Info Security

Subscribe to Info Security  feed
Updated: 1 hour 20 min ago

Nearly 20% of UK Children Exposed to Self-Harm Images Online

Mon, 07/01/2019 - 10:35
Nearly 20% of UK Children Exposed to Self-Harm Images Online

Primary school-aged children have seen content online which encouraged them to hurt themselves, according to the NSPCC

In its latest report, How safe are our children? 2019: an overview of data on child abuse online, the children's charity interviewed children across the UK as part of its sixth annual report on the subject of staying safe online. The research found that 16% of primary school children and 19% of secondary school-aged students had seen content which encouraged self-harm. 

Secondary school students also reported that they see sexual content (16%) in reviews of the “most popular social networks, apps and games,” as well as seeing (31%) worrying or nasty online content. 

“Right now, internet companies are a black box that nobody on the outside world is allowed to open,” writes Peter Wanless, chief executive of the NSPCC. “Many don’t publish any details about the scale and scope of the dangers children have been facing on their platforms. 

“Despite calls for openness, they stay silent.”

The report shows that there has been a year-on-year increase in the numbers and rates of police-recorded online child sexual offences in England, Wales and Northern Ireland, with increases in police-recorded offences of obscene publications or indecent photos in all four UK nations over the last five years. Further, there have been increases in the number of URLs containing child sexual abuse imagery since 2015. 

This year, Libby, 16, spoke to the BBC about how she used social media channels to promote her self-harming. Her father, Ian, told the BBC that images were reported to Instagram, but the social media company did nothing. The NSPCC report found that the majority of parents, carers and members of the public believe that social networks should have a legal responsibility to keep children safe on their platforms.

Wanless agrees: “We are seeking a convincing demonstration of a duty of care to young users, so the internet can genuinely be a place that benefits us all. Nothing will concentrate minds better than effective sanctions for the tech giants who fail to take reasonable steps to protect our children. 

“These companies make vast sums of money every year and the penalties need to be proportionate. Named directors need to be liable for their actions and inactions,” he continues. "In other industries like financial services this is now accepted practice in terms of expecting and enforcing responsible corporate behaviour."

NSPCC's research also found that young children were being exposed to sexual images online, sometimes being preyed upon by adults: 21% of surveyed girls aged 11 to 18 said they had received a request for a sexual image or message, with 5% saying they had been sent or shown a naked or semi-naked picture or video from an adult. Also, 4% of primary school children had been sent or shown such an image. Most shockingly, 2% of surveyed primary and secondary school children said they had sent a naked or semi-naked picture or video to an adult.

Categories: Cyber Risk News

Four in 10 North American Banks Don't Use EV Certificates

Sun, 06/30/2019 - 20:54
Four in 10 North American Banks Don't Use EV Certificates

Despite the fact that all of the largest banks analyzed across Europe and North America do use some form of SSL certificates, a number of banks are leaving their customers vulnerable to phishing attacks, according to a new report released by Sectigo.   

According to the Secure Impressions: Online Banking Study, 40% of the North American banks studied did not receive the highest rating, which was only given to those banks that used extended validation (EV) certificates to demonstrate the website’s true, authenticated identity. 

“In Europe, 25% of banks did not receive the highest rating,” a June 27 press release stated. “Websites without EV certificates on the home and/or login pages received a lesser rating (yellow status). No banks in the study displayed 'Not Secure' warnings (red status).”

“Online criminals routinely use counterfeit websites to trick consumers into unknowingly providing valuable information such as account logins, credit card numbers, and personally identifiable information that can be used for identity theft,” said Tim Callan, senior fellow at Sectigo. 

“Protecting against phishing is definitely an important function in the overall cybersecurity program of almost all organizations around the world. Enabling best-practice security measures can certainly help reduce the impact of phishing that IT security teams face,” said Jonathan Deveaux, head of enterprise data protection at comforte AG

Because other threat vectors and vulnerabilities can still be exploited, organizations should consider additional security measures.  

The press release also noted that 76% of data breaches are financially motivated. As banks house a treasure trove of personal data, they will continue to be targets of cyber-attacks. 

“Since it is your data that they ultimately want, another effective method for improving cybersecurity posture is the data-centric protection model. Data-centric protection means to activate security on the data itself – de-identify personal information by anonymizing the data elements, and remove credit card numbers and social security numbers by replacing them with fake numbers,” Deveaux said. 

“Even with improved cybersecurity defenses, hackers have proved that they can still find a way to get through in order to steal data. So why not give them something they can’t use. A combined approach to cybersecurity may be the best approach for many organizations.”

Categories: Cyber Risk News

New Dridex Variant Evading Traditional Antivirus

Fri, 06/28/2019 - 13:47
New Dridex Variant Evading Traditional Antivirus

Only 10 days after malware researcher Brad Duncan reported analysis on a new variant of Dridex that bypasses mitigation of application whitelisting techniques by disabling or blocking Windows Script Host, eSentire discovered a new infrastructure pointing to a similar Dridex variant.  

“Dridex malware targets banking information and is delivered via email in the form of a malicious document with embedded macros,” eSentire Threat Intelligence wrote. “At the time of discovery only six antivirus solutions of about 60 detected suspicious behavior. About 12 hours later, on the morning of June 27, 16 antivirus solutions could identify the behavior.”

As has been the case with the Emotet malware, Dridex has also had many iterations, with its presumed first appearance as Cridex back in 2011. “Over the last decade, Dridex underwent a series of feature augmentation, including a transition to XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. Like Emotet, each new version of Dridex traces a further step in the global arms race as the security community responds with new detection and mitigations,” researchers wrote.

It is believed that Dridex will continue to see more variations. “Given the same-day deployment and implementation of the ssl-pert[.]com domain on June 26th and a tendency to utilize randomly generated variables and URL directories, it is probable the actors behind this variant of Dridex will continue to change up indicators throughout the current campaign,” the report said. 

Initially the malware was delivered through a malicious document in an email; however, the different variations allow the macros to respond to different levels of employee engagement, according to the report. 

“Given email as the initial access point, employees are the first line of defense against this threat. Expect financial departments to be targeted by unsolicited invoices carrying malicious macros within. Some antivirus engines were able to detect (but not specify) the suspicious behavior. Given the rapid turnover of infrastructure and indicators, signature-based antivirus solutions will continue to have gaps throughout the Dridex campaign,” the report said.

Categories: Cyber Risk News

Client Data at Ford, TD Bank Exposed by Attunity

Fri, 06/28/2019 - 13:10
Client Data at Ford, TD Bank Exposed by Attunity

Another company charged with managing and safeguarding client data, Attunity, left client data files exposed on the internet, according to a June 27 report from UpGuard. The incident has reportedly impacted clients, including Ford and the TD Bank, whose customer information was publicly accessible. 

Researchers disclosed that three Amazon S3 buckets used by the data management company have now been secured. “Of those, one contained a large collection of internal business documents. The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more,” researchers wrote. 

This news comes on the heels of reports that Attunity had left a terabyte of data from Amazon Web Services exposed only a month ago. “In order to prevent putting yourself or your valued customers in a similar situation and making headlines for all the wrong reasons, it's vital that you integrate a comprehensive privileged account management (PAM) program into your security plan,” said Todd Peterson, security evangelist at One Identity.

Despite recommendations that companies change the default admin password on any system and implement a password vault, many organizations continue to have security issues that stem from misconfiguration.

“It’s no wonder that third-party risk has become the most significant cyber issue for organizations around the globe – lax understanding of third parties' security posture and practices is creating a massive weak spot for all organizations across all industries. Simply trusting business partners to do the right thing is irresponsible – companies need to do robust monitoring,” said Jake Olcott, VP at Bitsight.

Categories: Cyber Risk News

Attackers Hack PCM Inc. to Access to Client Files

Fri, 06/28/2019 - 12:44
Attackers Hack PCM Inc. to Access to Client Files

A US-based cloud solutions provider, PCM Inc., has experienced what KrebsOnSecurity called a “digital intrusion,” which enabled hackers to access the email and file-sharing systems of some of the company’s clients.  

“Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp,” Krebs wrote. 

Krebs said it is unclear whether there is a link between the Wipro compromise and this latest incident at PMC. "As a bystander, it does seem possible that both the Wipro and PCM compromises are connected. As for the connection to Cloud Hopper, it is not surprising that Chinese groups are attacking the ISPs and cloud providers,” said Jonathan Oliveira, cyber-threat intelligence analyst at Centripetal.

“The growing trend of targeting employees who work at cloud providers makes plenty of sense because why would an attacking group want to waste time and resources brute-forcing when employees statistically offer the best avenue of approach into a network? These employees are increasingly becoming high-value targets and, in most cases, do not realize how valuable they are to an attacker,” Oliveira said, adding that investing in technology does little to defend against human behaviors. 

Financially motivated attackers go after the lowest-hanging fruit, and it’s no surprise that cyber-criminals are exploiting attacks that will reward them with fast cash, said Kevin Gosschalk, CEO, Arkose Labs. 

“The lasting impact of this breach – like every data breach involving exposed PII and credentials – is not yet fully realized. Each breach empowers fraudsters with more ammunition to attack businesses in a highly targeted manner, and the large amount of exposed credentials on the dark web is responsible for the steady rise in account takeover attacks. Companies must make it a priority to secure their attack surface so hackers cannot extract economic reward from their company, and sensitive data is protected.”

The news raises concerns given that criminals have been more frequently targeting the cloud to use stolen passwords, API vulnerabilities or user misconfiguration and take over accounts, which gives them access to information as if they were an authorized user, thus bypassing all security controls, according to Pravin Kothari, CEO of CipherCloud.

"As more and more information, the crown jewels of business, migrate to the cloud, organizations just do not have the visibility and control that they had with their traditional enterprise security capabilities.  Businesses need to change their approach to security from network- and access-centric to data-centric,” Kothari said.

Categories: Cyber Risk News

Data Mapping & Discovery Tools Top Privacy Shopping Lists

Fri, 06/28/2019 - 10:47
Data Mapping & Discovery Tools Top Privacy Shopping Lists

The need to demonstrate compliance is the main motivation for privacy technology adoption, according to new findings.

According to research of 345 privacy professionals by TrustArc and the IAPP, technology solutions are helping 92% of organizations to keep pace with new privacy laws. Meanwhile products that help businesses discover and map data flows top the list of purchase plans, and privacy teams are playing a larger role in privacy tech purchasing decisions as organizations navigate a complex field of regulations.

“As the number of privacy regulations grows, organizations must contend with the complexity of managing an increasingly fragmented privacy regulatory landscape,” said Chris Babel, CEO of TrustArc.

“These rapid regulatory changes make cross-regulation management more difficult. As a result, organizational leaders are purchasing technology that can streamline the process of building global privacy compliance at scale, while turning more to privacy and data protection professionals for purchase input.”

TrustArc said that the increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient.

The survey found that the top purchase plans for the next 12 months include: data mapping/flow (24%), data discovery (23%), assessment management (20%) and subject access request/individual rights (18%).

Also in comparison to statistics from last year’s survey, demand for privacy legal updates and information management solutions grew by 5%.

In an email to Infosecurity, Rik Turner, principal analyst at Ovum, said that there were no surprises around discovery and mapping data flows being popular, as while asset discovery is an essential part of any IT department’s job, institutions have real problems finding all the data they have on individuals within their multiple database instances, applications, etc.

“Data discovery is thus a vital precursor to any compliance activity: you can’t wrap control around data till you know everywhere it resides within your organization and have classified and categorized it,” he said. “Of course, understanding how and where data flows, who accesses it and where it is copied to, is a vital part of data discovery.”

Categories: Cyber Risk News

Five Million IP Camera Cyber-Attacks Blocked in Just Five Months

Fri, 06/28/2019 - 08:55
Five Million IP Camera Cyber-Attacks Blocked in Just Five Months

Trend Micro has announced that it blocked five million cyber-attack attempts against internet protocol (IP) cameras in just five months, highlighting the security risks that continue to impact IP-based surveillance devices.

The security vendor analyzed 7000 anonymously aggregated IP cameras, and discovered that the IP surveillance industry is facing high numbers of attacks.

Trend Micro detailed that of the attacks it blocked, 75% were brute force login attempts, and stated that there is a clear pattern of malicious attackers targeting IP surveillance devices with common malware such as Mirai variants.

Oscar Chang, executive vice-president and chief development officer for Trend Micro, said: “More verticals are seeking connected, AI-powered video surveillance applications causing a clear paradigm shift from a relatively closed-off network to a more interconnected network operated heavily by cloud-based technologies. Due to this shift in the landscape, manufacturers and users must pay attention to the security of these IoT devices.”

“While the industry has known about cyber-risks, manufacturers have been unable to properly address the risk without knowing the root cause and attack methods,” added Dr Steve Ma, vice-president of engineering, Brand Business Group for VIVOTEK.

The topic of the use of surveillance cameras was recently brought to the fore on National Surveillance Camera Day, June 20, featuring conversations about how camera technology is evolving and what the benefits and risks are for society.

Categories: Cyber Risk News

Silexbot Bricks Nearly 4000 IoT Devices

Thu, 06/27/2019 - 15:47
Silexbot Bricks Nearly 4000 IoT Devices

Silex, a new strain of malware that was used to brick IoT devices, is apparently the work of a 14-year-old boy from Europe, according to an Akamai researcher.

The botnet works by trashing the IoT device's storage, removing the network configuration, such as dropping firewall rules, and ultimately halting the devices, which renders them useless. Researcher Larry Cashdollar shared text the individual had embedded into the code, which revealed the hacker’s intentions:

Credit: Akamai

The bot has been targeting Unix-like systems with default login credentials and thus far has affected nearly 4000 devices and counting. In order to recover, victims need to reinstall the device’s firmware, which is not an easy task for many device owners. 

Cashdollar explained: “Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions. Using that list, Silexbot then writes random data from /dev/random to any of the partitions it discovers.”

The malware’s tactic of hacking devices using default-credentials is the most basic way to take over highly vulnerable and internet-facing IoT devices, according to Ben Seri, VP of research at Armis

“The fact that despite this, the malware was able to brick a few thousand devices so quickly is a testament to how vulnerable IoT devices are. This experiment is a warning sign to how ransomware attacks may evolve. A ransomware that is designed to brick IoT devices unless a certain payout is given can become extremely dangerous," Seri said.

As many industries saturated with unmanaged IoT devices are still running old operating systems, there are lots of easy targets that are wide open to attacks, Seri continued.

“In many cases, these devices have critical functions within these industries – the industrial controllers operating the production lines in factories, the bedside patient monitors, and the life-support systems in hospitals. Adding the ability to brick these types of devices to a ransomware would make it much more dangerous and destructive than any of the ransomware attacks we have seen so far.” 

Categories: Cyber Risk News

Silexbot Bricks Nearly 4,000 IoT Devices

Thu, 06/27/2019 - 15:47
Silexbot Bricks Nearly 4,000 IoT Devices

Silex, a new strain of malware that was used to brick IoT devices, is apparently the work of a 14-year-old boy from Europe, according to an Akamai researcher.

The botnet works by trashing the IoT device's storage, removing the network configuration, such as dropping firewall rules, and ultimately halting the devices, which renders them useless. Researcher Larry Cashdollar shared text the individual had embedded into the code, which revealed the hacker’s intentions:

Credit: Akamai

The bot has been targeting Unix-like systems with default login credentials and thus far has affected nearly 4,000 devices and counting. In order to recover, victims need to reinstall the device’s firmware, which is not an easy task for many device owners. 

Cashdollar explained: “Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions. Using that list, Silexbot then writes random data from /dev/random to any of the partitions it discovers.”

The malware’s tactic of hacking devices using default-credentials is the most basic way to take over highly vulnerable and internet-facing IoT devices, according to Ben Seri, VP of research at Armis

“The fact that despite this, the malware was able to brick a few thousand devices so quickly is a testament to how vulnerable IoT devices are. This experiment is a warning sign to how ransomware attacks may evolve. A ransomware that is designed to brick IoT devices unless a certain payout is given can become extremely dangerous," Seri said.

As many industries saturated with unmanaged IoT devices are still running old operating systems, there are lots of easy targets that are wide open to attacks, Seri continued.

“In many cases, these devices have critical functions within these industries – the industrial controllers operating the production lines in factories, the bedside patient monitors, and the life-support systems in hospitals. Adding the ability to brick these types of devices to a ransomware would make it much more dangerous and destructive than any of the ransomware attacks we have seen so far.” 

Categories: Cyber Risk News

China's 'Cloud Hopper' Hacked Eight Tech Service Companies

Thu, 06/27/2019 - 15:16
China's 'Cloud Hopper' Hacked Eight Tech Service Companies

Chinese hackers broke into the networks of multiple large technology service providers across the globe and stole commercial secrets as part of a global hacking campaign dubbed Cloud Hopper, according to an exclusive report from Reuters

The attack, which “exploited weaknesses in those companies, their customers and the Western system of technological defense,” according to Reuters, has been attributed to China by the U.S. and its allies.

Among those reportedly impacted in the large-scale attack were Ericsson, Hewlett Packard Enterprise and IBM.

“Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.”

As a result, more organizations that are part of the supply chains or customers of these service providers were also impacted, including Sabre, a leading travel reservation system that manages plane bookings in the US.  Huntington Ingalls Industries was also a victim. The company is reportedly the largest shipbuilder for the U.S. Navy.

“This was the theft of industrial or commercial secrets for the purpose of advancing an economy,” Australia's former national cybersecurity adviser Alastair MacGibbon told Reuters. “The lifeblood of a company.”

China is making no effort to conceal its strategy for information dominance, said Tom Kellermann, chief cybersecurity officer for Carbon Black. “This strategy was developed during the first Gulf War and a cornerstone of it is to conduct island hopping from [managed service providers] and telcos into their corporate client networks. Carbon Black research shows that island hopping is exploding and occurring 50% of the time as corporate brands are being used to target their clients.

“The systemic theft of intellectual property is coupled with the colonization of sensitive corporate networks, which allows the Chinese to become telepathic. The irony is Chinese hacking has dramatically increased as a reaction to the trade war. The overt colonization continues."

Categories: Cyber Risk News

MedicareSupplement.com Left 5m Records Exposed

Thu, 06/27/2019 - 15:09
MedicareSupplement.com Left 5m Records Exposed

An online database containing the records of more than 5 million customers apparently belonging to MedicareSupplement.com was left open and accessible to the public, according to a report from Comparitech

In order to get a quote from the TZ Insurance Solutions–owned website, MedicareSupplement.com, users are required to enter personal information. Though not an insurance company, the site does allow users to find supplemental medical insurance through the US-based insurance marketing website.

According to its website, MedicareSupplement.com takes precautions to secure user data. “We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers through the Services. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures."

Security researcher Bob Diachenko discovered what appeared to be part of the site’s marketing leads database on May 13, where millions of MongoDB instances were left publicly available, according to the report. Diachenko tweeted that the database was first found on BinaryEdge.

“Some records – about 239,000 – also indicated insurance interest areas, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance,” the report said.

Having personal information exposed puts users at risk of fraud, spam and targeted phishing attacks, and Comparitech warned that users of MedicareSupplement.com vigilantly keep an eye out for these types of attacks. 

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cyber-criminals to manage the whole system with full administrative privileges,” said Diachenko who collaborated with Comparitech. “Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.”

Categories: Cyber Risk News

MedicalSupplement.com Left 5m Records Exposed

Thu, 06/27/2019 - 15:09
MedicalSupplement.com Left 5m Records Exposed

An online database containing the records of more than 5 million customers apparently belonging to MedicareSupplement.com was left open and accessible to the public, according to a report from Comparitech

In order to get a quote from the TZ Insurance Solutions–owned website, MedicareSupplement.com, users are required to enter personal information. Though not an insurance company, the site does allow users to find supplemental medical insurance through the US-based insurance marketing website.

According to its website, MedicareSupplement.com takes precautions to secure user data. “We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers through the Services. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures."

Security researcher Bob Diachenko discovered what appeared to be part of the site’s marketing leads database on May 13, where millions of MongoDB instances were left publicly available, according to the report. Diachenko tweeted that the database was first found on BinaryEdge.

“Some records – about 239,000 – also indicated insurance interest areas, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance,” the report said.

Having personal information exposed puts users at risk of fraud, spam and targeted phishing attacks, and Comparitech warned that users of MedicareSupplement.com vigilantly keep an eye out for these types of attacks. 

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cyber-criminals to manage the whole system with full administrative privileges,” said Diachenko who collaborated with Comparitech. “Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.”

Categories: Cyber Risk News

Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

Thu, 06/27/2019 - 11:11
Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

Bitrue has become the latest cryptocurrency exchange to suffer a major cyber-attack, losing an estimated $4.5m in customer funds in the process.

The Singapore-based company revealed the security breach in a series of tweets early this morning.

“At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team's second review process to access the personal funds of about 90 Bitrue users,” it said.

“The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”

At current prices, that makes it around $4.25m in Ripple (XRP) coins and $225,000 in Cardano (ADA) coins.

Bitrue seems to have acted promptly to respond to and contain the incident: suspending activity temporarily on the exchange while it investigated and alerting exchanges Huobi Global, Bittrex and Change Now to freeze affected funds and accounts.

“Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users,” Bitrue continued.

“Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.”

The exchange also posted a link for users to monitor the flow of stolen funds, and alerted the Singaporean authorities of the cyber raid in an attempt to find the culprit and retrieve the stolen funds.

Most customers responding on Twitter have been sympathetic to the exchange’s plight and appreciative of its transparency — although this would no doubt change if they weren’t getting their money back.

A report from earlier this year revealed that cryptocurrency exchanges lost $1.2bn from fraud and cyber-attacks — versus an estimated $1.7bn for the whole of 2018.

Categories: Cyber Risk News

ENISA Reinforced as EU Cybersecurity Agency to Steer New Act

Thu, 06/27/2019 - 10:15
ENISA Reinforced as EU Cybersecurity Agency to Steer New Act

The EU Cybersecurity Act (CSA) comes into force from today, establishing an EU framework for cybersecurity certification under a reinforced and rebranded ENISA.

Originally proposed in 2017 as part of a wide-ranging set of measures to deal with cyber-attacks and to build strong cybersecurity in the EU, the Cybersecurity Act includes:

  • A permanent mandate for the ENISA to replace its limited mandate that would have expired in 2020, as well as more resources allocated to the agency to enable it to fulfill its goals
  • A stronger basis for ENISA in the new cybersecurity certification framework to assist member states in effectively responding to cyber-attacks with a greater role in cooperation and coordination at Union level

In addition, ENISA will help increase cybersecurity capabilities at the EU level to support capacity building and preparedness as part of its new title of the EU Cybersecurity Agency. This will see ENISA become an independent center of expertise that will help promote awareness of citizens and businesses, and also assist EU Institutions and member states in policy development and implementation helping to raise awareness of cybersecurity risks, leading on “research needs and priorities in the field of cybersecurity.”

According to the regulation, “there is a need for a comprehensive set of measures that would build on previous Union action and would foster mutually reinforcing objectives” which would include further increasing the capabilities and preparedness of member states and businesses, as well as improving cooperation, information sharing and coordination across Member States and Union institutions, bodies, offices and agencies.

“Furthermore, given the borderless nature of cyber-threats, there is a need to increase capabilities at Union level that could complement the action of member states, in particular in cases of large-scale cross-border incidents and crises, while taking into account the importance of maintaining and further enhancing the national capabilities to respond to cyber threats of all scales,” it said.

Article seven of the regulation, which deals with “operational cooperation at Union level” states that “ENISA shall support operational cooperation among member states, Union institutions, bodies, offices and agencies, and between stakeholders.” This article also states that ENISA shall support member states with respect to operational cooperation within the CSIRTs network by:

  1. Advising on how to improve their capabilities to prevent, detect and respond to incidents and, at the request of one or more member states, providing advice in relation to a specific cyber threat
  2. Assisting, at the request of one or more member states, in the assessment of incidents having a significant or substantial impact through the provision of expertise and facilitating the technical handling of such incidents including in particular by supporting the voluntary sharing of relevant information and technical solutions between member states
  3. Analyzing vulnerabilities and incidents on the basis of publicly available information or information provided voluntarily by member states for that purpose
  4. At the request of one or more member states, providing support in relation to ex-post technical inquiries regarding incidents having a significant or substantial impact within the meaning of Directive (EU) 2016/1148

ENISA will also regularly organize cybersecurity exercises at Union level, and shall support member states and Union institutions, bodies, offices and agencies in organizing cybersecurity exercises following their requests.

Commissioner Mariya Gabriel, EU Commissioner in charge of Digital Economy and Society, said that the EU Cybersecurity Act “has demonstrated the urgency to opt for an EU approach” and the reinforcement of ENISA was needed as “it is crucial for citizens, businesses and member states to feel more secure.”

“The Cybersecurity Act also enables EU-wide cybersecurity certification for the very first time, thus boosting the Single Market for cybersecurity,” Gabriel said. “Through the Cybersecurity Act, the Directive on the security of networks and information systems and the proposed European Cybersecurity Competence Centre, we have put forward a strong EU pattern, based on values and open for strengthening cooperation with international partners.”

Udo Helmbrecht, executive director of ENISA, said: “I welcome the Cybersecurity Act and thank the Council, European Parliament and Commission for their support in the drafting and passing of this important piece of cybersecurity legislation. I also welcome the reinforced role of ENISA in the European cybersecurity ecosystem and the opportunity for ENISA to support the Digital Single Market.

“I believe the European Cybersecurity Certification Framework detailed in the Act will play a leading role for the advancement and harmonization of cybersecurity certification in Europe and beyond.” 

Categories: Cyber Risk News

CISOs: We’re Losing the Skills Race With Black Hats

Thu, 06/27/2019 - 09:30
CISOs: We’re Losing the Skills Race With Black Hats

Nearly half of CISOs in the UK, France and Germany believe they’re losing the skills race with cyber-criminals, according to new research from Symantec.

The security giant teamed up with London’s Goldsmiths University to poll over 3000 IT security decision makers across the three countries. The resulting report, High Alert:Tackling Cyber Security Overload in 2019, has some alarming findings.

Over two-fifths (44%) claimed their teams lack the necessary skills to tackle threats effectively, and 37% said they are overwhelmed with heavy workloads, although these figures dropped to 38% and 23% in the UK, respectively.

Similar numbers claimed their teams are too busy to keep up with skills development (46%), and that technological change is happening too quickly for them to adapt (45%). These figures were again slightly lower (39% and 37%) in the UK.

Goldsmiths director of innovation, Chris Brauer, argued that talent and skills are now the most important weapons in the cyber-arms race.

“The vast majority find this battle of wits an exciting and deeply intellectual challenge. But, this demanding work comes with high stakes and is fought at a frenetic pace with little support,” he added.

“Add to this the relentless volume of alerts and more mundane tasks, and the job can quickly turn toxic. Highly stressed workers are far more likely to be disengaged and ultimately quit. In an industry already plagued by a skills shortage, this is a significant risk to businesses.”

In previously released findings from the report, 64% of those polled said they had considered quitting their role, while 63% said they had thought about leaving the industry completely.

This chimes somewhat with a recent Nominet report which revealed that 91% of UK and US CISOs suffer moderate or high stress.

The skills shortage in cybersecurity has reached nearly three million professionals globally, including 142,000 in EMEA.

Categories: Cyber Risk News

Payment Fraud Linked to Terrorism and Trafficking

Thu, 06/27/2019 - 08:20
Payment Fraud Linked to Terrorism and Trafficking

Payment card fraud is being used around the world to fund and launder the proceeds from organized crime, drug and human trafficking, terrorism and more, according to a new report from Terbium Labs.

The dark web intelligence firm analyzed 274 cases over the past decade across North America and Europe to compile its new report, The Next Generation of Criminal Financing: How Payment Fraud Funds Transnational Crime.

It recorded losses of over $1bn associated with those 274 cases. In North America, most were linked to identity fraud (33%), organized crime (32.5%), human trafficking (17.5%) and drug trafficking (15%). In Europe, organized crime (62%), drug trafficking (41%) and money laundering (41%) were most common.

North America also had the highest rate of terrorism-linked fraud cases, with more than seven-times as many cases as Europe, although still at a relatively low 8%.

The report detailed specific examples of stolen payment card data being used in criminal activity, including by Russian gangs, Sri Lankan criminals, Hezbollah, al Qaeda and even the Russian state.

Terbium Labs called for more to be done by financial institutions to tackle the fraud epidemic.

“Payment fraud is not just a fraud problem. It can no longer be viewed as a non-violent crime, mere annoyance, or unfortunate cost of doing business,” said Emily Wilson, VP of research at Terbium Labs. 

“Criminal justice agents must strive for a fuller understanding of the role fraud plays in serious criminal cases and the shifting landscape of the fraud economy. We're calling on the criminal justice system to create updated, standardized reporting requirements for investigations and case documentation in order to accurately and consistently track the links between payment fraud and transnational crime.”

Online payment fraud losses are set to more than double between 2018 and 2023 to reach a staggering annual figure of $48bn, according to Juniper Research.

Categories: Cyber Risk News

Second Florida City Hit by Ransomware Opts to Pay

Wed, 06/26/2019 - 14:54
Second Florida City Hit by Ransomware Opts to Pay

Another Florida city has decided to pay a ransom to the hackers who took control over its municipal computer systems. On June 25, the mayor of Lake City said the northern Florida city would pay hackers $460,000 to regain control of its email and other servers that were seized two weeks ago, according to CBS 47 Action News Jax.

With the exception of the police and fire departments, the attack has left almost all of the city’s computer systems encrypted since the June 10 attack, and Lake City and Riviera Beach are only the latest in a growing list of municipalities that have fallen victim to ransomware.

A recently published Mimecast report, The State of Email Security, found that nearly half (42%) of organizations in the public sector say ransomware has impacted their business operations in the last 12 months, and 73% in the public sector have experienced two to five days of downtime as a result.

“The obvious negative to ransom payment is that it makes ransomware even more lucrative and routine. Repeated high-profile successes incentivize criminals to continue using the tactic and open the field to newcomers. Making matters worse, it is relatively rare for the international sources of these crimes to be caught – investigation and international cooperation is costly, and many cases fall under thresholds that would make them worthwhile to pursue,” said Lesley Carhart, principal threat analyst, threat operations center at Dragos

“Ransom payment, while potentially immediately cheaper than proper disaster recovery planning, is leading us to an ugly Wild West, where paying the highwaymen is a mandatory part of yearly budgets and insurance policies. This is very unfortunate for the victims who can’t afford to pay.”

If paying the ransom becomes a trend, it would likely spur more targeted, well-planned attacks on cities or other defenseless victims, said Ilia Kolochenko, founder and CEO ImmuniWeb.

“With such lucrative and easy stakes on the table, cyber-criminals will now willingly invest to prepare sophisticated, hardly detectable and well-targeted campaigns. Worse, such cybercrimes are often not able to be investigated due to technical issues and payments in cryptocurrency. It’s a paradise for black hats.”

Categories: Cyber Risk News

Second Florida City Hit by Ransomware Opts to Pay

Wed, 06/26/2019 - 14:54
Second Florida City Hit by Ransomware Opts to Pay

Another Florida city has decided to pay a ransom to the hackers who took control over its municipal computer systems. On June 25, the mayor of Lake City said the northern Florida city would pay hackers $460,000 to regain control of its email and other servers that were seized two weeks ago, according to CBS 47 Action News Jax.

With the exception of the police and fire departments, the attack has left almost all of the city’s computer systems encrypted since the June 10 attack, and Lake City and Riviera Beach are only the latest in a growing list of municipalities that have fallen victim to ransomware.

A recently published Mimecast report, The State of Email Security, found that nearly half (42%) of organizations in the public sector say ransomware has impacted their business operations in the last 12 months, and 73% in the public sector have experienced two to five days of downtime as a result.

“The obvious negative to ransom payment is that it makes ransomware even more lucrative and routine. Repeated high-profile successes incentivize criminals to continue using the tactic and open the field to newcomers. Making matters worse, it is relatively rare for the international sources of these crimes to be caught – investigation and international cooperation is costly, and many cases fall under thresholds that would make them worthwhile to pursue,” said Lesley Carhart, principal threat analyst, threat operations center at Dragos

“Ransom payment, while potentially immediately cheaper than proper disaster recovery planning, is leading us to an ugly Wild West, where paying the highwaymen is a mandatory part of yearly budgets and insurance policies. This is very unfortunate for the victims who can’t afford to pay.”

If paying the ransom becomes a trend, it would likely spur more targeted, well-planned attacks on cities or other defenseless victims, said Ilia Kolochenko, founder and CEO ImmuniWeb.

“With such lucrative and easy stakes on the table, cyber-criminals will now willingly invest to prepare sophisticated, hardly detectable and well-targeted campaigns. Worse, such cybercrimes are often not able to be investigated due to technical issues and payments in cryptocurrency. It’s a paradise for black hats.”

Categories: Cyber Risk News

US, Australia Defend Democracy With Cyber Center

Wed, 06/26/2019 - 12:59
US, Australia Defend Democracy With Cyber Center

In collaboration with the US, Australia is endeavoring to fight the threat of fake news with the creation of a new cybersecurity center, according to The Lead.

The Jeff Bleich Centre for the US Alliance in Digital Technology, Security and Governance in Adelaide, Australia, is named after Jeff Bleich, special counsel to former President Barack Obama. From 2009 to 2013, Bleich served as ambassador to Australia. The ambassador will also be named a Flinders University Professorial Fellow.

South Australian researchers will work with the US to improve cyber-intelligence capabilities that will combat both the threat of deep fakes and the potential for foreign adversaries to meddle in national elections. 

According to the center’s website, it will provide “an Australian research hub, focused initially on social science research, for government, industries and NGOs to address current and emerging issues of digital technology, security and governance, especially in relation to the US-Australia Alliance.” 

The center will also enable Australia to strategically collaborate with and establish partnerships among and between academia, industry and defense both at home and abroad. 

Commenting on the disruptive cost of cyber-threats on democracy, Ambassador Bleich said, “We know that the advent of digital technology has fundamentally changed the way we each work, eat, shop and live. But it has also changed our societies and how we defend ourselves.

“Our nations – both separately and together – must operate in new ways to preserve our values and protect our people and allies in new battle spaces. This is the mission of the Jeff Bleich Centre for the US Alliance in Digital Technology, Security and Governance. Flinders is the ideal home for the center with its long-term track record in American studies, its focus on disruptive technologies and its successful binational programs," Bleich said.

“The center aligns with the South Australian and federal governments’ cyber-security plans and will further strengthen South Australia’s position as Australia’s defense state. It will consolidate Flinders University’s research expertise and strengths in digital technologies, security and governance and build upon Flinders existing strengths in US policy studies and the university’s strong US alliance.”

Categories: Cyber Risk News

Netanyahu Boasts of Israel's Cyber Intelligence

Wed, 06/26/2019 - 12:22
Netanyahu Boasts of Israel's Cyber Intelligence

At Israel’s Cyber Week 2019 being held at Tel Aviv University, Prime Minister Netanyahu boasted that Israel learned of and was able to stop an attacker from hijacking a flight from Sydney to Abu Dhabi because of the country’s cyber-intelligence capabilities, according to today’s press release.

“We alerted the Australian police, and they were able to prevent it. If you multiply that times 50, that would give you an idea of the contribution that Israel has made in protecting against terrorist activities, and most of those contributions were made with cybersecurity,” Netanyahu reportedly said.

“Israel has invested more than any other country proportionally,” he continued. “We invest vast sums of money, probably #2 in the western world, in our military intelligence, which goes to the army, the Mossad, to the Shin Bet [Israel Security Agency] and to other arms as well. We have created an enormous investment in human capital, people, who can deal with the internet, can deal with the ramifications of this revolution, both as workers and as entrepreneurs.”

Recognizing the challenges that Israel had to overcome to become a competitor in industries that require large-scale operations, Netanyahu spoke of the benefits of collaboration, adding, “We’re encouraging international associations. We have today unbelievable cooperation, first with our great and irreplaceable ally the USA, we’re collaborating on cybersecurity and on many other things.” 

Following Netanyahu, Yigal Unna, director general of the Israel National Cyber Directorate (INCD) took to the stage, stressing, "Iran and its proxies continue to pose a main cyber threat on the Middle East. Israel is prepared for cyber-threats and we have the capability to respond forcefully to cyber-attackers.”

Reporting on a survey conducted by INDC, in which more than 300 companies across Israel participated, Unna noted that 68% of companies reported that they had experienced at least one attempted or actual cyber-attack in the past year; however, in the majority (63%) of those incidents, the organizations said they incurred no damage. 

Categories: Cyber Risk News

Pages