Info Security

Subscribe to Info Security  feed
Updated: 1 hour 11 min ago

UK Banks Foiled by Travelex Ransomware Attack

Thu, 01/09/2020 - 16:52
UK Banks Foiled by Travelex Ransomware Attack

The New Year's Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers. 

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a "software virus" on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.

Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally. 

The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant. 

RBS, Sainsbury's Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident. 

Requests for foreign currency are being handled in-branch by many of the banks affected. 

According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company's data. 

Travelex said on Tuesday that it was not yet clear what data had been affected by the incident. 

"To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated," Travelex stated on January 7.

Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: "Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim."

With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex.

Categories: Cyber Risk News

Accenture to Acquire Symantec's Cyber Security Services Business

Thu, 01/09/2020 - 16:05
Accenture to Acquire Symantec's Cyber Security Services Business

Accenture Security is to acquire Symantec's Cyber Security Services business from Broadcom.

No financial terms were disclosed regarding the acquisition, which is expected to close in March 2020, subject to customary conditions.  

The impending Symantec deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture's cyber-stable are Deja vu SecurityiDefenseMaglanRedcoreArismore, and FusionX.

With this latest acquisition, Accenture Security has signaled its intention to become one of the main players on the managed security services stage.

“Cybersecurity has become one of the most critical business imperatives for all organizations regardless of industry or geographic location,” said Accenture’s CEO, Julie Sweet.

“With the addition of Symantec’s Cyber Security Services business, Accenture Security will offer one of the most comprehensive managed services for global businesses to detect and manage cybersecurity threats aimed at their companies.”

The cybersecurity services arm of Symantec operates from six operations centers set in Australia, India, Japan, Singapore, the UK, and the US. 

Included in Symantec’s portfolio of cybersecurity services are global threat monitoring and analysis through a network of security operation centers, real-time adversary and industry-specific threat intelligence, and incident response services. 

Once the acquisition is complete, Accenture hopes to be able to offer clients a more personalized cybersecurity service.

Kelly Bissell, senior managing director of Accenture Security, said: “Companies are facing an unprecedented volume of cyber threats that are highly sophisticated and targeted to their businesses, and they can no longer rely solely on generic solutions. This acquisition is a game-changer and will help Accenture provide flexibility rather than a ‘one size fits all’ approach to managed security services. 

“With Symantec’s Cyber Security Services business, we can now bring clients our combined expertise fine-tuned to their industry with tailored global threat intelligence powered by advanced analytics, automation and machine learning.”

Symantec’s Enterprise Security business, now a division of Broadcom, is headquartered in Mountain View, California, and its Cyber Security Services business includes more than 300 employees around the world who serve top-tier organizations across a diverse range of industries, including financial services, utilities, health, government, communications, media, technology, and retail.

Categories: Cyber Risk News

Interpol Reduces Cryptojacking Infections by 78%

Thu, 01/09/2020 - 12:01
Interpol Reduces Cryptojacking Infections by 78%

Interpol is celebrating after a region-wide operation led to a drastic reduction in the number of routers in southeast Asia infected with cryptomining malware.

Operation Goldfish Alpha began in June 2019 after intelligence identified over 20,000 compromised routers in the ASEAN region, accounting for nearly a fifth (18%) of global infections.

Over the succeeding five months of the operation, law enforcers and CERT staff from Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam worked together with private sector organizations including Trend Micro.

Their mission: to locate the infected routers, alert the victims and patch the devices.

Their efforts led to a 78% reduction in the number of infected routers, with efforts continuing to identify and patch the remaining devices, Interpol said.

The policing organization hailed the support of the Cyber Defense Institute and Trend Micro in helping with information sharing and analysis, as well as providing crucial guidelines for patching infected routers and advice on preventing future infections.

“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said Interpol’s director of cybercrime, Craig Jones.

“By combining the expertise and data on cyber-threats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime.”

Trend Micro explained in a blog post that its guidance document detailed how to detect and remove the Coinhive JavaScript being used by hackers to mine for cryptocurrency on affected MicroTik routers.

The firm claimed cryptojacking was its most detected threat in the first half of 2019, in terms of file-based threat components.

“Unlike serious data breaches, phishing attacks, ransomware and banking Trojans, cryptojacking doesn’t have a major impact on the victim. They don’t lose sensitive personal data, there’s no risk of follow-on identity fraud and they’re not extorted for funds by being locked out of their PC,” it continued.

“However, it’s not without consequences: cryptomining malware can slow your home network to a crawl while running up serious energy bills. It may even bring your home computers to a premature end. Also, there’s always the risk with any kind of malware infection that hackers may switch tactics and use their footprint on your home machines to launch other attacks in the future.”

Categories: Cyber Risk News

Police to Implement Facial Recognition at Cardiff-Swansea Football Match

Thu, 01/09/2020 - 11:15
Police to Implement Facial Recognition at Cardiff-Swansea Football Match

South Wales Police has announced that it will be deploying facial recognition technology at the upcoming Premier League football match between Cardiff City FC and Swansea City FC at Cardiff City Stadium this Sunday, 12 January.

In a statement, South Wales Police said: “We will be deploying our facial recognition technology at key areas ahead of the match to assist in identifying those have been issued with banning orders and may attempt to attend the game.”

This comes after the same technology was used by the police when the two teams played each other earlier in the season, a move that, despite causing some controversy regarding privacy concerns, was found to be legally justified and proportionate by the High Court back in September 2019.

Assistant chief constable Andy Valentine said: “This is only the third time in more than two-and-a-half years that the technology has been utilized at a football match and is intended to prevent disorder that has in the past affected matches involving both clubs.

“We are deploying Automated Facial Recognition to prevent offences by identifying individuals who are wanted for questioning for football-related offences or who have been convicted of football-related criminality and are now subject to football banning orders that preclude them from attending.

Football banning orders are issued by the court to those who have misbehaved at a previous football game and hence this provides us with a clear rational in our strategy to prevent any crime and disorder, he added.

“In line with our standard operating procedures, the data of all those captured by the technology on the day, but not on the watch list, will have their data instantaneously deleted.  

However, the news has once again raised privacy concerns and critical comments from the likes of Big Brother Watch, Football Supporters’ Association Wales and North Wales Police and Crime Commissioner Arfon Jones, along with security experts.

Jake Moore, cybersecurity specialist at ESET, said: “Facial recognition software is still very much in its early stages of production and there are many instances of it making mistakes or false positives.

“Something needs to be done in such large gatherings of people but until such a system is in place that can be completely trusted in terms of security and it’s function, I think it could do more harm than good.” 

In November 2019, the UK’s privacy watchdog raised “serious concerns” about police use of facial recognition technology, and called for the introduction of a statutory code of practice to govern when and how it should be deployed.

Categories: Cyber Risk News

TikTok Patches Critical Account Takeover Bugs

Thu, 01/09/2020 - 10:45
TikTok Patches Critical Account Takeover Bugs

TikTok has been forced to patch several critical vulnerabilities which may have allowed hackers to hijack user accounts and steal personal data.

Check Point researchers discovered the flaws in the wildly popular social media platform, including one SMS link spoofing bug affecting a feature on the main TikTok site that lets users send a message to their phone to download the app.

This could allow attackers able to find out a victim’s phone number to send them a custom malicious link, enabling them to take over an account and delete videos, post content and make private videos public.

Check Point also discovered a cross-site scripting (XSS) vulnerability in an ads subdomain of the main TikTok site; specifically in a help center section. This could allow attackers to inject malicious JavaScript into the site to harvest personal user account info, the firm warned.

These bugs were amplified by the lack of anti-cross-site request forgery mechanism, it added in a blog post.

“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface,” explained Check Point head of product vulnerability research, Oded Vanunu.

“Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using.”

TikTok patched the bugs in its latest version of the app, although security concerns about the company persist in Washington, thanks to its Chinese ownership.

Beijing-based ByteDance bought the app from US firm Music.ly in 2017, but given its popularity in the States, lawmakers are becoming increasingly uneasy about the purchase.

Reports suggest that both the US Army and Navy have banned servicemen and women from using the app on government-issued devices.

In the meantime, the increasingly powerful Committee on Foreign Investment in the United States (CFIUS) has launched an inquiry into whether the user data TikTok collects represents a national security risk. 

Categories: Cyber Risk News

Cyber-Attacks Hit UK Firms Once Per Minute in 2019

Thu, 01/09/2020 - 09:42
Cyber-Attacks Hit UK Firms Once Per Minute in 2019

UK businesses were deluged with cyber-attacks in 2019, with the average firm hit by over half a million attempts to compromise systems, according to new stats from Beaming.

The Hastings-based business Internet Service Provider (ISP) extrapolated the findings from data on its own corporate customers across the country.

It calculated the average number of attacks aimed at a single business last year was 576,575, around 152% higher than the 281,094 recorded in 2018 and the highest since the ISP began analyzing this kind of data in 2016.

That means UK businesses were forced to repel 66 attacks per hour on average in 2019.

The firm identified 1.8 million unique IP addresses responsible for the attacks last year, just under a fifth (18%) of which were located in China. However, this is more an indication of the sheer number of potentially hijacked machines based in the country rather than the origin of the attackers.

There was a fairly big drop to second placed Brazil (7%), which was followed by Taiwan (6%) and Russia (5%) in terms of originating IP addresses for attacks.

Attackers most commonly targeted network device admin tools and IoT endpoints like connected security cameras and building control systems, according to Beaming. These suffered 92,448 attacks in total last year, while 35,807 were targeted at file sharing applications.

Beaming managing director, Sonia Blizzard, described 2019 as the “worst year on record” for cyber-attacks against UK firms, claiming that most were “completely indiscriminate.”

“Most business leaders, particularly at the smaller end of the spectrum, still don't recognize the threat or incorrectly assume that their broadband router and antivirus systems will be sufficient to keep them safe,” she continued.

“With the number of companies falling victim to cybercrime increasing each year, it is clear that most need to do more to protect themselves. We advise businesses to put in place multiple layers of protection, use methods such as two-factor authentication, and to secure their data while it travels over the internet.”

Categories: Cyber Risk News

Apple Is Scanning Your Photos

Wed, 01/08/2020 - 17:43
Apple Is Scanning Your Photos

Apple's senior director of global privacy has confirmed that the company scans photos uploaded to the iCloud for evidence of illegal activities such as child sexual abuse.

Jane Horvath made the admission while speaking at the Consumer Electronics Show (CES) 2020 conference in Las Vegas yesterday, according to The Telegraph.

While speaking at the tech conference, Horvath said that photographs that are backed up to Apple's online storage service are automatically screened for illicit content.

The company has been criticized by law enforcement agencies for allowing criminals to hide behind lanes of protective encryption and for refusing to break into the phones of suspected wrongdoers. 

Addressing this issue yesterday in Las Vegas, Horvath said that giving criminals nowhere to hide by scrapping encryption was "not the way we’re solving these issues" but added: "We are utilizing some technologies to help screen for child sexual abuse material."

Exactly what technologies Apple is using to screen their customers' digital photographs and how long they have been doing so was not specified. 

On the company's website it states: "Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space.

"As part of this commitment, Apple uses image matching technology to help find and report child exploitation. Much like spam filters in email, our systems use electronic signatures to find suspected child exploitation."

Companies including Facebook, Google, and Twitter check for images depicting the sexual abuse of minors with Microsoft’s PhotoDNA system. The system uses hashing technology to check images posted online against a database of previously identified photographs.

Paul Bischoff, privacy advocate at Comparitech.com, believes that Apple may be doing something similar. 

"Here's what I think is happening: Apple has access to a law enforcement database of child abuse photos. Apple hashes or encrypts those photos with each user's security key (password) to create unique signatures. If the signatures of any encrypted photos uploaded from an iPhone match the signatures from the database, then the photo is flagged and presumably reported to authorities. 

"This allows Apple to match photos uploaded to the cloud against the law enforcement database without ever breaking encryption or actually viewing the photos." 

If this is the system that Apple is using, then Bischoff warns it has a serious flaw. 

He said: "If a child abuse photo is cropped or edited, if it's converted to another type of image file, or if it's compressed, then the encrypted signatures won't match up."

Categories: Cyber Risk News

Las Vegas Suffers Cyber-Attack

Wed, 01/08/2020 - 16:49
Las Vegas Suffers Cyber-Attack

The city of Las Vegas is licking its wounds after suffering a cyber-attack on its computer network.

It is not yet known whether any sensitive information was compromised in the incident, which took place in the early hours of Tuesday morning. 

City spokesperson David Riggleman said that it was likely that the threat actors gained access to the city's network via a malicious email. 

Riggleman said that the city's IT department moved fast to counter the invasion and stated that "the city is taking extensive steps to protect its systems."

City officials were notified after unusual activity occurred at around 4:30 a.m. on Tuesday, but by the evening the full extent of the damage wrought by the incident was yet to be confirmed. Riggleman said a clearer picture is likely to emerge over the next day or two.

According to Riggleman, the City of Lost Wages encounters an average of 279,000 attempts to breach its systems every month. 

He observed: "A lot of people out there . . . are trying to open that cyber door."

While Las Vegas works out who it was that managed to step over its digital threshold and what they got up to, city residents are likely to experience some disruption. 

Riggleman said that the city's emails may be affected by system analysts' ongoing investigation into the breach. He expected any disruption, however, to be "minimal."

If the breach turns out to be the latest in a string of ransomware attacks on US cities, then it is highly unlikely that Las Vegas will cough up the money. The city's mayor, Carolyn Goodman, went on record in July as sponsor of a resolution not to pay ransoms in the event of a cybersecurity breach. The resolution was approved by the US Conference of Mayors. 

Given the timing of the attack, some may wonder if it was launched by a vengeful Iran as retaliation for the recent killing of Iranian major general Qassem Suleimani. 

Following the announcement of Suleimani's death on January 2, the US Department of Homeland Security issued a warning for Americans to be on high alert for cyber-attacks coming from Iran.

Categories: Cyber Risk News

Nigerian Betting Company Denies Breach

Wed, 01/08/2020 - 15:53
Nigerian Betting Company Denies Breach

Nigerian online betting company SureBet247 has told the public not to be deceived by "false" reports that the firm has suffered a serious data breach.

According to the website iAfrikan.com, over 32GB of SureBet247 data, spread across six databases, has been exposed online. The information affected by the alleged incident includes user profiles, betting slip logs, a list of SureBet247 staff email addresses, and data linked to the company's website surebet247.com.

The alleged breach came to light after an anonymous source found SureBet247 data online and tipped off Australian security researcher and haveibeenpwned founder Troy Hunt. 

"Within the databases there’s everything from user records to betting histories, the latter consuming more than 100M rows in one of the databases," said Hunt.

"I’m yet to total the user records, but multiple databases contained hundreds of thousands of user records each, so the number is substantial. Impacted data includes names, email addresses, dates of birth and betting records. It’s not yet clear whether passwords were also compromised, that’s something I’m hoping to clarify with them."

The anonymous source reached out to Hunt in December 2019 after an attempt to warn SureBet247 of a potential security issue was spurned. Hunt contacted iAfrikan after his own efforts to notify SureBet247 of the alleged breach elicited no response. 

When iAfrikan's Tefo Mohapi contacted the gambling company to warn them of the alleged breach, he received a suggestion to email technical support and the response that it was SureBet247's decision whether or not to notify their customers of a possible data breach. 

According to MyNaijaBlog.com, the director-normal of Nigeria's National Information Technology Development Agency (NITDA) has requested that an investigation into the alleged breach be carried out by the Data Breach Investigation Workforce.

SureBet247 has publicly denied that any data breach has taken place. Earlier today, the company posted the following message on Twitter: "Dont be decieve [sic] by any false info. We weren’t breached on any data. Thanks."

SureBet247 was founded in 2011 and trades under the name ChessPlus International Limited.

According to Mohapi, other online sports betting operators may have been affected by the alleged security incident. The exposed databases indicate that BetAlfa, BetWay, BongoBongo, and TopBet may have been compromised. 

Categories: Cyber Risk News

Google Shifts to 90-Day Bug Disclosures by Default

Wed, 01/08/2020 - 12:00
Google Shifts to 90-Day Bug Disclosures by Default

Google has tweaked its Project Zero disclosure policy in a bid to drive more thorough patch development and improved adoption.

The new direction for 2020 centers around one major change: from January 1 this year the firm will implement a full 90-day disclosure policy regardless of when a vulnerability is fixed by a vendor. In the past, the relevant researchers could decide whether disclosure came at the end of the 90-day period or when a bug was fixed.

Although the rationale for the previous policy was to speed patch development by affected vendors, Google now also wants to focus on additional goals, according to Project Zero manager, Tim Willis.

With 97.7% of issues identified by Project Zero now fixed within the deadline, thoughts moved to improving the underlying principles of simplicity, fairness and consistency, he said.

With that in mind, Google not only wants to continue pursuing faster patch development but also now to improving the thoroughness of patches.

“Too many times, we've seen vendors patch reported vulnerabilities by ‘papering over the cracks’ and not considering variants or addressing the root cause of a vulnerability,” explained Willis. “One concern here is that our policy goal of ‘faster patch development’ may exacerbate this problem, making it far too easy for attackers to revive their exploits and carry on attacking users with little fuss.”

Providing a full 90-day window means vendors will therefore have more time to perform root cause and variant analysis.

“We expect to see iterative and more thorough patching from vendors, removing opportunities that attackers currently have to make minor changes to their exploits and revive their zero-day exploits,” said Willis.

Google’s second goal for 2020 is to improve adoption of any patches that arise from Project Zero research.

“End user security doesn't improve when a bug is found, and it doesn't improve when a bug is fixed. It improves once the end user is aware of the bug and typically patches their device,” argued Willis.

“To this end, improving timely patch adoption is important to ensure that users are actually acquiring the benefit from the bug being fixed.”

Once again, the 90-day time frame should provide more opportunity and incentive for vendors to encourage installation of their fixes by a larger user population.

Google is also betting that leveling the playing field with a mandatory 90-day window will encourage vendors to work more closely with its researchers on bigger problems.

“We hope this experiment will encourage vendors to be transparent with us, to share more data, build trust and improve collaboration,” Willis concluded.

Categories: Cyber Risk News

NGOs Demand Google Crackdown on Pre-Installed Apps

Wed, 01/08/2020 - 10:30
NGOs Demand Google Crackdown on Pre-Installed Apps

Global rights groups have joined forces to demand that Google tackles the problem of budget Android smartphones pre-installed with privacy infringing apps that users can’t remove.

Over 50 organizations, including the UK’s Privacy International, today asked the tech giant to stop manufacturers and other Android partners from delivering devices that could undermine user privacy and security.

They argued that because the apps come pre-installed, they can choose which permissions they want — sometimes using the device’s camera, microphone or location without the user's knowledge.

“The failure of Google to moderate the pre-installed app ecosystem has opened it up to a wild-west of exploitation, putting users’ privacy and security at risk,” argued Privacy International technology lead, Christopher Weatherhead. “Google must act now to deter bad actors who shovel malicious and exploitative apps on individuals’ devices.”

The rights groups called for changes so that users can permanently uninstall any apps on their phones, including related background services that run even if the apps themselves are disabled.

They also want pre-installed apps to stick to the same rules as Play Store apps, especially in relation to custom permissions, and to have some form of update mechanism.

When manufacturers or vendors break these rules, Google should refuse certification for privacy reasons, they added.

The initiative comes after research released last March by Universidad Carlos III de Madrid (UC3M), the IMDEA Networks Institute, the International Computer Science Institute (ICSI) at Berkeley and Stony Brook University of New York.

The first-of-its-kind study covered 82,000 pre-installed Android apps on more than 1700 devices manufactured by 214 brands.

“As we demonstrated in this paper, this situation has become a peril to users’ privacy and even security due to an abuse of privilege or as a result of poor software engineering practices that introduce vulnerabilities and dangerous backdoors,” it concluded.

Categories: Cyber Risk News

UK Man Jailed for Using RAT to Spy on Women

Wed, 01/08/2020 - 09:50
UK Man Jailed for Using RAT to Spy on Women

A Merseyside man has been jailed for two years after using a notorious Remote Access Trojan (RAT) to spy on women via their webcams.

Scott Cowley, 27, of St Helens, was sentenced at Liverpool Crown Court this week after pleading guilty to offences under the UK’s Computer Misuse Act and Sexual Offences Act.

He’s said to have used the Imminent Monitor RAT (IM-RAT) to remotely spy on his victims. According to local reports, arresting officers found three folders on his laptop named after each of his victims. They apparently contained images and videos of the women undressing and of one of them having sex.

Officers from the North West Regional Organised Crime Unit (NWROCU) had little problem in tracking him down as he reportedly used a PayPal account linked to his real name and email address to purchase the malware.

NWROCU’s detective sergeant Steve Frame welcomed the sentencing on Monday.

“This conviction demonstrates that despite the high-tech nature of the Cyber Crime, offenders have no place to hide. We take all reports of cybercrime seriously and are absolutely committed to tackling and undermining this evolving threat,” he added in a statement.

“If you have been the victim of a similar crime, or suspect somebody is involved in committing this type of crime please call 101 and report it to your local police force.”

Cowley was arrested as part of a global crackdown on the RAT at the end of November 2019 led by the Australian Federal Police (AFP) and coordinated internationally by Europol.

Some 13 of the RAT’s “most prolific users” were arrested and 430 devices seized, according to Europol. In the UK alone, 21 search warrants led to the arrest of nine individuals including Cowley, and the recovery of 100 items.

The operation began in June 2019 when warrants were issued to search an alleged employee and developer of the IM-RAT.

The malware is thought to have been used in 124 countries and sold to more than 14,500 buyers, generating huge demand thanks to its ease-of-use and relatively low selling price of just $25.

Categories: Cyber Risk News

Utah Company and Its Former CEO Settle with FTC Over Alleged Security Failures

Tue, 01/07/2020 - 17:53
Utah Company and Its Former CEO Settle with FTC Over Alleged Security Failures

The US Federal Trade Commission has reached a settlement with a Utah company and its former CEO over allegations that shoddy security practices led to the personal information of over a million customers' being illegally accessed in multiple hacks.

InfoTrax Systems, L.C. and its founder and former CEO Mark Rawlins allegedly failed to use reasonable, low-cost, and readily available security protections to safeguard the personal information they maintained on behalf of the company’s business clients. 

As a result of the alleged security failures, a hacker infiltrated InfoTrax’s server, along with websites maintained by the company on behalf of clients, more than 20 times from May 2014 until March 2016. 

Sensitive personal information accessed by the hacker included consumers' Social Security numbers, full names, addresses, email addresses, telephone numbers, usernames, passwords, and payment account numbers with expiration data and CVVs, according to the FTC’s complaint. None of the consumer data stored had been encrypted.

It is further alleged that the presence of the intruder inside the company's system from May 5, 2014, to March 7, 2016, was only discovered because InfoTrax began receiving alerts that one of its servers had reached maximum capacity. 

In its complaint, the FTC wrote: "The only reason Respondents received any alerts is because an intruder had created a data archive file that had grown so large that the disk ran out of space. Only then did Respondents begin to take steps to remove the intruder from InfoTrax’s network."

More hacks occurred on March 14 and 29, 2016, when a threat actor gained access to the company's network, infecting it with malware that harvested payment card and other billing data. 

Under the terms of the settlement, InfoTrax and Rawlins are prohibited from collecting, selling, sharing, or storing personal information unless they implement an information security program that would address the security failures identified in the complaint. 

In addition, the company and Rawlins are required to obtain third-party assessments of their company’s information security programs every two years.

Utah State University computer science graduate Rawlins founded MLM services provider InfoTrax Systems in 1998. Clients of the company include doTerra, Xango, and LifeVantage.

Categories: Cyber Risk News

Richard Branson Gets Animated Over Online Scams

Tue, 01/07/2020 - 16:53
Richard Branson Gets Animated Over Online Scams

Sir Richard Branson is so hacked off with cyber-criminals ripping off his name and image that he has released an animated guide to spotting online scams. 

The video features two extremely pink cartoon renderings of the Virgin founder who work together to highlight a variety of scamming tactics over a soundtrack that conjures the most daring of James Bond's espionage escapades.  

Fake Branson tries to tempt you into investing in get-rich-quick scams or giving your personal information away to a stranger, while genuine Branson tells you that he and his team would never do that. 

By the end of the brief video, the fake Branson is revealed to be a robot, whose head then explodes. 

All the fraudulent endorsements and scams mentioned in the video are real tactics that have been used against Branson and his business empire. One such tactic is to send direct messages to people who have posted on Virgin's social media feeds.

Animated Richard points out: "Scammers are contacting people who post on our social feeds. Even if it’s a verified account, know that I never direct message anyone, nor does my team. I never endorse any get-rich-quick schemes—this is a sure-fire way to lose your investment."

To step up the fight against scammers, Virgin has opened its own reporting portal at virgin.com/online-scams and urges anyone affected to report any cases featuring Richard or Virgin that seem suspicious.

If you spot anything else you suspect is a scam, Virgin recommends reporting it to Action Fraud, the UK’s national fraud and cybercrime center, via reporting.actionfraud.police.uk.

In 2017, Branson nearly fell prey to a fraudster posing as a UK government official who requested financial assistance to pay the ransom of a supposed kidnapping victim. 

The billionaire businessman is not alone in being targeted; according to figures released by the British Office of National Statistics in 2018, cases of fraud, including online scams, cost UK consumers £190bn every year.

"Only trust what we post on our official channels," says animated Branson.

"Help us stop scammers and report anything you think is suspicious. If you think it’s a con, send it on."

Categories: Cyber Risk News

Insight Partners Acquires Armis for $1.1bn

Tue, 01/07/2020 - 15:59
Insight Partners Acquires Armis for $1.1bn

In the first major cybersecurity acquisition of 2020, Israeli company Armis has been acquired by private equity firm Insight Partners

Under the terms of the agreement, Insight will acquire the company for cash at a valuation of $1.1bn, with participation from CapitalG for $100m and rollover from certain existing stockholders. 

The deal represents the largest ever acquisition of a private Israeli cybersecurity company and is also the biggest enterprise IoT security software acquisition to date. Closing is expected to occur in February.

Armis was founded in late 2015 with a mission to help enterprises adopt new connected devices without fear of being compromised by cyber threat actors. The company, which is headquartered in Palo Alto, California, counts numerous Fortune 1000 companies among its clients. 

Following the acquisition, Armis will continue to operate independently and will be fully managed by its two co-founders—Yevgeny Dibrov, CEO, and Nadir Izrael, CTO—and the executive team. Going forward, the C-suite will have the support of Insight's business strategy and ScaleUp division, OnsiteSupport.

This heady mix of freedom with an optional shoulder to lean on was a deal-maker for Armis' Dibrov.

He said: "Insight is one of the most sophisticated software investors in the sector, and it is due to the depth of their domain expertise that they really understand the enterprise IoT device challenge we are looking to solve, and the size of the market opportunity. 

"We considered growth rounds and strategic offers, but by partnering with Insight we have the best of both worlds—operational support and independence, both of which were important in our decision to take on a scaleup partner this early in our company journey."

Insight Partners is a leading global venture capital and private equity firm investing in high-growth technology and software companies with a reputation for driving transformative change in their industries. Founded in 1995, the firm currently has over $20 billion in assets under management and has cumulatively invested in more than 300 companies worldwide.

Teddie Wardi, managing director at Insight, said: "We've spoken with their users, who have told us how powerful the Armis platform is at device discovery, classification, and continuous threat assessment. In a world of unmanaged devices, Armis' technology is a game changer."

Categories: Cyber Risk News

Tech Ops Exec Pleads Guilty in $6m Fraud Case

Tue, 01/07/2020 - 12:01
Tech Ops Exec Pleads Guilty in $6m Fraud Case

A senior vice-president at a global internet marketing firm has pleaded guilty to a wire fraud case in which he illegally paid $6m into an IT shell company.

Hicham Kabbaj worked for over four years at affiliate marketing giant Rakuten Marketing, formerly known as Rakuten LinkShare and part of the Japanese multi-national e-commerce firm.

From 2015, he held positions there as director of operations, VP of global technical operations, SVP of technical operations and then SVP of tech ops and engineering, according to his LinkedIn profile.

However, from at least August 2015 until at least May 2019, Kabbaj was defrauding his employer by issuing invoices in the name of a shell company he created, Interactive Systems, for fictitious products and services such as firewalls and servers, according to the Department of Justice.

The resulting payments, amounting to more than $6m in total, were subsequently transferred to his personal accounts.

“Today, Mr Kabbaj pled guilty to a serious felony because he chose to misuse his position of trust as a corporate executive to steal company funds for his own personal gain,” said Internal Revenue Service, Criminal Investigation Division (IRS-CI) special agent in charge, Jonathan Larsen.

“As a result of the dedicated work of IRS-CI special agents, along with our partners at the US Attorney’s Office, Mr Kabbaj will face the consequences of his crime when he is sentenced by a federal judge.”

Kabbaj, 48, of Floral Park, New York, pleaded guilty to one count of wire fraud, which carries a maximum sentence of 20 years behind bars. He has handed over homes in Palm Beach Gardens, Florida, and Hewitt, New Jersey, as “property traceable to the offense,” and will pay over $6m in restitution.

Categories: Cyber Risk News

Facebook Moves to Detect and Remove Deepfake Videos

Tue, 01/07/2020 - 11:30
Facebook Moves to Detect and Remove Deepfake Videos

Facebook has announced plans to ban deepfake videos.

In a blog post, Monika Bickert, the company’s vice-president for global policy management, acknowledged that “while these videos are still rare on the internet, they present a significant challenge for our industry and society as their use increases.”

Bickert said that “misleading manipulated media” will be removed if it has been edited or synthesized – beyond adjustments for clarity or quality – in ways that aren’t apparent to an average person and would likely mislead someone into thinking that a subject of the video said words that they did not actually say. Videos will also be removed if they are the product of AI or machine learning that merges, replaces or superimposes content onto a video, making it appear to be authentic.

“This policy does not extend to content that is parody or satire, or video that has been edited solely to omit or change the order of words,” Bickert said. “This approach is critical to our strategy and one we heard specifically from our conversations with experts.

“If we simply removed all manipulated videos flagged by fact-checkers as false, the videos would still be available elsewhere on the internet or social media ecosystem. By leaving them up and labelling them as false, we’re providing people with important information and context.”

Jake Moore, cybersecurity specialist at ESET, said that deepfakes are increasingly more difficult to spot, and AI is required to help detect them. “Fake videos of famous or powerful people can be extremely manipulative, causing extremely damaging effects in some cases. It is a bold claim from Facebook to ban all such false videos from their platform, as the software used to recognize them is still in its immature phase and requires more research to be effective. 

“Most videos are altered in some way before they land on social media so there is the potential of teething problems with false positives- or even letting a number of genuine deepfakes slip through the net. Not only do we need better software to recognize these digitally manipulated videos, we also need to make people aware that we are moving towards a time where we shouldn’t always believe what we see.”

Facebook has been involved with deepfake detection, launching the Deep Fake Detection Challenge last year, and partnering with Reuters to help media identify deepfakes and manipulated media through a free online training course

Categories: Cyber Risk News

UK Probes London Stock Exchange Outage

Tue, 01/07/2020 - 10:45
UK Probes London Stock Exchange Outage

UK government intelligence experts are investigating whether an ‘outage’ at the London Stock Exchange (LSE) last August may have been caused by a cyber-attack, it has emerged.

People familiar with the matter told the Wall Street Journal that GCHQ’s inquiries focus around the August 16 incident, which was described by the LSE at the time as “a technical software issue” which affected trading in FTSE 100 and 250 stocks, among others.

This led to one of the stock exchange’s worst outages in eight years, delaying the start of trading by over 90 minutes.

GCHQ reportedly wants to know whether hackers may have been able to take advantage of what was an IT system update at the time to disrupt markets.

Cyber-threats are listed in the group’s annual report as one of the LSE’s primary operational risks, with ransomware, data theft, DDoS and cloud computing all mentioned by name.

“The group’s technology and operational support providers, internal and third-party, could suffer a security breach resulting in the loss or compromise of sensitive information (both internal and external) or loss of services. Such a breach could materialize as a result of weaknesses in system controls or processes, or through the inadvertent or malicious actions of employees, contractors or vendors,” it added.

“A major information security breach that results in data and intellectual property loss, system unavailability or sensitive data leakage, could have a significant negative impact on our reputation, financial results and the confidence of our clients and could lead to fines and regulatory censure.”

For its part, the LSE has maintained that the incident was the result of a software configuration issue following an upgrade.

“London Stock Exchange takes its commitment to run orderly markets for its members seriously and has thoroughly investigated the root cause of the issue to mitigate against any future incidents,” a spokesperson told the paper.

The UK Treasury is also said to be involved in the investigation.

Categories: Cyber Risk News

US Biz Closes Doors After Ransomware Attack

Tue, 01/07/2020 - 10:01
US Biz Closes Doors After Ransomware Attack

A US fundraising firm has been forced to close its doors after more than 60 years in business following a crippling ransomware attack in October.

The Heritage Company, based in Sherwood, Arkansas, let its 300 employees go just before Christmas, according to local reports.

“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the key just to get our systems back up and running,” explained CEO Sandra Franecke in a December message to employees.

“Since then, IT has been doing everything they can to bring all our systems back up, but they still have quite a long way to go. Also, since then, I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber-attack.”

The ransomware took out the firm’s accounting systems and mail center so it had no way of processing and receiving funds and sending statements out, she added.

The firm, which describes itself as “the premiere and most experienced professional tele-fundraiser in the nation,” is still hopeful this is not the end of the road after six decades in business.

“The ONLY option we had at this time was to close the doors completely or suspend our services until we can regroup and reorganize and get our systems running again. Of course, we chose to suspend operations as Heritage is a company that doesn't like to give up,” said Franecke.

The incident is a timely reminder of the impact ransomware can have on small- and medium-sized businesses reliant on mission critical IT systems, but which have fewer resources or know-how to mitigate the risk of cyber-attacks.

“It would be easy to say that it wasn’t ransomware which brought about the apparent demise of The Heritage Company, but instead a lack of secure backups and a resilient disaster recovery plan,” observed security expert Graham Cluley.

Categories: Cyber Risk News

Imperva Appoints Pam Murphy as New CEO

Tue, 01/07/2020 - 09:45
Imperva Appoints Pam Murphy as New CEO

Cybersecurity company Imperva today announced the appointment of Pam Murphy as CEO, effective immediately.

Murphy will take over from interim CEO Charles Goodman, who will continue to serve as chairman of the board.

Murphy brings a wealth of experience to her new role, having previously served as COO of Infor and operated across multiple leadership positions at Oracle and Andersen Consulting and Arthur Andersen.

“Imperva offers incredible solutions that help our customers navigate the complex and dynamic world of security, risk and compliance, while at the same time enabling progressive business transformation in an increasingly challenging marketplace,” Murphy said. “I’m looking forward to building on the foundation laid by our outstanding leadership team and capitalizing on Imperva’s market-leading products. Our relentless focus on our customers and their needs will always come first as we seize the many opportunities that lie ahead and significantly grow the business both domestically and internationally.” 

Goodman added: “We’re excited to have Pam join us on our mission to protect critical assets from cyber-criminals’ ever-changing attacks. As an accomplished executive who has led operations for some of the world’s largest software companies, and demonstrated ability to deliver customer value on a massive scale, she is perfectly positioned to lead Imperva through our next phase of growth.”

Categories: Cyber Risk News

Pages