Info Security

Subscribe to Info Security  feed
Updated: 1 hour 44 min ago

Major Uptick in IoT-Related Breaches and Attacks

Tue, 05/07/2019 - 17:06
Major Uptick in IoT-Related Breaches and Attacks

Researchers have identified a significant uptick in breaches and attacks related to the internet of things (IoT), according to a new Ponemon Institute report, The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know.

Released today by the Santa Fe Group, the study yielded 35 key findings on IoT risks stemming from a lack of security in IoT devices. Ponemon Institute identified a sizable increase in the number of organizations reporting an IoT-related data breach. In 2017, only 15% of survey participants had suffered an IoT-related data breach. That number jumped to 26% in this year’s report, which surveyed 625 risk management and governance experts.

“The actual number may be greater as most organizations are not aware of every unsecure IoT device or application in their environment or from third party vendors,” the report said. In fact, the study found that more IoT security issues are being reported at the third-party level.

Over the last year, 23% of respondents said they experienced a cyber-attack and 18% said they had a data breach caused by unsecured IoT devices among third-party vendors. Even those who have yet to identify a breach feel certain that the future of IoT will be weighed down by risk.

When asked whether it is likely that their organizations will experience a cyber-attack such as a denial-of-service (DoS) attack caused by unsecured IoT devices or applications in the next 24 months, 87% of respondents said yes, according to the report.

Respondents tended to have similar perceptions about risks from the wider IoT partner ecosystems, with 81% expecting a DoS attack and 82% anticipating a data breach caused by a lack of security in the devices or applications of their third parties.

Despite these perceptions, the study found that only 9% of respondents said their companies have education policies to inform employees about IoT third-party risks and nearly a third (32%) do not have a designated person in their department or organizations who is responsible for managing IoT risks.

Categories: Cyber Risk News

Russia Uses Social Media to Sway Public Opinion

Tue, 05/07/2019 - 17:00
Russia Uses Social Media to Sway Public Opinion

Russia is continuing its efforts to meddle in elections around the globe and is currently working on spreading misinformation via social media ahead of the EU parliamentary elections at the end of May, according to new data from SafeGuard Cyber.

Malicious actors – defined in the report as individuals, bots, trolls and hybrids – are exacerbating what are already contentious issues to try and influence the public’s perception of events, according to the report.

SafeGuard Cyber’s report evidences the volume of misinformation that is directed at EU member states in an effort to foment social unrest around hot-button issues, such as an article that looks at the future of France, written by French president Emanuel Macron.

The day after Macron published the piece, bad actor activity increased 79%, primarily to promote or share content attempting to discredit Macron's ideas and shape public perception, according to today’s press release.

“Influence operations can appear difficult to discern because the content moving through conversations takes many forms and appears scattershot as any topic on social media. However, chasing any and every topic would actually dilute misinformation efforts, because campaign managers are aiming to achieve a certain 'critical mass' of messaging in order to exert any influence on the average citizen,” the report said.  

"The scale of the problem is tremendous. The rise of disinformation campaigns is abetted by the fact that it is incredibly difficult to stop their spread on social platforms," said Otavio Freire, co-founder, CTO and president of SafeGuard Cyber.

"Bad actors realize that hacking election infrastructure and hacking the perception of reality and facts are ultimately tactics to accomplish similar outcomes. The former you need to get past firewalls while the latter continues to be unprotected. Our report reinforces the need for a new approach to security, as today's bad actors are not at all hindered by the cybersecurity tactics of yesterday."

In related news, Microsoft CEO Satya Nadella announced on May 6 that it released ElectionGuard, a free, open-source software development kit (SDK) from its Defending Democracy Program, according to a blog post. “ElectionGuard will make voting secure, more accessible and more efficient anywhere it’s used in the United States or in democratic nations around the world.”

Categories: Cyber Risk News

Proofpoint Acquires Meta Networks for Nearly $120m

Tue, 05/07/2019 - 16:56
Proofpoint Acquires Meta Networks for Nearly $120m

In a move expected to augment its cloud-based architecture and people-centric security platform, Proofpoint announced that it has entered into a definitive agreement to acquire zero trust network access innovator, Meta Networks.

Subject to customary closing conditions, the deal is expected to close at the end of Q2 2019. The acquisition will allow Proofpoint to improve its existing capabilities by integrating Meta Networks’ technology into its cloud access security broker (CASB) and web isolation products.

“Protecting people and resources beyond the traditional perimeter is perhaps the most critical security requirement in the cloud era,” said Etay Bogner, founder and CEO of Meta Networks.

“Together with Proofpoint, we will continue to realize a security vision that adapts to the way both threats and infrastructure are moving: to the cloud. Proofpoint is at the forefront of this transformation and we are very excited to become a part of an incredible team.”

At approximately $111 million in cash and an additional $9 million in Proofpoint stock options, the purchase will enable customers to protect the applications and data their people access beyond the traditional perimeter, according to the press release.

“As cyber attacks primarily target people, and organizations continue to move their infrastructure to the cloud, the compromise of a single user all too often leads to a full enterprise breach. Limiting employee and contractor access to only authorized resources, rather than the entire corporate network, is a critical control in a people-centric security model,” said Proofpoint CEO Gary Steele in the release.

“By combining Meta Networks’ innovative zero trust network access technology with our people-centric security capabilities, Proofpoint will make it far simpler for enterprises to precisely control employee and contractor access to on-premises, cloud and consumer applications. We are thrilled to welcome Meta Networks employees to the Proofpoint team.”

Categories: Cyber Risk News

New Magecart Group Targets 201 Campus E-Stores

Tue, 05/07/2019 - 10:45
New Magecart Group Targets 201 Campus E-Stores

A cybercrime group has been spotted using infamous digital skimming code techniques to infect 201 online campus stores in the US and Canada in a supply chain attack.

The gang targeted PrismWeb, an e-commerce platform owned by PrismRBS which is used by the sites, according to Trend Micro.

Dubbed “Mirrorthief” by the security vendor, it injected a malicious script into the payment checkout libraries used by PrismWeb.

They made it appear similar to a legitimate Google Analytics script, and registered their malicious domain to also mimic the Google one in order to evade detection.

“Unlike many web skimmers, which are designed to collect information from many kinds of e-commerce payment pages in general, the skimmer that the Mirrorthief group used was designed specifically for PrismWeb’s payment page,” Trend Micro explained in a blog post.

“The skimmer collects data only from HTML elements with the specific IDs on PrismWeb’s payment form. The stolen credit card information includes card number, expiry date, card type, card verification number (CVN), and the cardholder’s name. The skimmer also steals personal information like addresses and phone numbers for billing.”

The skimmer then copies the info into the JavaScript Object Notation (JSON) format, before encrypting it and sending it to a remote server.

Although Magecart Group 11 and another gang, ReactGet, also use Google Analytics impersonation techniques, there’s no overlap in terms of the infrastructure used by Mirrorthief, and its skimmer is very different to others in that it is customized to work on PrismWeb. It also used a different JavaScript library (Crypto-JS) to the others, according to Trend Micro.

“To defend against this type of threat, website owners should regularly check and strengthen their security with patches and server segregation. Site owners should also employ robust authentication mechanisms, especially for those that store and manage sensitive data,” Trend Micro advised.

“IT and security teams should restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity that could lead to data exfiltration, execution of unknown scripts, or unauthorized access and modification.”

Categories: Cyber Risk News

Ukrainian Faces US Charges for Five-Year Malvertising Campaign

Tue, 05/07/2019 - 09:36
Ukrainian Faces US Charges for Five-Year Malvertising Campaign

A Ukrainian man has been extradited to the US on charges of participating in a multi-year malvertising operation that targeted millions of users.

Oleksii Petrovich Ivanov, 31, was arrested in the Netherlands in October 2018 and on his arrival in the US last week was charged with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud.

Between October 2013 and May 2018 he’s alleged to have conspired to force unwitting internet users to view malicious ads over 100 million times, according to the Department of Justice (DoJ).

Ivanov and his co-conspirators are said to have posed as legitimate advertising companies: for example, in 2014 he is alleged to have posed as ‘Dmitrij Zaleskis,’ CEO of fictitious UK company ‘Veldex Limited’ which submitted malicious ads to a US internet advertising company for distribution.

Two of these campaigns were viewed over 17 million times in just a matter of days, and although the US company warned they were being flagged as malware threats, Ivanov is said to have persuaded them firm to keep running them for months.

Once the patience of these partner organizations finally wore out, Ivanov and his co-conspirators allegedly set up new companies and fake identities to start again, according to court documents.

He is also alleged to have created a botnet by infecting computers and then selling access to it.

“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” said New Jersey US attorney, Craig Carpenito. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”

Categories: Cyber Risk News

Matrix-Themed Ransomware Spikes in May

Tue, 05/07/2019 - 08:55
Matrix-Themed Ransomware Spikes in May

Security experts are warning organizations of a new, highly targeted ransomware strain known as MegaCortex, which appears to have been written by a fan of ‘90s cult film The Matrix.

Although the ransomware first appeared at the start of the year, there appears to have been a major recorded spike on May 1, according to UK security company Sophos.

Of the 76 attacks confirmed since February, 47 happened over the past few days, according to principal researcher, Andrew Brandt.

Enterprise networks in the US, Italy, Canada, France, the Netherlands, and Ireland have so far been targeted.

There seems to be a crossover between victims of Emotet and Qbot malware and those targeted in this campaign, although Sophos can’t be sure of the correlation.

Victim organizations report attacks coming from a compromised domain controller (DC), which the hackers may have accessed via stolen admin credentials.

“The attacker issues commands via the compromised DC, which the attacker is remotely accessing using the reverse shell,” explained Brandt.

“The DC uses WMI to push the malware — a copy of PsExec renamed rstwg.exe, the main malware executable, and a batch file — to the rest of the computers on the network that it can reach, and then runs the batch file remotely via PsExec.”

That batch file is a list of commands to terminate 44 processes and 189 services and disable 194 services — in so doing, preventing anything that would stop the ransomware running including security tools.

Finally, the batch file launches winnit.exe to drop and execute the DLL payload.

There’s no actual figure quoted in the ransom demand: instead the authors offer a ‘consultation’ on how to improve the victim organization’s cybersecurity.

To help mitigate the risk of infection, Sophos recommended putting any machines using RDP behind a VPN, and to employ two factor authentication (2FA) to replace all admin passwords.

The ransom note itself apparently contains numerous references to The Matrix and the name of the ransomware echoes that of the company where hero Neo works in the film: MetaCortex.

Categories: Cyber Risk News

Israel Responds to Cyber-Attack with Air Strike

Mon, 05/06/2019 - 17:16
Israel Responds to Cyber-Attack with Air Strike

The Israel Defense Forces (IDF) claim to have thwarted a cyber-attack from Hamas by targeting the building where Hamas cyber operatives work, according to IDF.

After the alleged cyber-attack, IDF responded with a physical attack in what Forbes contributor Kate O'Flaherty called “a world first." According to the commander of the IDF's cyber division, identified only by his rank and first Hebrew letter of his name, Brigadier General Dalet, this was also the first time that Israel cyber forces had to fend off an attack while they were also under fire, which required both Israeli technology soldiers and the Israeli Air Force, according to The Times of Israel.

“Israel would not have targeted the building and presumably those in it without a lot more due diligence and intelligence than ‘a cyber-attack was coming from the building,’” Ian Thornton-Trump, security head at AmTrust Europe, told Forbes.

Detailed information about the attempted attack is not being published at this time so as not to provide Hamas with any details about reveal Israel’s cyber capabilities. Brig. Gen. Dalet, would only say that the cyber-attack occurred in the past day and was aimed at “harming the way of life of Israeli citizens,” The Times of Israel reported.

Categories: Cyber Risk News

US Court Awards $854m to Dutch Chip Maker ASML

Mon, 05/06/2019 - 14:57
US Court Awards $854m to Dutch Chip Maker ASML

The Santa Clara County Superior Court ruled in favor of ASML, a Netherlands-based chipmaking company, against virtual reality headset manufacturer XTAL Inc. in an intellectual property case, awarding ASML $845 million in addition to an injunction, according to a May 4 ASML press release.

“The judgment finalizes the verdict returned by the jury on 28 November 2018. The jury found that XTAL’s conduct as to all counts was malicious, entitling ASML to an award of punitive damages on all five counts pleaded against XTAL," the release said.

“The primary driver behind the jury’s verdict and the $845 million final judgment were saved research and development costs by XTAL, due to XTAL’s theft of trade secrets, inducing former employees to breach their contracts with ASML, aiding and abetting former employees to breach their fiduciary duty of loyalty to ASML, and multiple violations of California’s Computer Data Access and Fraud Act.”

The judgment finalizes the initial verdict returned by a jury ruling in favor of ASML. The charges claimed, “XTAL induced ASML employees, who had been entrusted with ASML’s most sensitive trade secrets, to secretly work for XTAL, steal trade secrets, and help XTAL obtain a lucrative contract with one of ASML’s largest customers. XTAL then used the stolen information to jumpstart its competing computational lithography business, accelerating its development well beyond what would have been possible had it not stolen and used ASML’s trade secrets. The stolen trade secrets included ASML’s proprietary algorithms as well as source code files.”

The initial verdict was returned to the jury on November 28, 2018. XTAL reportedly filed for bankruptcy on December 17, 2018. As a result, the May 4 judgment is “uncollectable as XTAL is in bankruptcy, but under a settlement arrangement ASML will end up owning most, if not all, of XTAL’s intellectual property (IP) through the bankruptcy process.”

In addition to the monetary reward, the court also issued an injunction that prohibits XTAL from any software development activities on products alleged to be using ASML’s IP.

Categories: Cyber Risk News

Huawei Says Collaboration Key to 5G Security

Mon, 05/06/2019 - 13:55
Huawei Says Collaboration Key to 5G Security

Chinese analysts said that efforts to politicize the security of 5G networks are prejudiced and unfairly targeting a particular country or company, according to Global Times.

Last week’s Prague 5G Security Conference led by Czech Prime Minister Andrej Babiš culminated in the nonbinding “Prague Proposal,” which set forth recommendations from more than 30 members of the EU and NATO on how to move safely forward with the security of 5G networks. Absent from the conference were any Chinese delegates or representatives from Huawei.

The Chairman Statement recognized that continued global stability demands 5G network security and believes the architecture and functions of these networks must have an appropriate level of security to ensure national and economic security as well as other national interests.

“Cyber security cannot be regarded as a purely technical issue. A safe, secure and resilient infrastructure requires adequate national strategies, sound policies, a comprehensive legal framework and dedicated personnel, who is trained and educated appropriately. Strong cyber security supports the protection of civil liberties and privacy,” the statement said.

Chinese analysts have openly supported cybersecurity standards of 5G networks and reportedly oppose efforts to politicize the issue. The director-general of the Beijing-based Information Consumption Alliance, Xiang Ligang, told the Global Times, "I think their intention is pretty clear: They want to make rules based on their own values and ideologies to target companies from countries with different political systems. I think it's pretty clear that they want to target China and Huawei."

The US has banned Huawei’s products, a move that its allies have resisted supporting. However, many countries, including the US, plan to use the Prague Proposal as a guide to move forward with implementing 5G networks. 

In a statement shared with Infosecurity, a spokesperson wrote, "Huawei shares government commitments to cyber security. We believe the collaborative approach shown at the conference will be critical to ensuring the security of global 5G networks. We are encouraged by the conference's emphasis on the importance of research and development, open markets, and competition.

"Nevertheless, we believe the cyber security issue is a technical one at its core, which needs to be addressed through technical means. We firmly believe that any future security principles should be based on verifiable facts and technical data rather than ideology or a vendor's country of origin."

According to a statement released by US press secretary Sarah Sanders, “The United States supports the resulting Prague Proposals on 5G security published by the Czech conference chairman as a set of recommendations for nations to consider as they design, construct and administer their 5G infrastructure. The United States Government plans to use the Prague Proposals as a guide to ensure our shared prosperity and security."

Categories: Cyber Risk News

Huawei Says Collaboration Key to 5G Security

Mon, 05/06/2019 - 13:55
Huawei Says Collaboration Key to 5G Security

Chinese analysts said that efforts to politicize the security of 5G networks are prejudiced and unfairly targeting a particular country or company, according to Global Times.

Last week’s Prague 5G Security Conference led by Czech Prime Minister Andrej Babiš culminated in the nonbinding “Prague Proposal,” which set forth recommendations from more than 30 members of the EU and NATO on how to move safely forward with the security of 5G networks. Absent from the conference were any Chinese delegates or representatives from Huawei.

The Chairman Statement recognized that continued global stability demands 5G network security and believes the architecture and functions of these networks must have an appropriate level of security to ensure national and economic security as well as other national interests.

“Cyber security cannot be regarded as a purely technical issue. A safe, secure and resilient infrastructure requires adequate national strategies, sound policies, a comprehensive legal framework and dedicated personnel, who is trained and educated appropriately. Strong cyber security supports the protection of civil liberties and privacy,” the statement said.

Chinese analysts have openly supported cybersecurity standards of 5G networks and reportedly oppose efforts to politicize the issue. The director-general of the Beijing-based Information Consumption Alliance, Xiang Ligang, told the Global Times, "I think their intention is pretty clear: They want to make rules based on their own values and ideologies to target companies from countries with different political systems. I think it's pretty clear that they want to target China and Huawei."

The US has banned Huawei’s products, a move that its allies have resisted supporting. However, many countries, including the US, plan to use the Prague Proposal as a guide to move forward with implementing 5G networks. Huawei reportedly shared a statement with South China Morning Post stating that the company shares in global government’s commitments to focus on cybersecurity: "We believe the collaborative approach shown at the conference will be critical to ensuring the security of global 5G networks. We are encouraged by the conference’s emphasis on the importance of research and development, open markets and competition.”

According to a statement released by US press secretary Sarah Sanders, “The United States supports the resulting Prague Proposals on 5G security published by the Czech conference chairman as a set of recommendations for nations to consider as they design, construct and administer their 5G infrastructure. The United States Government plans to use the Prague Proposals as a guide to ensure our shared prosperity and security."

Categories: Cyber Risk News

Pages