Cyber Risk News

FIFA Host Cities Tackle Wi-Fi Problems

Info Security - Mon, 06/04/2018 - 14:51
FIFA Host Cities Tackle Wi-Fi Problems

As football fans gear up for the 2018 FIFA World Cup, which is being held in Russia, fraudsters are trying to score on scams while host cities are struggling to secure reliable Wi-Fi access points. According to Kaspersky Lab, more than 20%of Wi-Fi hotspots in FIFA World Cup host cities have cybersecurity issues, which could result in a winning goal for cybercriminals.

Out of the approximately 32,000 public Wi-Fi networks in these host cities, 7,176 do not use traffic encryption. According to the research, Saransk, ranked the safest city in terms of its public Wi-Fi, reportedly has 72% of all access points secured with WPA/WPA2 protocol encryption. "The top-three cities with the highest proportion of unsecured connections are Saint Petersburg (48% of Wi-Fi access points are unsecured), Kaliningrad (47%) and Rostov (44%)."

Still, networks secured with WPA2 are not impenetrable, particularly when it comes to brute-force attacks. Attackers can also attempt to intercept traffic from WPA Wi-Fi in public access points at the beginning of the session by penetrating the gap between the device and the access point.

Kaspersky Lab recommended that users avoid becoming a cybercriminal target by enabling the “Always use a secure connection” (HTTPS) option in their device settings. "Enabling this option is recommended when visiting any websites you think may lack the necessary protection."

Additionally, on 28 May Kaspersky Lab identified phishing emails offering users the chance to purchase "guest" tickets to the FIFA World Cup – but at 10 times more than the original price. While the tickets are unusable, fraudsters are taking the money and collecting users’ private data, including payment information, to steal more funds in a twofold monetization scam.

Criminals leverage these much-anticipated global events, making it a challenge for consumers and security defenders to keep pace with attackers. Events like the World Cup present incredible opportunities for cybercriminals to secure financial rewards. "Email infection, fake betting websites and traditional phishing attacks are all expected to have their day in the sun this summer," said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber and information security and risk management.

While there may be legitimate reasons a person might send an unsolicited email, Ajay Menendez, executive director, HUNT analyst program at SecureSet, said, "Malicious actors try to get in contact with you, to infect and compromise your computer for criminal profit. In this age of 'fake news' and cybercrime, it is important for individuals to be cautious, not only for yourselves personally but the organizations we work for and are associated with."

Categories: Cyber Risk News

Members of CEO Fraud Ring Arrested

Info Security - Mon, 06/04/2018 - 14:03
Members of CEO Fraud Ring Arrested

An investigation that has been under way for two years has culminated in the arrest of the masterminds behind a ring of criminals who have been impersonating CEOs for financial gain. Working collaboratively, authorities in France, Belgium, Romania, and Israel have successfully taken down an organized crime group.

Europol announced today that "on 28 May the French National Gendarmerie - Section de Recherches of Bordeaux, supported by the Israeli authorities and Europol, arrested the main suspects of an organised crime group behind a total of 24 cases if CEO fraud across Europe to the detriment of Belgian and French-based commercial companies, causing more than EUR 18 million worth of damage."

The latest arrests are part of what has been an ongoing investigation that was initiated in 2016 when two French companies reported that they had been victims of CEO fraud that resulted in a €1.2 million loss. Throughout previous stages of the ongoing actions, Belgian and French law enforcement had arrested seven individuals that were a part of the large-scale CEO fraud operation.

"The continued investigative efforts made by the French investigators, along with the substantial information exchange and analysis, allowed them to identify and locate four individuals operating from Israel considered to be the masterminds of the busted criminal ring," Europol wrote.

"The French National Gendarmerie, with support from the Israeli Lahav 433 Unit, participated in four house searches and arrests in different locations in Israel." At that time, authorities also seized computers, phones and financial information from the criminals.

The group has had success in stealing the identities of CEOs largely through business email compromise, a highly sophisticated social engineering tactic attackers used to impersonate executives.

Europol deputy executive director of operations, Wil Gemert said, "Incidents of CEO fraud (where the impersonation of CEOs is a key part of the modus operandi) have increased significantly in recent years and we are now at a point where EU-based companies are being swindled out of hundreds of million euros every year. Since the fraudsters often operate from outside the EU, it is only with internationally coordinated operations and a strong focus on asset recovery that we can achieve meaningful successes in the fight against this crime."

Categories: Cyber Risk News

Technology Makes Employees Happier

Info Security - Mon, 06/04/2018 - 13:30
Technology Makes Employees Happier

An additional benefit of automation in today's digital enterprise is that employees are reportedly happier in their work. According to a report released today by HPE Aruba, employees around the world feel more positive about their futures if they are working in a digital environment.

The study, The Right Technologies Unlock the Potential of the Digital Workplace, which collected feedback from 7,000 global employees, found that technology at work makes people more productive and more positive. The study distinguishes two groups: The "digital revolutionaries" are those who work in fully enabled digital workplaces where new technologies are in widespread use. The "digital laggards" are employees whose workplaces afford them less access to technology.

Of the digital revolutionaries, 51% of respondents were more likely to report high job satisfaction, with an additional 72% of employees reporting an elevated ability to adopt new work-related skills. 

Digital technology has sparked professional growth for 65% of revolutionary respondents, which is double the amount of professional development reported of non-technology users. Only 31% of the laggards said that technology supports their professional development. A large majority (69%) of UK employees would like to see fully automated equipment brought into the workplace. Nearly all UK employees (92%) said that the workplace would be improved through greater use of technology.

“No matter the industry, we’re seeing a move toward human-centric places as enterprises strive to meet rapidly changing expectations of how people want to work,” said Joseph White, director of workplace strategy, design and management, Herman Miller, in a press release. “This depends upon combining advances in technology – which includes furnishings – with the cognitive sciences to help people engage with work in new ways. This will not only mean singular, premium experiences for individuals, but also the opportunity for organizations to attract and retain the best talent.”

However, the study also revealed that cybersecurity is a challenge for UK employers when looking to implement a digital workplace. UK employees reported lower-than-average levels of cybersecurity awareness, which could lead to greater security risks if workplaces became more digitally focused.

While 52% of employees reported that they think about cybersecurity often or daily, in the past year, 25% of employees have connected to potentially unsafe open Wi-Fi and 20% said they use the same password across multiple applications and accounts.

Categories: Cyber Risk News

Success of Mirai Variants Highlights Security Dangers

Info Security - Mon, 06/04/2018 - 11:02
Success of Mirai Variants Highlights Security Dangers

Cyber-criminals have used Mirai as a framework on which to build improved IoT malware with new capabilities in the years since it broke, according to a new report from Netscout Arbor.

The DDoS mitigation expert claimed that Mirai was nothing short of revolutionary when it first appeared in 2016, helping to launch some of the biggest attacks ever recorded.

These include one against DNS provider Dyn which took some of the biggest names on the internet offline by harnessing the power of botnets of compromised consumer-grade IoT devices like DVRs and CCTV cameras.

Realizing the Mirai authors were onto a good thing, others have followed, with the emergence of several new variants including Satori, JenX, OMG and Wicked.

While Mirai originally worked by scanning for devices secured only by factory default log-ins, Satori makes the code even more effective by adding remote-code injection exploits.

JenX removed various features from the Mirai code and instead relies on external tools for scanning and exploitation.

OMG goes further still by adding HTTP and SOCKS proxy capabilities.

“With these two features, the bot author can proxy any traffic of its choosing through the infected IoT device,” said Netscout. “Including additional scans for new vulnerabilities, launching additional attacks, or pivot from the infected IoT device to other networks which are connected to the device.”

Finally, the most recent discovery, dubbed Wicked, replaces the credential scanning of Mirai with RCE vulnerability scanning, specifically in Netgear routers and CCTV-DVR devices.

“Within the RCE exploit, Wicked would include instructions to download and execute a copy of the Owari bot,” the security firm continued. “Often, the scanning and exploitation of devices can be automated, resulting in any susceptible devices becoming part of the botnet.”

The continued popularity of Mira-like malware makes prompt patching from users/IT admins and DDoS mitigation strategies essential, said Netscout.

Categories: Cyber Risk News

DHS Reveals Use of Stingrays Near White House

Info Security - Mon, 06/04/2018 - 09:42
DHS Reveals Use of Stingrays Near White House

A senator has claimed to have made public new evidence that shows foreign hackers and spies are targeting US citizens via their mobile devices.

Ron Wyden demanded action from the FCC and phone companies after a letter sent to him from the Department of Homeland Security (DHS) revealed the use of controversial 'stingray' technology near the White House, and attempts to exploit SS7 vulnerabilities.

Also known as IMSI-catchers, stingray tech typically mimics mobile phone base towers, allowing individuals to locate specific devices and intercept communications from them.

It’s a controversial surveillance tool which police and FBI agents have run into trouble using in the past, because it cannot be targeted enough to focus on specific devices and ends up catching data on innocent users.

Yet now the DHS has revealed that “anomalous activity” like that of an IMSI catcher was observed within the National Capitol Region (NCR), including in locations near sensitive facilities like the White House.

“The news of a possible foreign stingray near the White House is of particular concern giving reports that the President isn’t even using a secure phone to protect his calls,” said Wyden in a statement. “The cavalier attitude toward our national security appears to be coming from the top down. It is high time for the FCC and this administration to act immediately to protect American national security.”

According to the DHS, law enforcement and counter-intelligence operatives investigated this activity and determined that “some signals” emanated from real cell towers, but that doesn’t explain all activity.

The DHS also claimed to have received reports from third-parties of unauthorized use of IMSI-catcher tech, as well as exploitation of SS7 vulnerabilities to “target the communications of American citizens.”

The 40-year-old network signalling protocol has been known to contain serious vulnerabilities for years.

“I’ve spent the past year fighting to reveal what a terrible job the telephone companies and FCC are doing at protecting Americans from being spied on, tracked, or scammed,” said Wyden. “This letter is yet more evidence that these threats are absolutely real and they are already attacking Americans.”

Categories: Cyber Risk News

TSB Privacy Snafu as Letters Sent to Wrong Customers

Info Security - Mon, 06/04/2018 - 09:02
TSB Privacy Snafu as Letters Sent to Wrong Customers

UK bank TSB’s problems just got even worse after it emerged that letters sent to some customers following a major IT incident contained sensitive information on other users.

The high street lender has apologized for the privacy leak, which could fall foul of the GDPR.

Some letters sent out to explain the recent IT snafu reportedly contained a second page with a reference number, name and address of a different customer.

“If I was in any way shady, I could contact them and say that I was from TSB and perhaps trick them into discussing things,” one TSB customer told the BBC. “I have no confidence in TSB at all of controlling their usage of my data and keeping it safe and secure."

In fact, there has been a huge rise in phishing attempts targeting customers of the lender over recent weeks, as fraudsters look to trick users into clicking on links in texts and emails

A TSB spokesperson acknowledged the privacy error.

“We are working with our third-party supplier to understand the root cause of the error and we'd like to apologize to anyone that may be impacted,” they added.

The original IT problems affected millions of customers, with some reporting that they were able to access the bank accounts of other online users.

It was originally intended that the bank would transfer its underlying IT systems from an old Lloyds Bank platform to a new state-of-the-art in-house IT set-up.

TSB isn’t the only financial institution to have suffered a major IT incident recently. Over the weekend, Visa customers across Europe were hit by a “hardware failure” at the card giant which led to widespread problems using cards.

Around five hours after the initial reports the firm said systems were almost back to normal.

Categories: Cyber Risk News

Problems Loom for Buyers Following Healthcare M&A

Info Security - Fri, 06/01/2018 - 15:46
Problems Loom for Buyers Following Healthcare M&A

For buyers that have acquired a healthcare company, cybersecurity issues are not coming to light until after the deal is done, according to a new report, Reshaping Healthcare M&A: How Competition and Technology Are Changing the Game, published by West Monroe Partners.

The report noted there were 579 deals for US healthcare targets in 2017. "Both up and down market, a common theme in healthcare M&A has emerged: Buyers are looking for acquisitions that can evolve and respond to the rapidly changing landscape." The greatest challenge for acquirers, though, is the rapid rate of change in technology. 

Of the 100 market practitioners surveyed, 49% were unhappy with the compliance and cybersecurity in their healthcare deals, which highlights the challenges technology presents for the industry. More than half (58%) of buyers learned of these issues after the deal was completed. 

One reason those issues aren't discovered prior to closing the deal is that most targets don’t allow sufficient access to discover cyber issues, said Brad Haller, director in West Monroe Partners’ mergers-and-acquisitions practice.

Buyers are not granted access to networks to perform scans. "Couple that with the incredibly tight turnaround requests for diligence – which is a result of the market conditions – and acquirers are basically unable to perform the right level of rigor to the diligence process. Attackers are also getting more sophisticated and evolving quicker than ever, so the tools used in yesterday’s diligence process might not work for the diligence today," Haller said.

As a result, many acquirers are dissatisfied with their cyber-diligence, but there are additional causes of dissatisfaction. Haller said, "Diligence partners can sometimes disappoint by not providing creative enough solutions to the cyber problems discovered. That is, a buyer always wants to know how a cyber problem can be addressed without throwing a ton of money at it but that’s often the advice they get."

In addition, Haller reported that they see a lot of acquirers choosing the wrong partner for cybersecurity diligence, "for example, lawyers looking at historical breaches and past responses instead of technologists looking at how well-suited the infrastructure and tools are for the future." 

Categories: Cyber Risk News

All Women on Deck at RESET Cyber Conference

Info Security - Fri, 06/01/2018 - 15:05
All Women on Deck at RESET Cyber Conference

With more than 15 female experts in cybersecurity scheduled to speak on the evolving cyber threat landscape, RESET, hosted by BAE Systems, claims to be challenging the status quo with its all-female speaker lineup.

Scheduled for 14 June at the Kennedy Lecture Theatre, University College London (UCL), the conference is open to all security professionals and will "provide in-depth knowledge of destructive cyber-attacks and criminal operations, threat hunting and strategy, and human centric security. In panel discussions, we consider public and private roles in defending cyber space and the risks of securing the un-securable as new technologies emerge."

What is unique about this event is the speaker lineup. BAE Systems threat intelligence analysts Kirsten Ward and Saher Naumaan have launched the event not only to bring professionals together to engage in a discussion about the evolving threat landscape, but also in part to showcase the impressive women who are often not invited to speak at industry conferences. 

“There are plenty of exceptional women qualified to speak at such conferences. But because they are not promoted or given as much exposure as men, their participation is disproportionately skewed. We’re correcting this existing imbalance: all any conference organisers have to do is what we did – put in a little effort,” Naumaan said in an interview with Forbes Magazine.

After feeling unwelcomed at many cybersecurity conferences because of the striking lack of diversity, Ward and Naumaan decided it was time to "RESET" the balance. They proposed their idea for a conference with a list of exclusively female speakers, and it took them little time to come up with a list of women suited for the task. In only a few hours, they had mounted more than 100 names.

It's well known that women represent only 11% of the cybersecurity industry. That number hasn't changed for a few years. While many conferences do have sessions on their agenda that are exclusively for women, most often those are about issues in the workplace. Ward and Naumaan said that's helpful but doesn't go far enough to address the issues of gender inequality in the industry. 

Ward said, "We want people to see them first and foremost as experts in cyber security. We’re putting these brilliant women on the podium to share their expertise and stories and to unpack some of the biggest questions facing us in cyber security today.”

Naumaan also hopes the conference will lead to fewer people asking individual women what it’s like to be a female in STEM. "We want to give these women the opportunity to talk about their research and what they are knowledgeable about. We’re making it about their work, not about their gender,” Naumaan said.

Categories: Cyber Risk News

Customer Data Flies Away with Ticketfly Hacker

Info Security - Fri, 06/01/2018 - 14:35
Customer Data Flies Away with Ticketfly Hacker

Ticket distribution service Ticketfly was hacked by a culprit who took responsibility for defacing the company's homepage with a message citing poor security as the reason for not apologizing. 

The hacker, reported to be IsHaKdZ, aka ThE HaCkEr, originally hacked the website and flagged their success with the image of the V for Vendetta protagonist. That image has since been removed, but the attack remains an issue for Ticketfly, whose website is still down.

The current landing page states, "Out of an abundance of caution, we have taken all Ticketfly systems temporarily offline as we continue to look into the issue. We are working to bring our systems back online as soon as possible. Please check back later."

Claiming to have exploited a vulnerability that allowed them to take control of "all database" for Ticketfly and its website, the hacker reportedly asked for 1 bitcoin in exchange for the details, according to MotherboardInfosecurity Magazine has reached out to Ticketfly, but it has not responded. It appears the company is sharing very little information at this point. 

"A Ticketfly spokesperson declined to respond when asked whether the hacker had gotten in touch with the company," Motherboard wrote. 

According to The Verge, "A spokesperson for the company reiterated it was the target of a cyber incident, but was unable to comment on whether anyone’s personal information was breached, saying, 'The security of client and customer data is our top priority. We are working tirelessly, and in coordination with leading third-party forensic experts, to get our clients back up and running.'”

A global company, Ticketfly is one of the first victims of a major security incidents post-GDPR. "While the company hasn’t confirmed a breach of customer data has occurred, at face value the hacker’s claim – that he/she managed to access their database via an unpatched vulnerability or misconfiguration – is well within the realm of possibility," said Sanjay Beri, CEO, Netskope

"We’ve seen this time and time again with organizations failing to properly secure their data, resulting in the exposure of massive datasets on the web. Now the real question is, if a breach did occur, did the database include any PII belonging to EU citizens? If the answer is yes, this situation could escalate quickly.”

Categories: Cyber Risk News

Figures show HMRC shifting tax investigation focus to UK firms - Fri, 06/01/2018 - 10:56
UK firms are responsible for an increasing proportion of the tax HM Revenue and Customs (HMRC) suspects of being underpaid by big businesses, according to the latest figures.
Categories: Cyber Risk News

Queen’s University Belfast Launches Cyber-Testing Labs

Info Security - Fri, 06/01/2018 - 10:30
Queen’s University Belfast Launches Cyber-Testing Labs

Queen’s University Belfast is hailing a new £500,000 facility which will help academics and industry partners carry out testing and advanced research.

The state-of-the-art cybersecurity research lab is housed in the university’s Centre for Secure Information Technologies (CSIT) and features a multi-gigabit optical fiber network.

The high-speed network will provide new capabilities to carry out application and appliance pen testing, reverse engineering and advanced malware monitoring, according to the university.

Attack replay and monitoring functionality will also support research into DDoS attacks, it added.

“The CSIT Test Lab is one of the first UK-wide research infrastructures providing an experimental playground for both academia and industry to collaborate, innovate and share equipment, tools, experiments and data-sets,” claimed professor Sakir Sezer, head of connected systems security at CSIT.

“By combining all the new capabilities, the lab facilitates a highly configurable platform for many widespread communication technologies, enabling state-of-the-art ‘capture the flag’ and other red/blue tea’ cybersecurity challenge games and specialized cybersecurity staff training.”

A custom-built Cyber Range will enable researchers to connect remotely and share the facilities ad hoc with partners in other parts of the world, he continued.

The test network has been built using the latest equipment on the market, including Software Defined Networking (SDN) and Network Function Virtualisation NFV appliances, and support for industrial control systems (ICS) for smart grid and manufacturing.

ICS threats in particular are on the rise: with up to 30% of installations facing attack in the second half of 2017, according to Kaspersky Lab

State-backed Russian hackers in particular have been ramping up attacks against this kind of critical infrastructure, with the NCSC and US authorities releasing a joint technical alert to this effect in April.

The new research lab at Queen’s will also include a focus on more consumer-based IoT devices, including home IP Security cameras, health monitors, smart watches, home automation, logistic devices, PCs, phones and tablets.

Categories: Cyber Risk News

Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Info Security - Fri, 06/01/2018 - 09:31
Face, Iris and Pulse Biometrics Close in on Fingerprint Tech

Face, iris and pulse-based biometric authentication systems will increasingly eat away at the market share of fingerprint technologies, according to a new report from ABI Research.

The analyst claimed in its Biometric Technologies and Applications report that the falling cost of iris recognition will spur uptake, while facial recognition continues to improve in accuracy thanks to advanced machine learning algorithms.

The latter has already seen significant increase in penetration thanks to Apple’s decision to incorporate it into the iPhone X, while Samsung offers iris recognition in the Galaxy S8 and S9, the analyst continued.

The Internet of Things is also driving an uptake in newer biometric systems: with card-free ATMs being developed by Samsung and Diebold Nixdorf, OEMs in the automotive sector including GM, Nissan and Volvo investing heavily and new government rules in APAC set to mandate biometrics in a range of sectors including banking and telecoms, ABI Research claimed.

However, this is far from the end for fingerprints, according to industry analyst Dimitrios Pavlakis.

“Even though fingerprint sensor ASPs have taken a significant hit over the last couple of years, total fingerprint sensor shipments for the entire consumer market is still estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance,” he claimed.

“However, from established markets such as banking and payments to emerging ones like automotive and future-looking ones including robotics, we expect to see an increase in multi-modal applications and a scenario where biometrics is a critical component of a user’s digital ID in the emerging IoT ecosystem.” 

Ryan Wilk, vice-president at NuData Security, said convenience, context and security are key to the biometric authentication market.

“One thing that does not change is human behavior; an identifier that cyber-criminals cannot mimic. By better understanding and contextualizing human behavior — not just their physical characteristics — companies can have a better understanding of who the human behind the device really is,” he added.

Categories: Cyber Risk News

Honda and UMG Hit by Privacy Leaks

Info Security - Fri, 06/01/2018 - 08:51
Honda and UMG Hit by Privacy Leaks

Honda and Universal Music Group (UMG) have both been left red-faced this week after researchers revealed sensitive log-in details and customer data were exposed to the public internet via poor configuration of IT infrastructure.

The carmaker’s Indian business left two Amazon AWS S3 Buckets containing personal information on 50,000 Honda Connect App users publicly exposed, according to Kromtech.

They were left exposed despite the firm having been notified about the error by another security researcher back in February.

The leaked info apparently included names, phone numbers for users and their trusted contacts, passwords, gender, email addresses for users and trusted contacts, and information about their cars including VIN, Connect IDs, and more.

“In this particular case, the information leaked could potentially give an attacker access to everything on that phone, but specifically regarding this app when paired with a Connected Device: where someone's car is currently located, where they went, where they typically drive, how they drive, and where they start and stop,” Kromtech explained.

“Considering how we use our cars, this could give that attacker knowledge of the user's daily activities, including where they live, work, shop, and play, making it very easy to stalk someone.”

Music giant UMG was also exposed this week after ‘expert’ AWS contractor Agilisium left two instances of Apache Airflow server completely unprotected.

The workflow orchestration tool is open by default and active steps need to be taken to secure related servers, according to Kromtech.

The privacy snafu exposed “UMG’s internal FTP credentials, AWS configuration details (secret access key and password), along with internal source code details (SQL passwords),” potentially giving anyone who discovered them full access to its AWS account and key databases.

Both Honda and UMG are said to have acted quickly to resolve the issues when contacted by the security vendor.

Categories: Cyber Risk News

Open Redis Servers Infected with Malware

Info Security - Thu, 05/31/2018 - 17:12
Open Redis Servers Infected with Malware

After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot. 

Three-quarters of the servers contained malicious values, which Imperva said is an indication of infection, and more than two-thirds of the open Redis servers contained malicious keys. The honeypot data also revealed that those infected servers with "backup" keys were attacked from a medium-sized botnet (610 IPs) with 86% of the IPs located in China.

Security research team leader at Imperva, Nadav Avital wrote in a blog post today that the high percentage of infections was most likely because they are being directly exposed to the internet. "However, this is highly unrecommended and creates huge security risks." 

Earlier this year, Imperva reported on the RedisWannaMine attack, which propagates through open Redi and Windows servers. Since then, the researchers have learned of additional attacks. 

A tool with many attributes, Redis can be used as an in-memory distributed database, cache or message broker. Because it is designed to be accessed by trusted clients inside trusted environments, Redis should not be publicly exposed.

"To help protect Redis servers from falling victim to these infections, they should never be connected to the internet and, because Redis does not use encryption and stores data in plain text, no sensitive data should ever be stored on the servers," Avital wrote. 

"Security issues commonly arise when people don’t read the documentation and migrate services to the cloud, without being aware of the consequences or the adequate measures that are needed to do so," he continued. 

The research revealed the magnitude of the problem within 24 hours of being made public. Once publicly available, the servers of Imperva customers were targeted by vulnerability scanners and crypto-mining infections and attacked more than 70,000 times by 295 IPs.

"The attacks included SQL injection, cross-site scripting, malicious file uploads, remote code executions etc. These numbers suggest that attackers are harnessing vulnerable Redis servers to mount further attacks on the attacker’s behalf," Avital said. 

"As a side note, going through the huge amount of publicly available data, we found private SSH keys that can be used to access servers, certificates that can be used to decrypt network traffic, PII, and more sensitive data," he said.

Categories: Cyber Risk News

Proposed EU copyright reforms keeping pace with digital age - Thu, 05/31/2018 - 15:49
Planned reforms to EU copyright laws attempt to balance providing protection for rights holders with encouraging growth in the digital single market, an intellectual property law expert has said.
Categories: Cyber Risk News

Stress Relief App Turns Stressful for Facebook

Info Security - Thu, 05/31/2018 - 14:36
Stress Relief App Turns Stressful for Facebook

Despite having downloaded an application intended to help them relax through painting, unsuspecting Facebook users have been exploited by a malicious application that instead collects sensitive information. 

According to a 30 May post on Cylance's Threat Vector written by Kim Crawley, "‘Relieve Stress Paint’ isn’t an app that’s embedded in Facebook though. Rather, cyberattack targets received links to download the malicious application through Facebook messages or email. The cyber attackers exploited the perceived legitimacy and integrity of Facebook and AOL’s brands to transmit their Trojan."

While the targeted victims do indeed receive an application that can be used for painting, lurking in the background is a malicious payload that is grabbing sensitive Facebook session cookies, login credentials and similar data. 

Cylance found that the attackers' preferred targets are Facebook users who have their own Pages with lots of followers and payment data that is linked to their accounts. 

"While ‘Relieve Stress Paint’ is installed on a Windows machine, ‘DX.exe’ remains persistent on the system, and ‘uplink.dll’ is likely the malicious dynamic link library which grabs the target’s sensitive Facebook data," Crawley wrote. 

Researchers have found that at least 35,000 users around the globe – including Vietnam, Russia, Pakistan, Indonesia, Ukraine, Italy, Romania, Kazakhstan, Egypt, Estonia and France – have been affected. Almost 3,000 victims in Vietnam alone have fallen victim to this targeted campaign dubbed the Relieve Stress Paint Trojan. 

Facebook users are cautioned to beware of applications that come through unsolicited messages on Facebook. "Even developers of legitimate commercial software who are in the business of making money won’t send people unsolicited Facebook messages in order to market their product," Crawley wrote. 

Categories: Cyber Risk News

Canadians Unsure What to Do Post-Identity Theft

Info Security - Thu, 05/31/2018 - 13:58
Canadians Unsure What to Do Post-Identity Theft

An overwhelming majority of Canadians reported that they wouldn't know what actions to take if their identity were stolen in a data breach, according to new research from dragonfly id.

Partnering with ThinkHatch and Haven Insights, dragonfly id surveyed 425 Canadians over the course of four days in early March 2018. The goal of the survey was to understand how much Canadians know about the steps they should take to retrieve data in the aftermath of an identity breach. Results showed that 83% of respondents don't know what to do to restore their identities.   

Given the current state of the economy, the number of data breaches being reported daily and the impact identity theft has on both companies and consumers, younger respondents agreed that it's important to educate consumers on the need to have a restoration service in place for when a breach does happen.

"As age increased, concerns about online identity theft of personal data and records tended to decline," according to a 30 May press release issued by dragonfly id.

A majority (65%) of respondents also said that they really don't understand how criminals are able to compromise their identities online. Only 5% of respondents said they have a good understanding of the way thieves can steal personal information. 

Of the respondents, 46% believe it would take fewer than 50 hours to restore someone's identity after it was stolen. 

Karey Davidson, president of dragonfly id, said that a low-level identity theft breach could take between two to five weeks to resolve. However, if an attacker engages in a more sophisticated and comprehensive attack and gains access to more detailed identity information, recovering one's identity could take up to six months.

"Canadians are becoming increasingly more concerned with the impact of identity theft on their personal and financial lives. They are unsure about how to deal with the fraud that can result [in] and, in particular, the time and the steps that it takes to resolve a breach," Davidson said in the press release. 

Earlier this month, Peter Boys, Canadian Association of Farm Advisors wrote an opinion piece in The Stettler Independent. Boys noted that according to a recent annual fraud survey commissioned by the Chartered Professional Accountants of Canada (CPA Canada), Canadians are growing increasingly more concerned about identity theft.

Recognizing that citizens are fearful that businesses in Canada are more vulnerable to cyber-attacks, Boys warned, "Fraud comes in many different forms, from credit card theft, mail theft, mortgage fraud, [and] skimming to hacking. In today’s ever-evolving economy, change is rapid, and the threat of fraud is constant. Canadians are strongly encouraged to be aggressive in protecting themselves against fraud."

Categories: Cyber Risk News

Directors could be made personally liable for nuisance calls - Thu, 05/31/2018 - 12:23
Company directors could be made personally liable for nuisance calls, leading to potential fines of up to £500,000, under plans announced by the UK government.
Categories: Cyber Risk News

Digital health tech backed to reduce burden on NHS - Thu, 05/31/2018 - 11:28
Digital health solutions have the potential to reduce the burdens on the NHS by helping people manage health problems before they need to be admitted to hospital, an expert in health contracts has said.
Categories: Cyber Risk News

Senators Urge Bolton to Reconsider Cyber-Tsar Role

Info Security - Thu, 05/31/2018 - 10:20
Senators Urge Bolton to Reconsider Cyber-Tsar Role

A group of 19 senators have called on the Trump administration to reverse its decision to drop a key cybersecurity role from the upper echelons of government.

An open letter to national security adviser (NSA), John Bolton, expressed concern that the lack of a special assistant to the President and cybersecurity coordinator would hamper US efforts at precisely the wrong time.

It detailed concerns from US lawmakers and intelligence officials of Russia’s growing confidence in conducting audacious cyber-attacks against its geopolitical enemies.

“Our country’s cybersecurity should be a top priority; therefore, it is critically important that the US government present a unified front in defending against cyber-attacks. Eliminating the cybersecurity coordinator role keeps us from presenting that unified front and does nothing to deter our enemies from attacking us again,” the letter continued.

“Instead, it would represent a step in the wrong direction. Again, we urge you to send a strong signal to the rest of the world that cybersecurity is a top priority by reconsidering the elimination of the cybersecurity coordinator.”

News that the position had been dropped broke earlier this month, after the White House chose not to replace Trump’s first appointee to the role, Rob Joyce, whose departure was announced in April.

It’s believed controversial NSA Bolton was behind the decision, which came amidst a spate of departures from the National Security Council following his appointment.

The decision was justified on the basis of “streamlining management” reducing bureaucracy and increasing accountability by placing decision-making firmly in the National Security Council.

It’s unlikely that the letter will change policy, given that all 19 senators are Democrats, even though it features the signatures of heavyweights including Elizabeth Warren and Mark Warner, the latter vice-chairman of the powerful Senate Intelligence Committee.

Categories: Cyber Risk News