Cyber Risk News

Boston to Consider Regulating What Info Schools Pass to Police

Info Security - Wed, 05/06/2020 - 15:44
Boston to Consider Regulating What Info Schools Pass to Police

Boston City Council is today considering implementing regulations that would limit what information school district officials can share with law enforcement. 

A proposal put forward by councilors suggests that schools should not be allowed to give police any information regarding a student's immigration status, ethnicity, neighborhood of residence, the languages they speak, or their suspected gang affiliation. 

Under the proposal, a community board would be established to keep tabs on the school district's information-sharing policy. 

Schools would be permitted to pass information to law enforcement agencies regarding a student's possession of guns or drugs with the exception of alcohol, nicotine, and marijuana. The sharing of intelligence regarding credible safety threats and instances of serious violence would also be allowed.

A student privacy policy was first presented to the council's School Committee in mid-April by school district officials. According to the Boston Globe, the district now plans to “finalize a second policy governing access to students in school, so that the two policies may be considered by the school committee together.”

Boston Public Schools spokeswoman Jessica Ridlen said: "We believe these two policies will meet the intentions of the proposed ordinance and look forward to continuing to work with the City Council to address our shared goals."

Ridlen said that the School Committee was “committed to ensuring the privacy of its students’ information and their safety and security in school.”

Earlier this year it was revealed that student information had been shared more than 100 times by Boston city agencies between 2014 and 2018. The data was disseminated via a localized intelligence-sharing network that counted among its members an agent from the Department of Homeland Security, which oversees Immigration and Customs Enforcement.

A separate proposal to be discussed at today's City Council meeting concerns the possible regulation of the city's use of facial-recognition technology. The measure, put forward by councilors Michelle Wu and Ricardo Arroyo, proposes banning local authorities from obtaining or using a face-surveillance system, to use information derived from such a system, or to enter into a third-party agreement for surveilling faces.

No facial-recognition software is currently in use by the city of Boston.

Categories: Cyber Risk News

HMRC Shuts Down Almost 300 #COVID19 Phishing Scam Sites

Info Security - Wed, 05/06/2020 - 12:00
HMRC Shuts Down Almost 300 #COVID19 Phishing Scam Sites

Her Majesty's Revenue and Customs (HMRC) has formally asked Internet Service Providers (ISPs) to remove 292 scam web addresses exploiting the coronavirus outbreak since March 23, according to official figures.

The Freedom of Internet Act data, obtained by Griffin Law, revealed that of the 292 sites removed, 237 were proactively identified and requested for removal by HMRC independently, with the remaining 55 flagged by members of the public.

The findings highlight the continued attempts of phishing scammers looking to exploit the COVID-19 pandemic.

Two weeks ago, it was revealed that a scam email purporting to be from HMRC was in circulation advertising the government’s coronavirus Job Retention Scheme.

Tim Sadler, CEO, Tessian, said: “During the COVID-19 outbreak, we’ve seen opportunistic hackers continually taking advantage of the fact that people will be searching for more information and guidance on how to adjust to the new normal, in attempts to make their phishing scams all the more effective.

“All too often, these email scams are incredibly realistic, purporting to be from trusted organizations or authorities like HMRC, to convince people into complying with requests – whether that’s handing over personal bank account details, phone numbers and passwords."

Sadler added that it is therefore vital that companies and employees are made fully aware of these threats, particularly at a time with high levels of remote working, with many people in isolation and at a much greater risk of being defrauded.

“Key tips to stop scammers include: being careful when sharing any personal information online as well as being wary of unsolicited emails asking for urgent information. It’s also critical to avoid sharing financial details or personal information with unfamiliar websites. If you’re still not sure, call HMRC directly to verify the legitimacy of their message.”

Categories: Cyber Risk News

WordPress Hacker Attacks One Million Sites in a Month

Info Security - Wed, 05/06/2020 - 11:00
WordPress Hacker Attacks One Million Sites in a Month

WordPress administrators are being urged to ensure all of their plug-ins are up-to-date, after researchers detected a 30-fold increase in attack traffic targeting mainly cross-site-scripting vulnerabilities.

The surge in malicious traffic over the past few weeks appeared to peak on May 3, when more than 20 million attacks were attempted against more than half a million individual sites, according to Wordfence’s Ram Gall.

Over the past month, the security vendor detected attacks on more than 900,000 sites, from over 24,000 different IP addresses, all from what appears to be the same malicious actor.

That’s because they’re all attempting to inject the same malicious JavaScript payload to insert a backdoor into the victim site and redirect visitors.

The attacks themselves seek to exploit several cross-site scripting vulnerabilities in: the Easy2Map plug-in, the Blog Designer plug-in and the Newspaper theme. Also targeted are options update vulnerabilities in the WP GDPR Compliance plug-in and the Total Donations plug-in.

However, Gall warned that the hacker behind these attacks is likely to pivot to other vulnerabilities in the future.

The JavaScript in question is designed to redirect users that are not logged-in to a malvertising URL. If they are logged-in it will try to inject a malicious PHP backdoor into the current theme’s header file, alongside another malicious JavaScript, with the aim of taking remote control of the site.

“The most important thing you can do in a situation like this is to keep your plug-ins up-to-date, and to deactivate and delete any plug-ins that have been removed from the WordPress plug-in repository. The vast majority of these attacks are targeted at vulnerabilities that were patched months or years ago, and in plug-ins that don’t have a large number of users,” advised Gall.

“While we did not see any attacks that would be effective against the latest versions of any currently available plug-ins, running a web application firewall can also help protect your site against any vulnerabilities that might have not yet been patched.”

Categories: Cyber Risk News

Global Firms Cut IT Security Budgets Due to #COVID19

Info Security - Wed, 05/06/2020 - 09:30
Global Firms Cut IT Security Budgets Due to #COVID19

Over two-fifths (41%) of global businesses have cut cybersecurity budgets due to COVID-19-related financial pressures, according to new research from Barracuda Networks.

The survey of over 1000 business decision-makers illustrates the potentially serious impact the pandemic could have on organizations’ ability to combat threats, as hackers ramp up attacks on remote workers and infrastructure.

Around half (51%) of those surveyed said they’ve seen an increase in email phishing attacks since moving to a remote working model, and around the same number (49%) expect to see a data breach or security incident in the next month.

A previous Barracuda study revealed a 667% increase in COVID-19-themed phishing attacks in just a month, to the end of March.

The rapid switch to home working appears to have left some significant security gaps for organizations.

Half (51%) of those polled agreed that their workforce is not proficient or properly trained in the cyber-risks associated with long-term remote working.

In addition, 46% said they’re not confident that their web apps are completely secure, and 50% are allowing staff to use personal email addresses and devices at home for work.

The need to get security right in this context is especially critical for long-term strategy as the pandemic is changing the way companies work for good.

More than half (56%) of respondents said they plan to continue mass remote working after the crisis is over, and 53% said it had accelerated their plans to migrate to a 100% cloud model.

“Naturally, opportunistic hackers are on the lookout to target vulnerable organizations, which may have weak security infrastructure in place during this difficult time. The risk when cybersecurity is de-prioritized or neglected by businesses, is that hackers can target untrained, susceptible remote workers with increasingly sophisticated and incredibly realistic-looking email phishing attacks,” said Barracuda Networks CTO, Fleming Shi.

“As many businesses enter their third month of remote working, it’s time they refocus efforts on tackling this growing cyber-threat. At this crucial time, one successful data breach could be the final straw for many businesses which are already facing an uphill battle against COVID-19. In the current threat-scape, it’s no longer a matter of if a company’s security will be tested by cyber-criminals, it’s a matter of when.”

Categories: Cyber Risk News

Europol Dismantles Combo Sellers InfinityBlack

Info Security - Wed, 05/06/2020 - 08:45
Europol Dismantles Combo Sellers InfinityBlack

Europol has announced the dismantling of an infamous hacking group accused of stealing and selling user account credentials to other cyber-criminals.

Polish police swooped on six locations around the country, arresting five suspected members of the InfinityBlack group.

They seized electronic equipment, external hard drives and cryptocurrency wallets worth €100,000, and shut down two platforms featuring databases containing over 170 million entries, Europol explained.

The group apparently stole mainly loyalty program log-in “combos” and sold them to other gangs, who cashed in the loyalty points to buy expensive electronics.

Police in Switzerland are said to have intervened when some of these individuals tried to use the stolen data in shops. An estimated €50,000 in loyalty points was lost after InfinityBlack created a specialized script to access the accounts of Swiss consumers, according to Europol.

Five people were arrested in the canton of Vaud, Switzerland, with cross-border cooperation between law enforcement following the trail back to the cybercrime group in Poland.

“The group was efficiently organized into three defined teams,” explained Europol. “Developers created tools to test the quality of the stolen databases, while testers analyzed the suitability of authorization data. Project managers then distributed subscriptions against cryptocurrency payments.”

As well as selling breached credentials, InfinityBlack is said to have created and distributed malware and hacking tools.

Yesterday’s announcement from Europol comes just weeks after it announced a major crackdown on the sale of counterfeit medical and pharmaceutical supplies following surging demand due to COVID-19.

It claimed that 37 organized crime groups had been dismantled as part of the operation, €13m ($14m) in potentially dangerous pharmaceuticals was seized, 121 arrests were made and a total of 4.4 million units were taken by police.

Categories: Cyber Risk News

US Platform Enhances Remote Learning Cybersecurity

Info Security - Tue, 05/05/2020 - 19:17
US Platform Enhances Remote Learning Cybersecurity

As temporary school closures due to COVID-19 push education online, a US platform is striving to make remote learning a safe experience for schools and K–12 students. 

ManagedMethods, a leading Google G Suite and Microsoft 365 cybersecurity and student safety platform for K–12 school districts, today announced the addition of Google Meet and Chat monitoring and reporting to its platform.

The extra functionality has been specially designed to give school districts full visibility and control into all lessons and student activities taking place within Google Meet and Chat. 

“The current circumstances due to COVID-19 have rapidly transformed K–12 education, and brought with them new cybersecurity and student safety challenges. Schools are relying on Google Meet for video conferencing and Google Chat for communications," said Charlie Sander, CEO of ManagedMethods.

“Our new Google Meet and Chat monitoring functionality will give IT teams more insight into school meetings to better protect sensitive data, secure remote learning, keep meetings private and students safe.”

The monitoring and reporting platform updates school IT administrators on who has joined a meeting or virtual classroom and from which device. It also helps schools monitor the images and text content of remote learning environments for any cyber-bullying, threats of violence, discrimination, and warning signs of self-harm and domestic abuse.

The rapid transition to virtual learning as a result of the health pandemic has posed a challenge for even the wealthiest school districts. When conducting remote learning, districts are still responsible for complying with student data privacy regulations, including FERPA, COPPA, and CIPA. 

For IT teams, that means securing video meetings against unauthorized access by any non-organizational account—including a parent or guardian account—while all school activity takes place outside the network perimeter.

According to ManagedMethod's chief revenue officer, David Waugh, effecting the transition from face-to-face to virtual learning is just one part of the challenge schools are facing right now.

“We consistently heard from our customers who have made the transition to remote learning that Google Meet and Chat use has rapidly increased, and they needed a tool to give them visibility and control into the activity taking place there," said Waugh.

Categories: Cyber Risk News

Virtual Graduation Ceremony Delayed by Cyber-attack

Info Security - Tue, 05/05/2020 - 18:17
Virtual Graduation Ceremony Delayed by Cyber-attack

A Florida university's virtual graduation ceremony was stymied on Sunday by a cyber-attack.

Florida Gulf Coast University's Class of 2020 was due to take part in a digital spring commencement ceremony managed by StageClip at 10am on May 3. The celebratory occasion was relegated to an online-only event to comply with social distancing and lockdown measures implemented to slow the spread of COVID-19. 

Five minutes before the ceremony was due to start, the vendor began experiencing issues. The list of graduates became distorted as names of some students were linked to photographs of others. 

After experiencing several glitches, the site crashed, ruining the ceremony and disappointing thousands of students eager to mark their special day.

FGCU graduate Luisa Rodriguez was determined to make her graduation memorable despite having to celebrate it from her couch instead of surrounded by her family, friends, and student peers.  

“We were all super excited and ready, and I was with my cap and my sisters’ gown from 2016 and all my stoles and everything,” said Rodriguez. “And we sat in front of the computer and were like, ‘What is going on?’”

It transpired that StageClip's problems were the result of a cyber-attack on its servers.

Rodriguez said: “My mom, she started crying because she said, you know, you work so hard. You don’t deserve this. None of you guys deserve this.”

Due to receive their degrees via the virtual Sunday ceremony were 1,715 undergraduate students and 219 graduate-level students.

Commenting on the disruption of the ceremony, FGCU graduate Carli Coppola said: “I was definitely worried, and I saw a lot of comments on Facebook saying, you know, we waited all this time to be able to see our picture and graduate, but we weren’t able to.” 

While StageClip worked to rebuild its website, students were invited to view the virtual commencement address recorded by FGCU president Dr. Michael Martin and posted on the university's website.

"While today was disappointing, nothing can take away from our graduates’ tremendous accomplishment at the end of a uniquely challenging semester," said a spokesperson for FGCU.

StageClip described the results of the attack on the virtual ceremony as "very disheartening for all parties involved."

Categories: Cyber Risk News

Dominic Raab Condemns #COVID19 Cyber-Attacks as NCSC and CISA Release APT Advisory

Info Security - Tue, 05/05/2020 - 17:24
Dominic Raab Condemns #COVID19 Cyber-Attacks as NCSC and CISA Release APT Advisory

The UK Foreign Secretary, Dominic Raab, has said he has evidence that advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic to attack national and international organizations that are responding to the crisis. During the UK government’s daily coronavirus press briefing today, Raab confirmed the government is working with those organizations facing targeted campaigns to ensure they are aware of the threat and can take steps to protect themselves from such attacks.

“We know that cyber-criminals and other malicious groups are targeting individuals, businesses and other organizations by deploying COVID-19-related scams and phishing emails. That includes groups in the cybersecurity world known as APT groups; sophisticated networks of hackers who try to breach computer systems,” said Raab.

The comments follow the joint advisory published earlier today by the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) about ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses.

The advisory stated that healthcare bodies, pharmaceutical companies and research organizations have been subject to large-scale ‘password spraying’ campaigns, which cyber-criminals use to access a large number of accounts using commonly known passwords. It has advised staff working within these organizations to change passwords that could be reasonably guessed to ones created with three random words as well as bring in two-factor authentication to reduce the threat of compromises.

The report also suggested the involvement of hostile states in these attacks, explaining that these APT actors target such bodies to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

Paul Chichester, NCSC director of operations, commented: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe. By prioritising any requests for support from health organizations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

“However, we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password spraying campaigns.”

The advisory provides an update on malicious cyber-activity related to COVID-19 that was published on April 8 2020 by NCSC/CISA.

Categories: Cyber Risk News

GoDaddy Suffers Data Breach

Info Security - Tue, 05/05/2020 - 17:03
GoDaddy Suffers Data Breach

Domain registrar and web-hosting company GoDaddy has notified an undisclosed number of its 19 million customers of a data breach.

The security incident took place on October 19, 2019, but went undetected until April 23, 2020, when GoDaddy noticed some suspicious activity occurring on a subset of its servers. 

As a result of the episode, the web-hosting account credentials of an unknown number of customers have been compromised.

The impact of the breach could be far-reaching since GoDaddy is the world's largest domain registrar, managing 77 million domains. 

The breach was confirmed in an email filed with the State of California Department of Justice and sent out to customers by GoDaddy CISO and vice president of engineering Demetrius Comes. According to Comes, an unauthorized individual accessed login information used by customers to connect to SSH (secure shell) on their hosting account. 

In his message to affected customers, Comes described the known impact of the breach as minor, but said that an investigation into the incident had not yet reached a conclusion. 

"We have no evidence that any files were added or modified on your account," wrote Comes. "The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment."

According to Comes, GoDaddy acted dynamically to minimize the impact of the security incident.

He wrote: "We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account."

Comes assured customers that that their "main customer account, and the information stored within your customer account, was not accessible by this threat actor."

In addition to offering customers its sincere apologies, GoDaddy is taking steps to sweeten the breach by offering "one year of Website Security Deluxe and Express Malware Removal at no cost."

Comes told customers that GoDaddy's security team would be on hand to help them should the free service throw up alerts of any potential security vulnerabilities on their websites. 

Categories: Cyber Risk News

Report Reveals Fears Over Threats Posed by Wireless Devices

Info Security - Tue, 05/05/2020 - 14:40
Report Reveals Fears Over Threats Posed by Wireless Devices

More than two-thirds of cybersecurity professionals have no confidence they would be able to prevent a wireless attack, the second instalment of the Wireless Security: 2020 Internet of Evil Things report by Outpost24 has revealed. The study has highlighted the extent to which cyber-experts are concerned about the additional threats posed to organizations by the growing number of shadow internet of things (IoT) and wireless devices in workplaces.

The number of IoT devices throughout the world is projected to increase to 20.4 billion, which will substantially expand the potential attack points organizations face. Of the more than 200 cybersecurity professionals questioned in the study, 71% thought that efforts to monitor and protect against rogue devices and access points should be ramped up.

The study also revealed there was a worrying lack of preparedness by businesses regarding this growing danger, with 57% of respondents admitting that their security teams do not clear device purchases prior to accessing corporate networks. In addition, 53% of those polled were unaware of how many devices are connected to their network, while only 30% said they ensure Bluetooth pairing or wireless connection requires security authentication before gaining access to networks.

Yet 61% of security experts said they believe bring your own device (BYOD) offers a serious threat to their organization and 21% fear attacks via office-based IoT devices such as printers and coffee machines.

Bob Egner, head of product at Outpost24, said: “With the threat of wireless network attacks increasing every day, organizations must implement the tools to actively identify all BYOD, IT and IoT devices on the wireless network. Further, they need to monitor for indicators of exposure and attack as part of their vulnerability management process to ensure they are not blindsided by the hidden attack surface wireless technologies bring.”

The forms of wireless attacks that the security experts surveyed said posed the greatest threat were password theft (62%), Botnet/Malware (60%) and Man in the Middle attacks (55.5%).

Categories: Cyber Risk News

Brexit-Related Firm Wins Government Contracts Related to AI and Data Mining

Info Security - Tue, 05/05/2020 - 13:15
Brexit-Related Firm Wins Government Contracts Related to AI and Data Mining

An Artificial Intelligence (AI) firm with connections to the 2016 Vote Leave campaign has been awarded seven government contracts in the last 18 months.

According to the Guardian, Faculty, which traded under the name Advanced Skills Initiative during the 2016 referendum on the UK’s membership of the European Union, has won seven contracts totaling around £280,000 of government work.

Faculty chief executive Marc Warren also attended Scientific Advisory Group on Emergencies (SAGE) meetings, whilst his brother, data scientist Ben Warner, was recruited to Downing Street last year for the Conservative Party’s general election campaign, and also attended SAGE meetings to provide advice to ministers on COVID-19.

Faculty is also working at the heart of the government’s response to the COVID-19 pandemic, processing large volumes of confidential UK patient information alongside US firm Palantir.

One tender was a £250,000 cross-government review on the adoption of AI, issued by the Department for Digital, Culture, Media and Sport and Government Digital Service (GDS), a body which promotes the use of digital technology to improve public services, in 2019. Cabinet Office minister Theodore Agnew also reportedly has a £90,000 shareholding in Faculty.

The contract was intended “to identify the most significant opportunities to introduce AI across government with the aim of increasing productivity and improving the quality of public services.”

Another contract was awarded in 2018 for £32,000 to fund fellowships to place data scientists in city governments to help solve local challenges. Faculty was at that time operating under its original name, Advanced Skills Initiative.

Other contracts include a £264,000 contract from the Department for Business, Energy and Industrial Strategy to monitor the impact of the coronavirus on industry, and a £600,000 contract from the Home Office to track terrorist videos online.

Holly Searle, Faculty’s head of PR and communications, told the Guardian: “Faculty has strong governance procedures in place to guard against conflicts of interest when competing for new work. All of its contracts with the government are won through the proper processes and in line with procurement rules.” Infosecurity has reached out to Faculty for further comment.

A government spokesperson said Agnew had had no role in awarding any contracts to Faculty while he had been a minister, and he had followed the appropriate procedures by declaring his shareholding in House of Lords register of interests and under the ministerial code of conduct.

Categories: Cyber Risk News

Tesla Car Parts Found on eBay Containing User Data

Info Security - Tue, 05/05/2020 - 11:00
Tesla Car Parts Found on eBay Containing User Data

Security experts have discovered old Tesla car parts for sale on eBay still containing user data belonging to the previous owner, in a sign that the firm’s retrofitting service is failing customers on privacy.

A white hat known as GreenTheOnly explained that media control units (MCUs) and autopilot hardware (HW) swapped out of old models by Tesla during upgrades were turning up for sale online.

Even worse, the four he bought contained: the previous owner’s home and work address, all saved Wi-Fi passwords, calendar entries, call lists and address books from paired phones and Netflix and other stored session cookies.

When Tesla agrees to retrofit a customer’s car by upgrading such components, it takes the old units for disposal — customers aren’t usually allowed to keep them. However, the researcher’s discovery means that technicians are either selling them online, or eagle-eyed hunters are going through dumpsters near Tesla service centers, or both, according to InsideEVs.

The car firm has not responded to the title’s request for more comment on its process for disposing of old parts and why it doesn’t erase user data first. However, a source told the publication that technicians were being told merely to hit units with a hammer a few times before throwing them away.

In the meantime, the carmaker appears not to be notifying customers whose data may have been exposed in this way. Users who have had retrofitting are therefore advised to change all relevant passwords on their devices and online accounts.

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Center) argued that the more sophisticated the device, the greater potential for it to contain data that may place user privacy at risk after recycling.

“With cars becoming ever more connected and offering increasing information to drivers and passengers, manufacturers like Tesla, dealer networks supporting any manufacturer and neighborhood mechanics are in a position to access the personal information stored within the multitude of computers within a modern vehicle,” he added.

“Limiting this access, and taking care to ensure stored data is deleted during computer replacement, should be a high priority for the automotive industry as we move closer to a world where connected cars are the norm.”

It remains to be seen whether Tesla's actions attract the attention of Californian data protection regulators.

Categories: Cyber Risk News

Adult Streaming Site Leaks Data on Millions of Members

Info Security - Tue, 05/05/2020 - 09:55
Adult Streaming Site Leaks Data on Millions of Members

A misconfigured cloud database has leaked records on tens of millions of users of an adult streaming site, putting them at risk of blackmail and identity theft, according to researchers.

CAM4 is a live streaming website for explicit content, with visitors paying to watch signed-up amateur performers film themselves online.

Security Detectives researchers led by Anurag Sen found an unsecured database containing over 7TB of personal data and production logs dating from March 16 2020. Although CAM4 appears to be owned by Irish company Granity Entertainment, the server was hosted in the Netherlands by Mojohost.

It was found to be leaking almost 11 billion records, including 11 million containing emails and 26.3 million containing password hashes. Millions contained first and last names, country of origin, sexual orientation, usernames, chat and email transcripts from the site, IP addresses, and inter-user conversations.

In addition, a few hundred are said to have revealed full names, credit card types and payment amounts.

It’s not clear whether the data belongs to content producers or viewers, or both. However, the data exposed in the privacy incident could have been highly lucrative for cyber-criminals, enabling follow-on phishing, identity fraud, and – perhaps most damaging – blackmail.

Hackers could also use the exposed Apple, Google and other emails to target cloud storage and other adjacent consumer services to harvest yet more personal information, Security Detectives warned.

“The availability of fraud detection logs enables hackers to better understand how cybersecurity systems have been set up and could be used as an ideal verification tool for malicious hackers, as well as, enabling a greater level of server penetration,” it continued.

“Moreover, website backend data could be harnessed to exploit the website and create threats including ransomware attacks.”

The majority of exposed email records came from US users, followed by Brazil, Italy, France and Germany.

Less than a week ago, Sen and his team discovered a similar incident in which French newspaper Le Figaro leaked over seven billion records including readers’ personal information.

Categories: Cyber Risk News

State Hackers Target UK Unis for #COVID19 Vaccine Research

Info Security - Tue, 05/05/2020 - 09:10
State Hackers Target UK Unis for #COVID19 Vaccine Research

State-sponsored hackers have been targeting UK universities with greater frequency of late in a bid to steal research on developing COVID-19 vaccines, according to a government security agency.

It is thought that Russia, Iran and possibly China have all been probing institutions like Oxford University, which started human clinical trials on a vaccine this week, and scientific facilities.

Although there have reportedly been no successful attacks to date, there’s plenty of opportunity, with dozens of UK organizations working on treatments and tests for the coronavirus.

“Any attack against efforts to combat the coronavirus crisis is utterly reprehensible. We have seen an increased proportion of cyber-attacks related to coronavirus and our experts work around the clock to help organizations targeted,” a spokesperson from the National Cyber Security Centre (NCSC) told the Guardian.

“However, the overall level of cyber-attacks from both criminals and states against the UK has remained stable during the pandemic.”

It is hoped that if the vaccine is successful, the Oxford University researchers will team up with Cambridge-based drug firm AstraZeneca to manufacture and distribute it.

This isn’t the first time the alarm has been sounded over cyber-threats to the UK’s university sector, although the stakes have raised significantly given the current crisis.

The NCSC was forced to issue a report last September highlighting the threat to higher education from both state-sponsored attackers and cyber-criminals.

At the time, the GCHQ body urged universities to improve user security awareness, tighten access controls and revisit network architecture to segment high-value data.

“While it is highly likely that cybercrime will present the most evident difficulties for universities, state-sponsored espionage will likely cause greater long-term damage. This is particularly true for those universities which prize innovation and research partnerships. This damage will extend to the UK’s larger national interest and to those researchers whose work may give others the chance to 'publish first'” the report argued.

Categories: Cyber Risk News

Nearly Half of IT Pros Spend Weeks or More Renegotiating Vendor Contracts

Info Security - Tue, 05/05/2020 - 08:44
Nearly Half of IT Pros Spend Weeks or More Renegotiating Vendor Contracts

New research from IT management and security company Ivanti has revealed that vendor management and contract negotiations are particularly time-consuming endeavors for IT professionals who are struggling with un-unified IT processes.

The firm surveyed more than 1300 IT pros, discovering that 50% work with 11 or more different vendors and 48% can spend weeks, or months, renegotiating vendor contracts each year, with Ivanti noting the greater the number of vendors to manage, the greater the contract negotiation time for IT pros.

What’s more, operations reports are also proving to be time consuming for IT pros. Only 20% spend minutes producing IT operations reports while 52% spend hours, 22% spend days and 6% spend weeks.

These findings highlight the need for more unified IT strategies across businesses, Ivanti claimed.

The majority of respondents agreed that the benefits of more unified IT are compelling, citing the following:

  • Consistent data across systems and IT departments: 70%
  • Improved user experience: 61%
  • Ease of use: 60%
  • Consistent and aligned processes across IT departments: 59%
  • Cost savings: 58%

The survey also suggested that unified IT strategies will be adopted by respondents as they demonstrate value in helping IT meet priorities and initiatives, including improved patching and security, cutting down time to resolve incidents and improved IT reporting.

“Conflicting initiatives are competing for IT budgets and complicating visibility and reporting processes. This is making it challenging to achieve IT unification,” said Duane Newman, vice-president, product management at Ivanti.

“Compounding the situation is the time IT organizations spend on vendor and contract management. However, by taking a unified approach to the priorities of security, issue resolution and reporting, IT organizations will likely find that they are better able to achieve their highest priorities without added cost or effort.”

Categories: Cyber Risk News

'Vaccines' Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web

Info Security - Mon, 05/04/2020 - 18:50
'Vaccines' Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web

Fraudsters are attempting to sell fake vaccines allegedly manufactured using the blood of patients who have recovered from COVID-19.

The nonsense vaccines were among a crock of utter dog wings spotted for sale on the dark web by researchers from the Australian National University's Cybercrime Observatory. Researchers were trawling dark net markets for coronavirus-related medical products and supplies for a report released April 30 by the Australian Institute of Criminology.

A survey of 20 underground markets turned up 645 listings of 222 items from 110 unique vendors across 12 sites. The total estimated value of all the items was $369,000. 

While scientists around the world strive to create a proven vaccine for COVID-19, the dark net claims to have plenty available. Of the 645 items found by researchers, 6% were products falsely claiming to be effective vaccines against the deadly virus. 

"COVID-19 cure vaccine. Keep quiet on this," read one such listing, while another announced "COVID-19 antidote is here from China."

Any victims tricked into buying one of these fake vaccines would have paid on average $AUS575 for their purchase. However, one vaccine, purportedly sourced from China, where the first animal-to-human transmission of COVID-19 took place, was on sale for between $US10K and $15K. 

Researchers warned that the dangers of fake vaccines go beyond individual victims' being ripped off financially.

"First, fake vaccines could worsen the spread of the virus because users may behave as if immune but nevertheless become infected. Second, the premature release of vaccines undergoing animal or human trials would also misguide users as to their immunity, but may also impact the success of these crucial clinical trials."

Nearly half of all unique listings and a third of the total listings were composed of personal protective equipment (PPE), such as masks, gowns, sanitizers, and gloves. One listing offered 10,000 "good quality lab tested face mask for corona" for the sum of $17,952.

Most vendors claimed to be shipping from the United States.

Happily, researchers came across one dark net marketplace where the sale of COVID-related products has been banned for ethical reasons. On the site was posted the message: "You do not, under any circumstances, use COVID-19 as a marketing tool. No magical cures, no silly f***ing mask selling, toilet paper selling. None of that bullsh*t. We have class here."

Categories: Cyber Risk News

Belfast Police Warn of Cybercrime Surge

Info Security - Mon, 05/04/2020 - 17:09
Belfast Police Warn of Cybercrime Surge

Police in the Northern Irish capital city of Belfast have issued a warning over a recent rise in cybercrime.

A senior police officer said businesses had experienced a "surge" in cyber-attacks since the outbreak of the novel coronavirus. Many of the attacks are scams concocted by fraudsters seeking to exploit the health pandemic.

Police Service of Northern Ireland (PSNI) assistant chief constable Alan Todd advised businesses to ensure their IT security systems are fully up to date. He also urged businesses to be extra wary of any unusual communications.

“It is very clear that from a strategic level through the National Crime Agency, through the global level, there is a real surge in attempts, at all levels, from individual members of the public right through to business ransomware," said Todd, addressing an online seminar of Northern Irish business leaders organized by the Institute of Directors.

“All of the usual methods of attack have been ramped up at this time, and therefore the risk arising out of this for businesses and indeed householders is higher than it was."

Todd said that the tragic growth in cybercrime related to the outbreak of COVID-19 was expected.

“It was predicted before the start of this, and we are certainly seeing evidence of that.”

According to the officer in charge of the police force's coronavirus response, much of the fresh wave of cybercrime is low-level in terms of impact but could target a high volume of victims. He added that unfamiliarity with new resources, such as grants given to businesses struggling to stay afloat since lockdown measures were imposed, made employees more vulnerable to cyber-threats.

Addressing the seminar, the officer said: “Your staff may be involved in transactions and conversations around schemes that they have no familiarity with. Of course, when you put staff into that position the potential for that to be exploited by fraudsters and others in the cybercrime world is even higher.”

While lockdown measures remain in place in Northern Ireland to slow the spread of COVID-19, Todd said that officers had increased patrols in areas where business premises were closed in a bid to keep crime at bay.

Categories: Cyber Risk News

Breach Exposes Data of 774,000 Australian Migrants

Info Security - Mon, 05/04/2020 - 16:31
Breach Exposes Data of 774,000 Australian Migrants

Personal details of 774,000 individuals in Australia's migration system have been exposed in a data breach.

The data was made publicly available via the Home Affairs Department's SkillsSelect platform, which invites skilled workers and entrepreneurs to express interest in moving Down Under. 

Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.

In total, the breach revealed 774,326 unique user IDs and 189,426 completed expressions of interest, dating back to 2014. By applying filters, the Guardian was able to narrow down an expression of interest to a single entry, then discover other details relating to that particular applicant.

News of the breach comes as the Australian government is asking people to voluntarily adopt a new contact-tracing app, CovidSafe, to slow the spread of the novel coronavirus. A cybersecurity failure in one government app could make Australians reticent to input their personal information into another.

Australian Privacy Foundation board member Monique Mann told Guardian Australia the breach was “very serious . . . especially at a time where the Australian government is expecting trust.”

Mann described the Australian government as having a "consistently poor track record that shows that we cannot trust them with our personal information,” and went on to call the unnecessary exposure of migrant data "absolutely ludicrous."

Privacy academic, cryptographer, and chief executive of Thinking Cybersecurity Vanessa Teague said she thought that the public availability of ADUserIDs on the SkillsSelect platform “looks like a stuff-up.”

When Guardian Australia contacted the Home Affairs Department and the Employment Department in relation to the data breach, the SkillsSelect platform was taken offline and is now "currently undergoing maintenance."

Mann expressed concern that the data breach had not been identified by the Home Affairs Department. 

She said: “What processes of auditing and oversight are occurring within department of home affairs? This department is responsible for policing, border protection and intelligence. You would expect a greater level of information security than this.”

Categories: Cyber Risk News

National Emergency as Trump Bans Foreign Power Grid Kit

Info Security - Mon, 05/04/2020 - 10:30
National Emergency as Trump Bans Foreign Power Grid Kit

President Trump has declared another national emergency: this time over the threat of foreign adversaries launching crippling cyber-attacks against the US power grid.

A new executive order issued on Friday noted that attacks on “bulk power” equipment could have a devastating impact on national defense, emergency services, critical infrastructure and the economy.

It has therefore prohibited the ongoing acquisition and installation of any equipment “in which any foreign country or a national thereof has any interest.

“The unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects,” it read.

The order also empowers the energy secretary to find existing systems which have been bought in from abroad and are exposed to cyber-sabotage, and “develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable, taking into consideration overall risk to the bulk-power system.”

A new Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security will include secretaries of defense, commerce, homeland security, the interior and directors of national intelligence and the Office of Management and Budget. It will be set up to develop new procurement policies and make additional recommendations.

Although not named directly, the order is likely to be aimed at Russia and China. Kremlin-backed hackers, such as the Dragonfly and Energetic Bear APT groups, have been probing US energy infrastructure for years, prompting occasional alerts from the intelligence agencies.

An annual Worldwide Threat Assessment report published by the US Senate Intelligence Committee last year warned that the US electric grid could suffer the same fate as Ukrainian energy companies in 2015 and 2016, when Russian attacks left many without power.

“Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage,” it warned.

Categories: Cyber Risk News

Tokopedia Breach: 91 Million Records for Sale on Dark Web

Info Security - Mon, 05/04/2020 - 09:30
Tokopedia Breach: 91 Million Records for Sale on Dark Web

Asian e-commerce giant Tokopedia is investigating a potentially major data breach after researchers revealed that 91 million user records are up for sale on the dark web.

Breach monitoring service Under the Breach posted screenshots over the weekend that revealed a malicious actor selling records of 15 million users apparently stemming from a March 2020 incident.

According to the post, the database contained emails, password hashes, names and “much more things.” The user said they acquired a copy of the data dump but that crucially it didn’t include the salt needed to crack the hashes.

Unfortunately, the same actor was subsequently found to be selling a much larger data trove containing a purported 91 million records for just $5000. There appears to have been at least two buyers over the weekend.

“This is really bad, make sure you change your passwords for other services in case you are re-using passwords,” advised Under the Breach.

According to reports, Tokopedia is investigating the incident and reiterated in the meantime that passwords are safe.

Backed by the SoftBank Vision Fund and Chinese web giant Alibaba, the Indonesian e-commerce player is said to be looking to raise $1bn or more in pre-IPO funding ahead of plans to go public in the next three years.

The firm claims to have over 90 million monthly active users and more than seven million merchants signed-up to its Amazon-like platform.

“We have detected an attempt to steal data belonging to Tokopedia users. However, we have made sure that our users’ personal information, such as passwords, remain protected,” the company said in a statement to local media.

“Although passwords and other crucial user data remain encrypted, we still encourage Tokopedia users to change their passwords periodically to ensure their safety and security.”

Categories: Cyber Risk News