Info Security

Subscribe to Info Security  feed
Updated: 15 min 6 sec ago

COVID-Themed Ransomware Attack on Android Users Revealed

Thu, 06/25/2020 - 08:10
COVID-Themed Ransomware Attack on Android Users Revealed

Details of a new COVID-themed ransomware attack on Android users in Canada, known as CryCryptor, have been revealed by ESET researchers. In the attack, people were lured into downloading a ransomware app disguised as an official COVID-19 tracing tool through two COVID-themed websites. This came shortly after the Canadian government announced its support for the creation of a nation-wide, voluntary tracing app to be called COVID Alert.

The websites have now been taken down and ESET researchers wrote a decryption tool for its victims, based on a bug in the malicious app. However, the discovery highlights the heightened susceptibility to attacks of this kind that are linked to the COVID-19 pandemic, with a sense of urgency and fear making people more likely to click on dangerous links. Lukáš Štefanko, malware analyst at ESET, said: “Clearly, the operation using CryCryptor was designed to piggyback on the official COVID-19 tracing app.”

ESET began its investigation after responding to a tweet announcing a discovery of what was thought to be Android banking malware. Štefanko explained: “CryCryptor contains a bug in its code that allows any app installed on the affected device to launch any service provided by the buggy app. So, we created an app that launches the decrypting functionality built into CryCryptor.”

Whilst this particular version of CryCryptor is no longer a threat, ESET emphasized that Android users must remain vigilant of similar forms of attacks in the coming weeks. “Besides using a quality mobile security solution, we advise Android users to install apps only from reputable sources such as the Google Play store,” said Štefanko.

A number of countries around the world have sought to use contact tracing apps to help them continue to contain the virus as lockdown measures are eased. However, this has raised a number of concerns over the security and privacy risks that are brought about by the data that is recorded.

Categories: Cyber Risk News

US Soldier Indicted Over Mass Murder Plot

Wed, 06/24/2020 - 18:00
US Soldier Indicted Over Mass Murder Plot

A soldier in the US Army has been charged with terrorism offenses after conspiring with extremist groups to arrange a deadly ambush of his own unit.

An indictment unsealed on June 22 in a Manhattan federal court accuses Ethan Melzer of passing sensitive information about the location, movements, and security of his unit to Al-Qaeda and to members of the Order of the Nine Angles (O9A). 

The order was established by a woman in the UK in the 1960s. It rose to prominence in the 1980s for its neo-Nazi ideologies and adherence to Satanism. 

Melzer, of Louisville, Kentucky, is charged with conspiring and attempting to murder US nationals, conspiring and attempting to murder military service members, providing and attempting to provide material support to terrorists, and conspiring to murder and maim in a foreign country. 

During a voluntary interview with military investigators and the FBI, the 22-year-old soldier declared himself to be a traitor against the United States and admitted his role in plotting a terrorist attack. 

The proposed attack, designed to result in the deaths of as many of Melzer's fellow service members as possible, was thwarted by the FBI and the US Army in late May 2020. 

In April 2020, after learning of plans for his unit to be deployed overseas, Melzer allegedly used an encrypted application to send messages to O9A members and associates. In these messages, he revealed the upcoming movements of his unit and plotted with co-conspirators to carry out a “jihadi attack” that would result in a “mass casualty.”

In May, Melzer allegedly passed information about an anticipated deployment of his unit to a purported member of Al-Qaeda, adding that he would be willing to supply further intelligence. 

“Ethan Melzer plotted a deadly ambush on his fellow soldiers in the service of a diabolical cocktail of ideologies laced with hate and violence,” said Assistant Attorney General for National Security John Demers.

“Our women and men in uniform risk their lives for our country, but they should never face such peril at the hands of one of their own.”  

Melzer joined the US Army in 2018 and the O9A in 2019. He was arrested by the FBI on June 10.

Categories: Cyber Risk News

Two-Year Data Breach at Florida Senior Care Provider

Wed, 06/24/2020 - 16:30
Two-Year Data Breach at Florida Senior Care Provider

A cybersecurity breach at a Florida senior care provider went unnoticed for two years and impacted patient data.

Cano Health discovered in April 2020 that some email accounts belonging to its employees had been compromised by threat actors.

After investigating the incident, the healthcare company found that the accounts had been accessed multiple times in a prolonged security breach that took place between May 18, 2018, and April 13, 2020. 

The cyber-incident came to light on April 13, when some messages received by one of the compromised accounts were forwarded to a third party outside of the company. 

Cano Health found that a total of three employee accounts had been compromised and subsequently took steps to secure them. An examination into the breach revealed that an unknown person or persons may have accessed patients' personal information.

Cano Health operates 46 medical centers located throughout Florida. Earlier this month, the company began notifying patients of a potential data security issue. 

In a statement published on their blog June 12, the company said: “Based on its investigation, Cano Health cannot confirm that any emails were accessed by the unknown perpetrator, but because some emails contained documents or messages with personal information, it is notifying all potentially affected individuals out of an abundance of caution.”

The information in the compromised email accounts included patient names, dates of birth, contact information, healthcare information, insurance information, Social Security numbers, government identification numbers, and/or financial account numbers.

“We take the protection of our patients’ information very seriously and sincerely apologize for any concern or inconvenience this incident has caused or may cause to anyone who has been affected,” said Cano's chief executive officer, Dr. Marlow Hernandez-Cano. 

“We are committed to continuously updating our information security to guard against new and emerging threats.”

Cano Health said that patients who may have been impacted by the breach would be notified in writing. The company advised these patients to “regularly review and monitor their personal information, accounts, and benefits statements.”

The company is offering complimentary credit monitoring services to patients whose financial information may have been affected by the data breach. 

Categories: Cyber Risk News

EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

Wed, 06/24/2020 - 15:58
EEMA Appoints Attorney-at-Law Hans Graux to Board of Management

EEMA, the leading independent European think tank focused on identity, privacy and trust, has appointed Hans Graux to its Board of Management. Graux is a partner at law firm Timelex and an attorney-at-law specializing in electronic identity and trust services.

Brussels-based EEMA provides world-class events, projects, collaboration, education, engagement, communication, participation and networking for companies, the public sector and individuals to help build enduring and mutually beneficial working relationships.

Commenting on his position on the EEMA Board of Management, Graux said: “EEMA has been the point of reference on electronic identification, digital signatures and cybersecurity in the EU for as long as I can remember. No organization has done as much to bring authoritative voices on these topics together, and to make sure they are heard. It is an honor and a privilege to be able to support its future work.”

Chair of EEMA, Jon Shamah, added: “Timelex and EEMA have a longstanding relationship. The expert counsel and insight Hans is able to bring to Horizon 2020 projects is vital.

“Hans is generous with his time and expertise and many EEMA members have benefited greatly from his advice. I am proud that Hans has accepted our invitation to join the Board of Management to help shape the future of EEMA.”

Categories: Cyber Risk News

‘Wagatha Christie’ Spat Leads to Lawsuit

Wed, 06/24/2020 - 15:20
‘Wagatha Christie’ Spat Leads to Lawsuit

Rebekah Vardy is suing Colleen Rooney after the latter accused the former of leaking private information to a British tabloid.

The women, who are both married to British soccer players and used to socialize together, fell out last year. Their public spat took place over Twitter.

In a lengthy post published on October 9, Rooney stated that a mysterious mole in her friendship group had been handing information “about me, my friends and my family” over to The Sun newspaper “for a few years.”

Determined to discover who was blabbing, amateur sleuth Rooney narrowed down the source of the leak to someone whom she had trusted to follow her on her personal Instagram account.

After forming a suspicion as to the mole's identity, Rooney came up with a plan to test her theory.  

“I blocked everyone from viewing my Instagram stories except ONE account,” wrote Rooney. “Over the past five months I have posted a series of false stories to see if they made their way into The Sun newspaper. And you know what, they did!”

Phony stories Rooney used as bait included a tall tale that her house had flooded and a story that she and her husband were traveling to Mexico for medical assistance to get pregnant with a female fetus.

“I have saved and screenshotted all the original stories which clearly show just one person has viewed them,” wrote Rooney. “It's Rebekah Vardy's account.”

Rooney’s status as a WAG (a term for footballers’ wives and girlfriends) and her impressive detective work earned her the nickname ‘Wagatha Christie’ in the British press. 

According to the Independent, Rebekah Vardy has now issued a claim of libel against Colleen Rooney. In the claim, Rooney is accused of publishing false statements that were damaging to Vardy's reputation. 

Court records reveal that Vardy filed a claim in the High Court on June 12 for “defamation—libel and slander.”

Rooney previously offered to meet Vardy in person to resolve the issue. Her lawyers said she found Vardy's decision to start legal proceedings “disappointing” and thought that the former model could put her time and money “to better use.”

Categories: Cyber Risk News

Prolific Hacker Made Millions Selling Network Access

Wed, 06/24/2020 - 10:45
Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report from Group-IB.

The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organizations in many more verticals.

In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.

Group-IB calculated the $1.5m figure purely from publicized sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.

Fxmsp even hired a sales manager in early 2018.

He leapt to infamy in 2019 after a widely publicized compromise of the networks of three anti-virus vendors, before apparently going quiet.

According to the report, Fxmps’s tactics were disconcertingly simple. The hacker would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall and then create additional accounts.

Next, he would install the Meterpreter backdoor on exposed servers, harvest and decrypt dumps from all accounts and then install backdoors on the backups. This meant if a victim spotted something suspicious and rolled back to backups, Fxmsp could achieve persistence.

“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cyber-criminal underground. He set a trend and his success inspired many others to follow suit: the number of sellers of access to corporate networks increased by 92% in H2 2019 vs H1 2017, when Fxmsp entered the market,” said Dmitry Volkov, CTO of Group-IB.

“Prior to Fxmsp joining the underground, the sellers would offer RDP access to separate servers, without even bothering to ensure persistence or performing reconnaissance in the network. Fxmsp took this service into a whole new level.”

In a recent report on the cybercrime underground, Trend Micro warned that access-as-a-service is becoming an increasingly popular offering on dark web sites. Prices for Fortune 500 companies can reach up to US$10,000, it claimed.

Categories: Cyber Risk News

Over Two-Thirds of Q1 Malware Hidden by HTTPS

Wed, 06/24/2020 - 09:30
Over Two-Thirds of Q1 Malware Hidden by HTTPS

Over two-thirds of malware detected in the first three months of the year was hidden in HTTPS encrypted tunnels in a bid to evade traditional AV, according to Watchguard.

The security vendor’s latest Internet Security Report for Q1 2020 is distilled from analytics provided by its 44,000 global appliances.

During the period they blocked over 32 million malware variants and nearly 1.7 million network attacks.

Some 67% of that malware was delivered via HTTPS connections and 72% of these encrypted attacks apparently featured zero-day malware which would have been missed by legacy signature-based AV.

The growing popularity of HTTPS is down in part to initiatives like Let’s Encrypt, backed by the non-profit Internet Security Research Group (ISRG). However, while it has improved website security and user privacy, it also offers cyber-criminals a free and easy way to disguise their activity.

“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go un-inspected is simply no longer an option,” said Corey Nachreiner, chief technology officer at WatchGuard.

“As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

Interestingly, the vendor claimed that it detected 6.9% less malware and 11.6% fewer network attacks than in the previous quarter despite the apparent uptick in COVID-themed threats.

It suggested that this could be because fewer users were operating within the traditional corporate network perimeter during Q1 thanks to work-from-home mandates.

However, data from Microsoft last week revealed that COVID-19 attacks represented less than 2% of total threats detected in the first four months of the year. Thus, rather than drive a new surge in overall attack volumes, these threats were merely rebranded and switched from existing campaigns.

Categories: Cyber Risk News

Twitter Data Leak Exposes Business Clients

Wed, 06/24/2020 - 08:33
Twitter Data Leak Exposes Business Clients

Twitter has contacted its business clients to warn them of a potential breach of their data.

It said that email addresses, phone numbers and the last four digits of card numbers may have been accessed by others, thanks to a technology snafu which exposed the information.

It meant that billing information viewed on ads.twitter.com or analytics.twitter.com may have been exposed in the browser’s cache.

The social network first became aware of the incident on May 20 and said it took immediate action to remediate and notify any affected customers.

The snafu is not thought to have affected consumer users of the service, according to the BBC.

This isn’t the first time something like this has happened on the social platform.  

Around a month before this incident, Twitter warned users that non-public information may have been stored in their Firefox browser’s cache.

“This means that if you accessed Twitter from a shared or public computer via Mozilla Firefox and took actions like downloading your Twitter data archive or sending or receiving media via Direct Message, this information may have been stored in the browser’s cache even after you logged out of Twitter,” it said at the time.

Although it’s unclear how many businesses were affected by the May breach, experts generally agreed that incidents of this kind are likely to have a limited impact on customers’ data security and privacy.

“The vector here requires physical access to the device, so it may not be as exploitable as an alert like this might indicate,” explained Edgescan product architect, David Kennefick.

“What Twitter has done is update its headers to include no-store and no-cache, which disables storing data from a website locally.”

Tripwire senior security researcher, Craig Young, added that the incident could still provide a “teachable moment” regarding shared computers.

“Whether you regularly rely on libraries or internet cafes for access or just need to print the occasional boarding pass from a hotel lobby, there can be a risk of exposing personal data,” he argued.

“Ideally, the best solution is to simply avoid using shared computers when entering or accessing personal data but this is not always an option. The next best solution is to bring your own web browser and take it with you when you go.”

Categories: Cyber Risk News

Cyber-Extortionist Threatens Australian Swimming Pro

Tue, 06/23/2020 - 16:45
Cyber-Extortionist Threatens Australian Swimming Pro

An Australian swimming star has been targeted by a vicious blackmail attempt undertaken via social media. 

Malicious messages were sent to Commonwealth Games gold medalist Shayna Jack over the weekend by an unidentified cyber-criminal via Facebook. The miscreant threatened to post pictures of Jack unless they received a ransom payment.

In a creepy message designed to scare the swimmer, the threat actor told Jack: "I can see what you're doing at all times."

At first, Jack ignored the threat, but the 21-year-old contacted Queensland police after receiving more messages along with a sinister warning that something "disturbing" would be posted on her Facebook page if she didn't respond. 

"If you don't pay – you will regret this," wrote the anonymous attacker.

Jack received further threats demanding that she pay up at around 9.40pm on Monday night. On Tuesday morning, the sportswoman awoke to find a malicious message posted on her Facebook account by her cyber-attacker. 

Whoever authored the post had timed the execution of their threat to do the most damage to Jack's professional swimming career. The water star is currently appealing against a 4-year ban she received after testing positive for the performance-enhancing drug Ligandrol.

Jack was tested for the drug ahead of the 2019 World Swimming Championships held in South Korea. 

Hoping to exploit Jack's predicament, the attacker posted a message purporting to be from her which read: "I regret that I used doping at the 2017 Olympics."

Fortunately, since no Olympic Games were held in 2017, the cyber-criminals made it easy to for Facebook users to spot their lie.

Jack's lawyer Tim Fuller said the extortion attempt had left the swimmer feeling "shaken." 

Fuller branded the actions of the threat actor as "disgusting" and added that it could have had a major impact on the result of the swimmer's appeal.

A date was set for Jack's appeal hearing earlier this month by the Court of Arbitration for Sport. Throughout her ordeal, the swimmer has protested her innocence and maintained that she has never knowingly ingested Ligandrol. 

The drug is a banned muscle-builder that was designed to treat muscle wasting diseases and osteoporosis.

Categories: Cyber Risk News

Cop Comedy Riskiest Show to Watch Online

Tue, 06/23/2020 - 15:30
Cop Comedy Riskiest Show to Watch Online

An American police procedural comedy television show has topped the list of most dangerous TV titles for US citizens to watch online. 

New research published today by global security software company McAfee revealed the web-based entertainment options most commonly targeted with malware by cyber-criminals. 

McAfee analyzed more than 100 of the most popular TV and movie titles available on US streaming sites as defined by “best of” articles that appeared in a range of US publications. Researchers then hunted down and recorded all the high-risk websites associated with each entertainment title.

Shows and movies were then awarded a danger ranking based on the total number of malicious websites with which they were found to be associated. Focus was placed on sites that enabled viewers to access content for free.

Topping the chart of most dangerous movies to escape into during lockdown was the dramatic 2011 Mixed Martial Arts picture Warrior starring Joel Edgerton and Tom Hardy. Law enforcement laughter romp Brooklyn Nine-Nine led the list of riskiest TV shows to watch via the web. 

“With consumers increasingly going online to stay entertained during lockdowns it has created the perfect storm for web crime,” said Baker Nanduru, vice-president of consumer endpoint segment at McAfee. 

Nanduru said threat actors kept a keen eye on which shows were winning the hearts of the public so that they could target their malware for maximum gain. 

“History has proven that cyber-criminals follow consumer trends and behaviors to educate their scam strategies," added Nanduru. 

"It’s important that consumers stay alert while online and avoid malicious websites that may install malware or steal personal information and passwords.”

Cyber-criminals were found to have no qualms about exploiting society's most vulnerable members for their own gain. Children’s movies accounted for four of the top 10 movies McAfee identified as at high risk of being targeted by cyber-criminal activity.

Kid's flicks to be wary of were The Incredibles, Aladdin, The Lion King, and Frozen 2. Movies for a more mature audience that attackers tend to target included Zombieland and Swingers.

Researchers advised viewers to avoid illegal streaming sites that are often "riddled with malware disguised as pirated video files."

Categories: Cyber Risk News

Digital Transformation in Cybersecurity a Major Driver of Future M&A Deals

Tue, 06/23/2020 - 15:00
Digital Transformation in Cybersecurity a Major Driver of Future M&A Deals

Digital transformation in the cybersecurity industry will be a major driver of mergers and acquisitions (M&A) over the remainder of 2020, according to ICON Corporate Finance. This follows a survey by the technology-focused investment bank of some of the most active M&A buyers in the UK, which showed that there remains substantial interest in tech sector acquisitions despite the economic fallout of COVID-19.

ICON found that the key areas for expansion are expected to be in cybersecurity, fintech, cloud, managed services, healthtech, AI and enterprise software. This is because digital transformation has become the most pressing priority for organizations in the aftermath of COVID-19.

In regard to cybersecurity, ICON noted that companies are increasingly turning to technology to protect against potential business disruption caused by cyber-attacks, ensuring employees and systems are secure, particularly in the context of the huge rise in remote working. According to Pitchbook Data’s Emerging FinTech research, this is particularly the case for financial institutions, where new areas of risk and regulation have been introduced to address increasing cyber-threats and data security concerns.

ICON added that it believes organizations in the US tech market will continue to be especially active in seeking out M&A opportunities in deep tech and disruptive young companies.

With this in mind, the investment bank, which has previously facilitated IQVIA’s acquisition of UK-based Optimum Contact, and JP Morgan’s funding of UK-based Mosaic Smart Data, is opening an office in San Francisco. This is to provide clients in Europe, Africa and Asia with direct access to the “epicenter of the world’s tech community.”

CEO and founder of ICON, Alan Bristow, commented: “As the world discovers the new normal, it is the tech sector that will drive societal changes and enable new ways of working. The US West Coast’s innovative approach and its dominance in deals origination is the core driver for our new presence in San Francisco. We are excited to be bringing US markets to Europe’s doorstep, and vice versa.”

Categories: Cyber Risk News

Oregon City Pays $48,000 Cyber-Ransom

Tue, 06/23/2020 - 13:49
Oregon City Pays $48,000 Cyber-Ransom

A city in Oregon has paid a ransom of $48,000 to regain control over its computer network following a cyber-attack. 

The city of Keizer's computer system was successfully targeted by threat actors using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for a full seven days.

In a hand-delivered statement viewed by Oregon Live shortly after the attack was carried out, city officials said: “We are taking this seriously, and are working to resolve the situation as quickly as possible."

Unable to recover the encrypted files themselves, despite engaging the help of the "appropriate authorities," officials eventually acquiesced to the ransom demand issued by the attacker(s). 

Subsequently, by around 11:45am on June 17, employees of the Marion County city were able to once again access their email accounts and files. 

The ransomware attack was first detected on the morning of June 10 when city employees tried and failed to access the data and programs they rely on to carry out their duties. 

A city spokesperson said: “We were presented with a request for a ransom payment needed to obtain the needed decryption keys."

While the city was unable to fend off this particular cyber-attack, officials are hopeful that lessons have been learned from it that will prove useful in the event of further digital strikes. 

“We believe that the forensic investigation could provide critical information to defend against attacks in the future,” said a city spokesperson. 

The city said that no sensitive data appears to have been accessed or misused as a result of the ransomware attack.

Keizer isn't the only place in Oregon to be targeted by ransomware this year, nor is the city alone in its decision to pay up to retrieve encrypted files and data. In January of this year, a ransom of $300,000 was paid by Tillamook County to recover information held hostage by cyber-criminals following a ransomware attack.

The county's commissioners voted unanimously to negotiate with the attackers for an encryption key after attempts to safely recover data impacted by the attack failed.  

Categories: Cyber Risk News

Praise for Online Harms Plan, Action Needed on Fake News

Tue, 06/23/2020 - 13:00
Praise for Online Harms Plan, Action Needed on Fake News

Speaking at the Westminster eForum policy conference on identifying and tackling the key issues in the online space and assessing the industry’s response so far, Professor Victoria Nash, deputy director, associate professor and senior policy fellow at the Oxford Internet Institute, said she admired but “was anxious about the breadth” of the Online Harms whitepaper, and the lack of distinction between legal and illegal online harms.

She said she had been very pleased to see a “clear distinction between the attention that will be given to the illegal harms and an approach in the context of legal but harmful which focuses more on procedure and governance and encouraging responsible behaviors by companies rather than focusing on specific pieces of content and having them removed.”

In particular, she argued there was room to establish the role of the regulator in being able to consider how to credit those technology companies who are proactive, as well as take action against problematic issues.

Highlighting recent events, Nash said that some of these represent the issues for regulators and technology companies going forward. She flagged the issue of hate speech, as reports continue around Facebook removing adverts, which she called “a failure to deal with the rise in hateful content,” and she said that the Oxford Internet Institute’s own research has seen a rise in hate speech since the COVID-19 pandemic began.

“At a time when we are asking companies to do more and to step up and reduce this content online, the nature of that content continues to advance and change, which poses challenges,” she said. “The other thing we need to bear in mind about that is that there is a tension between a need to remove content rapidly, but perhaps we give companies less credit for doing so accurately.”

Discussing the challenges posed by disinformation, Nash said the importance of this has been “magnified over the past few months.” She said as an academic, the spread of this issue has been monitored but “the speak of junk news may reach more individuals” than a genuine news story.

“While tackling it is a challenge and we understand its spread, we don’t understand its effects,” she stated. “So if companies are taking a proportionate and risk-based approach to removing content on their platforms, what does that look like in regard to disinformation? Does it mean removing it, does it mean de-ranking it, does it mean flagging it?”

She said there are no clear answers to those questions yet, but the whitepaper, regulator and technology companies need to deal with these issues.

“Whilst we’re closer to having a policy framework that is appropriate and likely to be effective in reducing our exposure to online harms, the nature of the challenge is not becoming any less complex,” she said. In particular, support for the technology companies will be necessary.

In a question posed by Infosecurity about the need for human moderators to work alongside AI and machine learning to flag harmful content, Susie Hargreaves, chief executive of the Internet Watch Foundation, said it was important to have human moderation, even while technology improves, but there is no “magic bullet” yet. “We are at a stage where the technology is developing, but we cannot get away from the need for human moderation,” she said.

Ben Bradley, head of digital regulation at techUK, said there are technical solutions on disinformation where you can see, detect and disrupt actions, but the larger challenge is how misinformation develops over time. “While you can build the tools, it does emphasize the need for greater thinking around this,” he said.

Categories: Cyber Risk News

DCMS Details Online Harms Bill as Age Verification Faces Potential Revival

Tue, 06/23/2020 - 11:00
DCMS Details Online Harms Bill as Age Verification Faces Potential Revival

The Age Verification law is set to be revived for the UK Government’s online harms bill.

Speaking at the Westminster eForum policy conference around next steps for online regulation in the UK, Sarah Connolly, director, security and online harms at DCMS, said that age verification “has a fairly troubled history” and it is the intention of DCMS “to roll it into the wider online harms agenda, so that will be the vehicle that will make changes.”

The Age Verification proposals were previously met with conflict over practicalities, both in ensuring that it was operated efficiently, and over the data protection of those approved. Under the proposal, pornography websites would be required to verify that users are aged 18 or older. Suggested ways of doing this included running verification checks on credit cards, or by making verification passes available to purchase from newsagents on the presentation of photo ID.

However, the plan was abandoned in October 2019 due to implementation difficulties.

Speaking on the plans for the Online Harms bill, Connolly said “we all know that the internet is used to abuse, to bully, to promote terrorism, to abuse children and to undermine democracy.” As a result, in the four years she has been working on this issue, there has “been a real momentum to get something done in this space,” but the challenge is to do the right thing in an “incredibly complex area.”

Part of the plan is to enshrine a government duty of care among websites and networks where users are able to share user generated content, and this duty will be enforced by an independent regulator whom government is yet to name.

“This is not something we can do alone, and we’re pretty clear that lots of stakeholders will have a role in helping us tackle this public policy concern,” she said.

Connolly said work continues on the policy, and intends to publish a full government response before the end of the year. “I don’t think for a moment that government has a monopoly of good ideas on this, that is why my team and I are keen to talk and listen to you all, including to people who disagree with our approach as we have changed positions previously in response to those conversations, as it is an immensely complex and difficult issue and it is really important that we get it right,” she said.

Categories: Cyber Risk News

US .Gov Domains to Preload HSTS for Maximum Security

Tue, 06/23/2020 - 10:40
US .Gov Domains to Preload HSTS for Maximum Security

US government websites are taking another major step forward to becoming more secure after it was announced that all .gov TLDs would be changed to enforce HSTS preloading.

The DotGov program made the announcement on Sunday, stating that all new .gov domains will be automatically preloaded from September 1 2020. The transitioning of historical ones will take longer.

The HSTS standard ensures a user’s browser always enforces an HTTPS connection to a website, including preventing users from clicking through if the domain has a certificate error.

“For a user to take advantage of HSTS, however, their browser has to see the HSTS header on a site at least once. This means that users are not protected until after their first successful secure connection to a given domain, which may not occur in certain cases,” wrote DotGov.

“To solve this problem, a domain can be submitted to the HSTS preload list, a list of domains embedded into browsers that get HSTS enabled automatically, even for the first visit. Domains that preload protect their entire ‘namespace,’ including all current or potential subdomains.”

Although new .gov TLDs will be preloaded automatically from September, existing ones will take much longer to transition. If preloading was switched on today, those that don’t currently offer HTTPS would become inaccessible to users, DotGov warned.

The organization is collaborating with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to ensure .gov domain owners are ready for the move, but said it would take some time.

“Actually preloading is a simple step, but getting there will require concerted effort among the federal, state, local and tribal government organizations that use a common resource, but don’t often work together in this area,” it explained.

“With concerted effort, we could preload .gov within a few years.”

All US government agencies were supposed to have made their websites accessible through HTTPS-only via HSTS by the end of 2016.

Categories: Cyber Risk News

Two-Fifths of Firms May Replace Email After #COVID19

Tue, 06/23/2020 - 09:45
Two-Fifths of Firms May Replace Email After #COVID19

Over two-fifths of businesses are considering replacing email as their primary communications channel as the country begins to open-up again after lockdown, according to a new report.

Think tank Parliament Street commissioned the poll of 200 senior decision makers in medium and large UK firms to better understand how COVID-19 will change the world of work going forward.

Some 43% claimed they were “actively considering replacing email” as the main form of online communication for employees, with cloud- and app-based alternatives.

Real-time chat capabilities in cloud-based platforms can offer more efficient ways for staff to collaborate from within documents they are all working on, argued Zoho’s European managing director, Sridhar Iyengar.

“With remote working more widespread than ever, it is inevitable that these new communication methods, which instigate faster decisions, more streamlined processes and instant approvals, are superseding email in many cases as preferred tools for employee communication,” he continued.

“Not all communication is needed to be in real-time, but these other channels can do a better job of replicating the speed of in-person office work when more timely responses are required.”

Email is also more exposed to cyber-threats than end-to-end encrypted online alternatives. Half (51%) of global firms suffered a ransomware attack, 58% saw an increase in phishing and 60% experienced an uptick in impersonation attacks via email over the past year, according to Mimecast.

Although the government has lifted lockdowns imposed on non-essential retailers and is set to allow hospitality businesses to open up from July, organizations that can are still urged to support remote working for as many staff as possible.

Half of those firms surveyed by Parliament Street said they will continue to mandate working from home for all employees, even once the country returns to ‘normal.’

Some 61% said they’re looking to refresh their digital strategy to make flexible working easier and 64% are training staff remotely to improve their skills in this area.

Those findings chimed with what Sonny Sehgal, CEO of managed services firm Transputec, is seeing.

“By embracing IT as an enabler of workplace change, forward-thinking businesses will be able to move forward swiftly, empowering a new generation of staff through flexible and productive working practices,” he said.

Categories: Cyber Risk News

BlueLeaks Exposes Police Files Dating Back 24 Years

Tue, 06/23/2020 - 08:44
BlueLeaks Exposes Police Files Dating Back 24 Years

A major supply chain breach appears to have led to the exposure of hundreds of thousands of sensitive US police records dating back over two decades.

WikiLeaks-like organization Distributed Denial of Secrets released the trove on Friday, claiming it contained 10 years of data from over 200 police departments, fusion centers and other training and support resources. Fusion centers are designed to promote info-sharing between state and local police departments.

“BlueLeaks provides unique insights into law enforcement and a wide array of government activities, including thousands of documents mentioning #COVID19,” the group tweeted.

The 269GB trove contains “police and FBI reports, bulletins, guides and more,” it said.

A National Fusion Center Association (NFCA) alert seen by journalist and researcher, Brian Krebs, apparently confirmed the breach but claimed the leaked data actually dates back 24 years, to August 1996.

It is said to contain names, email addresses, phone numbers, ACH routing numbers, international bank account numbers (IBANs), as well as personally identifiable information (PII) and images on suspects.

“Preliminary analysis of the data contained in this leak suggests that Netsential, a web services company used by multiple fusion centers, law enforcement, and other government agencies across the United States, was the source of the compromise,” the NFCA reportedly wrote.

“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

There are fears that the data could endanger lives, if used by organized crime groups to unmask undercover police officers and witnesses, whilst potentially causing reputational harm to suspects who were subsequently released.

“It's no surprise that law enforcement was the target of this data breach. With the current civil and political climate, a wide range of threat actors, from activists to nation states, would be interested in revealing this sort of confidential information,” argued Gurucul CEO, Saryu Nayyar.

“Now is a good time to review and update security postures, policies and tools, especially where they involve third party vendors and SaaS applications that may not give an organization direct control of their sensitive data.”

Categories: Cyber Risk News

Florida School Board Member Blames Controversial Facebook Post on Hacker

Mon, 06/22/2020 - 17:33
Florida School Board Member Blames Controversial Facebook Post on Hacker

A member of a Florida school board has denied responsibility for a social media post that implied her professional achievements had not been acquired via white privilege.

Broward School Board member Ann Murray claims that a controversial meme that appeared on her personal Facebook page on Sunday, June 21, was posted by a hacker who had compromised her account.

The meme, which was criticized as racist by some other Facebook users, was shared on 77-year-old Murray's page at around 5:30pm after being posted by another user, Keith Medford, on June 8. 

The content of the meme appears to imply that there is no inherent career advantage to being white.

It read: “When I was born, they must have ran out of white privilege because I had to work my ass off to get where I am.”

Murray was distraught by the appearance of the post on her page and swore on her husband's grave to the Sun Sentinel that she was not responsible for sharing it.

“Goodness gracious. Why would I put something out there like that?” said Murray.

“I only post funny things, mostly about animals."

The school board member said that she was now considering closing her Facebook account down following repeated hacks of her page.

“That’s the second time in two months my Facebook page has been hacked," said Murray. "I may be shutting the whole thing down."

The controversial meme denying the existence of racial bias in the workplace was removed from Murray's page by 9pm on the day on which it was posted, but not before other Facebook users had torn into the school board member for apparently sharing it.

Commenters described what they believed to be Murray's actions as “racist,” “tone-deaf,” “disgusting,” and “reprehensible.” The supposed sharing of such a grammatically incorrect message by a school board member attracted no criticism. 

Following the post's removal, Murray posted a message stating that Facebook customer service had notified her “about UNUSUAL account activity, with someone signing in from UNRECOGNIZED DEVICES.”

She added: “I apologize for anything that posted, that was disrespectful.”

Previous posts on Murray's Facebook page include messages supporting America's black community such as AFL-CIO endorsements of prominent black political candidates and a quote from Martin Luther King Jr.

Categories: Cyber Risk News

DIA Analyst Jailed for Disclosing Secrets to Journalist Girlfriend

Mon, 06/22/2020 - 16:30
DIA Analyst Jailed for Disclosing Secrets to Journalist Girlfriend

A former employee of the United States Defense Intelligence Agency (DIA) has been imprisoned for passing classified information to journalists "for personal gain."

Henry Kyle Frese worked for the DIA from February 2018 to October 2019 as a counterterrorism analyst and held a Top Secret / Sensitive Compartmented Information security clearance. 

The 31-year-old resident of Alexandria, Virginia, was found guilty of passing secrets relating to the weapons capabilities of some foreign countries to two journalists on multiple occasions in 2018 and 2019. 

According to court documents, Frese and a female reporter referred to as Journalist 1 were romantically involved and lived together at the same residential address from January 2018 to November 2018. 

United States government agencies have confirmed that in the spring and summer of 2018, a news outlet published eight articles, all authored by the same journalist (Journalist 1), that contained classified information regarding the capabilities of certain foreign countries’ weapons systems.  

These articles contained classified intelligence from five intelligence reports (the compromised intelligence reports) made available to appropriately cleared recipients in the first half of 2018. 

Frese, who followed Journalist 1 on Twitter, re-tweeted her posts announcing the publication of articles containing the classified information that he had searched for on a classified US government computer system and supplied to her. 

“Frese repeatedly passed classified information to a reporter, sometimes in response to her requests, all for personal gain,” said Assistant Attorney General for National Security John Demers. 

Journalist 2 began texting and speaking to Frese after the pair were introduced by Journalist 1 in or about April 2018. Following the introduction, Frese stated in a Twitter direct message sent to Journalist 1 that he was “down” to help Journalist 2 if it would help the career of Journalist 1 “progress.”

Between mid-2018 and late September 2019, Frese orally transmitted information classified at the Top Secret level to Journalist 1 on 12 separate occasions and transmitted information classified at the Secret level to Journalist 1 on at least four occasions. 

Zachary Terwilliger, US attorney for the Eastern District of Virginia, said Frese’s actions "had real consequences and caused actual harm to the safety of this country and its citizens.”

Frese was sentenced on June 17 to 30 months behind bars.

Categories: Cyber Risk News

Indonesia Denies #COVID19 Test Data Breach

Mon, 06/22/2020 - 15:45
Indonesia Denies #COVID19 Test Data Breach

An alleged breach of COVID-19 test result data is being investigated by authorities in Indonesia.

Concerns over a possible breach were raised after a hacker tried to sell what they claimed was the personal information of hundreds of thousands of people who had been tested for the novel coronavirus in Indonesia on an online forum.

Posting on the database sharing and marketplace forum RaidForums on June 18, the alleged hacker claimed to have exfiltrated the test results and personal details of 230,000 people. 

The possible cyber-criminal posted a for-sale notice under the username "Database Shopping." A sample of the allegedly leaked data was displayed along with an offer to sell the entire set for US$300. 

Information the alleged hacker claimed to have accessed included names, addresses, phone numbers, ages, and nationalities. Also included were the private medical records of people who had been tested for COVID-19 at a number of different hospitals in well-known tourist hotspot, Bali.

"I sell it to the enthusiast," wrote the hacker in their post, before claiming to have similar data available for purchase, swiped from other parts of Indonesia. Areas that Database Shopping claimed to have targeted included Jakarta and the West Java provincial capital of Bandung.

The Indonesian government has denied that a breach of any COVID-19 test data has taken place. However, an investigation into the alleged hack has been launched by the Communication and Information Technology Ministry and the national police's criminal investigation department. 

Communication and information technology minister Johnny Plate said the matter was being examined by the National Cyber and Encryption Agency.

Plate told The Straits Times on June 21: "The Covid-19 database and the results of the examinations at the ministry's data center are safe."

The minister added that data centers and other ministries and government institutions will be assessed by the ministry to ensure that all data remained secure.

The government's denial of a data breach was seconded on June 21 by the National Cyber and Encryption Agency, according to local Indonesian media. 

Last month, a different hacker advertised for sale on RaidForums the personal data of 15 million Indonesian users of Tokopedia for $5,000.

Categories: Cyber Risk News

Pages