Cyber Risk News

Bank outsourcing guidelines 'are risk to competition and innovation'

Outlaw.com - Wed, 09/26/2018 - 08:51
Competition and digital innovation at banks is at risk unless significant changes are made to planned new regulatory guidelines on outsourcing, an international law firm has said.
Categories: Cyber Risk News

DDoS Attack on Infinite Campus Limits Parent Access

Info Security - Tue, 09/25/2018 - 13:33
DDoS Attack on Infinite Campus Limits Parent Access

A distributed denial-of-service (DDoS) attack on Infinite Campus, an educational software provider that houses the parent portal for Oklahoma City Public Schools, created access issues for those parents trying to connect to the district's student information system.

While this was not the first attack on Infinite Campus, district spokeswoman Beth Harrison told NewsOK that the most recent attacks were greater than any it had previously experienced in both volume and duration. "The latest series of attacks began Monday, September 17, and included multiple customers and data centers. Homeland Security is now involved and Infinite Campus has hired additional security experts to assure all data is safe and to track down the attack perpetrators."

In an announcement to parents explaining the cause of the access issues, the Oklahoma City Public Schools wrote, “Please note that NO student data was stolen or breached. This attack just causes the service to be very slow or unresponsive. Many districts across the country are impacted and authorities are investigating. We’ll provide updates as soon as we have them. Thanks for your patience!”

The attack comes at the beginning of a new school year, and while the motive is unclear at this point, attackers often have myriad objectives when orchestrating these types of attacks.

According to recent research from Corero Network Security, during the first half of 2018 DDoS attacks increased 40% from Q2 2017 to Q2 2018. “This highlights the increasing need for organizations that rely on high levels of online availability to ensure they include the latest always-on, real-time, automatic DDoS protection in their defenses,” said Sean Newman, director product management, Corero Network Security.

“The key point is that such a critical service is able to be taken down by what is now a relatively cheap-and-simple-to-launch attack vector. It’s good to see that a strong emphasis is being placed on the privacy of any data being held, but that doesn’t help with the disruption and inconvenience caused when such a vital service is down for an extended period of time.”

Many online services are delivered by third parties such as Infinite Campus, and when these service providers are targeted with DDoS or other attacks, their customers feel the impact. “The attack on Oklahoma City’s student information system is just another example of just how many services, which are increasingly provided online for reasons of cost, efficiency and scalability, are delivered without adequate resiliency to distributed denial-of-service attacks,” said Newman.

Categories: Cyber Risk News

UK Bosses Get Tough on Supply Chain Security

Info Security - Tue, 09/25/2018 - 09:45
UK Bosses Get Tough on Supply Chain Security

A third (31%) of UK firms would dump suppliers if their negligence caused a major cyber-incident, according to a new study from Beaming.

The business ISP interviewed over 500 company bosses to find out more about their attitudes to cybersecurity, and revealed a refreshingly no-nonsense attitude when it comes to managing supply chains.

Aside from those who would terminate the partner company’s contract, 20% said they’d use the incident to negotiate a discount, 15% would issue a warning and 17% would take legal action to recover any financial losses. Only 3% would take no action.

Supply chain security is increasingly important as hackers look to attack what they believe to be the weaker links in the security chain in order to infiltrate higher value targets.

Both the GDPR and NIS Directive aim to increase accountability and transparency when it comes to securing the often complex web of inter-dependencies that form modern supply chains — with major fines for those seen to be negligent.

Over a third (35%) of company bosses Beaming spoke to said they wouldn’t work with a supplier they thought would make them more vulnerable, while 27% claimed they’d actively avoid a company publicly associated with a major breach. That highlights the importance of good cybersecurity as a foundation for business growth.

Quite rightly, a quarter of respondents said they wouldn’t work with firms without a documented security policy in place and 19% would avoid those without cyber insurance. Although these numbers are encouraging, ideally, no business that processes personal data should work with a supplier that doesn’t have a clear security policy in place, and that hasn't been audited as GDPR compliant.

Beaming managing director, Sonia Blizzard, claimed business leaders see cybersecurity as a shared responsibility.

“Businesses that neglect to take the steps necessary to protect themselves and their partners could find that a single breach could irreparably damage their hard-earned reputations and relationships,” she added.

“For businesses, the consideration of risk must extend beyond their own boundaries to incorporate customers, partners and other organizations they come into contact with. Rather than simply guarding what’s ours, we need a cybersecurity culture that means we all look out for those we do business with too. Just like herd immunity, if enough businesses are well secured, the ability for denial-of-service attacks, viruses and other attacks to spread will be greatly diminished.”

Categories: Cyber Risk News

Cloud Biometrics Use to Soar in Two Years: Report

Info Security - Tue, 09/25/2018 - 09:15
Cloud Biometrics Use to Soar in Two Years: Report

Over half a billion customers worldwide will be using cloud-based biometrics to securely authenticate with their banks within two years, according to a new analyst report.

London-based Goode Intelligence’s Biometrics for Banking report details what might happen to the market over the next five years.

It claims that by the end of 2020, 1.9 billion bank customers will be using biometrics to: withdraw cash from ATMs, prove their identity over the phone, access banking services through smart devices and more. Sometimes a combination of biometrics will be needed, for example to initiative a transfer of funds from a web-based interface.

There’s a $4.8bn market expected for biometrics companies by 2023, but not all types of the technology are the same, according to the report.

Unlike device-based biometric systems — like FIDO, and Apple’s Touch ID and Face ID — cloud-based biometrics capture the information on the device but then send it to the cloud for processing.

Goode Intelligence CEO, Alan Goode, argued that banks need to choose the model that best fits their particular application or use case.

“There is definitely room for both biometric models and one model will not necessarily win over the other,” he said.

“Banks are beginning to understand the benefits and disadvantages of one model over the other and will adopt either or both to match risk, regulations and regional cultural differences. In Europe, GDPR is having a significant impact on the design of biometric systems as biometric data is considered sensitive data that needs high levels of protection.”

Another regulation set to drive the adoption of the technology is PSD2, which will mandate strong customer authentication for many transactions.

The report predicted 586 million bank customers will be using biometrics-as-a-service by 2023, to authenticate over the phone, digitally via their handset, or to withdraw cash from an ATM.

Categories: Cyber Risk News

Breach at US Retailer SHEIN Hits Over Six Million Users

Info Security - Tue, 09/25/2018 - 08:50
Breach at US Retailer SHEIN Hits Over Six Million Users

US fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.

The women’s clothing company revealed at the end of last week that its network had been targeted by a “concerted criminal cyber-attack” and that it had hired a forensic cybersecurity firm and a law firm to handle the investigation.

Details are scarce, but the firm said it had scanned for and removed backdoor malware found on its servers.

“While the full extent of the attack will continue to be investigated, it can now be confirmed that the personal information illegally acquired by the intruders included email addresses and encrypted password credentials of customers who visited the company website,” a statement noted.

“It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. SHEIN may update this information at a later date based on any new findings.”

As no card details were taken, it does not appear as if the retailer was hit by the recent spate of Magecart attacks skimming financial details as customers enter them into e-commerce sites.

It’s unclear how strongly the passwords are encrypted so the hackers may look to brute force them. They would then have a handy email/password combination which could be used to unlock other accounts around the web via credential stuffing, if users have been careless in sharing their credentials across multiple sites.

There’s also a risk that these could be used to access corporate accounts if SHEIN customers used their work email addresses to register with the site.

That’s not uncommon: in January researchers uncovered over one million email addresses belonging to staff at the UK’s 500 top law firms up for sale on the dark web, 80% of which had an associated password. It’s believed the credentials were lifted from breaches at third-party sites.

Categories: Cyber Risk News

Attack Threats Believed to Increase Collaboration

Info Security - Tue, 09/25/2018 - 08:00
Attack Threats Believed to Increase Collaboration

It’s not uncommon that vendors want to understand the experiences and opinions of security experts who are in the trenches, which is why Black Hat is often an opportune time to conduct surveys. Since this year's conference, AlienVault has analyzed the data of a survey it administered and today released its newest report, Extortion, the Cloud, and the Geopolitical Landscape.

The survey asked a wide range of questions to almost 1,000 security professionals to gauge their perspectives on topics including the public infrastructure being prepared to protect itself against cyber-threats, best reactions to cyber-threats of extortion and the security concerns hampering cloud adoption.

Of all the survey participants, 54% believe the public sector infrastructure in the US is either unprepared or very unprepared to defend against cyber-attacks, with 20% saying the US is currently "very unprepared."

Survey questions looked specifically at preparedness for attacks on reputation and brand. “While reputational damage has always been well-understood, it’s the more recent rise of social media, and the speed at which news travels, that has made it more of a risk. The takeover of corporate social media accounts by attackers, or disgruntled (or recently fired) employees is perhaps the most visible and commonly-seen example of a reputational attack on a company,” the report said.

Interestingly, 36% of security professionals feel that the potential of nation-state cyber-threats has had a positive impact on security practices in their organization. Still, 25% of businesses said that if there were any type of blackmailing attack, their organization would not know whether data had in fact been exfiltrated. If there were an instance of extortion, though, 38% of survey respondents believe negotiating the demands would be the responsibility of the CISO.

Because of their security concerns, 44%, of businesses reported that they are actively considering moving certain operations, apps, or data back to on-premises from the cloud, with 46% citing security as the biggest blocker to cloud adoption.

A majority (64%) of respondents believe that the security community is becoming more collaborative when it comes to sharing intelligence information. “When discussing attacks, it’s important to also bear in mind the collaborative nature of attacks and how defense also relies on collaborative measures. It was reassuring to see the vast majority of participants stated that they believe security professionals are becoming more collaborative in their efforts to secure enterprises,” the report said.

Categories: Cyber Risk News

Attacks Threats Believed to Increase Collaboration

Info Security - Tue, 09/25/2018 - 08:00
Attacks Threats Believed to Increase Collaboration

It’s not uncommon that vendors want to understand the experiences and opinions of security experts who are in the trenches, which is why Black Hat is often an opportune time to conduct surveys. Since this year's conference, AlienVault has analyzed the data of a survey it administered and today released its newest report, Extortion, the Cloud, and the Geopolitical Landscape.

The survey asked a wide range of questions to almost 1,000 security professionals to gauge their perspectives on topics including the public infrastructure being prepared to protect itself against cyber-threats, best reactions to cyber-threats of extortion and the security concerns hampering cloud adoption.

Of all the survey participants, 54% believe the public sector infrastructure in the US is either unprepared or very unprepared to defend against cyber-attacks, with 20% saying the US is currently "very unprepared."

Survey questions looked specifically at preparedness for attacks on reputation and brand. “While reputational damage has always been well-understood, it’s the more recent rise of social media, and the speed at which news travels, that has made it more of a risk. The takeover of corporate social media accounts by attackers, or disgruntled (or recently fired) employees is perhaps the most visible and commonly-seen example of a reputational attack on a company,” the report said.

Interestingly, 36% of security professionals feel that the potential of nation-state cyber-threats has had a positive impact on security practices in their organization. Still, 25% of businesses said that if there were any type of blackmailing attack, their organization would not know whether data had in fact been exfiltrated. If there were an instance of extortion, though, 38% of survey respondents believe negotiating the demands would be the responsibility of the CISO.

Because of their security concerns, 44%, of businesses reported that they are actively considering moving certain operations, apps, or data back to on-premises from the cloud, with 46% citing security as the biggest blocker to cloud adoption.

A majority (64%) of respondents believe that the security community is becoming more collaborative when it comes to sharing intelligence information. “When discussing attacks, it’s important to also bear in mind the collaborative nature of attacks and how defense also relies on collaborative measures. It was reassuring to see the vast majority of participants stated that they believe security professionals are becoming more collaborative in their efforts to secure enterprises,” the report said.

Categories: Cyber Risk News

Security-Minded Employees Still Pose Risks

Info Security - Tue, 09/25/2018 - 03:00
Security-Minded Employees Still Pose Risks

Despite their training and best intentions, even the most security-minded employees behave in ways that put the enterprise at risk, according to The Security Culture Report 2018.

The report, which covered eight industry sectors, surveyed more than 21,000 employees who spoke seven different languages. The results found that employee behaviors specific to cybersecurity are subpar across virtually all sectors in both Europe and the United States, which is true even for those employees who are considered to be security minded.

Norwegian software company CLTRe AS collected the data and found evidence that poor security behavior is not limited to any specific sector, though the real estate sector fared the worst when looking specifically at cybersecurity culture.

Given that financial institutions are so frequently targeted with attacks, it’s not surprising that the finance sector reportedly had a better security culture when compared to other sectors.

“We believe there are a number of reasons for these huge differences between the industry sectors. The finance sector, for example, has a long tradition of security and compliance, which has instilled a culture of security,” said Kai Roer, CEO of CLTRe.

“The trade sector, whilst also heavily regulated, typically sees many employees without higher education. Combined with high staff turnover in the industry, these factors influence its security culture, and so it is no surprise that they also impact security behaviors.”

For the first time, the study tracked changes and looked at two years' worth of data related to security cultures and found some industry sector improvements. In ranking the security culture across sectors and languages, the study used a scale of 0–100. Despite some sectors showing slight improvements, the real estate sector declined from a security culture score of 57 in 2016 to 55 in 2018.

“The change itself may not be dramatic, but the fact that it is negative suggests that this industry needs to review their current practices,” said Roer.

“It is too early to call it a trend,” explained Dr. Gregor Petric, chief science officer at CLTRe. “We need data-points over more years for that. What we do see is the ability to pick up changes by using our measurement instrument.”

Categories: Cyber Risk News

Solution to Skills Gap Is Strong Cyber Culture

Info Security - Mon, 09/24/2018 - 17:28
Solution to Skills Gap Is Strong Cyber Culture

According to a new study released by (ISC)2, organizations that have made a strong investment in cybersecurity technology are better able to retain the talent they need to protect against both internal and external threats.

The study, Building a Resilient Cybersecurity Culture, surveyed 250 organizations, representing a range of sizes. The prerequisite was that the companies had demonstrated a solid cybersecurity track record. Rather than focus on the skills gap from the negative, the study sought to identify demonstrable solutions to the workforce gap from companies that report that they have “all the cybersecurity experts that they need to be successful.”

The survey participants were all full-time employees with cybersecurity responsibilities and who affirm that their companies do an adequate job staffing the cybersecurity teams. Of the 250 participants, 84% work at companies with more than 100 employees, while 16% work at companies with fewer than 100 employees.

Only 18% of survey participants said they worry about losing members of their security staff, yet 99% said they have influence or decision-making authority in hiring and evaluating IT professionals.

“Respondents in the survey worry less about losing cybersecurity employees than actual threats, an indication that having competent, experienced people in place allows them to focus on what is important – protecting the organization. Hence, 57% say their biggest concern is the constant evolution of threats they face, and 43% say it’s the determination of threat actors,” the report said.

That top management understands the importance of strong cybersecurity seems to be critical to the successful staffing of the security teams, as the study also found that a strong culture begets professionals who hold certifications. When hiring for their cybersecurity team, 70% of participants said they give priority to hiring certified security professionals. The same number focuses on training and promoting from within. Also key to successful staffing is drafting clear job descriptions, which 52% of participants said they give priority to when hiring.

“One of the challenging things for growing organizations is aligning their job descriptions with both what the market can provide as well as the security org their trying to build is inside," said Dr. Bret Fund, founder and CEO at SecureSet. "This may sound much simpler than it really is, but it can be a real challenge to the organizations."

"As organizations look to security educators, standards bodies and certification providers, having a sense of how their organization aligns with some of the best practices of industries is going to be vital.”

Part of strengthening their security teams includes offering training and certification opportunities to employees as well as cross-training on cybersecurity skills and responsibilities. “The (ISC)2 report is a good example of the growing awareness of a strategic gap in cybersecurity training in the US," said Brajesh Goyal, vice president of engineering at Cavirin.

"If you go back to the end of WW2, there was a call for additional engineering training. [We're experiencing the] same thing [now], and in fact the just-released ‘National Cyber Strategy’ document called out the need for additional training, both for the US government and for the commercial sector. These actions trickle down to proposed initiatives like a cyber Peace Corps or even the new Girl Scouts cybersecurity badge.”

Categories: Cyber Risk News

Crytocurrency Mining Soars 459% from 2017 to 2018

Info Security - Mon, 09/24/2018 - 16:54
Crytocurrency Mining Soars 459% from 2017 to 2018

The Cyber Threat Alliance (CTA) recently released a new report, The Illicit Crytopcurrency Mining Threat, in which the group found that crypto-mining has increased 459% from 2017 through 2018. The most recent quarters show that the trend continues to grow rapidly with no indication of slowing down.

“As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-of-things (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies,” the report stated.

While mining for cryptocurrency is a drain on resources that will result in higher electric bills, it also increases the workload that could result in either decreased productivity of business operations that use computing power or even physical damage to the IT infrastructure.

According to the CTA, though, of greater concern is if illicit cryptocurrency mining is happening within an organization, it is a strong indication that there are flaws in the overall cybersecurity posture.

“The majority of illicit mining malware takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network,” the report said. If crypto-miners can gain access to the processing power of a network, there’s a strong likelihood that an attacker can gain – or already has gained – access as well.

“As the threat of crypto-jacking grows, organizations should be ever-vigilant. Crypto-jacking steals valuable resources from the business and organizations should carefully monitor what’s taking place on the network to prevent crypto-jackers from getting a foothold,” said Justin Jett, director of audit and compliance for Plixer Network.

“Traffic analytics is a critical resource in successfully monitoring and detecting threats like crypto-jacking and should be deployed wherever possible. By leveraging the existing data from the network, IT professionals can easily and quickly identify where crypto-mining malware has entered the network.”

Categories: Cyber Risk News

Scottish Brewery Recovered from Ransomware Attack

Info Security - Mon, 09/24/2018 - 16:26
Scottish Brewery Recovered from Ransomware Attack

It’s a new week, and the folks at Arran Brewery in Scotland are likely drinking to that after last week’s ransomware attack took their computer systems offline. The brewery has reportedly recovered from what managing director Gerald Michaluk believes was a targeted Dharma Bip ransomware attack.

Arran staff received what they thought was a cover letter as part of a job application, but the email attachment contained malware, according to the BBC. Why the application was submitted in the first place is what seems suspicious.

In the aftermath of a legitimate job posting, the position had been filled, yet the listing reportedly reappeared on multiple recruitment sites. Apparently the position was quite desirable, because the fraudulent post resulted in an influx of applications from candidates around the world, creating a bit of email chaos. Hackers leveraged the surge in emails and sent an infected message containing the ransomware payload within a PDF.

Once the malicious email was opened, the systems became infected, at which point the attackers demanded two Bitcoins to have the system files restored. Knowing that it would lose three months of sales records, Arran reportedly decided not to pay and instead brought in external experts to enhance its cybersecurity strategies, according to The Scottish Sun.

"To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware,” said Barry Shteiman, VP of research and innovation at Exabeam. “While many security experts warn about paying ransoms or entering into negotiations, the answer, in reality, comes down to simple economics.”

One reason many companies choose to pay the ransom is the losses incurred during downtime when data is unavailable. In other cases, restoring backups may be more expensive than paying the ransom.

“If giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organization would pay the ransom. Of course, this is a last resort, if all other options have been exhausted,” Shteiman said.

Arran opted not to pay. “We chose to bring in an expert who having identified the problem was able to eliminate the virus and restore part of our system, and is confident in due course when the key is cracked will be able to restore the lost data,” Michaluk told The Scottish Sun.

“I hope if anyone finds themselves in a similar position they can recognize the MO of these bandits and not have the same issues we have had.”

Categories: Cyber Risk News

Geo-blocking rules apply to cross-border cloud contracts

Outlaw.com - Mon, 09/24/2018 - 11:30
Geo-blocking rules set to take effect later this year apply to cross-border cloud computing contracts between businesses, the European Commission has confirmed.
Categories: Cyber Risk News

Scan4You CAV Operator Gets 14 Years

Info Security - Mon, 09/24/2018 - 09:57
Scan4You CAV Operator Gets 14 Years

A Latvian man has been sentenced to 14 years behind bars for helping to run notorious Counter Anti-Virus (CAV) service Scan4You.

Ruslans Bondars, 38, was convicted back in May of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

A second man, Russian Jurijs Martisevs, pleaded guilty in March 2018 to offenses related to the CAV service.

Bondars is said to have operated Scan4You from at least 2009 until 2016. The platform allowed would-be hackers to test their malware against over 30 AV engines without notifying the AV vendors themselves, to help improve their chances of success.

The site is said to have had thousands of users and was indirectly responsible for the development and deployment of malware such as “Citadel” which infected over 11 million computers worldwide, and resulted in over $500 million in fraud-related losses.

Another strain of malware tested on the site was used to steal around 40m credit and debit card numbers and 70m pieces of PII from an unnamed retail store operator which lost over $290m as a result. The numbers tally with those related to an infamous 2013 breach at US retailer Target.

Security vendor Trend Micro was instrumental in helping the Feds get their man. Its recent report, The Rise and Fall of Scan4You, reveals how the vendor first caught wind of Scan4You.

It began in 2012, when Trend Micro researchers were investigating a private exploit kit called g01pack. Unusually, minutes before the exploits were used in the wild, IP addresses in Latvia checked the security vendor’s web reputation system to see if it was blocking the URLs hosting the exploits.

On further investigation, Trend Micro found that the same Latvian IP addresses were checking not only g01pack exploit URLs but many others. After handing over its findings to law enforcers in 2014 a further three-years of painstaking work followed before the individuals were identified and arrested.

Earlier this year, a UK investigation between the National Crime Agency and Trend Micro resulted in a guilty plea from the operator of a CAV site called reFUD.me site, which effectively resold Scan4You’s service.

Categories: Cyber Risk News

MoD and GCHQ Set to Launch Offensive Cyber Force

Info Security - Mon, 09/24/2018 - 09:16
MoD and GCHQ Set to Launch Offensive Cyber Force

The UK’s Ministry of Defence (MoD) and surveillance service GCHQ are reportedly working on launching a £250m cyber task force designed to enhance the nation’s offensive capabilities.

The new unit will apparently combine contractors, GCHQ spies and military personnel in a force of up to 2000 online experts.

"By adopting offensive cyber techniques in the UK we are levelling the playing field and providing new means of both deterring and punishing states that wish to do us harm," said general Richard Barrons, former commander of Joint Forces Command.

While Russia could be a natural focus for operations given its own increase in activity in this space, the force will also be tasked with targeting terrorist groups, according to Sky News.

It revealed how the UK has already been playing a major role alongside the US in a series of clandestine operations against the Islamic State, including one known as Glowing Symphony.

These efforts have apparently helped to suppress IS propaganda online and restrict the ability of groups to organize effectively.

James Hadley, CEO of Immersive Labs, welcomed the news.

“This statement shows that the UK is continuing its responsibilities as a forerunner in cybersecurity and positions it as a secure place to conduct global business,” he added.

“Equally, companies should be looking to create their own cyber-strong workforces and ensuring that their skills process is consistent to keep up with the changing threat landscape.”

However, it’s unclear whether the UK even has the numbers necessary to staff such an operation, given current skills shortages.

“This announcement highlights the growing need for more cyber-savvy workers in the UK, to secure our future at a national, organizational and personal level,” argued Colin Lobley, CEO of Cyber Security Challenge UK.

“While many people are still unsure of what a career in cybersecurity would look like, the reality is that many of these jobs require similar skills and knowledge to more known careers; for example, we need architects to build secure networks, lawyers to process cybercrime cases, psychologists to assess how human behavior influences security, as well as military roles to act against national threats.”

Categories: Cyber Risk News

Japanese Crypto Exchange Hit by $60m Heist

Info Security - Mon, 09/24/2018 - 08:45
Japanese Crypto Exchange Hit by $60m Heist

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaif suffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

Earlier this year, Twitter banned cryptocurrency ads on its platform in an attempt to crack down on rising fraud levels. An Ernst & Young report from January revealed that 10% of all ICO funds are stolen by hackers or fraudsters, amounting to almost $400m in cumulative losses at the time of the research.

Categories: Cyber Risk News

Cyber-Attack Inevitable, Businesses Not Prepared

Info Security - Fri, 09/21/2018 - 16:01
Cyber-Attack Inevitable, Businesses Not Prepared

As the cyber industry continues to evolve, it becomes increasingly difficult for organizations to stay ahead of the curve, making the ever-changing threat landscape a major concern for many businesses, according to the 2018 Travelers Risk Index published by The Travelers Indemnity Company.

Evolving threats and new digital developments make cyber a top concern for large technology, banking and professional services businesses, second only to the inflation of medical costs, the study found.

Given these concerns, it’s not surprising that 52% of survey respondents believe that suffering a cyber-attack is inevitable; however, the fact that a majority of those surveyed reported not taking adequate steps to protect the business raises alarm.

More than 1,000 companies participated in the survey, which found that 55% of businesses have not completed a cyber-risk assessment. In addition to not assessing their own risks, 63% of respondents also said they have not completed a cyber-risk assessment on vendors who have access to their data.

Well over half (62%) have not developed a business continuity plan, leaving them with no outline of the steps the organization should take in the event of a breach. Despite this lack of preparation, only 50% of survey respondents have cyber insurance.

“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations,” said Tim Francis, enterprise cyber lead at Travelers, said in a press release. “These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyber-attack.”

The survey also found an increase in the number of businesses that have actually fallen victim to a cyber-attack. The number of participants citing they had been a victim doubled from 10% in 2015 to 20% in 2018. Additionally, concerns over operational software systems being remotely hacked, insufficient resources to recover from a cyber incident and falling victim to cyber extortion increased by 5% since last year.

Categories: Cyber Risk News

Independence Blue Cross Breach Exposed 17K Records

Info Security - Fri, 09/21/2018 - 15:40
Independence Blue Cross Breach Exposed 17K Records

Independence Blue Cross, a Philadelphia-based health insurer notified thousands of its members this week that a data breach had exposed some of their protected health information (PHI), according to Healthcare Informatics.

On July 19, 2018, Independence Blue Cross's privacy office announced a breach in which the personal information of approximately 17,000 members – fewer than 1% of the total membership – was potentially accessed by unauthorized individuals after an employee uploaded a file to a public-facing website on April 23, 2018. Unfortunately, the file, which contained the PHI of members remained accessible until it was removed on July 20.

"Information privacy and security are among our highest priorities. Independence has strict security measures in place to protect information in its care. Upon learning of this incident, Independence quickly took steps to ensure the file was permanently removed from the website. We reviewed company policies and procedures and implemented additional technical controls to help prevent future incidents of this kind. We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file," the company wrote.

In addition, the breach notification emphasized that no social security numbers, financial information, or credit card information was included in the exposed data.

“Criminals stealing your medical information or diagnosis codes is no longer a plot twist reserved for TV dramas with the latest records breach,” said Aaron Zander, senior IT engineer at HackerOne.

“Cybercrime damage is expected to hit $6 trillion annually by 2021, and this is just the beginning of medical record breaches, as these records are worth far more than your easily replaceable credit card. Like in the 2016 election with the release of fake medical records for presidential candidate Hillary Clinton, public announcement of a private condition can cause real damage.”

Though the company did conduct a thorough investigation, it was not able to determine whether malicious actors had accessed any of the exposed data. Still, “the Independence Blue Cross data breach represents yet another example of an exposure of sensitive information at the hands of an employee," said Zohar Alon, co-founder and CEO, Dome9 Security.

"This underscores the critical importance of properly training all employees in an organization on cybersecurity best practices and providing continuous educational opportunities as threats evolve. Additionally, because humans are prone to error, companies need to be looking to automate processes as much as possible, minimizing the need for human handling of data and reducing the risk of errors that can lead to data exposure.”

Categories: Cyber Risk News

White House Issues National Cyber Strategy

Info Security - Fri, 09/21/2018 - 15:16
White House Issues National Cyber Strategy

Taking a critical step forward in national cyber defense, the White House yesterday published the National Cyber Strategy, aimed at strengthening America’s cybersecurity capabilities. President Trump wrote, “With the release of this National Cyber Strategy, the United States now has its fully articulated cyber strategy in 15 years.”

"The new national cyber strategy is a great step forward and demonstrates a thoughtful interagency approach to protecting national prosperity and security in our information-enabled world. It builds upon the lessons learned from previous administrations and presents a solid approach to managing cyber risk," said Brigadier General Gregory J. Touhill (ret.), president, Cyxtera Federal Group.

Elements of the strategy include not only defending the homeland by protecting networks but also improving American prosperity by way providing the security that will allow for a thriving digital economy.

“This is the most comprehensive cybersecurity strategy document ever published, firmly stating a vision of the United States as ensuring a secure internet by cooperation or force. It reads like a response to former NSA director Admiral Mike Rogers’ February Congressional testimony where he acknowledged current constraints in responding to the active threat landscape the US faces,” said Bryson Bort, NSI fellow and SCYTHE founder and CEO.

The four primary pillars of the strategy are protecting the American people and their way of life, promoting American prosperity, preserving peace through strength and advancing American influence abroad.

“The national security adviser’s call for an enhanced focus on aggressive cyber defense and offensive cyber operations will result in effective deterrence against the increasing cyberattacks on our critical infrastructures,” said Michael Daly, CTO, cybersecurity and special missions, Raytheon.

“Our electoral systems, healthcare, power and financial systems have all been put at unsustainable risk. Raytheon is prepared to support our government and allies in their cyber operations with our proven tools, solutions and expertise. It’s time to address cyber adversaries with the appropriate response and regain cyberspace for our nation’s security and prosperity.”

Categories: Cyber Risk News

Proposed national security merger controls will be intrusive

Outlaw.com - Fri, 09/21/2018 - 10:02
ANALYSIS: A UK government proposal would expand ministers' already considerable powers to intervene in mergers on national security grounds.
Categories: Cyber Risk News

Woman Pleads Guilty to DC CCTV Ransomware Blitz

Info Security - Fri, 09/21/2018 - 09:54
Woman Pleads Guilty to DC CCTV Ransomware Blitz

A Romanian woman has pleaded guilty to charges relating to a major ransomware operation which took out over two-thirds of the CCTV cameras in Washington DC ahead of President Trump’s inauguration.

Eveline Cismaru pleaded guilty to one count of conspiracy to commit wire fraud and one of computer fraud, with a potential combined maximum sentence of 25 years behind bars.

Cismaru, 28, and a co-defendant, Mihai Alexandru Isvanca, 25, were arrested in the Romanian capital of Bucharest in December last year, but Cismaru managed to escape to the UK, where she was re-arrested and extradited to the US.

According to the DoJ, she hacked 126 of DC’s Metropolitan Police Department (MPD) computers in early January last year, infecting them with ransomware demanding payment of around $60,800.

That put two-thirds of the MPD’s outdoor surveillance cameras out of action at a crucial time, just as the Secret Service was preparing security for the event. In the end, the CCTV camera system was back up-and-running by the time of the event and the security of the inauguration was not put in any danger.

Yet at the time of their arrest, the two co-conspirators were alleged to have been in the process of attacking nearly 180,000 other machines via stolen emails and passwords, and banking credentials, according to the DoJ.

The incident was another timely reminder of the continuing online threat posed by ransomware — which can sometimes spill over into the physical world.

Just last weekend, for example, Bristol Airport was hit by an attack which forced staff to resort to writing flight departure and arrival information on whiteboards.

Europol this week warned that ransomware would continue to remain the biggest malware threat to businesses around the world for several years.

Categories: Cyber Risk News

Pages