas, where there are 9,353 confirmed cases. 

Categories: Cyber Risk News

Hackers Invited to Share Bug Bounties with #COVID19 Charity

Info Security - 7 hours 28 min ago
Hackers Invited to Share Bug Bounties with #COVID19 Charity

A bug bounty platform is inviting hackers to share the proceeds of their successful bug hunts with the COVID-19 Solidarity Response Fund.

On April 8, HackerOne set up a special link on its website that lets hackers donate all or part of the bounties they earn to charity in just a few clicks. 

"The community has come together in some amazing ways to support COVID-19 relief efforts from Marc Rogers’ CTI League, the US Digital Response group helping governments, to individual hackers raising their hand to help. Today, HackerOne is doing our part by making it even easier for hackers to give back through bug bounties (monetary earnings for finding real-world security vulnerabilities) with a custom donation profile—https://hackerone.com/hackforgood," said a spokesperson for HackerOne yesterday.

"Hackers can invite 'hackforgood' as a collaborator on any paid bug bounty program to donate all or part of the money they earned to charity."

Although the donation profile was set up in response to an active pandemic, HackerOne said the concept could endure long after the health crisis is resolved.

"The charity will rotate on a monthly basis, but right now donations will go to The World Health Organization (WHO) COVID-19 Solidarity Response Fund," said a spokesperson for HackerOne.

The COVID-19 Solidarity Response Fund was established by the World Health Organization to help countries around the world combat the spread of the novel coronavirus. 

Donations help to pay for buying and shipping personal protective equipment to frontline workers, patient care, producing evidence-based guidelines and advice, and accelerating efforts to develop vaccines, tests, and treatments. 

Hacking for charity isn’t a new concept. The "2020 Hacker Report" published by HackerOne in February found that over a quarter of hackers carry out hacking activities "to protect and defend, do good, and help others." 

Earlier this year, a team of 4 hackers known as The Syndicate took to Twitter to announce that they will be donating 5% of all live hacking event earnings to charity and 5% of their time in 2020 and beyond to volunteering.

Categories: Cyber Risk News

Microsoft Buys Corp.com to Protect Its Customers

Info Security - 8 hours 6 min ago
Microsoft Buys Corp.com to Protect Its Customers

Microsoft has purchased Corp.com for an undisclosed sum two months after the domain was advertised for sale at $1.7m. 

The domain is believed to pose a danger to Microsoft's clients because of a "namespace collision" issue that occurs when domain names intended for exclusive use by an internal company network overlap with regular internet domains.

As a result of the collision, the Corp.com domain has been receiving an unending stream of passwords, emails, and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe for years.

News of the transaction was broken by Brian Krebs on April 7. Previous owner of Corp.com, Mike O'Connor, told Krebs that he "hoped Microsoft would buy it because hundreds of thousands of confused Windows PCs are constantly trying to share sensitive data with corp.com."

Wisconsin resident O'Connor essentially did nothing with the domain since buying it 26 years ago. On April 6, he confirmed the sale of the domain to Microsoft for an undisclosed sum.

Microsoft said the acquisition of the domain was undertaken to protect the privacy of its customers. 

In a written statement, the company said: “To help in keeping systems protected we encourage customers to practice safe security habits when planning for internal domain and network names.

“We released a security advisory in June of 2009 and a security update that helps keep customers safe. In our ongoing commitment to customer security, we also acquired the Corp.com domain.”

Commenting on the sale, Jake Moore, cybersecurity specialist at ESET, said: “Domains are highly sought after by criminal hackers to add value when sending out phishy communications. If this particular web URL was used unethically, it could have caused a huge amount of misunderstanding—along with other potential consequences—to a large number of Microsoft customers.

"A typical trait of cyber criminals is to purchase similar domains to well-known brands so that when victims quickly check the sender’s address, it may look legitimate. Therefore, scammers can take advantage of their victim believing this false validation from the sender, encouraging them to click on dodgy links and attachments.

"It goes without saying that people need to double check sender addresses and not act on any unsolicited communication.”

Categories: Cyber Risk News

Microsoft: #COVID19 Threats Less Than 2% of Total Daily Volume

Info Security - 12 hours 35 min ago
Microsoft: #COVID19 Threats Less Than 2% of Total Daily Volume

Cybercrime levels have not increased since the start of COVID-19, and the volume of related attacks remains relatively low, according to new information from Microsoft and the US and UK governments.

The joint government alert came from the UK’s National Cyber Security Centre (NCSC) and US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).

It explained what many in the industry already know: that bad actors are using the pandemic as a lure to spread malware and harvest details via phishing emails, and are scanning for vulnerable VPNs.

It also warned that hackers are spamming out SMS phishing attempts, and emails spoofed to appear as if sent from popular video conferencing platforms such as Zoom or Microsoft Teams, containing booby-trapped attachments.

Yet despite the headlines, overall threat levels haven’t increased; attackers are simply diverting more resources to capitalize on widespread user awareness of the current crisis and changing working patterns.

“Malicious cyber-actors are adjusting their tactics to exploit the COVID-19 pandemic, and the NCSC is working round the clock with its partners to respond,” said NCSC director of operations, Paul Chichester.

“Our advice to the public and organizations is to remain vigilant and follow our guidance, and to only use trusted sources of information on the virus such as UK Government, Public Health England or NHS websites.”

It’s a message that was echoed by Microsoft in an update yesterday.

“Attackers don’t suddenly have more resources they’re diverting towards tricking users; instead they’re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click,” explained Microsoft 365 Security CVP, Rob Lefferts.

“Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic. This means we’re seeing a changing of lures, not a surge in attacks.”

In fact, of the millions of daily phishing emails Microsoft detects, only 60,000 have COVID-19 related malicious attachments or URLs, less than 2% of the total volume of threats the firm tracks each day.

Categories: Cyber Risk News

Zoom Signs-Up Ex-Facebook CSO as Google Bans Platform

Info Security - 14 hours 5 min ago
Zoom Signs-Up Ex-Facebook CSO as Google Bans Platform

Zoom has brought former Facebook CSO Alex Stamos on board to bolster a new security push, as reports emerged that Google and the US Senate have told users to avoid the video conferencing platform.

As promised by CEO Eric Yuan last week, the firm has formally launched a CISO Council and Advisory Board comprising security leaders from across industries. The idea is that they’ll collaborate on new ideas to help improve security and privacy in the app.

CISOs and security leaders from HSBC, NTT Data, Procore, Ellie Mae, VMware, Netflix, Uber, Electronic Arts and others are already lined up.

Separately, former Facebook and Yahoo CSO, Alex Stamos, has joined Zoom as an outside adviser. Stamos had been vocal on Twitter about the challenges facing the firm and observed in a post announcing his move that Zoom has some very difficult problems to solve going forward.

“As I told the computer science students in my Trust and Safety Engineering course this last quarter (the last two weeks of which were taught over, yes, Zoom) coding flaws and cryptographic issues are important, but the vast majority of real technological harm to individuals comes from people using products in a technically correct but harmful manner,” he explained.

“Zoom has some important work to do in core application security, cryptographic design and infrastructure security, and I’m looking forward to working with Zoom’s engineering teams on those projects.”

In the meantime, several more big-name users have come out against the video conferencing app. Reports claim that Google is preventing its employees from using the Zoom desktop client over security concerns, whilst the US Senate is also urging members not to use it.

They join the likes of SpaceX, NASA, the UK’s Ministry of Defence, New York school districts and the Taiwanese government.

Zoom has been hit by a spate of incidents over recent weeks, including critical vulnerabilities discovered in its platform, encryption failings, poor default settings that exposed user meetings to disruption and eavesdropping, and privacy issues.    

Yuan said he is instituting a “feature freeze” while all engineering resources are diverted to security and privacy.

Categories: Cyber Risk News

Half of UK Adults Exposed to #COVID19 Fake News

Info Security - 15 hours 5 min ago
Half of UK Adults Exposed to #COVID19 Fake News

Half of UK adults have been exposed to online misinformation about COVID-19, making access to credible news sources increasingly important, according to regulator Ofcom.

Ofcom is surveying 2000 adults each week to better understand how online users are receiving information during the current pandemic.

Its first report, covering the first week the country was on lockdown following government orders, revealed that 46% of respondents had come across false or misleading information online, rising to 58% among 18-24-year-olds.

Worryingly, 40% said they are finding it difficult to know what’s true or false online, rising again in younger people to 52%.

Younger respondents are also said to be less likely to follow official advice: while 65% of people said they were following advice on handwashing very closely, this fell to 43% for 18-24-year-olds.

Among the most common misinformation circulating online is that drinking more water can flush out the virus, and that it can be relieved by gargling with salt water or avoiding cold food and drink, seen by 35% and 24% of adults, respectively.

Despite the fake news circulating online, however, most Brits (55%) are ignoring false claims and turning to official media sources to get their news. The BBC is most popular, with 82% of respondents claiming they check it, followed by other broadcasters (56%), and official authorities like the WHO, government and NHS (52%).

However, 49% are getting information via social media, where fake news flourishes. A further 43% find COVID-19 info via newspapers and 42% from friends and family, who could simply be repeating misinformation.

“People are turning to public authorities and traditional broadcasters for trusted information about COVID-19, and the vast majority say they’re closely following official advice,” said Ofcom group director for strategy and research, Yih-Choung Teh.

“With so much false information circulating online, it’s never been more important that people can cut through the confusion and find accurate, trustworthy and credible sources of news and advice.”

The government was recently forced to launch a rapid response unit to combat online misinformation about the virus, while in China, government officials have actively been promoting conspiracy theories about the pandemic’s origins as a US military plot.

Categories: Cyber Risk News

FBI Warns of Cloud-Based BEC Attacks

Info Security - Wed, 04/08/2020 - 18:23
FBI Warns of Cloud-Based BEC Attacks

The Federal Bureau of Investigation (FBI) has issued a warning over cloud-based business email compromise (BEC) scams that have cost US companies more than $2bn.

A BEC is a sophisticated scam targeting businesses that perform electronic payments, such as wire transfers or automated clearing house transfers. Typically, the scam involves a threat actor breaching a legitimate business email account through social engineering or computer intrusion techniques. 

After gaining access to a real email account, the threat actor can fraudulently acquire funds by emailing out phony invoices containing altered bank account details to a company's vendors and suppliers.

In a statement released on April 6, the FBI said: "Cyber criminals are targeting organizations that use popular cloud-based email services to conduct Business Email Compromise (BEC) scams. The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds."

The FBI revealed that between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling more than $2.1bn in actual losses from BEC scams using two popular cloud-based email services. 

BEC scams have been reported in all 50 states and in 177 countries. Losses from BEC scams overall have increased every year since IC3 began tracking this particular type of crime in 2013. 

The FBI said the way in which cloud-based email services are configured when they are acquired by users could be making life easier for cyber-criminals looking to compromise a company's email account.

"While most cloud-based email services have security features that can help prevent BEC, many of these features must be manually configured and enabled. Users can better protect themselves from BEC by taking advantage of the full spectrum of protections that are available," said the FBI.

The cost of building and maintaining robust cybersecurity means that small and medium-sized organizations, or those with limited IT resources, are most vulnerable to BEC scams. And one compromised business can have dire consequences for a whole industry.

The FBI said: "Cyber-criminals frequently access the address books of compromised accounts as a means to identify new targets to send phishing emails. As a result, a successful email account compromise at one business can pivot to multiple victims within an industry."

Categories: Cyber Risk News

Fake 3D Printed Fingerprints Fool Biometric Scanners

Info Security - Wed, 04/08/2020 - 17:13
Fake 3D Printed Fingerprints Fool Biometric Scanners

It wasn't quick or simple, but researchers at Cisco Talos have managed to break into devices secured with biometric authentication.

New research published today by Paul Rascagneres and Vitor Ventura revealed that manufactured fingerprints, created using 3D printing technology and textile glue, can defeat fingerprint authentication on a variety of phones, laptops, and padlocks. 

In a series of experiments, using different materials and restricted by differently sized budgets, researchers worked to trick capacitive, optical, and ultrasonic sensors. 

"Our tests showed that—on average—we achieved an ~80 percent success rate while using the fake fingerprints, where the sensors were bypassed at least once," wrote researchers. 

A 3D printer was used to create molds, then the fake fingerprints were cast onto materials that included silicon and fabric glue. 

“It was not so easy," Rascagneres told Infosecurity Magazine. "It took me months and a liter of resin."

To carry out their experiments, the inventive researchers used the publicly available fingerprints of nefarious gangster Al Capone.

Craig Williams, director of Talos Outreach, told Infosecurity Magazine: “It was a bit surreal to realize the use of a technology that was around during the ‘Al Capone’ era still provides effective security for most users. It will be interesting to see as technologies evolve how things change.” 

The fake fingerprints didn't work across all the devices tested. Researchers were unable to access the Samsung A70 phone, the Lexar Jumpdrive Fingerprint F35, or the Verbatim Fingerprint Secure USB-encrypted pen drive. 

Researchers were able to crack into an iPhone 8, Samsung S10, Huawei P30 Lite, MacBook Pro 2018, iPad 5th Gen, Samsung Note 9, Honor 7X, and an AICase Padlock. 

Given the expense, time, and effort it took to break into devices protected by fingerprint authentication, the researchers concluded that this security measure is adequate for the majority of the population. 

They wrote: "For a regular user of fingerprint authentication, the advantages are obvious, and it should be used. However, if the user is a more high-profile or their device contains sensitive information, we recommend relying more on strong passwords and token two-factor authentication."

Categories: Cyber Risk News

Accenture Acquires Revolutionary Security

Info Security - Wed, 04/08/2020 - 16:05
Accenture Acquires Revolutionary Security

Accenture has acquired a privately held Philadelphia company specializing in enterprise cybersecurity for information technology and operational technology environments.

Global professional services company Accenture announced its acquisition of Revolutionary Security on April 7. The financial terms of the deal were not disclosed.

Revolutionary Security was founded in 2016 and is headquartered in Whitpain Township, Pennsylvania. The company employs 90 cybersecurity professionals throughout the United States and serves a variety of clients in the energy, manufacturing, healthcare, financial services, and communications industries.

“The acquisition of Revolutionary Security is another demonstration of our continued commitment to invest in areas to keep our clients safe from cyber-threats,” said Kelly Bissell, who leads Accenture Security globally. 

“Revolutionary Security’s service offerings are a perfect complement to Accenture’s portfolio, and the acquisition furthers our mission of helping clients better protect and defend their organizations across their entire ecosystem.”

Jim Guinn II, who leads Accenture’s cybersecurity business for the energy, utilities, chemical, and mining industries, added that Revolutionary Security’s "extensive experience working with industrial companies and their specialized technical skill set will be incredibly valuable to our clients.”

Cybersecurity services offered by Revolutionary Security include assessment and testing, design and build of security programs and functions, and security operations across its clients’ IT and OT (operational technology) systems.  

LiveFire—Revolutionary Security's breach and attack simulation testing service—utilizes real-world cyber-threats to identify gaps in security processes and monitoring, as well as staff operations and technologies. 

President and CEO of Revolutionary Security Rich Mahler believes the acquisition will trigger growth. 

He said: “The opportunity to become part of Accenture Security will enable us to deliver more complete solutions to our clients and expand our services to even more clients globally. We’re excited to be joining a leading provider in cybersecurity services and look forward to working together to help clients solve their toughest challenges in IT and OT security.”

In March, Accenture agreed to acquire Context Information Security, which is the latest in a series of acquisitions—including those of Symantec’s Cyber Security Services, Deja vu Security, iDefense, Maglan, Redcore, Arismore, and FusionX—that the company says demonstrate Accenture Security’s "commitment to investing in and innovating advanced cybersecurity solutions."

Categories: Cyber Risk News

Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees

Info Security - Wed, 04/08/2020 - 14:10
Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees

Microsoft has warned that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses. During a virtual press briefing, the multinational technology company provided data showing how home working and employee stress during this period has precipitated a huge amount of COVID-19-related attacks, particularly phishing scams.

Working from home at this time is very distracting for a lot of people, particularly if they are looking after children. Additionally, many individuals are in a stressful state with the extra pressures and worries as a result of COVID-19. This environment is providing new opportunities for cyber-criminals to operate.

“We’re seeing a significant increase in COVID-related phishing lures for our customers,” confirmed Ann Johnson, corporate vice-president, Microsoft. “We’re blocking roughly 24,000 bad emails a day with COVID-19 lures and we’ve also been able to see and block through our smart screen 18,000 malicious COVID-themed URLs and IP addresses on a single day, so the volume of attacks is quite high.”

Johnson therefore urged businesses to adapt and step up security practices in this environment. She noted that in the rush to get employees set up working from home productively, putting in place more stringent measures has been something of an afterthought for many businesses.

“It’s important to educate users and tell them to pause and think before they click on a link, and the second thing we’re telling organizations is that they need to enable multi-factor authentication for 100% of users, 100% of the time, because if their users are stressed, they are going to click on those links and potentially give away their credentials,” added Johnson.

In the briefing, Microsoft stated that the countries most targeted by COVID-19 attacks have been China, the US and Russia, followed by Japan and parts of Latin America. The global technology giant has also seen signs that the volume of attacks is beginning to normalize over the past few days.

Categories: Cyber Risk News

Quarter of DevOps Suffer Open Source Component Breaches

Info Security - Wed, 04/08/2020 - 11:00
Quarter of DevOps Suffer Open Source Component Breaches

A quarter of organizations have suffered a breach related to their application development process over the past year, with most of these coming via open source components, according to Sonatype.

The DevOps automation firm’s 2020 DevSecOps Community Survey is based on responses from 5045 software professionals around the world.

It revealed that 21% of the 24% of responding organizations that reported a breach over the past 12 months linked it to use of third-party components.

These are incredibly popular among DevOps practitioners as they help to speed the release of new products, although they can also contain vulnerabilities and sometimes malware.

Interestingly, the figure for reported open source component breaches rose to 28% for those organizations with mature DevOps practices that include keeping a Software Bill of Materials (SBOM) for all components.

This could be because of cultural differences associated with finding and reporting such issues, Sonatype claimed.

“DevOps practice and thought leaders continue to suggest that mature DevOps cultures supports scenarios where information is actively sought, new information is welcomed, and bridging functional groups is a rewarded behavior,” the report added.

“Failures are not silent in mature DevOps practices, but rewarded. For mature DevOps practices, awareness is one of the best agents for driving change.”

The report also suggested that happy developers are more likely to be good for overall cybersecurity: they are 3.6-times less likely to neglect security when it comes to code quality, 2.3-times more likely to have automated security tools in place and 1.3-times more likely to follow open source security policies.

Research from Sonatype last year revealed that there had been a 71% increase in open source-related breaches over the previous five years. UK firms on average downloaded 21,000 software components known to contain vulnerabilities.

Categories: Cyber Risk News

Over 350,000 Exchange Servers Exposed to Serious RCE Bug

Info Security - Wed, 04/08/2020 - 09:40
Over 350,000 Exchange Servers Exposed to Serious RCE Bug

Over 350,000 Exchange servers around the world are still exposed to a critical vulnerability patched by Microsoft in February and actively being exploited in the wild, according to Rapid7.

The security vendor deployed its Project Sonar scanning apparatus to find that over 82% of the 433,464 Exchange servers it detected were still vulnerable as of March 24.

Discovered by Trend Micro’s Zero Day Initiative, the vulnerability in question, CVE-2020-0688, allows for remote code execution on unpatched systems if the Exchange Control Panel (ECP) interface is accessible to the attacker and they have a working credential for it.

After Rapid7 itself released a Metasploit module related to the bug, security researchers at Volexity spotted “multiple APT actors” trying to exploit the vulnerability at the beginning of March.

“Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc, limiting what an attacker can do with a compromised password,” the vendor explained.

“This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account. This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA.”

Rapid7 Labs manager Tom Sellers urged affected organizations to update Exchange immediately and check for compromise.

However, Project Sonar also revealed more widespread security deficiencies. It found over 31,000 Exchange 2010 servers around the world that have not been updated since 2012, while almost 800 Exchange 2010 servers have never been updated.

“In addition to the high numbers of servers that are missing multiple updates, there is a concerning number of Exchange 2007 and 2010 servers,” Sellers added.

“Exchange 2007 transitioned to End of Support (EoS) status nearly three years ago on April 11 2017. No security updates, bug fixes, timezone updates, etc., are provided after that date. Exchange 2007 does not have the vulnerability described by CVE-2020-0688 but if it did, it would not have been fixed.”

Categories: Cyber Risk News

EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking App

Info Security - Wed, 04/08/2020 - 08:45
EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking App

Europe’s data protection tsar has called for a pan-EU COVID-19 health tracking app to avoid fragmented member state approaches which may not follow privacy-by-design principles.

European data protection supervisor (EDPS), Wojciech Wiewiórowski, said his team is already cooperating with other EU institutions to create a joined-up approach in line with GDPR.

He argued that even the strict EU data protection regulation makes some allowances for use of personal data in exceptional circumstances like the current pandemic.

“GDPR states that the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality,” explained Wiewiórowski.

“Legality of processing the personal data – even so called sensitive data like data about health – can be achieved when processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued.”

To that end, even if specific data processing during the crisis may interfere with privacy rights, it may be necessary. However, an EU-wide approach as advocated by the EDPS will ensure any measures are temporary, and limited in purpose and data access.

There must also be a clear “way back to normality” – i.e. organizations must know what they will do with any data collected after the crisis is over, said Wiewiórowski.

“The EDPS is aware that a number of EU member states have or are in the process of developing mobile applications that use different approaches to protect public health, involving the processing of personal data in different ways. The use of temporary broadcast identifiers and Bluetooth technology for contact tracing seems to be a useful path to achieve privacy and personal data protection effectively,” he added.

“Given these divergences, the EDPS calls for a pan-European model ‘COVID-19 mobile application,’ coordinated at EU level. Ideally, coordination with the World Health Organisation should also take place, to ensure data protection by design globally from the start.”

The statement should go some way to assuaging the fears of global rights groups, which signed an open letter last week warning that efforts to contain the virus mustn’t be used as cover to usher in a new era of online surveillance.

They claimed that telecoms-based tracking is already underway in 23 countries, while 14 have deployed tracking apps.

Tracking infection rates and movement across the populace is seen as an essential step to helping prevent the spread of the pandemic and a key pillar of any lockdown exit strategy.

Categories: Cyber Risk News

Akamai CSO: Online and Remote Work is the Future of Business

Info Security - Wed, 04/08/2020 - 08:15
Akamai CSO: Online and Remote Work is the Future of Business

The internet is proving to be the most valuable resource at the moment, and opportunities will await those who adapt and are more prepared.

Speaking as part of the Akamai Edge conference, delivered as a virtual summit, Andy Ellis, CSO and senior vice-president at Akamai, said that where once the internet was disruptive, it is now enabling us to teach our children and talk to family members during the COVID-19 crisis.

“Maybe we’re at conferences that are recorded in people’s basements, living rooms and potentially on their back porch, and we didn’t have to travel to them,” he said. “Maybe we’re having meetings with staff no longer focused on who is in the headquarters.”

Ellis called these “opportunities for us to seize” and we can wait and “return to the world we used to be in” when COVID-19 pandemic is over, but the digital landscape is now different now. “People have tasted the opportunity where we have meetings on video rather than in person,” and support staff who can work wherever they want to be, as long as they have an internet connection.

“The world we are going to come out of this in, will be one in which the internet becomes a more crucial component of everything we do,” he said. This could be exercise, banking, work or school; “the opportunities are bound for us and those who anticipate and seize them and are prepared to adapt will come out of this more prepared for the world we will be in,” he said.

“Those who merely sit on their hands and wait, and are not prepared for the changes of the digital landscape, will be the followers. Which do you choose to be? My preference is to seize the opportunity.”

Asked by Infosecurity if he felt that threats were consistent or if they are taking advantage of a more dispersed and remote workforce and potentially vulnerable staff, Ellis followed Tom Leighton’s earlier point that attackers may have more time on their hands, but what has really happened is the environment has changed. “Businesses that were ill-prepared for the moment that we’re in are probably finding it a little more challenging to operate as where they are today isn’t where they were, and isn’t what their security was set up for,” he explained.

He added that too many businesses worked in a siloed model, and now everyone is remote “and what worked when 5% of the workforce [worked remotely] doesn’t work when 100% of the workforce is distributed, especially when they are seizing new technologies to enable them with their work which will expose you to hazards.”

Categories: Cyber Risk News

Scammers Target US Stimulus Checks

Info Security - Tue, 04/07/2020 - 18:29
Scammers Target US Stimulus Checks

In the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. 

Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. 

To soften the economic blow dealt by the deadly virus, the US Senate approved a $2tn stimulus package on March 25. 

Knowing that people all across America are now waiting to receive a government check, threat actors have swooped in to exploit the situation.

Researchers at Abnormal Security have detected an attack in which scammers impersonating a major financial institution are asking victims to verify their financial details before their stimulus funds can be released.

"These attackers created a convincing email and landing page that appeared to come from a major financial institution," wrote researchers.

"The email sent by the attackers claims that this financial institution has placed the funds on hold until the user can sign in and 'verify account ownership' so they can be released."

The email contains a link to a fake website that appears to be from a legitimate financial institution. 

"The URL is masked with a link, and the real URL takes victims to a site hosted at 'https://theruncoach.icu/home.php,' which attackers likely control and will use to steal the login credentials for this financial institution from victims," wrote researchers. 

Should recipients of the email fall victim to this attack, the login information for their banking account will become compromised.

In a bid to appear authentic, the attackers also inserted other genuine links into the email, including one that took users to the impersonated financial institution's real privacy statement.  

"The landing page was similarly elaborate, appearing almost exactly like the true bank landing page," wrote researchers. 

"Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials."

Researchers would not name which financial institution the scammers they observed were pretending to be associated with. 

"Please keep in mind that, although these attackers were impersonating one specific financial institution for this attack, they have already launched attacks impersonating many other financial institutions," said the researchers.

Categories: Cyber Risk News

Linux Servers Under Attack for a Decade

Info Security - Tue, 04/07/2020 - 16:55
Linux Servers Under Attack for a Decade

New research has found that the Linux platform has been under attack from Chinese threat groups for a decade. 

The "Decade of the RATs Research Report," published today by BlackBerry, reveals how five Chinese APT groups targeted Linux servers, Windows systems, and mobile devices running Android in a prolonged cross-platform attack. 

Researchers said that they are confident that the APT groups "are likely comprised of civilian contractors working in the interest of the Chinese government who readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts." 

Currently, Linux runs on all of the world’s 500 fastest supercomputers, and 90% of all cloud infrastructure and 96.3% of the world's top 1 million servers run on Linux.

Historically, the Linux platform has been overlooked from a security perspective. 

"One of the main reasons there aren’t many security tools for Linux is because there are relatively few Linux machines in the world (roughly 2%), therefore it’s a tough way for companies to make money,” Eric Cornelius, chief product architect at BlackBerry, told Infosecurity Magazine.

"Security products and services are not as widely deployed for Linux platforms as they are for the more popular Windows and Mac platforms."

Cornelius added that a prevailing assumption that Linux is more secure because it is open source "is just not the case." 

Asked what currently overlooked platforms could become "the Linux of the future" from a cybersecurity perspective, Cornelius said: “The most obvious one is mobile. As the 'Mobile Malware' report that we released this past fall points out, security vendors have only recently started deploying products to address a problem that governments and government-backed groups have been getting away with for a decade or more, with relative impunity. 

“Attitudes about adware are the source of another area of concern, as more and more APT groups disguise their malware as adware, thinking that it can fly under the radar and receive low priority if caught. We’ve also seen an uptick in the abuse of legitimate cloud service providers whose infrastructure is being co-opted by attackers to carry out their operations.”

By exposing a threat that has emerged from the past, the new research is bad news for security professionals, already stretched by dealing with current and predicted threats. 

Asked how professionals should split their attention when it comes to countering attacks, Cornelius said: “It's a process, not an exact science. But too often, the security industry and network defenders fixate on the next and the newest and forget to look back to see how past threats have evolved. As the old adage goes, 'Those who cannot remember the past are condemned to repeat it.'”

Categories: Cyber Risk News

Philippines Arrests 32 on Fake News Charges

Info Security - Tue, 04/07/2020 - 15:54
Philippines Arrests 32 on Fake News Charges

Police in the Philippines have charged 32 people with disseminating false information regarding the COVID-19 health crisis.

The Philippine National Police Anti-Cybercrime Group (PNP-ACG) said that 8 of those arrested allegedly spread fake rumors about the novel coronavirus orally around their local neighborhoods. The remaining 24 suspects are accused of using social media platforms to circulate falsehoods about the deadly virus.

Among the suspects is public school teacher Juliet Espinoza, who wrote on Facebook on March 27 that food supplies in General Santos City were running low. According to Philstar Global, Espinoza allegedly urged the public to seize food that was being stored in a gym. 

Another suspect, Vicente Cañonera, posted a list of people he said had contracted COVID-19 on Facebook to help in contact tracing. 

The 32 accused hail from Quezon City, Eastern Visayas, Calabarzon, Mimaropa, Western Visayas, Zamboanga peninsula, and Caraga. The crimes they are charged with allegedly took place from March 9 to April 5.

Police have charged the suspects with the unlawful use of means of publication and unlawful utterance under Article 154 of the Revised Penal Code and with violation of Republic Act 10175 or the Anti-Cybercrime Prevention Act.

ACG director Brig. Gen. Dennis Agustin asked the public not to share or post on social media any fake information about the COVID-19 outbreak that might create panic and confusion. 

“The ACG will be relentless in taking countermeasures on misinformation and spread of fake reports by conducting cyber patrol operations on social media and other online platforms,” Agustin said. 

As of Monday, coronavirus had claimed the lives of 163 people in the Philippines, according to Bloomberg. The total number of people with a confirmed case of COVID-19 in the country was 3,660.

On April 5, Al Jazeera reported that a 63-year-old man had been shot dead by police in the Philippines after threatening police and village officials at a coronavirus checkpoint with a scythe. The man, who was allegedly under the influence of alcohol, became violent after being cautioned by a village health worker to wear a face mask. 

Earlier today, Philippines president Rodrigo Duterte opted to continue the lockdown currently in place on the republic's main island of Luzon until April 30.

Categories: Cyber Risk News

Internet Traffic Spiked to Double Normal Rate in March

Info Security - Tue, 04/07/2020 - 15:00
Internet Traffic Spiked to Double Normal Rate in March

Internet traffic saw a major spike in March, but it will scale in the face of increased user demand.

Speaking as part of the Akamai Edge conference, delivered as a virtual summit, Tom Leighton, CEO and co-founder of Akamai, said that COVID-19 is creating major changes in lifestyles, as the internet was intended to make our lives manageable.

“We are operating at a larger scale,” Leighton said, acknowledging that questions exist about whether the internet is ready to scale such demands “and handle applications that we rely on today.”

Leighton said that over the last four weeks global traffic has grown by 30%, whilst a normal growth would be 3%. “If we go back to 2019 and the same period, it declined by 1%, and this growth is in one month where there were no big sporting events,” he said. “We’re doing everything online now and there's been growth in a short period of time. 

Leighton also said that there had been a peak in traffic of 167 Tbps, compared to 82 Tbps in March 2019. 

Looking at the current state of security for remote working employees, Leighton explained that the “bad guys have been working remotely for years and know we’re vulnerable, they know we have got a lot on our minds and are taking advantage of it.”

He identified the four best defense strategies against attacks to be:

  • Protect against DDoS attacks where there is resource exhaustion and sites are taken down
  • Use application security and bot management, to stop your content from being corrupted and stop your site being taken over
  • With people working at home, consider a zero trust approach as users working remotely is a major issue for access
  • Consider page integrity and data being stolen from users, such as in the Magecart attacks

Asked if the internet will scale under current demand, Leighton said it would, but he warned it is under pressure “and especially in core data centers and that is where we help to deliver content into the network and at the edge where there is more bandwidth.”

Categories: Cyber Risk News

UK Businesses Could Make Huge Savings on Cybersecurity Services

Info Security - Tue, 04/07/2020 - 14:35
UK Businesses Could Make Huge Savings on Cybersecurity Services

UK businesses could save up to £8.3bn by purchasing cybersecurity products and services from a more diverse range of suppliers, according to a study by Cynapse. It suggests that shopping around for cybersecurity services, thereby democratizing the market, would be hugely beneficial to UK companies.

Currently, businesses tend to turn to big firms for their cybersecurity needs. It is estimated that 76% of the UK cybersecurity market is controlled by just 10% of companies, equating to £6.3bn out of an overall £8.3bn. However, the market is changing rapidly, now encompassing over 1200 companies with a new startup joining the industry every week.

In a new study, Cynapse has found that smaller companies offer similar products and services at lower costs, in some instances saving businesses up to 40%. If firms utilize smaller cybersecurity suppliers in this way, it could potentially save them up to £8.3bn, according to Cynapse.

Cynapse is a London-based cybersecurity startup that offers companies free access to cyber-experts to better understand what their requirements are. It therefore believes it has a key role in unlocking the market, enabling businesses to find better value for money for their cybersecurity services.

The company stated: “Cynapse launched in March 2020 with the goal of providing a wider view of the cybersecurity market, tailored to individual customers’ needs.”

In its breakdown of the UK cybersecurity market, Cynapse showed that there are 122 large firms compared to 1099 medium, small and micro companies. The 122 large companies generate an estimated annual revenue of £6.3bn compared to £2bn among the rest. There are a total of 42,855 people employed in the UK cybersecurity sector, of which 27,746 work for the larger companies.

Categories: Cyber Risk News

Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention

Info Security - Tue, 04/07/2020 - 12:05
Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention

A new report from the Ponemon Institute has revealed that just 24% of organizations focus on optimizing cyber-attack prevention capabilities, despite 70% of security professionals believing that the ability to effectively prevent attacks strengthens security posture.

The research report, The Economic Value of Prevention in the Cybersecurity Lifecycle, sponsored by Deep Instinct, compiled survey responses from over 600 IT and IT security practitioners within organizations and revealed that a large percentage of companies prioritize cyber-attack detection and containment over prevention methods.

For example, according to respondents, whilst 79% of security budgets are being allocated to detection, containment, recovery and remediation activities, just 21% gets dedicated to prevention, even with 80% of those polled stating that prevention is the most difficult thing to achieve in the cybersecurity lifecycle.

The study determined that effective adoption of a preventative solution, when compared to the current spending of security departments and the cost of attacks, would result in significant cost reductions and require lower overall investment. 

“This study shows that the majority of companies are more effective at containing cyber-attacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr Larry Ponemon, the Chairman and founder of the Ponemon Institute.

“Prevention of cyber-attacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber-breaches, we expect budgets to start allocating increased resources to preventative solutions.”

Guy Caspi, CEO and co-founder of Deep Instinct, added that most companies still operate under a policy of ‘assume breach,’ believing that it is more pragmatic to contain a cyber-attack after penetration.

“This is no longer an economically viable long-term strategy,” he said. “The value of prevention is clear – for any type of attack, prevention saves significant time and money.”

Categories: Cyber Risk News

Pages