Info Security

Subscribe to Info Security  feed
Updated: 2 hours 42 min ago

Only 19% of Lockdown ‘Work from Homers’ Update Anti-Virus Solution

Mon, 05/11/2020 - 15:45
Only 19% of Lockdown ‘Work from Homers’ Update Anti-Virus Solution

Only 19% of employees working from home as a result of COVID-19 lockdown measures have checked if their anti-virus solution is up to date, according to new research shared today by Avast Business

The company surveyed 2,000 employees of small to medium UK businesses in April 2020 to find out how secure their home working practices are. The results were good news for threat actors on the lookout for easy marks.

Researchers found that nearly a fifth (18%) of those currently working from home are doing so from their own unprotected devices, with not even half, 45%, working on secure devices provided by their employer.

Along with technology provision, security support was found to be an issue for remote workers. With only 26% of workers having access to designated IT support provided by their employer, the research points to the majority of employees being left to navigate security's rocky terrain on their own.

According to the research, most employees went into lockdown with little security training to fall back on. While 24% of those polled said they had received regular security training at work in the past, only 7% of employees had undergone specific online security training when lockdown measures were implemented.

Many employees working from home have turned to videoconferencing platforms like Zoom to help them stay in touch with colleagues and customers, but few have been advised on how to use them safely. Researchers found that only 23% of employees had received any guidance on how to use platforms like Zoom and Microsoft Teams. 

“Not all businesses have a designated point of contact for IT security, or the necessary resources. This makes it even more imperative that both business owners and employees take active responsibility," commented Jaya Baloo, chief information security officer for Avast.

While countries around the world have tentatively begun easing lockdown restrictions, Baloo predicts that ensuring workers can securely work remotely will remain crucial.

He said: "Even when the lockdown starts coming to an end, there’s high chance that increased remote working becomes the new normal for a long time."

Avast researchers said companies whose employees are working remotely should prepare for the worst. 

They said: "You must assume everyone is connecting in an Internet cesspool and they are accessing important corporate assets. This means that they need the appropriate protection, security, and tools to get their jobs done."

Categories: Cyber Risk News

Cyber-Attacks on UK Orgs Up 30% in Q1 2020

Mon, 05/11/2020 - 11:00
Cyber-Attacks on UK Orgs Up 30% in Q1 2020

New research from business ISP specialist Beaming has revealed that the volume of cyber-attacks on UK businesses increased by almost a third in the first three months of 2020.

Beaming analysts identified 394,000 unique IP addresses used to attack UK businesses in the first quarter of 2020, discovering that companies with internet connections experienced 157,000 attacks each, on average – the equivalent of more than one a minute.

This rate of attack was 30% higher than the same period in 2019 when UK businesses received 120,000 internet-borne attempts to breach their systems each.

Beaming cited IoT applications as the most common targets for cyber-criminals in the first quarter, attracting almost 19,000 online attacks per company. Company databases and file-sharing systems were also targeted frequently, with companies experiencing approximately 5000 attacks for each application, on average.

Sonia Blizzard, managing director of Beaming, said: “The record levels of cyber-attacks on UK businesses experienced during the second half of last year were maintained in the first three months of 2020, with companies being attacked more than once every minute on average.

“Businesses of all sizes need to take the threat seriously and take sensible steps to improve their resilience to attack, particularly now that the risk is magnified with so many people working from home.”

Categories: Cyber Risk News

Black Hat USA and DEF CON Cancelled Due to #COVID19

Mon, 05/11/2020 - 10:15
Black Hat USA and DEF CON Cancelled Due to #COVID19

Black Hat USA and DEF CON have become the latest victims of the COVID-19 pandemic, after organizers announced plans to cancel the cybersecurity conferences and replace them with virtual events.

For DEF CON, the decision has turned a long-running joke on its head. For the past few years mischief-makers have taken to the internet to spread fake news about the event being cancelled.

“The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19,” wrote the organizers on Twitter on Friday. “In early March we had hopes that things would be stable by August. That is no longer realistic.”

Founder Jeff Moss (aka The Dark Tangent) said he actually made the decision to cancel back in April, but has spent the past few weeks working with staff, lawyers, accountants and venue hosts to “navigate the process.”

DEF CON 28 Safe Mode will now run online from August 7-9, with 101 orientation Thursday. The DEF CON Forums will be used by participants to announce plans, do signups and post pictures and videos.

“Expect events like a new on-line Mystery Challenge, a DEF CON is Canceled music album, remote CTFs like Hack-a-Sat, Villages like the Packet Hacking Village, contests like the TeleChallenge, Ham Exams, and more. We are also planning a remote movie night and drink-up,” explained Moss.

Black Hat general manager, Steve Wylie, was more circumspect, saying only in a Friday update that there would be more information on a virtual event posted soon.

“We're inspired to adapt Black Hat USA in a virtual format that will be available to our entire global community. Our team is working hard to deliver the same level of high-quality briefings, trainings and business hall programs that Black Hat attendees have come to expect every year,” he explained.

“We believe in the power of gathering our community to share, inspire, and strengthen our industry and are committed to providing that opportunity in August.”

At the beginning of April, the organizers of Europe’s largest cybersecurity conference, Infosecurity Europe, announced that this year’s event would be postponed, with a program of virtual content planned for June 2-4.

Categories: Cyber Risk News

Cognizant: Ransomware Costs Could Reach $70m

Mon, 05/11/2020 - 09:30
Cognizant: Ransomware Costs Could Reach $70m

IT services giant Cognizant has admitted that a ransomware attack it suffered back in April may end up costing the company as much as $70m.

The firm announced revenue of $4.2bn for the first quarter of 2020, an increase of 2.8% year-on-year. In this context, the $50-70m hit it expects to take in Q2 from the ransomware attack will not make a huge impact on the company.

However, the big numbers involved are illustrative of the persistent financial threat posed by ransomware, not to mention the reputational impact on customers.

CEO Brian Humphries claimed on an earnings call that the company responded immediately to the threat, proactively taking systems offline after some internal assets were compromised. However, the resulting downtime and suspension of some customer accounts took their toll financially.

“Some clients opted to suspend our access to their networks,” he explained. “Billing was therefore impacted for a period of time, yet the cost of staffing these projects remained on our books.”

Remote workers were also affected as the attack hit the firm’s system for supporting its distributed workforce during the current pandemic.

It does appear, however, that on this occasion the Maze attackers were not able to steal sensitive internal data from Cognizant servers, as is usually the case with high-profile victims of the gang.

Nobody wants to be dealt with a ransomware attack,” Humphries said on the call. “I personally don't believe anybody is truly impervious to it, but the difference is how you manage it, and we tried to manage it professionally and maturely.”

Maze was in action most recently to target a Minnesotan egg supplier, one of the country’s largest.

Victim organizations are estimated to have paid out in excess of $6bn to ransomware attackers last year, but the real cost could be many times more, according to Emsisoft.

Categories: Cyber Risk News

Data Breach Exposes Four Million Dating App Users

Mon, 05/11/2020 - 08:15
Data Breach Exposes Four Million Dating App Users

Almost four million users of a popular Android dating app have had their personal and log-in data stolen by hackers, according to Risk Based Security.

The security vendor said it found the data on a prominent hacking forum — now free for anyone to access, although it had been previously up for sale.

It’s associated with nearly 3.7 million users of MobiFriends, a Barcelona-based dating app. The information was originally posted to the forum in January of this year by a threat actor named “DonJuji,” but is attributed to a breach in January 2019.

The data includes dates of birth, gender, website activity, mobile numbers, usernames, email addresses and MD5 hashed passwords.

“The MD5 encryption algorithm is known to be less robust than other modern alternatives, potentially allowing the encrypted passwords to be decrypted into plaintext,” warned Risk Based Security.

“Moreover, the data leak contains professional email addresses related to well-known entities including: American International Group (AIG), Experian, Walmart, Virgin Media and a number of other F1000 companies. This creates a notable risk of business email compromise as well as potential spear-phishing campaigns.”

MobiFriends has yet to respond to the researchers who found the data.

The number of records exposed in data breaches soared by 273% quarter-on-quarter to reach a record 8.4 billion in Q1 2020, according to Risk Based Security. However, the number of publicly reported incidents was down by 42% during the same period.

“The increase in records compromised was driven largely by one breach; a misconfigured Elasticsearch cluster that exposed 5.1 billion records. However, even if we adjusted for this incident, the number of records still increased 48% compared to Q1 2019,” said Inga Goddijn, executive vice-president at Risk Based Security.

“Hacking exposed an average of approximately 850,000 records per breach and most breaches originated from outside the organization. We are continually finding that simply meeting regulatory standards or contractual obligations does little to actually prevent a breach from occurring.”

Categories: Cyber Risk News

EU: UK Must Share More Data to Access Crime-fighting System

Fri, 05/08/2020 - 16:33
EU: UK Must Share More Data to Access Crime-fighting System

A European parliamentary committee has said that the UK's access to an EU crime-fighting system should be blocked unless the country shares more DNA and fingerprint data with member states.

The Justice and Home Affairs Committee, chaired by Spanish socialist MEP Juan-Fernando López-Aguilar, claims that the UK is denying member states access to a sufficient amount of fingerprint data collected by British police. 

López-Aguilar said that when it came to sharing data in the battle against crime, the exchange of information between different countries should be based on "the goodwill of reciprocity."

The views of the committee were expressed in a vote that took place yesterday. Although not binding, the outcome of the vote could have an impact on EU decisionmakers as the UK negotiates a post-Brexit deal on the sharing of DNA, fingerprint data, and crime-fighting intelligence with the EU.

López-Aguilar said he hoped that the UK and EU could establish a data-sharing relationship that was "mutually beneficial."

“We would like the UK to move our way," the MEP told The Guardian, "to move forward to European Union standards for the sake of building up a future relationship that is mutually beneficial and thus not giving any space for the advantage of not being a member of the European Union and yet enjoying all the information tools.” 

Following Theresa May's 2015 decision as the UK's Home Secretary to opt into the EU's crime-fighting system, the British government last year began exchanging DNA records of convicted British-based criminals with EU member states. 

The EU wants the UK to go one step further and share the DNA data of British-based criminal suspects, but the British government has declined to do so, despite getting access to equivalent data on suspects located in EU countries.

Using the DNA exchange system, British police can check the genetic code of EU criminals and criminal suspects in 15 minutes, compared with the 143 days it takes to achieve the same result through Interpol.

Unlike the DNA exchange system that is up and running, the fingerprint equivalent is due to be voted on by the European parliament next week.

Categories: Cyber Risk News

LabCorp Shareholder Files Suit Over Double Data Breach

Fri, 05/08/2020 - 15:54
LabCorp Shareholder Files Suit Over Double Data Breach

American testing giant LabCorp is being sued by a shareholder after two data breaches drove down the value of the company's shares.

LabCorp suffered two data breaches in under a year and was one of two dozen companies affected by the 2019 American Medical Collection Agency breach.

In a sustained and catastrophic breach that went unnoticed for eight months, hackers compromised the systems of AMCA, gaining access to the data of about 7.7 million LabCorp patients. Following the incident, several lawsuits were filed by patients against AMCA and LabCorp.

LabCorp's second data breach took place in January 2020, when the misconfiguration of a website resulted in 10,000 company documents' accidentally being made available to the public.

Shareholder Raymond Eugenio has filed a suit against LabCorp and its 12 directors and executives in an attempt to recoup share value losses that occurred following the two unfortunate cybersecurity incidents. 

In his suit, filed at the end of April in the court of chancery of the state of Delaware, Eugenio claims LabCorp failed to publicly disclose the 2020 breach or mention it in any filing with the Securities and Exchange Commission. 

At the time of going to press, the incident had not been listed on the reporting tool run by the Department of Health and Human Services. The department requires that all breaches of unsecured protected health information affecting 500 or more individuals should be reported and listed publicly. 

The plaintiff slams LabCorp's cybersecurity measures as “historically and persistently deficient" and alleges that the company's failure to implement adequate security protection led directly to the two data breaches. 

LabCorp's breach response and remediation following the AMCA breach cost the company $11.5m, according to an earlier SEC filing. Eugenio’s suit suggests that this amount is a drop in the ocean compared to the real losses incurred by the breach as it excludes litigation costs paid by the company when settling the lawsuits that followed.

Eugenio is seeking reimbursement for damages incurred by the breaches and wants LabCorp to publicly acknowledge the second breach. He also wants corporate governance and internal procedures at the company to be overhauled to prevent further cybersecurity calamities.

Categories: Cyber Risk News

Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

Fri, 05/08/2020 - 14:12
Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

A New York City law firm that serves some of the world's biggest stars of stage and screen appears to have fallen victim to a REvil ransomware attack. 

Perpetrators of the attack are threatening to expose nearly 1TB of celebrities' private data unless Grubman Shire Meiselas & Sacks pays a ransom in Bitcoin.

With a client list that reads like a celebrity who's who, the entertainment and media law firm handles the private legal affairs of John Mellencamp, Elton John, David Letterman, Robert DeNiro, Christina Aguilera, Barbra Streisand, and Madonna. 

Companies Facebook, Activision, iHeartMedia, IMAX, Sony, HBO, and Vice Media and sporting stars LeBron James, Carmelo Anthony, Sloane Stephens, and Colin Kaepernick are also clients of Grubman Shire Meiselas & Sacks.

Cyber-thieves claim to have used REvil ransomware (also known as Sodinokobi) to steal 756GB of data that includes contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements.

The attackers are threatening to publish the data in nine staggered releases unless they are paid an undisclosed sum. Grubman Shire Meiselas & Sacks is yet to confirm or comment publicly on the alleged ransomware attack. 

Commenting on the incident, Emsisoft's Brett Callow said the impact of the attack could spread beyond the law firm to its famous and wealthy roster of clients. 

"It’s not only bad news for the firm; it also puts the clients whose data has been exposed at risk of blackmail, spear phishing, identity theft and other types of fraud," said Callow. 

Celebrities believed to have been affected by the incident include Bruce Springsteen, Lady Gaga, Jessica Simpson, Nicki Minaj, Priyanka Chopra, Mariah Carey, and Mary J. Blige. Cyber-criminals also claim to have exfiltrated data belonging to hip-hop legends Run-DMC and Outkast. 

The attackers have so far published two letters apparently signed by Madonna's 2019 tour agent and Christina Aguilera on the dark web.

Previous victims of REvil ransomware attacks include 10x Genomics, Brooks International, Kenneth Cole, and National Association of Eating Disorders. In each case, data stolen from the victims was published online when the targeted business refused to pay up. One victim, Travelex, paid $2.3m to recover files stolen in an attack.

Categories: Cyber Risk News

MAZE Claims Ransomware Attack on US Egg Supplier

Thu, 05/07/2020 - 18:40
MAZE Claims Ransomware Attack on US Egg Supplier

The threat group MAZE has published what it claims is data stolen from a Minnesota egg supplier during a ransomware attack.

On their website, the threat group lists Sparboe Companies among a growing number of organizations it claims to have targeted recently.    

According to MAZE, egg producer and supplier Sparboe was cracked into on May 1, 2020. As proof of the attack, the threat group has shared a zip file of data it claims was exfiltrated from Sparboe's systems. 

The zip file contains 17 folders of what appears to be information on current and former employees, nest-run inventory, expense report, injury reports, dock schedules, and other data.

In what could be an ominous indicator of how much data has allegedly been swiped from the company, the zip file is named simply "part1."

"It’s impossible to say exactly what data may have been obtained in these incidents," commented Emsisoft's Brett Callow. "The initial data dump is typically simply a warning shot—or the equivalent of a kidnapper sending a pinky finger." 

Sparboe Companies did not confirm or deny the alleged ransomware attack by MAZE and is yet to respond to a request for comment.  

The business was hatched in 1954 by Bob Sparboe in central Minnesota as a chick distribution company. The company grew to become the fifth largest supplier of eggs in the United States in the early 2010s. 

Sparboe's reputation was tarnished in November 2011 when an animal rights group published a video of conditions in hen housing owned by the company. Footage shot in Minnesota, Iowa, and Colorado depicted crowded cages sadly common in the industry and also incidences of animal cruelty.

One worker was seen pressing down on a chick's neck until it broke while another was captured swinging a chicken about by a rope or chain. 

Confronted with the video, a Sparboe spokesperson said: "Acts depicted in the footage are totally unacceptable and completely at odds with our values as egg farmers." Nevertheless, the company was dropped as a supplier by McDonald's, Target Corp., Lund's, Byerly's, and other major grocery chains.

Categories: Cyber Risk News

Blue Mockingbird Is Mining Cryptocurrency

Thu, 05/07/2020 - 17:58
Blue Mockingbird Is Mining Cryptocurrency

A novel threat that delivers cryptocurrency-mining payloads has been detected by researchers at a US cybersecurity firm.

Red Canary Intel is monitoring a fresh threat which they have dubbed Blue Mockingbird after seeing it carry out opportunistic attacks at multiple organizations. 

The name refers to a cluster of similar activity involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems. 

“If you have public-facing web servers you should be concerned about this," said Tony Lambert, intelligence analyst with the Red Canary Cyber Incident Response team.

"The activity observed was not targeted and could occur on any Windows IIS server running a Telerik-supported web app that remains vulnerable to CVE-2019-18935."

Because of how Telerik is integrated, victims of Blue Mockingbird may not realize they have been attacked. 

Lambert said: "Some of the organizations affected by this CVE don’t know they’re vulnerable because Telerik is commonly and inconspicuously built into other web applications, so the best route is to simply check web access logs of IIS web servers for mentions of Telerik.

Red Canary researchers noted that the threat actors achieve initial access "by exploiting public-facing web applications, specifically those that use Telerik UI for ASP.NET, followed by execution and persistence using multiple techniques".

After gaining access, the bird uses the Remote Desktop Protocol to access privileged systems and then Windows Explorer to disseminate its payloads to the highest possible number of remote systems. 

On compromised machines, it persists by abusing legitimate and infrequently leveraged Windows feature, COR_PROFILER. 

In one incident, whoever gave the malicious bird wings used proxying software and experimented connecting to external systems with different kinds of reverse shell payloads.

Researchers said that the earliest Blue Mockingbird tools they had observed were formed in December last year. Lambert said the threat was spotted causing problems at "a wide array of enterprises ranging from healthcare to IT service providers".

Based on the numerous techniques observed, Red Canary researchers said that Blue Mockingbird was more likely to create problems for enterprise networks as opposed to individual consumers. Targeted enterprises will see computing resources drained from infected machines and IT or security teams put under extra strain as they remove the threat from affected environments.  

Categories: Cyber Risk News

Deloitte Partners with Palo Alto to Extend Its Cybersecurity Services

Thu, 05/07/2020 - 16:54
Deloitte Partners with Palo Alto to Extend Its Cybersecurity Services

Multinational professional services network Deloitte has announced a partnership with global cybersecurity leader Palo Alto Networks.

Deloitte is already a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, and tax and related services. With this new partnership, the company hopes to extend the cybersecurity services it offers.  

Under the new agreement, Palo Alto will partner with Deloitte’s EMEA Cybersphere Center with the aim of expanding its managed security services portfolio for customers both in Spain and across its entire global network. 

"This represents a giant leap forward for our market growth strategy," said César Martín Lara, the Risk Advisory partner leading Deloitte’s cybersecurity practice.

“This partnership enables us to enhance the service that we provide to our clients and to combine the finest threat detection and response technologies with the development of technological processes and the experience of our professionals across all areas of cybersecurity."

The collaboration will see Deloitte’s EMEA Cybersphere Center integrate Cortex XDR™, Cortex™ XSOAR (formerly known as Demisto), and Prisma™ Cloud solutions into its security catalog.

A spokesperson for Deloitte said that with this new alliance, the EMEA Cybersphere Center boasts a technological setup capable of carrying out security orchestration, automation, monitoring, and response tasks to tackle the most sophisticated threats detected in any environment. 

The union has seen Palo Alto's Cortex XSOAR—an industry-leading security orchestration, automation, and response technology—implemented within Deloitte’s own security operations center. 

According to Deloitte, the move will allow its team of professionals "to augment their current capabilities and ultimately be better prepared to tackle increasingly complex cybersecurity threats on behalf of customers."

President of Palo Alto Networks EMEA Christian Hentschel spoke of the union in enthusiastic terms: “We’re delighted to be partnering with Deloitte, not only helping them to deliver enhanced SOAR capabilities having implemented our technology in their own security operations center, but also incorporating services around our wider Cortex and Prisma Cloud solutions.

"Together we look forward to helping customers around the world make each day more secure than the one before.”

Categories: Cyber Risk News

Cyber-Criminals Exploiting Remote Working by Attacking RDP Ports

Thu, 05/07/2020 - 16:20
Cyber-Criminals Exploiting Remote Working by Attacking RDP Ports

McAfee has recorded a growth increase in the number of attacks on Remote Desktop Protocol (RDP) ports exposed to the internet. The study has highlighted yet another way in which cyber-criminals are exploiting the huge increase in people working from home as a result of COVID-19.

RDP ports are a vital means for many businesses to enable their employees to work from home, as they allow communication with a remote system. RDP ports are often exposed to the internet, which provides opportunities for attackers. With the sudden requirement to have large proportions of their staff working from home, McAfee believes it is likely that many organizations brought these systems online quickly with minimal security checks in place.

In total, the report showed that the number of RDP ports exposed to the internet grew from three million to 4.5 million in the period from January to March 2020. This led to a growth in attacks against RDP ports as well as an increase in the volume of RDP credentials sold on underground markets.

The country which had the most stolen credentials in this period was was China, followed by Brazil and Hong Kong. McAfee also looked into the methods attackers are using to breach RDP systems. Primarily access was gained due to weak passwords such as NULL123, P@ssw0rd and 123456. The security software company was also alarmed to find many vulnerable RDP systems did not even have a password. In addition, breaches were caused by vulnerabilities and lack of patching.

McAfee commented: “RDP remains one of the most used vectors to breach into organizations. For attackers, this is a simple solution to quickly perform malicious activities such as malware, spam spreading or other types of crime.

“There is currently a whole business around RDP on the underground market and the current situation has amplified this behavior. To stay protected, it is essential to follow best security practices, starting with the basics, such as using strong passwords and patching vulnerabilities.”

A number of studies have been released today, on World Password Day, revealing the extent to which remote employees have poor password practices, which is leaving businesses more exposed to attacks.

Categories: Cyber Risk News

A Fifth of Consumers Hit by Fraud Over Past Year

Thu, 05/07/2020 - 11:00
A Fifth of Consumers Hit by Fraud Over Past Year

A fifth of British consumers have suffered fraud over the past 12 months, but many could be doing more to protect their finances, according to a new study from Marqeta.

The card issuing platform polled over 4000 US and UK consumers to compile its 2020 Fraud Report.

It revealed that over a third (38%) of British adults had been the victim of financial fraud, leading many (42%) to accept it as an inevitable cost of participating in the digital economy.

Respondents were fairly split in terms of whose responsibility they think fraud prevention is, with 57% claiming it’s their own and 43% pointing to their banks.

However, it’s clear that online users could do more to protect their digital assets.

Over half (52%) of UK respondents admitted they could be better at protecting personal financial information, and just 34% check online to see if their card details have been exposed following a major data breach, versus 60% in the US.

What’s more, 14% said they lose their card every year. While 85% always cancel it when this happens, only a quarter (23%) said they do so immediately. This matters, because 82% of those who have been defrauded said it happened within an hour of them losing their card.

Fortunately, 83% believe their bank does a good job at alerting them to fraud, with nearly a fifth (39%) saying they have been proactively alerted by their bank before they noticed fraudulent activity themselves.

The current COVID-19 lockdown is offering new opportunities for fraudsters to cash-in on the pandemic, through counterfeit goods and other online scams. As a result, consumers need to be on high alert, according to Ian Johnson, European managing director for Marqeta.

“Yet this research shows that, while many people are taking steps to protect themselves, there is still a significant portion that are not,” he added.

“This may be because they have become resigned to the inevitability of fraud, but it may also be because they are often insulated from the consequences — as the survey also showed that 92% of people who had been defrauded had been able to get fraudulent transactions removed from their account. This means the banks are often carrying the financial burden of fraud.”

Categories: Cyber Risk News

Facebook Removes Far-Right Conspiracy Theory Content

Thu, 05/07/2020 - 10:00
Facebook Removes Far-Right Conspiracy Theory Content

Facebook has moved to take down content from two US groups engaged in organized efforts to influence public opinion ahead of the Presidential election in November.

It claimed they were engaged in “coordinated inauthentic behavior” – which is the term the social network uses to describe “groups of accounts and Pages seeking to mislead people about who they are and what they are doing while relying on fake accounts.”

The first involved the removal of five Pages, 20 Facebook accounts and six Groups associated with the QAnon network, an infamous group of far-right conspiracy theorists that emerged around three years ago.

These Trump supporters and ‘deep state’ believers have previously claimed that Barack Obama, Hillary Clinton, George Soros and others are planning a coup, and that they are all members of an international child sex trafficking ring.

Most recently, they have reportedly been spreading disinformation about the origins of the COVID-19 virus.

The second group investigated by Facebook is linked to the VDARE website, known to post anti-immigration content and linked to a similar site known as The Unz Review.

In this case, Facebook was forced to remove 19 Pages, 15 Facebook accounts, and one Group, again, all originating in the US and focused domestically.

The news comes as new research revealed that UK consumers want more decisive action taken against online disinformation.

The Open Knowledge Foundation found that 55% of Brits believe the government should “impose compulsory action” on social media sites to prevent fake news spreading. A third (33%) said voluntary action by the likes of Facebook would be enough.

Catherine Stihler, chief executive of the Open Knowledge Foundation, argued that the best way to tackle disinformation “is to make information open, allowing journalists, scientists and researchers to provide facts to the public.”

“Tech giants have a responsibility to increase transparency and work closely with fact checkers, but voluntary action is never going to be enough by itself,” she added.

Categories: Cyber Risk News

Remote Workers Failing on Password Security During #COVID19 Crisis

Thu, 05/07/2020 - 08:46
Remote Workers Failing on Password Security During #COVID19 Crisis

Remote workers may be exposing their personal and business accounts to the risk of takeover because of poor password security, according to new studies released on World Password Day.

The annual event exists to remind users of the importance of using strong, unique credentials – ideally in combination with multi-factor authentication (MFA) – and storing them securely.

It’s particularly important in the context of today’s highly distributed workforces, which are under lockdown at home due to the COVID-19 pandemic.

However, a global OneLogin study of 5000 remote employees from Germany, France, the UK, Ireland and the US found that nearly a fifth (17%) share their work device password with a spouse or child. Over a third (36%) admitted not having changed their home Wi-Fi password in over a year.

This figure rose to 50% in the UK, with the same number of Brits not having changed their device password since they started remote working.

Organizations will have to improve their home working policies if distributed working is more commonplace once the pandemic recedes.

“This global remote work study shines the light on the importance of ensuring the right people are accessing internal and customer data at all times,” said OneLogin CEO, Brad Brooks. “It underscores the importance of protecting employees and their entire organizations, aligning with privacy and security best practices around the world.” 

On a similar theme, a CallSign study of nearly 4500 US and UK adults, found that over half (54%) have no plans to update their work logins for remote access, despite 60% having received information and tooling to do so.

On the positive side, new Centrify research has claimed that over two-thirds (70%) of UK businesses are using MFA and virtual private networks (VPNs) to improve remote working security.

Categories: Cyber Risk News

More Men than Women Fall Victim to Cybercrime

Wed, 05/06/2020 - 18:55
More Men than Women Fall Victim to Cybercrime

New research has found that more men than women fall victim to cybercrime and it could have something to do with password practices.

study published April 29 by password manager NordPass found that women are more likely to use unique passwords. The more cybersecurity-savvy sex was also found to be less likely to fall victim to cybercrime. 

Researchers have posited that the two findings may be linked, as using unique passwords for each online account reduces the risk of multiple accounts' being hacked in a single cyber-attack.   

NordPass researchers were taken aback by what their survey of 700 people from the UK and 700 people from the US revealed.   

"We were surprised," a NordPass spokesperson told Infosecurity Magazine. "We didn’t expect there to be a difference in genders and their usage of unique passwords."

The survey found that 43% of women always use a unique password for online store accounts, 57% for banks and other financial institutions, 50% for personal email, and 38% for communication apps. In comparison, only 36% of men use unique passwords for online stores, 50% for banks and other financial accounts, 42% for personal email, and 31% for communication apps. 

"We can speculate that women are more concerned when it comes to security online," wrote researchers. "We think that women are more concerned about the sensitive information these accounts store."

Men's comparatively lax attitude to cybersecurity could make them easier targets for cyber-criminals. Of the 22% of survey participants who had become a victim of cybercrime, 54% identified as men. 

Bizarrely, the study showed that while victims of cybercrime "are more often concerned about the harm of their email, forums or entertainment, communication, health app accounts getting hacked," they "do not secure their accounts with unique passwords more often than those who haven’t experienced cybercrime."

The stress of remembering multiple passwords could be driving some users to reuse one or two that they have memorized. Researchers found that 30% of people surveyed thought that resetting and coping with passwords is as stressful as retiring. 

Asked how many of the respondents had actually retired before taking part in the survey, researchers said "about 20% of the 700 US respondents (so about 140) had already retired." No information was given as to how many of the 700 UK respondents had retired before participating in the survey.

Categories: Cyber Risk News

Ransomware Attack on Europe's Largest Private Hospital Operator

Wed, 05/06/2020 - 17:42
Ransomware Attack on Europe's Largest Private Hospital Operator

The largest private hospital operator in Europe has been struck by a ransomware attack as the continent strives to prevent healthcare systems from being overwhelmed by the COVID-19 pandemic.

Cyber-criminals, apparently unburdened by a conscience, launched an attack on the technology systems of Fresenius, limiting some operations at the company. 

News of the incident was broken today by Krebs on Security, who learned of the attack from an anonymous source with a relative working for Fresenius Kabi’s US operations. According to the relative, computers in his company’s building had been roped off following a Snake ransomware attack that had affected the company’s operations globally.

Fresenius spokesperson Matt Kuhn confirmed in a written statement that "Fresenius’ IT security detected a computer virus on company computers" and that the group's "IT experts are continuing to work on solving the problem as quickly as possible and ensuring that operations run as smoothly as possible.”

Four independent businesses make up the Fresenius Group: Fresenius Medical Care, Fresenius Helios, Fresenius Kabi, and Fresenius Vamed. Employing nearly 300,000 people across more than 100 countries, the group is a leading provider of care and dialysis treatment to patients experiencing kidney failure. 

COVID-19 can cause sudden kidney failure, and people who already have kidney disease are considered at high risk from the deadly virus. According to the Renal Association, 25% of COVID-19 patients placed on ventilators while being treated on an intensive care unit (ICU) develop severe AKI (acute kidney injury), which can be life-threatening. 

This increased need for the kind of kidney-focused equipment and care delivered by Fresenius makes the timing of the ransomware attack on the company even more deplorable. 

Fresenius Group is based in Germany, which today announced that if new infections of COVID-19 rise to above 50 people in every 100,000 in a district over the course of a week, an "emergency brake" on easing lockdown restrictions will be enforced at local state level. 

Commenting on the unconscionable attack, security awareness advocate at KnowBe4 Javvad Malik said: "The attack serves as a reminder that criminals are not slowing down their attacks despite being in the midst of a global pandemic."

Categories: Cyber Risk News

Over Half of Remote Employees Access Inappropriate Content on Devices Used for Work

Wed, 05/06/2020 - 16:01
Over Half of Remote Employees Access Inappropriate Content on Devices Used for Work

Over half of employees working from home during COVID-19 watch inappropriate content on the same devices they use for work, according to Kaspersky’s How COVID-19 Changed the Way People Work report. This is making businesses’ IT systems more vulnerable to cyber-threats, such as malware.

Nearly a fifth of employees are doing this on devices provided to them by their employer, exacerbating the security risk further.

The report also found that remote workers are regularly using their personal services, such as emails, for work purposes, providing additional shadow IT security risks for their employer. Of the remote workers surveyed, 42% admitted they use personal email accounts for work-related matters, while 49% said this type of activity has increased since the COVID-19 lockdown. In addition, 38% communicate with colleagues via personal messengers that haven’t been approved by their IT departments, with 60% saying they do this more often since they have been regularly working from home.

More than half (55%) of workers stated they are reading more news since the crisis began, and 60% of this activity is taking place on the same devices they use for work. This could add to the risk of malware infections if close attention is not paid to the websites being used for this purpose.

In the current environment, it is vital for firms to limit access to their systems and data as much as possible amongst their staff.

Andrey Evdokimov, chief information security officer at Kaspersky, said: “Organizations cannot just fulfil all user requests, such as allowing staff to use any services as they want to. It is necessary to find a balance between user convenience, business necessity and security. To achieve this, a company should provide access to services based on the principle of only supplying minimal, necessary privileges, implement a VPN and use secure and approved corporate systems. These types of software may have certain restrictions that slightly reduce usability, but offer greater assurances in providing security measures.”

Kaspersky also advised that businesses schedule basic awareness training for their employees in areas such as account and password management, email security and endpoint security.

Categories: Cyber Risk News

Boston to Consider Regulating What Info Schools Pass to Police

Wed, 05/06/2020 - 15:44
Boston to Consider Regulating What Info Schools Pass to Police

Boston City Council is today considering implementing regulations that would limit what information school district officials can share with law enforcement. 

A proposal put forward by councilors suggests that schools should not be allowed to give police any information regarding a student's immigration status, ethnicity, neighborhood of residence, the languages they speak, or their suspected gang affiliation. 

Under the proposal, a community board would be established to keep tabs on the school district's information-sharing policy. 

Schools would be permitted to pass information to law enforcement agencies regarding a student's possession of guns or drugs with the exception of alcohol, nicotine, and marijuana. The sharing of intelligence regarding credible safety threats and instances of serious violence would also be allowed.

A student privacy policy was first presented to the council's School Committee in mid-April by school district officials. According to the Boston Globe, the district now plans to “finalize a second policy governing access to students in school, so that the two policies may be considered by the school committee together.”

Boston Public Schools spokeswoman Jessica Ridlen said: "We believe these two policies will meet the intentions of the proposed ordinance and look forward to continuing to work with the City Council to address our shared goals."

Ridlen said that the School Committee was “committed to ensuring the privacy of its students’ information and their safety and security in school.”

Earlier this year it was revealed that student information had been shared more than 100 times by Boston city agencies between 2014 and 2018. The data was disseminated via a localized intelligence-sharing network that counted among its members an agent from the Department of Homeland Security, which oversees Immigration and Customs Enforcement.

A separate proposal to be discussed at today's City Council meeting concerns the possible regulation of the city's use of facial-recognition technology. The measure, put forward by councilors Michelle Wu and Ricardo Arroyo, proposes banning local authorities from obtaining or using a face-surveillance system, to use information derived from such a system, or to enter into a third-party agreement for surveilling faces.

No facial-recognition software is currently in use by the city of Boston.

Categories: Cyber Risk News

HMRC Shuts Down Almost 300 #COVID19 Phishing Scam Sites

Wed, 05/06/2020 - 12:00
HMRC Shuts Down Almost 300 #COVID19 Phishing Scam Sites

Her Majesty's Revenue and Customs (HMRC) has formally asked Internet Service Providers (ISPs) to remove 292 scam web addresses exploiting the coronavirus outbreak since March 23, according to official figures.

The Freedom of Internet Act data, obtained by Griffin Law, revealed that of the 292 sites removed, 237 were proactively identified and requested for removal by HMRC independently, with the remaining 55 flagged by members of the public.

The findings highlight the continued attempts of phishing scammers looking to exploit the COVID-19 pandemic.

Two weeks ago, it was revealed that a scam email purporting to be from HMRC was in circulation advertising the government’s coronavirus Job Retention Scheme.

Tim Sadler, CEO, Tessian, said: “During the COVID-19 outbreak, we’ve seen opportunistic hackers continually taking advantage of the fact that people will be searching for more information and guidance on how to adjust to the new normal, in attempts to make their phishing scams all the more effective.

“All too often, these email scams are incredibly realistic, purporting to be from trusted organizations or authorities like HMRC, to convince people into complying with requests – whether that’s handing over personal bank account details, phone numbers and passwords."

Sadler added that it is therefore vital that companies and employees are made fully aware of these threats, particularly at a time with high levels of remote working, with many people in isolation and at a much greater risk of being defrauded.

“Key tips to stop scammers include: being careful when sharing any personal information online as well as being wary of unsolicited emails asking for urgent information. It’s also critical to avoid sharing financial details or personal information with unfamiliar websites. If you’re still not sure, call HMRC directly to verify the legitimacy of their message.”

Categories: Cyber Risk News