Info Security

Subscribe to Info Security  feed
Updated: 30 min 23 sec ago

Twitter Switches Off SMS Services for Security Reasons

Wed, 04/29/2020 - 09:45
Twitter Switches Off SMS Services for Security Reasons

Twitter has announced it is to switch off its SMS-based service in most countries for security reasons, marking the end of an era for the social network.

When it was first launched, the service was specifically built around SMS, with users texting their tweets, hence the 140-character limit. Things soon moved on as smartphones became near-ubiquitous and account holders switched to the more user-friendly app.

However, in an update this week, the firm said: “We want to continue to help keep your account safe. We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries.”

It’s unclear exactly what these vulnerabilities are, although Twitter previously switched off the ability to tweet via text after hackers hijacked the account of co-founder and CEO, Jack Dorsey.

On that occasion they managed to get hold of his phone number via a classic SIM-swap attack and used the feature to send out tweets in his name.

Twitter is not turning off SMS for two-factor authentication, although text-based authentication codes have been abused multiple times in the past by SIM-swap attackers.

“Everyone will still have access to important SMS messages needed to log in to and manage their accounts,” the firm said.

Twitter sought to tackle this problem in November last year when it allowed users to enroll in 2FA without a linked phone number, meaning they can choose any 2FA system that supports the FIDO2 WebAuthn protocol.

In February this year, the social network was forced to act to fix an API bug that was being abused by state actors to unmask individual users around the world.

The decision to abandon SMS-based tweets has been met with some resistance, as users took to the site to complain that the service is useful in situations such as power outages when internet connectivity goes down.

Categories: Cyber Risk News

Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

Wed, 04/29/2020 - 08:52
Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo

A major US pharmaceutical firm has revealed that ransomware attackers recently encrypted its servers and stole corporate and employee data.

ExecuPharm explained in a breach notification to the Office of the Vermont Attorney General that the incident occurred on March 13, when “unknown individuals” deployed ransomware to its IT systems and sought payment in return for a decryption key.

“As part of this incident, ExecuPharm employees received phishing emails from the unknown individuals,” it said.

“Upon a thorough investigation, ExecuPharm determined that the individuals behind the encryption and the sending of these emails may have accessed and/or shared select personal information relating to ExecuPharm personnel, as well as personal information relating to Parexel personnel, whose information was stored on ExecuPharm’s data network.”

Parexel is the Massachusetts-headquartered parent company of ExecuPharm.

The firm claimed that information stolen included: social security numbers, taxpayer IDs, driver’s license numbers, passport numbers, bank account details, credit card numbers, NI numbers and beneficiary information.

That represents a major haul for any data theft and one which could be sold on the dark web and/or, as has been reported, published online in an attempt to persuade the firm to pay the original ransom.

Matt Walmsley, EMEA director at Vectra, warned that there’s no publicly available decryption methods for the ransomware used in this attack, and that pharma companies rich with sensitive R&D represent a highly lucrative target for cyber-criminals.

“Attackers tend to target privileged entities associated with accounts, hosts and services due to the unrestricted access they can provide and to ease replication and propagation. Attackers will manoeuver themselves through a network and make that step from a regular user account, to a privileged account which can give them access to all the data they need in order to finalize their ransomware attack and bribe their victims,” he explained. 

“Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks. Early detection and response are key to gaining back control and stopping the attackers in their tracks before they can propagate across the organization, stealing and denying access to data.” 

Categories: Cyber Risk News

Researchers Develop Anonymization Model for #COVID19 Contact Tracing

Wed, 04/29/2020 - 08:00
Researchers Develop Anonymization Model for #COVID19 Contact Tracing

A model for a contact tracing app that protects personal data has been developed by an interdisciplinary team at the Technical University of Munich (TUM). The researchers have created an encryption process that enables people who have come into close contact with a COVID-19-positive individual to be warned without their phones recognizing the infected person’s temporary contact number (TCN).

Contact tracing apps are seen as a crucial tool in slowing the spread of COVID-19 and helping to end lockdown measures, with a number currently in development in countries such as the UK. However, concerns over individual privacy regarding their use have been flagged in recent weeks, including fears that the personal data collected could be targeted by cyber-criminals.

Mobiles on which these apps are installed use Bluetooth technology to exchange randomly generated TCNs, which constantly change. The TCNs are collected locally on the devices and stored for a limited period. If someone tests positive for COVID-19, that person’s contacts are immediately notified.

Through an encryption process called private set intersection cardinality, the TUM team have found a means of cross-checking TCNs of infected individuals against those collected on mobile phones without the need to load the TCNs onto their contact’s phones.

“As a result, the risk scenario in which an attacker could combine the received TCNs with other information such as the date, time and location where the TCN was transmitted – which would endanger the anonymity of an infected person – is minimized to a large extent,” explained physicist Kilian Holzapfel, TUM.

A successful qualification request for the app’s decentralized standard to the Bluetooth Special Interest Group has already been submitted. A prototype of the app is currently being tested with the Android operating system; however, the team expect it to be a few more weeks before it is available for use.

Categories: Cyber Risk News

US Attorney Advises Clients to Use McDonald's WiFi

Tue, 04/28/2020 - 18:54
US Attorney Advises Clients to Use McDonald's WiFi

A US attorney has advised clients without a smartphone or mobile device to borrow one from a friend or neighbor and use the free WiFi provided by McDonald's to log onto virtual court hearings.

Elisabeth Trefonas, a senior assistant public defender based in Jackson, Wyoming, told the Associated Press that clients had experienced difficulties accessing hearings that have been held online since lockdown measures were introduced to slow the spread of COVID-19.

“Some of our clients don’t have tablets or smart devices,” said Trefonas, adding that she had also advised folks to connect via the free WiFi offered by public libraries. 

The Teton County Courthouse has been closed to the public since March 24, with Judge Timothy Day and Teton County Circuit Court Judge Jim Radda holding virtual hearings only. Instead of being surrounded by defendants, attorneys, victims, a bailiff, a clerk, court security, reporters, and spectators, Day and Radda simply sit on their own with a computer.

“All the video stuff I do from court with my robe on,” Day told the Jackson Hole News&Guide in a video interview. “It’s just me.”

Day said that despite the challenges posed by performing his role virtually, it was vital to keep the wheels of justice turning. 

“It is more important than ever during this that people have confidence the justice system is still working,” Day said. “Their rights are being protected, the rule of law is still being followed and it is important we continue to do as many hearings as we can.”

To facilitate the new way of operating, court orders are allowing attorney to e-file documents so they can meet filing deadlines and represent clients without visiting the courthouse in person. 

After a couple of weeks of advising defendants without smart devices or tablets to borrow from their friends or neighbors, the court settled on a different solution. 

“We have purchased a tablet and set up a hotspot in the lobby of the courthouse,” said Day, “It allows people to connect here.”

Head of court security, Teton County Sheriff’s Corporal Mike Crook, said that the tablet is sanitized before and after use and is not handed directly to anyone in adherence to social distancing guidelines.

Categories: Cyber Risk News

#COVID19 Tracking App Tells Untested Aussies They're Infected

Tue, 04/28/2020 - 15:34
#COVID19 Tracking App Tells Untested Aussies They're Infected

A COVID-19 tracking app introduced by the Australian government has been informing users who haven't even been tested for the novel coronavirus that they have contracted the bug.

The CovidSafe app went live at 6pm on April 26 and was downloaded a million times on its first night. Australian prime minister Scott Morrison has said that for the voluntary app to be effective at helping to slow the spread of the contagious virus, at least 40% of the country's approximately 25 million people need to adopt it.

By using Bluetooth technology to track users who come within 1.5 meters of people who have tested positive for COVID-19, it is hoped that the app can help ease strict lockdown measures.

However, many Australians who downloaded the app were confronted with a screen informing them that they had tested positive for coronavirus, despite not having been tested for COVID-19. 

After selecting the option to "upload my information," users were shown the message: "You have tested positive for COVID-19. Unless you consent, your contact information will not be uploaded. If you consent, your contact information will be uploaded and shared with State or Territory health officials for contact tracing purposes."

A spokesman for Government Services Minister Stuart Robert said the message was not a flaw in the newly released tracking app. According to Robert, the confusion arose from users' interacting with the app incorrectly. 

"You don't upload if you haven't tested positive, that's the whole point of the app," Robert told Daily Mail Australia.

"You're only supposed to push that button if you've been asked to by a health official if you've tested positive."

Users of the app told the Daily Mail Australia, "Nowhere does it say, 'click if you've been diagnosed with coronavirus' or 'have you tested positive for COVID-19?'"

Since its launch on Sunday, several issues have been reported regarding the CovidSafe app. Noted problems include the failure of the app to recognize the user's phone number, missing confirmation emails, and the cessation of the Bluetooth signal when a cell phone enters low power mode. 

Australia had 6,714 coronavirus cases as of Sunday night, with 83 deaths, 1,086 active cases, and 5,541 patients fully recovered.

Categories: Cyber Risk News

Fortinet Offers Free Cybersecurity Training

Tue, 04/28/2020 - 15:30
Fortinet Offers Free Cybersecurity Training

A cybersecurity company is offering free training courses to help keep businesses cyber-safe.

Fortinet has made all its online training programs free for the remainder of 2020 to address the skills gap in the cybersecurity industry, outlined in the 2019 (ISC)2 Cybersecurity Workforce Study. The study found that nearly two-thirds of companies lacked the skilled staff required to operate securely.  

The generous gesture comes as companies around the world have transitioned to remote working to comply with lockdown measures introduced to slow the spread of COVID-19. 

“The current reality has forced many organizations to face rapid change and new risks as they’ve transitioned to remote workforce models. IT teams are under pressure to effectively secure their organizations, in very dynamic environments which require broad security skill sets," said John Maddison, EVP of products and CMO at Fortinet.

“As both a technology company and a learning organization, we are making our entire online, self-paced catalogue of advanced training courses available for free so that any IT professional can expand timely knowledge and skills on-demand as needed to effectively protect their organizations.”

From today, Fortinet's entire catalog of 24 self-paced advanced security courses is free to access. Topics covered by the courses include Secure SD-WAN, public cloud security, and secure access.

The programs are designed to help security professionals expand their playbook while also providing "students and anyone looking to start a career in cybersecurity the opportunity to learn new skills or upskill."

Recorded lab demos for these courses will be available for on-demand viewing and supplemented with regularly scheduled live sessions with Fortinet Certified Trainers. 

The majority of courses are from the official Network Security Expert Institute curriculum. Fortinet established the NSE Institute in 2015, comprised of the NSE training and certification program, the Fortinet Network Security Academy, and the Fortinet Veterans program, to educate the next generation of cybersecurity professionals. 

As part of the program’s free training catalog, Fortinet provides foundational cyber-awareness courses for anyone through levels NSE 1 and NSE 2. In addition, the FortiGate Essentials training was recently added as an additional course for anyone interested in learning how to use firewall policies, user authentication, routing, and SSL VPN.

Categories: Cyber Risk News

Researchers Spot Banking Trojan Using #COVID19 Crisis to Attack Users

Tue, 04/28/2020 - 15:00
Researchers Spot Banking Trojan Using #COVID19 Crisis to Attack Users

The banking Trojan Grandoreiro has been taking advantage of the COVID-19 crisis to attack users, an analysis by ESET has shown. The internet security company has found the Trojan hiding in videos on fake websites that promise to provide vital information about the virus. Attempting to play the video leads to the download of a payload on the visitors’ device.

Grandoreiro has been seen operating since 2016, and targets users in Brazil, Mexico, Spain and Peru. It has previously almost exclusively been distributed through email spam, in which the authors utilize a fake Java or Flash update. Through these fake pop-up windows, users are encouraged to give away sensitive information.

Now, Grandoreiro authors are shifting their tactics to target users through COVID-19 scams on fake websites. This coincides with a general shift towards cyber-attacks related to the virus that play on people’s fears as the crisis has developed in recent weeks.

Once a machine is affected, Grandoreiro is able to collect information about it using a variety of techniques. These include manipulating windows, updating itself, capturing keystrokes, simulating mouse and keyboard actions, navigating browsers to chosen URLs, signing out and restarting machines, and blocking access to websites. In some versions, it is also able to steal credentials stored in Google Chrome and data stored in Microsoft Outlook browsers.

The Trojan has also proven to be very difficult for cybersecurity experts to detect and remove.

“For a Latin American banking Trojan, Grandoreiro utilizes a surprisingly large number of tricks to evade detection and emulation. That includes many techniques to detect or even disable banking protection software,” explained ESET researcher Robert Šuman.

“They [the attackers] seem to be developing the banking Trojan very rapidly. Almost every new version we see introduces some changes. We also suspect they are developing at least two variants simultaneously. Interestingly, from a technical point of view, they also utilize a very specific application of the binary padding technique that makes it hard to get rid of the padding while keeping a valid file.”

Categories: Cyber Risk News

Cybersecurity Pros See Roles and Duties Change Due to #COVID19

Tue, 04/28/2020 - 13:35
Cybersecurity Pros See Roles and Duties Change Due to #COVID19

A majority of cybersecurity professionals have said that their job functions have changed due to the COVID-19 pandemic, with 90% now working remotely full-time.

According to a survey of 256 cybersecurity professionals by (ISC)2, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. The survey, which was conducted this month, also found that 96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees.

Also, 23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents. Despite this, 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce.

One respondent, who chose to remain anonymous, said: “COVID-19 hit us with all the necessary ingredients to fuel cybercrime” including staff working from home before most organizations were ready, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information.

The survey also asked respondents to share comments about the challenges they face during the pandemic. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office. 

One respondent commented: “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”

Max Vetter, chief cyber-officer at Immersive Labs, said that the news comes as no real surprise. “With workforces transitioning to remote working, security teams have had to contend with a whole new set of problems and threats that many have not had to face before,” he explained.

“This raises the additional complexity of security professionals having to potentially learn new skills or how to handle new situations in a remote environment. This is a new situation for many security teams, and an area that traditional training cannot cover. It is important that teams are able to upskill themselves on the most recent threat data to ensure that they are sufficiently battle-tested if a hacker targets their company’s remote workforce or systems.”

David Grout, CTO for EMEA at FireEye, said: “The survey reports about the number of cyber-attacks doubling since the pandemic began, so the security of an organization’s technologies, applications and firewalls/anti-malware can’t slip despite security teams being spread thinly.

“It will also be important to ensure there is an increased awareness of security measures for the remote workers themselves. In particular, those who have not worked from home before will be unsure about best practices to protect themselves and business information.”

Categories: Cyber Risk News

Moscow’s Fraudsters Sell Fake #COVID19 Travel Passes

Tue, 04/28/2020 - 11:00
Moscow’s Fraudsters Sell Fake #COVID19 Travel Passes

Muscovite fraudsters are capitalizing on the city’s COVID-19 lockdown by offering to sell desperate citizens the digital passes they now need to travel around the city.

Singapore-based security vendor Group-IB said it had helped identify 126 websites, Telegram channels and social media accounts peddling the fake passes.

As of April 15, locals have been forced to request a digital permit featuring a QR code in order to travel around the Russian capital using public or personal transport, according to an order issued by mayor Sergei Sobyanin.

However, before the official system for applications was up and running, scammers apparently stepped into the void to offer the passes, charging between $38-$65.

Group-IB said it managed to identify those behind one of the campaigns, which offered passes for Moscow, St Petersburg and Krasnodar.

Using a well-known messaging app to communicate with potential customers, they passed themselves off as law enforcers, and asked for passport or vehicle registration and license plate details.

Unfortunately, once the money was received, they would delete the chat, blacklist the victim and move on to the next target, the vendor explained.

Several arrests have been made in that case, and Group-IB is continuing to work with the Moscow Department of Information Technology on other scam campaigns. It claimed that 78 fraudulent websites, social media accounts and messenger channels have been blocked so far.

“Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to sell fake digital passes,” said Sergey Lupanin, head of cyber-investigations at Group-IB.

“The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.”

Categories: Cyber Risk News

OutSystems Launches Free Online Coding School for UK Developers

Tue, 04/28/2020 - 09:45
OutSystems Launches Free Online Coding School for UK Developers

OutSystems, a global leader in low-code application development, has today announced the availability of its online Low-Code School for developers in the UK.

The no-cost Low-Code School, now in its 11th intake and having already trained and certified more than 200 developers across Europe, is open to 20 participants and will run from June 15 until June 26, providing a two-week online training program designed to upskill developers that know traditional coding languages.

According to OutSystems, the training sessions will run on weekdays outside of business hours and will be fully available online due to restrictions of the COVID-19 pandemic

In addition to the training, OutSystems is offering participants free access to its technology certification, which usually costs £145, and will introduce participants to job opportunities within its ecosystem of customers and partners. 

“These are challenging times, but we’ve developed our online program so that someone with a technical background can learn about and be certified on OutSystems during our two-week course,” said Gonçalo Gaiolas, VP of product and community at OutSystems. “This, combined with the number of jobs already available for professionals qualified in our technology, means that developers can upskill and find new opportunities with minimal risk.”

For further details about the OutSystems Low-Code School or to apply for the program, visit

Categories: Cyber Risk News

Warwick Uni Under Fire After Reported Breach Cover-Up

Tue, 04/28/2020 - 09:15
Warwick Uni Under Fire After Reported Breach Cover-Up

A leading UK university has come under fire after reportedly failing to notify those affected after hackers breached its administrative network last year.

Warwick University, a member of the Russell Group comprising the country’s top 24 universities, suffered the attack when an employee unwittingly installed malware. That reportedly allowed hackers to lift personal information on students, staff and volunteers taking part in research studies.

However, the impact of the incident was compounded because data protection at the university was so poor that the institution couldn’t identify which information had been stolen, according to Sky News.

Registrar and executive lead for data protection, Rachel Sandby-Thomas, apparently took the decision not to inform those whose data was stored on the admin network about the incident. It’s unclear whether regulator the Information Commissioner’s Office (ICO) was told, as the incident would seem to fall under the remit of the GDPR.

However, a voluntary audit of the university by the ICO, published in March, revealed multiple failings of processes and procedures in governance and accountability, security of personal data and training and awareness. The latter category was described as having a “very limited” assurance rating.

The university apparently disbanded the data protection privacy group (DPPG) that Sandby-Thomas chaired after the ICO suggested she be replaced, admitting that she didn’t have the “specialist skill set and experience” needed, according to the news report.

That’s despite the individual having been the executive lead for IT and data protection at the Uni since 2016.

An internal email seen by the news channel also revealed that Sandby-Thomas tried to block the voluntary ICO audit until she was told that the alternative was a “compulsory less friendly one.”

Jake Moore, cybersecurity specialist at ESET, argued that any cover-up of data breach incidents is likely to do more harm than good.

“It is far better to own up to attacks, especially given that constant attacks against organizations from cyber-criminals across the world mean that breaches will inevitably happen,” he added. “Many people are more forgiving now and tend to appreciate when organizations own up at the earliest opportunity and even show where there have been failings.”

Categories: Cyber Risk News

Rapid7 Buys into CSPM with DivvyCloud Purchase

Tue, 04/28/2020 - 08:24
Rapid7 Buys into CSPM with DivvyCloud Purchase

Rapid7 has become the latest big-name security vendor to invest in new cloud security posture management (CSPM) capabilities, with the acquisition of DivvyCloud today.

The security analytics and automation vendor will pay $145m in cash and stock for the Arlington, Virginia-based CSPM specialist, with the acquisition expected to close in the second quarter of the year.

DivvyCloud supports all three major public cloud platforms plus Alibaba Cloud and Kubernetes, offering customers enhanced visibility and automated remediation capabilities to improve the security and compliance of such environments.

Rapid7 believes the addition of this technology will slot neatly into its Insight line-up, which already covers SIEM-based incident detection and response, vulnerability management, application security and security automation and orchestration.

“Security teams are constantly challenged with understanding and effectively managing the risk and security for cloud environments at DevOps speeds,” said the firm’s chief innovation officer, Lee Weiner.

“DivvyCloud’s technology, team and market leadership in the cloud security space will enable Rapid7 to better serve its customers’ needs by helping them innovate more securely, and provide a robust set of compliance and remediation paths for those with modern cloud infrastructure.”

As cloud complexity grows and in-house teams struggle with skills gaps, CSPM has become increasingly popular over recent years as a best practice way to fix the configuration errors that blight cloud deployments.

Last October, Trend Micro bought Australian startup Cloud Conformity in a $70m deal to build out its own capabilities in this area.

According to Gartner, by 2023, 99% of cloud security failures will be the customer’s fault, and “through 2024, organizations implementing a CSPM offering and extending this into development will reduce cloud-related security incidents due to misconfiguration by 80%.”

Categories: Cyber Risk News

Auction of World's Priciest Whisky Ruined by Cyber-Attack

Mon, 04/27/2020 - 19:36
Auction of World's Priciest Whisky Ruined by Cyber-Attack

An online auction of rare whiskies amassed by an American collector has been postponed indefinitely following a cyber-attack.

More than 1,900 bottles from Richard Gooding's collection were successfully auctioned off via the Whisky Auctioneer website earlier this year for just under $4m. The second phase of "The Perfect Collection" auction, consisting of 1,958 lots, began on April 10 and was due to conclude on April 20. 

But before the bidding could end, a cyber-attack forced the Perth-based Whisky Auctioneer website offline. 

Initially, the auction was postponed for 48 hours due to what the site described as “abnormal excessive loads on the website, which caused some technical issues." However, the specialist online auction house later posted a statement on its website revealing that it had become the victim of a cyber-attack. 

"At approx. 22.30 (BST) on 21 April, experienced a targeted, technologically sophisticated, sustained and malicious attack on our website and databases," read the statement. "The website is currently offline whilst we continue to actively investigate this."

The auction house did not reveal any details regarding the nature of the attack but said that it had been in touch with customers who may have been impacted by the incident. An investigation has been launched to determine what occurred.

In a service announcement, Whisky Auctioneer said: "The team here is working extremely hard to investigate this and minimize the impacts on our valued customers as a result of this situation. We take data and cyber security incredibly seriously and have put in place continuously improving safeguards in line with the latest technology available."

Whatever form the attack was, it has caused the potentially record-breaking auction of "The Perfect Collection: Part Two" to be postponed until further notice. Included in the auction's second phase was a bottle of 1926 Macallan expected to fetch around $1.25m on its own.  

Gooding, who passed away in 2014, was the grandson of Caleb D. Bradham, who founded the Pepsi Cola Bottling Company in 1936 in Denver. Born in Colorado and resident in the US, Gooding built his incredible collection up over two decades, flying to Scotland and Ireland on his private jet to source rare vintage whiskies.

Categories: Cyber Risk News

Brits Embrace New Suspicious Email Reporting Service

Mon, 04/27/2020 - 18:28
Brits Embrace New Suspicious Email Reporting Service

The British public have enthusiastically embraced the new suspicious email reporting service (SERS) launched by the UK government's National Cyber Security Centre (NCSC). 

SERS was launched on April 21 as part of the NCSC's Cyber Aware campaign, which teaches six actionable steps to stay safe online. In its first day of operation alone, the service received a staggering 5,151 reports of suspicious emails, which directly led to 83 different scams being quashed.

“The immediate take-up of our new national reporting service shows that the UK is united in its defense against callous attempts to trick people online," said NCSC Chief Executive Officer Ciaran Martin.

“We hope the success of the Suspicious Email Reporting Service deters criminals from such scams, but if you do receive something that doesn’t look right, forward the message to us—you will be helping to protect the UK from email scams and cyber-crime.” 

Martin said that recent malicious email attacks had been themed around the outbreak of COVID-19 in almost every country in the world. 

“While we have not seen a rise in email scams in the last month, coronavirus is the top lure currently used to conduct cyber-crime, exploiting public unease and fear of the pandemic," said Martin.

In the past month, the NCSC has removed more than 2,000 online scams related to the coronavirus, including 471 fake online shops selling fraudulent COVID-19–related items. 

Under the new scheme, bringing a dodgy-looking digital missive to the attention of the NCSC is quick and easy. All recipients need to do is forward the questionable content to, and the NCSC’s automated program will immediately test the validity of the site. Sites found to be phishing scams are removed immediately. 

SERS was co-developed with the City of London Police to take down malicious sites and support UK policing by providing live-time analysis of reports and identifying new patterns in online offending.

Commander Karen Baxter, City of London Police, National Lead for Fraud, said: “Technology is helping us keep connected during coronavirus, but it is sometimes exploited by criminals.

“The new email reporting service helps to combat this, and the results so far show how valuable this tool is.”

Categories: Cyber Risk News

Microsoft Teams Funny GIFs Vulnerability Mended

Mon, 04/27/2020 - 17:59
Microsoft Teams Funny GIFs Vulnerability Mended

Microsoft has fixed a vulnerability in its Teams app that left users at risk of having their accounts taken over. 

The weakness, which involved exploiting some seemingly innocuous and entertaining GIFs, was discovered by researchers at CyberArk.

"We found that by leveraging a subdomain takeover vulnerability in Microsoft Teams, attackers could have used a malicious GIF to scrape users' data and ultimately take over an organization’s entire roster of Teams accounts," said CyberArk's researchers. 

Alarmingly, the vulnerability was found to be capable of spreading automatically "similar to a worm virus" and had the potential to affect every user of the desktop or web browser version of the Teams app. 

"Since users wouldn’t have to share the GIF—just see it—to be impacted, vulnerabilities like this have the ability to spread automatically," noted researchers.

"Imagine the following scenario. An attacker sends a GIF or an image to a victim and gets control over their account. This vulnerability worked just that way and had the potential to take over an organization’s entire roster of Microsoft Teams accounts."

Among the malicious GIFs identified by researchers was one in which a human-sized Donald Duck sweeps a row of cuddly Mickey Mouse toys from a shop display onto the floor, replacing them with toys in his own image. 

When the user views the malicious GIF, the cyber-attacker could use a compromised subdomain to steal security tokens. Users receiving this malicious GIF would have no clue that they were under cyber-attack.

"The victim sees a regular GIF sent to them—that’s it!" noted researchers. "The victim will never know that they’ve been attacked, making the exploitation of this vulnerability stealthy and dangerous." 

Threats that operate in this way pose a huge challenge for businesses, organizations, and individuals relying on communication platforms like Teams to keep in touch with family, friends, and colleagues during the current widespread COVID-inspired lockdowns. Researchers described this particular danger as "a nightmare from a security perspective."

CyberArk said it notified Microsoft of the vulnerability on March 23, and a patch was released earlier this week. There is no evidence it was ever exploited by cyber-criminals.

Categories: Cyber Risk News

89% Reduction in Removal of Child Sexual Abuse Webpages During #COVID19

Mon, 04/27/2020 - 14:00
89% Reduction in Removal of Child Sexual Abuse Webpages During #COVID19

There has been a huge reduction in the number of webpages featuring child sexual abuse being taken down since the COVID-19 crisis developed in mid-March, according to the Internet Watch Foundation (IWF), an organization that identifies child sexual abuse content online.

The UK-based charity reported an 89% reduction in these types of webpages being removed during the period from March 16 to April 2020 compared to the previous month, falling from 14,947 to 1498 URLs.

Quoted in The Guardian newspaper, Susie Hargreaves, the chief executive of the IWF, said: “Even though our analysts are working as normal to find this evil content, it is staying available for longer, even after they have reported it. This means there is more opportunity for sexual predators to view and share it.”

The IWF believe this is because tech companies and law enforcement agencies are operating with reduced staff numbers during the COVID-19 pandemic, and therefore have lower capacity to identify and take down this type of material. Jake Moore, cybersecurity specialist at ESET, argued that COVID-19 lockdown restrictions may need to be lifted for those working in this area to ensure more effective policing of these webpages.

He commented: “It would not only be impractical for child abuse investigators to work from home, it would in fact be against the guidelines. Viewing indecent imagery needs to be conducted under strict laboratory conditions with employees around. These conditions are in place to help protect the victims and others who should not come in contact of such imagery. It would be socially unacceptable for anyone working for law enforcement or a charity to be able to view this content remotely or on their own.

“To combat child abuse imagery sufficiently throughout the pandemic, these investigators need to be considered as key workers and locate the illegal activity from the lab. However, it is naturally going to be conducted at a reduced rate.”

Categories: Cyber Risk News

Online Safety Tech Industry Association Launches

Mon, 04/27/2020 - 12:50
Online Safety Tech Industry Association Launches

The Online Safety Tech Industry Association (OSTIA) has been launched today, bringing together expert companies and advisory bodies to tackle online safety.

With support from the National Crime Agency, GCHQ, the Home Office, NSPCC, and led by Cyan Forensics and PUBLIC, the association unites expert analysts and innovative companies with the joint mission of improving online safety.

OSTIA aims to inform policy makers, technology providers and the public about online safety technologies, establish a collective influence on policy, regulation and support for the sector and provide a forum for networking and collaboration for companies involved in the broad field of online safety.

Chaired by Ian Stevenson, CEO and co-founder of Cyan Forensics, organization representatives will meet regularly with government representatives to explore ways to support innovation and growth in UK tech. 

He said: “The topic of online safety is wide-ranging and hugely complex. Unfortunately for regulators and providers, it is made up of many individual problems; there is no silver bullet that will solve the whole issue. That’s why we wanted to establish this industry association – to create a powerful collective voice to enact change.

“By focusing on specific, actionable areas, we can work together to demonstrate how the thriving safety-related products and services market will play a significant role in helping companies protect the most vulnerable from accessing harmful content, while driving digital growth. Together, we can ensure that the public, technology companies and policy makers are aware of these lifelines.”

The formation of OSTIA was welcomed by Caroline Dinenage, Minister of State for Digital and Culture in the Department for Digital, Culture, Media and Sport, who said: “We are determined to make the UK the safest place in the world to be online and have set out world-leading proposals to put a duty of care on online companies, enforced by an independent regulator.

“We are backing the industry to support our work by developing new products to improve online security and drive growth in the digital economy. This new association will help bring together relevant organizations to collaborate, innovate and create a safer online world.”
The association has three key aims:

  • Provide a voice of hope by informing policy makers, technology providers and the general public about online safety technologies
  • Create collective influence on policy, regulation and broader support for the sector
  • Provide a forum for companies contributing towards the goal of online safety

OSTIA’s current focus is compiling an Introductory Guide to Online Safety, a document drafted with specialist insight from government and civil society organizations. It will act as a guide for online platforms to proactively tackle online safety in the very design of their offerings.

Categories: Cyber Risk News

#COVID19 Fallout Hits UK Tech Startups Hard as Confidence Slumps

Mon, 04/27/2020 - 11:15
#COVID19 Fallout Hits UK Tech Startups Hard as Confidence Slumps

Confidence levels among UK tech startups have significantly dropped over the last three months as the fallout from the coronavirus pandemic takes hold, Studio Graphene’s new Tech Tracker survey has revealed.

The quarterly survey polls more than 100 business leaders within early stage UK-based tech companies to assess and monitor their confidence levels, with the latest highlighting the damaging effect COVID-19 is having on smaller and less-established companies.

As little as 32% of respondents said they were ‘confident’ or ‘very confident’ of increasing their turnover in the next 12 months, which is 42% lower than three months ago and down 47% when compared with Q1 2019.

What’s more, the vast majority of entrepreneurs (91%) said they were worried about the impact that COVID-19 will have on their business, with 35% saying that they do not feel their business is well-prepared to withstand the potential fallout.

In terms of plans for potential growth in the coming year, 58% said they intend to hire more staff (down 19% quarter-on-quarter), 60% hope to raise investment (down 7%) and 49% plan to expand into new territories (down 18%).

Almost 70% of respondents admitted to lacking confidence in the UK Government’s ability to support the tech sector through the COVID-19 pandemic.

Ritam Gandhi, founder and director of Studio Graphene, said: “We launched the Tech Trackersurvey 12 months ago to see how tech firms were responding to Brexit and the general pains of growing a business, but everything has been turned upside down; today’s data shows just how damaging coronavirus has been to business confidence.

“This is the biggest challenge many businesses have ever faced, and with smaller reserves and less nascent customer-bases to fall back on, it is understandable that many startups will be concerned about what the coming months will bring.”

However, Gandhi argued that there are still reasons for UK tech startups to be optimistic.

“Startups are also well placed to weather this storm. They are nimble, agile and able to respond to the challenges that arise on a day-by-day basis. What’s more, demand for technology is higher than ever – consumers and businesses need innovative solutions to the problems they are currently facing. So, there are opportunities for those who can pivot and keep pushing forward.”

Categories: Cyber Risk News

Nintendo Breach Affects 160,000 User Accounts

Mon, 04/27/2020 - 10:15
Nintendo Breach Affects 160,000 User Accounts

Nintendo has begun restricting log-ins and resetting affected passwords after admitting that as many as 160,000 accounts may have been illegally accessed by hackers.

The Japanese gaming giant said it was disabling access to accounts via the legacy Nintendo Network ID (NNID), which was associated with its now-defunct Nintendo 3DS handsets and Wii U consoles.

That’s because, since the beginning of April, hackers have been using NNIDs “obtained illegally by some means other than our service” to access user accounts and buy digital items using stored cards.

Unauthorized third parties may also have been able to view personal information including name, date of birth, gender, country/region and email address.

Aside from doing away with NNID log-ins to Nintendo accounts, Nintendo is resetting passwords that may have been used illegally.

The firm urged users not to share passwords across multiple accounts and to check whether their bank cards may have been used fraudulently.

“Organizations need to pay attention to not only points of access in production environments but also all their deprecated and development endpoints,” said Cequence Security’s Jason Kent.

“These often-forgotten and unsecured APIs can be used by hackers to gain side-door access into systems to achieve the same access to confidential information and monetary gain as if they went through the front door. Unfortunately, most organizations lack full visibility of their APIs, making it a challenge to adequately secure them. "

Chris DeRamus, CTO of DivvyCloud, hypothesized that the attack may have been the result of credential stuffing. The gaming industry accounted for around 22% of attacks spotted by Akamai over a 17-month period.

“To prevent unauthorized access to accounts, users should diversify passwords and usernames across different accounts, regularly change those passwords and enable multi-factor authentication (MFA) when possible for an extra layer of security,” he added.

Categories: Cyber Risk News

Experts Detect 30,000% Increase in #COVID19 Threats

Mon, 04/27/2020 - 09:25
Experts Detect 30,000% Increase in #COVID19 Threats

A security firm is claiming to have seen a staggering 30,000% increase since January in detected phishing, malicious websites and malware designed to capitalize on the COVID-19 crisis.

Zscaler VP of security research, Deepen Desai, revealed in a blog post that the firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year.

This included the registration of 130,000 new suspicious domains featuring COVID-related keywords such as “test,” “mask,” “Wuhan” and “kit.”

The firm recorded a 25% increase in the number of malicious files and websites it blocked and an 85% increase in phishing attacks targeting remote workers over the three-month period.

These included spear-phishing attempts spoofed to appear as if sent by the IT or payroll department, and some that even used a CAPTCHA screen to try and fool security filters.

Others targeted consumers with government-themed phishing attempts designed to trick those looking to secure stimulus funds.

Fake VPN software, COVID-themed mobile malware and even Nigerian 419 scams were also spotted by the Zscaler team, Desai said.

The security vendor has detected Magecart attacks targeting healthcare, pharmacy and grocery sites, the latter often hastily designed to support a surge in online orders, but without adequate protection.

Desai urged remote working employees and IT teams not to open links or attachments in unsolicited mail, to enable two-factor authentication, patch regularly and only stick to reputable sources for COVID-19 information.

“Each user in every organization must develop a heightened state of awareness, as cyber-criminals will continue to use the current global crisis as an opportunity to target and compromise end-user systems,” he concluded.

“If users are unsure about something they see online or receive in their inbox or SMS, they should be instructed to reach out to IT security teams for help.”

Despite the large increase in threats using COVID-19 themes, overall cybercrime has not increased, according to the UK’s National Cyber Security Centre (NCSC) and tech giants Microsoft and Google.

Categories: Cyber Risk News