Info Security

Subscribe to Info Security  feed
Updated: 26 min 51 sec ago

Black Hat Survey Reveals Cyber Concerns

Tue, 07/02/2019 - 05:00
Black Hat Survey Reveals Cyber Concerns

In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers.

Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election.

According to the report, more than 60% of security professionals feel there is a strong likelihood that voting machines will be hacked, resulting in an impact on the next US election. The same number of respondents believe that Russian cyber initiatives will specifically have a significant impact on the US presidential election in 2020.

The protection of consumer data is an equally concerning cyber threat for industry professionals. The report found that 90% of security professionals believe that no matter how careful individuals are, their data will most likely end up available to criminals if it isn’t already being accessed or sold on the dark web at this very moment.

In fact, few security professionals, only 30%, believe that consumers will actually be able to protect their privacy and identities in the future. Fewer, only 25%, said that consumer identity protection services are actually effective. An even smaller percentage, only 21%, have faith that the government and private sector are prepared to respond to an attack on US critical infrastructure.

The use of social media is one channel that contributes to the challenge of protecting privacy and identity. An overwhelming majority (75%) of survey respondents said that using any social network is a bad idea, with Facebook identified as having the highest risk by 80% of respondents. “Instagram was red-flagged by more than 70%, LinkedIn nearly 60%, SnapChat at 58%, Twitter with 53%, and 51% listed Pinterest,” according to a press release.

Categories: Cyber Risk News

Black Hat Survey Reveals Cyber Concerns

Tue, 07/02/2019 - 05:00
Black Hat Survey Reveals Cyber Concerns

In advance of the 2019 Black Hat conference in Las Vegas, Black Hat USA has released its latest report on the growing concerns of consumers.

Based on survey responses from conference attendees, the report, Consumers in the Crosshairs, looks at consumer concerns about their personal data potentially ending up in the hands of criminals as well as the ways in which security will affect the 2020 US presidential election.

According to the report, more than 60% of security professionals feel there is a strong likelihood that voting machines will be hacked, resulting in an impact on the next US election. The same number of respondents believe that Russian cyber initiatives will specifically have a significant impact on the US presidential election in 2020.

The protection of consumer data is an equally concerning cyber threat for industry professionals. The report found that 90% of security professionals believe that no matter how careful individuals are, their data will most likely end up available to criminals if it isn’t already being accessed or sold on the dark web at this very moment.

In fact, few security professionals, only 30%, believe that consumers will actually be able to protect their privacy and identities in the future. Fewer, only 25%, said that consumer identity protection services are actually effective. An even smaller percentage, only 21%, have faith that the government and private sector are prepared to respond to an attack on US critical infrastructure.

The use of social media is one channel that contributes to the challenge of protecting privacy and identity. An overwhelming majority (75%) of survey respondents said that using any social network is a bad idea, with Facebook identified as having the highest risk by 80% of respondents. “Instagram was red-flagged by more than 70%, LinkedIn nearly 60%, SnapChat at 58%, Twitter with 53%, and 51% listed Pinterest,” according to a press release.

Categories: Cyber Risk News

Insulin Pumps Recalled By FDA For Cybersecurity Risks

Mon, 07/01/2019 - 12:01
Insulin Pumps Recalled By FDA For Cybersecurity Risks

The U.S. Food and Drug Administration (FDA) is warning patients and healthcare providers that some insulin pumps carry cybersecurity risks. 

In an alert published on June 27 2019, the FDA said that certain Medtronic MiniMed™ insulin pumps carry potential cybersecurity risks and that patients with diabetes using these models should switch their insulin pump to other models. 

The alert says: “The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities." The alert goes onto say that a person could change a pump’s settings to either "over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” Both are life-threatening.

According to the FDA website, Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks, meaning that patients are advised to replace affected pumps with models that are better equipped to protect them from these risks. 

Medtronic was founded in 1949 as a medical equipment repair shop, which eventually went on to create a wearable, battery-powered cardiac pacemaker. The company is recalling the following affected MiniMed pumps and providing alternative insulin pumps to patients:

  • MiniMed™ 508, All versions
  • MiniMed™ Paradigm™ 511, All versions
  • MiniMed™ Paradigm™ 512/712, All versions
  • MiniMed™ Paradigm™ 515/715, All versions
  • MiniMed™ Paradigm™ 522/722, All versions
  • MiniMed™ Paradigm™ 522K/722K, All versions
  • MiniMed™ Paradigm™ 523/723, Version 2.4A or lower
  • MiniMed™ Paradigm™ 523K/723K, Version 2.4A or lower
  • MiniMed™ Paradigm™ 712E*, All versions
  • MiniMed™ Paradigm™ Veo 554CM/754CM*, Version 2.7A or lower
  • MiniMed™ Paradigm™ Veo 554/754*, Version 2.6A or lower

This recall follows a report from Siemplify that found that healthcare companies lacked maturity when it came to cybersecurity. The report was based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs).
 
To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks. 

*Denotes patients are affected outside of the US. 

Categories: Cyber Risk News

Insulin Pumps Recalled By FDA For Cybersecurity Risks

Mon, 07/01/2019 - 12:01
Insulin Pumps Recalled By FDA For Cybersecurity Risks

The U.S. Food and Drug Administration (FDA) is warning patients and healthcare providers that some insulin pumps carry cybersecurity risks. 

In an alert published on June 27 2019, the FDA said that certain Medtronic MiniMed™ insulin pumps carry potential cybersecurity risks and that patients with diabetes using these models should switch their insulin pump to other models. 

The alert says: “The FDA has become aware that an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities." The alert goes onto say that a person could change a pump’s settings to either "over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” Both are life-threatening.

According to the FDA website, Medtronic cannot update the MiniMed™ 508 and Paradigm™ insulin pump models to address these potential cybersecurity risks, meaning that patients are advised to replace affected pumps with models that are better equipped to protect them from these risks. 

Medtronic was founded in 1949 as a medical equipment repair shop, which evantually went on to create a wearable, battery-powered cardiac pacemaker. The company is recalling the following affected MiniMed pumps and providing alternative insulin pumps to patients:

  • MiniMed™ 508, All versions
  • MiniMed™ Paradigm™ 511, All versions
  • MiniMed™ Paradigm™ 512/712, All versions
  • MiniMed™ Paradigm™ 515/715, All versions
  • MiniMed™ Paradigm™ 522/722, All versions
  • MiniMed™ Paradigm™ 522K/722K, All versions
  • MiniMed™ Paradigm™ 523/723, Version 2.4A or lower
  • MiniMed™ Paradigm™ 523K/723K, Version 2.4A or lower
  • MiniMed™ Paradigm™ 712E*, All versions
  • MiniMed™ Paradigm™ Veo 554CM/754CM*, Version 2.7A or lower
  • MiniMed™ Paradigm™ Veo 554/754*, Version 2.6A or lower

This recall follows a report made by Siemplify last week that found that healthcare companies lacked maturity when it came to cybersecurity. The report was based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs).
 
To date, the FDA is not aware of any reports of patient harm related to these potential cybersecurity risks. 

*Denotes patients are affected outside of the US. 

Categories: Cyber Risk News

Vulnerability in Cirque Du Soleil Show App

Mon, 07/01/2019 - 11:56
Vulnerability in Cirque Du Soleil Show App

June 30th was the closing night for the Cirque du Soleil show Toruk – The First Flight in London, which ESET researchers said is good news for fans who used the show’s corresponding mobile app, as it reportedly lacked security and made mobile phones vulnerable. 

According to Lukáš Štefanko, the ESET security researcher who analyzed the app, also named “TORUK – The First Flight,” those who connected to the network during the show could have gained admin access to the app, which was designed so that audiences could engage with the show via audiovisual effects generated on their mobile devices.

“It appears that the TORUK app wasn’t designed with security in mind. As a result, anyone who was connected to the network during the show had the same admin possibilities as the Cirque du Soleil operators,” explained Štefanko. The app, which is no longer being marketed now that the show has concluded, was installed on Google Play over 100,000 times, and there is also a version for iOS. Cirque du Soleil’s staff did reportedly tell ESET that they would pull it from both the Android and Apple official app stores.

Because the app had no authentication protocol, Štefanko said that an adversary could scan the network and get the IP addresses of devices with the defined port 6161 opened. An attacker could then send commands to all devices running the app, explained Štefanko, a vulnerability which he said could have been avoided quite easily.

“If the app generated a unique token for each device, then it would be impossible to access all the devices en masse, without any authentication. After the show, all the devices with this app installed remain vulnerable, so its users may experience unpleasant surprises at any point in the future if they are connected to a public network.”

“Those who installed this app should uninstall it immediately. By the way, we highly recommend doing that with all single-purpose apps,” said Štefanko. 

Categories: Cyber Risk News

Financial Industry Hit By Surging Numbers of Cyber-Incidents

Mon, 07/01/2019 - 11:54
Financial Industry Hit By Surging Numbers of Cyber-Incidents

Financial services companies in the UK were hit by 819 cyber-incidents, which were reported to the Financial Conduct Authority in 2018. According to a freedom of information (FOI) request made by accountancy firm RSM, the data showed that there had been a huge rise from the previous year, with 69 reported in 2017.

Retail banks were hit the hardest and had the highest number of reports (486), which is almost 60% of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.

The majority of reports found that the root causes of the incidents were attributed to third-party failure (21%). Hardware and software issues followed (19%) and change management (18%). The information also shows that there were 93 cyber-attacks in 2018 reported to the FCA, with over half of them identified as phishing attacks, and 20% ransomware. 

Steve Snaith, a technology risk assurance partner at RSM, believed that this surge is probably linked to more proactive reporting to the FCA, but worries that there are still many more non-disclosed incidents: “We suspect that there is still a high level of under-reporting and failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties.

“As the FCA has previously pointed out, eliminating the threat of cyber-attacks is all but impossible,” he continued. “While the financial services sector emerged relatively unscathed from recent well-publicised attacks such as NotPetya, the sector should be wary of complacency given the inherent risk of cyber-attacks that it faces.”

In 2019, Metro Bank became the first major retail bank to fall victim to the SS7 exploit, which showed momentum continued into the next year. Hackers were able to intercept an additional layer of security offered by Metro Bank, which asks customers to type in a code sent by text message to their phones to confirm transfers and payments.

Snaith also pointed out that some of the incidents were down to human error or IT environments being mismanaged: “The requirements for Privacy Impact Assessments as a formal requirement of GDPR/DPA2018 should hopefully drive a greater level of governance in this area.”

Nigel Hawthorn, data privacy expert at McAfee, commented: “Financial institutions must find the right combination of people, process and technology to effectively protect themselves from attacks and human error, detect any threats as soon as they appear and, if targeted, rapidly correct systems. This means redoubling efforts in training and managing user activities to quickly detect any unusual activity which may signal an attack as well as protecting against accidental errors from staff or partners. With the prospect of damaged customer trust and fines from the FCA or ICO looming as the result of a data breach, the stakes have never been higher.”

Categories: Cyber Risk News

Dubai Bank Invokes Shaggy in Awareness Video

Mon, 07/01/2019 - 11:31
Dubai Bank Invokes Shaggy in Awareness Video

Shaggy’s chart-topping hit from 2000, “It Wasn’t Me,” has made a comeback. Emirates NBD, a bank in Dubai, in conjunction with the Dubai Police, adapted the lyrics and produced a video rendition as part of a cybersecurity awareness campaign. 

Set to the song’s tune, the video conveys a conversation between the bank’s customer service department and a scam victim who asks, “How could I be so clumsy and click on that dubious link?”

“I love the sheer unexpectedness of their creativity,” said Perry Carpenter, chief security strategist at KnowBe4. “A campaign like this works because they are leveraging multiple tactics simultaneously. From a format that cuts past the doldrums of ‘talking head’ style videos, to the way they leverage music, story, and imagery – along with humor – as effective Trojan Horses for the Mind, the creators demonstrated a masterful understanding of how to grab attention and embed a meaningful message.”

As a word of caution to practitioners, Carpenter said that relying on a single ‘flavor’ of content can be ineffective. “Like any flavor, not everyone will like it or respond to it, and that’s not a problem as long as the creators account for that fact. Working across a variety of flavors and formats can help drive any message home to a wider audience.”

However, security awareness practitioners have long encouraged the use of creativity and humor in awareness and training campaigns, according to Lisa Plaggemier, chief security evangelist at InfoSec Institute

“I’ve heard plenty of security professionals and thought leaders in training and awareness question the legitimacy and efficacy of using humor to communicate about security. Many of them advise against it. When I see a spot as well-made as this one from the Dubai Police, I just don’t understand that perspective,” Plaggemier said.

The use of humor in advertising is more nuanced than a hard ‘yes’ or ‘no’. “It’s highly dependent on context (like existing perception of the issue), the type of humor (satire, slapstick, etc.),or the demographics of the audience,” Plaggemier said. 

“Humor is very effective for getting attention, it can help a campaign go viral, and it can positively affect retention. As a training and awareness lead, I had great success using humorous videos to get security content in front of people that wouldn’t otherwise engage with security messaging. The Dubai Police video is so good, I showed it to my kids and their friends. I clearly couldn’t have gotten them to watch a security video with less entertainment value. I’ve watched it three times and I’m still chuckling.”

Categories: Cyber Risk News

Nearly 20% of UK Children Exposed to Self-Harm Images Online

Mon, 07/01/2019 - 10:35
Nearly 20% of UK Children Exposed to Self-Harm Images Online

Primary school-aged children have seen content online which encouraged them to hurt themselves, according to the NSPCC

In its latest report, How safe are our children? 2019: an overview of data on child abuse online, the children's charity interviewed children across the UK as part of its sixth annual report on the subject of staying safe online. The research found that 16% of primary school children and 19% of secondary school-aged students had seen content which encouraged self-harm. 

Secondary school students also reported that they see sexual content (16%) in reviews of the “most popular social networks, apps and games,” as well as seeing (31%) worrying or nasty online content. 

“Right now, internet companies are a black box that nobody on the outside world is allowed to open,” writes Peter Wanless, chief executive of the NSPCC. “Many don’t publish any details about the scale and scope of the dangers children have been facing on their platforms. 

“Despite calls for openness, they stay silent.”

The report shows that there has been a year-on-year increase in the numbers and rates of police-recorded online child sexual offences in England, Wales and Northern Ireland, with increases in police-recorded offences of obscene publications or indecent photos in all four UK nations over the last five years. Further, there have been increases in the number of URLs containing child sexual abuse imagery since 2015. 

This year, Libby, 16, spoke to the BBC about how she used social media channels to promote her self-harming. Her father, Ian, told the BBC that images were reported to Instagram, but the social media company did nothing. The NSPCC report found that the majority of parents, carers and members of the public believe that social networks should have a legal responsibility to keep children safe on their platforms.

Wanless agrees: “We are seeking a convincing demonstration of a duty of care to young users, so the internet can genuinely be a place that benefits us all. Nothing will concentrate minds better than effective sanctions for the tech giants who fail to take reasonable steps to protect our children. 

“These companies make vast sums of money every year and the penalties need to be proportionate. Named directors need to be liable for their actions and inactions,” he continues. "In other industries like financial services this is now accepted practice in terms of expecting and enforcing responsible corporate behaviour."

NSPCC's research also found that young children were being exposed to sexual images online, sometimes being preyed upon by adults: 21% of surveyed girls aged 11 to 18 said they had received a request for a sexual image or message, with 5% saying they had been sent or shown a naked or semi-naked picture or video from an adult. Also, 4% of primary school children had been sent or shown such an image. Most shockingly, 2% of surveyed primary and secondary school children said they had sent a naked or semi-naked picture or video to an adult.

Categories: Cyber Risk News

Four in 10 North American Banks Don't Use EV Certificates

Sun, 06/30/2019 - 20:54
Four in 10 North American Banks Don't Use EV Certificates

Despite the fact that all of the largest banks analyzed across Europe and North America do use some form of SSL certificates, a number of banks are leaving their customers vulnerable to phishing attacks, according to a new report released by Sectigo.   

According to the Secure Impressions: Online Banking Study, 40% of the North American banks studied did not receive the highest rating, which was only given to those banks that used extended validation (EV) certificates to demonstrate the website’s true, authenticated identity. 

“In Europe, 25% of banks did not receive the highest rating,” a June 27 press release stated. “Websites without EV certificates on the home and/or login pages received a lesser rating (yellow status). No banks in the study displayed 'Not Secure' warnings (red status).”

“Online criminals routinely use counterfeit websites to trick consumers into unknowingly providing valuable information such as account logins, credit card numbers, and personally identifiable information that can be used for identity theft,” said Tim Callan, senior fellow at Sectigo. 

“Protecting against phishing is definitely an important function in the overall cybersecurity program of almost all organizations around the world. Enabling best-practice security measures can certainly help reduce the impact of phishing that IT security teams face,” said Jonathan Deveaux, head of enterprise data protection at comforte AG

Because other threat vectors and vulnerabilities can still be exploited, organizations should consider additional security measures.  

The press release also noted that 76% of data breaches are financially motivated. As banks house a treasure trove of personal data, they will continue to be targets of cyber-attacks. 

“Since it is your data that they ultimately want, another effective method for improving cybersecurity posture is the data-centric protection model. Data-centric protection means to activate security on the data itself – de-identify personal information by anonymizing the data elements, and remove credit card numbers and social security numbers by replacing them with fake numbers,” Deveaux said. 

“Even with improved cybersecurity defenses, hackers have proved that they can still find a way to get through in order to steal data. So why not give them something they can’t use. A combined approach to cybersecurity may be the best approach for many organizations.”

Categories: Cyber Risk News

New Dridex Variant Evading Traditional Antivirus

Fri, 06/28/2019 - 13:47
New Dridex Variant Evading Traditional Antivirus

Only 10 days after malware researcher Brad Duncan reported analysis on a new variant of Dridex that bypasses mitigation of application whitelisting techniques by disabling or blocking Windows Script Host, eSentire discovered a new infrastructure pointing to a similar Dridex variant.  

“Dridex malware targets banking information and is delivered via email in the form of a malicious document with embedded macros,” eSentire Threat Intelligence wrote. “At the time of discovery only six antivirus solutions of about 60 detected suspicious behavior. About 12 hours later, on the morning of June 27, 16 antivirus solutions could identify the behavior.”

As has been the case with the Emotet malware, Dridex has also had many iterations, with its presumed first appearance as Cridex back in 2011. “Over the last decade, Dridex underwent a series of feature augmentation, including a transition to XML scripts, hashing algorithms, peer-to-peer encryption, and peer-to-command-and-control encryption. Like Emotet, each new version of Dridex traces a further step in the global arms race as the security community responds with new detection and mitigations,” researchers wrote.

It is believed that Dridex will continue to see more variations. “Given the same-day deployment and implementation of the ssl-pert[.]com domain on June 26th and a tendency to utilize randomly generated variables and URL directories, it is probable the actors behind this variant of Dridex will continue to change up indicators throughout the current campaign,” the report said. 

Initially the malware was delivered through a malicious document in an email; however, the different variations allow the macros to respond to different levels of employee engagement, according to the report. 

“Given email as the initial access point, employees are the first line of defense against this threat. Expect financial departments to be targeted by unsolicited invoices carrying malicious macros within. Some antivirus engines were able to detect (but not specify) the suspicious behavior. Given the rapid turnover of infrastructure and indicators, signature-based antivirus solutions will continue to have gaps throughout the Dridex campaign,” the report said.

Categories: Cyber Risk News

Client Data at Ford, TD Bank Exposed by Attunity

Fri, 06/28/2019 - 13:10
Client Data at Ford, TD Bank Exposed by Attunity

Another company charged with managing and safeguarding client data, Attunity, left client data files exposed on the internet, according to a June 27 report from UpGuard. The incident has reportedly impacted clients, including Ford and the TD Bank, whose customer information was publicly accessible. 

Researchers disclosed that three Amazon S3 buckets used by the data management company have now been secured. “Of those, one contained a large collection of internal business documents. The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more,” researchers wrote. 

This news comes on the heels of reports that Attunity had left a terabyte of data from Amazon Web Services exposed only a month ago. “In order to prevent putting yourself or your valued customers in a similar situation and making headlines for all the wrong reasons, it's vital that you integrate a comprehensive privileged account management (PAM) program into your security plan,” said Todd Peterson, security evangelist at One Identity.

Despite recommendations that companies change the default admin password on any system and implement a password vault, many organizations continue to have security issues that stem from misconfiguration.

“It’s no wonder that third-party risk has become the most significant cyber issue for organizations around the globe – lax understanding of third parties' security posture and practices is creating a massive weak spot for all organizations across all industries. Simply trusting business partners to do the right thing is irresponsible – companies need to do robust monitoring,” said Jake Olcott, VP at Bitsight.

Categories: Cyber Risk News

Attackers Hack PCM Inc. to Access to Client Files

Fri, 06/28/2019 - 12:44
Attackers Hack PCM Inc. to Access to Client Files

A US-based cloud solutions provider, PCM Inc., has experienced what KrebsOnSecurity called a “digital intrusion,” which enabled hackers to access the email and file-sharing systems of some of the company’s clients.  

“Sources say PCM discovered the intrusion in mid-May 2019. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365, a cloud-based file and email sharing service run by Microsoft Corp,” Krebs wrote. 

Krebs said it is unclear whether there is a link between the Wipro compromise and this latest incident at PMC. "As a bystander, it does seem possible that both the Wipro and PCM compromises are connected. As for the connection to Cloud Hopper, it is not surprising that Chinese groups are attacking the ISPs and cloud providers,” said Jonathan Oliveira, cyber-threat intelligence analyst at Centripetal.

“The growing trend of targeting employees who work at cloud providers makes plenty of sense because why would an attacking group want to waste time and resources brute-forcing when employees statistically offer the best avenue of approach into a network? These employees are increasingly becoming high-value targets and, in most cases, do not realize how valuable they are to an attacker,” Oliveira said, adding that investing in technology does little to defend against human behaviors. 

Financially motivated attackers go after the lowest-hanging fruit, and it’s no surprise that cyber-criminals are exploiting attacks that will reward them with fast cash, said Kevin Gosschalk, CEO, Arkose Labs. 

“The lasting impact of this breach – like every data breach involving exposed PII and credentials – is not yet fully realized. Each breach empowers fraudsters with more ammunition to attack businesses in a highly targeted manner, and the large amount of exposed credentials on the dark web is responsible for the steady rise in account takeover attacks. Companies must make it a priority to secure their attack surface so hackers cannot extract economic reward from their company, and sensitive data is protected.”

The news raises concerns given that criminals have been more frequently targeting the cloud to use stolen passwords, API vulnerabilities or user misconfiguration and take over accounts, which gives them access to information as if they were an authorized user, thus bypassing all security controls, according to Pravin Kothari, CEO of CipherCloud.

"As more and more information, the crown jewels of business, migrate to the cloud, organizations just do not have the visibility and control that they had with their traditional enterprise security capabilities.  Businesses need to change their approach to security from network- and access-centric to data-centric,” Kothari said.

Categories: Cyber Risk News

Data Mapping & Discovery Tools Top Privacy Shopping Lists

Fri, 06/28/2019 - 10:47
Data Mapping & Discovery Tools Top Privacy Shopping Lists

The need to demonstrate compliance is the main motivation for privacy technology adoption, according to new findings.

According to research of 345 privacy professionals by TrustArc and the IAPP, technology solutions are helping 92% of organizations to keep pace with new privacy laws. Meanwhile products that help businesses discover and map data flows top the list of purchase plans, and privacy teams are playing a larger role in privacy tech purchasing decisions as organizations navigate a complex field of regulations.

“As the number of privacy regulations grows, organizations must contend with the complexity of managing an increasingly fragmented privacy regulatory landscape,” said Chris Babel, CEO of TrustArc.

“These rapid regulatory changes make cross-regulation management more difficult. As a result, organizational leaders are purchasing technology that can streamline the process of building global privacy compliance at scale, while turning more to privacy and data protection professionals for purchase input.”

TrustArc said that the increasing complexity of business in the digital world, coupled with a growing list of global privacy frameworks, has increased the need for organizations to adopt solutions that demonstrate compliance and are scalable and efficient.

The survey found that the top purchase plans for the next 12 months include: data mapping/flow (24%), data discovery (23%), assessment management (20%) and subject access request/individual rights (18%).

Also in comparison to statistics from last year’s survey, demand for privacy legal updates and information management solutions grew by 5%.

In an email to Infosecurity, Rik Turner, principal analyst at Ovum, said that there were no surprises around discovery and mapping data flows being popular, as while asset discovery is an essential part of any IT department’s job, institutions have real problems finding all the data they have on individuals within their multiple database instances, applications, etc.

“Data discovery is thus a vital precursor to any compliance activity: you can’t wrap control around data till you know everywhere it resides within your organization and have classified and categorized it,” he said. “Of course, understanding how and where data flows, who accesses it and where it is copied to, is a vital part of data discovery.”

Categories: Cyber Risk News

Five Million IP Camera Cyber-Attacks Blocked in Just Five Months

Fri, 06/28/2019 - 08:55
Five Million IP Camera Cyber-Attacks Blocked in Just Five Months

Trend Micro has announced that it blocked five million cyber-attack attempts against internet protocol (IP) cameras in just five months, highlighting the security risks that continue to impact IP-based surveillance devices.

The security vendor analyzed 7000 anonymously aggregated IP cameras, and discovered that the IP surveillance industry is facing high numbers of attacks.

Trend Micro detailed that of the attacks it blocked, 75% were brute force login attempts, and stated that there is a clear pattern of malicious attackers targeting IP surveillance devices with common malware such as Mirai variants.

Oscar Chang, executive vice-president and chief development officer for Trend Micro, said: “More verticals are seeking connected, AI-powered video surveillance applications causing a clear paradigm shift from a relatively closed-off network to a more interconnected network operated heavily by cloud-based technologies. Due to this shift in the landscape, manufacturers and users must pay attention to the security of these IoT devices.”

“While the industry has known about cyber-risks, manufacturers have been unable to properly address the risk without knowing the root cause and attack methods,” added Dr Steve Ma, vice-president of engineering, Brand Business Group for VIVOTEK.

The topic of the use of surveillance cameras was recently brought to the fore on National Surveillance Camera Day, June 20, featuring conversations about how camera technology is evolving and what the benefits and risks are for society.

Categories: Cyber Risk News

Silexbot Bricks Nearly 4000 IoT Devices

Thu, 06/27/2019 - 15:47
Silexbot Bricks Nearly 4000 IoT Devices

Silex, a new strain of malware that was used to brick IoT devices, is apparently the work of a 14-year-old boy from Europe, according to an Akamai researcher.

The botnet works by trashing the IoT device's storage, removing the network configuration, such as dropping firewall rules, and ultimately halting the devices, which renders them useless. Researcher Larry Cashdollar shared text the individual had embedded into the code, which revealed the hacker’s intentions:

Credit: Akamai

The bot has been targeting Unix-like systems with default login credentials and thus far has affected nearly 4000 devices and counting. In order to recover, victims need to reinstall the device’s firmware, which is not an easy task for many device owners. 

Cashdollar explained: “Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions. Using that list, Silexbot then writes random data from /dev/random to any of the partitions it discovers.”

The malware’s tactic of hacking devices using default-credentials is the most basic way to take over highly vulnerable and internet-facing IoT devices, according to Ben Seri, VP of research at Armis

“The fact that despite this, the malware was able to brick a few thousand devices so quickly is a testament to how vulnerable IoT devices are. This experiment is a warning sign to how ransomware attacks may evolve. A ransomware that is designed to brick IoT devices unless a certain payout is given can become extremely dangerous," Seri said.

As many industries saturated with unmanaged IoT devices are still running old operating systems, there are lots of easy targets that are wide open to attacks, Seri continued.

“In many cases, these devices have critical functions within these industries – the industrial controllers operating the production lines in factories, the bedside patient monitors, and the life-support systems in hospitals. Adding the ability to brick these types of devices to a ransomware would make it much more dangerous and destructive than any of the ransomware attacks we have seen so far.” 

Categories: Cyber Risk News

Silexbot Bricks Nearly 4,000 IoT Devices

Thu, 06/27/2019 - 15:47
Silexbot Bricks Nearly 4,000 IoT Devices

Silex, a new strain of malware that was used to brick IoT devices, is apparently the work of a 14-year-old boy from Europe, according to an Akamai researcher.

The botnet works by trashing the IoT device's storage, removing the network configuration, such as dropping firewall rules, and ultimately halting the devices, which renders them useless. Researcher Larry Cashdollar shared text the individual had embedded into the code, which revealed the hacker’s intentions:

Credit: Akamai

The bot has been targeting Unix-like systems with default login credentials and thus far has affected nearly 4,000 devices and counting. In order to recover, victims need to reinstall the device’s firmware, which is not an easy task for many device owners. 

Cashdollar explained: “Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions. Using that list, Silexbot then writes random data from /dev/random to any of the partitions it discovers.”

The malware’s tactic of hacking devices using default-credentials is the most basic way to take over highly vulnerable and internet-facing IoT devices, according to Ben Seri, VP of research at Armis

“The fact that despite this, the malware was able to brick a few thousand devices so quickly is a testament to how vulnerable IoT devices are. This experiment is a warning sign to how ransomware attacks may evolve. A ransomware that is designed to brick IoT devices unless a certain payout is given can become extremely dangerous," Seri said.

As many industries saturated with unmanaged IoT devices are still running old operating systems, there are lots of easy targets that are wide open to attacks, Seri continued.

“In many cases, these devices have critical functions within these industries – the industrial controllers operating the production lines in factories, the bedside patient monitors, and the life-support systems in hospitals. Adding the ability to brick these types of devices to a ransomware would make it much more dangerous and destructive than any of the ransomware attacks we have seen so far.” 

Categories: Cyber Risk News

China's 'Cloud Hopper' Hacked Eight Tech Service Companies

Thu, 06/27/2019 - 15:16
China's 'Cloud Hopper' Hacked Eight Tech Service Companies

Chinese hackers broke into the networks of multiple large technology service providers across the globe and stole commercial secrets as part of a global hacking campaign dubbed Cloud Hopper, according to an exclusive report from Reuters

The attack, which “exploited weaknesses in those companies, their customers and the Western system of technological defense,” according to Reuters, has been attributed to China by the U.S. and its allies.

Among those reportedly impacted in the large-scale attack were Ericsson, Hewlett Packard Enterprise and IBM.

“Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corporation in 2017 to create DXC.”

As a result, more organizations that are part of the supply chains or customers of these service providers were also impacted, including Sabre, a leading travel reservation system that manages plane bookings in the US.  Huntington Ingalls Industries was also a victim. The company is reportedly the largest shipbuilder for the U.S. Navy.

“This was the theft of industrial or commercial secrets for the purpose of advancing an economy,” Australia's former national cybersecurity adviser Alastair MacGibbon told Reuters. “The lifeblood of a company.”

China is making no effort to conceal its strategy for information dominance, said Tom Kellermann, chief cybersecurity officer for Carbon Black. “This strategy was developed during the first Gulf War and a cornerstone of it is to conduct island hopping from [managed service providers] and telcos into their corporate client networks. Carbon Black research shows that island hopping is exploding and occurring 50% of the time as corporate brands are being used to target their clients.

“The systemic theft of intellectual property is coupled with the colonization of sensitive corporate networks, which allows the Chinese to become telepathic. The irony is Chinese hacking has dramatically increased as a reaction to the trade war. The overt colonization continues."

Categories: Cyber Risk News

MedicareSupplement.com Left 5m Records Exposed

Thu, 06/27/2019 - 15:09
MedicareSupplement.com Left 5m Records Exposed

An online database containing the records of more than 5 million customers apparently belonging to MedicareSupplement.com was left open and accessible to the public, according to a report from Comparitech

In order to get a quote from the TZ Insurance Solutions–owned website, MedicareSupplement.com, users are required to enter personal information. Though not an insurance company, the site does allow users to find supplemental medical insurance through the US-based insurance marketing website.

According to its website, MedicareSupplement.com takes precautions to secure user data. “We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers through the Services. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures."

Security researcher Bob Diachenko discovered what appeared to be part of the site’s marketing leads database on May 13, where millions of MongoDB instances were left publicly available, according to the report. Diachenko tweeted that the database was first found on BinaryEdge.

“Some records – about 239,000 – also indicated insurance interest areas, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance,” the report said.

Having personal information exposed puts users at risk of fraud, spam and targeted phishing attacks, and Comparitech warned that users of MedicareSupplement.com vigilantly keep an eye out for these types of attacks. 

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cyber-criminals to manage the whole system with full administrative privileges,” said Diachenko who collaborated with Comparitech. “Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.”

Categories: Cyber Risk News

MedicalSupplement.com Left 5m Records Exposed

Thu, 06/27/2019 - 15:09
MedicalSupplement.com Left 5m Records Exposed

An online database containing the records of more than 5 million customers apparently belonging to MedicareSupplement.com was left open and accessible to the public, according to a report from Comparitech

In order to get a quote from the TZ Insurance Solutions–owned website, MedicareSupplement.com, users are required to enter personal information. Though not an insurance company, the site does allow users to find supplemental medical insurance through the US-based insurance marketing website.

According to its website, MedicareSupplement.com takes precautions to secure user data. “We have taken certain physical, administrative, and technical steps to safeguard the information we collect from and about our customers through the Services. While we make every effort to help ensure the integrity and security of our network and systems, we cannot guarantee our security measures."

Security researcher Bob Diachenko discovered what appeared to be part of the site’s marketing leads database on May 13, where millions of MongoDB instances were left publicly available, according to the report. Diachenko tweeted that the database was first found on BinaryEdge.

“Some records – about 239,000 – also indicated insurance interest areas, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance,” the report said.

Having personal information exposed puts users at risk of fraud, spam and targeted phishing attacks, and Comparitech warned that users of MedicareSupplement.com vigilantly keep an eye out for these types of attacks. 

“I have previously reported that the lack of authentication allows the installation of malware or ransomware on the MongoDB servers. The public configuration allows the possibility of cyber-criminals to manage the whole system with full administrative privileges,” said Diachenko who collaborated with Comparitech. “Once the malware is in place, criminals could remotely access the server resources and even launch a code execution to steal or completely destroy any saved data the server contains.”

Categories: Cyber Risk News

Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

Thu, 06/27/2019 - 11:11
Crypto Exchange Bitrue Loses $4.5m in Cyber Raid

Bitrue has become the latest cryptocurrency exchange to suffer a major cyber-attack, losing an estimated $4.5m in customer funds in the process.

The Singapore-based company revealed the security breach in a series of tweets early this morning.

“At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team's second review process to access the personal funds of about 90 Bitrue users,” it said.

“The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”

At current prices, that makes it around $4.25m in Ripple (XRP) coins and $225,000 in Cardano (ADA) coins.

Bitrue seems to have acted promptly to respond to and contain the incident: suspending activity temporarily on the exchange while it investigated and alerting exchanges Huobi Global, Bittrex and Change Now to freeze affected funds and accounts.

“Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users,” Bitrue continued.

“Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.”

The exchange also posted a link for users to monitor the flow of stolen funds, and alerted the Singaporean authorities of the cyber raid in an attempt to find the culprit and retrieve the stolen funds.

Most customers responding on Twitter have been sympathetic to the exchange’s plight and appreciative of its transparency — although this would no doubt change if they weren’t getting their money back.

A report from earlier this year revealed that cryptocurrency exchanges lost $1.2bn from fraud and cyber-attacks — versus an estimated $1.7bn for the whole of 2018.

Categories: Cyber Risk News

Pages