Feed aggregator

350,000 Social Media Influencers and Users at Risk Following Data Breach

Info Security - Thu, 06/25/2020 - 16:06
350,000 Social Media Influencers and Users at Risk Following Data Breach

Personal data of an estimated 100,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me, Risk Based Security has discovered. The same breach has also led to more than 250,000 social media users having their information fully exposed on a deep web hacking forum, leaving these individuals at risk of being targeted by scams.

The leak was discovered by Risk Based Security’s data breach research team on June 6 when a known threat actor revealed they had compromised Preen.Me’s systems and were holding the personal information of over 100,000 affiliated influencers under ransom on a popular deep web hacking forum. The actor shared 250 records via PasteBin on the same day, and two days later on June 8, stated their intention to release the other 100,000 records, although this has not yet occurred.

The information includes influencers’ social media links, email addresses, names, phone numbers and home addresses. It was noted that those affected appear to be associated with cosmetic or lifestyle-related content.

Roy Bass, senior dark web analyst, Risk Based Security, commented: “While passwords were not leaked, threat actors can search for compromised passwords from other database leaks and link them to the accounts through email addresses/other personal information, or employ brute force techniques. We observed one threat actor state his intention to do so.

“They [those exposed] are also susceptible to spam and substantial harassment via their leaked contact information, as well as spear-phishing and identity theft scams if enough personally identifiable information is gathered.”

Then on June 14, the same cyber-criminal fully leaked the details of over 250,000 social media users who use Preen.Me’s application, ByteSizedBeauty. This includes their social media links, as well as personal information such as home and email address, date of birth, eye color and skin tone.

Bass added: “Regarding the other social media users, they are vulnerable to the previously mentioned threats with an increased risk for spear-phishing and identity theft scams due to more personal information being leaked.”

Categories: Cyber Risk News

PlayStation Announces Bug Bounty Program

Info Security - Thu, 06/25/2020 - 14:07
PlayStation Announces Bug Bounty Program

PlayStation has announced that it will pay hackers thousands of dollars to unearth vulnerabilities in its network and entertainment products. 

The gaming titan launched its PlayStation Bug Bounty program yesterday morning in hopes of rooting out flaws and providing players with a more secure user experience. 

The initiative is being run in collaboration with well-known security platform HackerOne

PlayStation has been running a private Bug Bounty program for some time in partnership with an elite group of researchers. Now, for the first time in the 26-year-old gaming console's history, the public are being invited to report bugs in return for cash.

A PlayStation spokesperson said: "We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network."

The new program recognizes the high levels of skill and resourcefulness needed to be among the ethical hacking netizenry.

"To date, we have been running our bug bounty program privately with some researchers," said PlayStation. "We recognize the valuable role that the research community plays in enhancing security, so we’re excited to announce our program for the broader community."

Under the new program, vulnerabilities will attract different sized monetary rewards depending on their severity and on the quality of the report submitted. 

While hackers are invited to flag flaws in both the PlayStation Network and the PlayStation 4, higher bounties will be awarded for faults found in the latter. Detecting a critical vulnerability impacting PlayStation 4 could earn an ethical hacker an extremely pretty penny. 

"Our bug bounty program has rewards for various issues, including critical issues on PS4," said a PlayStation spokesperson. "Critical vulnerabilities for PS4 have bounties starting at $50,000."

PlayStation did not reveal the maximum amount that could be paid out for a single flaw. 

Explaining which flaws they are most concerned about, PlayStation said: "We are currently interested in reports on the PlayStation 4 system, operating system, accessories and the PlayStation Network."

Domains within the scope include .playstation.net, .sonyentertainmentnetwork.com, api.playstation.com, my.playstation.com, store.playstation.com, social.playstation.com, transact.playstation.com and wallets.api.playstation.com.

Categories: Cyber Risk News

NCSC: One Million Phishing Messages Reported in Two Months

Info Security - Thu, 06/25/2020 - 13:45
NCSC: One Million Phishing Messages Reported in Two Months

The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports.

According to a statement, the service, which was launched in April as part of the Government’s Cyber Aware campaign, receives a daily average of 16,500 emails.

NCSC chief executive officer Ciaran Martin called the number of reports a “milestone” and said it was “testament to the vigilance of the British public.”

He added: “The kind of scams we’ve blocked could have caused very real harm and I would like to thank everyone who has played their part in helping to make the internet safer for all of us.”

Ed Macnair, CEO of Censornet, said: “Although it is positive to see people being vigilant against spam and phishing attacks, these figures from the NCSC demonstrate the extent of the problem. Cyber-criminals will continue to capitalize on the hysteria surrounding COVID-19 to exploit both organizations and individuals, preying on their curiosity and vulnerability.”

Figures show that 10% of the scams were removed within an hour of an email being reported, and 40% were down within a day of a report. Also, 10,200 malicious URLs linked to 3485 individual sites have been removed thanks to the one million reports received.

The Suspicious Email Reporting Service was co-developed with the City of London Police. Its commander Karen Baxter said: “Unquestionably, a vast number of frauds will have been prevented, thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks.”

Fake cryptocurrency investment lures made up more than half of all the online scams detected as a result of reporting from the public. In these cases, investors are typically promised high returns in exchange for buying currency such as Bitcoin, but scammers masquerade as crypto exchanges or traders to trick people into handing over money by using fake celebrity endorsements and images of luxury items.

According to the FCA, cryptocurrency investment scams have cost the British public around £27m, as victims are encouraged to invest more and more money.

Macnair also warned of the danger of social engineering attacks, and said it is crucial that organizations take it upon themselves to protect employees from these email attacks in the first instance. “Businesses need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks,” he said.

Categories: Cyber Risk News

IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda

Info Security - Thu, 06/25/2020 - 13:00
IRMS Appoints New Chair with Diversity, Inclusion and Education at Top of Agenda

The Information and Records Management Society (IRMS) – the association for information professionals and students in information governance, records management, data protection and information security – has announced the appointment of Reynold Leming to the position of chair.

Leming, who has worked in the data processing and information governance industry for over 30 years, will focus on initiatives that promote diversity and inclusion, as well as encourage new talent to choose a career in the sector.

Leming will be commissioning a comprehensive survey of diversity within the information and records management profession, including investigating barriers to entry and career progression.

Leming said: “We have an important role in advocacy and must ensure the IRMS is representative, rich in diversity and inclusivity.”

In addition to leading a research program, Leming and the executive team will also focus on engagement with the skills and education sector.

“We will seek to collaborate with schools and colleges to actively promote the teaching of data and information and encourage the next generation to take qualifications and/or vocational pathways that will lead them to a successful career in our sector.”

Categories: Cyber Risk News

33% Surge in Financial Fraud Attempts During #COVID19 Lockdown

Info Security - Thu, 06/25/2020 - 12:15
33% Surge in Financial Fraud Attempts During #COVID19 Lockdown

Financial fraud attempts rose by 33% in April as the UK entered lockdown due to the COVID-19 pandemic, new analysis from Experian and the National Hunter Fraud Prevention Service has revealed.

Fraudsters targeted a myriad of financial products, including current and savings accounts, as they sought to take advantage of the disruption to both businesses and their customers brought about by the virus outbreak.

Across all financial products, fraud rates increased by a third when compared with previous monthly averages. The largest increase was in fraudulent car and other asset finance applications, which saw a rise of 181%, followed by current accounts (35%) and then saving accounts (28%), according to Experian.

Fraudulent credit card applications (17%) and unsecured loans (10%) also went up, Experian claimed.

However, while the findings highlight an increase in the proportion of fraudulent applications, they also signal that fraud teams have been able to successfully identify and investigate new fraudulent activity since the pandemic began.

Micah Willbrand, managing director of identity and fraud at Experian, said: “The rise in fraud rates across each category is a warning that banks, building societies and other financial providers need to be as alert as ever in identifying fraudulent applications, even in the unique circumstances the country finds itself in.”

It's likely fraudsters have been looking to take advantage of the situation under the belief that the disruption would give them a better chance of success, “but they have been largely disappointed," added Willbrand.

“Fraud teams have had greater capacity to flag and investigate openings that otherwise may have gone unchecked, resulting in incidents of fraud being successfully identified.”

Categories: Cyber Risk News

Medical Devices Among Most Risky to Security

Info Security - Thu, 06/25/2020 - 11:02
Medical Devices Among Most Risky to Security

Medical devices, physical access operations and networking equipment are among the most risky when it comes to risks posed to businesses.

Using analysis of metrics and data from the Forescout Device Cloud, the company identified points of risk inherent to device type, industry sector and cybersecurity policies. It determined that the riskiest device groups include smart buildings, medical devices, networking equipment and VoIP phones.

The data, which was correlated from around 11 million devices, determined the risk posed by connected medical devices because of their potential impact, both in terms of business continuity and their potential to harm patients. Forescout said that alongside a reliance on new technologies and increased connectivity, it was witnessing an increase in the number and sophistication of vulnerabilities in medical devices and cyber-attacks on hospitals, although these rarely target medical devices directly.

Speaking to Infosecurity, Forescout research manager Daniel De Santos said this is the first time the company had undertaken such research at this scale, where there is a lot of available and powerful data. Looking at the details on medical and healthcare devices, De Santos said there are many types of devices, and some are directly connected and some are on the diagnosis side, and they have an impact in different ways. “It doesn’t matter about the vulnerability as the easiest action is to crash the infusion pump, but whether the vulnerability is critical enough to be able to execute the attacker’s demands,” he said.

This also impacted the medical supply chain, where De Santos said devices are connected to workstations and ultimately to patient databases and prescriptions. “They should not talk to one another and networks should be isolated and segmented so the laptop doesn’t talk to the infusion pump,” he explained.

Forescout added, according to its data sample, physical access control solutions were the most risky due to the presence of many critical open ports, connectivity with devices and the presence of known vulnerabilities. In particular, De Santos named badge readers as being a surprise, as research showed that a badge reader could be reprogramed to allow anyone to enter a building “and it is not the worst thing for an office, but think about airports, hospitals or government buildings, critical buildings.”

De Santos said he expected improvements on this type of data year-on-year, especially as awareness of the issue is growing, and with more improvements in segmentation. “We see signs of improvements and companies are more aware and know what to do and can mitigate risk,” he said.

Categories: Cyber Risk News

Firms Plan Hiring Spree to Bolster Remote Working Security

Info Security - Thu, 06/25/2020 - 10:30
Firms Plan Hiring Spree to Bolster Remote Working Security

Around half (48%) of UK businesses have admitted that their cybersecurity policies aren’t fit-for-purpose in the “new normal” of mass remote working, according to Centrify research.

The access management vendor polled 200 senior decision makers in medium and large businesses to better understand their evolving security challenges during the current pandemic.

While many are aware that current policies will need to be updated, they do seem to be taking steps to try and bolster security. Three-quarters (75%) of those polled said they have issued formal guidance or training to staff on secure home working, and half are planning to hire new IT or security staff to enhance security processes.

However, this won’t be easy given current skills shortages, which are estimated at over four million positions globally, including over 290,000 in Europe. Many may have to seek outside help via managed service providers and contracting staff.

On that point, nearly three-fifths (59%) of respondents said they now treat outsourcers and other third parties as an equal cyber-risk as remote working employees, which should help to reduce the threat from the supply chain.

Half of all cyber-attacks revealed by Carbon Black in a report last year involved some form of “island hopping” from a supply chain partner.

According to Centrify, most (65%) decision makers in medium and large firms expect an increase in phishing attacks and attempts to steal sensitive data going forward. This is to be expected, as cyber-criminals look to ramp up attacks against potentially distracted employees and unpatched remote access infrastructure.

Although Microsoft has claimed that the volume of COVID-specific threats remain very small, less than 2% of all threats, it has also warned of sophisticated ransomware attacks on hospitals and other organizations during the crisis.

“Unfortunately, remote workers including third-party contractors have been deemed a desirable target by cyber-criminals, who are assuming that these employees have not been properly trained in, or protected by, the correct security measures in their transition to remote working during the COVID-19 pandemic,” said Centrify VP Andy Heather.

“However, it’s promising to see that so many businesses have adjusted security policies in response to this threat and are still considering bolstering security and IT staff.”

Categories: Cyber Risk News

Zoom Hires Former Salesforce SVP as New CISO

Info Security - Thu, 06/25/2020 - 09:30
Zoom Hires Former Salesforce SVP as New CISO

Zoom has made another high-profile hire as it looks to bolster its security credentials, with the recruitment of Salesforce SVP Jason Lee as its new CISO.

Lee was previously SVP of security operations at the SaaS pioneer, where he was responsible for corporate network and system security, incident response, threat intelligence, data protection, vulnerability management, intrusion detection, identity and access management, and the offensive security team.

Prior to that role, Lee spent 15 years at Microsoft, where he rose from a position as senior manager to principal director of security engineering for the Windows Device Group.

“Our customers’ security is extremely important and is at the core of everything we do. We are excited to welcome Jason, who has deep industry experience, understands the complexity of servicing a wide variety of users, and can lead Zoom’s efforts to strengthen the security of our platform during this time of rapid expansion,” said Lee’s new boss, Zoom COO, Aparna Bawa.

The new hire comes on the back of several big-name announcements over recent weeks, as Zoom seeks to recover the initiative after some bad publicity earlier in the year.

In April it announced Luta Security as a new partner to help rebuild its bug bounty program, alongside John Hopkins cryptography expert Matthew Green, former Google privacy technology lead, Lea Kissner and cybersecurity consultancy NCC Group.

Former Facebook CSO Alex Stamos, who had been vocal on social media about the challenges facing the video conferencing firm, was hired as an advisor.

The firm is nearly at the end of a 90-day security and privacy plan which CEO Eric Yuan instigated after the platform’s massive growth due to COVID-19 seemed to catch it on the back foot. Several critical vulnerabilities were found in the software and there was criticism of its default settings and exposure to “Zoombombing.”

Most recently, the firm backtracked on an earlier decision and committed to offering end-to-end encryption for all users, not just those on its premium service.

Categories: Cyber Risk News

New Indictment Seeks to Tie Assange Closer to Hacking Conspiracy

Info Security - Thu, 06/25/2020 - 08:40
New Indictment Seeks to Tie Assange Closer to Hacking Conspiracy

The US Department of Justice (DoJ) has filed a new indictment against Julian Assange which explains in more detail why the authorities believe he went beyond publishing in the public interest to get hands-on in a hacking conspiracy.

The superseding indictment adds no more counts to the 18-count indictment issued in May 2019, but it seeks to “broaden the scope” of the conspiracy the WikiLeaks founder was previously charged with.

It alleges that in 2010 he “gained unauthorized access” to a NATO member’s government IT system, and that two years later he was in direct communication with a “leader” of hacking collective LulzSec, who was an FBI informant at the time.

The indictment claims that Assange provided a list of hacking targets for LulzSec, asking the leader to look for and provide WikiLeaks with mail, documents, databases and PDFs.

“In another communication, Assange told the LulzSec leader that the most impactful release of hacked materials would be from the CIA, NSA or the New York Times,” the DOJ announcement explained.

“WikiLeaks obtained and published emails from a data breach committed against an American intelligence consulting company by an Anonymous and LulzSec-affiliated hacker. According to that hacker, Assange indirectly asked him to spam that victim company again.”

This is in addition to the original charge that Assange conspired with whistleblower Chelsea Manning to crack a password hash stored on US Department of Defense computers connected to the Secret Internet Protocol Network (SIPRNet).

The new superseding indictment appears to be an attempt by the authorities to tie Assange more closely to hacking conspiracies.

The other charges, relating to the publication of hundreds of thousands of secret diplomatic cables and other documents about US wars in Afghanistan and Iraq, have been heavily criticized. Observers claim they were done in the public interest and should be protected by the First Amendment.

Assange is currently in custody in the UK awaiting the outcome of an extradition request from Washington.

Categories: Cyber Risk News

COVID-Themed Ransomware Attack on Android Users Revealed

Info Security - Thu, 06/25/2020 - 08:10
COVID-Themed Ransomware Attack on Android Users Revealed

Details of a new COVID-themed ransomware attack on Android users in Canada, known as CryCryptor, have been revealed by ESET researchers. In the attack, people were lured into downloading a ransomware app disguised as an official COVID-19 tracing tool through two COVID-themed websites. This came shortly after the Canadian government announced its support for the creation of a nation-wide, voluntary tracing app to be called COVID Alert.

The websites have now been taken down and ESET researchers wrote a decryption tool for its victims, based on a bug in the malicious app. However, the discovery highlights the heightened susceptibility to attacks of this kind that are linked to the COVID-19 pandemic, with a sense of urgency and fear making people more likely to click on dangerous links. Lukáš Štefanko, malware analyst at ESET, said: “Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app.”

ESET began its investigation after responding to a tweet announcing a discovery of what was thought to be Android banking malware. Štefanko explained: “CryCryptor contains a bug in its code that allows any app installed on the affected device to launch any service provided by the buggy app. So, we created an app that launches the decrypting functionality built into CryCryptor.”

Whilst this particular version of CryCryptor is no longer a threat, ESET emphasized that Android users must remain vigilant of similar forms of attacks in the coming weeks. “Besides using a quality mobile security solution, we advise Android users to install apps only from reputable sources such as the Google Play store,” said Štefanko.

A number of countries around the world have sought to use contact tracing apps to help them continue to contain the virus as lockdown measures are eased. However, this has raised a number of concerns over the security and privacy risks that are brought about by the data that is recorded.

Categories: Cyber Risk News

US Soldier Indicted Over Mass Murder Plot

Info Security - Wed, 06/24/2020 - 18:00
US Soldier Indicted Over Mass Murder Plot

A soldier in the US Army has been charged with terrorism offenses after conspiring with extremist groups to arrange a deadly ambush of his own unit.

An indictment unsealed on June 22 in a Manhattan federal court accuses Ethan Melzer of passing sensitive information about the location, movements, and security of his unit to Al-Qaeda and to members of the Order of the Nine Angles (O9A). 

The order was established by a woman in the UK in the 1960s. It rose to prominence in the 1980s for its neo-Nazi ideologies and adherence to Satanism. 

Melzer, of Louisville, Kentucky, is charged with conspiring and attempting to murder US nationals, conspiring and attempting to murder military service members, providing and attempting to provide material support to terrorists, and conspiring to murder and maim in a foreign country. 

During a voluntary interview with military investigators and the FBI, the 22-year-old soldier declared himself to be a traitor against the United States and admitted his role in plotting a terrorist attack. 

The proposed attack, designed to result in the deaths of as many of Melzer's fellow service members as possible, was thwarted by the FBI and the US Army in late May 2020. 

In April 2020, after learning of plans for his unit to be deployed overseas, Melzer allegedly used an encrypted application to send messages to O9A members and associates. In these messages, he revealed the upcoming movements of his unit and plotted with co-conspirators to carry out a “jihadi attack” that would result in a “mass casualty.”

In May, Melzer allegedly passed information about an anticipated deployment of his unit to a purported member of Al-Qaeda, adding that he would be willing to supply further intelligence. 

“Ethan Melzer plotted a deadly ambush on his fellow soldiers in the service of a diabolical cocktail of ideologies laced with hate and violence,” said Assistant Attorney General for National Security John Demers.

“Our women and men in uniform risk their lives for our country, but they should never face such peril at the hands of one of their own.”  

Melzer joined the US Army in 2018 and the O9A in 2019. He was arrested by the FBI on June 10.

Categories: Cyber Risk News

Two-Year Data Breach at Florida Senior Care Provider

Info Security - Wed, 06/24/2020 - 16:30
Two-Year Data Breach at Florida Senior Care Provider

A cybersecurity breach at a Florida senior care provider went unnoticed for two years and impacted patient data.

Cano Health discovered in April 2020 that some email accounts belonging to its employees had been compromised by threat actors.

After investigating the incident, the healthcare company found that the accounts had been accessed multiple times in a prolonged security breach that took place between May 18, 2018, and April 13, 2020. 

The cyber-incident came to light on April 13, when some messages received by one of the compromised accounts were forwarded to a third party outside of the company. 

Cano Health found that a total of three employee accounts had been compromised and subsequently took steps to secure them. An examination into the breach revealed that an unknown person or persons may have accessed patients' personal information.

Cano Health operates 46 medical centers located throughout Florida. Earlier this month, the company began notifying patients of a potential data security issue. 

In a statement published on their blog June 12, the company said: “Based on its investigation, Cano Health cannot confirm that any emails were accessed by the unknown perpetrator, but because some emails contained documents or messages with personal information, it is notifying all potentially affected individuals out of an abundance of caution.”

The information in the compromised email accounts included patient names, dates of birth, contact information, healthcare information, insurance information, Social Security numbers, government identification numbers, and/or financial account numbers.

“We take the protection of our patients’ information very seriously and sincerely apologize for any concern or inconvenience this incident has caused or may cause to anyone who has been affected,” said Cano's chief executive officer, Dr. Marlow Hernandez-Cano. 

“We are committed to continuously updating our information security to guard against new and emerging threats.”

Cano Health said that patients who may have been impacted by the breach would be notified in writing. The company advised these patients to “regularly review and monitor their personal information, accounts, and benefits statements.”

The company is offering complimentary credit monitoring services to patients whose financial information may have been affected by the data breach. 

Categories: Cyber Risk News

EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

Info Security - Wed, 06/24/2020 - 15:58
EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

EEMA, the leading independent European think tank focused on identity, privacy and trust, has appointed Hans Graux to its Board of Management. Graux is a partner at law firm Timelex and an attorney-at-law specializing in electronic identity and trust services.

Brussels-based EEMA provides world-class events, projects, collaboration, education, engagement, communication, participation and networking for companies, the public sector and individuals to help build enduring and mutually beneficial working relationships.

Commenting on his position on the EEMA Board of Management, Graux said: “EEMA has been the point of reference on electronic identification, digital signatures and cybersecurity in the EU for as long as I can remember. No organization has done as much to bring authoritative voices on these topics together, and to make sure they are heard. It is an honor and a privilege to be able to support its future work.”

Chair of EEMA, Jon Shamah, added: “Timelex and EEMA have a longstanding relationship. The expert counsel and insight Hans is able to bring to Horizon 2020 projects is vital.

“Hans is generous with his time and expertise and many EEMA members have benefited greatly from his advice. I am proud that Hans has accepted our invitation to join the Board of Management to help shape the future of EEMA.”

Categories: Cyber Risk News

‘Wagatha Christie’ Spat Leads to Lawsuit

Info Security - Wed, 06/24/2020 - 15:20
‘Wagatha Christie’ Spat Leads to Lawsuit

Rebekah Vardy is suing Colleen Rooney after the latter accused the former of leaking private information to a British tabloid.

The women, who are both married to British soccer players and used to socialize together, fell out last year. Their public spat took place over Twitter.

In a lengthy post published on October 9, Rooney stated that a mysterious mole in her friendship group had been handing information “about me, my friends and my family” over to The Sun newspaper “for a few years.”

Determined to discover who was blabbing, amateur sleuth Rooney narrowed down the source of the leak to someone whom she had trusted to follow her on her personal Instagram account.

After forming a suspicion as to the mole's identity, Rooney came up with a plan to test her theory.  

“I blocked everyone from viewing my Instagram stories except ONE account,” wrote Rooney. “Over the past five months I have posted a series of false stories to see if they made their way into The Sun newspaper. And you know what, they did!”

Phony stories Rooney used as bait included a tall tale that her house had flooded and a story that she and her husband were traveling to Mexico for medical assistance to get pregnant with a female fetus.

“I have saved and screenshotted all the original stories which clearly show just one person has viewed them,” wrote Rooney. “It's Rebekah Vardy's account.”

Rooney’s status as a WAG (a term for footballers’ wives and girlfriends) and her impressive detective work earned her the nickname ‘Wagatha Christie’ in the British press. 

According to the Independent, Rebekah Vardy has now issued a claim of libel against Colleen Rooney. In the claim, Rooney is accused of publishing false statements that were damaging to Vardy's reputation. 

Court records reveal that Vardy filed a claim in the High Court on June 12 for “defamation—libel and slander.”

Rooney previously offered to meet Vardy in person to resolve the issue. Her lawyers said she found Vardy's decision to start legal proceedings “disappointing” and thought that the former model could put her time and money “to better use.”

Categories: Cyber Risk News

Prolific Hacker Made Millions Selling Network Access

Info Security - Wed, 06/24/2020 - 10:45
Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report from Group-IB.

The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organizations in many more verticals.

In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.

Group-IB calculated the $1.5m figure purely from publicized sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.

Fxmsp even hired a sales manager in early 2018.

He leapt to infamy in 2019 after a widely publicized compromise of the networks of three anti-virus vendors, before apparently going quiet.

According to the report, Fxmps’s tactics were disconcertingly simple. The hacker would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall and then create additional accounts.

Next, he would install the Meterpreter backdoor on exposed servers, harvest and decrypt dumps from all accounts and then install backdoors on the backups. This meant if a victim spotted something suspicious and rolled back to backups, Fxmsp could achieve persistence.

“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cyber-criminal underground. He set a trend and his success inspired many others to follow suit: the number of sellers of access to corporate networks increased by 92% in H2 2019 vs H1 2017, when Fxmsp entered the market,” said Dmitry Volkov, CTO of Group-IB.

“Prior to Fxmsp joining the underground, the sellers would offer RDP access to separate servers, without even bothering to ensure persistence or performing reconnaissance in the network. Fxmsp took this service into a whole new level.”

In a recent report on the cybercrime underground, Trend Micro warned that access-as-a-service is becoming an increasingly popular offering on dark web sites. Prices for Fortune 500 companies can reach up to US$10,000, it claimed.

Categories: Cyber Risk News

Over Two-Thirds of Q1 Malware Hidden by HTTPS

Info Security - Wed, 06/24/2020 - 09:30
Over Two-Thirds of Q1 Malware Hidden by HTTPS

Over two-thirds of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels in a bid to evade traditional AV, according to Watchguard.

The security vendor’s latest Internet Security Report for Q1 2020 is distilled from analytics provided by its 44,000 global appliances.

During the period they blocked over 32 million malware variants and nearly 1.7 million network attacks.

Some 67% of that malware was delivered via HTTPS connections and 72% of these encrypted attacks apparently featured zero-day malware which would have been missed by legacy signature-based AV.

The growing popularity of HTTPS is down in part to initiatives like Let’s Encrypt, backed by the non-profit Internet Security Research Group (ISRG). However, while it has improved website security and user privacy, it also offers cyber-criminals a free and easy way to disguise their activity.

“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go un-inspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard.

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Interestingly, the vendor claimed that it detected 6.9% less malware and 11.6% fewer network attacks than in the previous quarter despite the apparent uptick in COVID-themed threats.

It suggested that this could be because fewer users were operating within the traditional corporate network perimeter during Q1 thanks to work-from-home mandates.

However, data from Microsoft last week revealed that COVID-19 attacks represented less than 2% of total threats detected in the first four months of the year. Thus, rather than drive a new surge in overall attack volumes, these threats were merely rebranded and switched from existing campaigns.

Categories: Cyber Risk News

Twitter Data Leak Exposes Business Clients

Info Security - Wed, 06/24/2020 - 08:33
Twitter Data Leak Exposes Business Clients

Twitter has contacted its business clients to warn them of a potential breach of their data.

It said that email addresses, phone numbers and the last four digits of card numbers may have been accessed by others, thanks to a technology snafu which exposed the information.

It meant that billing information viewed on ads.twitter.com or analytics.twitter.com may have been exposed in the browser’s cache.

The social network first became aware of the incident on May 20 and said it took immediate action to remediate and notify any affected customers.

The snafu is not thought to have affected consumer users of the service, according to the BBC.

This isn’t the first time something like this has happened on the social platform.  

Around a month before this incident, Twitter warned users that non-public information may have been stored in their Firefox browser’s cache.

“This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter,” it said at the time.

Although it’s unclear how many businesses were affected by the May breach, experts generally agreed that incidents of this kind are likely to have a limited impact on customers’ data security and privacy.

“The vector here requires physical access to the device, so it may not be as exploitable as an alert like this might indicate,” explained Edgescan product architect, David Kennefick.

“What Twitter has done is update its headers to include no-store and no-cache, which disables storing data from a website locally.”

Tripwire senior security researcher, Craig Young, added that the incident could still provide a “teachable moment” regarding shared computers.

“Whether you regularly rely on libraries or internet cafes for access or just need to print the occasional boarding pass from a hotel lobby, there can be a risk of exposing personal data,” he argued.

“Ideally, the best solution is to simply avoid using shared computers when entering or accessing personal data but this is not always an option. The next best solution is to bring your own web browser and take it with you when you go.”

Categories: Cyber Risk News

Cyber-Extortionist Threatens Australian Swimming Pro

Info Security - Tue, 06/23/2020 - 16:45
Cyber-Extortionist Threatens Australian Swimming Pro

An Australian swimming star has been targeted by a vicious blackmail attempt undertaken via social media. 

Malicious messages were sent to Commonwealth Games gold medalist Shayna Jack over the weekend by an unidentified cyber-criminal via Facebook. The miscreant threatened to post pictures of Jack unless they received a ransom payment.

In a creepy message designed to scare the swimmer, the threat actor told Jack: "I can see what you're doing at all times."

At first, Jack ignored the threat, but the 21-year-old contacted Queensland police after receiving more messages along with a sinister warning that something "disturbing" would be posted on her Facebook page if she didn't respond. 

"If you don't pay – you will regret this," wrote the anonymous attacker.

Jack received further threats demanding that she pay up at around 9.40pm on Monday night. On Tuesday morning, the sportswoman awoke to find a malicious message posted on her Facebook account by her cyber-attacker. 

Whoever authored the post had timed the execution of their threat to do the most damage to Jack's professional swimming career. The water star is currently appealing against a 4-year ban she received after testing positive for the performance-enhancing drug Ligandrol.

Jack was tested for the drug ahead of the 2019 World Swimming Championships held in South Korea. 

Hoping to exploit Jack's predicament, the attacker posted a message purporting to be from her which read: "I regret that I used doping at the 2017 Olympics."

Fortunately, since no Olympic Games were held in 2017, the cyber-criminals made it easy to for Facebook users to spot their lie.

Jack's lawyer Tim Fuller said the extortion attempt had left the swimmer feeling "shaken." 

Fuller branded the actions of the threat actor as "disgusting" and added that it could have had a major impact on the result of the swimmer's appeal.

A date was set for Jack's appeal hearing earlier this month by the Court of Arbitration for Sport. Throughout her ordeal, the swimmer has protested her innocence and maintained that she has never knowingly ingested Ligandrol. 

The drug is a banned muscle-builder that was designed to treat muscle wasting diseases and osteoporosis.

Categories: Cyber Risk News

Cop Comedy Riskiest Show to Watch Online

Info Security - Tue, 06/23/2020 - 15:30
Cop Comedy Riskiest Show to Watch Online

An American police procedural comedy television show has topped the list of most dangerous TV titles for US citizens to watch online. 

New research published today by global security software company McAfee revealed the web-based entertainment options most commonly targeted with malware by cyber-criminals. 

McAfee analyzed more than 100 of the most popular TV and movie titles available on US streaming sites as defined by “best of” articles that appeared in a range of US publications. Researchers then hunted down and recorded all the high-risk websites associated with each entertainment title.

Shows and movies were then awarded a danger ranking based on the total number of malicious websites with which they were found to be associated. Focus was placed on sites that enabled viewers to access content for free.

Topping the chart of most dangerous movies to escape into during lockdown was the dramatic 2011 Mixed Martial Arts picture Warrior starring Joel Edgerton and Tom Hardy. Law enforcement laughter romp Brooklyn Nine-Nine led the list of riskiest TV shows to watch via the web. 

“With consumers increasingly going online to stay entertained during lockdowns it has created the perfect storm for web crime,” said Baker Nanduru, vice-president of consumer endpoint segment at McAfee. 

Nanduru said threat actors kept a keen eye on which shows were winning the hearts of the public so that they could target their malware for maximum gain. 

“History has proven that cyber-criminals follow consumer trends and behaviors to educate their scam strategies," added Nanduru. 

"It’s important that consumers stay alert while online and avoid malicious websites that may install malware or steal personal information and passwords.”

Cyber-criminals were found to have no qualms about exploiting society's most vulnerable members for their own gain. Children’s movies accounted for four of the top 10 movies McAfee identified as at high risk of being targeted by cyber-criminal activity.

Kid's flicks to be wary of were The Incredibles, Aladdin, The Lion King, and Frozen 2. Movies for a more mature audience that attackers tend to target included Zombieland and Swingers.

Researchers advised viewers to avoid illegal streaming sites that are often "riddled with malware disguised as pirated video files."

Categories: Cyber Risk News

Digital Transformation in Cybersecurity a Major Driver of Future M&A Deals

Info Security - Tue, 06/23/2020 - 15:00
Digital Transformation in Cybersecurity a Major Driver of Future M&A Deals

Digital transformation in the cybersecurity industry will be a major driver of mergers and acquisitions (M&A) over the remainder of 2020, according to ICON Corporate Finance. This follows a survey by the technology-focused investment bank of some of the most active M&A buyers in the UK, which showed that there remains substantial interest in tech sector acquisitions despite the economic fallout of COVID-19.

ICON found that the key areas for expansion are expected to be in cybersecurity, fintech, cloud, managed services, healthtech, AI and enterprise software. This is because digital transformation has become the most pressing priority for organizations in the aftermath of COVID-19.

In regard to cybersecurity, ICON noted that companies are increasingly turning to technology to protect against potential business disruption caused by cyber-attacks, ensuring employees and systems are secure, particularly in the context of the huge rise in remote working. According to Pitchbook Data’s Emerging FinTech research, this is particularly the case for financial institutions, where new areas of risk and regulation have been introduced to address increasing cyber-threats and data security concerns.

ICON added that it believes organizations in the US tech market will continue to be especially active in seeking out M&A opportunities in deep tech and disruptive young companies.

With this in mind, the investment bank, which has previously facilitated IQVIA’s acquisition of UK-based Optimum Contact, and JP Morgan’s funding of UK-based Mosaic Smart Data, is opening an office in San Francisco. This is to provide clients in Europe, Africa and Asia with direct access to the “epicenter of the world’s tech community.”

CEO and founder of ICON, Alan Bristow, commented: “As the world discovers the new normal, it is the tech sector that will drive societal changes and enable new ways of working. The US West Coast’s innovative approach and its dominance in deals origination is the core driver for our new presence in San Francisco. We are excited to be bringing US markets to Europe’s doorstep, and vice versa.”

Categories: Cyber Risk News