Cyber Risk News

Websites Continue to Collect PII Data Insecurely

Info Security - Thu, 05/09/2019 - 11:01
Websites Continue to Collect PII Data Insecurely

Websites are still collecting personally identifiable information (PII) without decent web security, including using the HTTP protocol, collecting in clear text and on websites with expired or misconfigured certificates.

According to the research by RiskIQ across 48,949 active financial services organization websites, of 4512 sites capturing PII through data entry points accessible by site visitors, 11.5% of these sites (522 sites) are capturing PII insecurely.

While this is down from the 27% of sites identified a year ago, this equates to an average of 52 sites per organization which are collecting names, addresses and dates of birth.

In an email to Infosecurity, Mishcon de Reya data protection advisor Jon Baines said that the results indicate that despite a slight increase in security compliance since GDPR became applicable, there remain worrying gaps, particularly in some of the sectors which the public should reasonably expect to have most confidence in.

“The results certainly point to failures to comply with the security principle of GDPR, the extent to which these are serious failings, of the kind which might warrant regulatory action, will depend on the individual facts of the cases,” he said.

“It would be interesting to know if the organizations are even aware, and if they are, whether any will report these breaches (as arguably they should) to the Information Commissioner’s Office.”

RiskIQ said that of 3940 public websites with a login page, 442 of these sites (11%) capture login information insecurely.

“This research shows that organizations are continuing to make progress in ensuring that personal data entered online is collected in a secure manner,” said Fabian Libeau, VP EMEA at RiskIQ.

“However, that we still see instances serves to highlight that there is more to be done. Most organizations are continuing to expand their web presence and it's vitally important that they maintain a complete inventory of those sites and the PII collecting pages they contain.”

Jonathan Armstrong, partner at Cordery, said that there is a wide definition of what “personal data” is.

He argued that the issue here isn’t just that companies are collecting the data when they likely don’t need it – although this is problematical – it is that they’re not securing it in transit and once they have it. “This double whammy is likely to put any of these organizations into more trouble with a data protection regulator – especially if they’re also not being transparent about what they are collecting, why they are doing with it and how they’re keeping it safe,” he added.

“Website users have higher demands than they did even a year ago and the level of complaints is up right across the EU. Any organization which isn’t addressing this as an issue is likely just storing up problems.”

Categories: Cyber Risk News

(ISC)2 Announces Information Security Leadership Award Winners

Info Security - Thu, 05/09/2019 - 09:30
(ISC)2 Announces Information Security Leadership Award Winners

The winners of the EMEA Information Security Leadership Awards have been announced by (ISC)2. Celebrating the accomplishments of cybersecurity professionals across both the private and public sectors who inspire change within the field of cybersecurity throughout the EMEA region, the awards are judged by a committee of (ISC)2 members and senior personnel. Winners were selected from specific criteria and eligibility requirements.

The winners were announced as follows:

James Packer - Senior Information Security Professional
Project/Initiative: Setting up and leading the Security Operations team for KPMG, as well as creating and serving as president of the (ISC)2 London Chapter.

Chani Simms - Woman Information Security Professional 
Project/Initiative: Founding the SHe CISO Exec. Initiative, along with leading and helping to coordinate a team of professionals to deliver the pilot boot camp in Sri Lanka with a focus on offering 100% scholarships to individuals entering the cybersecurity sector for the first time.

David Emyr Thomas - Information Security Practitioner
Project/Initiative: Being the cybersecurity lead on a number of UK and European Connected and Autonomous Vehicles projects, and working with senior stakeholders in three other major UK government departments.

Chrissy Morgan - Up-and-Coming Information Security Professional
Project/Initiative: Being an IT security operations professional by day and a security researcher by night.

“Receiving an ISLA EMEA award is an important badge of recognition within the cybersecurity sector. We’re pleased to be able to honor the contributions of these leaders in our industry, both within the (ISC)2 membership as well as the wider IT and business world,” said Deshini Newman, managing director for EMEA, (ISC)2.

“The winners in the four categories exemplify the professionalism and pursuit of excellence that can inspire others to innovate. We were honored to recognize their achievements in front of their peers and congratulate them at our annual Secure Summit event.”

Categories: Cyber Risk News

#Belfast2019: Cybersec Industry to Generate £70m+ in Salaries in Northern Ireland

Info Security - Thu, 05/09/2019 - 08:27
#Belfast2019: Cybersec Industry to Generate £70m+ in Salaries in Northern Ireland

At the eighth World Cyber Security Technology Research Summit in Belfast, it was announced that the cybersecurity industry is on course to generate more than £70m in salaries in Northern Ireland each year. It was also estimated that the cybersecurity industry employs almost 1700 people in Northern Ireland.

The Summit, hosted by the Centre for Secure Information Technologies’ (CSIT), saw industry leaders, start-ups, SMEs, government policy makers and researchers from around the world come together to discuss and explore some of the current key topics in the information security landscape.

Professor Maire O’Neill, Queen’s University, said: “This is an extremely exciting time for cybersecurity in Northern Ireland but also for the sector globally.

“There are significant economic benefits for the local economy, with estimated salaries now at around £70m each year.”

In October 2018, research from Acumin Consulting found that salaries for cybersecurity professionals rose by 6% in one year, double the national average of 2.9%.

Speaking at the Summit, Professor O’Neill also announced that CSIT research has been recognized by the international Journal of Information Security and Applications. The research, which looked at the safety and security analysis for cyber-physical systems, has been awarded the globally prestigious Dr KW Wong Annual Best Paper Award for its originality and impact.

“At CSIT, our researchers are leading cutting-edge research in cybersecurity,” Professor O’Neil added. “We are also developing the next generation of industry leaders to meet the huge demand from industry for cybersecurity professionals.”

Categories: Cyber Risk News

Orange Gains SecureLink, Advances Cyber Offerings

Info Security - Wed, 05/08/2019 - 15:43
Orange Gains SecureLink, Advances Cyber Offerings

After its acquisition of SecureData earlier this year, Orange has announced another agreement it has signed to acquire SecureLink, a transaction that will advance Orange’s position in the EU’s cybersecurity industry, according to a May 7 press release.

The deal will afford Orange a position of leadership in Europe’s cybersecurity scene as SecureLink already has on-the-ground presence in eight European countries – including Sweden, Belgium, the Netherlands, the UK, Germany, Denmark and Norway – which represents 75% of the market.

Subject to customary closing conditions, the deal, which is estimated at €515m enterprise value, is expected to close by the end of the second or third quarter of 2019. According to the agreement, SecureLink’s leadership team will join Orange’s global leadership team and aid in developing a model for integrating the combined organizations.

“I am looking forward to building the integrated organisation with Michel [van den Berghe, CEO of Orange Cyberdefense], Thomas Fetten and all the teams,” said Hugues Foulon, executive director of cybersecurity at Orange.  

“Cybersecurity is a growing priority for companies of all sizes, and we believe the two most important success factors are scale and proximity. Scale because today's threats are global, complex, and require matching protection capabilities. Proximity because in the global IT world, you want a trusted local partner to secure your most strategic assets. With the acquisition of SecureData and SecureLink, Orange has the highest scale to anticipate and fend off attacks, as well as local defense teams in all the main European markets, positioning the combined organisation as the go-to defense specialist.”

Fetten noted that the two companies compliment each other quite well and share a common vision for the future of the cybersecurity industry. “We have been very impressed by the ambition and successful development of Orange Cyberdefense over the past few years and are very excited to build a pan-European leader of cybersecurity together. The combined organization will be in a phenomenal position to address the needs of our customers, partners and employees.”

Categories: Cyber Risk News

Hackers Steal 7K BTC from Binance Cryptocurrency

Info Security - Wed, 05/08/2019 - 14:46
Hackers Steal 7K BTC from Binance Cryptocurrency

After obtaining user API keys and two-factor authentication codes, hackers reportedly stole 7,000 Bitcoin in a Binance security breach.

A statement released by Binance said, “The hackers used a variety of techniques, including phishing, viruses and other attacks. We are still concluding all possible methods used. There may also be additional affected accounts that have not been identified yet.”

According to the statement, only a single transaction was impacted. “The hackers were able to withdraw 7,000 BTC in this one transaction. It impacted our BTC hot wallet only (which contained about 2% of our total BTC holdings). All of our other wallets are secure and unharmed.” Coindesk reported the total value of stolen Bitcoin was approximately $41 million.

After news of the hack broke, Bitcoin’s price dropped by approximately 4.2% in early Asian trading, Reuters reported.

Binance said that it will be conducting a thorough security review, which will include all parts of its sizable systems. The cryptocurrency exchange estimates this review will take a week, during which time all deposits and withdrawals will need to be suspended. Trading will still be enabled, according to the statement.

“Technical details of the breach still remain obscure, and it would be premature to make any conclusions at this point of time,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.

“Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyber-attacks. In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.

“To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS. Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”

Categories: Cyber Risk News

Baltimore Severs Down After Ransomware Attack

Info Security - Wed, 05/08/2019 - 14:23
Baltimore Severs Down After Ransomware Attack

Another city has become the victim of a ransomware attack, as government officials in Baltimore have revealed that the city hall computer networks have been infected, according to CBS Baltimore.

Experts have identified the ransomware used in this case as the RobbinHood variant, about which there is little information given that it is relatively new. RobbinHood was also identified as the ransomware used last month in an attack on Greenville, North Carolina.

Though it has been reported that no personal data has been compromised at this time, Mayor Jack Young reportedly released a statement confirming the attack.

“Baltimore City core essential services (police, fire, EMS and 311) are still operational but it has been determined that the city’s network has been infected with a ransomware virus. City employees are working diligently to determine the source and extent of the infection. At this time, we have seen no evidence that any personal data has left the system. Out of an abundance of precaution, the city has shut down the majority of its servers. We will provide updates as information becomes available.”

A series of tweets put out by the Baltimore Department of Public Works began by assuring citizens, “We are not ignoring you. Email service is down. Techs are working on the problem now.

“The email outage has also taken down phone lines to Customer Support and Services, so for now we're unable to take calls to discuss water billing issues. Sorry for the inconvenience.”

Baltimore's city council president, Brandon M. Scott, tweeted that the majority of the city’s servers have been shut down as a precaution.

This attack is the second one Baltimore has suffered in the past year, according to the Baltimore Sun, which reported that last year’s attack shut down automated dispatches for both 911 and 311 calls.

“Local governmental organizations are not known for their speed or for having large IT security budgets. If you’re a hacker who's had a successful attack in the past, why not attack the same target? The defenses will likely have not changed,” said John Gunn, CMO, OneSpan.

Categories: Cyber Risk News

Holiday Scammers Made £7m in 2018

Info Security - Wed, 05/08/2019 - 10:50
Holiday Scammers Made £7m in 2018

British holidaymakers have been urged to stay alert online after it was revealed that fraudsters stole £7m from unwitting travelers in 2018.

Over 5000 people reported travel-related scams totaling just over £7m to the UK’s Action Fraud service last year, an increase on the previous 12 months, when 4382 victims reported losing £6.7m.

The average amount lost was £1380 per person, with over half of the reported crimes (53%) related to airline ticketing fraud. The largest single loss was a massive £425,000.

Fraud linked to accommodation rentals came next, accounting for a quarter (25%) of scams reported to Action Fraud. Spain and France are particularly popular for fraudsters, with convincing-looking websites often offering luxury villas for rent without the owner’s consent.

The findings are part of an awareness-raising campaign by travel association ABTA, Action Fraud and the government-backed Get Safe Online, designed to warn holidaymakers about possible scams ahead of the busy summer season.

“The cost to victims is not just financial; this crime causes very real emotional distress. Fraudsters are using increasingly sophisticated methods to target destinations and times of year when demand is high and availability limited, as they know people will be looking for good deals,” explained ABTA CEO Mark Tanzer.

“As victims often find out just before they travel or even in resort that they have been defrauded, it can then be very difficult and expensive to obtain a legitimate replacement booking compounding the financial costs and emotional distress suffered by victims.”

The report also warned of scams targeting pilgrims to religious sites such as the Haj, where average losses totaled £10,000.

Get Safe Online CEO, Tony Neate, urged consumers to do their research thoroughly before booking, including reading user reviews and conducting online searches for the company in question.

“Look out for companies that are members of professional bodies such as ABTA and be wary of paying a private individual by bank transfer, even if you are offered a discounted rate,” he added.

“Paying by credit card will offer you much more protection from fraud. Finally, trust your instincts, don’t get rushed into making impulsive decisions if something doesn’t feel quite right.”

Categories: Cyber Risk News

Canadian Telco Exposes Unencrypted Card Details

Info Security - Wed, 05/08/2019 - 09:58
Canadian Telco Exposes Unencrypted Card Details

Canadian telco giant Freedom Mobile has become the latest big-name brand whose security has been found wanting after researchers discovered an unprotected database exposing over five million customer records.

A research team at vpnMentor claimed to have discovered the Elasticsearch database online on April 17. It was left online with no password protection and none of the data was encrypted.

Although the firm finally took action to address the issue a week later, the type of data left exposed to the public internet rang alarm bells with the researchers.

It included email and home address, home and mobile phone numbers and dates of birth, but also unencrypted credit card and CVV numbers alongside credit score responses from Equifax and others.

This could have provided cyber-criminals with a valuable trove of information with which to carry out a range of identity fraud.

“An unencrypted database of personalized information is a valuable resource for hackers. Access to addresses, email addresses, phone numbers, and credit data can help malicious actors execute sophisticated phishing schemes,” vpnMentor wrote in a blog post.

“Credit information also allows for highly targeted ransomware attacks, as bad actors know where they can demand high prices. Even the most careful user can’t defend itself against a company that saves their data on an unsecured database. The best way we found is to use a temporary card, account, or CVV number connected to your account.”

The firm also questioned whether Freedom Mobile may have been in breach of its PCI DSS obligations by failing to store the card details in an encrypted format.

Despite vpnMentor’s claims that the number of users affected could be as high as 1.5 million, the telco claimed the data was related to just 15,000 customers. This included some of those who opened or made changes to their accounts from March 25 to April 16.

It blamed third-party provider Apptium for the misconfiguration snafu.

Categories: Cyber Risk News

C-Suite Under Attack as Money and Data Drive Breaches

Info Security - Wed, 05/08/2019 - 09:05
C-Suite Under Attack as Money and Data Drive Breaches

State-sponsored attacks, cloud storage misconfiguration, ransomware and social threats targeting the C-suite all posed major risks to global organizations over the past 12 months, according to Verizon.

The vendor’s newly released Data Breach Investigations Report 2019 comprises analysis of over 40,000 security incidents and more than 2000 reported data breaches across 180 countries, including FBI data new to this year’s study.

It found that the vast majority (71%) of breaches are still financially motivated, although espionage accounted for a quarter (25%). Many of the latter cases will be down to nation state attacks (23%).

Senior executives were highlighted as a particular security risk in this year’s report, as 12-times more likely to be the victim of a “social incident” and nine-times more likely to be targeted by a social breach than in previous years.

According to Verizon, an incident is “any compromise of confidentiality, integrity, or availability of an information asset,” while a breach is “an incident that results in the confirmed disclosure of data to an unauthorized party.”

Senior leaders are a risk because they often have less time to scrutinize emails for tell-tale signs of a scam, or simply get their assistants to deal with electronic communications. Yet for the attacker, they represent a valuable target, given their privileged account access and approval authority over things like corporate money transfers.

The latter is linked to BEC attacks, which often involve compromising a C-level exec’s account first, before emailing a member of the finance team requesting a large wire transfer. According to the report, BEC accounted for 370 incidents or 248 confirmed breaches of those analyzed.

“A BEC can be an incident, as it compromises the integrity of people making decisions about transferring money, and also a breach, [if] it compromises the login and password to an organizational email account,” Verizon senior information security data scientist, Gabe Bassett, clarified to Infosecurity.

It’s not all about social threats: attackers are also increasingly using stolen credentials to hijack cloud email accounts. In fact, 29% of breaches involved stolen log-ins, reflecting the rise in credential stuffing activity.

Elsewhere, the report revealed that ransomware continues to be a major threat to organizations — accounting for a quarter (24%) of all malware incidents analyzed and ranking second in terms of most-used malware.

However, the threat from cryptojacking has significantly reduced, accounting for just 2% of incidents and not even making it in the top 10 for most-used malware.

Organizations are still doing badly at discovering attacks. In over half (56%) of breach incidents it took “months or longer” before IT teams spotted suspicious activity.

Cloud-based file storage ‘breaches’ exposed at least 60 million records analyzed, accounting for 21% of breaches caused by errors, according to the report.

Categories: Cyber Risk News

Major Uptick in IoT-Related Breaches and Attacks

Info Security - Tue, 05/07/2019 - 17:06
Major Uptick in IoT-Related Breaches and Attacks

Researchers have identified a significant uptick in breaches and attacks related to the internet of things (IoT), according to a new Ponemon Institute report, The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know.

Released today by the Santa Fe Group, the study yielded 35 key findings on IoT risks stemming from a lack of security in IoT devices. Ponemon Institute identified a sizable increase in the number of organizations reporting an IoT-related data breach. In 2017, only 15% of survey participants had suffered an IoT-related data breach. That number jumped to 26% in this year’s report, which surveyed 625 risk management and governance experts.

“The actual number may be greater as most organizations are not aware of every unsecure IoT device or application in their environment or from third party vendors,” the report said. In fact, the study found that more IoT security issues are being reported at the third-party level.

Over the last year, 23% of respondents said they experienced a cyber-attack and 18% said they had a data breach caused by unsecured IoT devices among third-party vendors. Even those who have yet to identify a breach feel certain that the future of IoT will be weighed down by risk.

When asked whether it is likely that their organizations will experience a cyber-attack such as a denial-of-service (DoS) attack caused by unsecured IoT devices or applications in the next 24 months, 87% of respondents said yes, according to the report.

Respondents tended to have similar perceptions about risks from the wider IoT partner ecosystems, with 81% expecting a DoS attack and 82% anticipating a data breach caused by a lack of security in the devices or applications of their third parties.

Despite these perceptions, the study found that only 9% of respondents said their companies have education policies to inform employees about IoT third-party risks and nearly a third (32%) do not have a designated person in their department or organizations who is responsible for managing IoT risks.

Categories: Cyber Risk News

Russia Uses Social Media to Sway Public Opinion

Info Security - Tue, 05/07/2019 - 17:00
Russia Uses Social Media to Sway Public Opinion

Russia is continuing its efforts to meddle in elections around the globe and is currently working on spreading misinformation via social media ahead of the EU parliamentary elections at the end of May, according to new data from SafeGuard Cyber.

Malicious actors – defined in the report as individuals, bots, trolls and hybrids – are exacerbating what are already contentious issues to try and influence the public’s perception of events, according to the report.

SafeGuard Cyber’s report evidences the volume of misinformation that is directed at EU member states in an effort to foment social unrest around hot-button issues, such as an article that looks at the future of France, written by French president Emanuel Macron.

The day after Macron published the piece, bad actor activity increased 79%, primarily to promote or share content attempting to discredit Macron's ideas and shape public perception, according to today’s press release.

“Influence operations can appear difficult to discern because the content moving through conversations takes many forms and appears scattershot as any topic on social media. However, chasing any and every topic would actually dilute misinformation efforts, because campaign managers are aiming to achieve a certain 'critical mass' of messaging in order to exert any influence on the average citizen,” the report said.  

"The scale of the problem is tremendous. The rise of disinformation campaigns is abetted by the fact that it is incredibly difficult to stop their spread on social platforms," said Otavio Freire, co-founder, CTO and president of SafeGuard Cyber.

"Bad actors realize that hacking election infrastructure and hacking the perception of reality and facts are ultimately tactics to accomplish similar outcomes. The former you need to get past firewalls while the latter continues to be unprotected. Our report reinforces the need for a new approach to security, as today's bad actors are not at all hindered by the cybersecurity tactics of yesterday."

In related news, Microsoft CEO Satya Nadella announced on May 6 that it released ElectionGuard, a free, open-source software development kit (SDK) from its Defending Democracy Program, according to a blog post. “ElectionGuard will make voting secure, more accessible and more efficient anywhere it’s used in the United States or in democratic nations around the world.”

Categories: Cyber Risk News

Proofpoint Acquires Meta Networks for Nearly $120m

Info Security - Tue, 05/07/2019 - 16:56
Proofpoint Acquires Meta Networks for Nearly $120m

In a move expected to augment its cloud-based architecture and people-centric security platform, Proofpoint announced that it has entered into a definitive agreement to acquire zero trust network access innovator, Meta Networks.

Subject to customary closing conditions, the deal is expected to close at the end of Q2 2019. The acquisition will allow Proofpoint to improve its existing capabilities by integrating Meta Networks’ technology into its cloud access security broker (CASB) and web isolation products.

“Protecting people and resources beyond the traditional perimeter is perhaps the most critical security requirement in the cloud era,” said Etay Bogner, founder and CEO of Meta Networks.

“Together with Proofpoint, we will continue to realize a security vision that adapts to the way both threats and infrastructure are moving: to the cloud. Proofpoint is at the forefront of this transformation and we are very excited to become a part of an incredible team.”

At approximately $111 million in cash and an additional $9 million in Proofpoint stock options, the purchase will enable customers to protect the applications and data their people access beyond the traditional perimeter, according to the press release.

“As cyber attacks primarily target people, and organizations continue to move their infrastructure to the cloud, the compromise of a single user all too often leads to a full enterprise breach. Limiting employee and contractor access to only authorized resources, rather than the entire corporate network, is a critical control in a people-centric security model,” said Proofpoint CEO Gary Steele in the release.

“By combining Meta Networks’ innovative zero trust network access technology with our people-centric security capabilities, Proofpoint will make it far simpler for enterprises to precisely control employee and contractor access to on-premises, cloud and consumer applications. We are thrilled to welcome Meta Networks employees to the Proofpoint team.”

Categories: Cyber Risk News

New Magecart Group Targets 201 Campus E-Stores

Info Security - Tue, 05/07/2019 - 10:45
New Magecart Group Targets 201 Campus E-Stores

A cybercrime group has been spotted using infamous digital skimming code techniques to infect 201 online campus stores in the US and Canada in a supply chain attack.

The gang targeted PrismWeb, an e-commerce platform owned by PrismRBS which is used by the sites, according to Trend Micro.

Dubbed “Mirrorthief” by the security vendor, it injected a malicious script into the payment checkout libraries used by PrismWeb.

They made it appear similar to a legitimate Google Analytics script, and registered their malicious domain to also mimic the Google one in order to evade detection.

“Unlike many web skimmers, which are designed to collect information from many kinds of e-commerce payment pages in general, the skimmer that the Mirrorthief group used was designed specifically for PrismWeb’s payment page,” Trend Micro explained in a blog post.

“The skimmer collects data only from HTML elements with the specific IDs on PrismWeb’s payment form. The stolen credit card information includes card number, expiry date, card type, card verification number (CVN), and the cardholder’s name. The skimmer also steals personal information like addresses and phone numbers for billing.”

The skimmer then copies the info into the JavaScript Object Notation (JSON) format, before encrypting it and sending it to a remote server.

Although Magecart Group 11 and another gang, ReactGet, also use Google Analytics impersonation techniques, there’s no overlap in terms of the infrastructure used by Mirrorthief, and its skimmer is very different to others in that it is customized to work on PrismWeb. It also used a different JavaScript library (Crypto-JS) to the others, according to Trend Micro.

“To defend against this type of threat, website owners should regularly check and strengthen their security with patches and server segregation. Site owners should also employ robust authentication mechanisms, especially for those that store and manage sensitive data,” Trend Micro advised.

“IT and security teams should restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity that could lead to data exfiltration, execution of unknown scripts, or unauthorized access and modification.”

Categories: Cyber Risk News

Ukrainian Faces US Charges for Five-Year Malvertising Campaign

Info Security - Tue, 05/07/2019 - 09:36
Ukrainian Faces US Charges for Five-Year Malvertising Campaign

A Ukrainian man has been extradited to the US on charges of participating in a multi-year malvertising operation that targeted millions of users.

Oleksii Petrovich Ivanov, 31, was arrested in the Netherlands in October 2018 and on his arrival in the US last week was charged with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud.

Between October 2013 and May 2018 he’s alleged to have conspired to force unwitting internet users to view malicious ads over 100 million times, according to the Department of Justice (DoJ).

Ivanov and his co-conspirators are said to have posed as legitimate advertising companies: for example, in 2014 he is alleged to have posed as ‘Dmitrij Zaleskis,’ CEO of fictitious UK company ‘Veldex Limited’ which submitted malicious ads to a US internet advertising company for distribution.

Two of these campaigns were viewed over 17 million times in just a matter of days, and although the US company warned they were being flagged as malware threats, Ivanov is said to have persuaded them firm to keep running them for months.

Once the patience of these partner organizations finally wore out, Ivanov and his co-conspirators allegedly set up new companies and fake identities to start again, according to court documents.

He is also alleged to have created a botnet by infecting computers and then selling access to it.

“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” said New Jersey US attorney, Craig Carpenito. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”

Categories: Cyber Risk News

Matrix-Themed Ransomware Spikes in May

Info Security - Tue, 05/07/2019 - 08:55
Matrix-Themed Ransomware Spikes in May

Security experts are warning organizations of a new, highly targeted ransomware strain known as MegaCortex, which appears to have been written by a fan of ‘90s cult film The Matrix.

Although the ransomware first appeared at the start of the year, there appears to have been a major recorded spike on May 1, according to UK security company Sophos.

Of the 76 attacks confirmed since February, 47 happened over the past few days, according to principal researcher, Andrew Brandt.

Enterprise networks in the US, Italy, Canada, France, the Netherlands, and Ireland have so far been targeted.

There seems to be a crossover between victims of Emotet and Qbot malware and those targeted in this campaign, although Sophos can’t be sure of the correlation.

Victim organizations report attacks coming from a compromised domain controller (DC), which the hackers may have accessed via stolen admin credentials.

“The attacker issues commands via the compromised DC, which the attacker is remotely accessing using the reverse shell,” explained Brandt.

“The DC uses WMI to push the malware — a copy of PsExec renamed rstwg.exe, the main malware executable, and a batch file — to the rest of the computers on the network that it can reach, and then runs the batch file remotely via PsExec.”

That batch file is a list of commands to terminate 44 processes and 189 services and disable 194 services — in so doing, preventing anything that would stop the ransomware running including security tools.

Finally, the batch file launches winnit.exe to drop and execute the DLL payload.

There’s no actual figure quoted in the ransom demand: instead the authors offer a ‘consultation’ on how to improve the victim organization’s cybersecurity.

To help mitigate the risk of infection, Sophos recommended putting any machines using RDP behind a VPN, and to employ two factor authentication (2FA) to replace all admin passwords.

The ransom note itself apparently contains numerous references to The Matrix and the name of the ransomware echoes that of the company where hero Neo works in the film: MetaCortex.

Categories: Cyber Risk News

Israel Responds to Cyber-Attack with Air Strike

Info Security - Mon, 05/06/2019 - 17:16
Israel Responds to Cyber-Attack with Air Strike

The Israel Defense Forces (IDF) claim to have thwarted a cyber-attack from Hamas by targeting the building where Hamas cyber operatives work, according to IDF.

After the alleged cyber-attack, IDF responded with a physical attack in what Forbes contributor Kate O'Flaherty called “a world first." According to the commander of the IDF's cyber division, identified only by his rank and first Hebrew letter of his name, Brigadier General Dalet, this was also the first time that Israel cyber forces had to fend off an attack while they were also under fire, which required both Israeli technology soldiers and the Israeli Air Force, according to The Times of Israel.

“Israel would not have targeted the building and presumably those in it without a lot more due diligence and intelligence than ‘a cyber-attack was coming from the building,’” Ian Thornton-Trump, security head at AmTrust Europe, told Forbes.

Detailed information about the attempted attack is not being published at this time so as not to provide Hamas with any details about reveal Israel’s cyber capabilities. Brig. Gen. Dalet, would only say that the cyber-attack occurred in the past day and was aimed at “harming the way of life of Israeli citizens,” The Times of Israel reported.

Categories: Cyber Risk News

US Court Awards $854m to Dutch Chip Maker ASML

Info Security - Mon, 05/06/2019 - 14:57
US Court Awards $854m to Dutch Chip Maker ASML

The Santa Clara County Superior Court ruled in favor of ASML, a Netherlands-based chipmaking company, against virtual reality headset manufacturer XTAL Inc. in an intellectual property case, awarding ASML $845 million in addition to an injunction, according to a May 4 ASML press release.

“The judgment finalizes the verdict returned by the jury on 28 November 2018. The jury found that XTAL’s conduct as to all counts was malicious, entitling ASML to an award of punitive damages on all five counts pleaded against XTAL," the release said.

“The primary driver behind the jury’s verdict and the $845 million final judgment were saved research and development costs by XTAL, due to XTAL’s theft of trade secrets, inducing former employees to breach their contracts with ASML, aiding and abetting former employees to breach their fiduciary duty of loyalty to ASML, and multiple violations of California’s Computer Data Access and Fraud Act.”

The judgment finalizes the initial verdict returned by a jury ruling in favor of ASML. The charges claimed, “XTAL induced ASML employees, who had been entrusted with ASML’s most sensitive trade secrets, to secretly work for XTAL, steal trade secrets, and help XTAL obtain a lucrative contract with one of ASML’s largest customers. XTAL then used the stolen information to jumpstart its competing computational lithography business, accelerating its development well beyond what would have been possible had it not stolen and used ASML’s trade secrets. The stolen trade secrets included ASML’s proprietary algorithms as well as source code files.”

The initial verdict was returned to the jury on November 28, 2018. XTAL reportedly filed for bankruptcy on December 17, 2018. As a result, the May 4 judgment is “uncollectable as XTAL is in bankruptcy, but under a settlement arrangement ASML will end up owning most, if not all, of XTAL’s intellectual property (IP) through the bankruptcy process.”

In addition to the monetary reward, the court also issued an injunction that prohibits XTAL from any software development activities on products alleged to be using ASML’s IP.

Categories: Cyber Risk News

Huawei Says Collaboration Key to 5G Security

Info Security - Mon, 05/06/2019 - 13:55
Huawei Says Collaboration Key to 5G Security

Chinese analysts said that efforts to politicize the security of 5G networks are prejudiced and unfairly targeting a particular country or company, according to Global Times.

Last week’s Prague 5G Security Conference led by Czech Prime Minister Andrej Babiš culminated in the nonbinding “Prague Proposal,” which set forth recommendations from more than 30 members of the EU and NATO on how to move safely forward with the security of 5G networks. Absent from the conference were any Chinese delegates or representatives from Huawei.

The Chairman Statement recognized that continued global stability demands 5G network security and believes the architecture and functions of these networks must have an appropriate level of security to ensure national and economic security as well as other national interests.

“Cyber security cannot be regarded as a purely technical issue. A safe, secure and resilient infrastructure requires adequate national strategies, sound policies, a comprehensive legal framework and dedicated personnel, who is trained and educated appropriately. Strong cyber security supports the protection of civil liberties and privacy,” the statement said.

Chinese analysts have openly supported cybersecurity standards of 5G networks and reportedly oppose efforts to politicize the issue. The director-general of the Beijing-based Information Consumption Alliance, Xiang Ligang, told the Global Times, "I think their intention is pretty clear: They want to make rules based on their own values and ideologies to target companies from countries with different political systems. I think it's pretty clear that they want to target China and Huawei."

The US has banned Huawei’s products, a move that its allies have resisted supporting. However, many countries, including the US, plan to use the Prague Proposal as a guide to move forward with implementing 5G networks. 

In a statement shared with Infosecurity, a spokesperson wrote, "Huawei shares government commitments to cyber security. We believe the collaborative approach shown at the conference will be critical to ensuring the security of global 5G networks. We are encouraged by the conference's emphasis on the importance of research and development, open markets, and competition.

"Nevertheless, we believe the cyber security issue is a technical one at its core, which needs to be addressed through technical means. We firmly believe that any future security principles should be based on verifiable facts and technical data rather than ideology or a vendor's country of origin."

According to a statement released by US press secretary Sarah Sanders, “The United States supports the resulting Prague Proposals on 5G security published by the Czech conference chairman as a set of recommendations for nations to consider as they design, construct and administer their 5G infrastructure. The United States Government plans to use the Prague Proposals as a guide to ensure our shared prosperity and security."

Categories: Cyber Risk News

Huawei Says Collaboration Key to 5G Security

Info Security - Mon, 05/06/2019 - 13:55
Huawei Says Collaboration Key to 5G Security

Chinese analysts said that efforts to politicize the security of 5G networks are prejudiced and unfairly targeting a particular country or company, according to Global Times.

Last week’s Prague 5G Security Conference led by Czech Prime Minister Andrej Babiš culminated in the nonbinding “Prague Proposal,” which set forth recommendations from more than 30 members of the EU and NATO on how to move safely forward with the security of 5G networks. Absent from the conference were any Chinese delegates or representatives from Huawei.

The Chairman Statement recognized that continued global stability demands 5G network security and believes the architecture and functions of these networks must have an appropriate level of security to ensure national and economic security as well as other national interests.

“Cyber security cannot be regarded as a purely technical issue. A safe, secure and resilient infrastructure requires adequate national strategies, sound policies, a comprehensive legal framework and dedicated personnel, who is trained and educated appropriately. Strong cyber security supports the protection of civil liberties and privacy,” the statement said.

Chinese analysts have openly supported cybersecurity standards of 5G networks and reportedly oppose efforts to politicize the issue. The director-general of the Beijing-based Information Consumption Alliance, Xiang Ligang, told the Global Times, "I think their intention is pretty clear: They want to make rules based on their own values and ideologies to target companies from countries with different political systems. I think it's pretty clear that they want to target China and Huawei."

The US has banned Huawei’s products, a move that its allies have resisted supporting. However, many countries, including the US, plan to use the Prague Proposal as a guide to move forward with implementing 5G networks. Huawei reportedly shared a statement with South China Morning Post stating that the company shares in global government’s commitments to focus on cybersecurity: "We believe the collaborative approach shown at the conference will be critical to ensuring the security of global 5G networks. We are encouraged by the conference’s emphasis on the importance of research and development, open markets and competition.”

According to a statement released by US press secretary Sarah Sanders, “The United States supports the resulting Prague Proposals on 5G security published by the Czech conference chairman as a set of recommendations for nations to consider as they design, construct and administer their 5G infrastructure. The United States Government plans to use the Prague Proposals as a guide to ensure our shared prosperity and security."

Categories: Cyber Risk News

War Against Fraudsters Looks Winnable, Report Says

Info Security - Fri, 05/03/2019 - 17:37
War Against Fraudsters Looks Winnable, Report Says

Since 2017, digital ad spending has increased while fraud losses have declined, according to the fourth annual Bot Baseline Report, published by White Ops and the Association of National Advertisers (ANA).

The report found that for the first time more fraud will be stopped than will succeed, suggesting that defenders are gaining ground in the battle against fraudsters, potentially because it has become increasingly more costly for criminals to purchase realistic bot traffic.

According to the report, 2019 saw an improvement in monetary losses. While the 2017 study reported $6.5 billion in losses, this year’s report reflects an 11% decline over the past two years despite digital ad spending having increased by 25.4% between 2017 and 2019.

Only 8% of display advertising impressions were fraudulent, which was a decrease of 9% from 2017, and only 14% of video ads were fake, down from 22% in 2017, the report found.

The report also noted that the majority of fraudulent impressions are actually invalidated by demand-side platforms (DSPs) or supply-side platforms (SSPs), filtered as SIVT before being paid for or invalidated later via clawbacks (the recovery of ad spend after a campaign has run). These measures are estimated to have mitigated nearly $14 billion in fraud losses annually.

“What appears to be a decline in digital ad fraud could be a temporary lull as bad actors sharpen their saws while avoiding detection. Recently, there’s been a spate of malware attacks on online retailers and publishers, where the malware are agnostic to platform and can change characteristics in order to escape detection by pattern- or signature-based defenses,” said Usman Rahim, digital security and operations manager for The Media Trust.

“Make no mistake, today’s malware are engineering feats that require a great deal of skill and collaboration. The economics of attacks is encouraging criminals to band together. Battling these attacks demands the same. This means aligning brands, technology partners and premium publishers with consumers’ needs – in the post-GDPR world, that includes their privacy and safety. More important, it means working together on keeping out bad actors and changing our practices before the regulators force us to.”

Categories: Cyber Risk News

Pages