Cyber Risk News
A man from Florida has admitted cyberstalking a woman who survived a violent attack in her childhood that left another young girl dead.
Alvin Willie George of Cross City pleaded guilty to two counts of cyberstalking related to the online harassment of the survivor and her sisters.
According to court records, the victim was in a Texas bedroom with another girl in December 1999 when an assailant entered and attacked the two friends. Both girls had their throats slit.
One girl died from the attack, while her friend survived. The perpetrator of this vicious assault was later caught and convicted.
George, who has no connection to the surviving victim or her family, began harassing the victim and her family 17 years after the attack took place.
In or around November 2016, George started researching the deadly crime on the internet. The 25-year-old then created various Facebook accounts that he used to send harassing messages to the victim and her sisters, all of whom live in Idaho. In the messages, George threatened to rape and kill the women.
The case was investigated by the Federal Bureau of Investigation and the Boise Police Department.
A federal grand jury in Boise indicted George on December 11, 2019. On Thursday, the US Attorney's Office in Boise, Idaho, announced George's guilty plea.
Sentencing is scheduled to take place on April 8, 2021, before US District Judge B. Lynn Winmill at the federal courthouse in Boise.
In Idaho, the crime of cyberstalking is punishable by up to five years in prison, a maximum fine of $250,000, and a supervised release period of up to three years, per charge.
According to the Stalking Prevention, Awareness and Resource Center, an estimated 6 to 7.5 million people are stalked annually in the United States.
The majority of stalking victims are stalked by someone they know; just one in five stalking victims are stalked by a stranger.
A quarter of stalking victims report being stalked through the use of some form of technology such as e-mail or instant messaging. While 10% of victims report being monitored with global positioning systems, 8% report being monitored through video or digital cameras, or listening devices.
The executed MOU creates a cooperative agreement between the two parties to partner in the furthering of their missions and objectives around the adoption, use, and expansion of CMMC-based cybersecurity practices for the US Department of Defense (DoD) global Defense Industrial Base (DIB) contractor community and the information and communication technology community.
Objectives of the new partnership include a desire to aid efforts to advance the goals for improving the cyber and supply-chain security and resilience of the DIB network of contractors, suppliers, and vendors.
Among the specific actions planned is the co-development of CMMC advisory services, cyber education and training programs to increase cyber adoption, accelerating CMMC certification, and improving cyber protection and resilience.
The partners also want to expand and drive diversity across the cybersecurity workforce, which in 2019 was 80% male.
“The WiCyS Mid-Atlantic is excited to team with the CMMC COE in efforts to enhance the overall security of the defense industrial base supply chain," said Diane Janosek, founder and senior advisor of Women in Cybersecurity Mid-Atlantic.
"This partnership clearly demonstrates the CMMC COE’s commitment to a diverse cybersecurity workforce, which is key to defending the nation’s cyber critical infrastructure. Creative and inclusive teaming is essential to the CMMC’s success."
Further actions planned by the partnership are the co-sponsorship of symposiums, training programs, and podcasts, leveraging their combined cyber and IT expertise, and the hosting of regular working groups, along with additional partners, to allow collaboration and communication.
The establishment of an independent Industry Cyber Security Advisory Council is also planned, with peer organizations brought in to advise and educate leaders across government and industry on the effectiveness and continued evolution of CMMC.
“This is exciting opportunity for us,” said John Weiler, chairman of the board at CMMC Center of Excellence. “This new partnership will further help advance the goals and objectives for improving the supply chain security and resilience of the US Department of Defense.”
The UK government is investigating a technical issue that led to 150,000 arrest records' being accidentally wiped from nationwide police databases.
Over 150,000 fingerprint records, DNA records, and arrest history records were lost as a result of the glitch. One source told The Times that the error could potentially allow offenders to escape justice as biometric evidence captured from crime scenes will no longer be flagged on the Police National Computer (PNC).
The error also impacted Britain's visa system, causing the processing of applications to be suspended for two days.
Sources told The Times that the records were accidentally wiped during one of the weekly data expunging acts known as "weeding" sessions.
The newspaper reported that “crucial intelligence about suspects” had vanished as a result of the incident. However, the Home Office said that no records of criminals or dangerous persons had been deleted and that the lost data related to individuals who had been arrested and then released without charge.
UK Minister for Policing Kit Malthouse said officials were “working at pace” to attempt the recovery of the lost records.
He said: “A fast time review has identified the problem and corrected the process so it cannot happen again. The Home Office, NPCC [National Police Chiefs’ Council] and other law enforcement partners are working at pace to recover the data.
“While the loss relates to individuals who were arrested and then released with no further action, I have asked officials and the police to confirm their initial assessment that there is no threat to public safety. I will provide further updates as we conclude our work.”
Shadow Home Secretary Nick Thomas-Symonds said: “This is an extraordinarily serious security breach that presents huge dangers for public safety. The incompetence of this shambolic government cannot be allowed to put people at risk, let criminals go free and deny victims justice.”
The loss of the data follows the removal of 40,000 alerts regarding European criminals from the PNC with the UK's Brexit departure from the European Union.
The UK’s National Cyber Security Center (NCSC) has outlined the creation of a new protective domain name service (PDNS) solution in partnership with Nominet, the official registry for UK domain names.
The service, named PDNS Digital Roaming, is designed to enhance the security of public sector staff working from home as a result of the COVID-19 pandemic. The free at the point of use app will extend the protection offered by the original PDNS solution, which is delivered by Nominet, to remote networks.
PDNS has been in place since 2017, and helps keeps public sector organizations secure by hampering the use of DNS for malware distribution and operation. Last year, it was being used by over 760 public sector organizations, protecting an estimated 2.8 million staff.
PDNS Digital Roaming enables these protections to extend to employees working from home by detecting when a device is outside of its enterprise network and redirecting DNS traffic to PDNS, using the encrypted DNS over HTTPS (DoH) protocol. This applies from whichever network employees connect to the internet from.
David Carroll, MD of Nominet’s cybersecurity arm commented: “The NCSC reacted quickly to the challenges that coronavirus presented to the cyber-defense of the nation. For example, elements of the Active Cyber Defense program – including the PDNS, which is delivered by Nominet on behalf of the NCSC – were made available to many more organizations in the past year, including over 200 frontline public health bodies.
“Without a fixed IP address, staff needed another option for accessing the protections of the PDNS – PDNS Digital Roaming has been the answer. This app was launched in September to all those currently eligible to use the PDNS. By installing it on their device, staff can ensure that their DNS traffic is being directed to the PDNS and is thus protected by this innovative service.
“Keeping critical services secure has never been so important. As we position our country as a global digital leader for the future, it will be important to devise solutions that are adaptable as well as highly resilient and secure.”
At the end of last year, Infosecurity spoke to Russell Haworth, CEO of Nominet, about how the company is combatting the rise in malicious domain names since the start of the COVID-19 pandemic.
Artificial intelligence (AI) and quantum are set to be the next major technology disruptors and will have a profound impact on the cybersecurity sector, according to speakers in a session at the Consumer Electronics Show (CES) 2021.
Advancements in these areas are likely to lead to new opportunities for cyber-criminals to leverage attacks, but conversely, can also enable the development of stronger cybersecurity defenses.
Vikram Sharma, founder and CEO at QuintessenceLabs, explained that these technologies form part of the predicted “fourth industrial revolution,“ which will radically enhance our technological capabilities. “The fourth industrial revolution is really a confluence of a number of technologies, so alongside AI, 5G, robotics, 3D printing and IoT, quantum is one of these very important technologies of our time.”
He said it is critical organizations now look at how they can leverage quantum for cybersecurity purposes. This is because of its potential to provide a “robust” protection of data as well as to counter the threats this tech could pose in the hands of attackers. Sharma added: “The general consensus is we may see an adversary who has a quantum computer at the right scale to impact cybersecurity within the next five to 10 years.”
Similarly, it is critical that proactive steps are taken to tackle the use of AI by threat actors to launch attacks. Pete Tortorici, director, Joint Information Warfare at the Department of Defense (DOD) Joint Artificial Intelligence Center, outlined a number of considerations in this regard: “How are we going to understand what network incident detection is going to look like in the world of AI? How do we leverage AI to secure network capabilities? How do we build robust analytics to let us know when things have happened inside of a network?”
For organizations to successfully implement AI solutions, underlying issues first need to be resolved. Tortorici said: “A lot of organizations haven’t solved the data problem that underlies being able to get after an AI solution.” He added this can be as simple as collecting and keeping the data needed to feed their algorithm.
Another issue is meeting the demand for AI specialists and data engineers from a security standpoint. Tortorici commented: “I wonder if we have the required incentives, both educational and professional, to grow this skillset over the next several decades.” He added that at the Department of Defense there is now a strong emphasis on “cultivating and retaining talent” in this area.
In regard to quantum, Sharma said that his company has observed organizations becoming increasingly aware of the transformative potential of quantum, and “a number of them have started the process of building internal subject matter expertise within their engineering and development groups around quantum.”
However, much more focus needs to be placed on its potential impact on cybersecurity. Part of this is ensuring organizations are better educated on how to adapt their security posture. Sharma added: “While awareness of quantum is developing and generally people have some conception that there is a risk to cybersecurity, there isn’t a proper understanding of what this means in terms of implications for the cyber-technologies that are deployed today.”
It is therefore critical that organizations prepare for the expected growth in AI and quantum, both to improve their productivity and enhance their cybersecurity. Two key factors in ensuring this is the case that were emphasized by Sharma and Tortorici were general awareness and developing the right skillsets.
The US National Security Agency (NSA) has warned enterprises that adoption of encrypted DNS services can lead to a false sense of security and even disrupt their own DNS-monitoring tools.
DNS over HTTPS (DoH) has become an increasingly popular way to improve privacy and integrity by protecting DNS traffic between a client and a DNS resolver from unauthorized access. This can help to prevent eavesdropping and manipulation of DNS traffic.
However, although such services are useful for home and mobile users and networks not using DNS controls, they are not recommended for most enterprises, the US security agency claimed in a new report.
DoH is “not a panacea,” as it doesn’t guarantee that threat actors can’t see where a client is going on the web, said the NSA.
“DoH is specifically designed to encrypt only the DNS transaction between the client and resolver, not any other traffic that happens after the query is satisfied,” the report noted.
“While this allows clients to privately obtain an IP address based on a domain name, there are other ways cyber-threat actors can determine information without reading the DNS request directly, such as monitoring the connection a client makes after the DNS request.”
Moreover, DoH can actually impair network monitoring tools designed to spot suspicious activity in DNS traffic.
“DoH encrypts the DNS traffic, which prevents enterprises from monitoring DNS with these network-based tools unless they are breaking and inspecting TLS traffic. If DoH is used with the enterprise resolver, then inspection can still occur at the resolver or using resolver logs,” the report continued.
“However, if external DoH resolvers are not blocked and DoH is enabled on the user’s browser or OS to use a different resolver, there could be issues gaining visibility into that encrypted DNS traffic.”
Malware can also use DoH to hide its C&C communications traffic, the NSA warned.
The agency urged enterprises that use monitoring tools to avoid using DoH inside their networks.
Facebook is suing two European developers for allegedly violating its terms of service by scraping user data.
Legal action has been filed in Portugal by Facebook and Facebook Ireland against two individuals working for application/extension development company Oink and Stuff.
The firm claims its software products, available for Chrome, Firefox, Edge, Opera and Android, have over one million active users.
She highlighted four extensions, Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger, that contained code which Facebook claims are malicious and effectively act like spyware.
“When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook — all without their knowledge,” argued Romero.
“If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account. The defendants did not compromise Facebook’s security systems. Instead, they used the extensions on the users’ devices to collect information.”
Facebook is seeking a permanent injunction against the defendants, demanding they delete all Facebook data in their possession.
This is just one of many cases brought by the social network against third parties it accuses of impacting user privacy, a push that began in earnest following the Cambridge Analytica scandal.
In September 2019, the firm revealed it had filed suits against LionMobi and JediMobi, two companies that used apps to infect users’ devices with click injection fraud malware, South Korean data analytics firm Rankwave and Ukrainians Gleb Sluchevsky and Andrey Gorbachov, who used quiz apps to scrape user data.
An e-commerce “scam-as-a-service” operation tried-and-tested in Russia has expanded to multiple European countries in 2020, making cybercrime groups over $6.5m in the process, Group-IB has warned.
The Singapore-based cybersecurity company claimed in a new report that “Classiscam” first appeared in Russia in the summer of 2019, but soon migrated west and hit a peak of activity over 2020 as remote workers surged online to shop.
There are now at least 40 active groups using the scam packages to con internet users out of their hard-earned cash.
“In the summer of 2020 we took down 280 scam pages as part of the Classiscam scheme, and by December that number grew 10-fold and reached up to 3000 pages,” said Yaroslav Kargalev, deputy head of CERT-GIB.
“We see that Classiscammers are now actively migrating from Russia to Europe and other countries. It’s not the first time that Russia has served as a testing ground for cyber-criminals with global ambitions.”
The groups publish ads for popular products on marketplaces and classified websites, with prices marked down to spark interest from buyers. Consumer electronics such as cameras, game consoles, laptops and smartphones are often listed.
Once the buyer gets in touch, the scammer typically takes the conversation off the marketplace to WhatsApp or other messenger channels, using local phone numbers to add authenticity.
The fraudster then asks for the victim’s delivery and contact information and sends a phishing link mimicking the real marketplace, which takes the user to a fake payment page.
Telegram bots are used to generate the ready-to-use phishing pages, streamlining the process and lowering the bar to entry for non-techie cyber-criminals.
Cybercrime groups using the service typically include three types of operative: admins, workers and callers.
Admins are responsible for recruiting new members, creating the scam pages and taking action when a bank blocks the victim’s transaction. Workers communicate directly with victims, while callers pretend to be tech support specialists.
Group-IB estimated that the most active groups make as much as $522,000 per month.
“So far, the scam’s expansion in Europe is hindered by language barriers and difficulties with cashing our stolen money abroad,” said Dmitriy Tiunkin, head of Group-IB Digital Risk Protection Department, Europe.
“Once the scammers overcome these barriers, Classiscam will spread in the West. The downside of popularity is competition among scammers, who sometimes frame each other without knowing it.”
There is a high risk of disinformation campaigns designed to spread panic and fear about the COVID-19 crisis, according to IT firm Fujitsu. In particular, it expects social engineering attacks to focus on fuelling uncertainty and doubt surrounding the effectiveness of COVID-19 vaccines as they begin to be rolled out across the world.
The company said that both criminal gangs and nation state actors will focus on controversial aspects of vaccine programs, including mandatory vaccination, health passports, mass immunity testing and lockdowns in these campaigns. These will target both businesses and individuals through a range of attack vectors, with phishing the most prominent.
There has been a huge rise in phishing campaigns observed since the start of the pandemic last year, with cyber-villains frequently using COVID-19 topics as lures.
The most sophisticated of these attacks will sow division between opposing sides, leading to more polarization and mistrust of information sources. This has been evident during recent elections such as the Brexit referendum in 2016 and the US elections last year.
Fujitsu added that it is already seeing malicious actors leverage issues around personal liberty linked to the pandemic, such as restrictions on movements and requirements to wear a facemask.
Paul McEvatt, head of cybersecurity innovation at Fujitsu, commented: “Phishing is at the heart of these attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation. People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the coronavirus pandemic is a global issue and a highly-emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.”
Earlier today, the European Medicines Agency revealed that documents related to COVID-19 medicines and vaccines have been leaked online following a cyber-attack on the regulator in December.
A Kosovan hacker, granted compassionate release after being convicted of providing personally identifiable information of over 1,000 US government personnel to ISIS, has been charged with committing further crimes while in federal prison.
The US sentenced Ardit Ferizi to 20 years in prison in September 2016 after the hacker admitted accessing a protected computer without authorization and providing material support to a designated foreign terrorist organization.
In December 2020, Federal Judge Leonie Brinkema of the Eastern District of Virginia reduced Ferizi’s sentence to time served, plus 10 years of supervised release to be served in Kosovo after the 25-year-old submitted a handwritten motion stating that his obesity and asthma made him vulnerable to COVID-19.
According to a federal complaint filed against Ferizi and unsealed on January 12, Ferizi was awaiting deportation back to his native Kosovo when the FBI determined that he had committed multiple new federal offenses. At the time of the alleged offenses, Ferizi was incarcerated at the Federal Correctional Institute in Terre Haute, Indiana.
“We allege Ferizi provided access to personal information of US citizens, even as he was serving his prison sentence for providing similar information to ISIS,” said US Attorney David L. Anderson.
According to the FBI, in 2017 and 2018 Ferizi became involved in multiple fraudulent schemes while locked up in prison by coordinating with a family member who was operating Ferizi’s email accounts. At least one email account included large databases of stolen personally identifiable information, extensive lists of stolen email accounts, partial credit card numbers, passwords, and other confidential information, accumulated through Ferizi's criminal hacking activity.
"Based on an IP address resolving to Kosovo, login activity to Ferizi’s other e-mail accounts, and other investigative information, it was determined the family member downloaded the databases of stolen information to liquidate the proceeds of Ferizi’s previous criminal hacking activity," said the Department of Justice.
Ferizi and his family member are alleged to have used the electronic services of Google, PayPal, and Coinbase to carry out these new crimes.
Ferizi, known online as Th3Dir3ctorY, is charged with one count of aggravated identity theft and one count of wire fraud in violation. If convicted of both charges, he faces a maximum penalty of 22 years in prison and a fine of $250,000.
New analysis of the 2020 vulnerability and threat landscape has found that the total number of Common Vulnerabilities and Exposures (CVEs) reported last year was 6% higher than the total reported in 2019.
While the increase between 2019 and 2020 may seem slight, the team found that from 2015 to 2020, the number of CVEs reported rose 183%, from 6,487 to 18,358.
"For the last three years, we have seen over 16,000 CVEs reported annually—reflecting a new normal for vulnerability disclosures," noted researchers.
Among the 2020 vulnerabilities disclosed were 29 Tenable identified as net-new zero-day vulnerabilities. Of the 29 vulnerabilities, over 35% were browser-related vulnerabilities, while nearly 29% were within operating systems. Font libraries were also popular, accounting for nearly 15% of zero-day vulnerabilities.
Reviewing at which points in the year critical CVEs were reported, researchers uncovered what they termed a "CVE Season" that coincided with summertime.
"Summer 2020—from June to August—was particularly unique for both the sheer volume and number of critical CVE disclosures," noted researchers. "547 flaws were disclosed in the summer months, including major disclosures in F5, Palo Alto Networks, PulseSecure, vBulletin and more."
An analysis of the CVE data for breach trends found that from January through October 2020, 730 publicly disclosed events resulted in the exposure of over 22 billion records. Of the industries impacted by breaches, healthcare and education made up the largest share, accounting for 25% and 13% of the breaches.
Government and the technology industry were also popular targets, accounting for 12.5% and 15.5% of the breaches respectively.
Ransomware was found to be the most popular attack vector in 2020, being cited in 259 incidents. Email compromise was the cause of 105 breaches, while unsecured data led to 83 security incidents. For 179 data breaches, the root cause was unknown.
The coronavirus pandemic was used time and again by cyber-attackers to lure their victims. By the first two weeks of April, 41% of organizations had experienced at least one business-impacting cyber-attack resulting from COVID-19 malware or phishing schemes.
A preliminary settlement agreement regarding a data breach that impacted customers of Iowa-based grocery store chain Hy-Vee has been proposed.
Hy-Vee launched an investigation after detecting unauthorized activity on some of its payment processing systems on July 29, 2019.
The investigation found that malware designed to access and steal payment card data from cards used on point-of-sale (POS) devices had been installed at certain Hy-Vee fuel pumps and drive-thru coffee shops.
Restaurants were also impacted, including Hy-Vee Market Grilles, Hy-Vee Market Grille Expresses, and the Wahlburgers locations that Hy-Vee owns and operates, as well as the cafeteria at the chain's West Des Moines corporate office.
According to a statement released by Hy-Vee in October 2019, the specific timeframes when data from cards used at these locations may have been accessed varies by location. However, the company said that in general, fuel pumps were impacted from December 14, 2018, to July 29, 2019, whereas restaurants and drive-thru coffee shops were affected beginning January 15, 2019, to July 29, 2019.
"There are six locations where access to card data may have started as early as November 9, 2018, and one location where access to card data may have continued through August 2, 2019," stated the company.
Hy-Vee concerns in Iowa, Illinois, Kansas, Missouri, Montana, Nebraska, South Dakota, and Wisconsin were impacted by the breach. Data stolen in the prolonged attack included customer names, credit and debit card numbers, card expiration dates, and verification codes.
In October and November 2019, lawsuits were filed over the breach by several customers in Illinois, Missouri, and Wisconsin whose data had been compromised. These customers later teamed up to file a class-action complaint against Hy-Vee at the end of November 2019.
On January 12, a settlement agreement was proposed that would allow those affected by the breach to submit reimbursement claims for a maximum of $225. The plaintiffs who are named in the suit are earmarked to receive an additional $2,000 "incentive award."
Under the proposal, customers who faced "extraordinary expenses" because of the data breach, such as hefty, unreimbursed fraudulent charges, may claim up to $5,000.
Global IT innovator NTT DATA and payments technology provider Conferma Pay have announced a partnership to bring secure, digital virtual payment communications to hotels.
The news comes at a time when more and more companies are seeking to implement contact-free payment processes to help reduce the spread of COVID-19 whilst also bolstering payment security and safety.
NTT DATA and Conferma Pay said they have combined to ensure virtual payments reach hotels securely in a digital manner, removing the reliance on traditional paper-based methods such as faxing.
Reception desks will be directed to a digital billing portal when confirming rooms booked with virtual payments, automating the virtual card delivery, removing the need for manual offline chargebacks, eliminating card exposure and tightening payment security.
Furthermore, hotel staff will no longer manually process payments or key card numbers into their merchant terminals. The check-in and check-out process is streamlined with a simplified, touchless experience.
Akihiro Ishizuka, head of global payments and services division at NTT DATA, said: “Payment innovation has accelerated like never before, creating the opportunity for a more efficient and highly secure virtual payment model. Partnering with Conferma Pay is a step forward in our commitment to provide travelers with a frictionless payment experience during check-in. This new integration will streamline the process considerably by reducing manual rekeying of payment data.”
Kelly Cleeton, senior director, global business development at Conferma Pay, added: “The solution we developed with the help of NTT DATA provides another layer of security and enhances the payment experience for our partner travel management companies and their clients.”
Controversial connected device company Ring has added video end-to-end encryption (E2EE) to some of its products in a bid to boost user privacy and security.
The Amazon-owned maker of smart doorbells first flagged the move last autumn, but will begin the roll-out this week as part of a “technical preview.
“By default, Ring already encrypts videos when they are uploaded to the cloud (in transit) and stored on Ring’s servers (at rest),” the firm explained in a blog post yesterday.
“With end-to-end encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer’s enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device.”
That will go some way to assuaging customer concerns over who is viewing the videos shot by their doorbell camera.
Around a year ago, four Ring employees were fired after violating company policy when they were caught watching users’ videos.
“Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions,” Amazon said at the time.
Privacy concerns have also been raised over Ring’s decision to partner with hundreds of police forces across the US — although law enforcers have to request access to users’ videos within a certain time frame and geographic area.
The new E2EE feature will be available on the: Ring Video Doorbell Pro, Ring Video Doorbell Elite, Ring Floodlight Cam, Ring Spotlight Cam Wired, Stick Up Cam Plug In, Stick Up Cam Elite and Indoor Cam.
The move follows a roll-out of two-factor authentication (2FA) to all users in early 2020, to help mitigate the risk of strangers hijacking users’ cameras.
Last month, a new legal case was formed by joining together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them. They’re arguing, among other things, that Ring should have mandated 2FA and the use of strong passwords out-of-the-box.
Brad Smith, president of Microsoft, warned of the increasing cyber-threats to society as technology plays a more powerful role in our lives during his keynote address at the Consumer Electronics Show (CES) 2021.
While he outlined the potentially enormous benefits advancements in technologies offer, including in areas like sustainability, the cyber-threats being faced are correspondingly becoming increasingly concerning. “As computers create all this promise, there are new perils arising as well,” he commented.
Smith discussed the time when cybersecurity first really came into consciousness at a governmental level. This was in 1983 when the then US President Ronald Regan watched the movie WarGames, which involved a hacker almost starting World War III after gaining access to a US military supercomputer. Amid concern that a similar scenario could happen in real life, first national security computer directive was created.
Such a proactive approach needs to be taken now, according to Smith: “It’s a powerful reminder that we constantly need to keep learning, we constantly need to keep imagining what comes next.”
The past year has underlined the huge dangers that critical infrastructure and services now face from cyber-attacks. In particular, the SolarWinds attacks towards the end of last year, allegedly conducted by Russian state-backed actors, is something of a game-changer in the view of Smith, and action is required. “This wasn’t a case of one nation simply trying to spy on or hack its way into a computer network of another. It was a mass, indiscriminate assault on the technology supply chain that all of us are responsible for protecting,” he explained.
Therefore, it is critical that a set of international rules and norms are put in place to show what is and isn’t acceptable in the cyber-sphere just as there is for conventional warfare. Smith believes the cybersecurity industry has a key role to play in the development of this. “We need to come together as an industry and use our collective ways to say to every government around the world that this kind of supply chain disruption is not something that any government or any company should be allowed to pursue,” he said.
Smith also said that the SolarWinds incident highlights that everyone needs to work together much more closely going forward to detect threats such as this early, especially in the area of data sharing. He noted that it was a “powerful reminder that threat intelligence and data, about cyber-attacks, really exists in so many silos today,” adding that it is “clear that the only way to protect the future is to understand the threats of the present and that requires us to share data in new ways.”
Smith went on to warn of the dangers of getting too carried away with artificial intelligence (AI) technology, and “surrendering control” of computers, something that was a big theme in WarGames. While AI has the potential to deliver great things, “we have to think about the new guardrails we need to create so that humanity remains in control of our technology.”
Examples include facial recognition technology and machine learning tools, which can offer much more convenience to people, but also threaten fundamental rights such as privacy and even lead to bias and discrimination.
Smith concluded on a positive note, stating that such challenges can be addressed through global collaboration. “If we come together and do work well, it can be a road that leads to a brighter future,” he added.
A US cybersecurity agency is urging organizations to improve their cyber-hygiene after warning of multiple successful attacks targeting cloud services used by remote workers.
The Cybersecurity and Infrastructure Security Agency (CISA) revealed in a report yesterday that attackers are increasingly targeting corporate and personal laptops with phishing, brute force login attempts and possibly a “pass-the-cookie” attack to access cloud accounts.
Although these attacks were not tied back to a single threat actor, they shared many of the same tactics.
Some attackers spoofed file hosting services and other legitimate vendors in phishing emails to harvest log-ins, before using these hijacked accounts to phish others in the organization.
In some attacks, account hijackers modified forwarding and keyword search rules. This is often done by BEC attackers looking to monitor email conversations with suppliers, and to hide phishing warnings.
In one example, a VPN server was configured with port 80 open for remote worker access, so cyber-criminals targeted it with brute force log-in attempts.
Although multi-factor authentication (MFA) thwarted some attempts to brute force accounts, in one case threat actors are believed to have used browser cookies to defeat MFA with a “pass-the-cookie” attack.
CISA was at pains to point out that none of this activity is related to the recent SolarWinds supply chain attack believed to have been carried out by sophisticated Russian state actors.
However, these attacks have certainly become widespread enough to warrant intervention by the agency.
It offered a long list of recommendations for organizations to improve their cyber-hygiene and strengthen cloud security practices.
Alongside conditional access (CA) policies, MFA, restrictions on email forwarding, user training, secure privileged access and zero trust, CISA argued that remote employees should not use personal devices for work. At the very least, mobile device management tools should be used to mitigate risk, it said.
The European Medicines Agency (EMA) has confirmed that cyber-criminals who raided the organization in December have leaked some of those documents online.
In a brief statement on Tuesday, it noted that the docs “related to COVID-19 medicines and vaccines belonging to third parties.
“The agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorized access,” it added.
“The agency and the European medicines regulatory network remain fully functional and timelines related to the evaluation and approval of COVID-19 medicines and vaccines are not affected.”
Although the EMA has been tight-lipped on exactly what had been taken, BioNTech revealed back in December that documents related to the vaccine it and Pfizer developed were part of the haul.
It’s unclear whether any other data, such as that related to the Oxford/AstraZeneca vaccine, was stolen by the attackers. As Europe’s medical regulator, the EMA will need access to sensitive IP on all of the COVID-19 vaccines and medicines currently being slated for use within the EU.
At the end of December, the EMA clarified that the attack was limited to one application, although other details remain scarce while the investigation is still ongoing.
It’s also unclear whether the data is up for sale or it has simply been published for anyone to access, which could be a clue as to whether the attack was the work of nation state attackers, financially motivated cyber-criminals or hacktivists.
IP related to COVID-19 vaccines IP developed in the West has been targeted by nation state operatives from China, Russia and North Korea for much of 2020.
In October, an Indian pharmaceutical firm making Russia’s Sputnik-V vaccine was also forced to shut several facilities after an unspecified incident.
The first independent ethics officer to be appointed by the Florida city of Tallahassee has been arrested on cyber-stalking charges.
Julie Meadows-Keefe is accused of stalking former city auditor Bert Fletcher, with whom she had an on-off romantic relationship both during and after the time when they both worked for Tallahassee.
The State Attorney's Office charged 51-year-old Meadows-Keefe with the first-degree misdemeanor on January 11. After appearing before Leon County Judge Augustus D. Aikens Jr. yesterday, Meadows-Keefe was released on pretrial conditions that prohibit her from having contact with Fletcher or any of his family members.
The judge further barred Meadows-Keefe from using electronic devices with internet access except for the purposes of work, banking, conducting attorney business, and paying bills.
Meadows-Keefe was hired by Fletcher and former city attorney Lew Shelley in 2014 to train city elected officials and employees on ethics.
Fletcher and Meadows-Keefe, whose City Hall offices were adjacent, began a romantic relationship while both were still married. Fletcher continued the relationship with Meadows-Keefe after divorcing from his wife and retiring from the city in 2017, but the relationship broke down in 2018.
Meadows-Keefe, who now works for a local law firm, was arrested Monday after allegedly making threats of physical violence against Fletcher. The probable cause affidavit alleges that Meadows-Keefe harassed the victim repeatedly starting December 21, 2020, with hundreds of phone calls, emails, and text messages.
Fletcher said that he had been receiving nuisance phone calls from an "unknown" number he believes belongs to Meadows-Keefe throughout 2019 and 2020, despite changing his number at the end of 2019.
The pair rekindled their relationship in late September 2020 after Fletcher answered one of the calls and it turned out to be from Meadows-Keefe. The former ethics officer divorced her husband the following month.
Fletcher ended the relationship in December. Meadows-Keefe confirmed to a State Attorney's Office investigator that she had been calling Fletcher but said that he had not asked her to stop doing so.
Meadows-Keefe recently settled a lawsuit against Tallahassee in which she claimed that she was retaliated against and forced to leave her position early after using public funds to join the Tiger Bay Club.
The owner of a Bulgarian bitcoin exchange has been sentenced to prison in the United States for his involvement in a transnational multimillion-dollar online auction fraud scheme that conned over 900 Americans out of more than $7m.
After a two-week trial in September 2020, a federal jury in Kentucky found Rossen G. Iossifov guilty of one count of conspiracy to commit racketeering and one count of conspiracy to commit money laundering. On January 12, US District Court Judge Robert E. Weir sentenced 53-year-old Bulgarian native Iossifov to 121 months in prison.
Iossifov owned and managed RG Coins, a cryptocurrency exchange headquartered in Bulgaria's capital city, Sofia. According to trial evidence, Iossifov knowingly and intentionally engaged in business practices designed to both assist fraudsters in laundering the proceeds of their fraud and to protect himself from any criminal liability.
At least five of Iossifov’s principal clients were Romanian scammers, who belonged to a criminal enterprise referred to in court records as the Alexandria (Romania) Online Auction Fraud (AOAF) Network.
These scammers defrauded hundreds of individuals by posting false advertisements to popular online auction and sales websites, including Craigslist and eBay, for high-cost goods (typically vehicles) that did not actually exist.
"Once victims were convinced to send payment, the conspiracy engaged in a complicated money laundering scheme wherein domestic associates would accept victim funds, convert these funds to cryptocurrency, and transfer proceeds in the form of cryptocurrency to foreign-based money launderers," said the Department of Justice.
"Iossifov was one such foreign-based money launderer who facilitated this final step in the scheme."
Iossifov allowed his criminal clients to complete cryptocurrency exchanges for cash without asking for any identification or documentation to show the source of funds. He also gave members of the AOAF Network special treatment by providing them with more favorable exchange rates than he offered to his other customers.
An investigation by law enforcement found that Iossifov laundered nearly $5m in cryptocurrency for four of the five scammers in fewer than three years. In return, the bitcoin exchange owner made over $184,000.
Iossifov is one of 17 members of AOAF who have been convicted for their role in this scheme so far.
Gaming company Capcom has discovered that the number of customers whose data may have been compromised following a recent cyber-attack is much higher than previously thought.
The Osaka-headquartered company became the victim of a ransomware attack in the beginning of November last year.
On November 16, Capcom announced that it had verified that the personal information of 9 people had been compromised in this attack. A further 350,000 individuals were confirmed to be at risk of data compromise, including 134,000 customers who used the video game support help desk in Japan; 14,000 Capcom Store members in North America; 4,000 Esports website members in North America; 40,000 shareholders; 153,000 former employees, their families, and applicants; and 14,000 employees “and related parties” taken from HR.
In a third update to its ongoing investigation, issued on January 12, the company has now confirmed that the personal data of an additional 16,406 people had been exposed to cyber-criminals. Among the information exposed was names, addresses, phone numbers, email addresses of business partners, employees, and former employers, along with sales reports and game development documents.
Capcom added that the data of tens of thousands of additional individuals may have been exposed. The developer of Resident Evil stated that "the company has also ascertained that the potential maximum number of customers, business partners and other external parties etc., whose personal information may have been compromised in the attack is approximately 390,000 people (an increase of approximately 40,000 people from the previous report)."
None of the at-risk data was found to contain credit card information. Capcom said it does not maintain such information internally as the company's online transactions are handled by a third-party service provider.
Capcom added: "Additionally, the areas that were impacted in this attack are unrelated to those systems used when connecting to the internet to play or purchase the company's games online, which have continued to utilize either an external third-party server or an external server."
The company offered its sincerest apologies for any complications and concerns that this latest update may bring to its potentially impacted customers as well as to its many stakeholders.