Info Security

Subscribe to Info Security  feed
Updated: 30 min 54 sec ago

Over a Third of Firms Have Suffered a Cloud Attack

Thu, 08/22/2019 - 09:35
Over a Third of Firms Have Suffered a Cloud Attack

Over a third of organizations have already suffered an attack on their cloud systems, yet many are failing to eradicate potential security blind spots, according to a new poll from Outpost24.

The cyber-assessment vendor interviewed 300 attendees at this year’s Infosecurity Europe show in London in June.

It found that while 37% admitted suffering a cloud attack, over a quarter (27%) said they don’t know how quickly they could tell if their cloud data has been compromised.

This lack of visibility into cloud environments also extends to testing: 11% claimed they never run any kind of testing in the cloud, while nearly a fifth (19%) said they only do so annually.

Given these findings it’s perhaps not surprising that nearly half of respondents (42%) said they believe on-premises data is more secure than that hosted in the cloud.

Despite these misgivings, a third (34%) of businesses said that more than half of their products/apps are running in the cloud, while 15% said all their assets were.

Bob Egner, VP at Outpost24, argued that cloud environments offer major cost and scalability benefits, but security can get more complex when firms start to use multiple clouds across different providers.

“Organizations should treat their cloud assets just as they would their on-premises assets and apply all the same security principles of vulnerability and application security assessment, plus checks for cloud misconfigurations and security posture,” he added.

“It is extremely important to understand the shared responsibility model and what cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure can and cannot offer in terms of security. Ultimately the responsibility of protecting your data and cloud workloads lies with you, the organizations using cloud services.”

Cloud misconfiguration is a particular challenge, with hackers now stepping up efforts to find exposed databases via automated scans. The Cloud Security Alliance recently put this on its “egregious 11” list of top threats to cloud computing.

Categories: Cyber Risk News

IT Teams Urged Not to Prioritize Patches Using CVSS

Thu, 08/22/2019 - 08:43
IT Teams Urged Not to Prioritize Patches Using CVSS

Organizations that prioritize patch updates primarily according to compliance requirements and use the Common Vulnerability Scoring System (CVSS) struggle with their vulnerability management programs, according to new research.

Cyber risk firm Kenna Security commissioned the Cyentia Institute to analyze data from its own platform related to the patching challenges facing over 100 organizations.

Perhaps unsurprisingly it found that those with high performing vulnerability management programs tended to use specific tools to prioritize patches based on cyber-risk.

However, those that based their decisions on which vulnerabilities to prioritize based mainly on the CVSS performed worse than those organizations that simply ignored it, the report claimed.

Although the impact was less serious, there was also a correlation between using compliance requirements as a primary driver in prioritizing vulnerabilities and lower coverage rates.

“Compliance is oftentimes a necessary and important method for prioritization but using compliance as the primary remediation tactic correlated with reduction of overall coverage of high-risk vulnerabilities,” Kenna Security CTO, Ed Bellis, told Infosecurity.

“We believe using a remediation strategy that focuses on both the likelihood of the vulnerability being exploited along with the impact of the exploitation (high risk) to be the optimal approach. CVSS and some other methodologies are not a good measure of exploitation likelihood and can result in companies doing much more work or missing high risk vulnerabilities altogether.”

Elsewhere, the report found that companies which dedicate discrete teams to patch specific areas of the technology stack tend to fare better in vulnerability management. Defining service-level agreements (SLAs) for fixing vulnerabilities also improves the speed and overall performance of remediation, it claimed.

Bigger budgets correlated with an increased ability to remediate more bugs at a faster rate.

According to one vendor, over 22,000 vulnerabilities were publicly disclosed last year, a third of which received a CVSSv2 score of 7 or above.

Categories: Cyber Risk News

Companies Act to Defend Privacy of Kazakhstanis

Wed, 08/21/2019 - 19:52
Companies Act to Defend Privacy of Kazakhstanis

Google and Mozilla today took action to protect the online security and privacy of internet users in Kazakhstan following credible reports that the Kazakhstan government was intercepting internet traffic within the country.

report published on presented evidence that Kazakhstan’s internet providers were requiring users to download and install a government-issued certificate on all devices and in every browser in order to access the internet.

Once a user downloads the certificate, the government is able to intercept account information and passwords belonging to that user and can decrypt and read everything the user types and posts. This style of attack is known as a man-in-the-middle (MitM).

The HTTPS connections targeted by Kazakhstan’s government read like the list of websites an anxious parent might search when trying to track down their unruly teenager. They include Instagram, Facebook, Twitter, YouTube, Google Hangouts and Russian social network OK.RU. 

The Censored Planet reported stated that “although the interception is not yet occurring country-wide, it appears the government is both willing and potentially capable of widespread HTTPS interception in the near future.”

Browser companies Google and Mozilla deployed technical solutions within Chrome and Firefox to block the Kazakhstan government’s ability to intercept internet traffic within the country. 

Marshall Erwin, senior director of trust and security at Mozilla, said: “Protecting our users and the integrity of the web is the reason Firefox exists.” 

Speaking on behalf of Chrome, Parisa Tabriz, senior engineering director, said: “We will never tolerate any attempt, by any organization – government or otherwise – to compromise Chrome users’ data.”

What the Kazakhstan government lacks in subtlety when it comes to spying on the online activity of its citizens, it makes up for in persistence. 

The Kazakhstan government put in a request with Mozilla back in 2015 to have a root certificate included in the company’s trusted root store program. The request was denied when Mozilla discovered that the government intended to use the certificate to intercept users’ data. 

Undeterred, the government tried to force its citizens to manually install the certificate, but its ruse failed when organizations took legal action.  

Categories: Cyber Risk News

China is Spying on Cancer Research

Wed, 08/21/2019 - 18:37
China is Spying on Cancer Research

The healthcare industry has many ailments: financial pressures, a lack of skilled healthcare providers, uncertainties around reform and, in many cases, an increasingly unhealthy populace. But that’s not all it has to deal with.

A new report, Beyond Compliance: Cyber Threats and Healthcare, released today by intelligence-led security company FireEye has highlighted common cyber-threats to healthcare organizations. 

The report identifies cyber-espionage as being one of the top three most-common threats. Making up the triad of terror are data theft and disruptive and destructive threats. 

An interesting finding made by FireEye was the large number of healthcare-associated databases observed for sale online between October 1, 2018, and March 31, 2019. 

The databases – the majority of which could be bought for under $2,000 – contained personally identifiable information (PII) and protected health information (PHI), such as patients' ZIP codes, email addresses, driver’s licenses and health insurance details associated with healthcare institutions in the US, the UK, Canada, Australia and India. Some data sets were on sale for as little as $200.

Luke McNamara, a principle analyst at FireEye Intelligence, said: “The large number of data sets being sold and the low prices you can purchase the sets for shows how ubiquitous access to them is.”

The report acknowledged that “buying and selling PII and PHI from healthcare institutions and providers in underground marketplaces is very common" and predicted that this scenario was unlikely to change given the data’s "utility in a wide variety of malicious activity ranging from identity theft and financial fraud to crafting of bespoke phishing lures.” 

Thefts of valuable research and mass records were observed being carried out by nation-states as well as by individuals. 

FireEye witnessed the deployment of multiple advanced persistent threat (APT) attack campaigns by several different countries, including China, Vietnam and Russia. China attracted special mention in the report for showing a particular interest in mining data linked to cancer research.  

Asked if China was the biggest culprit when it came to cyber-espionage, McNamara said: “I think so, from what we have seen over the years. They have shown the most concerted interest in the space. 

“There are well-known groups like APT 32 from Vietnam who targeted the UK and many one-offs, but China by far makes up most of the activity.”  

Healthcare organizations will continue to be attractive targets for cyber-criminals because of the nature and quantity of the data with which they are associated. At least with this report, they have some idea of what’s lurking in the shadows. 

McNamara said: “By putting this report out there we hope to get organizations to understand the range of threats out there.”

Categories: Cyber Risk News

Who's in Town Denies Instagram Block

Wed, 08/21/2019 - 17:21
Who's in Town Denies Instagram Block

A tracking app has hit back against recent reports that it has been blocked on social media giants Instagram and Facebook.

An article published last Tuesday on the Business Insider website reported that Facebook recently sent a cease-and-desist letter to the company behind the app Who’s in Town and took action to disable the personal Facebook account of the app’s creator Erick Barto. 

Speaking exclusively to Infosecurity Magazine, Barto confirmed that although he had received a cease-and-desist letter from legal firm Perkins Coie representing Facebook, the Who’s in Town app was still very much active. 

Barto said: “The Who’s in Town app is still up and running and statements about Facebook blocking it are untrue. 

“I had a couple of apps in the Facebook developer dashboard that were very old from 2013. They were legacy apps in my account. Facebook closed them and they closed my Facebook account and blocked my personal Instagram account.”

Asked whether What’s in Town would be complying with the cease-and-desist letter, Barto said that the company “would reply, not comply,” in an effort to start a conversation with Facebook about the safe handling of data.

The Who’s in Town app allows users to monitor the movements of people they follow on Instagram. It works by collecting geotag data shared publicly on Instagram and displaying the data in an interactive map.

Barto designed the app to highlight the amount of data people are constantly sharing online and show how easily such data can be collected and misused. With this point now made and a cease-and-desist letter from Facebook hanging over Who’s in Town’s head, you could be forgiven for thinking the outlook for the app is somewhat bleak. According to Barto, this is not the case.   

Barto said: “We want more people to know about it because in the past with other projects we have made we have had more reach. As soon as we feel we have made our point with Who’s in Town we want to propose a solution to the problem, to work with Facebook on how to use data safely.”

Asked if he was nervous about taking Facebook on, Barto said: “Not if the outcome is worth it.”

Categories: Cyber Risk News

Account Takeover Cases Hitting UK Courts Soar 57%

Wed, 08/21/2019 - 10:59
Account Takeover Cases Hitting UK Courts Soar 57%

The number of account takeover (ATO) cases going to court in the UK climbed 57% in the first half of 2019 as cybercrime continues to professionalize, according to KPMG.

The consulting giant’s biannual Fraud Barometer report has been analyzing crime trends in the UK over the past 30 years, specifically major fraud cases being heard in Crown Courts, where charges top £100,000.

It claimed hackers are using a variety of techniques to grab personal identity data which then allows them to hijack victims’ online bank and credit card accounts: across email, SMS and mobile apps.

However, the law is slowly catching up – at least when it comes to bank account takeover.

The Cyber-Attacks (Asset-Freezing) Regulations 2019 (SI 2019/956) entered into force in June, and requires banks to repay funds to customers stolen as a result of account takeover,” explained KPMG's UK head of investigations, Roy Waligora. “Whilst this is a very positive step for the customer, we all need to remain vigilant as consumers will continue to bear such costs indirectly.”

ATO is also rife across consumers’ digital lives, of course, with hackers using phishing, credential stuffing and brute forcing techniques to crack everything from email inboxes to Uber and Netflix accounts.

The report also highlighted the continued commercialization of cybercrime, facilitated by the underground economy and dark web-based partnerships.

In one case, a Tyneside man was jailed for 28 months at Newcastle Crown Court after fronting a classic tech support scam designed to trick panicked users into handing over their bank account details.

Victims lost hundreds of thousands of pounds in the international campaign, which used India-based ‘call center’ scammers.

“Although awareness or cyber-criminality has increased, with a fifth of the public believing that cybercrime is the biggest challenge facing the UK today, this hasn’t been enough to stem the tide in account takeovers,” warned Rob Norris, VP enterprise and cybersecurity at Fujitsu.

“While potential attacks are not always easy to spot, a broader education on how to detect fraudulent emails is key not just to consumers’ own finances, but their employers as well; what a consumer intentionally or not exposes themselves to at home, they are also likely to do at work. The finances of consumers and success of businesses depend on this rigorous education.”

Categories: Cyber Risk News

UK Boardrooms Falling Short on Cyber Expertise

Wed, 08/21/2019 - 09:35
UK Boardrooms Falling Short on Cyber Expertise

More than two-thirds (67%) of UK firms believe security concerns are holding back their efforts to grow through digital innovation, with many blaming a lack of engagement at a board level, according to Ernst & Young (EY).

The global consultancy polled 175 C-suite executives at UK-based organizations, split fairly evenly between business (CEO, CFO, COO etc.) and IT (CIO, CISO) roles, in order to compile its report, Cybersecurity for competitive advantages.

While 42% claimed to be behind their competitors in adoption of new technology, cloud computing and IoT topped the list of tech perceived to pose the greatest risk to the business.

Overcoming these concerns may require closer boardroom alignment and ownership of the problem.

Some 57% of business leaders and half (50%) of technology leaders cited a lack of business sponsorship as the biggest barrier to improving their organization’s cybersecurity.

However, strategic views diverged significantly after that. Most tech leaders (58%) said that giving an individual board member overall responsibility for cybersecurity would have the greatest impact, while the majority (64%) of business leaders said the biggest gains would come from making cybersecurity more of a strategic priority.

Yet unfortunately, over half (57%) of those surveyed don’t currently have a board member with direct expertise in cybersecurity and even more (67%) don’t think one is needed.

EY’s EMEIA advisory cybersecurity leader, Mike Maddison, argued that while direct security experience may not be essential, there needs to be better understanding at a board level of cyber-related risk.

“In recent years, the rate and pace of technological advances, regulatory change, cyber-attacks and data breaches have moved cybersecurity rapidly up the corporate agenda,” he added.

“Protection and prevention are still paramount yet, to stay ahead of these evolving trends, organizations need to start thinking differently about cybersecurity. Business leaders need to make the leap from seeing cybersecurity as only a protective measure, to it also being a strategic value driver.”

Two sectors leading by example are tech, media and telecoms (TMT) and retail. TMT respondents had the highest levels of board awareness, the largest planned investments in cybersecurity and the fewest concerns around security as a barrier to tech adoption, while all retail respondents believe a “cyber-secure” brand is important for competitive advantage.

Categories: Cyber Risk News

Employee Error Behind Half of Industrial Network Incidents

Wed, 08/21/2019 - 08:35
Employee Error Behind Half of Industrial Network Incidents

Human error was behind over half (52%) of all cybersecurity incidents detected by Kaspersky in industrial environments last year.

The Russian AV vendor’s State of Industrial Cybersecurity 2019 report is compiled from interviews with 282 firms running operational and industrial control system technology (OT/ICS).

While the vast majority of firms (81%) are planning to digitalize their operational networks to drive Industry 4.0 initiatives, far fewer (57%) have allocated a cybersecurity budget, it found.

However, budget aside, there’s a worrying shortage of cybersecurity skills in these companies: respondents’ top two concerns centered around not having enough cybersecurity experts to manage industrial networks, and a general lack of security awareness among OT/ICS operators.

In nearly half of all cases (45%) an IT security employee also looks after OT/ICS security, but although the two spheres are converging, professionals on either side can have different goals and take alternative approaches to reaching them.

For example, in the OT world operators, traditionally focused on availability and physical safety, as equipment was largely isolated from the internet. As this changes, new approaches are needed.

“This year's study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, manager at Kaspersky Industrial Cybersecurity.

“Taking a comprehensive, multi-layered approach — which combines technical protection with regular training of IT security specialists and industrial network operators — will ensure networks remain protected from threats and skills stay up-to-date.”

To illustrate the urgency of getting security right in industrial environments, a report from April revealed that 90% of critical infrastructure (CNI) providers have had their IT/OT environments damaged by a cyber-attack over the past two years.

Categories: Cyber Risk News

Users of Adult Website Exposed By Data Breach

Tue, 08/20/2019 - 18:46
Users of Adult Website Exposed By Data Breach

A website that shares adult content has caused blushes of a different kind by leaking the private data of 1.195 million global users. 

An authentication failure on the website allowed unrestricted access to a database containing user names, locations, genders, personal email addresses and even some full names. Also available were activity logs detailing what users had liked, uploaded, commented on and shared. 

Users of the website, which specializes in computer-generated pornographic animations and graphics, were left vulnerable to bullying, harassment, phishing and the threat of blackmail. It is estimated that around 20% of the user accounts were set up with fake email addresses, meaning roughly 800,000 genuine email accounts were placed at risk. 

The data leak was uncovered on August 15 by a vpnMentor research team led by cybersecurity professionals Noam Rotem and Ran Locar. The team was able to access detailed information regarding user activity on the site, including image uploads and blog posts. 

A spokesperson for vpnMentor said: "Some of these blog posts were extremely personal – including depressive or otherwise vulnerable content – and kept anonymous. Due to this data breach, however, the blog posts are no longer anonymous, with many of the authors' identities revealed."

After being informed of the breach, it took the operators of just four days to fix the security hole. It's unknown how long the private user data may have laid exposed before the leak was caught.

A number of users in Brazil, Australia, Italy, Malaysia and Australia had signed up to Luscious using official government email addresses. Though this may come as a surprise to some people, Ed Macnair, CEO of Censornet, isn't one of them. 

Macnair said: "It sounds unlikely that people would use their professional email addresses for personal services, but in a survey we ran last year, 10% of respondents admitted to visiting adult websites from a work device or using the work internet connection."

Commenting on the Luscious data leak, he said: "This is hugely concerning as it risks exposing an entire organisation to an attack. It is therefore vital that organizations – government or otherwise – put strict measures on internet activity at work and discourage the use of work email addresses for personal services." 

Luscious users are advised to change their username and other account details to remain safe.

Categories: Cyber Risk News

Visa Announces New Payment Security Services to Prevent Fraud

Tue, 08/20/2019 - 16:55
Visa Announces New Payment Security Services to Prevent Fraud

For merchants and banks, payment fraud can lead to heavy financial losses and a serious besmirching of reputation. 

Business and financial institutions received a helping hand today when Visa announced a suite of new industry-first payment security services and capabilities to prevent and disrupt payment fraud. The new capabilities are available to Visa clients at no additional cost or signup.

Before launching the new services, Visa commissioned Forrester Consulting to study global bank account-related fraud. The report found that the most prevalent types of fraud committed were ATM “cashout attacks” that remove fraud controls put in place by financial institutions and processors to withdraw money from cash machines fraudulently and "enumeration attacks" in which automated testing of values and credentials is carried out to gain unauthorized access to information and functionality.

Rarer but more damaging were instances of card-not-present fraud, including e-commerce and phone and mail orders, which represented nearly 40% of fraud losses and operational costs. 

The approach of Visa's new service is holistic, combining preventative steps to address vulnerabilities before they are exploited with swift action when a breach does occur. 

Under the new four-pronged system that went live today, Visa Vital Signs will monitor ATM and merchant transactions, alerting financial institutions when any potentially fraudulent activity occurs in a bid to prevent cashout attacks. Malicious activity can be suspended by Visa automatically or in coordination with clients.

A second layer of defense will be provided by Visa Account Attack Intelligence, which applies deep machine learning to Visa's vast ocean of processed card-not-present transactions to identify financial institutions and merchants that hackers might target with automated testing to guess account numbers, expiration dates and security codes. 

Visa Payment Threats Lab provides a third layer of protection by creating an environment in which a client's processing, business logic and configuration settings can be tested to identify errors that could lead to vulnerabilities. 

Bringing up the rear is proprietary solution Visa eCommerce Threat Disruption, which uses sophisticated technology and investigative techniques to proactively scan the front end of e-commerce websites for payment-data-skimming malware. 

Categories: Cyber Risk News

Should Companies Block Newly Registered Domains?

Tue, 08/20/2019 - 15:22
Should Companies Block Newly Registered Domains?

Visiting a newly registered domain (NRD) is the digital equivalent of picking up a hitchhiker: it might all go smoothly but you could also end up being robbed. 

While NRDs can be created for perfectly legitimate reasons, such as hosting a new conference, they are also commonly misused by tricksters spreading malware or attempting to make a quick buck from phishing or other common scams. 

A 2018 study by Farsight Security found that on average, 9.3% of NRDs died in their first seven days, with a median lifetime of just four hours and 16 minutes. The study concluded that the vast majority of these short-lived NRDs were used for cybercrime.

General awareness that shiny new domains might pose a threat has led cautious companies to block and/or closely monitor NRDs in enterprise traffic for anywhere from the first few hours after detection up to a week. But with no comprehensive study available on the malicious usages and threats associated with NRDs, a consensus hadn't been reached on whether such actions are sensible precautions or security overkill. 

A study published today by Palo Alto Networks’ threat intelligence arm, Unit 42, indicates that the companies blocking NRDs are onto something.

Out of 1,530 top-level domains analysed by Unit 42, more than 70% turned out to be “malicious,” “suspicious” or “not safe for work.” The study found that NRDs are "often times abused by bad actors for nefarious purposes, including but not limited to C2, malware distribution, phishing, typosquatting, PUP/Adware, and spam."

According to Palo Alto Networks, the safe approach is to block access to NRDs for the first 32 days after they have been registered or have undergone a change in ownership.

A recommendation was also made to block complete top-level domains (TLDs) that are predominantly used by bad actors (the threat kind, not the cast of Hollyoaks). The study calculated the top 15 TLDs with the highest malicious rate on recent NRDs and found the worst three offenders were "to," "ki" and "nf." 

The study concludes: "We recommend blocking access to NRDs with URL Filtering. While this may be deemed a bit aggressive by some due to potential false-positives, the risk from threats via NRDs is much greater. At the bare minimum, if access to NRDs are allowed, then alerts should be set up for additional visibility."

Categories: Cyber Risk News

Facebook Adds Instagram to Data Abuse Bug Bounty Program

Tue, 08/20/2019 - 10:30
Facebook Adds Instagram to Data Abuse Bug Bounty Program

Facebook has announced an expansion to its bug bounty program covering third-party apps that abuse user data, to include the Instagram ecosystem.

First launched in 2018 in response to the Cambridge Analytica scandal, the Data Abuse Bounty program works by “incentivizing anyone to report apps collecting user data and passing it off to malicious parties to be exploited.”

If an application is found to be breaking Facebook policy in this way, it could be kicked off the platform or become the subject of legal action. Facebook may also decide to conduct a forensic audit of related systems.

Cambridge Analytica infamously used data on tens of millions of Facebook users and their friends scraped by the third-party This Is Your Digital Life app to target US voters in the 2016 Presidential election.

Since that debacle, the social network was forced to kick hundreds more third-party apps from its platform for similar abuses, including one called myPersonality which was used by four million users.

The addition of Instagram to the program reflects the importance of the platform to Facebook’s business and growing concerns over developer access to user data.

In February, it was reported that data on 14.5 million Instagram accounts was being stored online in the UK with no password protection. It was suspected that a third party could be scraping accounts for publicly accessible data, for use later in marketing campaigns.

Last year, Instagram suddenly reduced the API limit for third-party apps from 5000 to 200 calls per hour, and stopped accepting new submissions, in what was seen as an attempt to improve user privacy.

Facebook set out its vision for a radical overhaul of the company in July following a record $5bn penalty issued by the FTC in response to failings that led to the Cambridge Analytica incident.

Categories: Cyber Risk News

Adware-Laden Google Play Apps Downloaded Eight Million Times

Tue, 08/20/2019 - 09:00
Adware-Laden Google Play Apps Downloaded Eight Million Times

Google has been forced to remove 85 adware-laden gaming and photo apps from its official Play store which had been downloaded over eight million times.

The Android custodian was informed about the adware by Trend Micro, which detected the new variant as AndroidOS_Hidenad.HRXH.

In a blog post, mobile threat response engineer Ecular Xu claimed that the ads generated by this malware are particularly difficult to close, and feature “unique techniques to evade detection through user behavior and time-based triggers.”

After checking whether the adware has been installed for 30 minutes – an attempt to evade sandbox analysis – it will hide its icon and create a shortcut on the home screen.

“To evade detection, the app uses Java reflection – which enables the runtime behaviors of an application to be inspected or modified – and encodes the API strings in base64,” Xu continued.

Ads are then flashed up to the user, with the adware checking to make sure it isn’t showing the same ones too frequently.

“While the apps do have actual functionalities of the applications they are posing as, these ads are shown in full screen,” Xu warned.

“Users are forced to view the whole duration of the ad before being able to close it or go back to app itself. Moreover, the frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users.”

Some users would have been able to block the apps, had they been accidentally downloaded: the most recent Samsung devices restrict the creation of shortcuts on the home screen, while Android 8 and later versions require user confirmation before a shortcut can be created, Xu said.

Mobile AV from a reputable vendor can also help to block malicious apps.

Some of the apps pre-loaded with the adware included Blur Photo Editor, Magic Camera, One Stroke Line Puzzle, Toy Smash and Beautiful House.

The news serves as a continued warning to users to exercise caution when downloading Android apps, even on the official marketplace.

Categories: Cyber Risk News

Beijing Accused of Fake News Plot as Twitter Bans 1000 Accounts

Tue, 08/20/2019 - 08:25
Beijing Accused of Fake News Plot as Twitter Bans 1000 Accounts

Twitter and Facebook have been forced to suspend nearly 1000 accounts after revealing a coordinated state-sponsored attempt by China to spread misinformation about the unrest in Hong Kong.

The news appears to indicate the first reported attempt by Beijing to engage in tactics more infamously deployed by the Putin administration in trying to influence opinion and amplify specific messages.

The accounts were banned for a range of policy violations including: spam, coordinated activity, fake accounts, attributed activity and ban evasion.

“As Twitter is blocked in PRC, many of these accounts accessed Twitter using VPNs. However, some accounts accessed Twitter from specific unblocked IP addresses originating in mainland China,” the social network said in a blog post on Monday.

“The accounts we are sharing today represent the most active portions of this campaign; a larger, spammy network of approximately 200,000 accounts — many created following our initial suspensions — were proactively suspended before they were substantially active on the service.”

In an unusual step, Twitter also released two large troves of information about the blocked accounts, containing their complete tweet and user information.

“Covert, manipulative behaviors have no place on our service — they violate the fundamental principles on which our company is built. As we have said before, it is clear that information operations and coordinated inauthentic behavior will not cease,” it concluded.

“These deceptive strategies have been around for far longer than Twitter has existed. They adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge. For our part, we are committed to understanding and combating how bad-faith actors use our services.”

The social network also shared intelligence on the inauthentic behavior with Facebook, which reacted by removing seven Pages, three Groups and five Facebook accounts as part of a small network focused on the Hong Kong protests.

Some of the content that was posted likened the protesters to cockroaches and ISIS fighters.

Citizens from the former British colony have been protesting in often violent clashes with the police for several weeks now, with millions taking to the streets on occasion. This followed the unelected local government’s attempts to introduce a law which would have allowed suspects in criminal cases to be extradited to China, where courts are controlled by the Communist Party.

Contrary to attempts by the Chinese government to portray them as violent secessionists backed by foreign governments like the US, most protesters are railing only against the single-party autocratic system of rule in China and simply want free and fair democratic elections.

Categories: Cyber Risk News

Smart Move: IDEX Shares Progress in Asia

Mon, 08/19/2019 - 19:16
Smart Move: IDEX Shares Progress in Asia

Norwegian company IDEX Biometrics is forging strong bonds with smart-card and payment specialists in Asia. 

IDEX shared its second quarter and half-year 2019 results in a recently issued corporate update in which the company announced a landmark multiyear, multimillion-dollar order for its dual-interface sensors. The report went on to highlight IDEX's collaborations with Tongxin Microelectronics Co. Ltd. (TMC) and PAX Technology Ltd. 

Chinese company TMC will be working with IDEX to create a biometric smart-card solution for end-customer implementation. In a three-way tech tryst, point of sales terminal provider PAX will be working with IDEX and with one of China's largest smart-card producers, Chutian Dragon, to run real-life transactions of biometrics smart cards compliant with Europay, Mastercard and Visa (EMV) using IDEX's dual-interface sensor.  

Also highlighted in the report were IDEX's progress toward certification and the company's attainment of some major manufacturing milestones, which included partnerships with Sian and Silone Cardtech, and a savvy supply agreement with leading global provider of cybersecurity products and solutions Feitian.

Despite its progress, the Norwegian company has yet to bring in the big bucks. In a separate brief, IDEX reported Q2 revenues of NKr0.4 million (about $44,600), an increase from revenues of NKr0.3 million in Q2 of 2018; and for the full first half of the 2019 fiscal year, revenues crossed the line at NKr1.7 million, compared to the much healthier NKr2.1 million banked over the corresponding period in 2018.

However, with comprehensive patents granted to IDEX Biometrics by the United States Patent and Trademark Office and by IP Australia, the company's future could be a much more lucrative story.  

IDEX CEO Stan Swearingen said: “The evolution of the biometric smart-card market is undoubtedly gathering pace and IDEX made great progress in the quarter. Our pipeline of commercial opportunities continues to grow, and we expect sensor shipments to increase significantly. We have developed important relationships with new customers in the ecosystem, and our biometric technology is proven and ready for mass deployment. I am highly confident that our strategy and technology leadership will deliver considerable success for all our stakeholders.”

Categories: Cyber Risk News

Teenage Hacker-for-Hire Receives Prison Sentence

Mon, 08/19/2019 - 17:40
Teenage Hacker-for-Hire Receives Prison Sentence

A British teenager has been sentenced to 20 months in prison after selling his services as a freelance hacker.

Elliot Gunton of Mounteney Close, Norwich, England, pleaded guilty to hacking, money laundering and breaching a Sexual Harm Prevention Order imposed in 2016. The 19-year-old hacker-for-hire also pleaded guilty to hacking offences against an Australian Instagram account.

Gunton was sentenced at Norwich Crown Court on Friday, August 16, after pleading guilty at an earlier hearing. The teen was ordered to pay back more than £400,000 he made in cryptocurrency after supplying online personal data and hacking services. 

The court heard how police found cybercrime-enabling software on Gunton's laptop after a routine search of his home conducted in April 2018. The search had been carried out to ensure that the teen was complying with a Sexual Harm Prevention Order imposed by the court in 2016 for previous offences. 

Information found on the laptop revealed that Gunton had offered to pass on mobile phone numbers, which would allow third parties to intercept calls and texts to commit fraud. Police also found evidence of Gunton advertising compromised data for sale and offering his services as a hacker-for-hire. 

Officers were able to trace and seize £275,000 worth of cryptocurrency illegally earned by Gunton, who had failed to erase all trace of conversations he had held online in which he discussed criminal activities. 

Gutton received a 20-month custodial sentence but was immediately released form the court, as he had already served his sentence while on remand. He was ordered to pay back £407,359 and issued a 42-month Community Behaviour Order with strict terms dictating his access to the internet. 

The order bans Gunton from deleting his internet search history, from providing a false IP address, and from using cloud storage unless he notifies a police officer.

Detective Sergeant Mark Stratford said, "This was a complex investigation which relied on the expertise of officers and staff from the Norfolk and Suffolk Cybercrime Unit. This emerging type of criminality requires police investigators to be at the forefront of technological advancements in order to effectively combat the ever-growing paradigm of cybercrime."

Categories: Cyber Risk News

BlackBerry Named Magic Quadrant Leader Four Years Running

Mon, 08/19/2019 - 15:40
BlackBerry Named Magic Quadrant Leader Four Years Running

Research giant Gartner Inc. has named BlackBerry a Magic Quadrant Leader for the forth consecutive year.

The Canadian multinational is one of six vendors to be handed the title in 2019 Gartner Magic Quadrant for Unified Endpoint Management Tools report. Other companies to emerge as leaders from the report are Citrix, IBM, Microsoft, VMWare and MobileIron, which were also awarded the title in 2018. 

Magic Quadrants are used to determine the relative positions of competing players in the major technology markets through proprietary qualitative data analysis. The result is that companies are placed in one of four categories: Leaders, Visionaries, Niche Players or Challengers. Vendors that emerge as Leaders have the highest composite scores for their completeness of vision and ability to execute. 

In the 2019 Magic Quadrant for Unified Endpoint Management Tools, Gartner's main focus was on a unified endpoint management (UEM) solution's ability to coexist with or assist in the migration away from client management tools (CMTs) and processes. This is because of the ongoing migration of PCs from legacy CMTs to UEM that Gartner stated it witnesses in a majority of end-user organizations.

BlackBerry’s UEM solutions have been adopted by leaders in highly regulated industries, including government, healthcare, energy and financial services. The solutions work by using machine learning and predictive analysis to securely enable the internet of things (IoT) with complete endpoint management and policy control for an enterprise fleet of devices and apps. 

The company’s latest offering, BlackBerry Intelligent Security, is the first cloud-based solution to harness the power of adaptive security. The tech allows IT teams to alter the security requirements and functionality of enterprise devices and apps based on a user’s real-world behavior and a risk score calculated via a combination of artificial intelligence (AI) and spatial data. And all this is achieved without leaving an additional software footprint.

Categories: Cyber Risk News

Texas Ransomware Blitz: 23 Local Governments Affected

Mon, 08/19/2019 - 10:30
Texas Ransomware Blitz: 23 Local Governments Affected

The state of Texas has come under fire from a coordinated ransomware attack affecting over 20 local authorities.

The Texas Department of Information Resources (DIR) released an updated statement over the weekend detailing its response to the attacks, which occurred on Friday morning local time.

Some 23 local government agencies were hit by the attacks – which are said to have come from the same threat actor – although state IT systems and networks are not affected.

“Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” the statement noted. “It appears all entities that were actually or potentially impacted have been identified and notified.”

The Texas DIR urged computer users not to click through or open attachments on unsolicited emails, check email sender details, use unique and strong passwords on all accounts, alert supervisors about any suspicious activity, and take advantage of cybersecurity training.

Local government bodies are coming under increasing attack in the US, with cyber-criminals betting correctly that poor security practices and under-funding have left them particularly exposed to ransomware.

Over the past few months several cities in Florida have come under fire, with at least two, Lake City and Riviera Beach, choosing to pay a combined ransom of over $1m. In Texas, the city of Del Rio was hit in January, forcing public sector staff back to using pen and paper.

In Baltimore, which was also hit but refused to pay up, reports suggest the local authority may end up with a bill for as much as $18m.

Ransomware detections rocketed by 365% year-on-year in the second quarter of 2019, according to Malwarebytes. The vendor claimed in Q1 that virtually all of its detections were now related to attacks on businesses, as hackers focus their efforts on more lucrative targets.

Categories: Cyber Risk News

Brooklyn Man Gets 57 Months for $1m Fraud Scheme

Mon, 08/19/2019 - 09:30
Brooklyn Man Gets 57 Months for $1m Fraud Scheme

A Brooklyn man has been sentenced to nearly five years behind bars after pleading guilty to a decade-long fraud and account takeover scheme that netted him over $1m.

Jason Mickel Elcock, aka “Prezzi,” pleaded guilty in March to a series of wire fraud and money laundering charges, as well as unlawful possession of a firearm.

Between 2008 and last year, Elcock and co-conspirator Shoshana Marie McGill bought stolen financial and identity data on tens of thousands of businesses and individuals, according to the Department of Justice.

They also obtained this material by hacking victims’ email accounts, bank accounts and password vaults.

The duo then monetized the stolen data by: buying goods online with victims’ card data, which they resold, opening new lines of credit in other people’s names, transferring money out of victim bank accounts, creating and cashing fraudulent checks in victims’ names and selling the data and check-making kit to other fraudsters in return for a cut of their earnings.

Elcock is also said to have deleted activity alerts and changed email account passwords to prevent victims receiving automated alerts about unauthorized transactions. He’s also said to have transferred victims’ phone numbers to ones under his control.

The decade-long scheme netted him and McGill $1.1m. Also seized from their flat were Rolex watches, laptops, tablets and smartphones, designer clothes, shoes and handbags, and other items.

In addition to his 57-month prison term, Elcock will get three years of supervised release, and has to pay back the $1.1m and restitution. McGill pleaded guilty on January 3 to conspiring to commit money laundering and was sentenced in June to five years’ probation.

“As criminals move to the digital frontier, law enforcement is following,” said NYPD commissioner, James O’Neill. “In this case, the NYPD is proud to have teamed with its FBI partners to bring this insidious criminal scheme to a close.”

Categories: Cyber Risk News

Eurofins Ransomware Attack Led to Backlog of 20,000 Cases

Mon, 08/19/2019 - 08:37
Eurofins Ransomware Attack Led to Backlog of 20,000 Cases

Police chiefs are warning of delays to investigations and court cases after it emerged that a ransomware attack on a forensic services firm led to a backlog of 20,000 cases.

Eurofins Scientific, the largest provider of its kind in the UK, suffered the “sophisticated” attack back in June.

The global tester, which handles around half of the UK’s forensic work, is said to have decided to pay the ransom in a bid to regain access to crucial data.

The National Police Chiefs' Council (NPCC) is now reported to be working on clearing the large backlog of cases, which it says will have an impact on ongoing investigations and legal proceedings as they involve vital DNA and blood evidence from crime scenes.

The backlog is now at around 15,000 cases, but the police organization is confident it will be cleared in the next two months, according to the BBC.

“The security and integrity of the criminal justice system is of the highest possible priority, which meant we had to take stringent steps to ensure that police data had, firstly, not been manipulated or changed and, secondly, was suitably protected for the future,” said NPCC lead for the forensic marketplace, assistant chief Constable Paul Gibson.

Kaspersky principal security researcher, David Emm, said the case highlights the dilemma facing firms caught out by ransomware: whether to pay up.

“To avoid this issue in the first place, having offline and offsite data back-up is essential. The best mitigation to ransomware is having effective backup processes in place, which help companies to avoid an invidious situation where they are suddenly negotiating with cyber-criminals,” he added.

“However, if companies haven’t got a back-up and it’s too late, then they seriously need to weigh up what solution is best for them. Whilst the decision to pay a ransom to restore valuable data is entirely dependent on the victim and their unique situation, it is important to remember the following: you can never entirely trust cyber-criminals to keep their end of the deal and in paying large sums to them, you are helping to fuel an illegal economy and thus, will help to make ransomware a more lucrative business in the future.”

Categories: Cyber Risk News