Cyber Risk News

Marvel Movie Malware Detected

Info Security - Thu, 07/08/2021 - 19:25
Marvel Movie Malware Detected

Cyber-scammers are exploiting public interest in the latest Marvel movie to spread malware infections. 

The eagerly anticipated premiere of Disney's Black Widow is scheduled to take place simultaneously offline in movie theaters and online via streaming services tomorrow. However, cyber-criminals have been illegally monetizing interest in the new flick for months, according to research by cybersecurity company Kaspersky.

To gauge the extent of scamming involving the release, Kaspersky experts analyzed malicious files impersonating the new Black Widow movie. They also investigated film-themed phishing websites that were designed to steal users’ credentials.

Researchers observed spikes in attempts to infect users that coincided with the dates on which the movie was announced and its launch dates. 

They found infection attempts increased significantly in the lead up to the film’s official announcement in May of 2020, as well as around its initial planned release dates of November 2020 and May 2021 that were pushed back by Covid-19 to July 2021. 

At two different points during the past year, infections attempts occurred on 13% of streams and downloads related to the Black Widow film.

Researchers found multiple phishing websites designed to steal movie lovers’ credentials. One site lured victims with the promise of an early preview of the film. Users were only shown a few minutes of the movie before being asked to register to watch the rest of it. 

During the registration process, users were asked to enter their bank card details to confirm their region of residence. Money was later debited from their card, and viewers were not given access to the full film. 

“Big movie releases have always been a source of entertainment but they are also an attractive lure for cyber-criminals to spread threats, phishing pages, and spam letters," commented Kaspersky security expert Anton V. Ivanov. 

"Right now, we have observed intensified scamming activities around Black Widow, the release of which, fans all over the world have been eagerly anticipating for a long time. In their excitement to watch the long-awaited movie, viewers have become inattentive to the sources they use, and this is exactly what fraudsters benefit from."

Categories: Cyber Risk News

Multi-Cloud Environments More Risky

Info Security - Thu, 07/08/2021 - 18:59
Multi-Cloud Environments More Risky

A new study has revealed that nearly all security professionals operating in a multi-cloud environment believe it's riskier than relying on a single cloud provider.

The research, published today by global security and compliance solutions provider Tripwire, is based on a June 2021 survey of 314 security professionals with direct responsibility for the security of public cloud infrastructure within their organization.

Nearly three quarters (73%) of those surveyed currently work in a multi-cloud environment. Of those, 98% said that depending on multiple cloud providers creates additional security challenges.

The findings follow the Biden administration's recent cancellation of the single-provider JEDI Cloud contract in favor of the multi-cloud/multi-vendor Joint Warfighter Cloud Capability (JWCC).

More than half of security professional (59%) have configuration standards for their public cloud, and over three quarters (78%) use best practice security frameworks. However, just 38% of framework users apply those frameworks consistently across their cloud environment. 

Keeping track of events is tough for the majority of professionals, with only 21% saying that they have a centralized view of their organization’s security posture and policy compliance across all cloud accounts. 

Another thorny issue for professionals was knowing where their responsibilities end and where those of their cloud service providers and customers begin. The major said that shared responsibility models for security were not always clear, and three quarters said that they rely on third-party tools or expertise to secure their cloud environment.

"We’ve seen a massive shift to cloud in response to the growing business need to manage more data and have greater accessibility,” said Tim Erlin, vice president of product management and strategy at Tripwire. 

“Given the growing complexity of systems and threats that come with moving to a cloud environment, and security policies that are unique to each provider, it makes sense that organizations are finding it increasingly difficult to secure the perimeter."

Another of the survey's key findings was that most organizations follow a high-risk strategy regarding cloud environment management, relying on existing security teams to complete training or self-teach. Only 9% of those surveyed said they would categorize their internal teams as experts.

Categories: Cyber Risk News

Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

Info Security - Thu, 07/08/2021 - 10:43
Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

Cybercrime costs organizations an incredible $1.79m every minute, according to RiskIQ’s 2021 Evil Internet Minute Report.

The study, which analyzed the volume of malicious activity on the internet, laid bare the scale and damage of cyber-attacks in the past year, finding that 648 cyber-threats occurred every minute.

The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute.

E-commerce has been heavily hit by online payment fraud in the past year, with cyber-criminals taking advantage of the shift to online shopping during the COVID-19 pandemic. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute.

Healthcare, another sector that has faced a surge in cyber-attacks since the start of COVID-19, lost $13 per minute on digital security breaches in the past year.

The report also looked at the impact of different forms of cybercrime. It showed that per minute, there was $3615 lost to cryptocurrency scams, 525,600 records compromised and six organizations victimized by ransomware.

The scale of cyber-attacks last year was further underlined by the fact that one Magecart host was detected every 31 minutes, one vulnerable Microsoft Exchange server was patched every 1.7 minutes and one malicious mobile app blocklisted every five minutes.

According to Lou Manousos, CEO of RiskIQ, cybercrime is easier than ever to participate in: “Better threat technology makes cyber-criminals more effective and wealthier than ever before. We have compiled the vast numbers associated with cybercrime over the past year with help from our Internet Intelligence Graph and third-party sources to help businesses and researchers better understand what they’re up against.”

Categories: Cyber Risk News

CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

Info Security - Thu, 07/08/2021 - 10:43
CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

Nearly two-thirds (36%) of IT leaders are not disclosing breaches for fear that they may lose their job, complicating efforts to enhance security, according to new research.

Keeper Security polled 1000 UK IT decision-makers at businesses of between 100 and 5000 employees to compile its 2021 Cybersecurity Census Report.

It revealed that security breaches are widespread: 92% of respondents said their organization suffered one in the past year and over three-quarters (78%) feel unprepared to deal with cyber-threats.

The financial fallout of successful attacks is also significant, costing nearly one in 10 businesses over £1 million.

Worryingly, many IT leaders appear to be keeping quiet about breaches rather than actively taking steps to tackle their causes.

Nearly all (92%) respondents said they’re aware of gaps in their defenses, but less than half (40%) are addressing all of them. A third (32%) even admitted to using weak credentials such as “password” or “admin” to protect data.

Training and skills appear to be key weaknesses: 58% of IT pros said employees don’t understand the consequences of poor cyber-hygiene, while even more (61%) complained of cyber skills shortages.

This matters increasingly in the context of a current working environment in which remote employees may be more exposed to threats.

Two-thirds (66%) of UK organizations said they’d relaxed their cybersecurity policies to support productivity over the past 12 months.

“UK businesses are clearly worried about their cybersecurity and the challenges are manifold, affecting everything from budgets to productivity,” said Darren Guccione, CEO and co-founder of Keeper Security.

“Companies are facing many competing challenges right now and, understandably, might not always make cybersecurity investments a priority. Our report is an urgent reminder for organizations to proactively address their cybersecurity challenges as a priority, since deferring them will make the consequences far more severe.”

Categories: Cyber Risk News

Regulator Probes Former Health Secretary's Use of Private Email

Info Security - Thu, 07/08/2021 - 10:15
Regulator Probes Former Health Secretary's Use of Private Email

The UK’s data protection regulator has launched an investigation into whether the former health secretary broke the law in using his private email account to conduct official departmental business.

Concerns were raised by the Labour Party late last month after Matt Hancock resigned following leaked CCTV footage showing the married Tory MP in a romantic embrace with an advisor.

They revolve around question marks over whether government contracts for PPE and other items were awarded fairly and transparently.

Information commissioner Elizabeth Denham said in a blog post that her investigation would focus on whether the use of private email for official government business may be a security risk. If there is a risk, the records won’t be available when freedom of information requests are made. It's not technically illegal for ministers to use their private emails, as long as guidance from the ICO and government is being met.

“The suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one. It concerns the public to feel there may be a loss of transparency about decisions affecting them and their loved ones. And as the regulator of data protection and freedom of information laws, it concerns me,” Denham argued.

“[My] investigation will establish if private correspondence channels have been used, and if their use led to breaches of freedom of information or data protection law. We will publish the results of that investigation in due course.”

The Information Commissioner’s Office (ICO) has already issued information notices on the Department for Health and Social Care in order to preserve evidence for the inquiry.

Its powers range from best practice recommendations and enforcement notices to criminal prosecution of individuals where information has been “deliberately destroyed, altered, or concealed” after being requested under the Freedom of Information Act.

Last year, The Guardian revealed that a former publican and friend of Hancock’s won a £50 million contract for test-and-trace supplies despite running a company that had no experience producing such equipment.

Categories: Cyber Risk News

New PrintNightmare Patch Can Be Bypassed, Say Researchers

Info Security - Thu, 07/08/2021 - 09:44
New PrintNightmare Patch Can Be Bypassed, Say Researchers

Microsoft has now released a patch for all Windows versions affected by the PrintNightmare zero-day, but researchers have already found a way to bypass the fix in attacks.

As predicted, Microsoft this week pushed an out-of-band patch for CVE-2021-34527, which now has a CVSS “high severity” score of 8.2.

The incomplete initial release on Tuesday was followed up a day later with a version which covered the remaining unpatched products: Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607.

However, within hours of the release, researchers took to Twitter to show proof-of-concept attacks on patched systems which means they’re effectively still vulnerable to local privilege escalation and remote code execution.

Mimikatz creator Benjamin Delpy said the problem relates to the Point and Print function, which is designed to allow a Windows client to create a connection to a remote printer with first requiring installation media.

That effectively means an authenticated user could still gain administrator-level privileges on a machine running the Print Spooler service to run arbitrary code.

Most concerning is that this vulnerability could put servers running Windows domain controllers at risk, effectively giving attackers the keys to the kingdom to compromise enterprise networks with ransomware or other malicious code.

Microsoft acknowledged the issue at the bottom of its advisory.

“Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible,” it admitted. “To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.”

The latest issue adds to a catalog of errors that began when Chinese researchers accidentally published a proof-of-concept exploit last month, believing it to have already been circulated by a researcher and patched by Microsoft.

Categories: Cyber Risk News

Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

Info Security - Thu, 07/08/2021 - 09:43
Cybercrime Costs Organizations Nearly $1.79 Million Per Minute

Cybercrime costs organizations an incredible $1.79m every minute, according to RiskIQ’s 2021 Evil Internet Minute Report.

The study, which analyzed the volume of malicious activity on the internet, laid bare the scale and damage of cyber-attacks in the past year, finding that 648 cyber-threats occurred every minute.

The researchers calculated that the average cost of a breach is $7.2 per minute, while the overall predicted cybersecurity spend is $280,060 every minute.

E-commerce has been heavily hit by online payment fraud in the past year, with cyber-criminals taking advantage of the shift to online shopping during the COVID-19 pandemic. While the e-commerce industry saw a record $861.1bn in sales, it lost $38,052 to online payment fraud every minute.

Healthcare, another sector that has faced a surge in cyber-attacks since the start of COVID-19, lost $13 per minute on digital security breaches in the past year.

The report also looked at the impact of different forms of cybercrime. It showed that per minute, there was $3615 lost to cryptocurrency scams, 525,600 records compromised and six organizations victimized by ransomware.

The scale of cyber-attacks last year was further underlined by the fact that one Magecart host was detected every 31 minutes, one vulnerable Microsoft Exchange server was patched every 1.7 minutes and one malicious mobile app blocklisted every five minutes.

According to Lou Manousos, CEO of RiskIQ, cybercrime is easier than ever to participate in: “Better threat technology makes cyber-criminals more effective and wealthier than ever before. We have compiled the vast numbers associated with cybercrime over the past year with help from our Internet Intelligence Graph and third-party sources to help businesses and researchers better understand what they’re up against.”

Categories: Cyber Risk News

CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

Info Security - Thu, 07/08/2021 - 09:43
CTOs Keeping Quiet on Breaches to Avoid Cyber Blame Game

Nearly two-thirds (36%) of IT leaders are not disclosing breaches for fear that they may lose their job, complicating efforts to enhance security, according to new research.

Keeper Security polled 1000 UK IT decision-makers at businesses of between 100 and 5000 employees to compile its 2021 Cybersecurity Census Report.

It revealed that security breaches are widespread: 92% of respondents said their organization suffered one in the past year and over three-quarters (78%) feel unprepared to deal with cyber-threats.

The financial fallout of successful attacks is also significant, costing nearly one in 10 businesses over £1 million.

Worryingly, many IT leaders appear to be keeping quiet about breaches rather than actively taking steps to tackle their causes.

Nearly all (92%) respondents said they’re aware of gaps in their defenses, but less than half (40%) are addressing all of them. A third (32%) even admitted to using weak credentials such as “password” or “admin” to protect data.

Training and skills appear to be key weaknesses: 58% of IT pros said employees don’t understand the consequences of poor cyber-hygiene, while even more (61%) complained of cyber skills shortages.

This matters increasingly in the context of a current working environment in which remote employees may be more exposed to threats.

Two-thirds (66%) of UK organizations said they’d relaxed their cybersecurity policies to support productivity over the past 12 months.

“UK businesses are clearly worried about their cybersecurity and the challenges are manifold, affecting everything from budgets to productivity,” said Darren Guccione, CEO and co-founder of Keeper Security.

“Companies are facing many competing challenges right now and, understandably, might not always make cybersecurity investments a priority. Our report is an urgent reminder for organizations to proactively address their cybersecurity challenges as a priority, since deferring them will make the consequences far more severe.”

Categories: Cyber Risk News

Regulator Probes Former Health Secretary's Use of Private Email

Info Security - Thu, 07/08/2021 - 09:15
Regulator Probes Former Health Secretary's Use of Private Email

The UK’s data protection regulator has launched an investigation into whether the former health secretary broke the law in using his private email account to conduct official departmental business.

Concerns were raised by the Labour Party late last month after Matt Hancock resigned following leaked CCTV footage showing the married Tory MP in a romantic embrace with an advisor.

They revolve around question marks over whether government contracts for PPE and other items were awarded fairly and transparently.

Information commissioner Elizabeth Denham said in a blog post that her investigation would focus on whether the use of private email for official government business may be a security risk. If there is a risk, the records won’t be available when freedom of information requests are made. It's not technically illegal for ministers to use their private emails, as long as guidance from the ICO and government is being met.

“The suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one. It concerns the public to feel there may be a loss of transparency about decisions affecting them and their loved ones. And as the regulator of data protection and freedom of information laws, it concerns me,” Denham argued.

“[My] investigation will establish if private correspondence channels have been used, and if their use led to breaches of freedom of information or data protection law. We will publish the results of that investigation in due course.”

The Information Commissioner’s Office (ICO) has already issued information notices on the Department for Health and Social Care in order to preserve evidence for the inquiry.

Its powers range from best practice recommendations and enforcement notices to criminal prosecution of individuals where information has been “deliberately destroyed, altered, or concealed” after being requested under the Freedom of Information Act.

Last year, The Guardian revealed that a former publican and friend of Hancock’s won a £50 million contract for test-and-trace supplies despite running a company that had no experience producing such equipment.

Categories: Cyber Risk News

New PrintNightmare Patch Can Be Bypassed, Say Researchers

Info Security - Thu, 07/08/2021 - 08:44
New PrintNightmare Patch Can Be Bypassed, Say Researchers

Microsoft has now released a patch for all Windows versions affected by the PrintNightmare zero-day, but researchers have already found a way to bypass the fix in attacks.

As predicted, Microsoft this week pushed an out-of-band patch for CVE-2021-34527, which now has a CVSS “high severity” score of 8.2.

The incomplete initial release on Tuesday was followed up a day later with a version which covered the remaining unpatched products: Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607.

However, within hours of the release, researchers took to Twitter to show proof-of-concept attacks on patched systems which means they’re effectively still vulnerable to local privilege escalation and remote code execution.

Mimikatz creator Benjamin Delpy said the problem relates to the Point and Print function, which is designed to allow a Windows client to create a connection to a remote printer with first requiring installation media.

That effectively means an authenticated user could still gain administrator-level privileges on a machine running the Print Spooler service to run arbitrary code.

Most concerning is that this vulnerability could put servers running Windows domain controllers at risk, effectively giving attackers the keys to the kingdom to compromise enterprise networks with ransomware or other malicious code.

Microsoft acknowledged the issue at the bottom of its advisory.

“Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible,” it admitted. “To disallow Point and Print for non-administrators make sure that warning and elevation prompts are shown for printer installs and updates.”

The latest issue adds to a catalog of errors that began when Chinese researchers accidentally published a proof-of-concept exploit last month, believing it to have already been circulated by a researcher and patched by Microsoft.

Categories: Cyber Risk News

US Could Appeal Assange Extradition Refusal

Info Security - Wed, 07/07/2021 - 21:12
US Could Appeal Assange Extradition Refusal

The United States has been given leave to appeal a British court's decision not to extradite WikiLeaks founder Julian Paul Assange to America. 

In Westminster Magistrate's court in January, district judge Vanessa Baraitser ruled that Australian citizen Assange should not be extradited to the United States to face 17 charges under the Espionage Act and one charge under the Computer Fraud and Abuse Act. 

The US Department of Justice indicted Assange in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. 

Baraitser rejected the Trump administration's request to extradite Assange to the United States on mental health grounds. She judged that should Assange be sent to America to stand trial, there was a high chance that he would kill himself. 

On Wednesday, Britain's High Court granted the US government permission to lodge an appeal against the January ruling. The judicial office said that the case would be listed for a High Court hearing at a date that is yet to be set.

Assange's fiancé, Stella Morris, said: "Every aspect of this case is profoundly unjust. Julian is being punished for doing his job as a journalist."

Morris said that the High Court's decision placed Assange's life at risk. 

"The High Court delivered its decision that it will allow limited permission for the US government to appeal January's decision to block Julian's extradition," she said. "That means that he's still at risk of extradition where he faces a 175-year prison sentence and according to a magistrate, is certain to lose his life if he is extradited."

Morris went on to appeal to the Biden administration to "do the right thing:" 

"This appeal was taken two days before the Trump administration left office," said Morris. 

She added: "If the Biden administration is serious about respecting the rule of law, the first amendment, and defending global press freedom, the only thing it can do is drop this case." 

Morris described Assange as living in purgatory. She highlighted the fact that the Obama administration had decided not to prosecute Assange. She also emphasized that the sentence of former US Army intelligence analyst Chelsea Manning had been commuted.

Categories: Cyber Risk News

US Could Appeal Assange Extradition Refusal

Info Security - Wed, 07/07/2021 - 20:12
US Could Appeal Assange Extradition Refusal

The United States has been given leave to appeal a British court's decision not to extradite WikiLeaks founder Julian Paul Assange to America. 

In Westminster Magistrate's court in January, district judge Vanessa Baraitser ruled that Australian citizen Assange should not be extradited to the United States to face 17 charges under the Espionage Act and one charge under the Computer Fraud and Abuse Act. 

The US Department of Justice indicted Assange in 2019 over his alleged involvement in the acquisition and publication of thousands of classified US diplomatic and military documents. 

Baraitser rejected the Trump administration's request to extradite Assange to the United States on mental health grounds. She judged that should Assange be sent to America to stand trial, there was a high chance that he would kill himself. 

On Wednesday, Britain's High Court granted the US government permission to lodge an appeal against the January ruling. The judicial office said that the case would be listed for a High Court hearing at a date that is yet to be set.

Assange's fiancé, Stella Morris, said: "Every aspect of this case is profoundly unjust. Julian is being punished for doing his job as a journalist."

Morris said that the High Court's decision placed Assange's life at risk. 

"The High Court delivered its decision that it will allow limited permission for the US government to appeal January's decision to block Julian's extradition," she said. "That means that he's still at risk of extradition where he faces a 175-year prison sentence and according to a magistrate, is certain to lose his life if he is extradited."

Morris went on to appeal to the Biden administration to "do the right thing:" 

"This appeal was taken two days before the Trump administration left office," said Morris. 

She added: "If the Biden administration is serious about respecting the rule of law, the first amendment, and defending global press freedom, the only thing it can do is drop this case." 

Morris described Assange as living in purgatory. She highlighted the fact that the Obama administration had decided not to prosecute Assange. She also emphasized that the sentence of former US Army intelligence analyst Chelsea Manning had been commuted.

Categories: Cyber Risk News

Biden Administration Cancels $10bn JEDI Contract

Info Security - Wed, 07/07/2021 - 20:07
Biden Administration Cancels $10bn JEDI Contract

The Biden administration has announced the cancellation of a $10bn massive cloud-computing contract awarded to Microsoft. 

After Microsoft won a lengthy bidding process for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract in 2019, competing contractor Amazon Web Services (AWS) complained that the decision wasn't fair.

Yesterday the DoD issued a statement declaring that the contract had passed its sell-by date and was no longer relevant.

"The Department has determined that, due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI Cloud contract no longer meets its needs," read the statement. 

It continued: "The Department continues to have unmet cloud capability gaps for enterprise-wide, commercial cloud services at all three classification levels that work at the tactical edge, at scale. These needs have only advanced in recent years with efforts such as Joint All Domain Command and Control (JADC2) and the Artificial Intelligence and Data Acceleration (ADA) initiative."

At the same time as the JEDI Request for Proposals (RFP) was trashed, the DoD announced its intention to seek proposals from AWS and Microsoft Corporation to fulfill a new multi-cloud/multi-vendor Indefinite Delivery-Indefinite Quantity (IDIQ) contract called the Joint Warfighter Cloud Capability (JWCC).

The DoD said it would consider proposals from other firms if they were capable of meeting the brief.

"JEDI was developed at a time when the Department’s needs were different and both the CSP's technology and our cloud conversancy was less mature," said John Sherman, acting DoD chief information officer. 

"In light of new initiatives like JADC2 and AI and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute missions, our landscape has advanced and a new way ahead is warranted to achieve dominance in both traditional and non-traditional warfighting domains."

Alex Rossino, a federal market research analyst at Deltek, commented that having more than one cloud contractor could create challenges. 

"The complicating factor in all of this is the issue of interoperability between the new systems," noted Rossino.

"The DoD will need to ensure that the data in one cloud can be easily accessible to the other."

In its first seven months, the Biden administration has cancelled the Keystone XL pipeline, DoD border contracts, oil and gas exploration leases, and Justice Department contracts with private prisons.

Categories: Cyber Risk News

Biden Administration Cancels $10bn JEDI Contract

Info Security - Wed, 07/07/2021 - 19:07
Biden Administration Cancels $10bn JEDI Contract

The Biden administration has announced the cancellation of a $10bn massive cloud-computing contract awarded to Microsoft. 

After Microsoft won a lengthy bidding process for the Joint Enterprise Defense Infrastructure (JEDI) cloud contract in 2019, competing contractor Amazon Web Services (AWS) complained that the decision wasn't fair.

Yesterday the DoD issued a statement declaring that the contract had passed its sell-by date and was no longer relevant.

"The Department has determined that, due to evolving requirements, increased cloud conversancy, and industry advances, the JEDI Cloud contract no longer meets its needs," read the statement. 

It continued: "The Department continues to have unmet cloud capability gaps for enterprise-wide, commercial cloud services at all three classification levels that work at the tactical edge, at scale. These needs have only advanced in recent years with efforts such as Joint All Domain Command and Control (JADC2) and the Artificial Intelligence and Data Acceleration (ADA) initiative."

At the same time as the JEDI Request for Proposals (RFP) was trashed, the DoD announced its intention to seek proposals from AWS and Microsoft Corporation to fulfill a new multi-cloud/multi-vendor Indefinite Delivery-Indefinite Quantity (IDIQ) contract called the Joint Warfighter Cloud Capability (JWCC).

The DoD said it would consider proposals from other firms if they were capable of meeting the brief.

"JEDI was developed at a time when the Department’s needs were different and both the CSP's technology and our cloud conversancy was less mature," said John Sherman, acting DoD chief information officer. 

"In light of new initiatives like JADC2 and AI and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute missions, our landscape has advanced and a new way ahead is warranted to achieve dominance in both traditional and non-traditional warfighting domains."

Alex Rossino, a federal market research analyst at Deltek, commented that having more than one cloud contractor could create challenges. 

"The complicating factor in all of this is the issue of interoperability between the new systems," noted Rossino.

"The DoD will need to ensure that the data in one cloud can be easily accessible to the other."

In its first seven months, the Biden administration has cancelled the Keystone XL pipeline, DoD border contracts, oil and gas exploration leases, and Justice Department contracts with private prisons.

Categories: Cyber Risk News

Most Insider Data Breaches Aren't Malicious

Info Security - Wed, 07/07/2021 - 18:34
Most Insider Data Breaches Aren't Malicious

The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research

The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data.

A key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. Researchers observed employees repeatedly taking actions that put valuable company data at risk while fulfilling their day-to-day work responsibilities. 

The daily average of data-exposure events by trusted insiders per user was 13 and included moving corporate files to untrusted locations via email, messaging, cloud or removable media.

While such breaches are unlikely to be caused by malice, they can still have a significant financial impact on a business. The study found the cost per year of breaches from insiders can reach up to 20% of annual revenue.

Businesses are struggling to maintain data security as most of them do not have consistent, centralized visibility over their own digital environments. Researchers found that 75% of organizations lack the tools necessary to track how much enterprise file movement their organization has and to monitor how frequently valuable files are exposed by legitimate users carrying out their daily tasks.

Another key finding of the research was that in 2020 a breach was four and a half times more likely to happen on an endpoint than on a server. 

"Data stewardship has become a boardroom imperative. And while insider risk is not a new problem in security, managing it effectively in today’s open and collaborative business climate with enough resources is,” said Joe Payne, Code42’s president and CEO.

“We know that one out of three data breaches involves an insider, though it’s likely much higher. Important ideas and key IP encompass much more than just the company crown jewels. It includes the very digital and portable information like source code, customer lists and salary structures – data that when taken can leave a devastating impact on a company’s competitive position and bottom line.”

Categories: Cyber Risk News

Most Insider Data Breaches Aren't Malicious

Info Security - Wed, 07/07/2021 - 17:34
Most Insider Data Breaches Aren't Malicious

The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research

The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data.

A key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. Researchers observed employees repeatedly taking actions that put valuable company data at risk while fulfilling their day-to-day work responsibilities. 

The daily average of data-exposure events by trusted insiders per user was 13 and included moving corporate files to untrusted locations via email, messaging, cloud or removable media.

While such breaches are unlikely to be caused by malice, they can still have a significant financial impact on a business. The study found the cost per year of breaches from insiders can reach up to 20% of annual revenue.

Businesses are struggling to maintain data security as most of them do not have consistent, centralized visibility over their own digital environments. Researchers found that 75% of organizations lack the tools necessary to track how much enterprise file movement their organization has and to monitor how frequently valuable files are exposed by legitimate users carrying out their daily tasks.

Another key finding of the research was that in 2020 a breach was four and a half times more likely to happen on an endpoint than on a server. 

"Data stewardship has become a boardroom imperative. And while insider risk is not a new problem in security, managing it effectively in today’s open and collaborative business climate with enough resources is,” said Joe Payne, Code42’s president and CEO.

“We know that one out of three data breaches involves an insider, though it’s likely much higher. Important ideas and key IP encompass much more than just the company crown jewels. It includes the very digital and portable information like source code, customer lists and salary structures – data that when taken can leave a devastating impact on a company’s competitive position and bottom line.”

Categories: Cyber Risk News

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Info Security - Wed, 07/07/2021 - 11:00
Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Security researchers have discovered over 170 Android apps that have scammed tens of thousands of cryptocurrency enthusiasts into paying for non-existent services.

Lookout Threat Lab revealed that 25 of the fraudulent apps were even listed on the official Google Play marketplace.

It separated them into two groups, BitScam and CloudScam, although all use similar business models and the same coding and design.

Both families of scam apps promise the user access to cryptocurrency mining services, capitalizing on a recent spike in the valuation of digital currencies and widespread interest from consumers hoping to make a quick buck.

Those behind the apps are estimated to have made around $350,000 from their victims by charging for the initial app download and subsequent ‘virtual hardware’ or ‘subscription upgrades’ that claim to increase coin mining rates.

In reality, the apps offer nothing under the surface, according to Lookout application security researcher Ioannis Gasparis.

“After successfully logging in, a user is greeted with an activity dashboard that displays the available hash mining rate as well as how many coins they have ‘earned.’ The hash rate displayed is typically very low in order to lure the user into buying upgrades that promise faster mining rates,” he explained.

“After analyzing the code and network traffic, we also discovered the apps display a fictitious coin balance and not the number of coins mined.”

Users are not allowed to withdraw coins until their account balance has hit a minimum level, which is impossible as balances are frequently reset to zero.

“What enabled BitScam and CloudScam apps to fly under the radar is that they don’t do anything actually malicious,” said Gasparis. “In fact, they hardly do anything at all. They are simply shells to collect money for services that don’t exist.”

These apps have scammed around 96,000 victims. Although Google Play has removed the offending titles, dozens more remain on third-party app stores, Lookout warned.

Categories: Cyber Risk News

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Info Security - Wed, 07/07/2021 - 10:00
Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Security researchers have discovered over 170 Android apps that have scammed tens of thousands of cryptocurrency enthusiasts into paying for non-existent services.

Lookout Threat Lab revealed that 25 of the fraudulent apps were even listed on the official Google Play marketplace.

It separated them into two groups, BitScam and CloudScam, although all use similar business models and the same coding and design.

Both families of scam apps promise the user access to cryptocurrency mining services, capitalizing on a recent spike in the valuation of digital currencies and widespread interest from consumers hoping to make a quick buck.

Those behind the apps are estimated to have made around $350,000 from their victims by charging for the initial app download and subsequent ‘virtual hardware’ or ‘subscription upgrades’ that claim to increase coin mining rates.

In reality, the apps offer nothing under the surface, according to Lookout application security researcher Ioannis Gasparis.

“After successfully logging in, a user is greeted with an activity dashboard that displays the available hash mining rate as well as how many coins they have ‘earned.’ The hash rate displayed is typically very low in order to lure the user into buying upgrades that promise faster mining rates,” he explained.

“After analyzing the code and network traffic, we also discovered the apps display a fictitious coin balance and not the number of coins mined.”

Users are not allowed to withdraw coins until their account balance has hit a minimum level, which is impossible as balances are frequently reset to zero.

“What enabled BitScam and CloudScam apps to fly under the radar is that they don’t do anything actually malicious,” said Gasparis. “In fact, they hardly do anything at all. They are simply shells to collect money for services that don’t exist.”

These apps have scammed around 96,000 victims. Although Google Play has removed the offending titles, dozens more remain on third-party app stores, Lookout warned.

Categories: Cyber Risk News

Kremlin Hackers Reportedly Breached Republican National Committee

Info Security - Wed, 07/07/2021 - 09:54
Kremlin Hackers Reportedly Breached Republican National Committee

State-backed Russian hackers reportedly breached the Republican National Committee (RNC) last week, although the party denies any data was stolen.

Two people familiar with the matter told Bloomberg of the attack, which is thought to have come from APT29 (Cozy Bear), a notorious Kremlin hacking group that was blamed for the 2016 info-stealing raid on the Democratic National Committee (DNC).

The group was also pegged for the SolarWinds campaign and separate raids targeting IP related to COVID-19 vaccine development.

The RNC said that third-party IT services partner Synnex was breached over the July 4 holiday weekend, but no data was taken.

“We immediately blocked all access from Synnex accounts to our cloud environment,” chief of staff Richard Walters reportedly claimed.

“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”

In a brief statement, long-term Microsoft distributor Synnex said it had been conducting a thorough security review.

“Synnex … confirms it is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” it added.

“These actions could potentially be in connection with the recent cybersecurity attacks on managed service providers.”

Those attacks are a single ransomware campaign that hit US software firm Kaseya and its downstream customers over the same weekend. However, that attack is believed to have been carried out by financially motivated cyber-criminals rather than a state-backed entity.

John Hultquist, VP of analysis at Mandiant Threat Intelligence, said parties are ideal targets for espionage actors looking for political, military, and economic intelligence.

“Though these organizations have been famously involved in aggressive hack and leak campaigns, more often than not, Russian hackers and others target them to quietly gather intelligence,” he added.

Categories: Cyber Risk News

Kremlin Hackers Reportedly Breached Republican National Committee

Info Security - Wed, 07/07/2021 - 08:54
Kremlin Hackers Reportedly Breached Republican National Committee

State-backed Russian hackers reportedly breached the Republican National Committee (RNC) last week, although the party denies any data was stolen.

Two people familiar with the matter told Bloomberg of the attack, which is thought to have come from APT29 (Cozy Bear), a notorious Kremlin hacking group that was blamed for the 2016 info-stealing raid on the Democratic National Committee (DNC).

The group was also pegged for the SolarWinds campaign and separate raids targeting IP related to COVID-19 vaccine development.

The RNC said that third-party IT services partner Synnex was breached over the July 4 holiday weekend, but no data was taken.

“We immediately blocked all access from Synnex accounts to our cloud environment,” chief of staff Richard Walters reportedly claimed.

“Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials, on this matter.”

In a brief statement, long-term Microsoft distributor Synnex said it had been conducting a thorough security review.

“Synnex … confirms it is aware of a few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” it added.

“These actions could potentially be in connection with the recent cybersecurity attacks on managed service providers.”

Those attacks are a single ransomware campaign that hit US software firm Kaseya and its downstream customers over the same weekend. However, that attack is believed to have been carried out by financially motivated cyber-criminals rather than a state-backed entity.

John Hultquist, VP of analysis at Mandiant Threat Intelligence, said parties are ideal targets for espionage actors looking for political, military, and economic intelligence.

“Though these organizations have been famously involved in aggressive hack and leak campaigns, more often than not, Russian hackers and others target them to quietly gather intelligence,” he added.

Categories: Cyber Risk News

Pages