Info Security

Subscribe to Info Security  feed
Updated: 2 hours 57 min ago

89% Reduction in Removal of Child Sexual Abuse Webpages During #COVID19

Mon, 04/27/2020 - 14:00
89% Reduction in Removal of Child Sexual Abuse Webpages During #COVID19

There has been a huge reduction in the number of webpages featuring child sexual abuse being taken down since the COVID-19 crisis developed in mid-March, according to the Internet Watch Foundation (IWF), an organization that identifies child sexual abuse content online.

The UK-based charity reported an 89% reduction in these types of webpages being removed during the period from March 16 to April 2020 compared to the previous month, falling from 14,947 to 1498 URLs.

Quoted in The Guardian newspaper, Susie Hargreaves, the chief executive of the IWF, said: “Even though our analysts are working as normal to find this evil content, it is staying available for longer, even after they have reported it. This means there is more opportunity for sexual predators to view and share it.”

The IWF believe this is because tech companies and law enforcement agencies are operating with reduced staff numbers during the COVID-19 pandemic, and therefore have lower capacity to identify and take down this type of material. Jake Moore, cybersecurity specialist at ESET, argued that COVID-19 lockdown restrictions may need to be lifted for those working in this area to ensure more effective policing of these webpages.

He commented: “It would not only be impractical for child abuse investigators to work from home, it would in fact be against the guidelines. Viewing indecent imagery needs to be conducted under strict laboratory conditions with employees around. These conditions are in place to help protect the victims and others who should not come in contact of such imagery. It would be socially unacceptable for anyone working for law enforcement or a charity to be able to view this content remotely or on their own.

“To combat child abuse imagery sufficiently throughout the pandemic, these investigators need to be considered as key workers and locate the illegal activity from the lab. However, it is naturally going to be conducted at a reduced rate.”

Categories: Cyber Risk News

Online Safety Tech Industry Association Launches

Mon, 04/27/2020 - 12:50
Online Safety Tech Industry Association Launches

The Online Safety Tech Industry Association (OSTIA) has been launched today, bringing together expert companies and advisory bodies to tackle online safety.

With support from the National Crime Agency, GCHQ, the Home Office, NSPCC, and led by Cyan Forensics and PUBLIC, the association unites expert analysts and innovative companies with the joint mission of improving online safety.

OSTIA aims to inform policy makers, technology providers and the public about online safety technologies, establish a collective influence on policy, regulation and support for the sector and provide a forum for networking and collaboration for companies involved in the broad field of online safety.

Chaired by Ian Stevenson, CEO and co-founder of Cyan Forensics, organization representatives will meet regularly with government representatives to explore ways to support innovation and growth in UK tech. 

He said: “The topic of online safety is wide-ranging and hugely complex. Unfortunately for regulators and providers, it is made up of many individual problems; there is no silver bullet that will solve the whole issue. That’s why we wanted to establish this industry association – to create a powerful collective voice to enact change.

“By focusing on specific, actionable areas, we can work together to demonstrate how the thriving safety-related products and services market will play a significant role in helping companies protect the most vulnerable from accessing harmful content, while driving digital growth. Together, we can ensure that the public, technology companies and policy makers are aware of these lifelines.”

The formation of OSTIA was welcomed by Caroline Dinenage, Minister of State for Digital and Culture in the Department for Digital, Culture, Media and Sport, who said: “We are determined to make the UK the safest place in the world to be online and have set out world-leading proposals to put a duty of care on online companies, enforced by an independent regulator.

“We are backing the industry to support our work by developing new products to improve online security and drive growth in the digital economy. This new association will help bring together relevant organizations to collaborate, innovate and create a safer online world.”
The association has three key aims:

  • Provide a voice of hope by informing policy makers, technology providers and the general public about online safety technologies
  • Create collective influence on policy, regulation and broader support for the sector
  • Provide a forum for companies contributing towards the goal of online safety

OSTIA’s current focus is compiling an Introductory Guide to Online Safety, a document drafted with specialist insight from government and civil society organizations. It will act as a guide for online platforms to proactively tackle online safety in the very design of their offerings.

Categories: Cyber Risk News

#COVID19 Fallout Hits UK Tech Startups Hard as Confidence Slumps

Mon, 04/27/2020 - 11:15
#COVID19 Fallout Hits UK Tech Startups Hard as Confidence Slumps

Confidence levels among UK tech startups have significantly dropped over the last three months as the fallout from the coronavirus pandemic takes hold, Studio Graphene’s new Tech Tracker survey has revealed.

The quarterly survey polls more than 100 business leaders within early stage UK-based tech companies to assess and monitor their confidence levels, with the latest highlighting the damaging effect COVID-19 is having on smaller and less-established companies.

As little as 32% of respondents said they were ‘confident’ or ‘very confident’ of increasing their turnover in the next 12 months, which is 42% lower than three months ago and down 47% when compared with Q1 2019.

What’s more, the vast majority of entrepreneurs (91%) said they were worried about the impact that COVID-19 will have on their business, with 35% saying that they do not feel their business is well-prepared to withstand the potential fallout.

In terms of plans for potential growth in the coming year, 58% said they intend to hire more staff (down 19% quarter-on-quarter), 60% hope to raise investment (down 7%) and 49% plan to expand into new territories (down 18%).

Almost 70% of respondents admitted to lacking confidence in the UK Government’s ability to support the tech sector through the COVID-19 pandemic.

Ritam Gandhi, founder and director of Studio Graphene, said: “We launched the Tech Trackersurvey 12 months ago to see how tech firms were responding to Brexit and the general pains of growing a business, but everything has been turned upside down; today’s data shows just how damaging coronavirus has been to business confidence.

“This is the biggest challenge many businesses have ever faced, and with smaller reserves and less nascent customer-bases to fall back on, it is understandable that many startups will be concerned about what the coming months will bring.”

However, Gandhi argued that there are still reasons for UK tech startups to be optimistic.

“Startups are also well placed to weather this storm. They are nimble, agile and able to respond to the challenges that arise on a day-by-day basis. What’s more, demand for technology is higher than ever – consumers and businesses need innovative solutions to the problems they are currently facing. So, there are opportunities for those who can pivot and keep pushing forward.”

Categories: Cyber Risk News

Nintendo Breach Affects 160,000 User Accounts

Mon, 04/27/2020 - 10:15
Nintendo Breach Affects 160,000 User Accounts

Nintendo has begun restricting log-ins and resetting affected passwords after admitting that as many as 160,000 accounts may have been illegally accessed by hackers.

The Japanese gaming giant said it was disabling access to accounts via the legacy Nintendo Network ID (NNID), which was associated with its now-defunct Nintendo 3DS handsets and Wii U consoles.

That’s because, since the beginning of April, hackers have been using NNIDs “obtained illegally by some means other than our service” to access user accounts and buy digital items using stored cards.

Unauthorized third parties may also have been able to view personal information including name, date of birth, gender, country/region and email address.

Aside from doing away with NNID log-ins to Nintendo accounts, Nintendo is resetting passwords that may have been used illegally.

The firm urged users not to share passwords across multiple accounts and to check whether their bank cards may have been used fraudulently.

“Organizations need to pay attention to not only points of access in production environments but also all their deprecated and development endpoints,” said Cequence Security’s Jason Kent.

“These often-forgotten and unsecured APIs can be used by hackers to gain side-door access into systems to achieve the same access to confidential information and monetary gain as if they went through the front door. Unfortunately, most organizations lack full visibility of their APIs, making it a challenge to adequately secure them. "

Chris DeRamus, CTO of DivvyCloud, hypothesized that the attack may have been the result of credential stuffing. The gaming industry accounted for around 22% of attacks spotted by Akamai over a 17-month period.

“To prevent unauthorized access to accounts, users should diversify passwords and usernames across different accounts, regularly change those passwords and enable multi-factor authentication (MFA) when possible for an extra layer of security,” he added.

Categories: Cyber Risk News

Experts Detect 30,000% Increase in #COVID19 Threats

Mon, 04/27/2020 - 09:25
Experts Detect 30,000% Increase in #COVID19 Threats

A security firm is claiming to have seen a staggering 30,000% increase since January in detected phishing, malicious websites and malware designed to capitalize on the COVID-19 crisis.

Zscaler VP of security research, Deepen Desai, revealed in a blog post that the firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year.

This included the registration of 130,000 new suspicious domains featuring COVID-related keywords such as “test,” “mask,” “Wuhan” and “kit.”

The firm recorded a 25% increase in the number of malicious files and websites it blocked and an 85% increase in phishing attacks targeting remote workers over the three-month period.

These included spear-phishing attempts spoofed to appear as if sent by the IT or payroll department, and some that even used a CAPTCHA screen to try and fool security filters.

Others targeted consumers with government-themed phishing attempts designed to trick those looking to secure stimulus funds.

Fake VPN software, COVID-themed mobile malware and even Nigerian 419 scams were also spotted by the Zscaler team, Desai said.

The security vendor has detected Magecart attacks targeting healthcare, pharmacy and grocery sites, the latter often hastily designed to support a surge in online orders, but without adequate protection.

Desai urged remote working employees and IT teams not to open links or attachments in unsolicited mail, to enable two-factor authentication, patch regularly and only stick to reputable sources for COVID-19 information.

“Each user in every organization must develop a heightened state of awareness, as cyber-criminals will continue to use the current global crisis as an opportunity to target and compromise end-user systems,” he concluded.

“If users are unsure about something they see online or receive in their inbox or SMS, they should be instructed to reach out to IT security teams for help.”

Despite the large increase in threats using COVID-19 themes, overall cybercrime has not increased, according to the UK’s National Cyber Security Centre (NCSC) and tech giants Microsoft and Google.

Categories: Cyber Risk News

Piracy Site Popcorn Time Targets Kids with New Version

Mon, 04/27/2020 - 08:32
Piracy Site Popcorn Time Targets Kids with New Version

A notorious website for pirated content has released a new child-friendly version to filter inappropriate content for younger users.

Popcorn Time leaped to fame with a mission of making illegal content as easy to access as Netflix.

It was originally pulled back in 2014 and resurrected several times in the interim before making another recent comeback to capitalize on COVID-19 lockdowns and stay-at-home orders.

Part of these efforts appear to be a new child-friendly mode, which ensures kids aren’t able to access adult content or be served adult-themed advertising and pop-ups.

However, experts have warned that such sites represent a serious cybersecurity risk at home as they can carry malware disguised as pirated content. The risks are even greater now that employees are accessing corporate assets from the same home networks that may be being used to download such content.

Mark Mulready, vice-president of cyber services at Irdeto, argued that the European Commission should introduce streamlined processes for blocking and removing pirated content.

“Pirate websites and apps are often unsafe and carry dangerous malware and other unwanted traps that can damage your device. Furthermore, hackers can also use pirate websites and apps as a gateway into your home network, where they will attempt to steal everything from personal data to financial details,” he said.

“The last thing any of us want to be worrying about is a computer virus when there’s a very real virus out there to contend with, so I’d encourage everyone to think carefully about the types of content they access online.”

Popcorn Time is also the name of a ransomware variant discovered back in 2016, that claimed to offer victims the opportunity to access a decryption key if they could infect two other computer users.

Categories: Cyber Risk News

Australian Police Rescue Children from Online Pornography Ring

Fri, 04/24/2020 - 18:07
Australian Police Rescue Children from Online Pornography Ring

Australian police have rescued four children from an international child sexual exploitation ring that allegedly sold videos and images of child rape and abuse online. 

The victims, aged between two months and eight years old, were taken into care by the Australian Federal Police (AFP) following a two-year international and multi-agency investigation that ended in the arrest of 16 people. 

Following a tipoff from US detectives in 2018, Australian authorities launched a probe into an online marketplace whose users allegedly bought encrypted image and video files depicting the sexual abuse of children. 

Code-named Operation Walwa, the investigation was a collaborative effort involving the sharing of information between US Homeland Security, Interpol, Europol, US cyber and sex crime teams, and several Australian state and territory commands. 

As a result, investigators executed 18 search warrants across NSW, South Australia, Queensland, Victoria, and Western Australia.

Three of the rescued children were taken to safety from in an address in New South Wales, while the fourth was collected from an address in Victoria. According to ABC news, at least three of the children were related to those now charged with carrying out their abuse and profiting from it.

The 16 individuals arrested in connection with the child abuse ring have been charged with a total of 738 child exploitation offenses. 

"These crimes see people using significant established networks to share child abuse material and take advantage of vulnerable children," Victoria police detective Karen Bennett said.

"They have devastating impacts for victims and the wider community."

Adam Parks from US Homeland Security said that criminals who believe that they are immune from arrest during the global health crisis are incorrect. 

"Let this be a warning that law enforcement is undeterred by COVID-19 and remains on-duty to keep our children safe in Australia, the US, and online," said Parks. 

The head of strategic policing at the Australian Strategic Policy Institute (ASPI), Dr. John Coyne, said criminals who access child pornography from home believing themselves to be safe from capture will be caught.

"Unfortunately, people are able to create global networks using off-the-shelf encryption and they can interact from their living rooms," said Coyne. "If you think you can sit at home and watch and not get caught, police will dismantle these groups and pursue users."

Categories: Cyber Risk News

Anti-bullying Group Asks Families to Discuss Cyber-bullying

Fri, 04/24/2020 - 16:30
Anti-bullying Group Asks Families to Discuss Cyber-bullying

An anti-bullying campaign that started in Wisconsin is asking parents around the world to have a chat with their children about cyber-bullying.

Be A Rooney was founded by a woman who became a victim of long-term bullying at school after reporting bullying that she had witnessed to a teacher. Her life was miserable until "one kid in the popular crowd" named Scott Rooney had the courage to act apart from the bullies and offer his support.

The founder said: "He was one kid in the popular crowd that decided he wasn't going to participate in making my life hell. He was nice to me. He walked with me to and from school every day. He talked to me, offered support and was just there to let me know not all people are bad. I'll never forget that kid."

The campaign was established in 2015 to raise awareness of bullying and urge children to "be Rooney" by reaching out and befriending victims of bullying.

"It's very important to know that one person can make that difference for a person being bullied," said the founder.

"Be the anchor that stops the person being bullied with their self-harming thoughts, feeling of hopelessness, and no self-worth. Be the person that encourages them, supports them and shows that not all people are bad! They are worth something and people love them! Be Like Scott Rooney!"

Speaking to Channel 3000 on April 23, Be A Rooney vice president Heather Williams said that cyber-bullying can be difficult to escape and have a damaging effect on young students.

“Cyber bullying is not just in one location, it’s everywhere,” said Williams. “It can create trauma, it can create grief, it can create anti-social behaviors.” 

Williams advised parents to discuss cyber-bullying with their children so that they can recognize it and act to combat it.

“Explain to them what cyber bullying looks like. Ask them questions.”

Julie Musgrove, associate principal at Northside Intermediate School in Milton, Wisconsin, said that while families are together in lockdown and many children are accessing education online, now was a good time for parents to broach the subject of cyber-bullying. 

"If they need resources, help, or support, this is the time to reach out,” said Musgrove.

Categories: Cyber Risk News

UK Citizens Urged to Limit Screen Time During Lockdown

Fri, 04/24/2020 - 15:51
UK Citizens Urged to Limit Screen Time During Lockdown

The UK government has published a set of guidelines designed to help people stay cyber-safe during the lockdown imposed to slow the spread of COVID-19.

The United Kingdom has been in a state of lockdown since March 23, when Prime Minister Boris Johnson asked Brits to work from home if possible and only venture outside to buy food, take one hour of exercise per day, or for essential health reasons. 

Advice published April 23 by the Department for Digital, Culture, Media & Sport urges Brits to check the security and privacy settings on any services, apps, or devices they are using so they can stay cyber-safe while staying in touch with friends and family virtually. 

Brits are advised to block unsuitable content and report harmful activity to the operators of the site on which it is occurring. The guidelines suggest seeking support from the Samaritans, Mind, or BEAT on how to do this.

Her Majesty's subjects are also urged to take regular breaks not only from screen time, but also from consuming the vast quantities of primarily doom-mongering real and fake COVID-19 media in circulation that can cause anxiety. 

"It is easy to feel overwhelmed with information at this time. 24-hour news and constant social media updates can make you more worried," state the guidelines.

"It’s important to take a step back and think about how this is affecting you. If it is, try to limit the time you spend watching, reading, or listening to coverage of the outbreak. Check in at set times or a few times a day."

In the guidelines, the UK government issued a reminder to not believe everything you see, hear, or read online and asked citizens to check whether content is true and authentic before sharing it with anyone. 

Tips on how to sift the real reports from those that are utter horse-feathers include fact-checking, reading beyond the headline, source-checking, looking for bad grammar and spelling, and considering whether an image or video has been retouched or faked. 

Citizens are also warned to be on the lookout for phishing emails and text messages from fraudsters attempting to exploit public interest in COVID-19 for financial gain.

Categories: Cyber Risk News

Information and Data Sharing Crucial in #COVID19 Efforts

Fri, 04/24/2020 - 12:35
Information and Data Sharing Crucial in #COVID19 Efforts

The COVID-19 pandemic will accelerate sharing as governments and the private sector work to find solutions, not only in healthcare but in other sectors of the economy impacted by the current crisis.

According to Forrester, “in times of crisis, the need for information is critical” and the COVID-19 pandemic provides a clear illustration of this as healthcare officials and policy makers need data to inform their responses; researchers need data to drive the search for solutions; and leaders across sectors need data to understand the impact of the crisis on their businesses.

An advisory written by Forrester analysts Jennifer Belissent and Enza Iannopollo stated that in the current situation “data sharing is a recovery imperative” and as companies recover from closure, they will need to apply insights to improve their chances of success.

They said: “The recovery could prove a pivotal time to implement new technologies and redefine business processes. Data literacy is a key element to ensuring that employees are future fit.”

In a second advisory, Iannopollo said that COVID-19 “has reminded us of the power of collecting and sharing data” and as a result, an increasing number of individuals will be willing to share their personal data in real time in the hope of protecting themselves and others.

“Don’t assume that they will pay less attention to a brand’s values or that they will accept limits on their privacy rights,” Iannopollo said. “Even in the middle of the crisis, employees and employers have forced European regulators to provide guidance on collecting, sharing, and processing personal sensitive data.

“European consumers will remain vigilant of their privacy, especially their health data. And with an unemployment crisis looming, trust and values will drive European consumers’ potentially limited choices.”

Speaking to Infosecurity, Iannopollo said that before GDPR came into force, companies only cared about what data they collected and it didn’t matter what the purpose was with it, as data sharing “is a great driver in the economy, but there are enormous risks with it” as for a long time we’ve been trained to think of data as an asset, and “the more you have the better.” Then GDPR “came along and businesses had to clarify to people” what they were doing with it.

According to an announcement released today, NHS Digital and NHSX have introduced GP Connect to all practices, which will enable the secure sharing of patient records across primary care, meaning that health and care professionals have the information necessary to give patients the care they need quickly and effectively, regardless of whether they are registered at that practice or have accessed that service before.   

Additional Information will be automatically added to the Summary Care Record of any patient who has not expressed a preference that information isn’t shared and will include significant medical history (past and present), reasons for medications, care plan information and immunizations.

Richard Alcock, interim director of Primary Care Technology at NHS Digital said: “This step is crucial to support clinicians so that they can give timely, accurate clinical advice to their patients at a time when they are already under unprecedented stress and having to work in completely new ways to deliver care.”

Iannopollo said she had seen this working in the Netherlands, where if you cannot see your GP another doctor can see you if you’re willing to share your medical details. She praised efforts to do better information and data sharing, but said the worry is that what is used in an emergency “will outlive the emergency and generate a backlash.”

Categories: Cyber Risk News

Google Tackles Fake Ads as #COVID19 Counterfeits Surge

Fri, 04/24/2020 - 11:00
Google Tackles Fake Ads as #COVID19 Counterfeits Surge

Google has taken steps to crackdown on fake or misleading advertising as fraudulent ads and counterfeits surge during the COVID-19 pandemic.

The tech giant revealed in a post on Thursday that it would be extending its identity verification policy from political ads to all advertising on its platforms, in a bid to improve transparency.

“As part of this initiative, advertisers will be required to complete a verification program in order to buy ads on our network,” explained director of product management, John Canfield.

“Advertisers will need to submit personal identification, business incorporation documents or other information that proves who they are and the country in which they operate.”

By hovering over an ad listing, users will soon be able to see the name, location and other information about the advertiser.

“This change will make it easier for people to understand who the advertiser is behind the ads they see from Google and help them make more informed decisions when using our advertising controls,” claimed Canfield. “It will also help support the health of the digital advertising ecosystem by detecting bad actors and limiting their attempts to misrepresent themselves.”

Although the program will start in the US this summer, it could take years to complete, which may be too late to stop the surge in scams peddling counterfeit and fake COVID-19 products.

Earlier this month, industry bodies the Anti-Counterfeiting Group (ACG) and Transnational Alliance to Combat Illicit Trade (TRACIT) urged stay-at-home consumers to exercise caution as they are bombarded with ads for counterfeit and ineffective products.

These include surgical face masks, hand sanitizers, testing kits, thermometers, cleaning solutions, toilet paper, anti-bacterial wipes, indoor sports equipment, refrigeration appliances , food products and more.

“The expectations are that the availability of these products on the internet will increase dramatically, especially with the closure of retail stores and the imposition of social distancing,” argued ACG director general, Phil Lewis.

“People must be especially careful when ordering online from websites, e-commerce platforms and social media where outright fraud and advertising of fakes is already a major problem.”

At the end of March, INTERPOL announced a $14m seizure of counterfeit medical and pharmaceutical supplies. Over 100 arrests were made and 37 organized crime groups supposedly dismantled.

Categories: Cyber Risk News

Twitter Moves to Ban 5G #COVID19 Conspiracy Theories

Fri, 04/24/2020 - 09:38
Twitter Moves to Ban 5G #COVID19 Conspiracy Theories

Twitter has updated its policy on unverified claims in a bid to tackle misinformation surrounding the COVID-19 pandemic that has already led to attacks on 5G infrastructure in the UK.

The social network said its updated guidance means that claims which have “the potential to incite people to action, could lead to the destruction or damage of critical infrastructure, or cause widespread panic/social unrest,” are now considered policy violations.

“Examples include, ‘The National Guard just announced that no more shipments of food will be arriving for two months — run to the grocery store ASAP and buy everything’ or ‘5G causes coronavirus — go destroy the cell towers in your neighborhood!’,” it explained in an update this week.

At least 20 5G phone masts have been vandalized across the UK in recent weeks and scores of incidents have been reported where engineers have been confronted by angry members of the public who believe there's a link between the tech and the pandemic, according to reports. Celebrities have reposted the fake news to millions of followers online, further disseminating the falsehoods.

Twitter and Facebook have come in for criticism over recent weeks for failing to act quickly enough in taking unverified rumors about the pandemic down.

Most notably, US President Donald Trump has repeatedly made false claims about the virus, including that it could be treated with an anti-malarial drug, which led to shortages for people who actually needed the medication.

There have also been question marks surrounding Twitter’s use of machine learning algorithms to police content. It admitted in a post last month that mistakes would be made as they are less accurate than human moderators.

Accounts would therefore only be suspended after human review, it said, which could create delays.

Earlier this week an expert claimed that far-right agitators were waging a months-long online campaign of harassment and fake news against high-profile health organizations.

Categories: Cyber Risk News

WHO: #COVID19 Drove Fivefold Increase in Cyber-Attacks

Fri, 04/24/2020 - 08:58
WHO: #COVID19 Drove Fivefold Increase in Cyber-Attacks

The World Health Organization (WHO) has confirmed reports earlier this week that thousands of staff emails and passwords were leaked online, adding that it has seen a “dramatic increase” in cyber-attacks since the start of the COVID-19 crisis.

Rita Katz, director of SITE Intelligence Group, said earlier this week that suspected Neo-Nazi groups had posted the details online, on platforms including 4chan, Pastebin and Twitter.

This was part of an alleged months-long harassment campaign of staff at the organization and others fighting the pandemic, including the Centers for Disease Control and Prevention, the World Bank, the Gates Foundation and the National Institutes of Health.

In a brief update yesterday, the WHO confirmed that 450 active WHO email addresses and passwords were leaked online, plus thousands belonging to “others” working on COVID-19 response.

Despite describing the log-ins as “active,” it claimed that the credentials didn’t pose a security risk as they were old. However, an “older extranet system” used by current and retired staff and partners was affected, it admitted.

Steps are being taken to improve authentication security on the site, presumably by mandating two-factor authentication or similar.

More generally, the WHO claimed it had seen a dramatic surge not only in attacks aimed at its staff but in phishing emails spoofing its name to trick the general public.

It pointed in particular to scams aimed at soliciting donations to fictitious funds, although there are many others, designed to covertly install malware and harvest credentials.

The number of attacks in general has increased five-times over the number seen during the same period last year, WHO claimed.

“Ensuring the security of health information for member states and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic,” said WHO CIO, Bernardo Mariano.

“We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”

Categories: Cyber Risk News

Cyber-Attacks on Hospitals Amid #COVID19 Akin to Acts of “Terror,” Claims Eugene Kaspersky

Fri, 04/24/2020 - 08:08
Cyber-Attacks on Hospitals Amid #COVID19 Akin to Acts of “Terror,” Claims Eugene Kaspersky

Speaking on an online press conference this week Eugene Kaspersky, founder and CEO of IT security giant Kaspersky Lab, likened cyber-attacks on hospitals during the COVID-19 pandemic to acts of terror.

“Cyber-criminals are very likely to stay active,” he said. “They are used to working from home and their circumstances have not changed drastically. They will keep trying to attack businesses and individuals and it is our job to keep working hard and defend our customers.

“Any attack made on a hospital at this time can be seen as equivalent to a terrorist attack.”

Kaspersky was joined on the press conference by Costin Raiu, Kaspersky’s director of global research and analysis team, who also spoke strongly to condemn cyber-criminals targeting hospitals, and Yury Namestnikov, the company’s head of global research and analysis team for Russia, who reflected on some of the key COVID-19-related threats Kaspersky has detected.

Raiu argued that any malicious individuals or groups that carry out attacks on healthcare organizations should be heavily reprimanded.

“The message must be clear to cyber-criminals that anybody targeting medical institutions will be hunted down by LEAs and cybersecurity companies like ourselves to make sure they are brought to justice,” he added.

Raiu pointed out that not only are hospitals under severe pressure to ensure healthcare processes are functioning and effective, the current cyber-threat circumstances they are facing make this an even greater challenge.

“People in hospitals are understandably having to concentrate on looking after their patients and saving lives. They are not necessarily worried about updating their systems. They may also be managing and prioritizing resources differently and if they need to choose between investing in cybersecurity solutions or buying medical equipment, there is only one clear choice.”

Namestnikov said that, in the last few months, there has been a significant rise in both opportunistic and targeted attacks, with spear- phishing campaigns in particular causing challenges as they target users with fake coronavirus-related advice.

“We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware,” he added. “We saw a 43% growth in this sort of attack between January and March 2020.”

Categories: Cyber Risk News

Hackers Donate $5K in Bug Bounties to the WHO

Thu, 04/23/2020 - 17:35
Hackers Donate $5K in Bug Bounties to the WHO

Hackers taking part in HackerOne's first ever virtual live hacking event donated $5K in bug bounties to the World Health Organization's COVID-19 Solidarity Fund.

The generous gesture was part of HackerOne's Hack for Good initiative, which invites hackers to hand over what they earn from companies by discovering bugs in their products and systems to charitable causes.  

HackerOne's 13-day virtual hacking event attracted 50 hackers from 13 countries. The event had been scheduled to take place in Singapore earlier this month but was pushed back and moved online due to the widespread outbreak of COVID-19. 

Currently, Singapore has over 11,000 confirmed cases of the novel coronavirus. At time of writing, 12 Singaporeans had died after contracting the novel coronavirus, while 924 had recovered.

A spokesperson for HackerOne said: "To keep the spirit of an in-person event alive, in addition to hacking, the virtual event included several panels, virtual couch-side Q&As, and healthy competition in the form of virtual Pictionary and a push up challenge—giving hackers the opportunity to collaborate more closely with the target than ever before."

During the course of the event, more than 250 security vulnerabilities were submitted in Verizon Media assets and over $673,000 in bug bounties was awarded to hackers who succeeded in sniffing out vulnerabilities.

Topping the earnings charts was hacker mayonaise, who broke the record for the most bounties earned during a live hacking event. In addition, the closing days of the event marked the biggest week of bounty pay-outs ever with over $2.4m paid to hackers in bounties in just six days. 

Asked how they felt about attending a virtual event versus an in-person affair, hacker Sébastien Morin said: “This first Virtual Live Hacking Event was very fun and a complete success! It felt like a Live Hacking Event marathon which lasts 2 weeks. It was amazing to be together even in this tough time.”

The absence of celebratory/commiseratory get-togethers in the bar was felt by hacker none_of_the_above

They said: “I missed the drinks, the endless supply of cold Red Bull, the SWAG, the CTF-esque atmosphere. But all those things were replaced with all sorts of activities throughout the event which made us feel closer."

Categories: Cyber Risk News

Small Businesses Admit Secure Data Storage Issues

Thu, 04/23/2020 - 16:35
Small Businesses Admit Secure Data Storage Issues

One in five small businesses admit that they could do better when it comes to securing customer data. 

New research published today by The Manifest has found that in a survey of 383 small-business owners and managers, 20% thought that the security of customer data storage at their company could be improved. 

On the positive side, more than half of the respondents (57%) said that their small business had not faced a cybersecurity challenge in 2019. However, 15% either suffered a hack, saw their system infected with a virus, or experienced a data leak. 

Researchers found that the data most commonly collected by companies is contact information (61%), customer name (52%), customer location (39%), physical address of customer (36%), and payment details (31%).

For almost a quarter of respondents, lack of funding for cybersecurity was an issue. Researchers observed that 23% of survey respondents admitted that more resources needed to be injected into their company's cybersecurity. 

The majority of respondents won't need persuading in the face of pressure to increase funding in their business for cybersecurity. Researchers found that 64% of respondents considered it likely that they would devote more resources to cybersecurity in 2020. 

By asking questions regarding current cybersecurity practices, researchers discovered that the most popular small-business cybersecurity measures include limiting employee access to user data (46%) and data encryption (44%). 

Requiring strong user passwords and training employees on data safety and cybersecurity best practices were two further methods used by 34% of respondents. Fewer than a third of businesses (29%) used two-factor authentication to enhance password security. 

The Manifest specifically surveyed small-business owners and managers who use a mobile app and/or website to connect with customers. 

"Cybersecurity has become only more important in 2020 due to dramatic increases in remote work and online business," wrote researchers. "We wanted to understand small businesses’ experience with and plans for data safety—the process of protecting information from unauthorized access."

Commenting on their findings, researchers wrote: "Our research shows that small businesses use a range of data security measures to protect their data, including limiting employee access and encryption, and are considering investing in more cybersecurity resources in the future."

Categories: Cyber Risk News

Coalfire Acquisition Signed Off

Thu, 04/23/2020 - 15:38
Coalfire Acquisition Signed Off

The acquisition of cybersecurity firm Coalfire by funds advised by Apax Partners was officially finalized.

Coalfire, a provider of cybersecurity advisory and assessment services, today announced that its acquisition was now complete following full regulatory approval. The financial terms of the deal have not been publicly disclosed. 

Coalfire made the news earlier this month when Anne Bayerkohler, the company's director of quality and compliance, was honored by Consulting Magazine's Women Leaders in Technology Awards in the Excellence in Leadership category.

Commenting on the acquisition, Coalfire CEO Tom McAndrew paid tribute to the company's former owners. 

"We appreciate the stewardship of our previous owners, The Carlyle Group and Chertoff Capital, that has set the course for this opportunity with our management," said McAndrew.

Describing what's next for the freshly acquired company, McAndrew said remote operations would be a new focus. 

He said: "We're very pleased with Apax Partners' acquisition of Coalfire and look forward to driving our growth through new technology investments, strategic acquisitions, and service expansion focused on optimizing the pervasive shift towards multi-cloud environments and remote operations."

Elsewhere in the company, it will be business as usual. Current Coalfire Federal president Bill Malone will remain at the helm, and Coalfire will continue to provide services to help Department of Defense suppliers prepare for and meet new CMMC (Cybersecurity Maturity Model Certification) regulations. 

Apax Partners expressed the belief that, supported by the Apax Funds' investment, Coalfire is perfectly poised for growth. 

"Coalfire is an established and highly-respected cybersecurity advisory and assessment services firm that is well-positioned for further growth due to cybersecurity trends and the vision of its strong management team," said Rohan Haldea, partner at Apax Partners.

"The Apax Funds' investment will assist the company in particular by increasing Coalfire's investment in technology; continuing to invest in thought leadership, especially with respect to securing cloud environments; and deepening capabilities across assurance standards while scaling its penetration testing and cyber risk services business."

During its more than 40-year history, Apax Partners has raised and advised funds with aggregate commitments of around $50bn. The Apax Funds invest in companies across four global sectors of Tech & Telco, Services, Healthcare, and Consumer.

Categories: Cyber Risk News

Survey Reveals Lax Attitudes to Password Security

Thu, 04/23/2020 - 15:25
Survey Reveals Lax Attitudes to Password Security

Around 38% of people never update their passwords, according to a survey by Specops Software which has revealed some concerning trends regarding password safety.

Another finding was that a third of the population use the same password for streaming services such as Netflix as they do for more sensitive accounts like online banking. Additionally, just 3.45% of respondents changed their password twice a year and 29.03% said they don’t use more than one password across all their accounts. Overall, 32.26% thought that it is not that serious to have just one password. This is despite the advice of security experts that passwords should be changed regularly and vary across different accounts.

Specops undertook the survey of 1353 people following the hacking of the social app Houseparty, in which users’ details were stolen. This led to a spate of other hacks as many of the victims used the same password across multiple accounts. Only 13.79% changed their passwords in an attempt to prevent hackers accessing other accounts once news broke of the attack, while 62.07% were not worried at all about it affecting other accounts.

Sharing the passwords of streaming services with friends and family was also shown to be commonplace, with 51.51% saying they did this. Amongst Netflix users in the survey, password sharing was practiced by 66.67%. Worryingly, 21.43% said they did not know whether the people who they share passwords with shared them with other people.

Specops Software set out the following tips for people to reduce the risk of being hacked:

  • Regularly change your passwords (at least once a year)
  • Don’t use the same passwords for social media, streaming and other non-sensitive accounts as you do for sensitive accounts like online banking
  • Use more than one password, reducing the risk of hackers accessing multiple accounts with ease
  • Create strong passwords, using numbers, letters, varying capitalized and non-capitalized letters and avoiding anything personal that could easily be guessed
Categories: Cyber Risk News

Most Remote Workers Have Received No Security Training for a Year

Thu, 04/23/2020 - 11:00
Most Remote Workers Have Received No Security Training for a Year

Two-thirds of remote workers in the UK haven’t received cybersecurity training over the past year, raising fears that they may be more susceptible to attacks as hackers adapt their tactics during the current crisis.

Norwegian app security firm Promon polled 2000 remote workers to better assess where organizations may be exposed during the pandemic. 

It found that, as well as the majority not having received training over the previous year, 77% said they aren’t worried about security while working from home. Over-confidence can often lead to users making mistakes which land them in trouble.

What’s more, over three-fifths (61%) said they were using personal rather than corporate-issued devices to work remotely, increasing the chances that they aren’t properly protected, configured or aligned with corporate security policies.

“Lack of cybersecurity awareness training combined with distributed business software and applications that run within untrusted environments are some of the biggest issues organizations of all sizes are facing," Promon co-founder, Tom Lysemose Hansen, told Infosecurity.

"This is particularly prevalent in SMBs, often due to insufficient funding. Organizations must ensure that they run business-critical apps in trusted and protected environments. There are many inexpensive cybersecurity awareness platforms on the market, which are specifically designed to help SMBs remain safe from attacks and, very crucially, protect endpoint devices.”

Reports have been flooding in from multiple vendors of a sharp increase in COVID-19-themed phishing emails. Google claimed it blocks 18 million malicious and phishing emails every day for its users.

Such threats can be used to deliver ransomware, BEC, credential-harvesting phishing, VPN malware and more.

Cyber-criminals are looking to capitalize on the widespread appetite for more information about the pandemic, as well as urgent communications between bosses, partners and employees, to trick users into clicking through.

With the entire family forced to stay indoors, home workers may also be more distracted than they would normally be.

Categories: Cyber Risk News

Alleged Neo-Nazis Post WHO and US Gov Log-ins Online

Thu, 04/23/2020 - 09:31
Alleged Neo-Nazis Post WHO and US Gov Log-ins Online

Twitter has been forced to take down thousands of breached email addresses and passwords from US and global health organizations first disseminated by alleged Neo-Nazi groups.

Rita Katz, director of SITE Intelligence Group, said the log-in combos were linked to the US National Institutes of Health (9938), Centers for Disease Control and Prevention (6857), the World Bank (5120), the Gates Foundation (269), Wuhan Institute of Virology (21) and the World Health Organization (2732).

She tweeted that “the far-right seized on the data with a harassment campaign as part of a months-long initiative to weaponize the pandemic.”

Right-wing groups have been blamed for spreading fake news and questioning scientific evidence about the COVID-19 pandemic.

“The far-right is growing an enormous capacity to disseminate such content—from conspiracy theories to ‘hacked’ data like yesterday’s,” said Katz.

However, it’s not clear whether these groups were behind the original hacking of the leaked accounts.

Katz explained that they appear to have been first posted to 4chan, although they subsequently went up on Pastebin and Twitter.

The BBC, which revealed the news of Twitter’s takedown efforts, claimed that at least some of the data was sourced from old attacks.

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, explained that stolen credential lists like this are widely available on dark web marketplaces and hacking forums.

“Most of these types of password collections contain a considerable number of redundant, outdated or even deliberately fake data. Given that most business-critical systems now use 2FA and other security mechanisms to prevent password-reuse attacks, I don’t see any material risks stemming from the reported ‘leak’,” he added.

“The impacted organizations should, however, rapidly conduct an internal investigation to ascertain they didn’t fall victims to a sophisticated data breach amid the pandemic.”

Categories: Cyber Risk News