Feed aggregator

54% of Senior Executives Struggling to Keep up with Threat Landscape

Info Security - Mon, 06/14/2021 - 12:41
54% of Senior Executives Struggling to Keep up with Threat Landscape

According to a new report by Fujitsu, more than half (54%) of senior executives have struggled to adapt security policies to changes in the threat landscape and working practices.

The survey, which Fujitsu carried out in September 2020, provides further evidence that many organizations are at higher risk of cyber-attacks due to the shift to remote working during COVID-19, with cyber-criminals taking advantage of the rising number of connections and devices to target corporate systems.

The findings also indicated that current cybersecurity training techniques are not suited to the current situation. Close to two-thirds (61%) of employees surveyed said they believe their security training is ineffective, while around three-quarters (74%) of non-technical staff do not find it engaging enough. Additionally, 32% thought their company’s training courses were too long, and 35% said it was too boring or technical.

These feelings may be partly explained by many organizations having a standardized approach to cybersecurity training: 60% of senior executives surveyed for the study admitted that all employees in their business receive the same type of training irrespective of the type of function they perform.

Senior executives also recognized a degree of apathy among their employees when it comes to cybersecurity, with 45% stating that most people in their organization believe this has nothing to do with them.

In response to these issues, encouragingly, over two-thirds (68%) of senior executives stated they recognize that training is most effective when it involves games, rewards or quizzes.

Commenting on the findings, Mike Smit, head of enterprise & cyber security at Fujitsu UK & Ireland, said: “Thanks to the pandemic forcing organizations to move to remote or hybrid working, a number of weak points have been exposed when it comes to cybersecurity and employees are one target that has come under increasing fire from cyber-criminals. 

"Business leaders must understand that having a robust and effective cybersecurity approach relies on more than just IT and technical defenses, it also requires a ‘human firewall’ of trained, vigilant employees.

“In our new hybrid-working world, it is critical that organizations invest in a strategy where all employees receive tailored training that addresses the threats they encounter in their specific roles. This means cybersecurity teams have to get closer to the business areas to understand their specific challenges. Putting the right training in place to ensure your employees are aware of the risks will make a significant difference to an organizations’ overall security posture. And, ultimately, it will build a sense of collective responsibility where every employee is engaged in the security process.”

Categories: Cyber Risk News

Government Wants Startups to Build a More Secure Nation

Info Security - Mon, 06/14/2021 - 09:30
Government Wants Startups to Build a More Secure Nation

The government has issued a call-to-arms to the UK’s burgeoning cybersecurity startups to help it defend the country from malicious online activity.

GCHQ’s National Cyber Security Centre (NCSC) used the Cheltenham Science Festival on Friday to launch NCSC for Startups.

The new program will invite applications from UK startups to develop products designed to defend critical areas of the economy and society.

It’s the successor to the NCSC Cyber Accelerator, a program that reportedly helped over 40 tech companies raise over £100m in external investments.

However, where it differs is that, whereas the accelerator required startups to participate in 10-week programs at set points of the year, NCSC for Startups will see continuous onboarding of successful applicants over the coming 12 months.

The idea is to drive more opportunities for these companies in the process.

Those chosen to participate will receive support from NCSC and GCHQ experts and NCSC partner Plexal, which is described as an “innovation center” with its own industry partners across the UK’s cybersecurity ecosystem.

Participating startups will be eligible to apply for funding, although there were no further details on how much.

“We want to work with the UK’s thriving cybersecurity industry to explore new ideas that will make the UK the safest place to live and work online,” said NCSC deputy director for cyber growth, Chris Ensor.

“NCSC for Startups offers the potential for even greater collaboration than ever before, and I would encourage startups to come forward and help us in our mission.”

The industry appeared to get a welcome boost from the pandemic last year, as demand for security services surged due to the mass switch to remote working.

According to one report, funding for UK cyber startups surged 940% in the first few months of the pandemic. That amounted to £496 million raised by investors in the first half of 2020, almost as much as the total figure for 2019 (£521 million).

Categories: Cyber Risk News

G7 Turns Up the Heat on Putin Over Ransomware Attacks

Info Security - Mon, 06/14/2021 - 08:54
G7 Turns Up the Heat on Putin Over Ransomware Attacks

G7 leaders confirmed their commitment to urgently tackling ransomware on Sunday, as a senior British security chief will warn today that cyber-criminals represent a more significant threat than state-sponsored espionage.

The Carbis Bay communique, published after a three-day summit of world leaders in Cornwall, singled Russia out by name — urging Vladimir Putin to “identify, disrupt and hold to account” cyber-criminals operating from the country.

“We commit to work together to urgently address the escalating shared threat from criminal ransomware networks,” it added. “We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions.”

Lindy Cameron, CEO of GCHQ offshoot the National Cyber Security Centre (NCSC), will reportedly tell an audience today that Britain’s failure to tackle ransomware is “far more worrying” than the “malicious strategic threat” of state-backed online espionage.

She will reportedly add that, in a dangerous development, the ransomware-as-a-service (RaaS) model has democratized the ability to launch attacks and that such raids are “often enabled and facilitated by states acting with impunity.”

Hostile states such as Russia are long thought to have tolerated cybercrime groups operating from within their borders, as long as attacks are targeted at organizations in rival nations.

However, with recent attacks on key fuel and food supply chains in the US, the scrutiny of world leaders has been turned towards such policies.

Despite the rhetoric, the lines between financially motivated cybercrime and nation-state activity are, in fact, increasingly blurring.

An HP report from April claimed that governments now routinely buy exploits and hacking tools from the cybercrime underground and often recruit criminal operators to help with specific stages of threat campaigns.

Categories: Cyber Risk News

Global Police Close Record Number of Fake Pharma Sites

Info Security - Mon, 06/14/2021 - 08:25
Global Police Close Record Number of Fake Pharma Sites

A global policing operation has led to the closure of over 110,000 websites and online marketplaces selling fake pharmaceuticals, according to the international organization Interpol.

The organization said that Operation Pangea XIV involved law enforcement, customs and regulatory officers from 92 countries.

As well as the removal of 113,020 fake sites — the largest number since the long-running operation began in 2008 — counterfeit medicines and COVID-19 testing kits were seized after raids and checks on suspicious packages.

In the UK, for example, the authorities shut down 43 websites and removed 3100 ad links and seized three million fake medicines and devices worth over $13 million.

Many drugs were hidden amidst other items such as clothing, jewellery, baby toys and food.

In Qatar, officials apparently discovered 2,805 painkillers secreted inside tins of baked beans.

During the week of action, May 18-25, fake and unlicensed COVID-19 kits accounted for over half of all medical devices obtained by police. Some 277 arrests were also made worldwide, and potentially dangerous pharmaceuticals worth more than $23 million were seized, Interpol said.

In Italy, the authorities recovered over 500,000 fake surgical masks and 35 industrial machines used for production and packaging — illustrating the scale of many underground operations.

In total, global police took nine million devices — including syringes, catheters, masks and testing kits — and pharmaceuticals, including painkillers, steroids and anti-cancer drugs.

Interpol secretary-general, Jürgen Stock, warned that fake pharmaceuticals and testing kits are putting public health at risk at a dangerous time.

“As the pandemic forced more people to move their lives online, criminals were quick to target these new ‘customers’,” he added.

“Whilst some individuals were knowingly buying illicit medicines, many thousands of victims were unwittingly putting their health and potentially their lives at risk.”

In March last year, a previous iteration of Operation Pangea led to the seizure of $14 million worth of fake goods.

Categories: Cyber Risk News

COO Charged in Georgia Hospital Cyber-attack

Info Security - Fri, 06/11/2021 - 18:55
COO Charged in Georgia Hospital Cyber-attack

The chief operating officer of an IoT security company has been indicted by a federal grand jury over a cyber-attack carried out on a hospital in Georgia. 

Vikas Singla, of Marietta, Georgia, was arraigned on Thursday for his alleged role in the 2018 attack on Gwinnett Medical Center that exposed patients' personal data. 

The center, which is now known as Northside Hospital, was a not-for-profit health care network that provided health care services at two hospitals located in Georgia; one was in Duluth and the other in Lawrenceville. 

Singla was the COO and co-founder of Atlanta-based startup Securolytics, which served the health care industry with a cloud-based threat detection and analytics platform that was purpose-built for IoT.

According to the indictment, 45-year-old Singla took part in an attack that disrupted Gwinnett's phone service and network printer service. He is further accused of obtaining information from a digitizing device. 

Prosecutors said that the attack allegedly perpetrated by the Marietta resident was motivated in part by financial gain. 

“This cyber-attack on a hospital not only could have had disastrous consequences, but patients' personal information was also compromised,” said Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office. 

“The FBI and our law enforcement partners are determined to hold accountable those who allegedly put people’s health and safety at risk while driven by greed.”

It is alleged that on or about September 27, 2018, Singla, "aided and abetted by others unknown to the grand jury," attacked one or more computers used by Gwinnett Medical Center that operated the Ascom phone system of the Duluth hospital. 

Singla is further accused of attacking one or more computers used by the Duluth and Lawrenceville hospitals that operated 17 different Lexmark printers. 

He is further accused of accessing without authorization a Hologic R2 Digitizer used by the Center in the Lawrenceville hospital.

Singla is charged with 17 counts of intentional damage to a protected computer and one count of obtaining information by computer from a protected computer.

The Department of Justice said that the attack on Gwinnett Medical Center is still being investigated by the FBI. 

Categories: Cyber Risk News

US Launches National AI Task Force

Info Security - Fri, 06/11/2021 - 18:45
US Launches National AI Task Force

The Biden administration has launched a new national artificial intelligence task force to make more government data available to AI researchers.

News of the National Artificial Intelligence (AI) Research Resource Task Force was announced on Thursday by the White House Office of Science and Technology Policy (OSTP) and the National Science Foundation (NSF).

A key role of the task force will be to serve as a federal advisory committee, assisting the creation and implementation of a blueprint for the National AI Research Resource (NAIRR).

The NAIRR is a shared research infrastructure that provides access to computers, high-quality data, educational tools, and user support to AI researchers and science students.

Co-chairing the task force will be Lynne Parker, White House Office of Science and Technology Policy, and Erwin Gianchandani, National Science Foundation.

"The task force will provide recommendations for establishing and sustaining the NAIRR, including technical capabilities, governance, administration, and assessment, as well as requirements for security, privacy, civil rights, and civil liberties," said the White House in a statement released yesterday.

In May 2022, the task force will submit an interim report to Congress detailing a comprehensive strategy and implementation plan. A final report will be submitted in November 2022.

Kudelski Security CEO Andrew Howard told Infosecurity Magazine that releasing data could have both a positive and a negative effect.

“Overall, making data available for research is a good thing. It’s an example of our government working for us as well as increasing transparency. This release of data could lead to new innovations both in an academic and private business context that make our lives better and solve societal challenges," said Howard. 

He warned: "There is also a downside. Depending on the sensitivity and scope of the data released, it could lead to the targeting of individuals and groups, both by companies and adversaries alike."

Howard stressed that any data release should be accompanied by the implementation of appropriate privacy protections.

"This isn’t always easy to do since there are attacks which can allow someone to combine the released data with other pieces of publicly available data to deanonymize individuals in a dataset," lamented Howard.

Categories: Cyber Risk News

McDonald’s Suffers Data Breach

Info Security - Fri, 06/11/2021 - 17:00
McDonald’s Suffers Data Breach

A data breach at fast food restaurant McDonald's has impacted customers and employees in South Korea and Taiwan and company operations in the United States.

The breach, which was first reported Friday by the Wall Street Journal, was the result of a cyber-attack. Hackers who broke into the computer system of McDonald's Corp. accessed only a small number of files before their intrusion was detected.

During their period of unauthorized access, the cyber-criminals stole personal information belonging to delivery customers in Taiwan and South Korea. Information accessed and pilfered included customer emails, phone numbers and addresses.

Employee information stolen by the hackers included the names and contact information of McDonald's workers in Taiwan. The burger servers said no customer payment details were accessed or stolen in the attack. 

McDonald's did not disclose exactly how many files were exposed or the number of people who were affected by the data breach, sharing only that the quantity of files was small. 

The data breach was detected by external consultants hired by McDonald's to investigate an incidence of unauthorized activity on an internal security system. Although access was blocked a week after detection, investigators found that company data in three countries had been breached.

In the United States, the hackers were able to access some business contact details for employees and franchisees. They also compromised restaurant data that included seating capacities and the size of play areas measured in square feet.

McDonald's said no data belonging to US customers was affected and that the exposed employee information did not include any personal or sensitive data. 

Regulators in Asia were notified of the breach on Friday by the McDonald's division in South Korea and Taiwan. The company said it will notify impacted customers and employees.

“Hackers will be quick to exploit the business contact details exposed in this breach, either simply selling the data or using the information to send convincing phishing, smishing or vishing attacks to victims of the breach," commented Tessian CTO & co-founder Ed Bishop.

"The warning for all McDonald's employees and franchisees, then, is to watch out for phishing emails and verify any requests for payments or information with the supposed source via another means of communication before complying with the request."

Categories: Cyber Risk News

Gaming Giant EA Suffers Major Data Breach

Info Security - Fri, 06/11/2021 - 11:34
Gaming Giant EA Suffers Major Data Breach

Hackers have stolen a wealth of data from gaming giant Electronic Arts (EA), including game source code and tools for several popular games, it has been reported.

Cyber-criminals made the claim in blog posts published on underground hacking forums, where they advertised a total of 780GB of data for sale. These posts were viewed and detailed by Motherboard, who EA informed that it had indeed suffered a data breach.

Among the data stolen was the source code for the popular football game FIFA 21 and code for its matchmaking server, and source code and tools for the Frostbite engine, which powers several EA games, including Battlefield. Additionally, the attackers took proprietary EA frameworks and software development kits.

Fortunately, it appears that hackers stole no personal data of customers in the breach, and EA told Motherboard that it does not expect the attack to impact “our games or our business.” This means that players should not be at an increased risk of cyber-attacks, phishing or identity theft.

Tom Van de Wiele, the principal security consultant at F-Secure, explained that the biggest impact of the data theft could that it offers valuable information for EA’s competitors to exploit. He said that “The EA source code and tools have a surprisingly high value to any company that operates in the shadows and want to get a leg up in competing with the bigger game development companies. Being able to steal an algorithm, approach, or game assets themselves and integrate them fast means not having to develop them on your own and means money and effort is saved that can be directed somewhere else. Especially when those games are released to a limited target group or platform where it is almost impossible to prove any wrongdoing or theft of intellectual property.”

Sam Curry, chief security officer at Cybereason, commented: “Oftentimes, there isn’t a lot of good news or optimism resulting from another global giant being breached. However, in the case of EA, they deal in petabytes of information so the reported amount of stolen data is relatively small in the gaming world. I’m not trying to diminish or minimize this compromise as the source code used to develop EA’s popular games has value to competitors and threat actors looking to sell the info on the darkweb.”

Curry also urged EA to share as many details as possible about how the breach occurred. “From initial reports, customer info, financial info or other proprietary information hasn’t been stolen. Behind the scenes, the threat actors either didn’t ultimately get where they wanted to in the network, or the good guys discovered the compromise early enough to limit the damage,” he said.

“EA should continue to be transparent, share as many details as possible and use this compromise as an opportunity to educate other companies in need of improving their own security hygiene. We should all look forward to hearing more from EA relating to this compromise and they have the opportunity to play the role of hero in this situation, as the role of villain or victim isn’t an option.”

Hackers have increasingly targeted the gaming industry in recent years due to its surging popularity. Researchers revealed they discovered 500,000 breached employee credentials and a million compromised internal accounts on the dark web from gaming firms earlier this year. 

Categories: Cyber Risk News

#G7UK: UK and US Strike New Agreements on Cybersecurity

Info Security - Fri, 06/11/2021 - 10:45
#G7UK: UK and US Strike New Agreements on Cybersecurity

The UK and US governments have agreed to work together more closely to tackle cybercrime as well as enhance the security of supply chains and emerging technologies. The announcement has come amid US President Joe Biden’s visit to the UK for the G7 summit, which has started today.

The partnership will be built within the framework of the revitalized Atlantic Charter, first introduced in 1941, and will cover a range of areas in science and technology, including cybersecurity.  

The two nations stated that they intend to cooperate to enhance the resilience and security of critical supply chains, battery technologies and emerging technologies such as AI and quantum. This forms part of their desire to ensure the full potential of future technologies like quantum and 6G are realized in the future.

Additionally, the two governments aim to improve the accessibility and flow of data to support economic growth, public safety, and scientific and technological progress.

More generally, the agreement emphasized the need to ensure liberal and democratic values are embedded into the design and standards governing technology globally. This is an issue that the director of GCHQ, Jeremy Fleming, highlighted in a speech back in April this year.

UK digital secretary, Oliver Dowden, commented: “In the 80 years since the Atlantic Charter was signed, technology has changed the world beyond recognition. But the goals that underpin it still bind the US and UK together today: support for democracy, open societies and free markets.

“Today's announcement marks a new era of cooperation with our closest ally, in which we commit to using technology to create prosperity and guarantee the safety and security of our citizens for years to come.”

Following the announcement, in an interview published in The Daily Telegraph last night, the UK foreign secretary, Dominic Raab, also revealed that the UK and US will work more closely together to “take the fight to cyber-criminals,” especially those targeting vital services like schools and hospitals.

Commenting, Charlie Smith, consulting solutions engineer at Barracuda Networks, said: “This announcement marks a turning point for the war on cyber-criminals, with the UK and US joining forces to root out and bring those responsible to justice. The sharp rise in ransomware attacks against schools, hospitals, local councils, and other critical national infrastructure cannot be underestimated and a concerted effort needs to be made to protect and secure these vital organizations from increasingly brazen attacks.”

Categories: Cyber Risk News

Unknown Attacker Chains Chrome and Windows Zero-Days

Info Security - Fri, 06/11/2021 - 09:49
Unknown Attacker Chains Chrome and Windows Zero-Days

Security researchers warn of a series of highly targeted attacks designed to compromise victim networks via Google Chrome and Microsoft Windows zero-day exploits.

The attackers are thought to have first exploited the now-patched CVE-2021-21224 remote code execution bug in Chrome.

“This vulnerability was related to a Type Mismatch bug in the V8 — a JavaScript engine used by Chrome and Chromium web-browsers,” explained Kaspersky. “It allows the attackers to exploit the Chrome renderer process: the processes that are responsible for what happens inside users’ tabs.”

The second stage was an elevation of privilege exploit linked to two separate vulnerabilities in the Microsoft Windows OS kernel. The first, CVE-2021-31955, can lead to the disclosure of sensitive kernel information, while the second, CVE-2021-31956, is a heap-based buffer overflow bug.

Kaspersky claimed that attackers CVE-2021-31956 alongside the Windows Notification Facility (WNF) to create arbitrary memory read/write primitives and execute malware modules with system privileges.

Once they’ve gained a foothold in victim networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as legitimate Windows files.

One of these is a remote shell module designed to download and upload files, create processes, lie dormant for periods of time, and delete itself from the infected system, Kaspersky said.

Microsoft patched both vulnerabilities in this week’s Patch Tuesday security update round while Google has already fixed the Chrome flaw.

The research team has yet to link the attacks to any known threat actor, so is dubbing the group behind it “PuzzleMaker.”

“Overall, of late, we’ve been seeing several waves of high-profile threat activity being driven by zero-day exploits. It’s a reminder that zero days continue to be the most effective method for infecting targets,” argued Boris Larin, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).

“Now that these vulnerabilities have been made publicly known, it’s possible that we’ll see an increase of their usage in attacks by this and other threat actors. That means it’s very important for users to download the latest patch from Microsoft as soon as possible.”

Categories: Cyber Risk News

China's New "Anti-Sanctions" Law Means Headache for Foreign Firms

Info Security - Fri, 06/11/2021 - 09:09
China's New "Anti-Sanctions" Law Means Headache for Foreign Firms

Western tech firms and other multinationals with a big presence in China could soon find themselves in a difficult position after Beijing passed new retaliatory sanctions laws.

The move is widely seen as a reaction to a string of sanctions put in place by the US and allies in recent months over human rights abuses in Xinjiang and the muzzling of democracy protests in Hong Kong.

The new law passed on Thursday will reportedly enable the government to put individuals or entities on an “anti-sanctions list” if they comply with sanctions from the US and other countries that displease Communist Party leaders.

These individuals and businesses may be denied entry to China, expelled from the country, have assets seized or frozen or be banned from doing business there.

It’s the latest sign of China using its economic might to push back against what it sees as unfair foreign interference in sovereign matters.

However, it could place foreign companies in an impossible situation and force many to choose sides between the world’s two superpowers.

The law was reportedly rushed through China’s rubber-stamp legislature, the National People's Congress (NPC), without a third reading.

Also yesterday, China issued a second draft of a new Data Security Law which will restrict outward flows of “important” data from critical infrastructure (CNI) and non-CNI firms operating in the country — subjecting them to a security review process.

Purportedly, new rules could also prevent foreign companies from disclosing information on their Chinese subsidiaries to a foreign law enforcement agency or court.

Legal analysts have warned that much will hinge on how the authorities interpret the vague term “important.”

Categories: Cyber Risk News

Quantum Breakthrough in Britain Creates 600km Secure Link

Info Security - Fri, 06/11/2021 - 08:35
Quantum Breakthrough in Britain Creates 600km Secure Link

Long-distance quantum-secured data transfer took a step closer this week after Toshiba announced that scientists in the UK have managed to produce a stable prototype that works over 600 kilometers.

Quantum computing is often described as a potential security challenge in that, once states can engineer working machines, they could theoretically crack any public-key cryptography system.

However, the technology could also be used to mitigate this risk by producing “unhackable” information streams using quantum key distribution (QKD).

This is a technology Toshiba Europe scientists are working on in Cambridge. Photons are encoded and transmitted for key generation. Still, if the stream is interrupted by an eavesdropper, the unique properties of quantum physics mean that the sender will be alerted, and it is instantly scrambled.

Up until now, the main challenge in achieving QKD has been the fragility of qubits, or quantum particles, which means that they could be scrambled unintentionally if the fiber cables they’re transmitted through experience temperature or other changes.

Toshiba used a new “dual band” stabilization technique to tackle this.

“This sends two optical reference signals, at different wavelengths, for minimizing the phase fluctuations on long fibers. The first wavelength is used to cancel the rapidly varying fluctuations, while the second wavelength, at the same wavelength as the optical qubits, is used for fine adjustment of the phase,” it said.

“After deploying these new techniques, Toshiba found it is possible to hold the optical phase of a quantum signal constant to within a fraction of a wavelength, with a precision of 10s of nanometers, even after propagation through hundreds of kilometers of fiber. Without cancelling these fluctuations in real-time, the fiber would expand and contract with temperature changes, scrambling the quantum information.”

Using this dual band technique has enabled the research team to implement the so-called Twin Field QKD at distances around three times longer than existing commercial QKD systems.

Secure information exchange of this sort could one day be used to support an entire “quantum internet” of interconnected quantum computers. Given the huge variety of potential applications, the US, EU and China are throwing vast sums of money at such projects.

“QKD has been used to secure metropolitan area networks in recent years. This latest advance extends the maximum span of a quantum link so that it is possible to connect cities across countries and continents without using trusted intermediate nodes,” said Andrew Shields, head of the Quantum Technology Division at Toshiba Europe.

“Implemented along with Satellite QKD, it will allow us to build a global network for quantum secured communications.”

Categories: Cyber Risk News

IT Administrator Sentenced for Sabotaging Employer

Info Security - Thu, 06/10/2021 - 19:23
IT Administrator Sentenced for Sabotaging Employer

Lockdown hasn't ended for one vengeful IT professional who carried out a cyber-attack against his former employer. 

Levi Delgado, of Middletown, Delaware, was sentenced on Wednesday to home confinement after hacking into a company's computer network, deleting its data and disabling user accounts.

The 36-year-old cyber-criminal had been employed as an information technology administrator at a medical center that provides care to under-served communities, but the medical center terminated Delgado’s employment in August 2017. 

After losing his job, Delgado's access to the medical center’s computer network was revoked and the credentials that had allowed him to log in to it were disabled.  

Four days after his termination, Delgado hooked up a personal laptop and accessed the medical center’s computer network without authorization via an administrator account.

After illegally entering the network, Delgado deleted the medical center’s employee user accounts, disabled its computer accounts, and also deleted its file server.  

Delgado’s criminal actions prevented the medical center’s employees from logging in to their computers and blocked them from accessing patient files necessary to conduct operations. 

While no patient personal health information was compromised or accessed, patient appointments and treatments had to be rescheduled because of Delgado's cyber-sabotage. 

Delgado pled guilty in February 2021 to one count of causing damage to a protected computer. 

Yesterday, Leonard Stark, chief United States district judge for the district of Delaware, sentenced Delgado to six months of home confinement and ordered him to pay over $13,000 in restitution.

The case was investigated by the FBI-Baltimore Division’s Cyber Task Force and was prosecuted by Assistant US Attorney Jesse Wenger.

“What Mr. Delgado did was not only intentional, reckless and petty, but also caused a severe disruption in medical care in an underserved community,” said Rachel Byrd, acting special agent in charge of the FBI-Baltimore Field Office. 

“Computer intrusion is a crime and the FBI, and our law enforcement partners, will continue to pursue those who compromise, mishandle or disrupt computer networks.”

Weiss added that their office "is committed to prosecuting any individual who thinks attacking a former employer’s computer network is an acceptable reaction to getting fired.”

Categories: Cyber Risk News

Arrest Made Over Multi-million-dollar BEC Scam

Info Security - Thu, 06/10/2021 - 18:55
Arrest Made Over Multi-million-dollar BEC Scam

Texas law enforcement officers have made an arrest in connection with a multi-million-dollar wire fraud and money laundering scheme involving Business Email Compromise (BEC).

Guillermo Perez was taken into custody Wednesday morning for allegedly defrauding businesses and individuals of more than $2m through cyber-scams and bank fraud schemes.

An indictment unsealed on June 9 accuses 26-year-old Houston resident Perez of participating in the illegal scam from at least October 2018 to October 2019.

Perez is accused of impersonating individuals and businesses over email in the course of otherwise ordinary financial transactions. While posing as someone else, Perez allegedly tricked victims into transferring funds into bank accounts controlled by him and his co-conspirators.

As part of the alleged scheme, Perez provided banks with false and misleading information regarding his and his co-conspirators’ affiliations, then tricked the banks into opening business bank accounts that were fraudulent.

Victims of the BEC scheme, who were unaware that they were acting on false and misleading misrepresentations made by Perez and his co-conspirators, wired more than $2.2m into the fraudulent bank accounts. 

It is alleged that Perez and his co-conspirators, knowing that the transferred cash represented fraud proceeds, moved it out of the fraudulent bank accounts in transactions designed to conceal and disguise its origins and ownership.

The arrest of Perez was announced yesterday by Audrey Strauss, the United States attorney for the Southern District of New York, and Peter C. Fitzhugh, the special agent-in-charge of Homeland Security Investigations (HSI) in New York.

He is charged with one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison. Perez is also charged with one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison.

In a statement issued yesterday, the US Attorney's Office wrote that Strauss praised the investigative work of HSI in the Perez case. 

The prosecution is being handled by the Money Laundering and Transnational Criminal Enterprises Unit. Assistant United States attorneys Emily Deininger and Tara La Morte are in charge of the prosecution.

Categories: Cyber Risk News

Texas to Publish Data Breach Notifications

Info Security - Thu, 06/10/2021 - 17:24
Texas to Publish Data Breach Notifications

Lawmakers in Texas have passed a bill requiring notices to be published online of any data breaches involving the personal information of 250 or more Lone Star State residents.

The unanimously passed House Bill 3746, which amends the Texas Business and Commerce Code §521.053, requires the Texas Attorney General's Office to post the breach notifications to its public-facing website.

Notifications must be uploaded to the website within 30 days of receipt, and listings of organizations impacted by a data breach must remain in place for a period of 12 months.

A listing will only be removed if the individual or company does not suffer any further data breaches affecting 250 or more Texas residents during the year-long listing period. 

Under current Texas law, notifications that a security system has been breached must be sent to the state Attorney General within 60 days of detection. 

Included in the breach notice must be a detailed description of the scope of the breach, how it happened, and what sensitive information may have been compromised, exfiltrated, stolen or deleted in the security incident.

Though it may not be a final tally, another detail that must be included in the data breach notice is the number of individuals known to be impacted by the breach at the time it is reported to the State Attorney General. 

Breached individuals and organizations cannot simply report a data breach incident to the Attorney General's Office and walk away. Their notice must include a description of what measures were taken to mitigate the breach and details of what future actions will be taken regarding the incident.

The Office must be informed as to whether law enforcement has been notified and is investigating the breach. It must also be instructed over how many Texas residents have been notified about the breach, by mail or another direct method of communication, at the time the incident is reported.

Before it becomes law, the bill must be signed by Texas governor Greg Abbott. Should it be graced with Abbott's signature, the law will take effect from September 1, 2021.

By passing the new bill, the Texas Legislature has followed in the footsteps of California and Maine.

Categories: Cyber Risk News

#Infosec21: Lack of Vision Explains Cyber Skills Shortage

Info Security - Thu, 06/10/2021 - 15:29
#Infosec21: Lack of Vision Explains Cyber Skills Shortage

The cybersecurity skills gap is caused by a lack of vision in the industry rather than it being a pipeline problem, argued Wendy Nather, head of advisory CISOs at Cisco, during her keynote address on day three of the Infosecurity Europe virtual conference.

Nather, who was recently inducted into the Infosecurity Hall of Fame, believes it is a complete misnomer that there is a lack of talent available to fill the expanding number of security roles. Instead, it is down to the industry “to open our eyes and see what’s in front of us, namely that there are sources of great security talent everywhere.”

Nather then showed a collage of high profile security professionals representing a range of demographics, including those often not associated with technical IT skills, such as older people. She said this demonstrates that anyone from any walk of life has the potential to be successful in the sector.

She added that it is vital to recognize that there is a range of pathways into the security industry, and it is quite possible to move across from a completely different profession. “They just need to be able to innovate and then they can learn the technology,” outlined Nather. “People are capable of learning all sorts of things; you don’t have to go for the person who is exactly like the last person you had in this position."

In fact, it is a great advantage to a security team to have personnel from different backgrounds and experiences. Nather gave the example of hiring a man called John Skaarup, an army veteran of 21 years, based on the mindset he demonstrated during her interview with him. Nather said that “he turned out to be one of the best security colleagues that I have ever had” and is now a cybersecurity officer, running the security operations center at the Texas Department of Transportation.

Nather then offered advice on how those involved in the hiring of security personnel can adapt their practices to open their doors to a much wider pool of talent. She observed that there are already highly knowledgeable people familiar with security but whose skills are not recognized for various reasons. These include the way they speak – if they do not use traditional security terminology. Nather commented: “Just because they don’t know the right lingo doesn’t mean they don’t know the concepts and that they can’t apply their skills.”

Nather also said that organizations need to be more careful about how they word their job descriptions, as they can often come across as overly restrictive to many good candidates. This includes postings asking for “ridiculous amounts of experience” in relatively new areas, like Kubernetes.

She added that this was a particular issue for candidates from underrepresented groups as they are “less likely to apply for positions where they fit the description 100%.” Therefore, asking for too many qualifications risks “cutting out the person who you need for your team.” To help prevent this situation from occurring, Nather believes that senior security personnel should be making this case loud and clear and “fight for latitude in hiring.”

In addition, a greater emphasis on soft skills should be made during the hiring stage, according to Nather. She argued that these types of attributes are just as valuable to an organization as the specific technical expertise, as the right people will be able to add these such skills to their repertoire in any case. For instance, she believes more value should be put on “tact, collaboration, the ability to explain things to anybody using very small words or the talent to be able to create something that people enjoy using.”

Concluding, Nather offered some takeaways for how the cybersecurity industry can grow the skills pipeline and diversify the people working within it. These include taking the initiative to discover and meet people from underrepresented groups rather than simply posting a job online. “To find the best people, you have to put in the work,” she explained.

Finally, Nather provided what she regarded to be the most crucial takeaway of the presentation, which is to recognize that “what I knew back then doesn’t matter now.” Simply put, the cybersecurity industry is evolving so quickly that the ability to adapt and learn new skills now is more important than past experiences in the field. She concluded: “What matters now is that we are all on the same starting line - we are all in the same race to learn. So look for the people you want to run with.”

Categories: Cyber Risk News

Schools Forced to Shut Following Critical Ransomware Attack

Info Security - Thu, 06/10/2021 - 10:39
Schools Forced to Shut Following Critical Ransomware Attack

Two schools in the south of England have been forced to temporarily close their doors after a ransomware attack that encrypted and stole sensitive data.

The Skinners' Kent Academy and Skinners' Kent Primary School were attacked on June 2, according to a statement on the trust’s website which said it is currently working with third-party security experts, the police and the National Cyber Security Centre (NCSC).

It revealed that on-premise servers were targeted at the Tunbridge Well-based schools. As student and staff emergency contact details, medical records, timetables and registers were encrypted by the attackers, the decision was taken to close on Monday.

“Data stolen includes: a wealth of teaching resources, school trip information, policies, human resources files and a significant amount of staff data, some student data including medical information and data pertaining to our iPad scheme,” an FAQ statement noted.

“Data encrypted (and therefore not accessible to the school anymore) includes our management information system, which contains the bulk of contact details for parents. Therefore, it is the latter that we have had to ask parents to re-submit to the trust.”

Students and parents have been advised to change any passwords, and parents have been told to inform their bank that account information may have been taken.

“The details of bank accounts may have been accessed through details taken for the iPad scheme for example,” the trust said.

The news comes just days after the NCSC warned of a surge in ransomware attacks on the UK’s education sector.  It claimed that phishing, RDP hijacking, and targeting vulnerabilities in VPNs and other systems were the primary attack vectors.

“As a result of the pandemic, schools have shifted to remote and hybrid learning, leading to an increase in the types of devices accessing the school’s cloud-based servers to attend classes and complete schoolwork,” argued Lookout security engineer, Burak Agca.

“A lack of visibility and a high degree of fragmentation in operating system platforms and device types introduces several security gaps and risks which schools have been struggling to deal with."

Categories: Cyber Risk News

High Street Banks Exposing Customers to Phishing Attacks

Info Security - Thu, 06/10/2021 - 09:14
High Street Banks Exposing Customers to Phishing Attacks

A consumer rights group is calling on all high street banks to improve their anti-phishing capabilities after spotting that a key protocol is sometimes not configured to offer maximum protection.  

Domain-based message authentication, reporting and conformance (DMARC) is a tried-and-tested way to help brands block phishing emails to customers.

It helps to verify that the domain of the sender hasn’t been impersonated, although it must be set to “p=reject” in order to prevent suspicious emails from being sent to customer inboxes.

Consumer group Which? asked tech firm 6point6 to audit some of the biggest names on the high street to check their DMARC policies.

At the time of the study, it found that Bank of Ireland and Lloyds Bank-owned Agricultural Mortgage Corporation had not introduced DMARC at all, although both have since taken action.

It also found that Nationwide, TSB and Virgin Money had not set DMARC to p=reject, although the latter two claimed they were planning to do so.

The Co-operative Bank, First Direct, Starling and Tesco Bank had DMARC in place for their primary domains but not their alternative domains, which phishers could theoretically abuse.

Starling and Tesco Bank have now taken action to close this security loophole, Which? claimed.

“It has never been harder for people to know whether they’re receiving genuine communications from their bank, or being tricked — so it is crucial that banks take every measure to protect their customers from these devastating scams,” said Which? Money editor, Jenny Ross.

“These include implementing email scam protections properly and no longer putting phone numbers and links in messages, to ensure customers feel safe and can bank with confidence.”

On the plus side, most UK banks have signed up to a “do not originate” (DNO) number scheme designed to clamp down on number spoofing, which scammers often use in vishing (phone-based phishing) attacks, Which? said.

Last year, a Proofpoint report found that only 13 out of the 64 accredited financial institutions it studied had implemented the strongest DMARC policy.

Categories: Cyber Risk News

JBS Admits Paying REvil Ransomware Group $11 Million

Info Security - Thu, 06/10/2021 - 08:44
JBS Admits Paying REvil Ransomware Group $11 Million

A meat processing giant recently hit by ransomware has confirmed it paid its extorters $11 million, reigniting the debate over the ethics of doing so.

A statement published by Sao Paolo-headquartered JBS, whose US and Australia businesses were hit in the incident last week, claimed that at the time of payment, the “vast majority” of its facilities were operational.

“In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated,” it added.

Usually, the attackers have already exfiltrated sensitive data in such attacks, and payment is made to prevent them from publishing it.

However, there’s no guarantee that the attackers will not try to monetize the data anyway.

Last November, a Coveware report claimed that data exfiltration is now a tactic in over half of ransomware attacks.

It warned that groups such as REvil (Sodinokibi), which was blamed for the JBS attack, sometimes still publish data after payment, and, in some cases, demand a second payment.

It’s unclear whether JBS paid the ransom with the expectation its insurance provider would cover it. The issue is increasingly controversial, with AXA recently stating that it would stop reimbursing clients in France for ransom payments.

“This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO of JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The firm’s statement goes on to boast a $200 million annual IT budget and state that its ability to bounce back quickly from the attack was due to “its cybersecurity protocols, redundant systems and encrypted backup servers.”

Edgard Capdevielle, CEO of Nozomi Networks, argued that enterprises must now be prepared for the inevitable ransomware attack.

“That's why in addition to strengthening cybersecurity defenses, it’s equally important to invest in business resilience in the face of an attack,” he added.

“This post-breach mindset establishes a strong cybersecurity culture that asks the tough questions, anticipates worst-case scenarios and establishes a recovery and containment strategy aimed at maximizing your organization’s resiliency, long before an attack occurs.”

It’s generally advised that victims do not pay ransomware groups as it simply encourages more of the same malicious activity. However, when critical supply chains are involved, it’s not quite so simple.

“Naive statements like ‘never pay the ransom’ simply ignore the reality of the situation and do not have any chance in actually changing anything,” argued John Bambenek, Threat Intelligence Advisor at Netenrich.

“President Biden’s meeting with Vladimir Putin next week is critical in attempting to change the trajectory of this threat to bring the rogue state responsible for harboring this threat to heel.”

Categories: Cyber Risk News

Probe into Leak of Cuomo Accuser’s Personnel File

Info Security - Wed, 06/09/2021 - 18:36
Probe into Leak of Cuomo Accuser’s Personnel File

An investigation has been launched to determine whether New York governor Andrew Cuomo broke the law by allegedly leaking the personnel file of the first of eleven women to accuse him of sexual harassment. 

Cuomo's former aide Lindsey Boylan first accused him of sexual harassment in December on Twitter. In February, Boylan shared details of the alleged harassment, claiming that Cuomo had compared her to one of his former girlfriends, asked her to play strip poker with him, and made unwanted sexual advances toward her, including forcibly kissing her on the lips.  

Hours after Boylan’s first accusations were made, her personnel records, which included disciplinary recommendations and bullying allegations, were released to media organizations. Boylan, who worked for Cuomo's team from March 2015 to October 2018, claims the leak was part of a smear campaign orchestrated by Cuomo and his aides to damage her reputation.

It is alleged that Cuomo personally met with advisors to discuss what action to take after Boylan's accusations came to light. 

New York state whistleblowing laws make it illegal to take retaliatory action against alleged victims of sexual harassment. According to a new report by the Washington Post, investigators for New York State Attorney General Letitia James are probing whether Cuomo and his aides committed a crime by allegedly releasing Boylan's records. 

In February 2021, Charlotte Bennett, an executive assistant and health policy advisor to Cuomo, accused him of sexual harassment. In the weeks that followed, allegations of inappropriate sexual comments and conduct by the governor were made by former Obama administration member Anna Ruch, policy and operations aide Ana Liss, former press aide Karen Hinton, reporter Jessica Bakeman, Bloomberg reporter Valerie Bauman, aide Alyssa McGrath, attorney Sherry Vill, an anonymous member of the governor's Executive Chamber staff, and an unnamed aide.

Some of the alleged victims accuse Cuomo's chief aide Melissa DeRosa of making "intimidating" phone calls after Boylan's allegations first came to light. DeRosa is further accused of being involved in the drafting of a letter sent to staffers to sign to try to discredit Boylan. 

Cuomo has repeatedly denied the allegations made against him by nearly a dozen professionals. The governor claims he has "never touched anyone inappropriately" and "never made any inappropriate advances."

Categories: Cyber Risk News