Feed aggregator

Florida International University Launches New Cybersecurity Bachelor’s Degree

Info Security - Tue, 08/18/2020 - 13:00
Florida International University Launches New Cybersecurity Bachelor’s Degree

Florida International University (FIU) in Miami is launching a new bachelor’s degree in cybersecurity that will prepare graduates for future careers in the sector.

The degree program, starting in the Fall of 2020, will train students for jobs in areas such as data security, systems security management and network threat analysis. Those enrolled will learn about and explore solutions for modern cybersecurity issues such as safeguarding devices, software and data from cyber-threats as well as protecting power grids from hackers.

The curriculum ties in with FIU’s master’s in cybersecurity along with the university’s other cybersecurity education and research efforts

Kenneth G. Furton, FIU provost and executive vice-president, said: “From our finances to social profiles to business enterprises and even government infrastructure, the world we live in is highly networked, resulting in an ever-growing demand for skilled cybersecurity professionals. We are responding to that workforce demand by educating professionals who will find innovative ways to protect these expanding networks that touch nearly every aspect of our lives.”

Students will have the opportunity to complete a capstone project on security, working collaboratively with information technology and computer science students, and engage in research through programs sponsored by the National Science Foundation.

Nagarajan Prabakar, program director and associate professor in FIU’s School of Computing & Information Sciences, added that cybersecurity has become one of the most challenging tech problems of the modern world and experts are in constant pursuit of new ways to safeguard information assets.

“This program is FIU’s direct response to the increasing demand for professionals in this field. We are committed to arming our students with the knowledge and specialized skill set needed to protect us from the cyber-attacks of the future, which will increase in numbers and degree of sophistication over time.”

Categories: Cyber Risk News

Nearly 40% of Firms Fired Staff for Security Policy Breaches

Info Security - Tue, 08/18/2020 - 11:00
Nearly 40% of Firms Fired Staff for Security Policy Breaches

Almost two-fifths (39%) of British business decision makers have sacked employees because they breached corporate security policy during the pandemic, according to new data from Centrify.

The IAM specialist polled 200 UK respondents to find out more about how COVID-19 and mass remote working has impacted corporate cybersecurity.

Over half (58%) of respondents admitted that employees are more likely to try and bypass enterprise security practices when working from home.

That may explain why nearly two-thirds (65%) said they had made major changes to their cybersecurity policy to take account of their newly distributed workforce.

Changes to policy could include updates to remote access and authentication, which 57% of business decision makers said they are currently trying to implement. Multi-factor authentication (MFA) is regarded as industry best practice in helping to mitigate the risk of phishing and brute force attacks on RDP and corporate user accounts, for example.

A further 55% of respondents told Centrify that they are planning to formally ban staff from using personal devices to work from home.

This could also help to reduce cybersecurity risk as personal IT kit might be less well secured than corporate equivalents, and potentially used by other members of the household who may engage in risky online behavior.

Centrify VP, Andy Heather, argued that humans continue to be the weakest link in the corporate security chain.

“With more people than ever working from home and left to their own devices, it’s inevitable that some will find security workarounds, such as using personal laptops and not changing passwords, in order to maximize productivity,” he added.

“It’s also possible that the changes in security procedures are not being communicated well to employees, and many are practicing unsafe internet usage without even realizing.”

Categories: Cyber Risk News

ISO Warning as #COVID19 Threatens Re-Certification Audits

Info Security - Tue, 08/18/2020 - 09:35
ISO Warning as #COVID19 Threatens Re-Certification Audits

Hundreds of thousands of ISO certifications are in danger of lapsing because auditors haven’t been able to visit organizations’ premises during the pandemic, according to InfoSaaS.

The international standards at risk of suspension include ISO 27001, which covers rigorous best practices for information security management systems, as well as ISO 27017 and ISO 27018 (enhanced security control sets for cloud services), ISO 9001 (quality management) and ISO 45001 (health and safety risks).

Re-certification audits must be undertaken within six months of the anniversary of an ISO certificate being issued or else it should be suspended and a new assessment required, according to the UK Accreditation Service (UKAS).

However, auditors usually have to visit premises in person, especially if organizations are still using manual spreadsheet-based processes for compliance. InfoSaaS argued that this approach requires face-to-face explanation and cross-referencing.

As of 2018, around 1.3 million ISO certificates were granted to global organizations, including thousands in the UK.

If no special dispensation is granted due to COVID-19, these ISO-holders may find themselves being forced to pay as much as three-times their anticipated outlay this year on restoring certifications, as well as devoting extra time and resources to the project, InfoSaaS claimed. In the meantime, they would be forced to remove any ISO accreditation messaging from marketing materials.

Peter Rossi, co-founder of InfoSaaS, argued that around 2500 ISO certificates could be at risk of lapsing each month among its UK customers alone, and related to just three standards: ISO 9001, ISO 27001 and ISO 4500.

“The uncomfortable truth is that, under current circumstances, some organizations may decide not to be re-audited and simply to let their ISO certifications lapse,” he added.

“Any such de-prioritization may, in turn, lead to an unwanted decline in standards for the likes of information security, environmental management, health and safety and quality management. This is not a good outcome for anyone.”

Categories: Cyber Risk News

Carnival Cruises into Danger After Ransomware Attack

Info Security - Tue, 08/18/2020 - 08:33
Carnival Cruises into Danger After Ransomware Attack

British-American cruise operator Carnival has suffered a ransomware attack in which guest and employee data was accessed, it has revealed in a regulatory filing.

The Miami-headquartered travel giant — which operates big-name brands including Cunard, P&O, AIDA and Princess — said the attack was discovered on August 15.

Attackers managed to encrypt “a portion” of the IT systems one of its brands, although Carnival refused to elaborate on which company had been hit.

“The company does not believe the incident will have a material impact on its business, operations or financial results. Nonetheless, we expect that the security event included unauthorized access to personal data of guests and employees, which may result in potential claims from guests, employees, shareholders, or regulatory agencies,” it continued.

“Although we believe that no other information technology systems of the other company’s brands have been impacted by this incident based upon our investigation to date, there can be no assurance that other information technology systems of the other company’s brands will not be adversely affected.”

Carnival said that it has notified law enforcement, engaged legal counsel and hired incident response professionals who have helped to implement containment and remediation measures.

The attack comes at a bad time for the company, which has been hit hard by the current pandemic and a collapse in global tourism. Last month it was forced to borrow another $1bn to stay afloat, adding to around $7bn it had previously secured.

Steve Durbin, managing director of the Information Security Forum, argued that many organizations’ systems may have been exposed of late due to mass home working by employees.

“To protect against the scale and scope of these threats, an organization will be forced to rethink its defensive model, particularly its business continuity and disaster recovery plans. Established plans that rely on employees being able to work from home, for example, do not stand up to an attack that removes connectivity or personally targets individuals as a means of dropping ransomware into the corporate infrastructure,” he said. 

“Revised plans should cover threats to periods of operational downtime caused by attacks on infrastructure, devices or people. Creating a cyber-savvy workforce that takes information security seriously, while fostering a culture of trust, will help to eradicate poor security practices as well as reduce the number and scale of incidents.”

Categories: Cyber Risk News

American Charged with Attempting to Hire Hitman on Dark Net

Info Security - Mon, 08/17/2020 - 18:20
American Charged with Attempting to Hire Hitman on Dark Net

A New Jersey man has been charged with trying to hire a hitman on the dark net to kill a child with whom he exchanged sexually explicit images. 

John Michael Musbach was arrested on Thursday for allegedly paying $20,000 in Bitcoin to have his then 14-year-old victim murdered. The 31-year-old Haddonfield resident was charged with one count of murder-for-hire.

According to court documents, Musbach began communicating with his victim in the summer of 2015, when the boy was aged 13. 

Using an Internet Relay Chat (IRC) website, Musbach requested and received sexually explicit videos and photographs of his victim. Musbach also sent indecent images and videos of himself to the victim.

An investigation was launched in September 2015 when the victim's parents discovered the message exchange. 

Law enforcement officers arrested Musbach in March 2016 on charges relating to child sexual abuse images. During a search of Musbach's residence, officers seized a cell phone and a laptop provided to Musbach by his then-employer, a cloud hosting company.

In February 2018, Musbach received a two-year suspended sentence with parole supervision for life after he pleaded guilty in October 2017 to endangering the welfare of a child (the victim) by sexual contact.  

In 2019, agents from Homeland Security Investigations in St. Paul, Minnesota, were provided with messages between Musbach and a fraudulent murder-for-hire website that operated on the dark net.

Those messages, supplied by an informant, revealed that in May 2016, Musbach contacted the website. Using the alias Agentisai, Musbach asked if a 14-year-old was too young to target. 

After being assured that a 14-year-old victim was acceptable, Musbach paid around 40 Bitcoin (approximately $20,000) for the hit. 

Court documents show that Musbach repeatedly messaged the website’s administrator to ask when the hit would occur. When pressed for an additional $5,000 by the scammers, Musbach tried to cancel the deal and asked for a refund.

The Department of Justice said: "Agents were able to confirm Musbach’s identity through several means, including linking him to the same screen name he used to communicate with the murder-for-hire website and also by tracing the flow of monies from Musbach’s bank account to the purchase of Bitcoin used to pay for the hit."

If convicted, Musbach could face 10 years behind bars plus a hefty fine.

Categories: Cyber Risk News

Companies Team Up to Offer Cloud Auditing Certificate

Info Security - Mon, 08/17/2020 - 17:36
Companies Team Up to Offer Cloud Auditing Certificate

Cloud Security Alliance and ISACA are joining forces to bring a Certificate of Cloud Auditing Knowledge (CCAK) to the market.

The strategic partnership of the global technology association and the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment was announced today. 

CCAK will be the first credential for industry professionals that certifies their expertise in the essential principles of auditing cloud computing systems. 

Detailed availability and pricing of the CCAK offerings will be announced later this year. The certificate is scheduled for completion in the final quarter of 2020.

“ISACA is pleased to forge this new partnership with CSA, an organization we have worked with since its founding in 2009,” said David Samuelson, CEO of ISACA. 

“As cloud becomes the centerpiece of organizational IT strategies and the repository of corporate crown jewels, we have a unique responsibility to increase the security and transparency of this platform. 

“We truly believe that this partnership allows us to do more together than we could individually to accelerate cloud assurance competencies throughout our global audience.”

The CCAK’s holistic body of knowledge will be composed of the CSA’s Cloud Controls Matrix (CCM), the fundamental framework of cloud control objectives; its companion Consensus Assessments Initiative Questionnaire (CAIQ), the primary means for assessing a cloud provider’s adherence to CCM; and the Security, Trust, Assurance & Risk (STAR) program, a global leader in cloud security audits and self-assessments, in addition to new material. 

Jim Reavis, co-founder and CEO of Cloud Security Alliance, said: “ISACA’s global leadership within the IT audit profession and its reputation for high-integrity knowledge programs make them the ideal partner to achieve real progress in creating trust in the cloud.”

The cloud auditing and assurance initiative is one of many joint ventures that ISACA and CSA say they plan to announce over the next few months. 

A joint statement released by the partners today said that the new collaboration will “promote harmonization between the myriad cloud trustmarks and standards within various industries and nations, as well as drive greater consensus between cloud providers, customers, and governing bodies.”

Categories: Cyber Risk News

Oracle and Salesforce to Face GDPR Lawsuit

Info Security - Mon, 08/17/2020 - 16:33
Oracle and Salesforce to Face GDPR Lawsuit

A consumer privacy campaign group has filed a lawsuit against American companies Salesforce and Oracle over an alleged breach of the EU's General Data Protection Regulation laws. 

The Privacy Collective claims that the companies collect users' personal data without proactive user consent and then auction it off to other companies without users' knowledge. The group has claimed that the suit could cost the California-based companies up to $10bn in fines.

On Friday, the class-action lawsuit was filed in Amsterdam, becoming the biggest class action to be lodged over an alleged violation of GDPR in the history of the Netherlands. The suit asks for a €500 payment for each user who has not consented to the use of their sensitive personal data. 

A similar claim will be filed later this month by the Privacy Collective at the High Court in London.  

Salesforce is an American cloud-based software company headquartered in San Francisco. Oracle Corporation is an American multinational computer technology corporation that operates from headquarters in Redwood Shores.

The Privacy Collective alleges that the two tech companies used third-party cookies Bluekai and Krux to misuse consumers’ personal data. The cookies, which are hosted on multiple websites including Ikea, Twitch, Dropbox, Booking.com, and Comparethemarket, are used for dynamic ad pricing services.

The privacy campaign group alleges that Oracle and Salesforce held on to personal data that consumers had not proactively consented to share and took an inconsistent approach to securing sensitive information. The suit further accuses the companies of facilitating sales using harmful ads.

According to the Privacy Collective, both companies sell profiles created from the personal data they have gathered from users to other companies via real-time bidding without the knowledge or consent of the users. 

Oracle general counsel Dorian Daley said: “Oracle has no direct role in the real-time bidding process, has a minimal data footprint in the EU, and has a comprehensive GDPR [privacy] compliance program.”

A spokesperson for Salesforce said: “Salesforce disagrees with the allegations and intends to demonstrate they are without merit. Our comprehensive privacy program provides tools to help our customers preserve the privacy rights of their own customers.”

Categories: Cyber Risk News

Major Security Vulnerability Discovered in CMS System Used by US Army

Info Security - Mon, 08/17/2020 - 14:30
Major Security Vulnerability Discovered in CMS System Used by US Army

The content management system, Concrete5 CMS, contains a major vulnerability which has now been addressed in an updated version, according to an analysis published today by Edgescan.

Edgescan senior information security consultant, Guram Javakhishvili, revealed that Concrete5 has a Remote Code Evaluation (RCE), a known security weakness which if exploited, “can lead to a full compromise of the susceptible web application and also the web server that it is hosted on.”

Concrete5 is a free CMS system that creates websites and is renowned for its ease of use. It is used by major organizations including GlobalSign, the US Army, REC and BASF.

Javakhishvili said that the RCE vulnerability is simple to exploit and quickly enables the user to gain full access to the application. During an assessment of the program, Edgescan discovered it was possible to modify site configuration to upload the PHP file and execute arbitrary commands. Once added, potentially malicious PHP code can be uploaded and system commands executed.

By the ‘reverse shell’ mechanism, the attacker can then take full control over the web server. Through executing arbitrary commands on the server, the integrity, availability and confidentiality of it can be compromised. Additionally, moves can then be made to attack other servers on the internal network.

Javakhishvili added that the weakness has now been addressed by Concrete5 following the investigation, and the stable fixed release is out, version: 8.5.4.

Eoin Keary, CEO of Edgescan, commented: “A RCE can lead to a full compromise of the vulnerable web application and also web server. Nearly 2% of vulnerabilities across the fullstack were attributed to RCE in the Edgescan 2020 Vulnerability Stats Report. At Edgescan, we’re proud of the part we play in identifying vulnerabilities in web apps, alerting vendors and supporting them in making their products as secure as possible.”

The investigation serves as a reminder for organizations to take regular action to ensure their CMS systems are secure. Steps advised by Edgescan include keeping installed scripts and CMS platforms up-to-date, regular backups and subscribing to a regularly-updated list of vulnerabilities for the specific CMS being used.

Categories: Cyber Risk News

Reported Data Breaches Down by 52% in 2020

Info Security - Mon, 08/17/2020 - 13:02
Reported Data Breaches Down by 52% in 2020

Reports of data breaches are down by 52% year-on-year in the first half of 2020.

According to research by Risk Based Security, whilst the number of reported data breaches are down, the number of records exposed is more than four-times higher than any previously reported time period.

“The striking differences between 2020 and prior years brings up many questions,” commented Inga Goddijn, executive vice-president at Risk Based Security. “Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? Perhaps most importantly, is this a permanent change in the data breach landscape?”

According to the research, there were 2037 publicly reported breaches through to June 30, accounting for a 52% decrease compared to the first six months of 2019 and 19% below the same time period for 2018. By mid-year 2019, there had been 4298 breaches reported.

The main cause of data breaches in the first half of this year were misconfigured databases and services. Over 27 billion records were exposed between January 1 2020 and June 30 2020, exceeding the total number of records exposed during all of 2019 by more than 12 billion records.

In an email to Infosecurity, HaveIBeenPwned? founder Troy Hunt said there is an issue around data breaches, as “we only ever know about the tip of the data breach iceberg and there’s frequently a long lead time between breach and discovery.”

He added: “Depending on how you measure it, I’m sure one could easily show the trend going the other way too; I normally load a new breach into HIBP once every four days but added 16 in a two-week period over late July and early August due to the ShinyHunters incidents.”

Steven Furnell, professor of cybersecurity at the University of Nottingham, said his instinct is that we’re not necessarily seeing a decrease of breach events, “but more likely that attention has been distracted by the pressing demands of COVID-19 and the transition to home working.”

He suspected that certain things are also going to be more difficult to monitor and capture in the home working context, “and I so I imagine that some events may not come to light as quickly or clearly as would otherwise have been the case.

“Given that organizations will have differed quite widely in their prior positioning for home working (e.g. whether they had any policy in place to guide staff, and had done any related training and awareness), it is likely that many will have had staff fending for themselves to a greater degree than normal, and potentially left exposed in the process,” Furnell said. “So, it seems unlikely that breaches would have really decreased in this ‘less controlled’ context compared to what happens in the normal workplace setting.”

Last week’s research released by CI Security analyzed data from the US Department of Health and Human Services, and found healthcare breach reports in the first half of this year were down 10.4% compared to the second half of 2019, with the number of breached records falling by nearly 83%.

Robert Meyers, channel solutions architect at One Identity, also suspected the numbers had decreased due to lower reporting. “The reason is simple, the world changed,” Meyers said. “The COVID-19 outbreak changed the way organizations work, and shifted everyone’s priorities. So, while things may have calmed back down and organizations may have settled into their new, remote working set-up, we can expect a rise in breaches reported in the second half of the year, and an artificially low number in the first half of the year.”

Categories: Cyber Risk News

Vodafone Adds Trend Micro’s “Worry-Free” Detection Service to its Security Offering

Info Security - Mon, 08/17/2020 - 12:00
Vodafone Adds Trend Micro’s “Worry-Free” Detection Service to its Security Offering

Vodafone has announced the expansion of its business security services to include protection for business customers’ laptops and desktops.

The telecoms giant is teaming with Trend Micro, adding the security vendor’s Worry-Free detection service to its security offering. This is with the aim of protecting businesses and their employees from online security threats such as ransomware, out-of-date applications and phishing attacks on desktops and laptops.

The service is available to new and existing business customers of all sizes and is compatible across Windows, Mac, Android and iOS devices as well as Microsoft 365, G-Suite, Box, Dropbox and Salesforce cloud services.

Anne Sheehan, business director, Vodafone UK, said: “With more employees than ever before working from home because of the COVID-19 pandemic, cyber-threats are more prevalent than they have ever been. We are here to help businesses ensure that remote working is safe and secure. We are delighted to have teamed up with Trend Micro to enhance our security offering for our business customers.”

Bharat Mistry, principal security strategist at Trend Micro, added: “Whatever their size, organizations are struggling to manage an uptick in cyber-threats targeting the devices of those employees who are working from home, that’s why we’ve partnered with Vodafone. Backed by Trend Micro’s 30+ years of industry experience and delivered by Vodafone, a highly trusted technology communications company, this comprehensive set of security capabilities will give tremendous value and peace of mind for Vodafone customers.”

This partnership with Trend Micro follows the recent news that Vodafone has launched the V-Hub business support platform, aimed at helping small businesses to be more effective and safer online. 

Categories: Cyber Risk News

Phone Fraudsters Target Guests at The Ritz After Data Breach

Info Security - Mon, 08/17/2020 - 10:45
Phone Fraudsters Target Guests at The Ritz After Data Breach

Guests at one of London’s top hotels have been targeted with convincing phone-based identity fraud attacks after a suspected data breach.

The five-star Ritz London, where deluxe rooms cost over £2000 per night, revealed on Twitter over the weekend that it suffered a security incident last Wednesday.

“We can confirm that on August 12 2020, we were aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients’ personal data. This does not include any credit card details or payment information,” it said.

“We immediately launched an investigation to identify the cause of the breach, which is ongoing, to find out what happened, how and to prevent this from happening again. We have contacted all of our clients whose data may have been compromised and alerted the ICO of the incident.”

However, the incident response appears not to have been quick enough to prevent attackers from using stolen guest data in follow-on fraud attempts.

With restaurant booking details in hand, they posed as hotel staff and began calling up diners in order to obtain their card details, according to reports.

One victim told DigitalTrends that the incoming phone number was even spoofed to appear as if the genuine Ritz number. In other cases, victims were urged to read out one-time passcodes sent to their device in order to stop a fraudulent transaction occurring. Of course, once they had the code, the scammers were able to authenticate their illegal transactions.

Hotels have become an increasingly attractive target for cyber-criminals and nation states over the years, given that they store large amounts of customers’ personal and financial data.

In 2018, Marriott International notified of a major incident in which the personal details of 339 million guests had been compromised — a breach the ICO was set to fine the firm £99m for.

Categories: Cyber Risk News

Jack Daniel’s-Maker Suffers REvil Ransomware Breach

Info Security - Mon, 08/17/2020 - 09:42
Jack Daniel’s-Maker Suffers REvil Ransomware Breach

US wine and spirits giant Brown-Forman has become the latest big-name brand to suffer a serious ransomware-related data breach, cyber-criminals have claimed.

The Jack Daniel’s-maker has released few details about the incident but claimed it successfully prevented attackers from encrypting its files.

“We are working closely with law enforcement, as well as world class third-party data security experts, to mitigate and resolve this situation as soon as possible,” it added in a brief statement. “There are no active negotiations.”

However, as is often the case, the attackers appear to have taken extra steps to force a ransom payment from the company. They told Bloomberg that 1TB of corporate data is now in their hands and it will most likely be leaked online in batches to turn up the pressure on the Louisville, Kentucky-headquartered firm.

The group apparently responsible for this attack is Sodinokibi (REvil), which, like Maze and other gangs, maintains a dedicated leak site to post stolen data on.

As per previous attacks, it has already shared screenshots of file names as proof of its claims, some dating back over 10 years.

REvil is one of the more sophisticated ransomware outfits, often targeting vulnerabilities in remote access infrastructure such as Pulse Security VPNs to compromise its corporate victims. It’s believed to have been responsible for the attack on Travelex which helped to send the foreign exchange giant into administration recently.

Potentially linked to now-defunct variant GandCrab, REvil was judged to have a market share of around 27% in the first quarter of 2020.

The ransomware-as-a-service model it employs has made its stakeholders major sums over the past few months. One relatively new tactic has been to auction off stolen data to generate more money and force a ransom payment.

This is what was promised after compromising New York-based celebrity law firm Grubman Shire Meiselas & Sack, although the auction failed to appear.

Categories: Cyber Risk News

Canadian Citizens Lose #COVID19 Funds After Govt Account Hijacking

Info Security - Mon, 08/17/2020 - 08:30
Canadian Citizens Lose #COVID19 Funds After Govt Account Hijacking

Thousands of Canadian citizens are at risk of identity fraud after cyber-criminals used stolen log-ins to access government services in their name, including COVID-19 relief funds.

A statement from the Treasury Board of Canada Secretariat on Saturday revealed that the attackers had used tried-and-tested credential stuffing techniques to hijack GCKey and Canada Revenue Agency (CRA) accounts.

GCKey is used by 30 federal agencies to provide Canadians with services like Employment and Social Development Canada’s My Service Canada account and Immigration, Refugees and Citizenship Canada accounts.

The government claimed that 9041 users were affected by the campaign, and in a third of cases services were accessed illegally. Around 5500 CRA accounts were targeted by this and a separate credential stuffing attack on the tax office, it added.

Although the number of affected accounts are a small proportion of the 12 million active GCKey accounts in Canada, the raid comes at a time when many are in need of government support to get them through the current financial and healthcare crisis.

Local reports claimed that some of the victims have already been defrauded after attackers successfully applied for the $2000-per-month Canada Emergency Response Benefit (CERB) for COVID-19.

“Affected GCKey accounts were cancelled as soon as the threat was discovered and departments are contacting users whose credentials were revoked to provide instructions on how to receive a new GCKey,” the government statement noted.

“The government is continuing its investigation, as is the RCMP to determine if there have been any privacy breaches and if information was obtained from these accounts. As well, the Office of the Privacy Commissioner has been contacted and alerted to possible breaches.”

The government urged Canadians to always use unique passwords for their online accounts, but presumably the attackers also succeeded because of insufficient log-in security such as two-factor authentication.

Categories: Cyber Risk News

Looting Causes Data Breach at Walgreens

Info Security - Fri, 08/14/2020 - 18:30
Looting Causes Data Breach at Walgreens

The personal health information (PHI) of over 72,000 Walgreens customers has been exposed after looters broke into nearly 200 stores and stole prescriptions. 

America's second-largest pharmaceutical chain contacted impacted customers in July to disclose the data breach. Walgreens spokesperson Jim Cohn told the Philadelphia Inquirer that 180 Walgreens stores had been looted but declined to state which specific ones. 

“As part of a comprehensive investigation and review of the damage, we learned there was also limited unauthorized access to certain patient information at some of these damaged locations,” Cohn said in a statement. 

Walgreens said that while paper records and filled prescriptions were swiped by looters, no financial information or Social Security numbers belonging to customers were exposed. 

In a breach notification letter dated July 24, Walgreens wrote: “Sometime between May 26 and June 5 2020, various groups of individuals broke into multiple Walgreens stores and forced entry into the secured pharmacy at select locations, including your preferred Walgreens.

“Among the many items stolen were certain items containing health-related information — such as filled prescriptions waiting for customer pick up and paper records.”

Sensitive information exposed in the spate of looting included customers' full name, address, date of birth/age, phone number, email address, balance rewards numbers and photo ID numbers. Vaccination information was also exposed along with prescription details and clinical and health plan information.

The letter went on to state: “Upon learning of the potential compromise of information, Walgreens promptly took steps to close out and re-enter impacted prescriptions in our system to prevent potential fraud regarding the original prescription.”

Walgreens said that it was coordinating with local law enforcement where appropriate and had taken steps to reverse insurance claims for any stolen filled prescriptions that had already been billed to health plans. 

Impacted customers were offered one year of credit monitoring free of charge and were given advice on how to obtain and monitor credit reports. Customers were further advised to “follow-up with your insurance company or the care provider for any items you don’t recognize.”

According to data in the Office for Civil Rights (OCR) breach portal, the data breach may have affected 72,143 Walgreens customers.

Categories: Cyber Risk News

US Disrupts Three Cyber-Enabled Terror Campaigns

Info Security - Fri, 08/14/2020 - 17:30
US Disrupts Three Cyber-Enabled Terror Campaigns

The US government has made its largest ever seizure of cryptocurrency associated with terrorism after three alleged cyber-enabled terrorist financing campaigns were dismantled. 

The global disruption of campaigns involving Hamas’s military wing, the Izz ad-Din al-Qassam Brigades, al-Qaeda and Islamic State of Iraq and the Levant (ISIS) was announced yesterday by the Department of Justice. 

Each group was allegedly found to have used cryptocurrency and social media to raise their online profile and attract donations to fund their terror campaigns. In accordance with judicially authorized warrants, US authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites and four Facebook pages.

In 2019, Al-Qassam Brigades allegedly posted a call for Bitcoin donations to fund its terror campaign on its social media page. The request was then made via the group’s official websites, alqassam.net, alqassam.ps and qassam.ps.

Included on their websites was a video claiming that benefactors could send money anonymously by using unique Bitcoin addresses generated for each individual donor. However, the IRS, HSI and FBI agents were able to track and seize all 150 cryptocurrency accounts that allegedly laundered funds to and from the al-Qassam Brigades’ accounts.

“While these individuals believe they operate anonymously in the digital space, we have the skill and resolve to find, fix and prosecute these actors under the full extent of the law,” said acting United States attorney Michael Sherwin.  

A second campaign run by al-Qaeda and affiliated terrorist groups allegedly solicited cryptocurrency donations via a Bitcoin money laundering network operated using Telegram channels and other social media platforms.

In some instances, the terrorists allegedly posed as charities to attract donations that were actually intended to fund violent terrorist attacks. 

The third disrupted campaign involved an alleged scheme by ISIS facilitator Murat Cakar to fund ISIS by selling fake personal protective equipment via FaceMaskCenter.com.

“It should not surprise anyone that our enemies use modern technology, social media platforms and cryptocurrency to facilitate their evil and violent agendas,” said Attorney General William P. Barr.   

“We will prosecute their money laundering, terrorist financing and violent illegal activities wherever we find them and, as announced today, we will seize the funds and the instrumentalities that provide a lifeline for their operations whenever possible.” 

Categories: Cyber Risk News

Phishing Scam Targets Asda Shoppers

Info Security - Fri, 08/14/2020 - 16:20
Phishing Scam Targets Asda Shoppers

Supermarket shoppers in the UK have been targeted by a phishing scam run via the social networking sites Facebook and Twitter. 

Unscrupulous scammers ran sponsored adverts on the sites offering women who were born in October a free £1000 gift card to spend at Asda. 

Victims who clicked on the advert's link were led to a malicious site, sneakily decked out in the supermarket's official branding to make it look legitimate.

The misled social media users were then instructed that in order to claim their gift card, they must first enter their personal details including name, home address, cell number, bank account details and bank card security number.

The paid for malicious ad depicted two women and a shopping trolley laden with groceries bearing branding not typically seen in UK supermarkets. 

Alongside the image was the text: “Good news, we are giving away £1000 Asda Gift Cards across the country to raise brand awareness! Please complete a short survey below to figure out if you’re eligible to get it. Act fast! Only 949 Gift Cards left.”

A member of Asda's service team confirmed that the £1000 gift card giveaway was fraudulent after being contacted by a user from Manchester who spotted an ad for the falsified scam on Twitter.

The ASDA Service Team Twitter feed responded to the user's query on August 10 by saying: “I can confirm this is not an advertisement from us, this looks to be a scam.”

The fraudulent ads were first identified by niche litigation practice Griffin Law. The UK firm's research team has found evidence that around 100 potential victims have already reported seeing the advert on Facebook. The team believes that none of the victims who reported the scam were taken in by it. 

“With the majority of people still working from home or on furlough due to the COVID-19 crisis, we’re seeing a sharp rise in online scams offering everything from gift cards to discounts on everyday essentials,” commented Centrify vice-president Andy Heather. 

“These fraudulent posts are specifically designed to catch consumers off-guard, often making use of sponsored posts to fool unsuspecting victims into handing over personal information such as bank details.”

Categories: Cyber Risk News

RedCurl Emerges as a Corporate Espionage APT

Info Security - Fri, 08/14/2020 - 10:16
RedCurl Emerges as a Corporate Espionage APT

Security researchers have uncovered a prolific new APT group blamed for at least 26 targeted corporate espionage attacks on global firms since 2018.

Dubbed “RedCurl” buy Group-IB, the entity is thought to be Russian-speaking but previous targets were located in Russia, Ukraine, the UK, Germany, Canada, and Norway. Victims hail from a wide variety of industries including insurance, construction, retail, banking, law, finance and even travel agencies.

The end goal of attacks appears to be the theft of confidential corporate data such as contracts, financial documents, employee personal records, and information on legal action and facility construction.

Spear-phishing was used extensively to target specific teams in victim organizations, with the attackers posing as HR staff members and sending their emails to multiple recipients to avoid raising suspicion, the report claimed.

These messages were so carefully drafted that Group-IB claimed they resemble red team pen-testing exercises.

“To deliver the payload, RedCurl used archives, links to which were placed in the email body and led to legitimate cloud storage services. The links were disguised so that the victim would not suspect that opening the attached document about bonuses from the supposedly official website would deploy a Trojan, controlled by the attacker through the cloud, on the local network,” the vendor explained.

“The Trojan-downloader RedCurl.Dropper served as the attackers’ pass to the targeted system that installed and launched other malware modules. Like the group's other custom tools, the dropper was written in PowerShell.”

With access to a target network, the attackers then scan for folders and documents, and steal email log-ins via the LaZagne tool if they don’t find what they’re looking for.

RedCurl remains in victim networks for an average of two to six months. Persistence is maintained because all communication between the victim's infrastructure and the attackers is made via legitimate cloud storages such as Cloudme, koofr.net, and pcloud.com, and all commands are passed as PowerShell scripts.

Rustam Mirkasymov, head of the Malware Dynamic Analysis Team at Group-IB, argued that corporate espionage is a relatively rare phenomenon in the APT world.

“For RedCurl, it makes no difference whether to attack a Russian bank or a consulting company in Canada. Such groups focus on corporate espionage and employ various techniques to cover their activity, including the use of legitimate tools that are difficult to detect,” he added.

“The contents of the victim’s documents and records can be much more valuable than the contents of their own wallets. Despite the lack of direct financial damage, which is typical of financially motivated cyber-criminal groups, the consequences of espionage can amount to tens of millions of dollars.”

It is hoped that with technical details and IOCs detailed in the report, organizations will be better able to detect and block RedCurl attacks in future.

Categories: Cyber Risk News

Over 43,000 Phishing Emails Slip Through NHS Security Filters

Info Security - Fri, 08/14/2020 - 09:35
Over 43,000 Phishing Emails Slip Through NHS Security Filters

More than 43,000 NHS staff have been hit by phishing emails over the past few months, as they battled to save patients infected with COVID-19, a Freedom of Information (FOI) request has revealed.

Think tank Parliament Street asked NHS Digital for the data on spam and phishing emails from March to July 14.

A spokesperson confirmed to Infosecurity that the figures related to user reports of malicious and scam messages in their inbox, so the real total could be far higher.

If correct, it would mean that NHS Digital filters are failing to catch a significant volume of threats at a time when the health service is under extreme strain due to the pandemic.

The FOI request revealed a total of 43,108 reports of malicious emails made by doctors, nurses and other NHS staff during the period. The vast majority came from March (21,188) at the start of the crisis, with fewer reports in April (8085), May (5883) and June (6468), plus 1484 in the first half of July.

With reports circulating of cyber-criminals attempting to deploy malware in hospitals, the email inbox is a vital first-line-of-defense against potentially serious cyber-threats.

Although the 43,108 individuals who reported the emails are unlikely to have fallen for the scams, many attacks have been successful. NHS Digital revealed in June that over 100 NHS inboxes were compromised in such raids, although the end goal was not clear.

In some cases, employee finances have been targeted in the attacks: one NHS trust in the north-west warned that criminals impersonated employees in emails to HR and Payroll staff, with the aim of tricking them into changing staff bank account numbers.

Chris Ross, SVP sales international at Barracuda Networks, warned that hackers may also be after patient data to sell on the dark web.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber-defense weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber-threat facing them,” he argued.

“Our recent research revealed that there has been a spike in cyber-criminals using official email domains, such as Gmail and Yahoo, to bypass inbox defences and trick users into revealing personal details by impersonating a colleague, manager or trusted partner.”

AI-powered tools can help in identifying unusual senders and requests, he added.

Categories: Cyber Risk News

GCHQ: Don’t Fall For ‘Celebrity-Backed’ Investment Scams

Info Security - Fri, 08/14/2020 - 08:30
GCHQ: Don’t Fall For ‘Celebrity-Backed’ Investment Scams

The British public has been warned not to fall for investment scams seemingly endorsed by celebrities, after the National Cyber Security Centre (NCSC) revealed it had been forced to take down over 300,000 related URLs.

The GCHQ body has seen an alarming rise in such scams of late, claiming they usually take the form of emails or online ads which are spoofed to appear like news articles featuring household names like Richard Branson, Ed Sheeran and money expert Martin Lewis.

These emails and ads lure users to click through to hoax websites which claim the victim can make money fast, but in reality any funds they send end up in the pocket of the fraudsters.

The NCSC said it is taking action under its Active Cyber Defense program to takedown the malicious URLs and encouraged users to report anything fitting the bill to its recently launched Suspicious Email Reporting Service (SERS).

SERS has received 1.8 million reports from the public since its launch in April, resulting in over 16,800 malicious URLs being blocked or taken down. More than half of these URLs related to cryptocurrency investment scams.

“These investment scams are a striking example of the kind of methods cyber-criminals are now deploying to try to con people. We are exposing them today not only to raise public awareness but to show the criminals behind them that we know what they’re up to and are taking action to stop it,” said NCSC CEO, Ciaran Martin.

“I would urge the public to continue doing what they have been so brilliantly and forward anything they think doesn’t look right to our Suspicious Email Reporting Service.”

Commander Clinton Blackburn of the City of London police urged users to be cautious online and if they feel they’ve been a victim of fraud, to report it to the national reporting center, Action Fraud.

The news comes after a group of scammers managed to hijack the Twitter accounts of several big-name celebrities and politicians in July and use the exposure to publicize a cryptocurrency scam which is said to have made $100,000 before it was swiftly shut down.

The US has indicted three alleged perpetrators, one of whom lives in Bognor Regis in the UK.

Categories: Cyber Risk News

"Hacker Princess" Wins (ISC)² Diversity Award

Info Security - Thu, 08/13/2020 - 16:08
"Hacker Princess" Wins (ISC)² Diversity Award

Security researcher Kristin Paget, known in the cybersecurity industry as Hacker Princess, has won the (ISC)² Diversity Award.

US resident Paget was among the 2020 Global Achievement Awards honorees named today by the world’s largest nonprofit association of certified cybersecurity professionals. The annual awards recognize and celebrate the most outstanding annual and lifetime achievements in the field of cybersecurity.  

Paget joined Apple in 2012 but was poached two years later by Tesla Motors. After a stint at Lyft designing security systems for self-driving cars, Paget took a position with Intel. 

A spokesperson for (ISC)² said: "The (ISC)² Diversity Award, which honors an individual who represents the core values of (ISC)² through significant contributions in driving a more diverse workforce in the cybersecurity community, is presented to Kristin Paget, who currently resides in the US."

The organization said that Paget had earned the gong for being someone "who has continually promoted and represented diversity through her positions as 'Hacker Princess' in the security departments of several leading technology companies."

Other award honorees included Jack Freund, head of cyber risk methodology at Cyber Assessments, Inc. Freund won the (ISC)² Senior Professional Award for his work with the NIST Applied Cybersecurity Division on behalf of the nonprofit FAIR Institute to map together the NIST CSF Risk Assessment and the Risk Management Strategy domains to the OpenGroup’s FAIR risk taxonomy and risk analysis standards.

Founder of Katia’s Cylife and system engineer at Anavation LLC, Katia Dean was honored with the (ISC)² Rising Star Professional Award. Judges picked out Dean as the winner after being impressed by a website she created to help people understand the field of cybersecurity and provide educational content, while also connecting them with job opportunities.

Security and privacy expert Yves Le Roux was honored twice for his professional achievements. The Frenchman, whose career has spanned nearly five decades, picked up the (ISC)² Harold F. Tipton Lifetime Achievement Award. He was also a recipient of an (ISC)² CEO Award for his "deep dedication to helping grow (ISC)² across the EMEA region."

All award recipients will be highlighted during (ISC)²'s 2020 Security Congress that will take place virtually in November.

Categories: Cyber Risk News