IBM has claimed it no longer sells facial recognition software and has called for a “national dialogue” on how it should be used by police in the wake of recent US protests against systemic racism.
In an open letter to Congress on racial justice reform, CEO Arvind Krishna revealed that the tech giant “has sunset its general purpose facial recognition and analysis software products.”
While technology can help to improve transparency and protect police it shouldn’t be used to promote discrimination, Krishna argued.
“IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency,” the letter continued.
“We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”
IBM added that AI technology in general can be a powerful tool for helping law enforcers keep the streets safe, but that both vendors and users have “a shared responsibility to ensure that Al is tested for bias, particularity when used in law enforcement, and that such bias testing is audited and reported.”
In the UK, a government-backed report from noted think tank the Royal United Services Institute (RUSI) warned that AI-powered facial recognition and other technologies using machine learning such as predictive crime mapping and individual risk assessments can amplify discrimination if they’re based on flawed data containing bias.
That hasn’t stopped British police using facial recognition technology with increasing frequency, despite complaints by rights groups that it is racially biased, inaccurate and tramples on civil liberties.
Even privacy watchdog the ICO has warned forces to go slow and ensure any pilots comply with data protection laws, while a statutory code of practice is drawn up.
In the US, facial recognition tech has been banned in many cities.
However, IBM’s Krishna argued that technology can still have a positive role to play in modern policing, by bringing greater transparency and accountability through body cameras and “modern data analytics techniques.”
Security researchers are once again warning website owners to ensure any cloud storage resources linked to their site are locked down, after discovering Magecart and malicious redirector code lurking in misconfigured S3 buckets.
RiskIQ threat researcher, Jordan Herman, said his team made the discovery on May 12, after finding Magecart code residing on three websites all run by a company known as Endeavor Business Media. They apparently host content and chat forums designed for firefighters, police officers and security professionals.
Alongside Magecart they found a malicious redirector dubbed “jqueryapi1oad” which they first discovered back in July 2019 on compromised S3 buckets that had also been seeded with digital skimming code.
On closer inspection, RiskIQ discovered the redirector first appeared in April of last year and is still in use, connected with 362 unique domains.
It’s linked to the Hookads malvertising campaign that Herman claimed “has historically been connected to exploit kits and other malicious behavior.”
They found the redirector on other sites with misconfigured S3 buckets, including a Colombian football news site that’s in the top 30,000 global Alexa rankings. So far, 277 sites have been identified as affected by jqueryapi1oad, potentially exposing countless unsuspected web users.
“As attacks involving misconfigured S3 buckets continue, knowing where your organization is using them across its digital attack surface is imperative,” argued Herman.
“In today’s threat environment, businesses cannot move forward safely without having a digital footprint, an inventory of all digital assets, to ensure they are under the management of your security team and properly configured.”
Back in July 2019, RiskIQ warned that attackers were actively scanning for misconfigured S3 buckets to spread malicious code, seeding skimming code into AWS instances associated with 17,000 domains, including some of the top 2000 Alexa-ranked websites in the world.
The latest discovery proves such attacks are ongoing, and represent an immediate threat to organizations.
Cyber-criminals have launched a new phishing scam designed to steal personal and financial details of self-employed workers using the Self-Employment Income Support Scheme (SEISS) during the COVID-19 outbreak.
The scam was uncovered by litigation company Griffin Law and begins with a text message sent to self-employed workers offering a tax rebate purporting to be from HMRC. This is in the wake of chancellor Rishi Sunak’s recent announcement of an extension to the SEISS.
According to Griffin Law, the text message informs victims that they are eligible for a tax refund and redirects them to a bogus website which leads to a realistic copy of the official HMRC site. Users are then met with a form which asks them to enter their email address, postcode and HMRC log-in details, before a fake refund amount is calculated.
From there, victims are taken to another page and asked to enter personal information including card number, name on card, account number, security code and expiry date.
Griffin Law estimates that around 100 self-employed workers have so far reported the scam to their accountants and business networks.
Commenting on the news, cyber-expert Chris Ross, SVP, Barracuda Networks, said: “This is the latest in a series of sophisticated HMRC-branded phishing scams designed to target vulnerable workers during the COVID-19 outbreak. We’ve seen a sharp rise in these kinds of schemes, often carefully crafted and timed alongside new government funding announcements to increase the likelihood of duping unsuspecting workers into handing over personal financial data.”
Andy Harcup, VP, Absolute Software, added: “The scam uses official government branding, logos and layouts, including a disclaimer about the site using cookies to fool users into thinking this is a legitimate way to reclaim money. It is vital that users remain vigilant to such attacks, checking the origin and legitimacy of sites before handing over confidential financial data. It’s also critical that companies ensure they have the necessary cybersecurity systems in place to protect against malicious communications across all workplace laptops and devices, to keep hackers at bay.”
Honda is investigating a cyber-attack on its IT network in Europe which researchers are claiming is Ekans ransomware.
The carmaker has issued a brief statement after problems were uncovered on Sunday, confirming there was an issue with its network.
It said it had “experienced a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations.
“Our information technology team is working quickly to assess the situation,” it added, according to The Detroit Bureau.
However, on Twitter, security researchers were less circumspect. One, known as @milkr3am, posted several screenshots including one with purported Ekans (aka Snake) code that checks specifically for the mds.honda.com domain, indicating that this variant has been specially customized to target the firm.
They also posted a ransom note, which requests the victim organization to get in touch with a secure Tutanota email address to discuss purchasing the private decryption key, which it says was “created specifically for your network.”
Alongside these are links to Virus Total which apparently show the code detected by 40 out of 71 vendors as Snake or Ekans ransomware.
This isn’t the first time Honda’s cybersecurity posture has come under scrutiny. Back in 2011 its American arm admitted to a data breach which compromised the personal details of over two million customers.
Then in 2019, the carmaker suffered two separate incidents. In July a researcher discovered an exposed Elasticsearch instance leaking 134 million corporate documents (around 40GB of data). Then in December, a similar incident exposed around 26,000 unique customer records from the firm’s North American business.
“Unfortunately, conventional approaches to ransomware threats tend to be minimally effective. Employee training can never completely remove the potential for human error, while software designed to stop malware rapidly becomes obsolete as threats and their identifying signatures evolve,” explained Cloudian VP of engineering, Neil Stobart.
“As such, organizations often encrypt data as a safeguard against ransomware. However, while encryption can be useful where cyber-criminals just want to access and share the data itself, in the case of ransomware, they can simply re-encrypt the data to prevent access by its rightful owner.”
The website of an animal rights group has been hacked after its founder made accusations regarding the killing of a pregnant elephant in Kerala.
The 15-year-old elephant suffered a broken jaw and died on May 27 in the Velliyar River after allegedly eating a pineapple filled with firecrackers. Such traps are commonly set in India's forest fringe areas to keep boars and other wild animals from damaging crops.
Following the expectant animal's tragic demise, Indian politician, animal rights activist, and founder of the organization People for Animals Maneka Gandhi said that "action should be taken against everyone who is suspected in Malappuram."
The politician's comments were considered to be controversial since it is not yet clear who may have laid the trap and whether it was intended specifically for the elephant, or whether the incident occurred in Malappuram district or in the adjoining Palakkad district.
According to Asian News International, Gandhi also said: "Kerala government has not taken any action in Malappuram, it seems they are scared. An elephant is killed every three days in Kerala. We have less than 20,000 elephants left in India, they are rapidly declining."
On June 4, following Gandhi's comments, a group of cyber-criminals hacked the official website of the PFA. The group, who call themselves Kerala Cyber Warriors, replaced the PFA site with a message that read "Maneka Gandhi dragged the sad death of pregnant elephant for dirty politics."
PFA trustee and wildlife activist Gauri Maulekhi said the hacked organization is now considering taking legal action against the malicious hackers.
Gauri told THE WEEK: "This kind of bullying, trolling and one-upmanship is not going to work."
Maulekhi said the elephant's violent death had transpired as a result of the Kerala government's attitude toward the hunting of wild animals.
"Hunting was banned in the country in 1972," said Maulekhi. "The Kerala government, in a recent order, has incentivized hunting. Poor people have started hunting wild boar to make money. They are forced to kill wild animals because of the absurd and wicked policies of the state government."
The International Criminal Police Organization (INTERPOL) 2020 Digital Forensics Expert Group conference is to be virtually hosted by the University of New Haven in partnership with MITRE Corporation.
The event aims to bring together leaders in digital forensics to learn about new developments in the field while also providing an opportunity for some professional networking.
INTERPOL approached Elder Family Chair and director of the university's Connecticut Institute of Technology Dr. Ibrahim Baggili and nonprofit MITRE with a hosting request last year. Baggili had planned to host the event with Cory Hall, principal cybersecurity engineer at MITRE, as his co-chair.
However, plans to physically site the event at the university were left in tatters by the global outbreak of COVID-19. Had the conference been able to take place on site at the university as originally intended, it would have been the first time in history that the event was held in the United States.
Eager to ensure the event went ahead despite the challenges of lockdown measures and travel restrictions designed to slow the spread of COVID-19, the university and MITRE are now hosting the conference in cyberspace.
Baggili said that in light of the increased reliance placed on technology by society in the wake of the coronavirus pandemic, cybersecurity was more important now than ever before.
“Cyber criminals will always take advantage of people, and how we investigate these crimes is of the utmost importance,” said Baggili. “From what we have learned from COVID-19, our livelihood, at this point, depends on technology.”
Hall commented that although a physical venue might be missing from the INTERPOL event, the need for digital forensics experts to be up to speed on the latest developments in their field was not.
“Digital forensics experts worldwide still require updates on new tradecraft and a place to connect and learn from one another,” said Hall. “This is a great example of collaboration across academia, nonprofits, and international law enforcement. It shows that our human spirit will prevail against this pandemic.”
The virtual conference will take place on four days over two weeks in June. For the first time, participants will be given the chance to solve a digital forensics challenge.
Columbia College, Chicago has become the third US college in a week to fall victim to a cyber-attack involving the Netwalker family of ransomware.
The Illinois educational establishment, along with Michigan State University and the University of California, San Francisco, was targeted by cyber-criminals and given six days to pay a ransom to recover its files.
Netwalker, also known as Mailto or as an updated version of Kokoklock ransomware, was first observed operating in September 2019. The malware works by encrypting data and renaming files with the developer's email address and an extension made up of the victim's unique ID.
Like the attack on the University of California, the assault on Columbia occurred on June 3, exactly one week after Michigan State University was hit. On the Netwalker blog, the cyber-criminals claimed to have exfiltrated "very highly sensitive data like social security numbers and other private information" from Columbia.
Columbia's chief of staff, Laurent Pernot, told the Columbia Chronicle on June 5 that the Netwalker attack was detected by the college's IT systems and contained to a limited number of college servers.
“Some college, employee and student data was accessed by the perpetrators, though the exact nature and extent of that is still being determined,” wrote Pernot, adding that steps had been taken to prevent further breaches.
Updates made to the Netwalker blog yesterday suggest some of the colleges may have succumbed to the attackers' demands.
Emsisoft's Brett Callow told Infosecurity magazine yesterday: "UCSF and Columbia are no longer listed on Netwalker’s leak site, which likely means they paid (making it a lucrative week for the criminals) or that they asked to be delisted pending negotiations. So it appears only MSU is still holding out and refusing to negotiate."
Threat group REvil recently switched from publishing data if a ransom isn't paid to auctioning it off to the highest bidder.
Asked if Netwalker's operators might follow suit, Callow said: "I wouldn’t be at all surprised if Netwalker were to adopt a REvil-like auction process for stolen information. Like other businesses, criminal enterprises adopt each other’s strategies and the introduction of mechanisms enabling stolen data to be monetized would seem to be a logical progression. We saw this with data exfiltration and publishing: the strategy was pioneered by Maze and then quickly adopted by multiple other groups."
The number of open source software (OSS) vulnerabilities more than doubled in 2019 compared with 2018, a new RiskSense report has shown. Total common vulnerabilities and exposures vulnerabilities (CVEs) reached 968 last year, up from 421 in 2018, a rise of 130%. CVEs have remained at historically high levels into the first three months of 2020 too, suggesting this is a long-term trend.
The report also revealed that it takes an average of 54 days for OSS vulnerabilities to be added to the National Vulnerability Database (NVD) following public disclosure. These delays mean organizations are often exposed to serious application security risks for around two months. The lags were observed across all severities of vulnerabilities, including those rated as ‘critical’ and ones that are weaponized.
The OSS projects that had the most CVEs were the Jenkins automation server (646) and MySQL (624), each of which had 15 weaponized vulnerabilities. While HashiCorp’s Vagrant only had nine CVEs, a very high proportion (six) were weaponized. Other OSS projects that had vulnerabilities that were trending or popular in real-world attacks included Apache Tomcat, Magento, Kubernetes, Elasticsearch and JBoss.
Cross-site scripting weaknesses were the second most common form of vulnerabilities, and the most weaponized. This was followed by input validation issues, which were the third most common and second most weaponized. Additionally, the study showed that some weaknesses, such as deserialization issues (28) and code injections (16) were far less common but remained very popular in active attack campaigns.
“While open source code is often considered more secure than commercial software since it undergoes crowdsourced reviews to find problems, this study illustrates that OSS vulnerabilities are on the rise and may be a blindspot for many organizations,” said Srinivas Mukkamala, CEO of RiskSense. “Since open source is used and reused everywhere today, when vulnerabilities are found, they can have incredibly far-reaching consequences.”
Over 300,000 Canadian accountants and related stakeholders have been hit by a breach of a professional member association, it emerged late last week.
The Chartered Professional Accountants of Canada (CPA Canada) revealed in a statement that an unauthorized third party had managed to access personal information after compromising the organization’s website.
Over 329,000 individuals including members and others have been notified and warned of follow-on attacks.
The compromised information relates mainly to the CPA Magazine and includes names, addresses, email addresses and employer names. CPA Canada claimed that passwords and full credit card numbers were encrypted, although didn’t specify what type of algorithm was used to scramble these details.
“CPA Canada today has notified affected individuals that the information involved could be used for the purposes of targeted phishing scams,” the organization said.
“CPA Canada is encouraging affected individuals to remain vigilant about any emails they may receive asking them to provide sensitive information or click on links or attachments, even if they appear to come from CPA Canada or an individual or company they know or trust.”
Although CPA Canada said it took “immediate steps” to secure its systems and work out what had happened, in reality the breach may have taken place several months ago. The organization linked the incident to an alert it issued back in April about an apparent phishing campaign in which users were requested to change their CPA Canada passwords because of a website breach.
“We are told that these emails appear to originate from the IT department of the employer of the individual receiving the message. These emails suggest that their IT department suspects a cybersecurity compromise with the cpacanada.ca domain,” it explained at the time.
“It is important that you do not act on the directions in any such email. CPA Canada continues to monitor the security of its web platform and is not experiencing anything unusual. In addition, the integrity of our password reset process remains secure.”
Cyber-criminals are taking advantage of the evolving jobs market and employee health situation under COVID-19 to disguise malware in various emailed documents.
The phishing campaigns spotted by Check Point over recent days center around spoofed CVs and medical leave forms. Unemployment in the US remains at levels not seen since the Great Depression of the 1930s, with close to 40 million currently without jobs due to the pandemic.
The security vendor said that the ratio of CV-related malware to all detected malicious files doubled over the past two months. One campaign featured banking Trojan Zloader hidden in malicious .xls files in emails with subject lines such as “applying for a job” or “regarding job.”
Separately, cyber-criminals have been taking advantage of interest in the US Family and Medical Leave Act (FMLA) to lure administrative staff into opening attachments.
Attachments with names like “COVID -19 FLMA CENTER.doc” have been sent via emails with subjects like “the following is a new Employee Request Form for leave within the FMLA,” according to Check Point.
Once again, the payload is info-stealing banking Trojans like Icedid or Trickbot. Different sender domains are used to try and trick email filters.
Overall, the number of COVID-19 attacks reduced in May by 7% to 158,000 per week, the vendor claimed. However, overall, attacks are starting to pick up as businesses begin to open again.
“In March, when the pandemic was at its peak, we saw a 30% decrease in malware attacks compared to January 2020. This was because many countries went into quarantine and most businesses and other organizations were shut as a result, greatly reducing the potential number of targets for attackers,” Check Point explained.
“Now that the world is seeing some relief from the pandemic as a result of the quarantine measures, things have started to open up and businesses are running again and – guess what? – cyber-criminals are also ramping up their malicious activities. In May, we saw a 16% increase in cyber-attacks when compared to the period between March and April, when coronavirus was at its peak.”
A multi-billion-dollar IT services firm has become the latest victim of the infamous Maze ransomware group after it appeared to target a widely publicized Citrix vulnerability.
New Jersey-headquartered Conduent claims to provide mission-critical services and solutions for “a majority of Fortune 100 companies and over 500 governments.”
The firm admitted in a statement that its European operations were hit by an attack on May 29, early in the morning local time.
“Our system identified ransomware, which was then addressed by our cybersecurity protocols,” it explained. “This interruption began at 12.45 AM CET on May 29 with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored.”
It said the incident resulted in only “partial interruption” to its services for customers, and an ongoing investigation is being undertaken featuring “internal and external security forensics and anti-virus teams.”
Although Conduent didn’t name its attacker, security researchers have seen Maze post stolen financial data from the firm online as proof of its raid.
Bad Packets claimed that, according to its own research, a Citrix server run by the IT services giant was left unpatched for at least eight weeks.
The Maze group has been observed previously exploiting the CVE-2019-19781 vulnerability in the ADC and Citrix Gateway products, which was first disclosed in December 2019.
The bug can allow an unauthenticated attacker to perform arbitrary code execution on a victim machine.
The Maze group also has previous in this area: hitting IT services firm Cognizant back in April in an attack which the firm admitted could cost it $70m in Q2 2020.
“Making sure you are using up-to-date operating systems and that software is running on the latest version is a critical part of cyber-hygiene,” argued CyberSmart CEO, Jamie Akhtar.
“Ransomware is a game of economics and incentives. By not protecting our systems, not backing up our files and giving into paying ransoms we increase the reward for the attackers and the general viability of these kinds of attacks. If we all do our part in reducing incentives, we can develop a kind of digital herd immunity where criminals in future may no longer feel the attacks are worth the effort."
The operators of a North Dakota contact tracing app have had a rethink when it comes to sharing users' data with third-party services.
Care19 was created by ProudCrowd LLC to track the spread of COVID-19 in the Peace Garden State. Following the app's launch, cybersecurity company Jumbo Privacy discovered that Care19 was sending user data to third-party services.
The information being shared was the Identifier for Advertisers (IDFA), an ad-tracking device that enables an advertiser to understand when a phone user has taken an action like a click or an app install.
North Dakota stated that the Care19 app "does not have any information that is tied to an individual person” and information uploaded via the app is "100% anonymous."
However, Jumbo found that users accessing the Care19 app via the iOS on their iPhone could be unmasked through the IDFA on their device.
One of the third-party services receiving Care19 users' IDFA data was Foursquare, a location service that provides advertisers with tools to reach people who have visited specific locations. That arrangement has now ceased.
Jumbo CEO Pierre Valade told Infosecurity Magazine: "Care19 shared with us on June 3rd that the new version of their app (v3.3) was no longer sharing users’ IDFA to Foursquare. We’ve reviewed the app and can confirm this is true."
Care19 and Foursquare told Jumbo that the IDFA data was collected automatically by using Foursquare's SDK, Pilgrim, and there was no way for developers to disable this collection.
Valade said: "After you published our research and in response to our concerns, Foursquare made an important change to its geolocation SDK 'Pilgrim' to permit developers to disable collection of a user’s IDFA and prevent it from being shared with Foursquare."
Jumbo's CEO described the change of heart as "a big win for privacy" but said that there were still concerns about Care19 that needed to be addressed.
In addition, Care19 has not yet confirmed that pushing the deletion tab will also delete user data anywhere else it was stored, notably in third-party servers.
"Systematic design flaws" have been discovered in leading internet-connected doorbell and security cameras by a Florida Institute of Technology student.
Blake Janes unearthed vulnerabilities in devices manufactured by Ring, Nest, SimpliSafe, and eight other companies relating to the removal of active user accounts. The flaws allow a shared account to remain in place and continue accessing the video feed despite appearing to have been removed.
The flaws could allow malicious actors to covertly record audio and video from vulnerable devices indefinitely, invading the privacy of victims on their very own doorsteps. In electronic stalking cases, or cases where a cohabiting couple who shared access to a device have ceased to live together, such flaws could have serious repercussions.
The vulnerability arose from devices' being designed in such a way that decisions to grant access are completed in the cloud and not made locally on either the camera itself or the users' smartphones.
Computer science major Janes's discovery was presented in "Never Ending Story: Authentication and Access Control Design Flaws in Shared IoT Devices," by the student and two Florida Tech faculty members from the university’s top institute for cybersecurity research, the L3Harris Institute for Assured Information—Terrence O’Connor, program chair of cybersecurity, and Heather Crawford, assistant professor in computer engineering and sciences.
"Our analysis identified a systemic failure in device authentication and access control schemes for shared Internet of Things ecosystems," the paper concluded. "Our study suggests there is a long road ahead for vendors to implement the security and privacy of IoT produced content."
Janes informed vendors about the vulnerabilities and also suggested several fixes. For identifying a major flaw in the Nest suite of devices, Google awarded the hard-working student a bug bounty payment of $3,133.
Other vendors, including Samsung, have been communicating with Janes about recommended solutions to fix the vulnerability.
Janes and his co-authors found the flaws in the Blink Camera, Canary Camera, D-Link Camera, Geeni Mini Camera, Doorbell and Pan/Tilt Camera, Merkury Camera, Momentum Axel Camera, Nest Camera Current and Doorbell Current, NightOwl Doorbell, Ring Pro Doorbell Current and Standard Doorbell Current, SimpliSafe Camera and Doorbell, and the TP-Link Kasa Camera.
Maine residents hoping to pursue a career in cybersecurity will finally be able to study the subject at community college.
Starting in fall 2020, Northern Maine Community College (NMCC) will be the first community college in the state to offer a cybersecurity program. NMCC said a group of at least 15 first-year students has already signed up to the course, which is comparable to those already available at Maine's other higher education institutions.
The new two-year program is a revised version of NMCC's network administration and cybersecurity associate degree program. Instructor Reuben Caron said the reworking of the course reflected the changes that have occurred in the technological landscape since its creation.
“The program began with computer electronics and evolved into computer networking and technology,” said Caron.
“As the program has evolved to meet industry needs, we knew there was a demand for graduates to be trained in network administration and security.”
NMCC’s program features a practical curriculum that will teach students how to build their own computers and private networks that will exist beyond the college's campus network. Students will learn how computers react to different cyber-attacks and experiment with various recovery tactics.
Encompassed in the program are courses on computer security, ethical hacking, and computer forensics.
With ethical hacking, you learn how someone might attack your network in order to understand how to better defend it,” Caron said. “Students learn how to hack in a way that doesn’t go beyond ethical hacking and into illegal situations.”
Students will end the program qualified for positions as computer technicians, network technicians, network administrators (Microsoft and Linux), and desktop support technicians. NMCC is currently pursuing accreditation for the program from the Accreditation Council of Business Schools and Programs.
Business department chair Dwight Clayton said the new program was an excellent starting point for Mainers dreaming of a cybersecurity career, especially for those hoping to earn while they learn.
He said: "The great thing about a two-year program is that students can enter the workforce as they continue toward a bachelor’s degree."
The news follows the 2019 launch of a four-year cybersecurity program at local university the University of Maine at Presque Isle.
Following reports which emerged last night about Sophos’ plans to furlough staff and close the award-winning blog, a spokesperson for Sophos has confirmed plans to restructure in response to market conditions associated with COVID-19 and “to accelerate the evolution already underway to our next-gen product portfolio, which features our most advanced cloud-managed protection capabilities and is the fastest growing part of our business.”
The spokesperson added: “A restructuring is always a difficult decision, but we believe it is necessary to position Sophos for continued growth and success in the years to come, and to continue to provide advanced, world-class protection for our customers.
“Sophos is appreciative of the contributions made by all our team members in supporting the company’s mission to protect people from cybercrime by developing powerful and intuitive products and services that provide the world’s most effective cybersecurity for organizations of any size.”
In the first quarter of 2020, Sophos grew billings 14% overall, its next-gen products represented over 63% of its business and the company grew 37% year-on-year.
Answering a question with regard to the future of the 10-year-old Naked Security blog, which earlier this week collected two European Security Blogger Awards for Best Corporate Blog and Best Overall Blog, Sophos said: “We can assure you that Naked Security will continue to be a source of information moving forward. Sophos is increasing focus on threat research and security investigations. As a result, we’ll do more original reporting and deep analysis.”
Security blogger and speaker Graham Cluley said in his blog that he had heard that Naked Security would be “mothballed” and he sent his “best wishes to old friends at Sophos facing possible redundancy.
“So many vendors over the years were jealous of the power that Naked Security commanded, and how it helped Sophos punch far above its weight in terms of brand awareness and thought leadership,” he said.
Facebook has started labelling content from state-controlled media outlets as part of an ongoing push-back against misinformation and coordinated propaganda on the platform.
Promised last October as part of the social network’s efforts to combat attempts to influence US elections, the firm will put clear labels on content from such outlets in its Ad Library Page view, on Pages and in the Page Transparency section.
The firm will also be blocking ads from state media in a month or two “out of an abundance of caution to provide an extra layer of protection against various types of foreign influence in the public debate ahead of the November 2020 election in the US,” said Facebook head of cybersecurity policy, Nathaniel Gleicher.
He explained that Facebook had consulted 65 media, governance and human rights experts around the world to draw up the criteria for what constitutes state-controlled media. It goes beyond funding to examine whether editorial control is being exerted by a government.
Factors such as editorial guidelines, ownership structure, info on newsroom leadership and governance and accountability mechanisms were all taken into account.
News organizations wanting to claim independence must be able at a minimum to demonstrate established procedures, processes and protections and a statute in the country to protect editorial independence; as well as an independent assessment by a credible third-party organization that the statute has been complied with.
“We also consider country-specific factors, including press freedom and we consult open-source research conducted by academics and leading experts,” Gleicher explained.
Last year, Chinese state-owned news channel CGTV was forced to register as a foreign agent in the US after pressure from Washington.
It will be a tense few months coming up for social media platforms as both sides of the political debate complain of bias against them. Most recently, Twitter has drawn the ire of Donald Trump by placing fake news labels on his tweets and by hiding one post made during recent riots for incitement to violence.
That same post, which repeated an infamous phrase first uttered by a racist 1960s police chief about looters, was controversially left untouched on Facebook, prompting dismay from civil rights leaders and employees.
Chinese and Iranian state-sponsored hackers have been caught targeting the Trump and Biden Presidential campaigns, according to Google.
Shane Huntley, director of Google’s Threat Analysis Group, revealed the news in a couple of tweets yesterday.
He confirmed that there was no sign the attacks had led to compromise.
“We sent users our govt attack warning and we referred to fed law enforcement,” Huntley added. “If you are working on a campaign this election cycle, your personal accounts may be targeted. Use the best protection you can. Two-factor authentication or Advanced Protection really can make a difference.”
Google’s Advanced Protection Program is designed to offer maximum protection for the Google accounts of journalists, activists, business leaders, campaign teams and the like who may find themselves at a high risk of targeted attacks.
It features 2FA via physical key or Android device, limited third-party app access to Google emails and Drive files, and a block on app downloads from outside Google Play.
The latest state-backed attacks were attributed to China’s APT31 (aka Zirconium, Bronze Vinewood), which has hitherto been pegged for attacks designed to compromise IP, and Iran’s APT35 group.
The latter, also known as Charming Kitten and Phosphorous, was disrupted in March 2019 when Microsoft court action allowed the firm's Digital Crimes Unit to take control of 99 of its phishing domains. It is often focused on collecting strategic intelligence from US and Middle Eastern government and military targets.
The attacks call to mind the infamous cyber-espionage campaign against Democratic Party officials ahead of the last Presidential election which led to the 'Guccifer 2.0' publication via WikiLeaks of politically embarrassing material. Hillary Clinton has since blamed the likely Russian campaign on her eventual loss to Donald Trump.
“As we have seen in recent history, APT groups targeting political campaigns is nothing new. These groups may be looking to use information that they obtain to sow discord in the country of the ongoing campaign,” said Digital Shadows security engineer, Charles Ragland.
“They may also use it for more traditional intelligence collection to inform other actions. As more and more communication is done online, this trend is likely to continue.”
Widespread violent protests across the US over the past week have been followed by attempted DDoS attacks on several rights groups, according to Cloudflare.
The web security firm analyzed malicious HTTP requests it blocked across the weekend of April 25/26 versus a month later (May 30/31). Minneapolis resident George Floyd was killed on May 25, sparking a wave of violence and protests across the US over the succeeding days.
Cloudflare claimed to have blocked 135.5 billion such requests in the May weekend, a 17% increase on the 116.3 billion blocked in the April weekend. That’s a month-on-month increase of over 19 billion attack requests.
The firm said that Sunday May 31 recorded an even higher month-on-month increase, of 26%, in attempted attacks.
Organizations classed as advocacy groups were subject to a much higher increase: May attack volumes were 1120-times the April figure.
“In fact, those groups went from having almost no attacks at all in April, to attacks peaking at 20,000 requests per second on a single site,” wrote Cloudflare.
“One particular attacker, likely using a hacked server in France, was especially persistent and kept up an attack continuously hitting an advocacy group continuously for over a day. We blocked those malicious HTTP requests and kept the site online.”
The security provider has detailed data on these rights groups as many of them are protected by its Project Galileo initiative, designed to shield such organizations from widespread online attempts to silence them.
“There are many organizations fighting racism who participate in Project Galileo. Over the last week we’ve seen a dramatic increase in the number of cyber-attacks against them,” the firm explained.
“Unfortunately, if recent history is any guide, those who speak out against oppression will continue to face cyber-attacks that attempt to silence them.”
Advocacy groups promoting the Black Lives Matter message weren’t the only recipients of DDoS attacks during the period. Cloudflare said it also recorded a 1.8-times increase in attacks on government sites and a 3.8-times increase in malicious traffic targeting military sites during the same period.
A panel discussion on the final day of the Infosecurity Europe Virtual Conference was dedicated to cybersecurity in SMEs, and in particular, practical methods these organizations can use to most effectively protect themselves from cyber-attacks.
Bridget Treacy, partner, Hunton Andrews Kurth, who moderated the panel, firstly outlined exactly why it is so important to talk about this topic: “We all tend to assume that cyber-threats are a risk for large organizations,” she said. “Actually, if you look at Verizon’s 2019 Data Breach Investigations Report, you will see that 43% of all cyber-attacks actually target small businesses, and SMEs often have really valuable data.”
The panellists agreed that, fundamentally, the threats faced by SMEs are similar to those of large businesses. They also face the same additional challenges as a result of the COVID-19 crisis. Nick Ioannou, head of IT at Ratcliffe Groves Partnership, said: “It’s more of the same – phishing, ransomware, but its more the focus [that’s changed] because criminals know a lot of people are working from home now…and also the way they are implemented – people get phoned up now; it doesn’t all have to be all over email because everyone is dispersed so it’s a lot harder to double check.”
For SMEs with significantly smaller budgets and internal cybersecurity expertise compared with large businesses, a more considered and targeted approach to counteracting cyber-threats is a necessity, and this is particularly so with regards to investments in security systems.
“Often organizations of all sizes and SMEs in particular hear about a new threat and they look for the technology to go and address that threat without actually giving full consideration to the risk that threat poses to them,” said Maxine Holt, senior research director, cybersecurity at Omdia. “If you look at risk rather than the threat itself, that can really help you improve your organization’s security posture because you’re just going to think about what’s going to affect you particularly.”
Additionally, a lower reliance on tech, and more emphasis on good practices among staff, is especially vital for companies with limited resources, establishing a more preventive approach to cybersecurity. Dai Davis, partner, Percy Crow Davis & Co, said: “Once you’ve identified the risk to your business, it’s a matter of getting the right people processes in place to ensure that you minimize that risk.”
This in no way means technology systems are unimportant; it must be ensured that tech that is implemented does not hinder the productivity and growth of small companies. Jason Maude, chief technology advocate, Starling Bank, explained: “As soon as your technology starts to run your users down too much, they will find ways around it.”
Another topic discussed by the panel was GDPR, and how compliance with the regulations should be approached by SMEs. In Maude’s view, it is something that should be embraced for the long-term benefits it can bring: “It’s encouraging you to be really efficient with your data to make sure that you know what data you have and to use it correctly,” he added.
Japan is to review laws relating to cyber-bullying following the untimely death of professional wrestler and reality TV show star Hana Kimura.
Kimura killed herself on May 23 by inhaling toxic gas in her Tokyo home. The 22-year-old had been subjected to online bullying after appearing in the last season of hit reality TV show Terrace House, which aired on Japan's Fuji Television and was also streamed on Netflix.
The vivacious pink-haired wrestler's death was confirmed in a statement released by her wrestling promoter, Stardom Wrestling, on May 23.
"We are very sorry to report that our Hana Kimura has passed away," it said. "Please be respectful and allow some time for things to process and keep your thoughts and prayers with her family and friends."
Prior to her death, Kimura had posted photos on social media that implied that she was being cyber-bullied and was struggling with self-harm. Her final Instagram post, uploaded on Friday, May 22, was a photo of the star posing with her cat accompanied by a caption that simply read "goodbye."
Terrace House follows the lives of six people as they share a house together in Tokyo's Setagaya. Before filming was halted due to the COVID-19 health crisis, Kimura had been filmed arguing with fellow cast member and comedian Kobayashi Kai after he accidentally ruined one of her expensive wrestling costumes while doing laundry.
It was this incident that had allegedly resulted in Kimura receiving a deluge of hateful messages through social media.
Wrestling journalist Adam Pacitti, who described the death of Kimura as "an absolute tragedy," tweeted: "I hope this serves as a reminder that interactions on social media can have a serious effect on the mental health of anyone, no matter who they are. Be kind."
According to Reuters, Japan will be holding a series of hearings to consider legal changes that will help cyber-bullying victims seek justice.
Junko Mihara, a member of the ruling Liberal Democratic Party who is leading the party’s team on online harassment, said: “People must understand where the line between constructive criticism and abuse lies."
Kimura's death comes after the outbreak of COVID-19 in Japan caused internet usage to increase.