Cyber Risk News
The United States has imprisoned the leader and several members of a cyber-gang that stole $5m in a skimming attack on gas pumps in the Eastern District of Virginia.
According to court documents, the six conspirators placed skimming devices on gas pumps located in Northampton County. The devices recorded the credit and debit card numbers, along with their PINs, of customers who used their card at the pump to pay for gas.
In April and May 2018, the crew traveled to various branches of the supermarket Harris Teeter, among other destinations, and used the stolen card information to withdraw money from the victims’ bank accounts. The illicitly obtained financial data was also exploited to purchase prepaid gift cards.
The all-male crew, who are all Cuban nationals residing in Florida, was sentenced on January 5 to a total of more than 28 years in prison. Four of the men were convicted of aggravated ID theft while all six were convicted of conspiracy to commit bank fraud.
Several other conspirators involved in the attack remain at large and are thought to be living in Mexico.
The Department of Justice said that many of the conspirators "had significant criminal histories involving the same conduct and were known to travel the country perpetrating this scheme." Over the course of several years, the gang caused victims to suffer aggregate losses of over $5m.
Crew leader Yasmani Granja Quijada used his email account to deal in stolen data. The 33-year-old was found to be trading over 9,800 additional stolen credit card numbers.
Quijada received the largest sentence of 120 months in prison. Twenty-nine-year-old Luis Miguel Fernandez Cardente received 64 months; 31-year-old Jorge Bello Fuentes, 60 months; 34-year-old Guillermo Bello Fuentes, 47 months; 40-year-old Pedro Emilio Duran, 30 months; and 29-year-old Yariel Monsibaez Ruiz, 19 months.
The FBI and US Marshals Service seized numerous vehicles and other items that were purchased by the criminals with stolen funds, including a 2006 Triton 2895CC Boat and trailer, a 2017 Ford F250 Super Cab truck, a 2016 Cruise Radiance Travel Trailer RV, a 2017 Ford Escape SUV, a 2017 Maserati Ghibli, and a 2013 Porsche Panamera.
Sensitive data stolen from Hackney Council in the UK has allegedly been published online, three months after the ransomware attack on the local authority that took place last year.
A cyber-criminal group called Pysa/Mespinoza has claimed it has published a range of information resulting from the incident on the dark web. This includes sensitive personal data of staff and residents, such as passport documents.
In October 2020, London’s Hackney Council revealed it had been victim of a serious cyber-attack which affected many of its services and IT systems.
In a new statement on its website, the council said it was working with NCSC, National Crime Agency, Information Commissioner's Office, the Metropolitan Police and other experts to investigate what has been published and the next steps to take.
It noted that experts believe the data has not been published on a widely available public forum and is not visible through internet search engines, adding that “at this stage, it appears that the vast majority of the sensitive or personal information held by the council is unaffected, but the council and its partners are reviewing the data carefully and will support any directly affected people.”
Mayor of Hackney, Philip Glanville, stated: “I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected.
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them.
“We are already working closely with the police and other partners to assess any immediate actions we need to take, and will share further information about the additional action we will be taking as soon as we can.”
Commenting on the story, Matt Aldridge, principal solutions architect, Carbonite & Webroot, said: “Once a data breach has occurred, and the data has been exfiltrated, no amount of ransom payment can guarantee that all copies of the data will be securely destroyed. For this reason, it is critical that all organizations invest appropriately in their cyber-defenses and, wherever possible, that they have their approach validated by trusted independent third parties.
“Understanding the criticality and sensitivity of all organizational data is key, and different data types, locations and classifications should be protected appropriately, with more investment and protection being put in place to protect the most sensitive data within the organization. Regular reviews need to be made to keep on top of this situation, as data locations, types and flows are constantly changing in any modern organization.”
Enterprise security firm Panaseer has announced the appointment of Jonathan Gill as its new CEO.
Gill succeeds Panaseer founder Nik Whitfield in the role, with Whitfield becoming chairman and chief seer of the organization.
Gill brings a proven record of accomplishment in both leadership and sales, with previous roles including VP EMEA at RSA Security, EVP of global sales for Veracode and GM EMEA for Talend. He will focus on the international growth of Panaseer.
The security firm specializes in continuous controls monitoring (CCM) with its platform monitoring over four million entities for enterprise clients across two continents – Europe and North America.
Gill, CEO, said: “Throughout my career, the most fulfilling roles have been those where I have had scope to significantly scale a business to meet a global challenge. Panaseer offers the most exciting opportunity to date. Its platform is a game-changer for the security industry. It solves a major problem; the security landscape is increasingly complex, the rate of change is only accelerating.
“I am looking forward to working with the team to fulfil our vision of ensuring all enterprises have the proper safeguards to manage risk.”
Whitfield, chairman, added: “Our mission for our clients has always been to make sure their cybersecurity safeguards are switched on and working effectively at all times. Having established Panaseer as the first-choice platform to do this, the focus needed to shift to scaling the business.
“My decision to bring in a new CEO supports this growth objective, and the board and I are convinced that Jonathan is absolutely the right person to deliver on our ambitions and values.”
Deepfake video and audio technologies could become a major threat to businesses over the next two years, leading to substantial financial losses, according to a report by CyberCube entitled Social Engineering: Blurring reality and fake.
The cyber insurance analytics firm said that cyber-criminals have become increasingly adept at creating realistic audio and video fakes using AI and machine learning technology in recent years. Advancements in this field have accelerated further as a result of the shift to remote working during the COVID-19 pandemic, as organizations become more reliant on video and audio-based methods of communication.
The study observed that the growing number of video and audio samples of business people available online provides further opportunities to simulate individuals in order to influence and manipulate others. This includes building photo-realistic representations of influential people, and the use of mouth mapping technology, which enables the movement of the human mouth during speech to be mimicked with high accuracy.
These methods can put organizations at risk of severe financial losses. For instance, the report highlighted a case where cyber-criminals used AI-based software to impersonate a chief executive’s voice to demand the fraudulent transfer of $243,000.
The analysis also highlighted how traditional social engineering techniques have been ramped up since the start of COVID-19. This includes gathering information available online or from stolen physical records to create a fake identity for a particular target, a practice known as social profiling. Methods such as this have become easier for cyber-villains because of the greater use of online platforms in addition to the blurring of domestic and business IT systems during the pandemic.
The report’s author Darren Thomson, head of cybersecurity strategy at CyberCube, commented: “As the availability of personal information increases online, criminals are investing in technology to exploit this trend. New and emerging social engineering techniques like deepfake video and audio will fundamentally change the cyber-threat landscape and are becoming both technically feasible and economically viable for criminal organizations of all sizes.
“Imagine a scenario in which a video of Elon Musk giving insider trading tips goes viral – only it’s not the real Elon Musk. Or a politician announces a new policy in a video clip, but once again, it’s not real. We’ve already seen these deepfake videos used in political campaigns; it’s only a matter of time before criminals apply the same technique to businesses and wealthy private individuals. It could be as simple as a faked voicemail from a senior manager instructing staff to make a fraudulent payment or move funds to an account set up by a hacker.”
Global security giant Kaspersky and robot cybersecurity firm Alias Robotics have announced a partnership that will seek to enhance protection for robots used in operational technology (OT) infrastructure.
Used in many industrial operations, robots – a key component of Industry 4.0 – represent yet another type of endpoint in OT settings that must be secured. However, as robots are separate, complex and connected systems with specific protocols and tools, protecting them requires a unique approach.
According to a case study from Kaspersky and Alias Robotics, the solutions offered by each company can effectively work together to prevent attacks on OT networks with robots, harden control stations and protect robot endpoints from being compromised.
“Robots have their own networks, technologies, safety requirements and business priorities, all of which must be uniquely addressed,” said Víctor Mayoral Vilches, CTO and founder at Alias Robotics. “These systems demand specialized cybersecurity measures that need to happen at the endpoint to guarantee no-human-harm. By integrating [our] robot immune system (RIS) into Kaspersky Industrial CyberSecurity, our clients can now protect their robots with RIS and manage the security of their ICS infrastructure seamlessly via Kaspersky’s solution.”
Anton Shipulin, solution business lead, Kaspersky Industrial CyberSecurity, Kaspersky, added that as OT infrastructure becomes more complex, it is important to add security for all of its various parts and layers.
“Protection measures and tools should also work smoothly with each other to cover the entire environment without any gaps. Considering the growing implementation of industrial robots, this partnership with Alias Robotics allows our customers with robots in their infrastructure to meet the demand for reliable protection.”
Thousands of Department of Justice (DoJ) email accounts were accessed by SolarWinds attackers last year, the department has confirmed.
The DoJ issued a brief statement yesterday to shed more light on the impact of the attacks, which the government has so far acknowledged and blamed on Russia, but done little else to clarify.
“On December 24 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others. This activity involved access to the department’s Microsoft Office 365 email environment,” it explained.
“After learning of the malicious activity, the OCIO eliminated the identified method by which the actor was accessing the Office 365 email environment. At this point, the number of potentially accessed Office 365 mailboxes appears limited to around 3% and we have no indication that any classified systems were impacted.”
With around 113,000 employees thought to work in the DoJ, this means over 3300 mailboxes could have been accessed by the attackers.
Even if no “classified systems” were impacted, this represents a major security breach that could have given attackers access to strategically useful information and provided a staging post for convincing phishing attacks on other government users.
In fact, the DoJ admitted that the activity it detected constitutes a “major incident” under the Federal Information Security Modernization Act, and said it “is taking the steps consistent with that determination.”
In an update earlier this week, the authorities claimed that fewer than 10 government departments and agencies were affected by the campaign. Others thought to have been infiltrated by the state-backed Russian operatives are the Treasury, State, Homeland Security and Energy departments and the Cybersecurity and Infrastructure Security Agency (CISA).
Social media companies have moved swiftly to block posts by Donald Trump in the wake of extraordinary scenes in the US capital that have left four people dead.
Twitter and Facebook both blocked the outgoing President’s accounts following policy violations, removing posts which repeated baseless allegations of election fraud and praised his followers – men and women who at the time were storming Capitol Hill.
Although Twitter has been flagging Trump’s repeated claims of fraud, which he says cost him victory last November, this marks an escalation in its actions.
“As a result of the unprecedented and ongoing violent situation in Washington, D.C., we have required the removal of three @realDonaldTrump Tweets that were posted earlier today for repeated and severe violations of our Civic Integrity policy,” it said in a statement on the platform.
“This means that the account of @realDonaldTrump will be locked for 12 hours following the removal of these Tweets. If the Tweets are not removed, the account will remain locked.”
More worrying for the former reality TV star is that Twitter said it will permanently suspend Trump’s account if he violates Twitter rules in the future.
He currently has 88.7 million followers on the social media platform, which has been a key tool over the past for years for a President that prefers one-way communication with his fanbase to difficult media interviews.
Elsewhere, Facebook and Instagram both locked Trump’s accounts for 24 hours and the former removed a video in which he praised the protesters as ‘patriots.’ YouTube also removed the video.
Facebook has said it is also looking to remove any other content on the platform that may have incited the violence and has banned the #StormtheCapitol hashtag, although some reports suggest that “Stop The Steal” Facebook events and groups remain live.
As events have proven, social media companies still struggle to take down offensive and dangerous content in time, as they must balance the right to free speech with their other commitments to the rule of law and the safety of users.
In the meantime, lawmakers have since returned to Congress to confirm Joe Biden’s victory last November, with some calling for Trump’s impeachment over the incident.
Over a third of technology and media companies in the UK suffered a serious cyber-incident last year, according to new data from insurer Hiscox.
The firm claimed that 34% of firms in the technology, media and telecoms (TMT) sector were caught out by a cyber-incident or breach in 2020, leading to a median loss of nearly $40,000.
Phishing accounted for the majority (53%) of incidents, followed by web-based attacks (42%) such as those exploiting web app vulnerabilities.
Nearly a quarter (23%) suffered a ransomware attack where they were able to recover data from backup.
The Hiscox Cyber Readiness Report 2020 ranked the global TMT sector as one of the most frequently targeted by attackers, alongside financial services. It said 44% of firms in each vertical were hit by at least one incident or breach in the previous year.
TMT also ranked as one of the best prepared industries in terms of “cyber-readiness,” although the report clarified that “firms are often forced into becoming experts when they are heavily targeted industries.”
That chimes with the latest UK findings, which revealed that 67% of respondents in TMT are confident in their cyber-readiness, and 85% have a dedicated team or leader in cybersecurity.
“Research shows that the UK tech sector is far from exempt when it comes to major cybersecurity threats – proving that even for those sectors most equipped to deal with threats, vulnerabilities should never be overlooked,” said Stephen Ridley, Hiscox UK cyber-underwriting manager.
“The industry is, however, following best practice and building resilience through spending priorities and dedicated cyber-roles. The findings are a reminder that firms should always look to shift cyber-strategies and improve resilience capabilities.”
In fact, the UK’s TMT firms added £1m on average to their cybersecurity budgets in 2019 versus the previous year, the insurer claimed.
Security spending priorities over the coming year include endpoint malware detection, compliance, supply chain security, customer-facing services/applications and existing vulnerabilities.
The Defense Digital Service (DDS) and HackerOne have announced the launch of a new bug bounty program, in which participants will attempt to uncover vulnerabilities in the US Army’s digital systems.
This will be the 11th bug bounty program to take place between the DDS and HackerOne, and the third with the US Department of the Army, offering the chance for military and civilian participants to discover vulnerabilities in exchange for monetary rewards. It will run from January 6 to February 17 2021, and is named Hack the Army 3.0.
Participation is by invitation only to civilian hackers and members of the US military, with bug bounties offered only to civilian hackers when valid security vulnerabilities are found according to the program policy.
The purpose of the program is to highlight security vulnerabilities in the US Army’s digital assets before they can be exploited by nefarious actors. These can then be secured to prevent successful cyber-attacks taking place.
Brig. Gen. Adam C. Volant, US Army cyber-command director of operations commented: “Bug bounty programs are a unique and effective ‘force multiplier’ for safeguarding critical Army networks, systems and data, and build on the efforts of our Army and DoD security professionals.
“By ‘crowdsourcing’ solutions with the help of the world’s best military and civilian ethical hackers, we complement our existing security measures and provide an additional means to identify and fix vulnerabilities. Hack the Army 3.0 builds upon the successes and lessons of our prior bug bounty programs.”
Marten Mickos, CEO of HackerOne, said: “We are living in a different world today than even just a year ago. Amid disinformation and a global health crisis, citizens are increasingly wary of how, when and where their information is used. For years, the US Department of Defense and respective military branches have successfully strengthened their cybersecurity posture and protected precious data by enlisting the help of ethical hackers on HackerOne. Years later, hacker-powered security is not only a best practice in the US military, but it is now a mandated requirement among civilian federal agencies. There is only one way to secure our connected society, together, and the US Army is leading the charge with this latest challenge.”
DDS has made extensive use of bug bounty challenges of this nature to improve security systems of US government departments. Since Hack the Pentagon was launched back in 2016, it has executed 14 public bounties on external-facing websites and applications in addition to 10 private bounties on sensitive internal systems in the US Department of Defense. These include Hack the Pentagon, Hack the Defense Travel System and Hack the Air Force.
Poor-quality software cost America over $2tn last year, according to a new report by the Consortium for Information & Software Quality (CISQ).
The "Cost of Poor Software Quality in the US: A 2020 Report," which was co-sponsored by American software company Synopsys, found that the cost of poor software quality (CPSQ) in the US in 2020 was approximately $2.08tn.
Researchers looked at poor software quality resulting from software failures, unsuccessful development projects, legacy system problems, technical debt, and cybercrime enabled by exploitable weaknesses and vulnerabilities in software.
Operational software failure was determined to be the leading driver of the total CPSQ. CISQ estimated the cost of operational software failure in the US in 2020 as $1.56tn, a figure that has increased 22% since 2018.
The next largest growth area of the CPSQ, estimated at $260bn, was unsuccessful development projects, the cost of which has risen 46% since 2018.
Unmitigated flaws in the software were reported as the primary underlying cause of operational software failure, while a lack of attention to quality was "a consistent theme" among the causes of unsuccessful development projects.
"Software quality lags behind other objectives in most organizations," wrote CISQ. "That lack of primary attention to quality comes at a steep cost, which is revealed in this report.
"While organizations can monetize the business value of speed, they rarely measure the offsetting cost of poor quality."
CISQ advised software shops to avoid unsuccessful projects by not creating arbitrary schedules. It further advised shops to "pay attention to defined quality objectives and measure against those objectives throughout a project's lifecycle."
Researchers put the CPSQ associated with operating and maintaining legacy software at $520bn, down from $635bn in 2018.
"As poor software quality persists on an upward trajectory, the solution remains the same: prevention is still the best medicine," said Joe Jarzombek, director for government and critical infrastructure programs at Synopsys.
"It's important to build secure, high-quality software that addresses weaknesses and vulnerabilities as close to the source as possible. This limits the potential damage and cost to resolve issues."
The UK's flag-carrier airline is planning to begin settlement discussions that could see customers who became the victims of a data breach receive a compensation payout of up to £3bn.
British Airways customers were impacted by two data breaches in 2018. Between April and July 2018, some 185,000 British Airways reward-booking customers were notified that their personal information and financial details had been compromised, while a further 380,000 users of the airline’s app and website had their information exposed between August and September 2018.
Data compromised in the breaches included customer names, billing addresses, and email addresses. Payment card information, including card numbers, expiry dates, and—in tens of thousands of cases—the CVV security code, was also exposed. No passport details were stolen.
In July 2019, the Information Commissioner’s Office (ICO) issued a notice of intention to fine the airline a record £183m over the breach. However, this penalty was reduced drastically to a £20m fine in October 2020.
According to a statement released today by consumer action law firm Your Lawyers, British Airways has voiced its intention to kick off settlement discussions in the first quarter of 2021.
In 2019, Your Lawyers was appointed to the Steering Committee responsible for the overall conduct of the BA data breach litigation. The firm described the airline's plans to begin settlement discussions as an admission of culpability for the breach and an effort to avoid the burden of litigation.
“News that British Airways wants to settle compensation claims, with negotiations set to take place in the first quarter of 2021, is acknowledgement of its wrongdoing in failing to protect customer data," said Aman Johal, director at Your Lawyers.
“This is incredibly positive news for the victims of the breach and for consumer rights in general, but people must act fast to avoid missing out."
The deadline to join the Group Litigation Order (GLO) falls on March 19, 2021. Your Lawyers believes that affected customers could each potentially receive an average of £6,000 in compensation. Financial losses arising from the breach could also be claimed.
Thousands of cryptocurrency users have fallen victim to a sophisticated threat campaign that uses trojanized apps to drain funds from digital wallets.
The recently discovered campaign is a wide-ranging operation that encompasses fake companies, a marketing campaign, custom-built cryptocurrency applications, and a new Remote Access Tool (RAT) written from scratch to avoid antivirus detection.
Researchers at Intezer who unearthed the operation in December believe it was initiated in January 2020.
“The campaign includes domain registrations, websites, trojanized applications, fake social media accounts and a new undetected RAT that we have named ElectroRAT," wrote researchers.
ElectroRAT is written in the open-source programming language Golang and is compiled to target Windows, Linux, and Mac operating systems.
"It is rather common to see various information stealers trying to collect private keys to access victims’ wallets," wrote researchers. "However, it is rare to see tools written from scratch and used to target multiple operating systems for these purposes."
The author of the malicious campaign entices cryptocurrency users to download trojanized applications by promoting the apps on social media and in dedicated online forums.
"We estimate this campaign has already infected thousands of victims based on the number of unique visitors to the pastebin pages used to locate the command and control servers," noted researchers.
Three different trojanized apps—Jamm, eTrade, and DaoPoker—have been created by the attacker, each with a Windows, Linux, and Mac version. The attacker then built websites specifically to host the binaries.
The apps appear to offer easy-to-use tools that will help users trade and manage their cryptocurrency.
"These applications were promoted in cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan," wrote researchers.
"The promotional posts, published by fake users, tempted readers to browse the applications’ web pages, where they could download the application without knowing they were actually installing malware."
To make the DaoPoker app appear legitimate, the attacker created Twitter and Telegram accounts for it and paid a social media influencer with over 25,000 Twitter followers to advertise the app.
Among ElectroRAT's extremely intrusive capabilities are keylogging, taking screenshots, uploading files from disk, downloading files, and executing commands on the victim’s console.
Secure Chorus, a not-for-profit membership organization for the development of strategies, standards and capabilities in the field of information security, has announced the transfer of ownership of its interoperability standards for enterprise grade encrypted messaging apps to the European Telecommunication Standards Institute (ETSI).
ETSI produces globally applicable standards for ICT-enabled systems, applications and services deployed across all sectors of industry and society.
The standards – developed by Secure Chorus over a four-year project – provide solutions which offer state-of-the-art, end-to-end encryption powered by the open cryptographic standard MIKEY-SAKKE and alleviate vendor lock-in constraints, allowing enterprise users to choose their preferred service in terms of functionality
The transfer to ETSI was fully achieved in December 2020 and will allow for the wide adoption of the standards along with the development of new features in the future.
Stephen Brown, Secure Chorus’ chairman, said: “Secure Chorus is very pleased that ETSI has agreed to the transfer of ownership of our interoperability standards. ETSI is a center of excellence for the development of globally applicable standards for ICT, so we are confident they will continue the good work we started.”
Cybersecurity company BlueVoyant has announced a strategic partnership with third-party risk management consultancy DVV Solutions. The collaboration will enable BlueVoyant’s Cyber Risk Management (CRx) services to be delivered to DVV Solutions’ global customer base.
The firm said it can now offer actionable intelligence to this cohort of customers, helping them identify and address supply chain vulnerabilities. This will be primarily via BlueVoyant’s Vendor Risk Management (CR3) solution, which offers visibility and expertise to meet vendor risk management requirements as well as improve organizations’ own cyber-risk strategies.
This will add to DVV Solutions’ currently dedicated third-party risk management portfolio, which encompasses on-site/virtual visits, risk assessments, questionnaires, security ratings, continuous monitoring, cyber-risk maturity consultancy and regulatory compliance services.
In addition, BlueVoyant’s Cyber Risk Management for Investors (CRi) solution will also be available within DVV Solutions’ mergers and acquisitions (M&A) consultancy. This service showcases and mitigates the cyber-risks associated with potential transactions of this kind.
Commenting on the agreement, Robert Hannigan, chairman at BlueVoyant International, said: “The knock-on effect of COVID-19 has led to squeezed financial margins and a reduction in the resources available to tackle third-party risk in the supply chain, just as the pandemic widens the attack surface. Our CR3 solution will provide the desired level of risk analysis and remediation for DVV Solutions’ customers and their vendor ecosystems, enabling them to effectively quantify, manage and remediate third-party security risks.”
Sean O’Brien, managing director of DVV Solutions, stated: “Partnering with BlueVoyant is a natural extension of our third-party risk management and security monitoring services. As businesses and their vendor ecosystems have changed throughout an unprecedented 2020, we have seen a sharp uptick in the requirement for managed services, as supply chains become increasingly complex. Organizations therefore require a managed service-based third-party risk management solution to cut through the noise, helping them to prioritize the most pertinent supply chain risks.”
The volume of dark web forum members is on the rise, with visitor numbers surging 44% during the first COVID-19 lockdowns last year, according to new data from Sixgill.
The cyber-intelligence firm analyzed five popular English and Russian language forums to better understand their popularity over time and who is responsible for most activity.
Collating data from the launch of each forum through to the end of 2020, Sixgill found that all five sites had grown their membership exponentially without impacting each other’s popularity.
Although some grew faster than others, and some months were more successful, the overall trend points towards a continued rise in the number of users visiting dark web sites, the firm concluded.
This matters, because as the population of the dark web increases, so does criminal activity, according to Sixgill security research lead, Dov Lerner.
More interesting still was the fact that user numbers soared into double-digits from January to spring 2020, before reverting to pre-COVID numbers.
“Prior Sixgill reports have noted a tremendous uptick in specific types of cybercrime on the underground during the COVID lockdowns. This includes gaming store accounts, compromised RDP credentials, money laundering services and narcotics. This research demonstrates that the number of participants in the cyber-underground spiked at the time as well,” explained Lerner.
“Why would coronavirus lockdowns lead to a massive increase in users of dark web forums? Some of these users were bored at home and decided to go exploring. Others may have been interested in turning to crime amid the economic shocks from the pandemic and the widely covered proliferation of cybercrime targeting remote workers, such as ransomware and phishing.”
The research also revealed that while user numbers are growing, only a small number seem to be responsible for the vast majority of posts. In fact, the top 20% of frequent posters generated 73% of posts.
This may be due to large numbers of inexperienced threat actors coming merely to observe but not participate in activity, or that experienced users are creating “burner” accounts to post from a new username each time, Lerner argued.
The public sector is leading the way on ransomware resilience and refusing to pay its attackers, according to new research from Veritas.
The data management firm polled 2690 IT execs at companies of over 1000 employees to compile its 2020 Ransomware Resiliency Report.
It found that 86% of public sector respondents targeted with ransomware refused to pay, compared to an average of 43% across all verticals.
This is linked to the fact that these organizations were more likely to be able to bounce back quickly from an incident, recovering over 90% of their data versus an average of 69% across all sectors, the study revealed.
Veritas claimed that this enhanced resilience to ransomware can be partly explained by the relative simplicity of public sector cloud environments.
Organizations in this vertical use just 6.43 cloud services on average, the lowest of any vertical and almost half the global average of 11.73, the vendor argued. Only 5% of government organizations run more than 20 cloud services, versus a sector-wide average of 16%.
The backup specialist noted that 46% of public sector organizations have been hit by ransomware infection at least once in the past, with 9% facing three to five attacks. This chimes with findings from Coveware, which put the sector second overall in Q3 2020, accounting for 11.6% of total attacks and behind only professional services (25.2%).
However, the digital transformation push sparked by the COVID-19 crisis may yet increase the organizational attack surface and complexity for public sector bodies, as they ramp up cloud adoption.
“Importantly, this process hasn’t finished yet and the public sector remains one of the most attractive ransomware targets around. It’s almost inevitable that with time, the complexity of cloud within public sector organizations will grow,” argued Veritas UK&I director for public sector, Andy Warren.
“Now is the time for these IT departments to make sure they’ve got the full visibility and control over that data so they can remain as prepared in the future as they are now.”
The US government has, for the first time, attributed the SolarWinds cyber-espionage attacks to Russia, and clarified that fewer agencies have been affected than some first thought.
A lengthy joint statement from the FBI, NSA, the Office of the Director of National Intelligence (ODNI) and the Cybersecurity and Infrastructure Security Agency (CISA) claimed the attack was primarily an intelligence-gathering operation, “likely Russian in origin.”
While those in the cybersecurity community have always been fairly certain that the attack was indeed one focused on data theft, this confirmation could be viewed as an attempt to silence conspiracy theorists who have tried to tie it to debunked accusations of election fraud in November.
It’s unclear why it has taken the US authorities this long to name Russia: a New York Times report published as the news first broke had insiders naming APT29, or Cozy Bear, as the culprit.
The APT group has been linked to the Russian Foreign Intelligence Service (SVR) and KGB successor the Federal Security Service (FSB), and has been blamed for previous attacks on the Democratic National Committee (DNC) in 2016 and COVID-19 vaccine stakeholders last year.
Interestingly, the Cyber Unified Coordination Group (UCG) — a task force set up by the NSA, FBI, CISA and ODNI to mange the fall-out of the attacks — claimed that fewer than 10 US government agencies were caught in the campaign, a lower number than that previously reported by some media.
“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States government, as well as our private sector partners, have been working non-stop,” the statement noted.
“These efforts did not let up through the holidays. The UCG will continue taking every necessary action to investigate, remediate and share information with our partners and the American people.”
A former civil servant has been imprisoned in the United Kingdom for hacking into the computer accounts of nearly 600 women and girls to blackmail them into sharing sexually explicit images of themselves.
Akash Sondhi, of Chafford Hundred, Essex, engaged in a cybercrime spree that lasted nearly three and a half years and impacted 573 victims located around the world in countries including Australia, Hong Kong, and the UK.
The 27-year-old, who was described by the Crown Prosecution Service as "an extremely manipulative man," was sentenced today in Basildon Crown Court to 11 years in prison for blackmail, voyeurism, and cybercrimes.
Judge Samantha Cohen told Sondhi: "You were a source of pride to your family, but now you are a source of shame."
Between December 26, 2017, and March 17, 2020, Sondhi gained unauthorized access to hundreds of victims' social media accounts. Snapchat, a messaging app that lets users exchange pictures and video that are meant to disappear shortly after they're viewed, was his favored hunting ground.
After gaining access to an account, Sondhi would trawl it for indecent images that he could use to threaten his victim.
"Sondhi told them if they didn’t send him nude images of themselves, he would post intimate images of them to their friends and family," said the CPS.
Some of the young women complied with Sondhi's requests, and in at least six cases, this serial sextortionist carried out his threats to expose their private images.
The CPS said that a number of Sondhi's victims reported experiencing serious emotional and psychological harm as a result of his actions. One victim even attempted to kill herself.
“Akash Sondhi is an extremely manipulative man who inflicted emotional and psychological damage on young women while also getting gratification from their images and videos," said CPS senior crown prosecutor Joseph Stickings.
"Following a diligent and thorough investigation conducted by the Essex Police Cyber Crime Unit the CPS was able to build a comprehensive case of 65 counts reflecting the high level of his offending."
Stickings went on to thank all of the victims who came forward to report Sondhi's crimes, commending them for their bravery.
The fresh financing will be spent on supporting the company's "rapid growth" in a market it says is worth $25bn.
iboss is a privately held company founded in 2003 that is headquartered in Boston, Massachusetts. The company is known for its cloud platform, which provides network security as a service, delivered in the cloud, as a complete SaaS offering.
According to the company's CEO, Paul Martini, the ongoing global health pandemic has accelerated the shift to cloud-based cybersecurity providers, giving iboss a boost.
“COVID-19 has exposed massive vulnerabilities with outdated, hardware-based cybersecurity solutions and accelerated the timeline of moving away from the old method of securing physical office perimeters,” said Martini.
“Implementing modern architecture that provides network security in the cloud is the best way to ensure safety and productivity, even as remote workers rely more and more on fast connections for things like video meetings and online productivity apps.”
iboss uses a Secure Access Service Edge (SASE) model to protect dispersed workforces that increasingly connect to cloud applications such as Microsoft Office 365 and Zoom.
“iboss has created the largest, most modern and comprehensive SASE security platform on the market and is the only platform that can fully transition organizations from on-prem security appliances to SaaS security delivered in the cloud,” said Dave DeWalt, founder of NightDragon and co-chairman of iboss.
“What makes this stronger is that iboss is an open security platform that allows organizations to apply the security engines and log analytics platforms of their choosing compared to existing closed SASE solutions that lack this flexibility and restrict better security due to lack of collaboration with top cybersecurity intelligence vendors.”
The funding round was led by NightDragon and global investment firm Francisco Partners.
“We are thrilled to partner with iboss and participate in this growth financing,” said Francisco Partners' head of credit, Scott Eisenberg.
“As the traditional enterprise perimeter dissolves, security solutions need to enable safe access to apps and services anytime, anywhere. iboss’ cloud-first solution was designed to address this transformational infrastructure shift.”
A spate of swatting attacks waged against users of smart-home devices in America has prompted the Federal Bureau of Investigation to issue a public warning.
The term 'swatting' is used to describe a hoax call made to emergency services, typically reporting an immediate threat to human life, to trigger a response from law enforcement and the deployment of a S.W.A.T. team to a specific residence.
The FBI said on December 29 that law enforcement agencies have received reports from smart-home device manufacturers that offenders have been gaining unauthorized access to devices using stolen passwords. The cyber-attackers have focused their malicious activity on owners of devices that have camera and voice capabilities.
After gaining control of a device, the attackers take over the live-stream camera and device speakers. They then initiate contact with first responders, falsely informing them that a crime or emergency situation is unfolding at the victim's home address.
As law enforcement responds to the residence, the attacker watches the swatting attack they have manufactured unfold via livestream footage, engaging with the responding police through the camera and speakers.
In some cases, attackers have live-streamed the incidents they manufactured online via shared community platforms.
"Swatting may be motivated by revenge, used as a form of harassment, or used as a prank, but it is a serious crime that may have potentially deadly consequences," warned the FBI.
"Confusion on the part of homeowners or responding officers has resulted in health-related or violent consequences and pulls limited resources away from valid emergencies."
The FBI said that it is working with private-sector partners who design and build smart devices to advise customers about the swatting attacks and how to avoid being victimized. The Bureau is also taking steps to alert law enforcement first responders to this dangerous threat.
Users of smart-home devices with cameras and voice capabilities are advised to use complex, unique passwords and enable two-factor authentication to help protect against swatting attacks.
"It is highly recommended that the user's second factor for two-factor or multi-factor authentication be a mobile device number and not a secondary e-mail account," said the FBI.