Info Security

Subscribe to Info Security  feed
Updated: 2 hours 3 min ago

Ticketmaster Breach Discovered in April, Says Bank

Fri, 06/29/2018 - 09:20
Ticketmaster Breach Discovered in April, Says Bank

Question marks have been raised over Ticketmaster’s internal security and incident response processes after a bank revealed that it alerted the ticketing giant to a recently discovered breach in April.

Mobile banking start-up Monzo claimed in a blog post on Thursday that around 50 customers contacted the firm on April 6 after spotting fraudulent activity on their account.

“After investigating, our Financial Crime and Security team noticed a pattern: 70% of the customers affected had used their cards with the same online merchant between December of last year and April this year,” explained head of financial crime at Monzo, Natasha Vernier. “That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.”

She claimed that over the next few days more fraudulent transactions were attempted on cards which had previously been used at Ticketmaster.

It notified the ticketing giant on April 12 but the fraud attempts kept on coming and eventually Monzo was forced to ask Mastercard directly to proactively replace every one of its customers’ cards that had been used at Ticketmaster, so confident was the firm that a breach had taken place.

“Throughout this period we were in direct contact with Ticketmaster,” explained Vernier.

“On Thursday 19th April, they told us an internal investigation had found no evidence of a breach and that no other banks were reporting similar patterns.”

Ticketmaster finally revealed a breach had indeed taken place at the firm, affecting less than 5% of its global customer base, earlier this week. It claimed to have discovered malware on June 23 — over a month after Monzo first notified it.

Even more bad news for the ticketing giant came from Inbenta Technologies, the third-party supplier who hosted the “customer support product” where the malware was found.

It explained in a new note that the source of the breach was a single piece of JavaScript code customized by Inbenta for Ticketmaster, but implemented by the ticket firm in an insecure manner.

“After a careful analysis of all clues and snapshots from our systems, the technical team at Inbenta discovered that the script had been implemented on the payment page,” the firm claimed. “We were unaware of this, and would have advised against doing so had we known, as it presents a point of vulnerability.”

Allen Scott, consumer EMEA director at McAfee, claimed all stakeholders in the digital supply chain need to work together more closely to prevent security and fraud incidents.

“Monzo’s quick identification of, and response to, the Ticketmaster data breach is a great example that every financial institution and online service should look to mirror,” he added.

“Like so many businesses who fall victim to data breaches, Ticketmaster has been slow to respond and put right this wrong. To win the battle against online fraud, we need businesses to join forces and support one another in identifying and responding to security threats.”

It remains to be seen whether the firm will be investigated under the new GDPR, given that the initial incident now appears to have happened before May 25, although there are strict rules around 72-hour breach disclosure.

Categories: Cyber Risk News

UK Government Sets Minimum Cybersecurity Standard

Fri, 06/29/2018 - 08:54
UK Government Sets Minimum Cybersecurity Standard

The UK government has launched a new cybersecurity standard designed to set a baseline of mandatory security outcomes for all departments.

The Minimum Cyber Security Standard announced this week presents a minimum set of measures which all government departments will need to follow, although the hope is that they will look to exceed these at all times.

There is some flexibility in how they achieve these measures, depending on “local context.”

“Over time, the measures will be incremented to continually ‘raise the bar’, address new threats or classes of vulnerabilities and to incorporate the use of new Active Cyber Defence measures that Departments will be expected to use and where available for use by suppliers,” the document states.

There are 10 elements to the standard, divided into five key domains: identify, protect, detect, respond and recover.

These start with putting in place “appropriate cybersecurity governance processes,” identifying and cataloging sensitive information and operational services, and continuous management of access rights.

Next comes strict authentication of all users who want access to sensitive info and key services; protection of key systems from exploitation of known vulnerabilities; security for highly privileged accounts; detection of common cyber-attacks; well-defined incident response plans; and well-tested processes to ensure continuity of services in the event of compromise.

Security experts welcomed the best practice security standard.

“Over the past decade, the UK government has been aiming to simplify security — moving away from proscriptive mandatory requirements in security standards, towards describing the minimum security outcomes that need to be achieved,” explained FireEye director, Mike Trevett. “This standard helps do exactly that. For mature organizations it provides a solid framework for managing their information risk. For less mature organizations, it will help them structure how they manage information risk and guide their cybersecurity process development.”

Mark Adams, regional VP for UK and Ireland at Veeam, argued that the standard would help government departments manage risk in a new era of GDPR and NIS Directive, and sets a good example for other industries to follow.

“The emphasis on recovery, often an unsung hero with data management, is especially welcome,” he added. “No matter who you are or where you work, it has never been more important to ensure that your digital lives are permanently ‘on’. The ability to seamlessly move data to the best location across multi-cloud environments is now crucial for business continuity, compliance, security, and optimal use of resources for business operations.”

Categories: Cyber Risk News

#SplunkLiveLDN: Defeating a Phishing Attack in 100 Minutes

Fri, 06/29/2018 - 08:15
#SplunkLiveLDN: Defeating a Phishing Attack in 100 Minutes

Speaking at the Splunk Live conference in London, Nigel Spencer, head of security operations at Vocalink said that its deployment of Splunk was enabling compliance with various standards and creating an audit trail for changes “which provides us with a who, what, where, when and why analysis of a security event.”

He said that the real strength of the technology was in its ability to go back and look at past events within the infrastructure, and shared the timeline of an actual event. On one day at 11.25am the company received 64 phishing emails, 30 of which were delivered to valid email addresses and each contained a malicious attachment claiming to come from a UK retail bank.

Spencer said that four minutes later, users began to report their suspicions about the email using the Outlook plug in, and eight minutes later the security operations center began to triage an analysis process.

“By 11.55am, the response team confirmed that the email contained an XML script with embedded objects that had evaded our anti-malware and sandboxing controls, the team also confirmed that attempts had been made to connect to a server in Brazil,” he said.

By 12.17pm, Splunk log analysis showed that one user had opened the malicious attachment, and the attempted Brazilian server connection had been blocked by a web proxy and no second stage attack had taken place. Less than ten minutes later, at 12.24pm, the SOC team had determined that the attachment was a known exploit and by 1.09pm, a user had given over their laptop and the incident team stood down.

“The total time from detection to containment was 105 minutes, no malware persistence had been achieved and the confidentiality, integrity and availability of our systems and the data held had been maintained,” he said.

In giving closing advice from using Splunk technology in that instance, Spencer advised delegates that use cases answer these questions: have our use controls detected and prevented an attack, have we received an email as part of a wider phishing campaign, which users received the email and is there a known malicious file on a known user device.

Spencer also said that Splunk is used throughout the business and while he did not anticipate the members of the board using Splunk, it was more important that quantitative analysis can be provided to support the board’s common question: “How secure are we?”

Categories: Cyber Risk News

SecureSet Academy Expands Training with HackEd

Thu, 06/28/2018 - 14:45
SecureSet Academy Expands Training with HackEd

SecureSet Academy today announced the acquisition of HackEd, a provider of hands-on cybersecurity training for technical professionals, a deal which will advance SecureSet’s expansion of immersive cybersecurity education programs in the Washington, D.C., metro area.

According to CyberSeek, the metro Washington area has the highest concentration of unmet cybersecurity talent in the country, with more than 43,200 unfilled cybersecurity jobs. “There are many individuals looking for the right path to a rewarding cybersecurity career. This partnership with HackEd is the perfect complement to our existing programs, bringing more opportunity for immersive cybersecurity education to a hotbed of technical professionals,” Bret Fund, CEO and founder of SecureSet, said in today’s press release.

Understanding how to better incorporate security into their curriculums has been a challenge for many bootcamps. As they transition to a new campus under the direction of Jon Ferris, founder of HackEd, the two organizations will continue to serve the growing need for cybersecurity professionals in the region.

“HackEd has always had a similar philosophy to SecureSet when it came to delivering immersive education. By joining forces, we are better able to deliver high-quality education to a broader range of individuals and companies looking to amplify their cybersecurity skills in Washington, D.C., and beyond,” said Ferris.

Funded in 2016, HackEd has aimed to build a strong cybersecurity community that delivers the kind of hands-on-keyboard training often lacking in the cybersecurity industry and in the Washington metro area specifically. The result has been a collection of students, employers, instructors, applicants, enthusiasts, alumni and job applicants coming together over the past 18 months with the common goal of solving the issue of the cyber-talent shortage.  

Headquartered in northern Virginia, which is where the new campus will be located, HackEd has made great strides with its eight-week program focused on penetration testing and network defense. Additionally, HackEd has provided students the chance to connect with local employers and showcase what they learned, better positioning participants to find employment while serving the needs of the employers who struggle to find highly qualified candidates.

To date, SecureSet has had more than 250 students go through their programs, with an average placement rate above 90% within months of graduation.

Categories: Cyber Risk News

Municipalities Breached from Click2Gov Flaw

Thu, 06/28/2018 - 14:04
Municipalities Breached from Click2Gov Flaw

Another local government has suffered a data breach, and the latest victim is Midland, Texas, where hackers leveraged a vulnerability in Superion’s Click2Gov function in the payment server used to make online payments for utilities. The list of cities affected continues to grow and expands from Florida to California.

That hackers leverage known vulnerabilities in systems in order to gain access to data is no surprise. Malicious hackers have been increasing their attacks on local governments, and they continue to exploit the known vulnerability in Superion’s Click2Gov software, as was the case in Midland.

Earlier this month, Risk Based Security executive vice president Inga Goddjin blogged about the company's investigations into the breaches in Oxnard, California, on 25 May and in Wellington, Florida, on 6 June. The data breaches focused on the online utility bill payment service named as Click2Gov. According to Goddjin, Superion notified Wellington that certain vulnerabilities in Click2Gov might have led to a possible breach of their online utility payment installation.

Superion has issued a patch for the vulnerability that continues to lead to the growing string of breaches, and while Superion can not comment on the environments of their clients, they did affirm that “protecting our customers and their clients’ data is of the utmost importance to Superion,” according to a spokesperson in an email.

“Last year we reported that a limited number of on-premise clients had identified suspicious activity on their servers that are used to host Superion’s Clock2Gov product," the spokesperson said. "Upon learning of the activity, we proactively notified all Click2Gov customers. Additionally, Superion launched an investigation and engaged a forensic investigator to assess what happened and determine appropriate remediation steps.”

Superion has worked to assist many customers with the application of patches in order to update and better secure their networks. “At this time, we have no evidence showing that it is unsafe to make payments utilizing Click2Gov on hosted or secure on-premise networks with recommended patches and configurations. Superion does not control our customers’ networks.”

The breaches have thus far affected only those locally hosted on-premise networks in certain towns and cities, and Superion confirmed that no client in its data centers or in the Superion Cloud has faced these issues, even when they are using the same software product. The company continues to work closely with their customers to resolve and remediate the matter.

Categories: Cyber Risk News

340 Million Records Exposed in Exactis Breach

Thu, 06/28/2018 - 13:54
340 Million Records Exposed in Exactis Breach

Another major data breach has left roughly 340 million records exposed by data aggregation firm Exactis after information was left on a publicly accessible server. The 2 terabytes' worth of data appears to include the personal details of the individuals listed, including phone numbers, home addresses, email addresses and other highly personal characteristics for every name. 

The type of personal information that was potentially compromised should be concerning to consumers, given the enormous volume of information that is collected, spliced together and housed in databases such as the one that was leaked by Exactis, said Anurag Kahol, Bitglass CTO.

“Exposing that amount of data to the public internet is a significant offense by the organization and one that we’ve seen dozens of times in the past year, yet it is unlikely that we’ll see anything change unless organizations take the initiative in protecting corporate data,” Kahol said.

News of the breach raises questions about whether Exactis knew what type of information it had and whether it considered the potential implications if that information were compromised. “The problem with most enterprises today,” said Ruchika Mishra, Balbix director of products and solutions, “is that they don’t have the foresight and visibility into the hundreds of attack vectors – be it misconfigurations, employees at risk of being phished, admin using credentials across personal and business accounts – that could be exploited.”

It could be months before the real impact of the breach can be measured, but what has initially been reported is alarming and there would not be any surprise if Exactis confirmed that 340 million individuals were indeed impacted.

“The Exactis data leak should enrage consumers and businesses alike. The sheer amount of cloud databases left accessible on the Internet is astounding, especially when one considers the type and amount of data that users store on it without giving it second thought,” said John “Lex” Robinson, cybersecurity strategist at Cofense.

“It is worth noting that just because the server was left open to the public does not mean it was stolen by malicious hackers, but we cannot be certain. The data reported to have been leaked is incredibly comprehensive and can be used by hackers to develop more targeted phishing scams.”

Categories: Cyber Risk News

#SplunkLiveLDN: Listen to Your Machine Data and Act on the Results

Thu, 06/28/2018 - 12:44
#SplunkLiveLDN: Listen to Your Machine Data and Act on the Results

Demands on companies to answer questions are being better resolved with the use of telemetry data.

Speaking at the Splunk Live conference in London, Splunk’s head of marketing Matt Davies said that the company is “turning data into answers” and “thinking about how traditional data works with reputational databases and reference points.”

He asked the audience if they were listening to the machine data, which is “always talking to us” and typically comes from the apps and websites commonly used. He cited airline apps and websites, saying “we expect services and apps to meet our needs, it is secure, and do it when I want.”

Davies acknowledged that machine data is messy, processed in real time and has fluctuations in patterns, and often it is the case that there is a lot of data and teams do not what they want from the data.

“Splunk is about making machine data accessible and readable, how you use it and what to do with it if you get access to it, and what is the value from IT to security or business to marketing and to people in the field,” he said. “It is shared via a dashboard to ask questions in real time, as you do not want to make decisions on data that is a day or week old, and you want to make sure that the data is relevant.”

In terms of security, Davies pointed at the acquisition earlier this year of Phantom Cybersecurity and how Splunk is moving further into the cybersecurity space, by “helping make sure your data is protected and you’re compliant.”

Davies also used his presentation to show how he was able to predict the result of the evening’s World Cup game between England and Belgium by using telemetry data, looking at FIFA rankings, goal differences from previous matches and the 1966 World Cup win, which led him to predict that England will win 2-1.

Categories: Cyber Risk News

Cyber Risk at All-Time High for UK Financial Sector

Thu, 06/28/2018 - 10:28
Cyber Risk at All-Time High for UK Financial Sector

The proportion of financial services firms citing cyber-attacks as a major source of risk has hit an all-time high, according to the latest biannual survey from the Bank of England (BoE).

The Bank’s Systemic Risk Survey for the first half of 2018 had cyber-incidents ranked joint second alongside geopolitical risk, with 62% citing them as major risks to the UK’s financial system.

The figure has increased for the third consecutive survey and is now at its highest level since records began in 2008, according to the BoE.

There was also an increase of five percentage points in the proportion of respondents that cited cyber-attacks as the risk most challenging to manage, to over half (51%).

Nick Hammond, lead advisor for financial services at tech provider World Wide Technology, argued that newer regulations are moving away from the old tick-box compliance format towards requiring continued assurance of critical applications.

“But due to the complex nature of existing systems which have been built with different and sometimes conflicting metrics over the years, legacy infrastructures are typically built from a complex patchwork of applications, which communicate with each other in complicated ways,” he added.

“This network of opaque inter-dependencies creates a significant challenge which means banks are increasingly drawing on infrastructural expertise as the first step towards securing their internal software.”

Hammond argued that gaining visibility into networks and the way applications share data is a vital first step to reducing risk as it can ensure the right policies are applied to each segmented app.

The BoE is said to be developing guidelines to help firms demonstrate cyber-resilience, and despite the relatively large amounts of funding available to IT security teams, there seems plenty of work to do.

Global financial services breaches have tripled over the past five years, according to Accenture, while a VMware survey of UK-based security pros in the sector revealed 67% who claimed their practices “would shock outsiders.”

Categories: Cyber Risk News

US Dark Web Raids Lead to Arrests and Seizures

Thu, 06/28/2018 - 09:32
US Dark Web Raids Lead to Arrests and Seizures

The US authorities are claiming victory after a nationwide dark web clampdown which led to multiple arrests and seizure of illegal goods.

The year-long operation involved the Department of Justice, US Immigration and Customs Enforcement’s Homeland Security Investigations (HSI), the US Secret Service (USSS), the US Postal Inspection Service (USPIS) and the Drug Enforcement Administration (DEA).

Posing as money launderers on dark web markets, special agents of the HSI New York Field Division were able to gain the trust of numerous vendors by offering to exchange US currency obtained in illegal deals for virtual currency.

The investigation into more than 65 targets led to the arrest of more than 35 dark web vendors said to have made tens of thousands of sales.

The four-week culmination of the operation saw 100 law enforcement actions across the US, resulting in the seizure of 333 bottles of liquid synthetic opioids, over 100,000 tramadol pills, 100 grams of fentanyl, more than 24 kilograms of Xanax, and various other recreational and prescription drugs.

Also seized were more than 100 firearms; five vehicles either bought with illegal funds or used in criminal activity; more than $3.6m in currency and gold bars, nearly 2000 Bitcoins and other crypto-currency worth over $20m, 15 pill presses and Bitcoin mining equipment.

The authorities were understandably tight-lipped on exactly how the busts worked, but they did claim that those dark web vendor accounts identified and linked to real individuals were selling goods on sites including Silk Road, AlphaBay, Hansa, and Dream.

All of these have previously been taken down by law enforcers except for Dream Market, which is said to have been infiltrated by Dutch police.    

“The darknet is ever-changing and increasingly more intricate, making locating and targeting those selling illicit items on this platform more complicated. But in this case, HSI special agents were able to walk amongst those in the cyber underworld to find those vendors who sell highly addictive drugs for a profit,” said HSI acting executive associate director Benner. 

Categories: Cyber Risk News

Ticketmaster UK Breached Via Supplier

Thu, 06/28/2018 - 08:53
Ticketmaster UK Breached Via Supplier

Tens of thousands of Ticketmaster UK customers are thought to have been directly affected by a data breach at a third-party platform provider of the online ticketing giant.

The firm claimed in a notice explaining the incident that it found malicious software on a customer support product hosted by supplier Ibenta Technologies last weekend.

The malware, which was immediately disabled on discovery, had been exfiltrating data and sending it to an unknown third-party, Ticketmaster added.

Compromised data incudes names, addresses, emails, telephone numbers, payment details and Ticketmaster login details. There’s no information on whether some or all of this data was encrypted.

“UK customers who purchased, or attempted to purchase, tickets between February and June 23, 2018 may be affected. As a precautionary measure we have also notified international customers who purchased in this period,” the firm noted.

“If you have not received an email, we do not believe you have been affected by this security incident based on our investigations.”

Ticketmaster stated that “less than 5% of our global customer base has been affected by this incident” – but this could still run into the millions given some reports which claim the firm serves over 230 million customers.

It is believed that as many as 40,000 UK customers’ details have been compromised, although no one in North America has been affected.

As a precaution, Ticketmaster is recommending customers monitor their accounts for evidence of fraud/identity theft.

Brooks Wallace, head of EMEA for Trusted Knight, warned customers to also be on the lookout for phishing emails using the stolen data, or capitalizing on interest in the incident.

“After an incident like this, criminals from around the world will jump at the chance to try and catch a few unsuspecting people out,” he added. “If you receive any emails purporting to be from Ticketmaster asking for any personal information, discard them. If you need to contact Ticketmaster, type the website address into your browser and log-in that way. It’s better to be safe than sorry.”

Javvad Malik, security advocate at AlienVault, added that the case highlights the issue of supplier risk.

"It appears as if the attacker was able to break in via a third party, reinforcing the importance of vetting all third parties for the access they require, and to have in place ongoing monitoring and threat detection controls that can raise alerts when a third party is accessing corporate systems,” he argued.

Ticketmaster is also working with the ICO and this case could well be a first major test of the GDPR, depending on when the incident actually occurred.

Categories: Cyber Risk News

Employees Willing to Leave if Company Lags in Tech

Wed, 06/27/2018 - 14:18
Employees Willing to Leave if Company Lags in Tech

A new study by Unisys Corporation found that today’s employees are so keen on technology that they would consider leaving their place of employment if they aren’t empowered with the most updated technology.

The study attempted to gauge employee perspectives on the importance of deploying current and future digital capabilities in the workplace and queried more than 12,000 members of the workforce in the UK and 11 other countries around the world.

Based on the level of updated technology made available to their employees, companies were categorized as either technology leaders or laggards. More than half (56%) of the new digital workforce said they were frustrated with their laggard employees, while only 9% of workers at companies considered technology leaders expressed similar frustration.

The study found a direct correlation between the threat of attrition, as workers at technology laggards (14%) were willing to quit, while only 2% of employees at technology leaders saying they were likely to look for new opportunities. Still, less than a third of all workers surveyed in the UK (26%) identified their organizations as technology leaders. The global average of workplaces falling into the leader category was 32%, with the UK ranked 11 out of the 12 countries surveyed.  

“The data show a clear new paradigm in today’s UK digital workplace: more than one-third of those who work for technology laggards feel like outdated devices are limiting their productivity, with more than half frustrated and many with one eye on the door as a result,” Mickey Davis, global vice president of managed workplace services, Unisys, said in a press release. “Equipping devices with the right applications and productivity tools is critically important to access and engagement.”

Devices, though, are a bone of contention for workers at laggard organizations, with 35% of these workers reporting that they could be more productive but for their outdated devices. Because their companies do not provide them with the technology they need, 39% of employees said they download apps and websites not supported by their organization’s IT group.

“With a substantial number of businesses behind the technological curve, it puts them and the economy at risk from a talent retention standpoint and brings down their overall efficiency and productivity,” Davis said. "This not only costs resources but also has a negative impact on their relationship with the employer, with many considering new jobs because of their frustration."

Categories: Cyber Risk News

Female Students Awarded Cybersecurity Scholarships

Wed, 06/27/2018 - 13:34
Female Students Awarded Cybersecurity Scholarships

Three women chosen from a large pool of highly qualified candidates are the new recipients of Morphisec's Women in Cybersecurity Scholarship. An independent judge, Limor Elhayani, made the final determinations. Elhayani is vice president of threat engineering at Citi and has herself been the only woman in the room for most of her professional life.

In an effort to bring more women into a field where they are severely underrepresented, Netta Schmeidler, VP of product at Morphisec, launched the scholarship program in October 2017. The company offers three scholarships for female students who are pursuing degrees in cybersecurity, information assurance, information security, information systems security and other subdisciplines of computer science.

Two prerequisites to eligibility included that the women had to have been enrolled at an accredited academic institution of higher learning during the 2017–2018 school year and that they must be Israeli or US citizens or permanent legal residents of either country.

“The cybersecurity field needs more women,” said Schmeidler. “Their diverse voices, viewpoints and opinions help drive innovation, improvement and resilience. Although the latest figures on the number of women in cybersecurity show improvement, we have a long way to go."

"The Morphisec scholarship is our way to bring some visibility and encouragement to young women who are exploring or may not even have before considered a career in this field," she continued. "We were very impressed with the submissions of these outstanding students and know that they will be a tremendous asset to the industry.”

The first prize, which includes a scholarship and a personal mentoring session, was awarded to Inbar Oz, a computer science and bioinformatics student at Tel Aviv University. Undergraduate student of cybersecurity at University of West Florida Megan Morton received the second prize. The third scholarship went to Noa Yehezkel, who is a candidate for her master’s in computer science at Bar-Ilan University.

“Women deserve the same opportunities as men to grow and pursue their ambitions. I want to help bring more women into technology companies and increase diversity that will drive a change in the organizational culture and biases,” Elhayani said.

Categories: Cyber Risk News

Group Tied to Russia Attacked ProtonMail

Wed, 06/27/2018 - 12:59
Group Tied to Russia Attacked ProtonMail

Twitter was abuzz this morning after ProtonMail tweeted that its network had been under sustained attack, the result of a distributed denial-of-service (DDoS) attack traced back to a group claiming to have ties with Russia.

The attack impacted both ProtonMail and ProtonVPN so that the services were "intermittent at best," as one person wrote on Twitter. After several hours, the service has been restored and all queued emails have been sent or delivered.

"Our network was hit by a DDoS attack that was unlike the more 'generic' DDoS attacks that we deal with on a daily basis," a ProtonMail spokesperson wrote in an email. "As a result, our upstream DDoS protection service (Radware) needed more time than usual to perform mitigation."

While the entire duration of the attack lasted several hours, the outages were far briefer, with most lasting only minutes at a time, though the longest outage was on the order of 10 minutes.

"Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future. While we don't yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS's on record," the spokesperson wrote. 

ProtonMail confirmed that there was no data breach and that no emails were compromised or lost. In order to ensure the safety of the data stored on their servers, ProtonMail uses zero-access encryption to store the content of emails, an added layer of protection in the event of a breach.  

Categories: Cyber Risk News

NSA Leaker Winner Pleads Guilty

Wed, 06/27/2018 - 10:04
NSA Leaker Winner Pleads Guilty

A former National Security Agency (NSA) contractor has pleaded guilty to leaking key intelligence on Russian attempts to target officials ahead of the 2016 election.

Reality Winner, 26, now faces a sentence of 63 months after reaching a plea deal with prosecutors, according to reports.

Winner, who was honorably discharged from the Air Force in 2016 before taking up a job with outsourcer Pluribus International, is said to have printed out a top secret intelligence report before scanning and sending it to The Intercept.

She was caught after the publication shared it with the authorities whilst trying to authenticate it: tiny microdots on the paper apparently identified the printer that had been used as well as the date and time.

The information she disclosed was incendiary, revealing the true extent of Russian state-backed efforts to disrupt the US elections.

It detailed intelligence reports revealing that Kremlin hackers had spear-phished at least 100 state and local voting officials in the week prior to election day, beginning with a US voting software supplier.

The report noted:

“Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named US company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting US local government organizations.”

Winner’s motivation appeared to be anger at the lies she was regularly exposed to at work on Fox News.

Last year, prosecutor, Jennifer Solari, argued that Winner had been “mad about some things she had seen in the media, and she wanted to set the facts right,” according to the New York Times.

Categories: Cyber Risk News

High-Profile Incidents Have Made Boards Cyber Savvy

Wed, 06/27/2018 - 09:32
High-Profile Incidents Have Made Boards Cyber Savvy

Global boards have become more aware of cyber-threats thanks to the devastating effect of high-profile ransomware incidents last year, new research from SentinelOne has revealed.

The security vendor polled 500 businesses in the UK, US, France and Germany to find out more on attitudes to cybersecurity at the top decision-making level.

Half of all respondents claimed that visibility of cyber-threats had grown at a board-level thanks to the impact attacks like WannaCry and NotPetya had on the bottom line of major multi-nationals in 2017.

NotPetya was perhaps most notable in leading to estimated losses of $300m at Danish shipper Maersk, $300m at FedEx subsidiary TNT and in the region of £100m ($132m) at UK Nurofen-maker Reckitt Benckiser.

However, WannaCry also caused significant damage, causing an estimated 19,000 cancelled operations and appointments at the NHS, further raising the profile of such attacks at a senior level.

The good news is that 54% of respondents told SentinelOne that there is now more chance of their boards releasing funds for employee training and awareness programs, while 43% claimed there’s more money in general for cybersecurity.

Over three-quarters (79%) also said their organization is getting better at combating ransomware.

However, ransomware reporting continues to be a challenge, with only 49% of organizations notifying police of attacks over the past year, down from 54% in the 2016 report.

This tallies with figures from the FBI, which revealed in May that it received just 1783 ransomware complaints last year, linked to losses of only $2.3m — a big drop from the 2673 reports it processed in 2016 and the 2453 from 2015.

Nearly two-thirds (62%) of respondents told SentinelOne they want to see more resources for law enforcers to catch cyber-criminals, but without accurate reporting police will struggle.

Interestingly 75% of UK respondents claimed they want to see greater international co-operation between countries to protect against attack, exactly the reverse of what will happen after Brexit.

There's no mention of the UK participating in a new EU cyber-response force announced this week, for example.

Categories: Cyber Risk News

AI Integral to Our Economy & Society, says DCMS Secretary of State

Wed, 06/27/2018 - 08:55
AI Integral to Our Economy & Society, says DCMS Secretary of State

Speaking yesterday at the official opening of the London Office for Rapid Cybersecurity Advancement (LORCA), a new center dedicated to UK cyber-innovation based in East London’s Queen Elizabeth Olympic Park, Matt Hancock, secretary of state for Digital, Culture, Media and Sport, discussed the growth of AI and its impact on the UK economy and society.

“What makes AI so revolutionary is the fact that it learns itself and gets better every single day,” he said. “Just as AI is adapting, our economy and society is adapting too, and it must adapt so we can make the most of this seismic change.”

Ultimately, he added, all other significant advances in the human condition have been led by improvements in knowledge and collective intelligence, “and this one is no different, except that that intelligence is not just in the connection of human minds.

“Whether it’s improving travel, making banking easier, making government work better or helping people to live longer, AI is already integral to our economy and society.”

The UK is recognized as one of the leading nations in the development and ethical use of AI, Hancock explained, but “we need to keep looking forward and we can only say that we’ve really succeeded if we tackle the long-term issues that are shaping the challenges that we must overcome in order to stay in the lead.”

A key part of that is transforming the prevention, early diagnosis and treatment of a number of diseases, and “making sure that the data is both secure and held in a way that enhances privacy is mission critical to the challenge in the use of health data for the better: As AI and the data that underpins it becomes more sophisticated, there are huge opportunities to make the impossible possible and to save lives.”

AI will transform lives like never before, Hancock concluded, and we want to transform society for the better and for it to be designed and developed in the UK.

Categories: Cyber Risk News

EU Set for New Cyber-Response Force

Wed, 06/27/2018 - 08:54
EU Set for New Cyber-Response Force

EU member states have agreed to develop a cyber-response force designed to combat future attacks, according to the Lithuanian government.

A Declaration of Intent proposed by the Baltic state at a session of the EU Foreign Affairs Council in Luxembourg on Monday was signed by five other countries: Romania, Croatia, Estonia, the Netherlands and Spain. Four more are said to be ready to sign by the end of the year.

The response force would be comprised of investigation specialists and others from the security institutions of participating countries, rotating twice a year.

“In reality it would look like this: each participant would need to have a standing cybersecurity unit which could join the neutralization and investigation in virtual or even in physical reality in the event of a significant cyber-incident,” said national defense minister, Raimundas Karoblis.

“EU countries have not had the opportunity to address cyber-incidents together so far, and in the meanwhile, the attacks are not limited by country borders. Lithuania has taken up the role of leadership in proposing first a practical solution in strengthening collective defense in cyberspace and countering threats in a new dimension.”

Figures from the Lithuanian National Cyber Security Center reportedly reveal a growth in cyber-attacks of 10% annually.

Alongside those countries already signed up, France and Finland are also participants of the project while Belgium, Germany, Greece and Slovenia are observers.

The first joint exercise is expected to take place later this year in Lithuania.

There is no mention of the UK, which is not surprising given its decision to leave the EU. However, British security experts will be concerned at the growing isolation of the country, which could leave it more exposed to online threats.

Europol boss Rob Wainright confirmed in March that the UK will no longer receive high quality information from the pan-regional law enforcement agency.

Categories: Cyber Risk News

School's Not out for Hackers This Summer

Tue, 06/26/2018 - 14:51
School's Not out for Hackers This Summer

Parents looking to keep their teens challenged this summer can enroll them in Hacker Highschool (HHS), which provides free online lessons for teens, the most recent of which is the result of IBM’s partnership with ISECOM and HHS. These lessons are designed to help students learn hacking as a means of figuring out how things work. Currently, there are 12 lessons available, starting aptly with “Being a Hacker.”

In a blog post today, Pete Herzog, managing director at ISECOM wrote that HHS is “a great tool specifically designed to teach teens how to approach problems with a hacking mentality – and it’s available for free, online. The only prerequisites teens need to get started are a natural curiosity and an eagerness to learn.”

Additionally, David Jarvis, security lead for the IBM Institute for Business Value, and Heather Ricciuto, academic outreach leader for IBM Security, joined Herzog in a podcast released today to talk about why cybersecurity awareness and hacking skills are critical for today’s youth. Commenting on what drew them to partner with HHS, Ricciuto said the goals were aligned with their "new collar" initiative, adding, "we need to engage kids in cybersecurity discussions a lot earlier than we traditionally have been."

The newest lesson for the curriculum is "Defensive Hacking” and serves as an introduction to some of the skills and tools needed for a security operation center analyst role," Ricciuto said. "We worked closely with Hacker Highschool to understand where they wanted to take their curriculum next and to then determine the best fit for a collaborative lesson with IBM. Because SOC analyst skills are in high demand, and the junior SOC Analyst role is one that does not necessarily require a traditional degree for entry, we quickly landed on defensive hacking as the subject for this collaborative lesson. 

"A small group of IBM Security experts volunteered their time to help develop this exciting new defensive hacking lesson. We are thrilled to see the fruits of our collaboration made available today, just in time for summer."

It’s understood that these lessons aren’t establishing the trajectory of a participant's career. “No matter where they end up in their professional lives...these students will always be hackers at heart. For teens looking to develop the grit, resourcefulness and creativity necessary to solve a wide variety of problems, this summer is the perfect time to learn how to hack,” Herzog wrote.

Categories: Cyber Risk News

Phishing Cited by SMBs as Top Attack Threat

Tue, 06/26/2018 - 14:15
Phishing Cited by SMBs as Top Attack Threat

A new survey of 600 IT decision makers at small-to-midsized businesses (SMBs) found that nearly all SMBs are conducting some form of employee cybersecurity awareness training, which could be due in part to the fear of phishing. 

It might seem promising to note that the new global report, Webroot SMB Cybersecurity Preparedness, found almost 100% of businesses train their employees in cybersecurity awareness. However, the report also found that the number significantly decreases for ongoing training practices, with only 39% of companies reporting that they educate employees continuously throughout the duration of employment.

Yet the report found that businesses in the US, UK and Australia are taking cybersecurity seriously. It revealed a shift in the attacks organizations believed themselves to be most susceptible to in 2017. Also noteworthy was the finding that the estimated cost of a breach is decreasing. 

While phishing ranked third for most dangerous threat in 2017, it topped the chart for 2018. Nearly half (48%) of respondents identified phishing attacks as the top perceived threat , and 45% said that their business will be susceptible to DNS attacks. Overall, phishing displaced new forms of malware, which fell to number six, behind distributed denial-of-service (DDoS) and mobile attacks. Ransomware grew from fifth place in 2017 to third in 2018; however, the responses varied by geography.

The large majority of SMBs in the UK (69%) reported that their businesses were almost completely ready to manage IT security and protect against threats, while only 54% of SMBs in both the US and Australia reported the same.

“As our study shows, the rise of new attacks is leaving SMBs feeling unprepared. One of the most effective strategies to keep your company safe is with a layered cybersecurity strategy that can secure users and their devices at every stage of an attack, across every possible attack vector. And for many businesses, relying on a managed service provider (MSP) when time and expertise aren’t readily available is a crucial step to strengthen their security efforts,” Charlie Tomeo, vice president of worldwide business sales, Webroot, said in a press release. 

Categories: Cyber Risk News

Survey Finds Privacy Protection a Lost Cause

Tue, 06/26/2018 - 13:23
Survey Finds Privacy Protection a Lost Cause

Black Hat today released a new report, Where Cybersecurity Stands, based on a survey of Black Hat USA attendees. The survey looked, in part, at whether privacy protection is a lost cause and posed questions to more than 300 top information security professionals about privacy, election hacking, the US federal government’s ability to handle cyber-threats, nation-state attacks, the cryptocurrency hype and the perceived risks to the nation’s critical infrastructure.

The survey revealed that only 26% of respondents believe individuals will be able to protect their online identity and privacy in the future. These results were reportedly influenced by a string of data breach announcements coupled with the recent Facebook investigation.

Because of growing concerns about the collection, use and sharing of data on social networks, 55% of respondents warn Facebook users to think differently about what data they share. In addition, 75% noted that they have either limited their use of or avoided using Facebook.

According to the survey, cybersecurity professionals grow more concerned about the safety of their own users and data, as well as their privacy. They also have a growing concern about the security of increasingly connected systems and the stability of national and international environments.

“In short, the professionals who are most familiar with today’s cybersecurity environment are in broad agreement that the systems that today serve as platforms for personal, political, and financial interchange are at significant risk of compromise – or even collapse,” the report stated.

Few security professionals (13%) expressed faith in government when it comes to understanding and defending against cyber-threats, with 71% reporting that recent nation-state activity from Russia, China and North Korea has made US enterprise data less secure. In 2017, Black Hat reported that 60% of security professionals expected a successful attack on US critical infrastructure. According to the 2018 report, that data point has risen almost 10%.

An additional key finding consistent with the grim outlook of survey respondents was that nearly 60% of them believe they will have to respond to a major security breach in their own organization in the coming year, though most feel they have inadequate staffing and budget to defend against emerging threats.

Categories: Cyber Risk News