Info Security

Subscribe to Info Security  feed
Updated: 1 min 35 sec ago

Smart Move: IDEX Shares Progress in Asia

Mon, 08/19/2019 - 19:16
Smart Move: IDEX Shares Progress in Asia

Norwegian company IDEX Biometrics is forging strong bonds with smart-card and payment specialists in Asia. 

IDEX shared its second quarter and half-year 2019 results in a recently issued corporate update in which the company announced a landmark multiyear, multimillion-dollar order for its dual-interface sensors. The report went on to highlight IDEX's collaborations with Tongxin Microelectronics Co. Ltd. (TMC) and PAX Technology Ltd. 

Chinese company TMC will be working with IDEX to create a biometric smart-card solution for end-customer implementation. In a three-way tech tryst, point of sales terminal provider PAX will be working with IDEX and with one of China's largest smart-card producers, Chutian Dragon, to run real-life transactions of biometrics smart cards compliant with Europay, Mastercard and Visa (EMV) using IDEX's dual-interface sensor.  

Also highlighted in the report were IDEX's progress toward certification and the company's attainment of some major manufacturing milestones, which included partnerships with Sian and Silone Cardtech, and a savvy supply agreement with leading global provider of cybersecurity products and solutions Feitian.

Despite its progress, the Norwegian company has yet to bring in the big bucks. In a separate brief, IDEX reported Q2 revenues of NKr0.4 million (about $44,600), an increase from revenues of NKr0.3 million in Q2 of 2018; and for the full first half of the 2019 fiscal year, revenues crossed the line at NKr1.7 million, compared to the much healthier NKr2.1 million banked over the corresponding period in 2018.

However, with comprehensive patents granted to IDEX Biometrics by the United States Patent and Trademark Office and by IP Australia, the company's future could be a much more lucrative story.  

IDEX CEO Stan Swearingen said: “The evolution of the biometric smart-card market is undoubtedly gathering pace and IDEX made great progress in the quarter. Our pipeline of commercial opportunities continues to grow, and we expect sensor shipments to increase significantly. We have developed important relationships with new customers in the ecosystem, and our biometric technology is proven and ready for mass deployment. I am highly confident that our strategy and technology leadership will deliver considerable success for all our stakeholders.”

Categories: Cyber Risk News

Teenage Hacker-for-Hire Receives Prison Sentence

Mon, 08/19/2019 - 17:40
Teenage Hacker-for-Hire Receives Prison Sentence

A British teenager has been sentenced to 20 months in prison after selling his services as a freelance hacker.

Elliot Gunton of Mounteney Close, Norwich, England, pleaded guilty to hacking, money laundering and breaching a Sexual Harm Prevention Order imposed in 2016. The 19-year-old hacker-for-hire also pleaded guilty to hacking offences against an Australian Instagram account.

Gunton was sentenced at Norwich Crown Court on Friday, August 16, after pleading guilty at an earlier hearing. The teen was ordered to pay back more than £400,000 he made in cryptocurrency after supplying online personal data and hacking services. 

The court heard how police found cybercrime-enabling software on Gunton's laptop after a routine search of his home conducted in April 2018. The search had been carried out to ensure that the teen was complying with a Sexual Harm Prevention Order imposed by the court in 2016 for previous offences. 

Information found on the laptop revealed that Gunton had offered to pass on mobile phone numbers, which would allow third parties to intercept calls and texts to commit fraud. Police also found evidence of Gunton advertising compromised data for sale and offering his services as a hacker-for-hire. 

Officers were able to trace and seize £275,000 worth of cryptocurrency illegally earned by Gunton, who had failed to erase all trace of conversations he had held online in which he discussed criminal activities. 

Gutton received a 20-month custodial sentence but was immediately released form the court, as he had already served his sentence while on remand. He was ordered to pay back £407,359 and issued a 42-month Community Behaviour Order with strict terms dictating his access to the internet. 

The order bans Gunton from deleting his internet search history, from providing a false IP address, and from using cloud storage unless he notifies a police officer.

Detective Sergeant Mark Stratford said, "This was a complex investigation which relied on the expertise of officers and staff from the Norfolk and Suffolk Cybercrime Unit. This emerging type of criminality requires police investigators to be at the forefront of technological advancements in order to effectively combat the ever-growing paradigm of cybercrime."

Categories: Cyber Risk News

BlackBerry Named Magic Quadrant Leader Four Years Running

Mon, 08/19/2019 - 15:40
BlackBerry Named Magic Quadrant Leader Four Years Running

Research giant Gartner Inc. has named BlackBerry a Magic Quadrant Leader for the forth consecutive year.

The Canadian multinational is one of six vendors to be handed the title in 2019 Gartner Magic Quadrant for Unified Endpoint Management Tools report. Other companies to emerge as leaders from the report are Citrix, IBM, Microsoft, VMWare and MobileIron, which were also awarded the title in 2018. 

Magic Quadrants are used to determine the relative positions of competing players in the major technology markets through proprietary qualitative data analysis. The result is that companies are placed in one of four categories: Leaders, Visionaries, Niche Players or Challengers. Vendors that emerge as Leaders have the highest composite scores for their completeness of vision and ability to execute. 

In the 2019 Magic Quadrant for Unified Endpoint Management Tools, Gartner's main focus was on a unified endpoint management (UEM) solution's ability to coexist with or assist in the migration away from client management tools (CMTs) and processes. This is because of the ongoing migration of PCs from legacy CMTs to UEM that Gartner stated it witnesses in a majority of end-user organizations.

BlackBerry’s UEM solutions have been adopted by leaders in highly regulated industries, including government, healthcare, energy and financial services. The solutions work by using machine learning and predictive analysis to securely enable the internet of things (IoT) with complete endpoint management and policy control for an enterprise fleet of devices and apps. 

The company’s latest offering, BlackBerry Intelligent Security, is the first cloud-based solution to harness the power of adaptive security. The tech allows IT teams to alter the security requirements and functionality of enterprise devices and apps based on a user’s real-world behavior and a risk score calculated via a combination of artificial intelligence (AI) and spatial data. And all this is achieved without leaving an additional software footprint.

Categories: Cyber Risk News

Texas Ransomware Blitz: 23 Local Governments Affected

Mon, 08/19/2019 - 10:30
Texas Ransomware Blitz: 23 Local Governments Affected

The state of Texas has come under fire from a coordinated ransomware attack affecting over 20 local authorities.

The Texas Department of Information Resources (DIR) released an updated statement over the weekend detailing its response to the attacks, which occurred on Friday morning local time.

Some 23 local government agencies were hit by the attacks – which are said to have come from the same threat actor – although state IT systems and networks are not affected.

“Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” the statement noted. “It appears all entities that were actually or potentially impacted have been identified and notified.”

The Texas DIR urged computer users not to click through or open attachments on unsolicited emails, check email sender details, use unique and strong passwords on all accounts, alert supervisors about any suspicious activity, and take advantage of cybersecurity training.

Local government bodies are coming under increasing attack in the US, with cyber-criminals betting correctly that poor security practices and under-funding have left them particularly exposed to ransomware.

Over the past few months several cities in Florida have come under fire, with at least two, Lake City and Riviera Beach, choosing to pay a combined ransom of over $1m. In Texas, the city of Del Rio was hit in January, forcing public sector staff back to using pen and paper.

In Baltimore, which was also hit but refused to pay up, reports suggest the local authority may end up with a bill for as much as $18m.

Ransomware detections rocketed by 365% year-on-year in the second quarter of 2019, according to Malwarebytes. The vendor claimed in Q1 that virtually all of its detections were now related to attacks on businesses, as hackers focus their efforts on more lucrative targets.

Categories: Cyber Risk News

Brooklyn Man Gets 57 Months for $1m Fraud Scheme

Mon, 08/19/2019 - 09:30
Brooklyn Man Gets 57 Months for $1m Fraud Scheme

A Brooklyn man has been sentenced to nearly five years behind bars after pleading guilty to a decade-long fraud and account takeover scheme that netted him over $1m.

Jason Mickel Elcock, aka “Prezzi,” pleaded guilty in March to a series of wire fraud and money laundering charges, as well as unlawful possession of a firearm.

Between 2008 and last year, Elcock and co-conspirator Shoshana Marie McGill bought stolen financial and identity data on tens of thousands of businesses and individuals, according to the Department of Justice.

They also obtained this material by hacking victims’ email accounts, bank accounts and password vaults.

The duo then monetized the stolen data by: buying goods online with victims’ card data, which they resold, opening new lines of credit in other people’s names, transferring money out of victim bank accounts, creating and cashing fraudulent checks in victims’ names and selling the data and check-making kit to other fraudsters in return for a cut of their earnings.

Elcock is also said to have deleted activity alerts and changed email account passwords to prevent victims receiving automated alerts about unauthorized transactions. He’s also said to have transferred victims’ phone numbers to ones under his control.

The decade-long scheme netted him and McGill $1.1m. Also seized from their flat were Rolex watches, laptops, tablets and smartphones, designer clothes, shoes and handbags, and other items.

In addition to his 57-month prison term, Elcock will get three years of supervised release, and has to pay back the $1.1m and restitution. McGill pleaded guilty on January 3 to conspiring to commit money laundering and was sentenced in June to five years’ probation.

“As criminals move to the digital frontier, law enforcement is following,” said NYPD commissioner, James O’Neill. “In this case, the NYPD is proud to have teamed with its FBI partners to bring this insidious criminal scheme to a close.”

Categories: Cyber Risk News

Eurofins Ransomware Attack Led to Backlog of 20,000 Cases

Mon, 08/19/2019 - 08:37
Eurofins Ransomware Attack Led to Backlog of 20,000 Cases

Police chiefs are warning of delays to investigations and court cases after it emerged that a ransomware attack on a forensic services firm led to a backlog of 20,000 cases.

Eurofins Scientific, the largest provider of its kind in the UK, suffered the “sophisticated” attack back in June.

The global tester, which handles around half of the UK’s forensic work, is said to have decided to pay the ransom in a bid to regain access to crucial data.

The National Police Chiefs' Council (NPCC) is now reported to be working on clearing the large backlog of cases, which it says will have an impact on ongoing investigations and legal proceedings as they involve vital DNA and blood evidence from crime scenes.

The backlog is now at around 15,000 cases, but the police organization is confident it will be cleared in the next two months, according to the BBC.

“The security and integrity of the criminal justice system is of the highest possible priority, which meant we had to take stringent steps to ensure that police data had, firstly, not been manipulated or changed and, secondly, was suitably protected for the future,” said NPCC lead for the forensic marketplace, assistant chief Constable Paul Gibson.

Kaspersky principal security researcher, David Emm, said the case highlights the dilemma facing firms caught out by ransomware: whether to pay up.

“To avoid this issue in the first place, having offline and offsite data back-up is essential. The best mitigation to ransomware is having effective backup processes in place, which help companies to avoid an invidious situation where they are suddenly negotiating with cyber-criminals,” he added.

“However, if companies haven’t got a back-up and it’s too late, then they seriously need to weigh up what solution is best for them. Whilst the decision to pay a ransom to restore valuable data is entirely dependent on the victim and their unique situation, it is important to remember the following: you can never entirely trust cyber-criminals to keep their end of the deal and in paying large sums to them, you are helping to fuel an illegal economy and thus, will help to make ransomware a more lucrative business in the future.”

Categories: Cyber Risk News