Feed aggregator

Kape Technologies to Acquire ExpressVPN

Info Security - Tue, 09/14/2021 - 19:19
Kape Technologies to Acquire ExpressVPN

Well-known virtual private network (VPN) provider ExpressVPN is to be acquired by Israeli-British cybersecurity company Kape Technologies in a deal worth almost $1bn.

The acquisition, which will involve $936m in shares and cash, was announced on September 13. Kape Technologies said the deal represents a “key milestone” in the booming arena of digital privacy.

In a statement released Monday, Kape said that it was joining forces with ExpressVPN “to create a premium consumer privacy and security player in the industry.”

Kape said that ExpressVPN will be “joining the Kape family” with a shared vision to transform privacy and security. Under this vision, Kape said it will define a new generation of privacy and security protection tools that will give consumers more control over their own digital safety. 

“Controlling one's digital presence is at the forefront of every tech consumer’s mind now, and Kape is more committed than ever to innovating and delivering the tools internet users need to protect their data and rights,” said Ido Erlichman, chief executive officer of Kape Technologies. 

“Kape is now synonymous with taking control of your digital experience.”

The acquisition will unite an international team of 720 employees and broaden Kape’s reach from nearly three million customers to more than six million, Kape said in a statement.

ExpressVPN was founded in 2009 and is based in the British Virgin Islands. Erlichman said Kape had been impressed with the company’s work ethic and inventive approach. 

“We’ve admired the ExpressVPN team’s relentless pursuit of excellence and innovation and are excited to welcome them to Kape,” said Kape’s CEO. 

“With ExpressVPN to join the Kape family of world-leading privacy and security brands, together we will have the vision, talent, and resources to take the industry to the next level,” he added.

A major chunk (40%) of ExpressVPN’s paying subscribers are based in North America. 

Dan Pomerantz, co-founder of ExpressVPN, said: “With access to greater capital and resources as part of Kape, we’re excited to be able to accelerate our product development, deliver even more innovation to our users, and protect them from a wider range of threats.”

Categories: Cyber Risk News

NY County IT Supervisor Charged with Crypto-Mining

Info Security - Tue, 09/14/2021 - 18:30
NY County IT Supervisor Charged with Crypto-Mining

An information technology expert employed by a New York county has been arrested on suspicion of mining crypto-currency at work.

Christopher Naples is accused of covertly installing dozens of machines throughout his workplace and using them to mine Bitcoin and other types of crypto-currency as part of a secret illegal money-making scheme. 

Naples, who lives in Mattituck, New York, was hired by Suffolk County back in 2000. His current title is Assistant Manager of Information Technology Operations for the Suffolk County Clerk’s Office.

Authorities said that the clandestine crypto-mining activity allegedly carried out by 42-year-old Naples ran up electricity bills in excess of $6,000 for his unsuspecting employer.

Charges were announced against Naples on Wednesday by Suffolk County district attorney Timothy Sini. Naples has been charged with counts including grand larceny, computer trespass, and public corruption.

Sini said Naples is accused of installing 46 crypto-mining devices in six rooms inside the county center located in Riverhead, New York. Hiding places in which the devices were allegedly concealed included beneath the floorboards of the building, on top of or inside server racks, and inside an electrical wall panel that was not in use.

The scheme had allegedly been going on for months with at least ten of the crypto-mining devices up and running since February 2021. 

Naples was released on his own recognizance after appearing in court on Wednesday. 

“Mining crypto-currency requires an enormous amount of resources, and miners have to navigate how to cover all of those electricity and cooling costs,” said Suffolk County’s Sini in a statement regarding Naples’ arrest. 

“Naples found a way to do it. Unfortunately, it was on the backs of taxpayers. We will not allow County employees, who are already on the public’s payroll, to steal taxpayer money or illegally use government resources for their own personal gain.”

The mining devices increased the temperature in some rooms by 20 degrees. 

Sini said: “Not only do we have thousands of dollars of taxpayer money funding this operation, but it also put the county’s infrastructure at risk.”

Naples faces up to 15 years in prison if convicted of the top count against him.

Categories: Cyber Risk News

Financial Services Firms Spend Over $2m on Ransomware Recovery

Info Security - Tue, 09/14/2021 - 12:30
Financial Services Firms Spend Over $2m on Ransomware Recovery

Global financial services firms spent more than $2m on average recovering from a ransomware attack last year, according to new data from Sophos.

The UK security vendor polled 550 IT decision-makers in mid-sized financial sector firms around the globe to compile its State of Ransomware in Financial Services 2021 report.

It found that a third (34%) of firms in the vertical were hit by ransomware in 2020, with half (51%) admitting their attackers managed to encrypt data.

However, although most (62%) were able to restore scrambled data from backups, the recovery costs ascribed to victim organizations from the sector were much higher than the average across all verticals ($1.85m).

The figure is also surprising considering that only a quarter (25%) of financial services victims paid the ransom demand — the second-lowest payment rate of all industries surveyed and below the global average of 32%.

Sophos claimed the high cost of recovery is partly down to the highly regulated nature of the sector, with firms forced to adhere to multiple compliance mandates, including PCI DSS, SOX and GDPR.

“Strict guidelines in the financial services sector encourage strong defenses. Unfortunately, they also mean that a direct hit with ransomware is likely to be very costly for targeted organizations,” said John Shier, senior security advisor, Sophos.

“If you add up the price of regulatory fines, rebuilding IT systems and stabilizing brand reputation, especially if customer data is lost, you can see why the survey found that recovery costs for mid-sized financial services organizations hit by ransomware in 2020 were in excess of $2m.”

Interestingly, attackers hit only 8% of organizations in the sector with double extortion attacks, which now account for the majority of all ransomware, according to some estimates.

Although it fell slightly from the previous year, the financial services sector recorded the second-highest cost of a data breach in 2021, at $5.72m, according to IBM.

Categories: Cyber Risk News

Global Databases Riddled with an Average of 26 Vulnerabilities

Info Security - Tue, 09/14/2021 - 11:30
Global Databases Riddled with an Average of 26 Vulnerabilities

Nearly half (46%) of the world’s on-premises databases contain known vulnerabilities — most of which are high or critical severity, according to a new five-year study from Imperva.

The security vendor scanned 27,000 databases globally over five years and discovered that they contained 26 vulnerabilities each on average. Some 56% of these were ranked in the top two severity categories, meaning they could lead to serious compromise if exploited.

Some CVEs have not been addressed for several years, Imperva claimed.

Despite the growing popularity of cloud-based platforms, the news is concerning, as most organizations continue to store their most sensitive data on-premises, according to Elad Erez, chief innovation officer at Imperva.

“While organizations stress publicly how much they invest in security, our extensive research shows that most are failing,” he added.

“Too often, organizations overlook database security because they’re relying on native security offerings or outdated processes. Given that nearly one out of two on-prem databases is vulnerable, it is very likely that the number of reported data breaches will continue to grow, and the significance of these breaches will increase too.”

A standard route to compromising non-publicly accessible databases is via web application vulnerabilities such as SQLi or phishing and malware designed to give attackers a foothold into networks.

Compromising public databases is even more accessible, with attackers able to scan for exposed targets via tools like Shodan, before deploying exploit code, Imperva warned.

“Attackers now have access to a variety of tools that equip them with the ability to take over an entire database, or use a foothold into the database to move laterally throughout a network,” said Erez.

“The explosive growth in data breaches is evidence that organizations are not investing enough time or resources to truly secure their data. The answer is to build a security strategy that puts the protection of data at the center of everything.”

France was by far the worst global offender in terms of percentage of vulnerable databases (84%) and second only to China (74) in terms of the average number of bugs per database (72).

Categories: Cyber Risk News

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

Info Security - Tue, 09/14/2021 - 10:30
Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

Apple has released an urgent update to patch a critical vulnerability that has been exploited by the notorious Pegasus mobile spyware.

The vulnerability, CVE-2021-30860, was discovered by researchers at University of Toronto’s Citizen Lab when analyzing the iPhone of an anonymous Saudi activist infected with NSO Group’s Pegasus spyware. They found a zero-day zero-click exploit against iMessage, which the team dubbed “FORCEDENTRY.” This exploit infected the device by targeting Apple’s rendering library, and was effective against Apple iOS, MacOS and WatchOS devices.

Citizen Lab made a “high-confidence attribution” to NSO Group for the exploit, which it believes has been in use since at least February 2021. It stated: “Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Regulation of this growing, highly profitable and harmful marketplace is desperately needed.”

After the lab passed details of their findings to Apple, the tech giant quickly released the patch. Apple customers are now being urged to immediately update their devices with the latest update, with the vulnerability affecting all iPhones with iOS versions prior to 14.8, all Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2.

In a statement, Ivan Krstić, head of Apple security engineering and architecture, said: "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.” He also reassured customers that the vulnerability is "not a threat to the overwhelming majority of our users."

Israeli firm NSO Group has regularly been at the center of numerous controversies surrounding the unethical use of Pegasus by authoritarian governments. Facebook is undertaking legal action against the company for allegedly exploiting a vulnerability in WhatsApp to enable its clients to spy on over 1400 users globally, and the spyware was also found on the mobile phone of murdered Saudi journalist Jamal Khashoggi.

CNN quoted a new NSO Group statement, which didn’t directly address the allegations. It stated: "NSO Group will continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime."

Commenting on the story, Sam Curry, chief security officer at Cybereason, said: "Monday’s emergency software updates for a critical vulnerability discovered in iPhones, Apple Watches and Macs, shouldn't be cause for panic. Yes, this newest Pegasus spyware delivery mechanism is novel, invasive and can easily infect billions of Apple devices, but stay calm and simply get control of your device and download the software updates available from Apple. Do that and move on. Follow Apple's instructions if you think you are infected and consult your IT department at work, school, etc. Failing that, Apple’s Genius Bar will be able to help. With nearly 2 billion iPhones active around the world, 100 million Apple Watches being used and more than 100 million Macs, security can’t be a luxury for Apple and it’s not, it’s a responsibility they take seriously.”

Jesse Rothstein, CTO and co-founder of ExtraHop, added: “We all carry highly sophisticated personal devices which have profound implications to personal privacy. There are many examples of this such as app data collection — which Apple recently moved to curb with its App Tracking Transparency framework.

“Any sufficiently sophisticated system has security vulnerabilities that can be exploited, and mobile phones are no exception.

“Pegasus is an example of how unknown vulnerabilities can be exploited to access highly sensitive personal information. The NSO group is an example of how governments can essentially outsource or purchase weaponized cyber capabilities. This is no different than arms dealing in my view — it’s just not regulated that way. Companies are always going to have to patch their vulnerabilities, but regulations will help prevent some of these cyber weapons from being misused or falling into the wrong hands.”

Categories: Cyber Risk News

Texas GOP Website Down After Anonymous Hack

Info Security - Tue, 09/14/2021 - 10:18
Texas GOP Website Down After Anonymous Hack

The website of the Texas Republican Party appeared to be hacked over the weekend and remained largely offline on Monday.

TexasGOP.org showed several crude messages on Saturday — the 20th anniversary of the September 11 terrorist attacks — ridiculing the state’s Republican Party and attacking Texas’ new ‘Heartbeat Act.’

Individuals affiliated with the Anonymous movement appear to be the perpetrators. Hackers replaced website pages with images of Pokémon, links were added directing users to the YourAnonNews Twitter account and pop artist Rick Astley’s viral meme hit Never Gonna Give You Up was added. 

However, the Texas Republican Party have seemingly regained partial control of the site on Monday. Yet, none of its typical content was accessible, and all URLs redirected users to a splash page, which outlined the attack and requested donations. 

The hack was likely influenced by the state’s controversial new abortion ban, prohibiting the practice after six weeks of the pregnancy and effectively halting abortions in some regions of the state altogether.

“We are committed to taking away all the rights of women so we can live our prosperous, Bible-thumping dream,” the Texas GOP’s mission statement was altered to say by the hackers. 

The hackers included a warning at the bottom of the website: “Disclaimer: Hackers on Steroids are 10 times more effective at romance than 100% of Republicans. Trans demon hackers are coming to get you. Abortion is a choice.”

Hackers also added a link to Planned Parenthood of Texas. 

The state’s new law has seen no lawsuits be filed since coming into effect on September 1. Pro-choice campaigners have been hoping that an emergency plea for relief at the Supreme Court would stop the law going ahead, but the court’s conservative majority declined to do so.

“While the nation paused over the weekend in remembrance of the 20th anniversary of 9/11 the Republican Party of Texas website was hacked,” read the website on Monday. “Pro-abortion activists targeted us because of our strong support for the Heartbeat Act. This attack adds to a growing list of actions by the radical left who tries to silence anyone that disagrees with them.” it added.

“We have been able to secure our website, but make no mistake, threats and attacks like this only strengthen our resolve.”

Categories: Cyber Risk News

Mustang Panda Compromises Indonesian Intelligence Agency

Info Security - Mon, 09/13/2021 - 19:50
Mustang Panda Compromises Indonesian Intelligence Agency

A China-based cyber-espionage threat actor has reportedly compromised the internal networks of at least ten Indonesian government ministries and agencies.

The intrusion – believed to be the work of Mustang Panda – was first reported by The Record and is thought to have impacted the Badan Intelijen Negara (BIN), Indonesia’s main intelligence service.

The cyber-espionage campaign was uncovered in April 2021 by Insikt Group, a division of Recorded Future that is dedicated to researching threats. 

Insikt researchers raised the alarm after finding PlugX malware command and control (C&C) servers communicating with hosts located inside the Indonesian government’s networks. 

Researchers concluded that the communications, which appear to date back to at least March of this year, are the work of Mustang Panda, who they believe is in control of the malicious servers. 

The Indonesian authorities were reportedly notified of the security incident by the Insikt Group in June and again in July. However, Insikt researchers told The Record last month that the malware servers they believe belong to Mustang Panda are still communicating with hosts inside Indonesian government networks. 

Commenting on this, Sam Curry, chief security officer at Cybereason, said: "The reported breach of Indonesia’s intelligence agency by Chinese hackers is troubling, and there is no sense in sugarcoating the significance of the potential loss of sensitive data. 

“Whether or not this attack is state-sponsored isn’t known, but at the very least more and more ransomware attacks are state-ignored.”

Curry said that the public and private sectors need to do more to prevent cyber-attacks and make life difficult for attackers who get past digital defenses. 

“Sure, the threat actors will get in, but so what? We can make that mean nothing,” said Curry. “We can slow them down, we can limit what they see and we can ensure fast detection and ejection. We can – in short – make material breaches a thing of the past.”

Categories: Cyber Risk News

US Locks Up Key Player in Nigerian Romance Scam

Info Security - Mon, 09/13/2021 - 18:41
US Locks Up Key Player in Nigerian Romance Scam

An Oklahoma man has been sent to prison for his role in an online romance scam that defrauded victims across the United States out of at least $2.5m. 

Norman resident Afeez Olajide Adebara was handed a custodial sentence on Friday after pleading guilty on November 3, 2020, to conspiracy to commit money laundering. 

According to court documents, 36-year-old Adebara acted as the manager of a group of money launderers involved in the scam. 

Between 2017 and November 2019, Adebara and his co-conspirators used fake passports and other fraudulent identification paperwork to open multiple bank accounts under various aliases. 

Adebara and his co-conspirators then knowingly concealed the proceeds of the fraudulent scheme and their sources by transferring the funds between and among those accounts. 

“Thereafter, Adebara took further steps to conceal the source of the funds, took a commission for himself, and directed the remainder of the funds back to the online romance scammers in Nigeria, including in the form of vehicles and vehicle parts,” said the Department of Justice in a statement released on September 10.

Under the scam, Adebara worked closely with co-conspirators based overseas who created fake dating profiles and social media accounts that were used to lure and defraud victims. 

The co-conspirators posed as US residents working or traveling abroad and tricked victims into believing that they had found love online. After manipulating a victim into thinking that they were in a romantic relationship, a scammer would ask for increasingly large sums of money.

Victims – many of whom were elderly – would wire the money to the scammer’s bank account in the belief that they were helping their significant other to complete a business project or to return to the United States. 

Account details and routing numbers of the bank accounts into which the fraudulently obtained funds were wired were provided by Adebara to his co-conspirators.  

On September 10, in the Northern District of Oklahoma, Adebara was sentenced to four years in prison. Previously, six individuals, some of whom are American citizens and others of whom are Nigerian citizens, received custodial sentences for their involvement in the same romance scam. 

Categories: Cyber Risk News

CISA Announces New Chief of Staff

Info Security - Mon, 09/13/2021 - 17:41
CISA Announces New Chief of Staff

The United States Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. 

In her new role, cybersecurity veteran Todt will be tasked with allocating resources, planning, and supporting CISA’s goals through the creation of long-term objectives. 

CISA director Jen Easterly, in an announcement earlier today, described Todt as “extraordinarily well-qualified for this critical role.”

Easterly added: “I am particularly excited to be able to draw upon Kiersten’s leadership ability and her deep partnerships with industry, to include the small business community – a key element of our nation’s economy.”

Todt is the managing director of the Cyber Readiness Institute (CRI), a non-profit initiative that she co-founded in July 2017. Previously, Todt served as executive director for the Presidential Commission on Enhancing National Cybersecurity under President Barack Obama. 

CRI’s mission is to bring together the expertise of senior executive leaders at global companies to develop free resources to improve the cyber-readiness of small and medium-sized enterprises (SMEs) so as to secure global value chains.

With Todt at the helm, the CRI’s membership has grown to include Apple, Microsoft, ExxonMobil, General Motors, MasterCard, PSP Partners, Principal Financial Group, and the Center for Global Enterprise. 

The search for a new managing director to lead the CRI is being undertaken by the president of the Center for Global Enterprise, Chris Caine. 

In a statement released today, the CRI said: “Under Todt’s leadership, CRI has focused on the central role of human behavior in cybersecurity and developing practical resources organizations can use to create a culture of cyber-readiness.”

In its first four years of existence, the CRI’s Champion Network has expanded to include almost 90 organizations representing more than two million SMEs around the globe. 

“We are grateful for Kiersten’s leadership. Her stewardship enabled CRI to go from an idea to a global organization that will forever leave an imprint by making cybersecurity part of the cultural DNA of every small business,” said Sam Palmisano, co-chair of CRI and chairman of the Center for Global Enterprise. 

“We look forward to continuing the great work that Kiersten began four years ago.”

Categories: Cyber Risk News

WhatsApp to Roll Out Encrypted Backups

Info Security - Mon, 09/13/2021 - 10:06
WhatsApp to Roll Out Encrypted Backups

Messaging giant WhatsApp is set to roll out end-to-end encrypted (E2EE) backups later this year, in what privacy campaigners claim to be another win for user privacy and security.

The Facebook-owned company said it had designed an entirely new system for encryption key storage to support the new service.

“With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys,” explained WhatsApp’s Slavik Krassovsky and Gabriel Cadden.

“When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.”

In order to mitigate the risk of brute force attacks, keys will be rendered permanently inaccessible after a limited number of failed attempts. The firm pointed out that while it will know that a key exists in the HSM, it will not know the key itself — maximizing security.

Transmission of keys to backups and to and from WhatsApp servers will be done via a protocol implemented by WhatsApp’s front-end ChatD service. However, the service will not access the encrypted messages exchanged between a client and HSM-based Backup Key Vault.

Once encrypted, backups can also be stored to iCloud, Google Drive or other off-device locations.

WhatsApp said that, in order to ensure a stable and reliable service, the HSM-based Backup Key Vault would be geographically distributed across multiple data centers.

The move sees the Facebook-owned company offer very different user security and privacy features than Apple, which has sought to differentiate itself on its privacy credentials in recent years.

Apples received backlash when it announced, and then paused, plans to scan users’ iPhones for child abuse material. Apple offers end-to-end encrypted messages via iMessage, but retains the keys for backups, meaning it could hand them over to law enforcers if compelled.

More technical info on the WhatsApp service can be found here.

Categories: Cyber Risk News

A Third of Industrial Control Systems Attacked in H1 2021

Info Security - Mon, 09/13/2021 - 09:09
A Third of Industrial Control Systems Attacked in H1 2021

Around one in three industrial control systems (ICS) were targeted by malicious activity in the first half of 2021, with spyware a growing threat, according to new data from Kaspersky.

The Russian security vendor claimed its solutions blocked over 20,000 malware variants from more than 5000 families during the period.

Of the 33.8% of ICS machines targeted in H1 2021, internet-based threats dominated (18.2%), followed by those delivered via removable media (5.2%) and malicious email attachments (3%).

Deny-listed internet resources were blocked on 14% of computers. These typically host malicious scripts that redirect users to sites spreading malware or cryptocurrency malware, said Kaspersky. Next came malicious scripts and redirects (8.8%), followed by spyware — including backdoors, Trojans and keyloggers (7.4%) — and ransomware (0.4%).

ICS systems covered by the report included Supervisory Control and Data Acquisition (SCADA) servers, data storage servers, data gateways, human-machine interfaces (HMIs), mobile and stationary workstations, and computers used for industrial network administration.

Although the total number attacked increased just 0.4% from the final six months of 2020, the overall trend in recent years has been of surging threats to industrial systems, as IT and OT technologies increasingly converge.

In practice, this means that legacy, often unpatched or unsecured systems are exposed to the public-facing internet, inviting remote attacks.

According to recent research, the number of ICS vulnerabilities reported in the first half of 2021 surged 41%, with most (71%) classified as high severity or critical.

“Industrial organizations always attract attention from both cyber-criminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyber-espionage and malicious credential stealing campaigns,” explained Kaspersky security expert, Evgeny Goncharov.

“Their success has most likely been the main factor raising the ransomware threat to such a high degree. And I see no reason why some of the APT groups won’t benefit from these credential stealing campaigns as well.” 

Categories: Cyber Risk News

UK Man Gets Five Years for Online Abuse Campaign

Info Security - Mon, 09/13/2021 - 09:01
UK Man Gets Five Years for Online Abuse Campaign

A Nottingham man has been sentenced to more than five years behind bars after blackmailing and harassing several women, according to the National Crime Agency (NCA).

The UK’s law enforcement agency for serious and organized crime. revealed that Shaquille Williams, 26, was jailed for five years and three months late last week at Nottingham Crown Court, 

He was found guilty of one count of blackmail related to one victim, three counts of harassing three women and putting them in fear of violence, and two counts of sending grossly offensive messages to two other women.

The NCA said that graphic designer Williams threatened to send intimate private photos of one woman to her family and friends unless she sent him more images.

Williams — of Hartness Road, Clifton, Nottingham — reportedly used various social media accounts to threaten several women, sending them pictures of acid attack victims. In one case, he sent a victim messages that featured the name of her hometown, a picture of hydrochloric acid and the name of the road she lived on, according to the NCA.

Williams had previously viewed footage of women posted online by Abdul Hasib Elahi, 26, who the NCA describes as “one of the worst online sexual offenders” it has ever investigated.

Elahi, of Sparkhill, Birmingham, apparently masqueraded as a rich businessman on “sugar daddy websites” and then tricked victims into sending him sexual images. According to the NCA, once in his possession, he’d use these images to blackmail the victims into videoing degrading acts of themselves.

NCA senior investigating officer, Andy Peach, was quick to link the two offenders.

“Williams inflicted extreme terror on these victims — they have been exceptionally brave in coming forward to ensure he faced justice and went to jail. Williams is a coward and a twisted, callous, sexual deviant,” he said in a statement.

“Some of his crimes were made possible because of Abdul Elahi, whose sadistic depravity and scale of offending horrified the investigative team. There are a series of other inquiries into Elahi’s associates.”

Categories: Cyber Risk News

University Hacker Sent to Prison

Info Security - Fri, 09/10/2021 - 19:51
University Hacker Sent to Prison

A student who hacked into a British university’s computer network and made thousands of dollars by selling the answers to exams has been sentenced to prison.

Hayder Aljayyash, who is 29 and was born in Iraq, was welcomed into the UK as an asylum seeker. Between November 2017 and May 2019, Aljayyash illegally accessed the computer system of the University of South Wales where he had been studying for a master’s degree in embedded system design. 

Cardiff Crown Court heard that Aljayyash had used “very sophisticated” cyber-criminal techniques to hide his digital intrusion for 18 months. 

Suspicions that a data breach had occurred at the university were aroused when mathematics lecturer Liam Harris discovered a number of students had answered exam questions with identical answers. Five of the students even gave answers that contained the same typing mistakes included in the original working papers. 

To ascertain the extent of the data breach, the university processed approximately 140 million login records. Their investigation led them to an IP address linked to a residence in Treforest where Aljayyash was living with 30-year-old housemate and fellow student Noureldien Ektarki. 

Libyan national Ektarki pleaded guilty to helping Aljayyash sell the unlawfully obtained exam answers to students.

Aljayyash was arrested by police on May 30, 2019. Prosecuting barrister Jim Davis said that a search of Aljayyash’s USB sticks and laptop revealed “numerous files which matched those downloaded as part of the university breach.”

It was determined that Aljayyash had acquired the login details of university staff using a key logging device, and had used them to access the network almost 700 times. 

Aljayyash downloaded 216 files from the university, including exam papers, marking, reports, and coursework. By selling copies of the illegally obtained documents, Aljayyash made approximately $27K.

Investigating the incident, finding the culprit, and implementing new cybersecurity measures cost the university around $138K. 

Aljayyash pleaded guilty to two counts of committing an act to impair reliability of data in a computer and three counts of obtaining articles by unauthorized access to computers. He was sentenced to 20 months in prison. 

Ektarki was given a nine-month suspended sentence and ordered to complete 200 hours of unpaid work after pleading guilty to money laundering and transferring criminal property. 

Categories: Cyber Risk News

Poland Extradites Alleged Botnet Operator to US

Info Security - Fri, 09/10/2021 - 18:40
Poland Extradites Alleged Botnet Operator to US

A Ukrainian accused of decrypting the credentials of thousands of computers across the globe and selling them on the dark web has been extradited to the United States.

US authorities indicted Glib Oleksandr Ivanov-Tolpintsev in October 2020 in connection with charges of conspiracy, trafficking in unauthorized access devices, and trafficking in computer passwords. 

Polish authorities arrested 28-year-old Ivanov-Tolpintsev on October 3, 2020. The defendant, who is from Chernivtsi, Ukraine, was recently extradited to the US, where he was presented before US magistrate Julie S. Sneed on September 7, 2021.

According to the indictment, from as early as May 2016, Ivanov-Tolpintsev used a botnet and brute-forcing malware to compromise and unlawfully obtain the login credentials of computers all over the world. 

It is alleged that in or around January 2017 he created an account on a dark website called The Marketplace and listed the login credentials of compromised computers for sale. Ivanov-Tolpintsev is further accused of selling the credentials and using the funds generated by their sale for his own personal enrichment. 

“Once sold on this website, credentials were used to facilitate a wide range of illegal activity, including tax fraud and ransomware attacks,” said the Department of Justice. 

The botnet allegedly deployed by Ivanov-Tolpintsev was capable of decrypting the login credentials of at least 2,000 computers each week, according to the indictment.

By April 2017, the Ukrainian had allegedly amassed the login credentials of 20,000 compromised computers. 

Among the alleged victims of Ivanov-Tolpintsev whose decrypted login credentials were purchased on the dark web were individuals located in Florida, Maryland, California, and Colorado. 

According to the indictment, the United States intends to forfeit $82,648, which it alleges can be traced to proceeds of the offenses, from Ivanov-Tolpintsev.

If convicted of all the charges laid against him, Ivanov-Tolpintsev could be sentenced to up to 17 years in federal prison. 

The investigation into the Ukrainian and his alleged illegal botnet activities was led by the Tampa Division of the Federal Bureau of Investigation, the Internal Revenue Service - Criminal Investigation’s Tampa Field Office, and Homeland Security Investigations - Tampa Division. 

Categories: Cyber Risk News

Colorado County Clerk Charged with Cybercrime

Info Security - Fri, 09/10/2021 - 17:25
Colorado County Clerk Charged with Cybercrime

Formal charges have been filed against a deputy county clerk from Colorado who allegedly entered a county building and used her boss’s computer after being placed on paid leave. 

Belinda Gail Knisley, who works for Mesa County, was placed on administrative leave by the county’s director of human resources on August 23. 

According to an affidavit, the county suspended Knisley after receiving numerous complaints from multiple sources that she had “engaged in inappropriate, unprofessional conduct in the workplace.”

Mesa County’s IT team disabled Knisley’s access to Mesa County computers, networks, and servers on the same day that she was placed on leave. 

Two days later, Knisley was found inside a secure area in the county DMV office, allegedly attempting to print documents from a work computer belonging to Mesa County clerk and recorder, Tina Peters.

County officials were alerted to Knisley’s presence when several print-request emails were sent to Mesa County’s IT department from an email address belonging to Peters. 

“Items were sent to the print server, but were not ultimately printed,” states the affidavit. 

“What those items were was not immediately clear and remains under investigation.”

A search warrant executed for Peters’ Mesa County work notebook computer appeared to show that Knisley had used Peters’ workstation to access the secure Mesa County computer network.

The affidavit alleges that Knisley gained access by using Peters’ password and her yubikey – a physical dongle that is plugged into a computer assigned to a unique user to validate their credentials. 

The 66-year-old suspended deputy clerk turned herself in to authorities on September 1 after a warrant was issued for her arrest. 

Knisley has been charged with second-degree burglary of a building, a class 4 felony, and cybercrime – unauthorized access, a class 2 misdemeanor.

On Thursday, the 21st Judicial District Attorney’s Office stated that the charges levied against the deputy county clerk are not part of an ongoing probe by its office and the Federal Bureau of Investigation into possible election security breaches concerning voting equipment belonging to Mesa County. 

Categories: Cyber Risk News

Menlo Appoints Devin Ertel as CISO

Info Security - Fri, 09/10/2021 - 10:45
Menlo Appoints Devin Ertel as CISO

Cloud security company Menlo Security has appointed Devin Ertel as its Chief Information Security Officer (CISO).

Ertel takes up the post following nearly 20 years of experience as an information security professional. Most recently, he was CISO at FinTech firm BlackHawk Network, where he managed a global team responsible for security, risk and compliance.

Prior to this role, he was head of security IT at SaaS company Guidebook, where he built and oversaw its security program. Other experiences include directly tackling high-profile breaches at Mandiant and the US Federal Reserve.

Ertel is also a respected thought leader in cybersecurity, regularly speaking at industry events and advising early-stage companies on their security strategy.

At Menlo, he is responsible for providing cybersecurity direction and insights both internally and for customers. He will also oversee the company’s efforts to reduce its risk and security exposure globally.

Devin Ertel takes up the post following nearly 20 years of experience as an information security professional

Commenting on his appointment, Ertel said: “Organizations are often under the impression that productivity or user experience must be sacrificed to achieve security, and that is simply not true anymore.

“I’m eager to build a security program that not only addresses industry challenges but also enables our customers to do the same for their respective businesses. Menlo Security provides a unique, differentiated approach to securing work for the modern business, and I’m excited to be a part of the journey.”

Poornima DeBolle, co-founder and CPO at Menlo, said: “Our leadership team is made up of unrelenting cybersecurity professionals and Devin is no exception. He brings the perfect blend of hands-on experience as a security practitioner with a proven track record of building and scaling successful security programs.

“As a security company that aims to secure work for everyone, we’re thrilled to have Devin on board to enhance our own security program as Menlo Security’s CISO.”

Categories: Cyber Risk News

Personal Information of Nearly 80,000 MyRepublic Customers Accessed After Breach

Info Security - Fri, 09/10/2021 - 10:20
Personal Information of Nearly 80,000 MyRepublic Customers Accessed After Breach

The personal data of approximately 80,000 MyRepublic mobile subscribers was accessed without authorization last month.

The Singaporean communications services provider released a statement on Friday (September 10) claiming that the breach took place on August 29 via a third-party data storage platform used to store customer data.

The unauthorized access reportedly affected 79,388 mobile subscribers based in Singapore. The customer data contained personal information, including scanned copies of NRICs, proof of residential address documents and names and mobile numbers. 

MyRepublic added that there is no reason to believe other sensitive data, such as payment information, was breached. The communications service provider has since secured and contained the incident. 

The telco stressed that the unauthorized access had no operational impact on its services. Nevertheless, it has informed the Infocomm Media Development Authority and the Personal Data Protection Commission of the incident. 

MyRepublic also activated its cyber incident response team, comprising a group of external expert advisors to work closely with its internal IT and Network teams. 

“We are disappointed with what has happened, and I would like to personally apologize for any inconvenience caused,” said MyRepublic chief executive officer Malcolm Rodrigues.

MyRepublic said that it would give all affected customers a complimentary credit monitoring service through Credit Bureau Singapore (CBS), which will monitor their credit report and notify them when any suspicious activity occurs. 

Rodrigues added: “We are reviewing all our systems and processes, both internal and external, to ensure an incident like this does not occur again.” 

Categories: Cyber Risk News

UK to Revamp ICO as Part of Data Rules Reform

Info Security - Fri, 09/10/2021 - 09:21
UK to Revamp ICO as Part of Data Rules Reform

The UK government has unveiled plans to “overhaul” the Information Commissioner’s Office (ICO) as it launched a consultation designed to reform the nation’s data sector.

The Department for Digital, Culture, Media and Sport (DCMS) said it wants to revamp the structure of the ICO, the independent body responsible for upholding information rights in the UK. This includes creating an independent board and chief executive to mirror other regulatory authorities, such as the Competition and Markets Authority (CMA) and Ofcom.

The government also plans to expand the ICO’s remit and enable the Information Commissioner to champion examples of innovative and responsible data use, particularly in critical sectors such as healthcare.

The proposed changes have come shortly after the government announced its preferred candidate to be the new Information Commissioner, John Edwards, who is currently the New Zealand Privacy Commissioner. In the same release, it outlined its ambition to reform the UK’s data laws to unlock the full potential of data throughout the economy.  

The reforms outlined in the new consultation build on this pledge, aiming to “remove unnecessary barriers to responsible data use.” This is particularly to facilitate innovation in sectors such as healthcare, science and emerging technologies like AI. The DCMS pointed out that the use of AI and machine learning will increase significantly in the coming years and believes greater flexibility in the UK’s data rules is required to ensure the risk of bias in these algorithmic systems can be better understood and mitigated.

The government also signaled its intention to move away from a “one-size-fits-all” approach to data and allow organizations to “demonstrate compliance in ways more appropriate to their circumstances.”

Additionally, new obligations could be placed upon organizations to protect personal data and individual privacy. This includes proposals to impose tougher penalties and fines for nuisance calls and text messages.

Digital Secretary Oliver Dowden commented: “Data is one of the most important resources in the world, and we want our laws to be based on common sense, not box-ticking.

“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.

“These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.”

Bojana Bellamy, president of Centre for Information Policy Leadership (CIPL), said: “The UK government’s plan to reform data protection regime is bold and much needed in the modern digital and data-driven age. It could be a win-win for all — organizations, individuals and society.

“It enables organizations to leverage data responsibly, for economic and societal benefits, and to build their brand as trusted data stewards. It gives individuals assurances and more effective protection from genuine harms.

“Accountability, risk and outcome-based approach will be welcomed by all — these are the founding blocks of modern regulation and a modern regulator. I hope other countries follow the UK’s lead.”

Recently, Infosecurity interviewed Bojana Bellamy about potential changes to the UK’s data laws, including GDPR, post-Brexit.

Categories: Cyber Risk News

Prison for BEC Scheme Money Launderer

Info Security - Thu, 09/09/2021 - 19:50
Prison for BEC Scheme Money Launderer

An Ontario resident, who admitted laundering tens of millions of dollars stolen by cyber-criminals in various wire and bank fraud schemes, is to spend the next 140 months in a United States federal prison.

Dual Canadian and United States citizen Ghaleb Alaumary, formerly of Mississauga, was sentenced yesterday after pleading guilty to two counts of conspiracy to commit money laundering.

He was further ordered to pay $30m in restitution to his victims and to serve three years of supervised release after completing his custodial sentence.

The 37-year-old was found to have acted as a money launderer in multiple criminal schemes, including business email compromise (BEC) scams and cyber-enabled bank heists perpetrated by North Korean hackers.

The Department of Justice said in a statement: “With respect to the North Korean co-conspirators’ activities, Alaumary organized crews of co-conspirators in the United States and Canada to launder millions of dollars obtained through ATM cash-out operations, including from BankIslami and a bank in India in 2018.”

Alaumary also conspired with others, including Ramon Olorunwa Abbas, also known as Ray Hushpuppi, to launder funds stolen from a Maltese bank by North Korean cyber-criminals in February 2019.

In one of the money-laundering cases, Alaumary recruited and organized individuals to withdraw stolen cash from ATMs. He also provided the bank accounts into which the funds from cyber bank heists and fraud schemes were deposited. 

Alaumary then further laundered the stolen money through wire transfers, cash withdrawals, and by exchanging the funds for crypto-currency.

In the second case, Alaumary conspired with others in 2017 to impersonate a construction company and request payment from a university in Canada for a major building project. 

“The university, believing it was paying the construction company, wired 11.8 million Canadian dollars (approximately 9.4 million U.S. dollars) to a bank account controlled by Alaumary and his co-conspirators,” said the Department of Justice. 

Acting US Attorney David Estes said Alaumary “laundered money for a rogue nation and some of the world’s worst cyber-criminals, and he managed a team of co-conspirators who helped to line the pockets and digital wallets of thieves.”

Categories: Cyber Risk News

Cyber-criminal Targets Dadsnet Founders

Info Security - Thu, 09/09/2021 - 18:50
Cyber-criminal Targets Dadsnet Founders

A hacker who calls themself “The King” is demanding more than $40,000 to return control of a social media account to its rightful owners. 

The access being held to ransom relates to an Instagram account belonging to 33-year-old Al Ferguson and his 43-year-old wife, Jen, who together founded a parenting forum geared toward fathers, Dadsnet. 

For more than seven years, the entrepreneurial British couple have shared personal details of their lives with tens of thousands of their followers on Instagram. But the pair recently found themselves locked out of their account.

Jen told the Daily Star that a hacker compromised their account and changed the handle. The attacker sent a message via WhatsApp demanding that she and Al pay £1 per follower to regain control over their account.

The couple, who live in Tunbridge Wells, Kent, have 30,000 followers on their Instagram account, making the ransom demand more than $41,500. 

On August 29, via WhatsApp, Jen received a screenshot of the Instagram account that showed that the handle had been switched from @it’sTheFergusons to @PharaBenDarWay30K. 

The family photo that had been in place as the profile picture had been swapped to an image of a bloodied face. In place of the couple’s profile description, the attacker had written, “This Instagram account is held to be sold back to its owner.”

Jen and Al tried but failed to regain control of the Instagram account. On Tuesday, 36 hours after the hacker made contact, the account was deleted. 

The couple said that some of the 5,000 photos they had shared via the account have now been lost forever. Gone too are the captions capturing the family’s highs and lows, which have included seven miscarriages. 

Al said: “We’re devastated. All our emotions and memories from the last seven years were in that account.”

The cybercrime has also had a financial impact on the couple, who used to receive income from the account via adverts and sponsorship.

“It feels like someone has come in and stolen all our diaries,” said Jen. “They’ve taken our jobs too, but the emotional side is much, much worse.”

Categories: Cyber Risk News