Cyber Risk News

Cyber-Attack on European Court of Human Rights

Info Security - Wed, 12/23/2020 - 17:33
Cyber-Attack on European Court of Human Rights

The European Court of Human Rights has fallen victim to a cyber-attack after publishing a ruling regarding the fate of an incarcerated Turkish political leader. 

According to Bloomberg, hackers struck at the Court's website on Tuesday, knocking it offline for approximately 16 hours. The website has now been restored, and the order is one again accessible to the public.

The attack came shortly after the Court published a grand chamber ruling on December 22 demanding that Turkey release the former leader of the pro-Kurdish Peoples’ Democratic Party (HDP), Selahattin Demirtaş, immediately. 

Demirtaş was locked up after helping the HDP win enough seats to end the parliamentary majority of Recep Tayyip Erdoğan’s Justice and Development Party (AKP) in the 2015 general election.  

He was indicted on offenses related to terrorism and jailed in 2016 after parliamentary immunity for politicians was revoked in Turkey. If convicted of the more than 100 charges that he faces, Demirtaş could receive a sentence of 142 years in prison. 

The Court found that the detention of 47-year-old Demirtaş, which has lasted more than four years, goes against “the very core of the concept of a democratic society.”

A panel of 17 judges said that by locking up the politician, Turkey was sending "a dangerous message to the entire population" that pluralism and free political debate will be stifled.

Hacking collective Anka Neferler Timi (The Turkish Hacker Team) appear to have claimed responsibility for the cyber-attack. The group posted on Twitter that they had brought the website down and asked the Court to apologize for the ruling they issued regarding Demirtaş.

The Twitter account used by Anka Neferler Timi was only created earlier this month and has fewer than 100 followers. 

Today, the Court released the following statement: “Following the delivery of the Selahattin Demirtas v. Turkey (no. 2) judgment on 22 December, the website of the European Court of Human Rights was the subject of a large-scale cyberattack which has made it temporarily inaccessible. The Court strongly deplores this serious incident. The competent services are currently making every effort to remedy the situation as soon as possible.”

Categories: Cyber Risk News

Semperis Appoints Igor Baikalov as Chief Scientist

Info Security - Wed, 12/23/2020 - 16:45
Semperis Appoints Igor Baikalov as Chief Scientist

Semperis has announced the appointment of Igor Baikalov as its chief scientist to lead the enterprise identity protection company's research division.

In his new role, Baikalov is tasked with developing identity-centric models of cyber-attacks as well as enhancing the cyber-resiliency of hybrid identity stores through the application of identity analytics and machine learning.

He joins Semperis following over 30 years’ experience working in data analysis and enterprise application development, covering areas such as insider threats and risk monitoring.

Baikalov’s most recent position was chief scientist at security firm Securonix, where he led the development of behavioral models of cyber-attacks and automated large-scale detection of cyber-threats.

He has also previously worked for the Bank of America in the role of senior vice president, global information security, where he was charged with developing security intelligence and risk analytics solutions. In his time at this institution, he helped create solutions for predictive analytics, risk-based governance and proactive data protection.

Mickey Bresman, CEO of Semperis commented: "As Semperis continues to deliver on our promise to provide customers with cutting-edge identity protection technology, Igor will play a major role in our efforts.

"A pioneer in the world of data analytics and threat intelligence, Igor is well versed on the challenges facing large IT and security teams. He brings years of proven leadership and first-hand experience developing enterprise security intelligence and risk analytics solutions. We're happy to welcome Igor to the team, as we constantly evolve the toolsets that enterprises need to achieve identity-centric security and cyber resilience for hybrid identity environments."

Baikalov added: “I’m eager to join the Semperis team during a period of remarkable growth for the company and amid surging demand in the market for identity management security and resilience solutions.

“In the modern highly-mobile digital world with disappearing security perimeters, identity is key to protecting the enterprise, and it’s also the focal point for attackers. Identity analytics and machine learning will further enhance the Semperis cyber-resiliency platform by facilitating identity hygiene, uncovering risky exposure, isolating attack paths, and automating system response to protect hybrid identity stores.”

Categories: Cyber Risk News

Cyber Insurance Market Expected to Surge in 2021

Info Security - Wed, 12/23/2020 - 12:15
Cyber Insurance Market Expected to Surge in 2021

The global cyber insurance market is projected to grow by 21% next year, reaching $9.5bn in value, according to new data by insurance firm

This is as a result of greater recognition of the increasing cyber-threat landscape, exacerbated by the shift to remote working this year. Finaria added that the cyber insurance market is expected to reach $20.4bn by 2025, as more organizations look to protect themselves from malicious actors.

In its analysis, the company cited data showing that almost one-quarter of all cyber insurance claims between 2013 and 2019 were in the healthcare sector, an industry particularly heavily targeted by attackers this year amid the COVID-19 pandemic. Healthcare was followed by IT and telecommunications, insurance, retail and wholesale and manufacturing as the sectors with the most claims.

Almost three-quarters of claims in this period involved an insurance clause related to breach incident response and crisis management. In second place was data privacy breaches, with cyber-extortion in third.

In the first half of 2020, ransomware attacks were found to be the biggest cause of cyber insurance claims in North America.

Data from the Ponemon institute’s Cost of a Data Breach Report earlier this year was also highlighted, which showed that healthcare has the most expensive data breach costs, at $7.13m per incident, with energy in second at $6.39m per breach. This is followed by financial services ($5.85m), pharma ($5.06m) and technology ($5.04m). commented: “Over the years, cyber-attacks and data breaches became one of the biggest risks in the business sector, compromising sensitive data, and causing a massive financial hit to companies and organizations worldwide. As data applications and technology in the business sector increase, organizations are becoming more vulnerable to these attacks and more aware of the need for insurance coverage for cyber-risks.

“If a costly data breach occurs, the company may not have enough resources to resolve these issues and cover the losses. Cybersecurity insurance can provide support to businesses, so cyber-attacks do not cripple their business.”

Earlier this year, a study found that more than 80% of UK businesses still don’t have cyber-related insurance, while another revealed that under 13% of SMEs in the UK have cyber insurance.

Categories: Cyber Risk News

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

Info Security - Wed, 12/23/2020 - 10:45
Leaky Server Exposes 12 Million Medical Records to Meow Attacker

A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed.

A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how long the data was exposed for before that.

It was traced back to Vietnamese tech firm Innovative Solution for Healthcare (iSofH), which provides software for electronic health records and hospital management to 18 medical facilities, including eight top-tier clinics.

As the server was left publicly exposed without encryption or password protection, the researchers were able to view a 4GB database of 12 million records, affecting roughly 80,000 patients and healthcare staff.

The data is a treasure trove for fraudsters, containing full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records and recent test results and diagnoses.

It also included the personal information of some children.

Three days after the discovery, the database was attacked by the meow bot which deleted an unspecified number of indexes.

After reaching out to iSofH and the Vietnamese CERT in mid-November to no avail, the researchers were finally able to contact the latter in early December, although the organization apparently hasn't been persuaded to take the incident seriously.

That’s despite the potential for follow-on blackmail and fraud attacks using the leaked data.

“The server contained incredibly detailed patient information and logs, as well as personal information regarding company staff and even partial information about the doctors who work at the various hospitals iSofH operates. If such information was to fall into the hands of criminals, this would present an acute security risk to doctors, company staff and patients simultaneously,” SafetyDetectives argued.

“More broadly, revealing full names, addresses and emails can be harnessed by nefarious users to inflict severe financial and reputational harm upon victims in the form of identity theft and financial fraud. The availability of credit card information further exacerbates the potential danger posed to victims, leaving them susceptible to credit card fraud and other financial crimes.”

Categories: Cyber Risk News

Web Page Layout Can Trick Users into Divulging More Info

Info Security - Wed, 12/23/2020 - 10:20
Web Page Layout Can Trick Users into Divulging More Info

Computer users can be manipulated into divulging more information than they would normally simply by the layout of webpages, new research has revealed.

A team at Israel’s Ben-Gurion University of the Negev (BGU) presented its study, Online Disclosure Depends on How You Ask for Information, at the International Conference on Information Systems last week.

They examined the behavior of 2504 users who were asked to provide their country, full name, phone number, and email address as part of the sign-up process for Tel Aviv-based digital bank, Rewire.

Successful tactics included asking for relatively non-sensitive info first and then gradually scaling up the requests to more private details. Similarly, by placing information requests on separate but consecutive web pages, the researchers were also able to elicit more personal data from the participants.

The research garnered impressive results.

“We found that both manipulations independently increased the likelihood of sign-up and conversion,” said Lior Fink, head of the BGU Behavioral Information Technologies (BIT) Lab and a member of the Department of Industrial Management and Engineering.

“The ascending privacy intrusion manipulation increased sign-up by 35% and the multiple-page manipulation increased sign-up by 55%.”

Lead researcher Naama Ilany-Tzur added that regulators and members of the public should be made aware of such tactics, as they may help social engineering attackers to bypass users’ natural caution when divulging personal details online.

However, on a less security-centric note, the BGU student also heralded the research as an important discovery for marketers trying to find the optimal way to capture as much data on individuals as possible.

Ideally, the findings of research like this would be built into security awareness training courses. However, research released this week revealed that just 8% of UK firms carry out regular training in the first place.

The iomart study found that a quarter (28%) of employers offer no cybersecurity training for remote workers, while a further 42% do but only to select employees. Yet even the majority of those that get training are given a short briefing rather than the regular sessions that are required to keep up-to-date with evolving threats.

Categories: Cyber Risk News

US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

Info Security - Wed, 12/23/2020 - 09:30
US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

The US government has urged domestic businesses not to invest in Chinese IT kit or data services over fears companies there will be coerced by the Communist Party into enabling cyber-espionage.

The business advisory from the Department of Homeland Security (DHS) clarified what many have known for some time: that the People’s Republic of China (PRC) is on a mission to become self-sufficient in technology and a global tech superpower over the coming decades.

A key part of this strategy is to steal intellectual property from foreign firms and governments. The same tactic is used to enhance the PRC’s military capabilities, the advisory noted.

Local Chinese firms are compelled to covertly assist intelligence officers according to the requirements of the 2017 National Intelligence Law (aka the Cybersecurity Law), and an updated version in 2020 which is designed “to force foreign markets to remain open to Chinese data services providers.”

A third law from 2020 requires foreign commercial crypto firms to provide encryption keys to the PRC government.

Together, these make Chinese tech firms a bad bet for US businesses, because they mean the state can force local providers to send customer data and encryption keys to Beijing, and install backdoors in equipment, the advisory argued.

“The PRC’s data collection actions result in numerous risks to US businesses and customers, including: the theft of trade secrets, of intellectual property, and of other confidential business information; violations of US export control laws; violations of US privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to US businesses,” it said.

The warning extends to fitness trackers, mobile applications and even foreign data centers built with Chinese equipment, among other things.

It can be seen in the context of a bipartisan crackdown on perceived abuses by China that have been ongoing for years, as the Asian giant seeks to grow its economic, technological and military strength.

Most recently, legislation has passed the Senate designed to prevent Chinese firms listed on US stock exchanges from escaping regulatory scrutiny, as they have for over a decade, and — just this week — to punish foreign firms looking to steal American IP.

Categories: Cyber Risk News

Phishers Spoof New York Department of Labor

Info Security - Tue, 12/22/2020 - 18:22
Phishers Spoof New York Department of Labor

Scammers are impersonating New York State's Department of Labor to steal personal information from state residents seeking to claim money from a COVID relief fund.

Targets are sent an email bearing the state logo that appears to come from “” The email states that by activating their account, the recipient will receive $600 in pandemic aid.

It reads: "Dear Citizen, Due to Covid-19 related issues, NY.GOV will pay $600 for victims who are affected by this pandemic. Please complete the online form to join the aids program. Please click here to active your account. Please do not close out of the browser while completing the account activation. Thank you, New York State."

A malicious link contained within the email directs the target to a webpage controlled by the attackers. The page has been set up to mimic a page on the New York State government site.

Targets are instructed to fill in a form that asks for their name, address, date of birth, Social Security number, and driver’s license number. 

The new phishing attack was detected by researchers at Abnormal Security, who believe that it could have landed in as many as 100,000 mailboxes.

Researchers found that the email's true sender was “,” a Panamanian-registered domain that is not associated with the New York state government.  

"The email contains an embedded link that should supposedly lead to a NY.GOV site, but actually points to 'https://thesender[.]org/fjc4'," wrote researchers. "After clicking on the hypertext, the link redirects to '[.]php,' a phishing page posing as a legitimate government website."

"Although this landing page displays the official New York state government logo, the URL is not associated with the New York Department of Labor."

Researchers noted that the attackers had used the lure of money coupled with an air of authority created by impersonating an official government entity to incentivize the target to act quickly. They also observed that the timing of the attack may have given it added legitimacy. 

"Americans have already received pandemic stimulus checks from the government, so a recipient of this email may be more likely to believe that the government is offering additional relief as the pandemic continues," wrote researchers.

Categories: Cyber Risk News

Shabang Banged to Rights

Info Security - Tue, 12/22/2020 - 17:41
Shabang Banged to Rights

A computer programmer from Ohio who lied to federal agents about his involvement with an illegal online marketplace has been sentenced to prison. 

Michael R. Weigand, also known by his online pseudonyms "Shabang" and “~Shabang~,” concealed his work for illicit black marketplace Silk Road when questioned by an IRS special agent and an FBI agent in January 2019. 

Silk Road was used by several thousand criminals around the world to distribute hundreds of millions of dollars' worth of narcotics and other contraband. The site, which was founded and administered by Ross Ulbricht, aka "Dread Pirate Roberts" and "DPR," was shut down by law enforcement in October 2013.

Kirtland resident Weigand claimed that he had never opened an account on Silk Road, never transferred Bitcoin to the marketplace, and never performed any services for the Silk Road website.

In fact, the 56-year-old programmer and electrical engineer had been hired by Ulbricht's senior adviser, Roger Thomas Clark, to work on various aspects of the Silk Road business and laundered $75k in Silk Road proceeds after the site was shut down.

Together, Weigand and Clark worked to identify security vulnerabilities in the Silk Road website. Weigand also supplied technological advice to Ulbricht and Clark, who used the online pseudonym "Variety Jones." 

Despite working directly with Ulbricht and Clark, Weigand told federal agents that he had never communicated with anyone who used the online pseudonyms “Dread Pirate Roberts,” “DPR,” or “Silk Road” and didn't know the true identity of "Variety Jones."

Weigand also lied about a trip he took to London in late 2013, after Silk Road had been seized and its founder arrested. The programmer claimed he visited the English capital to talk about a marijuana seed business with Clark’s associate. In reality, he made the journey in order to remove Silk Road evidence from Clark’s London residence after receiving $20,000 in Bitcoin from Clark.

On September 21, Weigand pleaded guilty to one count of making false statements. On December 18, he was sentenced to eight months in prison and three years of supervised release. 

Ulbricht is currently serving a double life sentence without parole, plus 40 years. Clark pleaded guilty to conspiring to distribute narcotics, and his sentencing is currently pending.

Categories: Cyber Risk News

Police Seize VPN Service Beloved by Cyber-criminals

Info Security - Tue, 12/22/2020 - 16:34
Police Seize VPN Service Beloved by Cyber-criminals

A virtual private network (VPN) used by some of the world's leading cyber-criminals has been shut down in an international law enforcement action led by German police.

The Safe-Inet service was deactivated yesterday as part of Operation Nova, a coordinated effort that involved the Federal Bureau of Investigation and European law enforcement agencies acting through Europol. 

Servers used by the service were taken down, and its infrastructure was seized in France, Germany, the Netherlands, Switzerland, and the United States. Visitors to the Safe-Inet webpage are now greeted by a domain seizure notice.

Safe-Inet was active for eleven years prior to yesterday's action, describing itself as an international team of "experienced technical specialists who understand how important anonymity on the network is for our clients."

According to Europol, the service was used by cyber-criminals to carry out serious crimes including e-skimming breaches and ransomware attacks. 

"This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections," said a spokesperson for Europol.

Law enforcement observed criminals using Safe-Inet to spy on 250 companies located around the world. Police warned the companies that they may be targeted by ransomware and advised them to beef up their cybersecurity.

Investigations are ongoing in multiple countries to identify and prosecute individuals who used the VPN service to commit crimes.

Operation Nova was led by German Reutlingen Police Headquarters and carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT). 

"The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide," said police president of the Reutlingen Police Headquarters, Udo Vogel.  

"The results show that law enforcement authorities are equally as well connected as criminals."

Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said that cybercriminals couldn't hide from the law.

"The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service," said Šileris. 

"Criminals can run but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them."

Categories: Cyber Risk News

Ministry of Justice Suffers 17 Serious Data Breaches Last Year

Info Security - Tue, 12/22/2020 - 14:45
Ministry of Justice Suffers 17 Serious Data Breaches Last Year

The Ministry of Justice (MoJ) reported 17 serious data breaches during the last financial year, according to official figures analysed by the Parliament Street think tank.

The UK government department responsible for running the country’s justice system revealed in its annual report 2019-20 that it informed the Information Commissioner’s Office (ICO) of personal data loss incidents affecting a total of 121,355 people.

In the largest of the incidents reported to the ICO, a technical error in a sub-processor made various files on a staff training database briefly accessible to unauthenticated users, resulting in one full and one partial unauthorized download. This disclosed personal information of 120,000 people, including staff data such as names, work locations, staff numbers, national insurance numbers, email addresses and training records.

The second largest incident was caused by a set of prison records being dispatched to the wrong prisoner by mistake. Impacting a total of 143 people, this exposed data relating to the offender’s friends, family, solicitors and MoJ officials.

Other breaches included an applicant’s address and the names of five children being disclosed to the respondent in a domestic violence court case, a lost unencrypted USB stick containing around 33,000 documents from a fraud trial and the leaking of sensitive data about seven staff members following the theft of a laptop and mobile phone.

A further 6425 data incidents were recorded by the MoJ in the 12-month period, although these were not substantial enough to be reported to the ICO. Most (5445) were labelled as ‘unauthorized disclosure’, while 823 were as a result of ‘inadequately protected electronic equipment, devices or paper documents’.

Commenting on the figures, Tim Sadler, CEO at Tessian said: “Data security is, today, well and truly in the hands of the employees. But, sometimes, employees make mistakes - as we can see from the breaches reported by the MoJ to the ICO. It's human nature; people misplace things, we send emails containing sensitive information to the wrong person, and we click the wrong buttons. And because people are in control of more data than ever before, the risk of that data being accidentally leaked or exposed is only growing.

“As organizations expect people to be responsible for more and more sensitive data, measures must be in place to prevent the mistakes that compromise security. Failure to do so could result in regulatory fines and ruined reputations.”

Categories: Cyber Risk News

Cybereason Adopts Oracle Cloud Infrastructure to Enhance its Platform Security

Info Security - Tue, 12/22/2020 - 13:00
Cybereason Adopts Oracle Cloud Infrastructure to Enhance its Platform Security

Security firm Cybereason has announced a new partnership with Oracle to enhance protection for customers in the face of a growing cyber-threat landscape.

Firstly, it has adopted the Oracle Cloud Infrastructure to run its automated Cyber Defense Platform. Cybereason said this will improve security and risk posture as well as reduce operational costs for customers using its platform. It placed a particular emphasis on Oracle Cloud Infrastructure’s ability to accelerate artificially intelligent threat detection.

Additionally, the two companies have entered into an agreement to jointly market and sell solutions, helping organizations search for available applications and services that best fit their needs.

Cybereason hopes the partnership will help facilitate its global expansion.

Lior Div, Cybereason CEO and cofounder commented: “We’re excited to collaborate with Oracle to enhance our company’s cloud infrastructure for our award-winning unified protection platform. We chose Oracle Cloud Infrastructure because of its security-first approach and performance. Together, we will deliver unmatched visibility and risk reduction to our global customer base. Additionally, the Oracle Cloud global footprint will enable Cybereason to offer in-country hosting in more locations for meeting regulatory data sovereignty requirements.”

Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure, said: “Cybereason joins a growing roster of companies adopting Oracle Cloud Infrastructure for its leading security and price performance advantages delivered across its global cloud footprint. Adopting Oracle Cloud Infrastructure will enhance Cybereason’s ability to deliver insights into threats across thousands of endpoints and enable customers to stay one step ahead of today’s most nefarious attacks.”  

In September, it was announced that a department of the UK’s Ministry of Defence (MoD) added the Oracle Cloud Infrastructure within its MODCLOUD Multi-Hybrid suite of secure services.

Adoption of cloud services has grown substantially this year as organizations looked to function efficiently following the shift to remote working as a result of COVID-19. According to a recent study by Sumo Logic, multi-cloud adoption went up by 70% year-over-year in 2020.

Categories: Cyber Risk News

Tech Giants Support Facebook in Case Against Spyware Maker

Info Security - Tue, 12/22/2020 - 11:30
Tech Giants Support Facebook in Case Against Spyware Maker

Microsoft, Google, Cisco and a host of other tech giants have added their names to a legal filing supporting Facebook’s case against controversial spyware developer NSO Group.

The social network took the Israeli firm to court after alleging that the latter exploited a vulnerability in WhatsApp which helped its clients spy on over 1400 users globally. It’s believed that the bug or similar ones may also have been used to help Saudi Arabian officials spy on murdered journalist Jamal Khashoggi and his former boss, Jeff Bezos.

NSO Group has argued that its tools are only ever used for legitimate law enforcement purposes, and that, as it sells exclusively to governments, it should benefit from the “sovereign immunity” that means nation states can’t be taken to court.

The case is now at the Court of Appeals after Facebook won the argument in the Northern District of California in July.

That’s where the latest amicus brief filing comes in: it shows support for Facebook’s position from a wide range of tech firms, including rivals. As well as those listed above, the signatories also include lobby group the Internet Association, which counts among its members tech firms including Amazon, Twitter, PayPal, eBay, Uber and Reddit.

Microsoft’s VP of customer security and trust, Tom Burt, argued that NSO Group’s actions should not be granted legal immunity for three reasons.

He claimed that the firm’s tools could end up in the wrong hands, as per the Shadow Brokers hack that resulted in NotPetya and WannaCry, if sophisticated attackers decide to target NSO Group itself, or its government customers.

He also argued that, unlike governments which are bound by international laws and diplomatic norms, private companies like the Israeli firm are only motivated by profit.

Finally, Burt argued that these tools threaten human rights, despite NSO Group’s protestations to the contrary, by expanding the range of autocratic regimes that can access sophisticated spyware.

“Reporting shows foreign governments are using those surveillance tools, bought from PSOAs [private sector offensive actors], to spy on human rights defenders, journalists and others, including US citizens,” he added.

“These tools allow the user to track someone’s whereabouts, listen in on their conversations, read their texts and emails, look at their photographs, steal their contacts list, download their data, review their internet search history and more.”

Categories: Cyber Risk News

Just 8% of Firms Offer Regular Security Training

Info Security - Tue, 12/22/2020 - 10:30
Just 8% of Firms Offer Regular Security Training

A majority of UK businesses are failing to adequately train their remote working employees to spot security threats, according to new research from iomart.

The cloud services company based its Cyber Security Insights Report on the views of 1167 UK workers at C-level, director, manager and employee level.

It found that over a quarter (28%) of their employers offer no cybersecurity training for the distributed workforce, while a further 42% do but only to select employees.

Of those who were offered training, 82% claimed that it was a short briefing rather than something more comprehensive. Less than a fifth (17%) said they had regular training sessions.

That means, overall, just 8% of those surveyed receive regular security training.

This comes at a time when threats are on the rise. A fifth (20%) of those surveyed reported seeing an increase in cyber-attacks as a result of working remotely.

Cyber-criminals have been targeting remote workers with phishing emails often themed with COVID-19 lures, as well as vulnerabilities in VPN infrastructure and insecure RDP endpoints that can be easily brute-forced or their credentials bought off the dark web.

The number of RDP ports exposed to the internet grew from three million to 4.5 million in the period from January to March 2020, according to McAfee research released in May.

Bill Strain, security director at iomart, warned that organizations still aren’t placing security and data protection at the top of their priority list.

“They need to understand what the potential threats are and build resilience into their business strategy so they can react quickly and maintain operations if their IT systems are compromised,” he urged.

“Many businesses would not survive the operational — let alone financial — impact of a data breach. By understanding the potential risk and introducing positive behavior around cyber awareness, they have a much better chance of surviving an incident.”

Remote workers are thought of as a potential cyber risk as many may be more distracted at home and likely to click through on phishing emails, whilst their devices may not be as well protected as corporate equivalents.

Categories: Cyber Risk News

Big Tech Joins Up to Ransomware Task Force

Info Security - Tue, 12/22/2020 - 09:30
Big Tech Joins Up to Ransomware Task Force

A group of big-name security and technology vendors, non-profits and other industry stakeholders have come together to create a new group focused on combatting ransomware.

The Ransomware Task Force (RTF) is the brainchild of Bay Area firm the Institute for Security and Technology (IST) and will see member organizations unite to provide “clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise.”

Members announced at the official launch yesterday include tech firms Citrix, Microsoft, McAfee, Rapid 7, Team Cymru and Cybereason, law firm Venable LLP, and policy-maker groups like Digital Aspen and the Cybersecurity Coalition. Others on board include insurer Resilience, non-profit the Shadowserver Foundation and data sharing group the Cyber Threat Alliance.

“Ransomware incidents have been growing unchecked, and this economically destructive cybercrime has increasingly led to dangerous, physical consequences. Hospitals, school districts, city governments, and others have found their networks held hostage by malicious actors seeking payouts,” the IST argued.

“This crime transcends sectors and requires bringing all affected stakeholders to the table to synthesize a clear framework of actionable solutions, which is why IST and our coalition of partners are launching this Task Force for a two-to-three-month sprint.”

According to the most recent stats, ransomware grew as a percentage of total detected malware from 39% to 51% during the period Q2-Q3 2020. Healthcare organizations have been most notably targeted through the COVID-19 crisis, as have vaccine developers.

Big names such as French IT services giant Sopra Steria have been on the receiving end of a surge in “big game hunting” attacks using APT-style tactics to infiltrate large organizations. It said a Ryuk attack in October could end up costing the firm as much as $60 million.

However, the truth is that SMBs are much more likely to get caught out, according to Coveware. The vendor claimed that organizations with up to 1000 workers accounted for 73% of attacks in Q3 2020.

“The RTF will assess existing solutions at varying levels of the ransomware kill chain, identify gaps in solution application, and create a roadmap of concrete objectives and actionable milestones for high-level decision-makers,” said the IST.

Categories: Cyber Risk News

Russia Officially Denies Large-scale US Hack

Info Security - Mon, 12/21/2020 - 20:43
Russia Officially Denies Large-scale US Hack

Russia has officially denied any culpability for a recent cyber-attack that impacted at least six federal agencies in the United States.

America's Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week after cyber-criminals trojanized updates to SolarWinds’ Orion IT monitoring and management software to launch a large-scale cyber-attack. 

CISA said that the incident poses "unacceptable risk to the security of federal networks" and urged all federal civilian agencies to review their networks for indicators of compromise and to disconnect or power down SolarWinds Orion products immediately.

SolarWinds, an IT company based in Austin, Texas, which serves government customers across the executive branch, the military, and the intelligence services, stated on December 20 that it was the victim of a sophisticated supply-chain attack that "could potentially allow an attacker to compromise the server on which the Orion products run." 

The company has not attributed the attack to any particular threat actor, stating only that "we’ve been advised that the nature of this attack indicates that it may have been conducted by an outside nation state, but SolarWinds has not verified the identity of the attacker."

While the US government has not publicly identified who might be behind the hacking, Reuters reported on December 15 that "three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack."

Secretary of State Mike Pompeo publicly laid the blame for the cyber-attack at Russia's door on December 18. 

Discussing the cyber-incident during an interview with radio host Mark Levin, Pompeo stated: "This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity." 

Today, Russian News Agency Tass reported that Moscow was not responsible for the hacking attack that impacted US government bodies and companies. 

"Russia is not involved in such attacks, namely this one. We state this officially and firmly," Kremlin spokesperson Dmitry Peskov told reporters on Monday.

He added that "any accusations of Russia’s involvement are absolutely baseless; they are more likely to be a continuation of blind Russophobia that is resorted to in case of any incident."

Categories: Cyber Risk News

BlueHalo Acquires Base2 and Fortego

Info Security - Mon, 12/21/2020 - 18:29
BlueHalo Acquires Base2 and Fortego

Arlington Capital Partners portfolio company BlueHalo today announced that it has completed the acquisition of Maryland businesses Base2 LLC and Fortego LLC.

While both companies are leading providers of complex, mission-critical cyber and Signals Intelligence (SIGINT) solutions, Base2 specializes in the design and development of cyber-solutions in the areas of Computer Network Operations (CNO), SIGINT, and Quick Reaction Capability (QRC).

"We reached a point where it was time to consider being part of a larger organization that could help our company grow long term," said Base2 co-founders Edward Wright and Michael Curry.

"BlueHalo resonated with us because they focus on solving the hardest engineering problems while contributing to national defense imperatives."

Fortego, formed to fill a niche need for highly specialized technical analysts and developers focused on current cyber-warfare techniques and technologies, is known for its capabilities in advanced SIGINT and cyber operations solutions, with end-to-end solutions in cyber-analytics, vulnerability research, and CNO engineering.

"Combining with BlueHalo, who also believes in the importance of an employee- and mission-focused culture, was a natural fit as we lead Fortego into the next phase of its evolution," said Chad Price and Eric Rothenberger, co-founders of Fortego.

BlueHalo said that the freshly sealed deal will enable the company to address the most complex cyber programs in the national security community. 

"We are thrilled to partner with the management teams at both Base2 and Fortego," said Jonathan Moneymaker, CEO of BlueHalo. 

"The strong cultural alignment between our organizations around driving inspired engineering of complex solutions for our customers and our mission focus and unique access to specialized programs attracts the best of the best to the team.

"BlueHalo is leading the transformation of modern warfare, and the acquisitions of Base2 and Fortego enhance our ability to deliver on this vision and accelerate our ability to grow organically into new mission areas."

BlueHalo was formed through the combination of AEgis Technologies and its previously integrated acquisitions Excivity and EMRC Heli, Applied Technology Associates, and Brilligent Solutions.

The company has nearly 900 employees located across 11 states chosen for their proximity to major intelligence and Department of Defense organizations.

Categories: Cyber Risk News

Breakup Plan for Cyber Command and NSA

Info Security - Mon, 12/21/2020 - 18:05
Breakup Plan for Cyber Command and NSA

The Trump administration has come up with a proposal to split up the leadership of US Cyber Command and the National Security Agency (NSA).

Under the existing "dual-hat" arrangement, the posts of CYBERCOM commander and NSA director are held by one individual. Right now, that person is General Paul Nakasone.

The proposal, which could significantly reshape America's defense policy, was received by the joint chiefs of staff and joint chiefs chairman General Mark Milley at the end of last week. 

Milley, together with Acting Defense Secretary Chris Miller, must certify that the plan meets a particular set of standards laid out by Congress in 2016. 

Given that he told Congress in 2019 that the current leadership structure was effective and should continue, Milley is unlikely to approve the proposal. 

In his Senate nomination hearing for chairman of the joint chiefs of staff on July 11, Milley said: "The current 'dual hat' configuration between US Cyber Command and the National Security Agency is working well and should be maintained."

He added that the joint chiefs of staff would benefit from a cyber-readiness review similar to that conducted by the US Navy and reported on in March 2019, including annual cyber-training for all personnel, including military, government, and contractors.

Colonel Dave Butler, a spokesperson for Milley, said on Saturday that the chairman "has not reviewed nor endorsed any recommendation to split CYBERCOM and NSA."

US Cyber Command, the digital attack–fighting branch of America's military, was established in 2009. 

The timing of the proposal to split the role into two distinct posts comes just after the United States was struck by a large-scale cyber-attack that impacted at least six federal agencies. An investigation into the true extent of the assault and from whence it originated is ongoing. 

In a joint statement issued on Sunday, Senators Ben Sasse and Angus King and Representatives Mike Gallagher and Jim Langevin said that the timing of the proposal, mere weeks before the end of Trump's presidency, was all wrong. 

“Regardless of whether it’s better to keep or end the dual-hat arrangement between NSA and CYBERCOM, now is not the time to do it," said the statement.

Categories: Cyber Risk News

Ransomware Attacks Surge in Q3 as Cyber-Criminals Shift Tactics

Info Security - Mon, 12/21/2020 - 15:30
Ransomware Attacks Surge in Q3 as Cyber-Criminals Shift Tactics

A record growth in ransomware attacks took place in Q3 of 2020 compared to Q2, from 39% to 51% of all malware attempts, according to Positive Technologies’ Cybersecurity Threatscape: Q3 2020 report.

The study also found that hacking accounted for 30% of all attacks during Q3, with cyber-criminals reducing their emphasis on social engineering tactics compared with earlier this year. The researchers noted that the percentage of social engineering attacks using COVID-19 as a lure fell from 16% in Q2 to just 4% in Q3, which they attribute to people becoming more accustomed to this crisis. Additionally, social engineering attacks targeting organizations fell from 67% of all attempts in Q1 to under half (45%) in Q3.

Healthcare organizations were heavily targeted in this period, including pharmaceutical sites where COVID-19 vaccine research was being conducted. Half of all attacks against this sector involved ransomware, which resulted in serious consequences, such as the crippling of hospital functions.

The cybersecurity firm added that attackers continued to target increased network insecurity brought about by the mass shift to remote working, with exploitation of vulnerabilities up by 12 percentage points quarter-on-quarter (to 30%).

Encouragingly, there was a slow-down in the growth in attacks experienced during the first two quarters of the year, with the number of incidents rising by 2.7 percentage points compared to the previous quarter. However, the rate of targeted attacks went up from 63% to 70%.

Yana Yurakova, analyst at Positive Technologies, commented: "According to our data, COVID-19 is being exploited in attacks on individuals as well as organizations. In regard to individuals, we see that the number of phishing emails related to COVID-19 is dropping quickly. Pandemic-themed messages fell from 16% of social engineering attacks in Q2 to just 4% in Q3.

 In the previous quarter, phishing emails would advertise personal protective equipment or offer information about the virus, whereas now they are exploiting interest in a vaccine. One mailing addressed to people in the UK claimed that local vaccine efforts were going slowly and offered a supposed vaccine for sale on the site of a Canadian pharmacy chain. Individuals need to stay extra vigilant of the threats which are circulating linked to the pandemic.”

Categories: Cyber Risk News

Gallagher Appoints Three New Cybersecurity Specialists

Info Security - Mon, 12/21/2020 - 14:30
Gallagher Appoints Three New Cybersecurity Specialists

Insurance broker Gallagher has announced the appointment of three new cybersecurity specialists to grow its cyber-risk knowledge, thereby helping clients better prepare themselves against attacks.

The appointments are designed to enhance Gallagher’s cyber-practice within its UK retail division, which provides clients with cyber-protection and insurance cover to prevent cyber-incidents in addition to protection in the event they suffer a cyber-attack.

Jay Lucas has taken on the role of cyber-risk technical lead, in which he will oversee penetration and vulnerability testing to allow clients to identify security weaknesses across their network architecture. Lucas was previously a cybersecurity specialist at IntaForensics and prior to that, worked for Leicestershire Police for 16 years.

Gallagher has also appointed two new cyber-risk consultants, Stephen Randles and John Clarke, who will help clients achieve relevant industry accreditation, such as Cyber Essentials. They will also conduct open source intelligence investigations on behalf of clients to understand the risk of sensitive information being harvested by those with malicious intent towards the business. Randles joins from McLaren Automotive while Clarke moves from insurance broker Clearview Credit and Financial Risks Limited.

Johnty Mongan, cyber-risk consultant at Gallagher, commented: “As businesses become more reliant on their digital capability, in part driven by the increase in remote working as a result of COVID-19, ensuring they have a high level of protection against cyber-attacks, and identifying ways in which common cybersecurity risks can be mitigated against, is now an important consideration for companies of all sizes. 

“There isn’t a one size fits all approach to cybersecurity, and our practice plays a crucial role in helping organizations identify, mitigate and respond to any cyber-risk they might be facing, and ensuring they have appropriate insurance cover in place should they become victim to cyber-criminals.”

Categories: Cyber Risk News

Stolen Card Prices Soar 225% in Two Years

Info Security - Mon, 12/21/2020 - 11:45
Stolen Card Prices Soar 225% in Two Years

The price of stolen credit card details and cybercrime tools has in many cases seen triple-digit growth over the past two years, according to new dark web research compiled by Flashpoint.

The risk intelligence firm trawled some of the more established cybercrime marketplaces across the deep and dark web, across eight categories: from government-issued IDs to DDoS-for-hire services, exploit kits, RDP server access and “fullz.”

The cost of credit card dumps soared 225%, from $12.44 in 2018 to $26.50 this year, it revealed. Fake US passports can reach around $525 while the price rises even higher ($3500) for UK versions.

DDoS-for-hire services have nearly quadrupled in price since 2017, to around $165 for a fully managed attack, or provider-specific options potentially hitting $250.

According to Flashpoint, the “as-a-service” model has become increasingly popular of late because it enables those managing the services to customize on-the-fly, in order to improve success rates in response to enhanced mitigation on the defender side.

Access to RDP servers is often paired with online payment accounts to facilitate quick and easy fraud — available for upwards of $575. US bank account and routing numbers can also fetch hundreds, going for $530 when additional linked accounts are included in packages, said Flashpoint.

Phishing kits with “how-to” guides go for as little as $35, while exploit kits targeting Office 365 can cost $125.

Flashpoint argued that stolen data and cybercrime tools have increased in price across 2020 thanks to more online activity in general over the past year.

“The pricing analysis we conducted heading into 2021 illuminates some of the unique market dynamics and trends we see throughout dark web marketplaces — such as the long-tail effects of the global coronavirus pandemic and changes in buying and selling behavior stemming from an increase in working from home and online shopping,” added head of intelligence, Tom Hoffman.

Categories: Cyber Risk News