Info Security

Subscribe to Info Security  feed
Updated: 1 hour 7 min ago

Virtual Graduation Ceremony Delayed by Cyber-attack

Tue, 05/05/2020 - 18:17
Virtual Graduation Ceremony Delayed by Cyber-attack

A Florida university's virtual graduation ceremony was stymied on Sunday by a cyber-attack.

Florida Gulf Coast University's Class of 2020 was due to take part in a digital spring commencement ceremony managed by StageClip at 10am on May 3. The celebratory occasion was relegated to an online-only event to comply with social distancing and lockdown measures implemented to slow the spread of COVID-19. 

Five minutes before the ceremony was due to start, the vendor began experiencing issues. The list of graduates became distorted as names of some students were linked to photographs of others. 

After experiencing several glitches, the site crashed, ruining the ceremony and disappointing thousands of students eager to mark their special day.

FGCU graduate Luisa Rodriguez was determined to make her graduation memorable despite having to celebrate it from her couch instead of surrounded by her family, friends, and student peers.  

“We were all super excited and ready, and I was with my cap and my sisters’ gown from 2016 and all my stoles and everything,” said Rodriguez. “And we sat in front of the computer and were like, ‘What is going on?’”

It transpired that StageClip's problems were the result of a cyber-attack on its servers.

Rodriguez said: “My mom, she started crying because she said, you know, you work so hard. You don’t deserve this. None of you guys deserve this.”

Due to receive their degrees via the virtual Sunday ceremony were 1,715 undergraduate students and 219 graduate-level students.

Commenting on the disruption of the ceremony, FGCU graduate Carli Coppola said: “I was definitely worried, and I saw a lot of comments on Facebook saying, you know, we waited all this time to be able to see our picture and graduate, but we weren’t able to.” 

While StageClip worked to rebuild its website, students were invited to view the virtual commencement address recorded by FGCU president Dr. Michael Martin and posted on the university's website.

"While today was disappointing, nothing can take away from our graduates’ tremendous accomplishment at the end of a uniquely challenging semester," said a spokesperson for FGCU.

StageClip described the results of the attack on the virtual ceremony as "very disheartening for all parties involved."

Categories: Cyber Risk News

Dominic Raab Condemns #COVID19 Cyber-Attacks as NCSC and CISA Release APT Advisory

Tue, 05/05/2020 - 17:24
Dominic Raab Condemns #COVID19 Cyber-Attacks as NCSC and CISA Release APT Advisory

The UK Foreign Secretary, Dominic Raab, has said he has evidence that advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic to attack national and international organizations that are responding to the crisis. During the UK government’s daily coronavirus press briefing today, Raab confirmed the government is working with those organizations facing targeted campaigns to ensure they are aware of the threat and can take steps to protect themselves from such attacks.

“We know that cyber-criminals and other malicious groups are targeting individuals, businesses and other organizations by deploying COVID-19-related scams and phishing emails. That includes groups in the cybersecurity world known as APT groups; sophisticated networks of hackers who try to breach computer systems,” said Raab.

The comments follow the joint advisory published earlier today by the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) about ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses.

The advisory stated that healthcare bodies, pharmaceutical companies and research organizations have been subject to large-scale ‘password spraying’ campaigns, which cyber-criminals use to access a large number of accounts using commonly known passwords. It has advised staff working within these organizations to change passwords that could be reasonably guessed to ones created with three random words as well as bring in two-factor authentication to reduce the threat of compromises.

The report also suggested the involvement of hostile states in these attacks, explaining that these APT actors target such bodies to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

Paul Chichester, NCSC director of operations, commented: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe. By prioritising any requests for support from health organizations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

“However, we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password spraying campaigns.”

The advisory provides an update on malicious cyber-activity related to COVID-19 that was published on April 8 2020 by NCSC/CISA.

Categories: Cyber Risk News

GoDaddy Suffers Data Breach

Tue, 05/05/2020 - 17:03
GoDaddy Suffers Data Breach

Domain registrar and web-hosting company GoDaddy has notified an undisclosed number of its 19 million customers of a data breach.

The security incident took place on October 19, 2019, but went undetected until April 23, 2020, when GoDaddy noticed some suspicious activity occurring on a subset of its servers. 

As a result of the episode, the web-hosting account credentials of an unknown number of customers have been compromised.

The impact of the breach could be far-reaching since GoDaddy is the world's largest domain registrar, managing 77 million domains. 

The breach was confirmed in an email filed with the State of California Department of Justice and sent out to customers by GoDaddy CISO and vice president of engineering Demetrius Comes. According to Comes, an unauthorized individual accessed login information used by customers to connect to SSH (secure shell) on their hosting account. 

In his message to affected customers, Comes described the known impact of the breach as minor, but said that an investigation into the incident had not yet reached a conclusion. 

"We have no evidence that any files were added or modified on your account," wrote Comes. "The unauthorized individual has been blocked from our systems, and we continue to investigate potential impact across our environment."

According to Comes, GoDaddy acted dynamically to minimize the impact of the security incident.

He wrote: "We have proactively reset your hosting account login information to help prevent any potential unauthorized access; you will need to follow these steps in order to regain access. Out of an abundance of caution, we recommend you conduct an audit of your hosting account."

Comes assured customers that that their "main customer account, and the information stored within your customer account, was not accessible by this threat actor."

In addition to offering customers its sincere apologies, GoDaddy is taking steps to sweeten the breach by offering "one year of Website Security Deluxe and Express Malware Removal at no cost."

Comes told customers that GoDaddy's security team would be on hand to help them should the free service throw up alerts of any potential security vulnerabilities on their websites. 

Categories: Cyber Risk News

Report Reveals Fears Over Threats Posed by Wireless Devices

Tue, 05/05/2020 - 14:40
Report Reveals Fears Over Threats Posed by Wireless Devices

More than two-thirds of cybersecurity professionals have no confidence they would be able to prevent a wireless attack, the second instalment of the Wireless Security: 2020 Internet of Evil Things report by Outpost24 has revealed. The study has highlighted the extent to which cyber-experts are concerned about the additional threats posed to organizations by the growing number of shadow internet of things (IoT) and wireless devices in workplaces.

The number of IoT devices throughout the world is projected to increase to 20.4 billion, which will substantially expand the potential attack points organizations face. Of the more than 200 cybersecurity professionals questioned in the study, 71% thought that efforts to monitor and protect against rogue devices and access points should be ramped up.

The study also revealed there was a worrying lack of preparedness by businesses regarding this growing danger, with 57% of respondents admitting that their security teams do not clear device purchases prior to accessing corporate networks. In addition, 53% of those polled were unaware of how many devices are connected to their network, while only 30% said they ensure Bluetooth pairing or wireless connection requires security authentication before gaining access to networks.

Yet 61% of security experts said they believe bring your own device (BYOD) offers a serious threat to their organization and 21% fear attacks via office-based IoT devices such as printers and coffee machines.

Bob Egner, head of product at Outpost24, said: “With the threat of wireless network attacks increasing every day, organizations must implement the tools to actively identify all BYOD, IT and IoT devices on the wireless network. Further, they need to monitor for indicators of exposure and attack as part of their vulnerability management process to ensure they are not blindsided by the hidden attack surface wireless technologies bring.”

The forms of wireless attacks that the security experts surveyed said posed the greatest threat were password theft (62%), Botnet/Malware (60%) and Man in the Middle attacks (55.5%).

Categories: Cyber Risk News

Brexit-Related Firm Wins Government Contracts Related to AI and Data Mining

Tue, 05/05/2020 - 13:15
Brexit-Related Firm Wins Government Contracts Related to AI and Data Mining

An Artificial Intelligence (AI) firm with connections to the 2016 Vote Leave campaign has been awarded seven government contracts in the last 18 months.

According to the Guardian, Faculty, which traded under the name Advanced Skills Initiative during the 2016 referendum on the UK’s membership of the European Union, has won seven contracts totaling around £280,000 of government work.

Faculty chief executive Marc Warren also attended Scientific Advisory Group on Emergencies (SAGE) meetings, whilst his brother, data scientist Ben Warner, was recruited to Downing Street last year for the Conservative Party’s general election campaign, and also attended SAGE meetings to provide advice to ministers on COVID-19.

Faculty is also working at the heart of the government’s response to the COVID-19 pandemic, processing large volumes of confidential UK patient information alongside US firm Palantir.

One tender was a £250,000 cross-government review on the adoption of AI, issued by the Department for Digital, Culture, Media and Sport and Government Digital Service (GDS), a body which promotes the use of digital technology to improve public services, in 2019. Cabinet Office minister Theodore Agnew also reportedly has a £90,000 shareholding in Faculty.

The contract was intended “to identify the most significant opportunities to introduce AI across government with the aim of increasing productivity and improving the quality of public services.”

Another contract was awarded in 2018 for £32,000 to fund fellowships to place data scientists in city governments to help solve local challenges. Faculty was at that time operating under its original name, Advanced Skills Initiative.

Other contracts include a £264,000 contract from the Department for Business, Energy and Industrial Strategy to monitor the impact of the coronavirus on industry, and a £600,000 contract from the Home Office to track terrorist videos online.

Holly Searle, Faculty’s head of PR and communications, told the Guardian: “Faculty has strong governance procedures in place to guard against conflicts of interest when competing for new work. All of its contracts with the government are won through the proper processes and in line with procurement rules.” Infosecurity has reached out to Faculty for further comment.

A government spokesperson said Agnew had had no role in awarding any contracts to Faculty while he had been a minister, and he had followed the appropriate procedures by declaring his shareholding in House of Lords register of interests and under the ministerial code of conduct.

Categories: Cyber Risk News

Tesla Car Parts Found on eBay Containing User Data

Tue, 05/05/2020 - 11:00
Tesla Car Parts Found on eBay Containing User Data

Security experts have discovered old Tesla car parts for sale on eBay still containing user data belonging to the previous owner, in a sign that the firm’s retrofitting service is failing customers on privacy.

A white hat known as GreenTheOnly explained that media control units (MCUs) and autopilot hardware (HW) swapped out of old models by Tesla during upgrades were turning up for sale online.

Even worse, the four he bought contained: the previous owner’s home and work address, all saved Wi-Fi passwords, calendar entries, call lists and address books from paired phones and Netflix and other stored session cookies.

When Tesla agrees to retrofit a customer’s car by upgrading such components, it takes the old units for disposal — customers aren’t usually allowed to keep them. However, the researcher’s discovery means that technicians are either selling them online, or eagle-eyed hunters are going through dumpsters near Tesla service centers, or both, according to InsideEVs.

The car firm has not responded to the title’s request for more comment on its process for disposing of old parts and why it doesn’t erase user data first. However, a source told the publication that technicians were being told merely to hit units with a hammer a few times before throwing them away.

In the meantime, the carmaker appears not to be notifying customers whose data may have been exposed in this way. Users who have had retrofitting are therefore advised to change all relevant passwords on their devices and online accounts.

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Center) argued that the more sophisticated the device, the greater potential for it to contain data that may place user privacy at risk after recycling.

“With cars becoming ever more connected and offering increasing information to drivers and passengers, manufacturers like Tesla, dealer networks supporting any manufacturer and neighborhood mechanics are in a position to access the personal information stored within the multitude of computers within a modern vehicle,” he added.

“Limiting this access, and taking care to ensure stored data is deleted during computer replacement, should be a high priority for the automotive industry as we move closer to a world where connected cars are the norm.”

It remains to be seen whether Tesla's actions attract the attention of Californian data protection regulators.

Categories: Cyber Risk News

Adult Streaming Site Leaks Data on Millions of Members

Tue, 05/05/2020 - 09:55
Adult Streaming Site Leaks Data on Millions of Members

A misconfigured cloud database has leaked records on tens of millions of users of an adult streaming site, putting them at risk of blackmail and identity theft, according to researchers.

CAM4 is a live streaming website for explicit content, with visitors paying to watch signed-up amateur performers film themselves online.

Security Detectives researchers led by Anurag Sen found an unsecured database containing over 7TB of personal data and production logs dating from March 16 2020. Although CAM4 appears to be owned by Irish company Granity Entertainment, the server was hosted in the Netherlands by Mojohost.

It was found to be leaking almost 11 billion records, including 11 million containing emails and 26.3 million containing password hashes. Millions contained first and last names, country of origin, sexual orientation, usernames, chat and email transcripts from the site, IP addresses, and inter-user conversations.

In addition, a few hundred are said to have revealed full names, credit card types and payment amounts.

It’s not clear whether the data belongs to content producers or viewers, or both. However, the data exposed in the privacy incident could have been highly lucrative for cyber-criminals, enabling follow-on phishing, identity fraud, and – perhaps most damaging – blackmail.

Hackers could also use the exposed Apple, Google and other emails to target cloud storage and other adjacent consumer services to harvest yet more personal information, Security Detectives warned.

“The availability of fraud detection logs enables hackers to better understand how cybersecurity systems have been set up and could be used as an ideal verification tool for malicious hackers, as well as, enabling a greater level of server penetration,” it continued.

“Moreover, website backend data could be harnessed to exploit the website and create threats including ransomware attacks.”

The majority of exposed email records came from US users, followed by Brazil, Italy, France and Germany.

Less than a week ago, Sen and his team discovered a similar incident in which French newspaper Le Figaro leaked over seven billion records including readers’ personal information.

Categories: Cyber Risk News

State Hackers Target UK Unis for #COVID19 Vaccine Research

Tue, 05/05/2020 - 09:10
State Hackers Target UK Unis for #COVID19 Vaccine Research

State-sponsored hackers have been targeting UK universities with greater frequency of late in a bid to steal research on developing COVID-19 vaccines, according to a government security agency.

It is thought that Russia, Iran and possibly China have all been probing institutions like Oxford University, which started human clinical trials on a vaccine this week, and scientific facilities.

Although there have reportedly been no successful attacks to date, there’s plenty of opportunity, with dozens of UK organizations working on treatments and tests for the coronavirus.

“Any attack against efforts to combat the coronavirus crisis is utterly reprehensible. We have seen an increased proportion of cyber-attacks related to coronavirus and our experts work around the clock to help organizations targeted,” a spokesperson from the National Cyber Security Centre (NCSC) told the Guardian.

“However, the overall level of cyber-attacks from both criminals and states against the UK has remained stable during the pandemic.”

It is hoped that if the vaccine is successful, the Oxford University researchers will team up with Cambridge-based drug firm AstraZeneca to manufacture and distribute it.

This isn’t the first time the alarm has been sounded over cyber-threats to the UK’s university sector, although the stakes have raised significantly given the current crisis.

The NCSC was forced to issue a report last September highlighting the threat to higher education from both state-sponsored attackers and cyber-criminals.

At the time, the GCHQ body urged universities to improve user security awareness, tighten access controls and revisit network architecture to segment high-value data.

“While it is highly likely that cybercrime will present the most evident difficulties for universities, state-sponsored espionage will likely cause greater long-term damage. This is particularly true for those universities which prize innovation and research partnerships. This damage will extend to the UK’s larger national interest and to those researchers whose work may give others the chance to 'publish first'” the report argued.

Categories: Cyber Risk News

Nearly Half of IT Pros Spend Weeks or More Renegotiating Vendor Contracts

Tue, 05/05/2020 - 08:44
Nearly Half of IT Pros Spend Weeks or More Renegotiating Vendor Contracts

New research from IT management and security company Ivanti has revealed that vendor management and contract negotiations are particularly time-consuming endeavors for IT professionals who are struggling with un-unified IT processes.

The firm surveyed more than 1300 IT pros, discovering that 50% work with 11 or more different vendors and 48% can spend weeks, or months, renegotiating vendor contracts each year, with Ivanti noting the greater the number of vendors to manage, the greater the contract negotiation time for IT pros.

What’s more, operations reports are also proving to be time consuming for IT pros. Only 20% spend minutes producing IT operations reports while 52% spend hours, 22% spend days and 6% spend weeks.

These findings highlight the need for more unified IT strategies across businesses, Ivanti claimed.

The majority of respondents agreed that the benefits of more unified IT are compelling, citing the following:

  • Consistent data across systems and IT departments: 70%
  • Improved user experience: 61%
  • Ease of use: 60%
  • Consistent and aligned processes across IT departments: 59%
  • Cost savings: 58%

The survey also suggested that unified IT strategies will be adopted by respondents as they demonstrate value in helping IT meet priorities and initiatives, including improved patching and security, cutting down time to resolve incidents and improved IT reporting.

“Conflicting initiatives are competing for IT budgets and complicating visibility and reporting processes. This is making it challenging to achieve IT unification,” said Duane Newman, vice-president, product management at Ivanti.

“Compounding the situation is the time IT organizations spend on vendor and contract management. However, by taking a unified approach to the priorities of security, issue resolution and reporting, IT organizations will likely find that they are better able to achieve their highest priorities without added cost or effort.”

Categories: Cyber Risk News

'Vaccines' Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web

Mon, 05/04/2020 - 18:50
'Vaccines' Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web

Fraudsters are attempting to sell fake vaccines allegedly manufactured using the blood of patients who have recovered from COVID-19.

The nonsense vaccines were among a crock of utter dog wings spotted for sale on the dark web by researchers from the Australian National University's Cybercrime Observatory. Researchers were trawling dark net markets for coronavirus-related medical products and supplies for a report released April 30 by the Australian Institute of Criminology.

A survey of 20 underground markets turned up 645 listings of 222 items from 110 unique vendors across 12 sites. The total estimated value of all the items was $369,000. 

While scientists around the world strive to create a proven vaccine for COVID-19, the dark net claims to have plenty available. Of the 645 items found by researchers, 6% were products falsely claiming to be effective vaccines against the deadly virus. 

"COVID-19 cure vaccine. Keep quiet on this," read one such listing, while another announced "COVID-19 antidote is here from China."

Any victims tricked into buying one of these fake vaccines would have paid on average $AUS575 for their purchase. However, one vaccine, purportedly sourced from China, where the first animal-to-human transmission of COVID-19 took place, was on sale for between $US10K and $15K. 

Researchers warned that the dangers of fake vaccines go beyond individual victims' being ripped off financially.

"First, fake vaccines could worsen the spread of the virus because users may behave as if immune but nevertheless become infected. Second, the premature release of vaccines undergoing animal or human trials would also misguide users as to their immunity, but may also impact the success of these crucial clinical trials."

Nearly half of all unique listings and a third of the total listings were composed of personal protective equipment (PPE), such as masks, gowns, sanitizers, and gloves. One listing offered 10,000 "good quality lab tested face mask for corona" for the sum of $17,952.

Most vendors claimed to be shipping from the United States.

Happily, researchers came across one dark net marketplace where the sale of COVID-related products has been banned for ethical reasons. On the site was posted the message: "You do not, under any circumstances, use COVID-19 as a marketing tool. No magical cures, no silly f***ing mask selling, toilet paper selling. None of that bullsh*t. We have class here."

Categories: Cyber Risk News

Belfast Police Warn of Cybercrime Surge

Mon, 05/04/2020 - 17:09
Belfast Police Warn of Cybercrime Surge

Police in the Northern Irish capital city of Belfast have issued a warning over a recent rise in cybercrime.

A senior police officer said businesses had experienced a "surge" in cyber-attacks since the outbreak of the novel coronavirus. Many of the attacks are scams concocted by fraudsters seeking to exploit the health pandemic.

Police Service of Northern Ireland (PSNI) assistant chief constable Alan Todd advised businesses to ensure their IT security systems are fully up to date. He also urged businesses to be extra wary of any unusual communications.

“It is very clear that from a strategic level through the National Crime Agency, through the global level, there is a real surge in attempts, at all levels, from individual members of the public right through to business ransomware," said Todd, addressing an online seminar of Northern Irish business leaders organized by the Institute of Directors.

“All of the usual methods of attack have been ramped up at this time, and therefore the risk arising out of this for businesses and indeed householders is higher than it was."

Todd said that the tragic growth in cybercrime related to the outbreak of COVID-19 was expected.

“It was predicted before the start of this, and we are certainly seeing evidence of that.”

According to the officer in charge of the police force's coronavirus response, much of the fresh wave of cybercrime is low-level in terms of impact but could target a high volume of victims. He added that unfamiliarity with new resources, such as grants given to businesses struggling to stay afloat since lockdown measures were imposed, made employees more vulnerable to cyber-threats.

Addressing the seminar, the officer said: “Your staff may be involved in transactions and conversations around schemes that they have no familiarity with. Of course, when you put staff into that position the potential for that to be exploited by fraudsters and others in the cybercrime world is even higher.”

While lockdown measures remain in place in Northern Ireland to slow the spread of COVID-19, Todd said that officers had increased patrols in areas where business premises were closed in a bid to keep crime at bay.

Categories: Cyber Risk News

Breach Exposes Data of 774,000 Australian Migrants

Mon, 05/04/2020 - 16:31
Breach Exposes Data of 774,000 Australian Migrants

Personal details of 774,000 individuals in Australia's migration system have been exposed in a data breach.

The data was made publicly available via the Home Affairs Department's SkillsSelect platform, which invites skilled workers and entrepreneurs to express interest in moving Down Under. 

Partial names, ADUserIDs, and the outcome of applications made by people wishing to migrate to Australia were discovered online by Guardian Australia via a publicly available app hosted on the employment department's domain. Other information uncovered by the newspaper included the age, country of birth, and marital status of applicants.

In total, the breach revealed 774,326 unique user IDs and 189,426 completed expressions of interest, dating back to 2014. By applying filters, the Guardian was able to narrow down an expression of interest to a single entry, then discover other details relating to that particular applicant.

News of the breach comes as the Australian government is asking people to voluntarily adopt a new contact-tracing app, CovidSafe, to slow the spread of the novel coronavirus. A cybersecurity failure in one government app could make Australians reticent to input their personal information into another.

Australian Privacy Foundation board member Monique Mann told Guardian Australia the breach was “very serious . . . especially at a time where the Australian government is expecting trust.”

Mann described the Australian government as having a "consistently poor track record that shows that we cannot trust them with our personal information,” and went on to call the unnecessary exposure of migrant data "absolutely ludicrous."

Privacy academic, cryptographer, and chief executive of Thinking Cybersecurity Vanessa Teague said she thought that the public availability of ADUserIDs on the SkillsSelect platform “looks like a stuff-up.”

When Guardian Australia contacted the Home Affairs Department and the Employment Department in relation to the data breach, the SkillsSelect platform was taken offline and is now "currently undergoing maintenance."

Mann expressed concern that the data breach had not been identified by the Home Affairs Department. 

She said: “What processes of auditing and oversight are occurring within department of home affairs? This department is responsible for policing, border protection and intelligence. You would expect a greater level of information security than this.”

Categories: Cyber Risk News

National Emergency as Trump Bans Foreign Power Grid Kit

Mon, 05/04/2020 - 10:30
National Emergency as Trump Bans Foreign Power Grid Kit

President Trump has declared another national emergency: this time over the threat of foreign adversaries launching crippling cyber-attacks against the US power grid.

A new executive order issued on Friday noted that attacks on “bulk power” equipment could have a devastating impact on national defense, emergency services, critical infrastructure and the economy.

It has therefore prohibited the ongoing acquisition and installation of any equipment “in which any foreign country or a national thereof has any interest.

“The unrestricted acquisition or use in the United States of bulk-power system electric equipment designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in bulk-power system electric equipment, with potentially catastrophic effects,” it read.

The order also empowers the energy secretary to find existing systems which have been bought in from abroad and are exposed to cyber-sabotage, and “develop recommendations on ways to identify, isolate, monitor, or replace such items as soon as practicable, taking into consideration overall risk to the bulk-power system.”

A new Task Force on Federal Energy Infrastructure Procurement Policies Related to National Security will include secretaries of defense, commerce, homeland security, the interior and directors of national intelligence and the Office of Management and Budget. It will be set up to develop new procurement policies and make additional recommendations.

Although not named directly, the order is likely to be aimed at Russia and China. Kremlin-backed hackers, such as the Dragonfly and Energetic Bear APT groups, have been probing US energy infrastructure for years, prompting occasional alerts from the intelligence agencies.

An annual Worldwide Threat Assessment report published by the US Senate Intelligence Committee last year warned that the US electric grid could suffer the same fate as Ukrainian energy companies in 2015 and 2016, when Russian attacks left many without power.

“Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage,” it warned.

Categories: Cyber Risk News

Tokopedia Breach: 91 Million Records for Sale on Dark Web

Mon, 05/04/2020 - 09:30
Tokopedia Breach: 91 Million Records for Sale on Dark Web

Asian e-commerce giant Tokopedia is investigating a potentially major data breach after researchers revealed that 91 million user records are up for sale on the dark web.

Breach monitoring service Under the Breach posted screenshots over the weekend that revealed a malicious actor selling records of 15 million users apparently stemming from a March 2020 incident.

According to the post, the database contained emails, password hashes, names and “much more things.” The user said they acquired a copy of the data dump but that crucially it didn’t include the salt needed to crack the hashes.

Unfortunately, the same actor was subsequently found to be selling a much larger data trove containing a purported 91 million records for just $5000. There appears to have been at least two buyers over the weekend.

“This is really bad, make sure you change your passwords for other services in case you are re-using passwords,” advised Under the Breach.

According to reports, Tokopedia is investigating the incident and reiterated in the meantime that passwords are safe.

Backed by the SoftBank Vision Fund and Chinese web giant Alibaba, the Indonesian e-commerce player is said to be looking to raise $1bn or more in pre-IPO funding ahead of plans to go public in the next three years.

The firm claims to have over 90 million monthly active users and more than seven million merchants signed-up to its Amazon-like platform.

“We have detected an attempt to steal data belonging to Tokopedia users. However, we have made sure that our users’ personal information, such as passwords, remain protected,” the company said in a statement to local media.

“Although passwords and other crucial user data remain encrypted, we still encourage Tokopedia users to change their passwords periodically to ensure their safety and security.”

Categories: Cyber Risk News

Security Agency Changes “Racist” Language on Website

Mon, 05/04/2020 - 08:30
Security Agency Changes “Racist” Language on Website

The UK’s National Cyber Security Centre (NCSC) has updated some of the terminology on its website in a bid to “stamp out racism” in the industry.

The GCHQ body’s head of advice and guidance, Emma W, revealed in a blog post that the decision was made after being contacted by a customer, who was concerned over the continued use of the words “blacklist” and “whitelist.”

The terms are commonly used in cybersecurity to denote elements such as applications, passwords or domain names that are either allowed (whitelist) or blocked (blacklist).

“However, there's an issue with the terminology. It only makes sense if you equate white with ‘good, permitted, safe’ and black with ‘bad, dangerous, forbidden’. There are some obvious problems with this,” she explained.

“So in the name of helping to stamp out racism in cybersecurity, we will avoid this casually pejorative wording on our website in the future. No, it's not the biggest issue in the world — but to borrow a slogan from elsewhere: every little helps.”

The NCSC is now using “allow list” and “deny list” on its website, and says the new terminology is also clearer and less ambiguous for readers.

“You may not see why this matters. If you're not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues (and potential future colleagues), this really is a change worth making,” concluded Emma W.

“Finally, a word from the NCSC’s technical director Ian Levy (supported by the full NCSC management board): ‘If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother.’”

Categories: Cyber Risk News

Racist Floridian Admits Cyber-stalking and Election Interference

Fri, 05/01/2020 - 18:56
Racist Floridian Admits Cyber-stalking and Election Interference

A white supremacist from Florida who felt threatened by an African American man announcing his candidacy for city council has pleaded guilty to cyber-stalking and interfering with an election. 

Daniel McMahon admitted to using social media platform Gab to threaten a man identified in court as D.G. after learning in January 2019 that D.G. planned to announce his candidacy for Charlottesville City Council in Virginia.

Hiding behind fake online pseudonyms “Jack Corbin,” “Pale Horse,” “Restore Silent Sam,” and “Dakota Stone,” cowardly McMahon posted on Gab his support for violent attacks conducted against people whose skin color differs from his own. He also posted tired old racist stereotypes and slurs in an unoriginal effort to intimidate D.G.

McMahon pleaded guilty yesterday in federal court in the Western District of Virginia to one count of threatening a council candidate because of his race and the fact that he was running for office. 

The 31-year-old also admitted using Facebook Messenger to cyber-stalk a female political activist described in court documents as victim 2. Classless act McMahon threatened to sexually assault her daughter—a minor with autism—because victim 2 had taken action to counter white nationalist rallies in her community. 

The defendant admitted that over a 12-day period he sent victim 2 a stream of messages in which he threatened her and her daughter and tried to extort information from victim 2 regarding other activists. 

In a revealing glimpse into his squalid character, McMahon admitted around the same time that he sent these messages, he used the internet to search for content relating to sexual contact with girls who have autism. 

McMahon will be sentenced on July 23, 2020. He faces a maximum sentence of one year in prison for threatening D.G. and five years in prison for cyber-stalking Victim 2.

“Although the First Amendment protects, without qualification, an individual’s right to hold and express abhorrent political views, it does not license threats of violence,” said US Attorney Thomas T. Cullen for the Western District of Virginia. 

“The Department of Justice is committed to investigating and prosecuting those who weaponize social media to harm others.”

Categories: Cyber Risk News

Only 41% of Cybersecurity Teams Can Securely Work Remotely

Fri, 05/01/2020 - 16:53
Only 41% of Cybersecurity Teams Can Securely Work Remotely

New research by ISACA has found that only 59 percent of cybersecurity teams are equipped to perform their jobs effectively while working from home.

The finding emerged from the recent COVID-19 Study in which more than 3,700 IT audit, governance, and cybersecurity professionals from 123 countries were questioned about the impact of the global health crisis on their organizations and their own jobs. 

Only 51 percent of technology professionals and leaders surveyed said they were "highly confident" that their cybersecurity teams were ready to detect and respond to the surge in cybersecurity attacks that has accompanied the spread of the novel coronavirus.

Just 41 percent said that their cybersecurity teams had the necessary tools and resources at home to perform their jobs effectively.

The survey, which was conducted in mid-April, found that the rapid mass transition to remote working triggered by lockdown measures imposed to slow the spread of COVID-19 has made businesses more vulnerable to cybersecurity threats.

While 80 percent of organizations shared cyber-risk best practices for working at home as shelter-in-place orders began, 87 percent of respondents said the rapid transition to remote work had increased data protection and privacy risk. 

This presents a problem, as 58 percent of respondents say threat actors are taking advantage of the pandemic to disrupt organizations, and 92 percent say cyber-attacks on individuals are increasing.

“Organizations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” said ISACA CEO David Samuelson. 

“A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.”

Questioned over the security of their jobs, 10 percent of respondents feared that they may be fired as a result of the health pandemic, and 1 percent of respondents had been furloughed. 

On a positive note, the majority of respondents predicted normal business operations to resume by Q3 2020.

Categories: Cyber Risk News

US Government Awards CGI $267m Cybersecurity Contract

Fri, 05/01/2020 - 16:21
US Government Awards CGI $267m Cybersecurity Contract

Independent IT and business consulting services firm CGI has been awarded a lucrative contract by the United States government to improve cybersecurity at more than 75 federal agencies. 

CGI announced yesterday that it had won a six-year contract to provide cybersecurity consulting services under the US Department of Homeland Security's (DHS) Continuous Diagnostics and Mitigation (CDM) Program for CDM's Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) Group F federal agencies.

The contract, worth $267m, was awarded via the US General Services Administration's Alliant 2 government-wide acquisition contract through an acquisition conducted by GSA FEDSIM.

Under the terms of the contract, CGI will create a shared services platform for the DHS's Cybersecurity and Infrastructure Security Agency (CISA) to deliver CDM cybersecurity capabilities to more than 75 non–Chief Financial Officer (CFO) Act agencies. 

CGI will also provide a shared services catalog (SSC) of services and capabilities and meet CDM program goals. The SSC will be designed to grow and evolve with the ever-changing threat and technology landscape. This vital resource will enable CGI to develop innovative solutions that focus primarily on cloud native and hosted service solutions.

With 78,000 consultants and other professionals scattered across the globe, CGI Inc. has grown into one of the largest independent IT and business consulting services firms in the world. The business, founded in 1976, reported revenue of C$12.1bn in fiscal year 2019.

"CGI has played a strategic role and been a trusted partner to CISA, for the past four years, though our work on Credential Management and DEFEND Group C," said CGI senior vice president Stephanie Mango. 

"In partnership with CISA we have worked across many agencies to identify and address cybersecurity challenges. We look forward to continuing our support of this critical cross-agency initiative and leveraging our wealth of cybersecurity and shared services expertise to help DHS achieve its ultimate objectives." 

CGI began working with the CDM program in 2016 after being awarded a contract for identity management services through the Credential Management Task Order, providing design and implementation services to 26 federal agencies.

Categories: Cyber Risk News

UK Government Launches Online Cyber-School

Fri, 05/01/2020 - 14:16
UK Government Launches Online Cyber-School

An online cyber-school has been launched today by the UK government to help develop a new generation of cybersecurity professionals. The free virtual program provides teenagers with the opportunity to learn vital cybersecurity skills at home as schools remain closed due to the COVID-19 lockdown.

Enrolled students will progress through a game play scenario as a cyber-agent, learning how to crack codes, fix security flaws and dissect criminals’ digital trails in the process. There will also be free weekly webinars run by cybersecurity experts covering areas such as digital forensics, cryptography and operating systems.

It is hoped the initiative will provide youngsters with useful skills for future employment as well as encourage interest in pursuing a career in the cybersecurity sector, which is set to become even more vital as the world becomes increasingly digitalized.

UK digital infrastructure minister Matt Warman said: “This new initiative will give teenagers something fun and educational to do from home and provide them with a glimpse into the life of a cybersecurity professional. We have a world-leading cyber-sector which plays a crucial role protecting the country and our digital economy, so it is absolutely vital we continue to inspire the next generation of tech talent to help maintain the UK’s strong position.”

Other steps to enable children to learn these types of skills virtually are also being taken. This includes making the National Cyber Security Centre’s (NCSC) CyberFirst summer courses online this year. Also, this week the National Crime Agency (NCA) and Cyber Security Challenge UK will announce that teenagers can access the online cyber-skills platform CyberLand for free during the coming months.

“Technology is helping us all cope with the coronavirus crisis and is playing an essential role in keeping our businesses moving and our society connected,” added NCSC chief executive officer, Ciaran Martin. “It has never been more important for our young people to keep engaged and learn how to protect our digital world, and I’m delighted to see our instructor-led CyberFirst summer courses made available online.”

Categories: Cyber Risk News

Ransomware Payments Surge 33% as Attacks Target Remote Access

Fri, 05/01/2020 - 11:00
Ransomware Payments Surge 33% as Attacks Target Remote Access

The average sum paid by enterprises to ransomware attackers surged by 33% quarter-on-quarter in the first three months of the year, as victim organizations struggled to mitigate remote working threats, according to Coveware.

The security vendor analyzed ransomware cases handled by its own incident response team during the period to compile its latest findings.

It revealed the average enterprise ransomware payment rose to over $111,000 in the quarter, although the median remained at around $44,000, reflecting the fact that most demands from online attackers are more modest.

Sodinokibi (27%), Ryuk (20%) and Phobos (8%) remained the top three most common variants in Q1 2020, although prevalence of Mamba ransomware, which features a boot-locker program and full disk encryption via commercial software, increased significantly.

Poorly secured RDP endpoints continued to be the number one vector for attacks, more popular than phishing emails or exploitation of software vulnerabilities.

“RDP credentials to an enterprise IP address can be purchased for as little as $20 on dark marketplaces. Combined with cheap ransomware kits, the costs to carry out attacks on machines with open RDP were too economically lucrative for criminals to resist,” said Coveware.

“Until the economics of carrying out ransomware balance (by either bringing the monetization success rates down or by making attacks prohibitively expensive) ransomware and cyber extortion will continue to gain prevalence.”

Interestingly, only 8.7% of cases investigated by the vendor involved data exfiltration, although it became much more popular during the quarter. Maze, Sodinokibi, DopplePaymer, Mespinoza, Netwalker, CLoP, and Nephilim were all highlighted as likely to steal data.

Coveware also pointed out that, although the trend of “big game hunting” has been widely publicized, ransomware is more likely to affect smaller firms. The average number of employees in ransomware victims was 625 in Q1, with the median a much smaller 62.

On average, victim organizations suffered 15 days of downtime.

Categories: Cyber Risk News