Info Security

Subscribe to Info Security  feed
Updated: 1 hour 11 min ago

One Million Compromised Accounts Found at Top Gaming Firms

Mon, 01/04/2021 - 10:34
One Million Compromised Accounts Found at Top Gaming Firms

Security researchers have warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web.

Tel Aviv-based threat intelligence firm Kela decided to investigate the top 25 publicly listed companies in the sector based on revenue.

After scouring dark web marketplaces, it discovered a thriving market in network access on both the supply and demand side.

This included nearly one million compromised accounts related to employee- and customer-facing resources, half of which were listed for sale last year.

Compromised accounts linked to internal resources like admin panels, VPNs, Jira instances, FTPs, SSOs, developer-related environments and more were found in virtually all of the top 25 gaming companies studied.

This could put these firms at risk of customer data theft, corporate espionage, ransomware and more. Kela said it had tracked ransomware attacks on four gaming companies in recent months.

“Credentials to internal resources of recently attacked companies – such as VPN, website management portals, admin, Jira and more – were put up for sale and hence were available for any potential attacker prior to the cyber-attacks that occurred,” it added.

“We also detected an infected computer (bot) which had credential logs to plenty of sensitive accounts that could be accessed by attackers upon purchase: SSO, Kibana, Jira, adminconnect, ServiceNow, Slack, VPN, password-manager and poweradmin of the company – all on a single bot. This strongly suggests that it’s used by an employee of the company with administrator rights. This highly valuable bot was available for sale for less than $10.”

Elsewhere, the researchers found half-a-million gaming employee credentials exposed on the dark web after breaches at third-party firms, many of which were available for free.

These could also provide attackers with a useful foothold in victim networks, they warned.

Kela urged gaming companies to invest in ongoing monitoring of their digital assets across the dark web, as well as enhanced staff training on things like password management, and deployment of multi-factor authentication (MFA).

Categories: Cyber Risk News

NYSE to Delist Chinese Telcos on National Security Grounds

Mon, 01/04/2021 - 09:30
NYSE to Delist Chinese Telcos on National Security Grounds

The New York Stock Exchange (NYSE) has begun delisting three Chinese telecoms giants because of their alleged ties to the country’s military.

The exchange released a brief statement on December 31 outlining the process, which came in response to an executive order signed by outgoing President Donald Trump in November last year.

The three affected companies are China Telecom, one of the world’s largest telcos, China Mobile and China Unicom Hong Kong. All are based in the People’s Republic (PRC) and make the vast majority of their revenue outside the US.

“The order prohibits, beginning 9:30 a.m. eastern standard time on January 11, 2021, any transaction in publicly traded securities, or any securities that are derivative of, or are designed to provide investment exposure to such securities, of any Communist Chinese military company, by any United States person,” the note explained.

Trump’s November executive order claimed that Beijing is increasingly “exploiting United States capital” to modernize its military. Even Chinese companies which appear to be private in fact are conscripted into supporting these strategic goals, it said.

“Through the national strategy of military-civil fusion, the PRC increases the size of the country’s military-industrial complex by compelling civilian Chinese companies to support its military and intelligence activities,” it alleged. 

“Those companies, though remaining ostensibly private and civilian, directly support the PRC’s military, intelligence and security apparatuses and aid in their development and modernization.”

As a result, these and other Chinese firms listed on US exchanges constitute an “unusual and extraordinary threat” to US national security and foreign policy and the country’s economy.

Other Chinese firms set for the same treatment include Huawei and surveillance giant Hikvision.

Last month a new bill was passed by the House of Representatives which will require all foreign firms to comply with US auditing rules or delist from the country’s exchanges. This could lead to a number of Chinese firms pulling out, as Beijing has been refusing such scrutiny on national security grounds for over a decade.

Categories: Cyber Risk News

Hacker Earns $2m in Bug Bounties

Thu, 12/24/2020 - 18:22
Hacker Earns $2m in Bug Bounties

An ethical hacker from Romania has become the first person to earn $2m in bug bounties through the bounty hunting platform HackerOne.

Talented hacker Cosmin Lordache, also known by his HackerOne handle @inhibitor181, hit his first significant earning milestone almost a year ago when he became the seventh person to pass the million-dollar earning milestone by reporting 468 flaws through the bug bounty hunting platform.

Today, HackerOne announced on the social media platform Twitter that Lordache’s all-time earnings had reached the $2m mark.

The company said: "334 days ago we announced Lordache as the 7th hacker to reach $1 million dollars in earnings. Today we celebrate his achievement to be the FIRST to reach $2 million! Please join us in congratulating @inhibitor181!"

Lordache, who is 30 and now lives in Germany with his wife and two dogs, started hunting for bug bounties just three years ago while working as a full-stack developer. Since taking up bug bounty hunting, he has been crowned The Assassin at both the h1-65 live hacking event in Singapore and last year's h1-4420 live hacking event in London. 

Santiago Lopez, whose hacker handle is @try_to_hack, was just 19 when he became the first bug bounty millionaire. Today, his name is joined by eight others on the bug bounty millionaire list. 

Australian Nathaniel Wakelam, known to the hacking community as @nnwakelam, is the second-highest bug bounty earner behind Lordache. To date, Wakelam has earned $1.8m, making him just $200k shy of his next major money milestone.

Demonstrating excellent sportsmanship, Wakelam shared Twitter's post regarding Lordache's achievement along with the comment "Beat me by $200k. Congratulations to @inhibitor181!"

The Aussie even encouraged his bug bounty hunting rival to keep up the good work, adding: "See you at 3M."

In 2019, HackerOne reportedly paid out approximately $40m in bug bounties, with most hackers earning under $20k per year from detecting and reporting bugs. So far, the platform has paid ethical hackers in over 170 different counties a total of $82m.

The platform currently has more than six million bug bounty hunters—a figure that has nearly doubled over the past 12 months—and hosts bug bounty hunting programs for more than 1,700 government agencies and companies. 

Categories: Cyber Risk News

White Ops Acquired by Goldman Sachs

Thu, 12/24/2020 - 17:07
White Ops Acquired by Goldman Sachs

American cybersecurity company White Ops announced today that it has been acquired by Goldman Sachs' Merchant Banking Division in partnership with ClearSky Security and NightDragon

Terms of the transaction, which follows Goldman Sachs’ and ClearSky’s initial investment in White Ops earlier this year, were not disclosed.

The business was acquired from previous investors Paladin Capital Group, Grotech Ventures, and other shareholders.

White Ops was founded in 2012 and is based in New York City. The company's core focus is protecting enterprises from fraud and sophisticated bot attacks, including account takeover, automated account creation, and web scraping, by verifying interactions. 

In a year that has seen many businesses struggle and fail, White Ops has grown the number of customers it serves by 40%. To deal with the extra workload, the company increased the number of people it employs by 25% to 170.

According to statements made on its website, White Ops currently verifies over 10 trillion interactions per week.

CEO and co-founder of White Ops Tamer Hassan said that the acquisition will help White Ops to accelerate its expansion into new markets. 

“Goldman Sachs, ClearSky, and NightDragon are ideal partners to support the next phase of the Company’s evolution and growth across multiple markets, use cases and geographies,” said Hassan.

“Their continued support of our mission to disrupt the economics of cybercrime, global network of relationships, and market expertise provides a very strong foundation to execute on our vision to enable collective protection for the internet.”

Jay Leek, managing partner at ClearSky, said that the strength and quality of White Ops' platform was impressive. 

"As fraud and abuse become increasingly prevalent across the digital ecosystem, enterprises and internet platforms require sophisticated threat protection now more than ever," said Leek. 

"White Ops has proven that it can stop fraud and abuse at tremendous scale."

Leek, along with representatives from Goldman Sachs, will join the Board of Directors representing ClearSky. Founder and managing director of NightDragon Dave DeWalt will join the Board of Directors representing NightDragon and serve as White Ops' vice chairman.

Categories: Cyber Risk News

SolarWinds Hackers "Impacting" State and Local Governments

Thu, 12/24/2020 - 16:39
SolarWinds Hackers "Impacting" State and Local Governments

America's Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over the widespread impact of a recent hacking attack that compromised the SolarWinds Orion software supply chain.

The assault on SolarWinds hit the headlines earlier this month after it was discovered and disclosed by researchers at FireEye. The advanced persistent threat (APT) group behind the attack was able to compromise government agencies, critical infrastructure, and private-sector organizations.

Recognizing the serious nature of the attack, CISA put out an emergency directive on December 13 calling “on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

On Wednesday, the agency described the pervasive campaign as a "significant cyber incident" and said that it is affecting US government at all levels. 

In a statement posted to its website, the agency said that it "is tracking a significant cyber incident impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations."

CISA stated that the APT actor responsible for compromising the SolarWinds Orion software supply chain has also carried out widespread abuse of commonly used authentication mechanisms and is well resourced. 

The agency then went on to warn organizations to focus on handling the threat posed by this particular campaign before tackling any other cybersecurity issues.   

"This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked," warned the agency. 

"CISA urges organizations to prioritize measures to identify and address this threat."

The agency has teamed up with the Federal Bureau of Investigation (FBI) and the Office of the Director of National Intelligence (ODNI) to form a Cyber Unified Coordination Group (UCG) that will coordinate a whole-of-government response to the SolarWinds attack.

CISA said that it remains available to help organizations victimized by the incident.

The agency said that it "remains in regular contact with public and private sector stakeholders and international partners, providing technical assistance upon request, and making information and resources available to help those affected to recover quickly from incidents related to this campaign."

Categories: Cyber Risk News

HelpSystems Acquires Vera to Expand Data Security Offerings

Thu, 12/24/2020 - 12:30
HelpSystems Acquires Vera to Expand Data Security Offerings

HelpSystems has announced the acquisition of cloud-based data protection provider Vera.

The IT software firm said the deal will enable it to expand its data security portfolio and help meet a growing demand for solutions that can protect information throughout the full data lifecycle. This includes data classification, file transfer, data loss prevention and encryption.

The need for improved data security has been driven by the shift to remote working in many organizations as a result of the COVID-19 pandemic this year. With sensitive data now being managed across multiple networks and devices rather than within the secure perimeter walls of corporate buildings, organizations have become more vulnerable to breaches. Increasingly, businesses are using cloud technology to store sensitive IP, and keeping this secure is crucial.

Vera helps address this issue by enabling organizations to secure, track, audit and revoke data access at any time by attaching military-grade encryption, access controls, security and policy directly to data.

Kate Bolseth, CEO of HelpSystems, commented: “The market for data security is evolving fast to require a comprehensive approach to discovery, detection, classification and dynamic encryption. Vera seamlessly integrates and expands HelpSystems data security solution offerings and we welcome the Vera employees and their expertise to the global HelpSystems family.”

Shri Dodani, Vera president and CEO, said: “I’m pleased Vera is joining a global company with a comprehensive set of solutions empowering customers to strengthen their approach to data security.

“Vera solutions extend HelpSystems’ existing data security portfolio meeting the needs of our combined customers and partners.  We have been working together at some of our largest customers and have proven the joint value proposition and look forward to expanding our go-to-market leveraging HelpSystems global footprint and resources.” 

It is the latest move by HelpSystems to expand its information security options following the acquisition of two data classification companies in June.

Categories: Cyber Risk News

Government Security Experts Issue Farmers with New Advice

Thu, 12/24/2020 - 11:30
Government Security Experts Issue Farmers with New Advice

The UK’s National Cyber Security Centre (NCSC) has issued its first ever guidance for farmers, in a sign of the growing cyber-threat facing rural businesses.

Published on Tuesday, Cybersecurity for Farmers is a comprehensive guide to best practices covering everything from spotting suspicious emails and phone calls to password management, device security and the importance of backing up.

The UK’s farms are increasingly run with the aid of technologies such as automated machinery, smart security cameras and back-office management and productivity software, the NCSC claimed.

National Farmers’ Union (NFU) deputy president, Stuart Roberts, warned that this makes the sector attractive to cyber-criminals.

“Cyber-attacks can be devastating for businesses and the individuals who are victims to fraudulent activity. It can affect agricultural businesses in a number of ways, including leaking of confidential data or financial losses,” he argued.

“As farms rely more on technologies such as GPS, remote sensing and unmanned vehicles, the risks increase. Cyber-criminals are becoming increasingly sophisticated and savvy, finding new ways to exploit us or find vulnerabilities in our technological security to steal passwords, money or data.”

The guide urges farmers to: regular patch any software, replaced/update operating systems and devices when they reach end-of-life, switch on password protection and use encryption tools to protect devices and ensure firewalls and anti-malware are on and up-to-date.

There was also advice for creating strong passwords and supplementing this with two-factor authentication, as well as anti-phishing, smishing and vishing tips.

“Technology plays a huge role in modern farming and offers many benefits that will help the industry to thrive in the 21st century,” said NCSC deputy director for economy and society, Sarah Lyons.

“We are teaming up with the NFU to share best online practice to the sector, as an increased use of technology also sees an increased risk of being targeted by cyber-criminals.”

Categories: Cyber Risk News

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

Thu, 12/24/2020 - 10:30
Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

A misconfigured cloud storage bucket has exposed the personal details of hundreds of social media influencers, potentially putting them at risk of fraud and harassment, according to researchers.

A team at vpnMentor discovered the AWS S3 bucket wide open with no encryption or password protection, back in early November. Action has apparently yet to be taken by the company responsible, Barcelona-based “social commerce” company 21 Buttons.

For a commission, influencers upload their photos to the firm’s app and link to the e-commerce stores where users can buy the clothes they’re wearing.

According to vpnMentor, the firm has around two million monthly active users and partnerships with many of the biggest brands in Europe.

Of the 50 million files exposed in the snafu, which were mainly influencer photos and videos, the research team discovered hundreds of invoices said to relate to payments made to these social media stars.

Among the personally identifiable information (PII) exposed were full names, postal codes, bank details, national ID numbers, PayPal email address and value of sales commissions.

Those caught in the data leak included Carlota Weber Mazuecos, Freddy Cousin Brown, Marion Caravano, Irsa Saleem and Danielle Metz – influencers that between them have millions of followers on the site.

The vpnMentor team warned that if cyber-criminals get hold of the PII, the victims could be exposed to follow-on phishing scams designed to obtain more bank and card details, identity fraud and stalking.

“If somebody shared the invoices publicly, bad actors would have plenty of material to identify any private accounts held by influencers, as well as their homes and workplaces,” it claimed.

“This doesn’t just make the people affected vulnerable to phishing and fraud. They’re also at risk from an invasion of privacy, doxing, stalking and harassment – both online and offline.”

Categories: Cyber Risk News

New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking

Thu, 12/24/2020 - 09:30
New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking

Dozens of customers of a popular smart doorbell are suing the Amazon-owned manufacturer after their devices were hijacked, according to a new class action lawsuit.

The new legal case joins together complaints filed by over 30 users in 15 families who say that their devices were hacked and used to harass them.

They allege that the company has failed to update its security measures in the aftermath of these incidents and that it “blamed the victims, and offered inadequate responses and spurious explanations,” according to The Guardian.

A notable case last year involved a Ring camera which was installed in an eight-year-old girl’s room by her parents. It was subsequently hijacked by a man claiming to be Santa Claus who played unsettling music through its speaker, taunted the child and asked her if they could be friends.

Other incidents cited in the case involved users being threatened with sexual assault, murder, racial slurs and blackmail, according to the report.

Although Ring’s position has been to blame users for not setting up strong enough passwords on their devices, thereby allowing attackers to brute force or guess them, the suit alleges that the company itself should have required strong passwords and two-factor authentication (2FA) out-of-the-box.

It also claims that Ring may be to blame for a 2019 incident in which compromised usernames, camera names and passwords for over 3600 users were found online.

The firm has denied that it was breached, claiming the list could have been compiled from compromises elsewhere. However, the addition of Ring camera names to the trove would seem to rule out standard credential stuffing.

Other key contention of the lawsuit is that Ring “has not sufficiently improved its security practices or responded adequately to the ongoing threats its products pose to its customers.”

The smart device market is increasingly in need of regulation to mandate baseline security for users. The UK is taking a lead on this, by forcing all consumer devices to require unique passwords which are not resettable to factory defaults, alongside other measures.

However, there’s no mention of how strong these passwords need to be, and 2FA seems to have been left out of the law.

The US lawsuit apparently covers the tens of thousands of customers who bought a Ring doorbell between 2015 and 2019, even if they were not hacked. Lead attorney on the case, Hassan Zavareei, has claimed that there may be many more users affected who don’t yet know they were hacked.

Categories: Cyber Risk News

US Teen Accused of Deadly Cyber-stalking Campaign

Wed, 12/23/2020 - 18:58
US Teen Accused of Deadly Cyber-stalking Campaign

A man from New York City has been charged with waging a grim cyber-stalking campaign against a female college student. 

Desmond Babloo Singh allegedly created over 100 accounts on social media platforms and email services and used them to harass a former classmate of his sister for whom he claimed to have developed romantic feelings. 

Nineteen-year-old Singh professed his love to the unnamed victim via an Instagram story in February 2020. When she didn't return his affections, Singh allegedly accessed several of the victim's electronic accounts without authorization, changing her passwords to lock her out of the accounts.

Singh then allegedly posted offensive images and statements to the victim's accounts without authorization. Among the sentiments allegedly shared by Singh were racial slurs and express and implied threats of sexual violence, bodily injury, and death. 

The New Yorker is further accused of stealing images stored privately in the victim's Snapchat account then posting them on social media and sending them to the victim and her family members via text message.

According to the affidavit filed in support of the criminal complaint against Singh, the teen then solicited others to rape, murder, and decapitate the victim in exchange for Bitcoin. He is further accused of causing the police to show up at the victim's residence in Baltimore County, Maryland, by emailing a hoax bomb threat in a "swatting" attack. 

Singh's alleged cyber-stalking campaign went on from around April 18, 2020, to November 24. According to the affidavit, Singh also "doxed" the victim, publicly posting her personal information on several occasions, and encouraged others to harass her. 

The victim's family and an ex-boyfriend whom the Department of Justice believe Singh viewed as a romantic rival were allegedly also targeted. The affidavit states that Singh doxed the victim's family members and sent her ex harassing messages, and also posted messages attacking him online. 

The complaint against Singh was filed on December 14 and unsealed yesterday. Singh is accused of the federal charges of cyber-stalking, causing intentional damage to a protected computer, aggravated identity theft, e-mailing a hoax bomb threat, and murder for hire. 

If convicted on all counts, Singh could be sentenced to a maximum of 32 years in prison.

Categories: Cyber Risk News

Lazarus Attacks Vaccine Research

Wed, 12/23/2020 - 18:14
Lazarus Attacks Vaccine Research

The infamous advanced persistent threat group (APT) Lazarus is behind two recent cyber-attacks that targeted two separate entities related to COVID-19 research.

In one attack, a Ministry of Health body was hit with malware. The other incident involved the use of a different kind of malware against a pharmaceutical company that is developing a vaccine for the novel coronavirus. The company is authorized to produce and distribute the vaccine.

The attacks, which both occurred in the fall of 2020, were identified by researchers at Kaspersky. Despite the use of different tactics, techniques, and procedures (TTPs) in each assault, the researchers have now assessed "with high confidence" that both malicious activities can be attributed to the Lazarus group.

"Both attacks leveraged different malware clusters that do not overlap much," wrote researchers. "However, we can confirm that both of them are connected to the Lazarus group, and we also found overlaps in the post-exploitation process."

Researchers found that on October 27, two Windows servers belonging to the Ministry of Health entity were compromised with sophisticated malware known to Kaspersky as "wAgent." Closer analysis found that the malware used against the public health office had the same infection scheme as Lazarus’ previous attacks on cryptocurrency businesses.

The attack on the pharmaceutical company took place on September 25. Researchers found that the threat actor deployed Bookcode malware in a supply-chain attack through a South Korean software company. This particular type of malware has been previously reported by security vendor ESET to be connected to Lazarus.

Bookcode and wAgent malware have similar functionalities, with both boasting a full-featured backdoor. After deploying the final payload, the malware operator can take control of the victim’s machine.

“These two incidents reveal Lazarus group’s interest in intelligence related to COVID-19,” said Seongsu Park, security expert at Kaspersky. “While the group is mostly known for its financial activities, it is a good reminder that it can go after strategic research as well." 

Park went on to issue a grave warning to all organizations striving to put an end to the long-running global health pandemic. 

"We believe that all entities currently involved in activities such as vaccine research or crisis handling should be on high alert for cyber-attacks,” said Park.

Categories: Cyber Risk News

Cyber-Attack on European Court of Human Rights

Wed, 12/23/2020 - 17:33
Cyber-Attack on European Court of Human Rights

The European Court of Human Rights has fallen victim to a cyber-attack after publishing a ruling regarding the fate of an incarcerated Turkish political leader. 

According to Bloomberg, hackers struck at the Court's website on Tuesday, knocking it offline for approximately 16 hours. The website has now been restored, and the order is one again accessible to the public.

The attack came shortly after the Court published a grand chamber ruling on December 22 demanding that Turkey release the former leader of the pro-Kurdish Peoples’ Democratic Party (HDP), Selahattin Demirtaş, immediately. 

Demirtaş was locked up after helping the HDP win enough seats to end the parliamentary majority of Recep Tayyip Erdoğan’s Justice and Development Party (AKP) in the 2015 general election.  

He was indicted on offenses related to terrorism and jailed in 2016 after parliamentary immunity for politicians was revoked in Turkey. If convicted of the more than 100 charges that he faces, Demirtaş could receive a sentence of 142 years in prison. 

The Court found that the detention of 47-year-old Demirtaş, which has lasted more than four years, goes against “the very core of the concept of a democratic society.”

A panel of 17 judges said that by locking up the politician, Turkey was sending "a dangerous message to the entire population" that pluralism and free political debate will be stifled.

Hacking collective Anka Neferler Timi (The Turkish Hacker Team) appear to have claimed responsibility for the cyber-attack. The group posted on Twitter that they had brought the website down and asked the Court to apologize for the ruling they issued regarding Demirtaş.

The Twitter account used by Anka Neferler Timi was only created earlier this month and has fewer than 100 followers. 

Today, the Court released the following statement: “Following the delivery of the Selahattin Demirtas v. Turkey (no. 2) judgment on 22 December, the website of the European Court of Human Rights was the subject of a large-scale cyberattack which has made it temporarily inaccessible. The Court strongly deplores this serious incident. The competent services are currently making every effort to remedy the situation as soon as possible.”

Categories: Cyber Risk News

Semperis Appoints Igor Baikalov as Chief Scientist

Wed, 12/23/2020 - 16:45
Semperis Appoints Igor Baikalov as Chief Scientist

Semperis has announced the appointment of Igor Baikalov as its chief scientist to lead the enterprise identity protection company's research division.

In his new role, Baikalov is tasked with developing identity-centric models of cyber-attacks as well as enhancing the cyber-resiliency of hybrid identity stores through the application of identity analytics and machine learning.

He joins Semperis following over 30 years’ experience working in data analysis and enterprise application development, covering areas such as insider threats and risk monitoring.

Baikalov’s most recent position was chief scientist at security firm Securonix, where he led the development of behavioral models of cyber-attacks and automated large-scale detection of cyber-threats.

He has also previously worked for the Bank of America in the role of senior vice president, global information security, where he was charged with developing security intelligence and risk analytics solutions. In his time at this institution, he helped create solutions for predictive analytics, risk-based governance and proactive data protection.

Mickey Bresman, CEO of Semperis commented: "As Semperis continues to deliver on our promise to provide customers with cutting-edge identity protection technology, Igor will play a major role in our efforts.

"A pioneer in the world of data analytics and threat intelligence, Igor is well versed on the challenges facing large IT and security teams. He brings years of proven leadership and first-hand experience developing enterprise security intelligence and risk analytics solutions. We're happy to welcome Igor to the team, as we constantly evolve the toolsets that enterprises need to achieve identity-centric security and cyber resilience for hybrid identity environments."

Baikalov added: “I’m eager to join the Semperis team during a period of remarkable growth for the company and amid surging demand in the market for identity management security and resilience solutions.

“In the modern highly-mobile digital world with disappearing security perimeters, identity is key to protecting the enterprise, and it’s also the focal point for attackers. Identity analytics and machine learning will further enhance the Semperis cyber-resiliency platform by facilitating identity hygiene, uncovering risky exposure, isolating attack paths, and automating system response to protect hybrid identity stores.”

Categories: Cyber Risk News

Cyber Insurance Market Expected to Surge in 2021

Wed, 12/23/2020 - 12:15
Cyber Insurance Market Expected to Surge in 2021

The global cyber insurance market is projected to grow by 21% next year, reaching $9.5bn in value, according to new data by insurance firm

This is as a result of greater recognition of the increasing cyber-threat landscape, exacerbated by the shift to remote working this year. Finaria added that the cyber insurance market is expected to reach $20.4bn by 2025, as more organizations look to protect themselves from malicious actors.

In its analysis, the company cited data showing that almost one-quarter of all cyber insurance claims between 2013 and 2019 were in the healthcare sector, an industry particularly heavily targeted by attackers this year amid the COVID-19 pandemic. Healthcare was followed by IT and telecommunications, insurance, retail and wholesale and manufacturing as the sectors with the most claims.

Almost three-quarters of claims in this period involved an insurance clause related to breach incident response and crisis management. In second place was data privacy breaches, with cyber-extortion in third.

In the first half of 2020, ransomware attacks were found to be the biggest cause of cyber insurance claims in North America.

Data from the Ponemon institute’s Cost of a Data Breach Report earlier this year was also highlighted, which showed that healthcare has the most expensive data breach costs, at $7.13m per incident, with energy in second at $6.39m per breach. This is followed by financial services ($5.85m), pharma ($5.06m) and technology ($5.04m). commented: “Over the years, cyber-attacks and data breaches became one of the biggest risks in the business sector, compromising sensitive data, and causing a massive financial hit to companies and organizations worldwide. As data applications and technology in the business sector increase, organizations are becoming more vulnerable to these attacks and more aware of the need for insurance coverage for cyber-risks.

“If a costly data breach occurs, the company may not have enough resources to resolve these issues and cover the losses. Cybersecurity insurance can provide support to businesses, so cyber-attacks do not cripple their business.”

Earlier this year, a study found that more than 80% of UK businesses still don’t have cyber-related insurance, while another revealed that under 13% of SMEs in the UK have cyber insurance.

Categories: Cyber Risk News

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

Wed, 12/23/2020 - 10:45
Leaky Server Exposes 12 Million Medical Records to Meow Attacker

A healthcare technology company leaked 12 million records on patients including highly sensitive diagnoses, before the exposed cloud server was struck by the infamous “meow” attacker, researchers have revealed.

A team at SafetyDetectives led by Anurag Sen discovered the leaky Elasticsearch server in late October after a routine IP address scan, although it’s unknown how long the data was exposed for before that.

It was traced back to Vietnamese tech firm Innovative Solution for Healthcare (iSofH), which provides software for electronic health records and hospital management to 18 medical facilities, including eight top-tier clinics.

As the server was left publicly exposed without encryption or password protection, the researchers were able to view a 4GB database of 12 million records, affecting roughly 80,000 patients and healthcare staff.

The data is a treasure trove for fraudsters, containing full names and dates of birth, postal and email addresses, phone numbers, passport details, credit card numbers, medical records and recent test results and diagnoses.

It also included the personal information of some children.

Three days after the discovery, the database was attacked by the meow bot which deleted an unspecified number of indexes.

After reaching out to iSofH and the Vietnamese CERT in mid-November to no avail, the researchers were finally able to contact the latter in early December, although the organization apparently hasn't been persuaded to take the incident seriously.

That’s despite the potential for follow-on blackmail and fraud attacks using the leaked data.

“The server contained incredibly detailed patient information and logs, as well as personal information regarding company staff and even partial information about the doctors who work at the various hospitals iSofH operates. If such information was to fall into the hands of criminals, this would present an acute security risk to doctors, company staff and patients simultaneously,” SafetyDetectives argued.

“More broadly, revealing full names, addresses and emails can be harnessed by nefarious users to inflict severe financial and reputational harm upon victims in the form of identity theft and financial fraud. The availability of credit card information further exacerbates the potential danger posed to victims, leaving them susceptible to credit card fraud and other financial crimes.”

Categories: Cyber Risk News

Web Page Layout Can Trick Users into Divulging More Info

Wed, 12/23/2020 - 10:20
Web Page Layout Can Trick Users into Divulging More Info

Computer users can be manipulated into divulging more information than they would normally simply by the layout of webpages, new research has revealed.

A team at Israel’s Ben-Gurion University of the Negev (BGU) presented its study, Online Disclosure Depends on How You Ask for Information, at the International Conference on Information Systems last week.

They examined the behavior of 2504 users who were asked to provide their country, full name, phone number, and email address as part of the sign-up process for Tel Aviv-based digital bank, Rewire.

Successful tactics included asking for relatively non-sensitive info first and then gradually scaling up the requests to more private details. Similarly, by placing information requests on separate but consecutive web pages, the researchers were also able to elicit more personal data from the participants.

The research garnered impressive results.

“We found that both manipulations independently increased the likelihood of sign-up and conversion,” said Lior Fink, head of the BGU Behavioral Information Technologies (BIT) Lab and a member of the Department of Industrial Management and Engineering.

“The ascending privacy intrusion manipulation increased sign-up by 35% and the multiple-page manipulation increased sign-up by 55%.”

Lead researcher Naama Ilany-Tzur added that regulators and members of the public should be made aware of such tactics, as they may help social engineering attackers to bypass users’ natural caution when divulging personal details online.

However, on a less security-centric note, the BGU student also heralded the research as an important discovery for marketers trying to find the optimal way to capture as much data on individuals as possible.

Ideally, the findings of research like this would be built into security awareness training courses. However, research released this week revealed that just 8% of UK firms carry out regular training in the first place.

The iomart study found that a quarter (28%) of employers offer no cybersecurity training for remote workers, while a further 42% do but only to select employees. Yet even the majority of those that get training are given a short briefing rather than the regular sessions that are required to keep up-to-date with evolving threats.

Categories: Cyber Risk News

US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

Wed, 12/23/2020 - 09:30
US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

The US government has urged domestic businesses not to invest in Chinese IT kit or data services over fears companies there will be coerced by the Communist Party into enabling cyber-espionage.

The business advisory from the Department of Homeland Security (DHS) clarified what many have known for some time: that the People’s Republic of China (PRC) is on a mission to become self-sufficient in technology and a global tech superpower over the coming decades.

A key part of this strategy is to steal intellectual property from foreign firms and governments. The same tactic is used to enhance the PRC’s military capabilities, the advisory noted.

Local Chinese firms are compelled to covertly assist intelligence officers according to the requirements of the 2017 National Intelligence Law (aka the Cybersecurity Law), and an updated version in 2020 which is designed “to force foreign markets to remain open to Chinese data services providers.”

A third law from 2020 requires foreign commercial crypto firms to provide encryption keys to the PRC government.

Together, these make Chinese tech firms a bad bet for US businesses, because they mean the state can force local providers to send customer data and encryption keys to Beijing, and install backdoors in equipment, the advisory argued.

“The PRC’s data collection actions result in numerous risks to US businesses and customers, including: the theft of trade secrets, of intellectual property, and of other confidential business information; violations of US export control laws; violations of US privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to US businesses,” it said.

The warning extends to fitness trackers, mobile applications and even foreign data centers built with Chinese equipment, among other things.

It can be seen in the context of a bipartisan crackdown on perceived abuses by China that have been ongoing for years, as the Asian giant seeks to grow its economic, technological and military strength.

Most recently, legislation has passed the Senate designed to prevent Chinese firms listed on US stock exchanges from escaping regulatory scrutiny, as they have for over a decade, and — just this week — to punish foreign firms looking to steal American IP.

Categories: Cyber Risk News

Phishers Spoof New York Department of Labor

Tue, 12/22/2020 - 18:22
Phishers Spoof New York Department of Labor

Scammers are impersonating New York State's Department of Labor to steal personal information from state residents seeking to claim money from a COVID relief fund.

Targets are sent an email bearing the state logo that appears to come from “” The email states that by activating their account, the recipient will receive $600 in pandemic aid.

It reads: "Dear Citizen, Due to Covid-19 related issues, NY.GOV will pay $600 for victims who are affected by this pandemic. Please complete the online form to join the aids program. Please click here to active your account. Please do not close out of the browser while completing the account activation. Thank you, New York State."

A malicious link contained within the email directs the target to a webpage controlled by the attackers. The page has been set up to mimic a page on the New York State government site.

Targets are instructed to fill in a form that asks for their name, address, date of birth, Social Security number, and driver’s license number. 

The new phishing attack was detected by researchers at Abnormal Security, who believe that it could have landed in as many as 100,000 mailboxes.

Researchers found that the email's true sender was “,” a Panamanian-registered domain that is not associated with the New York state government.  

"The email contains an embedded link that should supposedly lead to a NY.GOV site, but actually points to 'https://thesender[.]org/fjc4'," wrote researchers. "After clicking on the hypertext, the link redirects to '[.]php,' a phishing page posing as a legitimate government website."

"Although this landing page displays the official New York state government logo, the URL is not associated with the New York Department of Labor."

Researchers noted that the attackers had used the lure of money coupled with an air of authority created by impersonating an official government entity to incentivize the target to act quickly. They also observed that the timing of the attack may have given it added legitimacy. 

"Americans have already received pandemic stimulus checks from the government, so a recipient of this email may be more likely to believe that the government is offering additional relief as the pandemic continues," wrote researchers.

Categories: Cyber Risk News

Shabang Banged to Rights

Tue, 12/22/2020 - 17:41
Shabang Banged to Rights

A computer programmer from Ohio who lied to federal agents about his involvement with an illegal online marketplace has been sentenced to prison. 

Michael R. Weigand, also known by his online pseudonyms "Shabang" and “~Shabang~,” concealed his work for illicit black marketplace Silk Road when questioned by an IRS special agent and an FBI agent in January 2019. 

Silk Road was used by several thousand criminals around the world to distribute hundreds of millions of dollars' worth of narcotics and other contraband. The site, which was founded and administered by Ross Ulbricht, aka "Dread Pirate Roberts" and "DPR," was shut down by law enforcement in October 2013.

Kirtland resident Weigand claimed that he had never opened an account on Silk Road, never transferred Bitcoin to the marketplace, and never performed any services for the Silk Road website.

In fact, the 56-year-old programmer and electrical engineer had been hired by Ulbricht's senior adviser, Roger Thomas Clark, to work on various aspects of the Silk Road business and laundered $75k in Silk Road proceeds after the site was shut down.

Together, Weigand and Clark worked to identify security vulnerabilities in the Silk Road website. Weigand also supplied technological advice to Ulbricht and Clark, who used the online pseudonym "Variety Jones." 

Despite working directly with Ulbricht and Clark, Weigand told federal agents that he had never communicated with anyone who used the online pseudonyms “Dread Pirate Roberts,” “DPR,” or “Silk Road” and didn't know the true identity of "Variety Jones."

Weigand also lied about a trip he took to London in late 2013, after Silk Road had been seized and its founder arrested. The programmer claimed he visited the English capital to talk about a marijuana seed business with Clark’s associate. In reality, he made the journey in order to remove Silk Road evidence from Clark’s London residence after receiving $20,000 in Bitcoin from Clark.

On September 21, Weigand pleaded guilty to one count of making false statements. On December 18, he was sentenced to eight months in prison and three years of supervised release. 

Ulbricht is currently serving a double life sentence without parole, plus 40 years. Clark pleaded guilty to conspiring to distribute narcotics, and his sentencing is currently pending.

Categories: Cyber Risk News

Police Seize VPN Service Beloved by Cyber-criminals

Tue, 12/22/2020 - 16:34
Police Seize VPN Service Beloved by Cyber-criminals

A virtual private network (VPN) used by some of the world's leading cyber-criminals has been shut down in an international law enforcement action led by German police.

The Safe-Inet service was deactivated yesterday as part of Operation Nova, a coordinated effort that involved the Federal Bureau of Investigation and European law enforcement agencies acting through Europol. 

Servers used by the service were taken down, and its infrastructure was seized in France, Germany, the Netherlands, Switzerland, and the United States. Visitors to the Safe-Inet webpage are now greeted by a domain seizure notice.

Safe-Inet was active for eleven years prior to yesterday's action, describing itself as an international team of "experienced technical specialists who understand how important anonymity on the network is for our clients."

According to Europol, the service was used by cyber-criminals to carry out serious crimes including e-skimming breaches and ransomware attacks. 

"This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections," said a spokesperson for Europol.

Law enforcement observed criminals using Safe-Inet to spy on 250 companies located around the world. Police warned the companies that they may be targeted by ransomware and advised them to beef up their cybersecurity.

Investigations are ongoing in multiple countries to identify and prosecute individuals who used the VPN service to commit crimes.

Operation Nova was led by German Reutlingen Police Headquarters and carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT). 

"The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide," said police president of the Reutlingen Police Headquarters, Udo Vogel.  

"The results show that law enforcement authorities are equally as well connected as criminals."

Head of Europol’s European Cybercrime Centre, Edvardas Šileris, said that cybercriminals couldn't hide from the law.

"The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service," said Šileris. 

"Criminals can run but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them."

Categories: Cyber Risk News