Feed aggregator

Phone Hack Traumatizes Neighbours Actress

Info Security - Thu, 08/20/2020 - 17:32
Phone Hack Traumatizes Neighbours Actress

Australian actress Olympia Valance has fallen victim to a "traumatizing" phone hack that resulted in private images being shared without her consent.

Valance, famed for her appearances on Playing for Keeps and for her role as Paige Smith on TV soap opera Neighbours, issued a statement on Instagram confirming that her smart phone had been broken into.

The 27-year-old star, who is the younger sister of actress and singer Holly Valance, described the cybercrime as a "profound violation" that has had a long-lasting effect on her life.  

"I am writing this as confirmation that I know I have become a victim of cyber-crime,'' she posted on Instagram.

"I have been dealing with this for over a year now since my phone was compromised by a hacking of private images, which were then published online."

For Valance, the cybercrime has resulted in repeated re-victimization that she said has increased her anxiety. 

"I have since had to deal with this again recently, when new images were recirculated, retraumatizing me and pushing my anxiety into a space it has never been," said the actress.

Valance said that efforts by herself and her legal team to stop the spread of the images had not been successful. 

"Such offences involve leaking (in my case hacking) images without consent in order to humiliate, degrade, control and blackmail a person,'' she added.

"As a victim of this, I have had to fight to try and contain these images from reaching the broader public and for media not to publish stories using my name."

Valance said that people should be able to take intimate photographs without fear that someone will steal them and manipulate them for financial gain.

"Taking intimate photos for yourself, or to share with a partner is not a shameful thing to do. Stealing them and sharing them online without consent is," said Valance.

"We have to figure out a way to stand together and say it's hacking and destruction of illegally obtained images, not the taking of them that is shameful."

Valance emphasized that she had done nothing wrong and had nothing to apologize for. 

Categories: Cyber Risk News

US Cyber Command Gets New Operational Tools

Info Security - Thu, 08/20/2020 - 16:29
US Cyber Command Gets New Operational Tools

A new set of cyber-operational tools has been successfully integrated into US Cyber Command's virtual cyber-training platform, the Persistent Cyber Training Environment (PCTE).

Col. Tanya Trout, outgoing director of the Joint Cyber Training Enterprise, said that newly integrated operational tools will be used during missions.

Cyber Command’s warriors can log in to the PCTE from anywhere in the world to conduct individual or collective cyber-training and rehearse missions. The platform was launched in February, and the environment was used for the first time in June for Cyber Flag, Cyber Command’s premier annual tier 1 exercise.

In July, the platform joined an integration pilot program with the program offices of the Unified Platform system and the Joint Cyber Command and Control system.  

Speaking during a virtual industry day for PCTE on August 19, Trout said: “This integration allowed for execution of small team tactics while performing active hunt of advanced persistent threat within a post-compromised range environment."

She added that the integrated PCTE enabled teams "to train and rehearse using available Joint Cyber War-fighting Architecture (JCWA) that gives us really the ability to train as we fight."

Demand for the PCTE has increased significantly since the outbreak of COVID-19 made social distancing part of daily life. Trout said that from March to May 2020, the number of new PCTE accounts had doubled. 

Since its delivery to Cyber Command, the PCTE has participated in another pilot geared toward mission rehearsal. Trout told the virtual industry day audience that members of the Cyber National Mission Force had used the PCTE to expand their mission rehearsal scope, scale, and fidelity in a virtualized adversarial network, helping them to calculate future requirements.

The Cyber National Mission Force is one of Cyber Command’s elite units aligned against specific threat actors and charged with protecting the United States in cyberspace.

Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, told the industry day audience that the PCTE offers several advantages over the National Training Center. These advantages are that the virtual cyber-training environment has the ability to replicate an actual opponent and that its mission rehearsal capability allows users to input details of real prior operations and train against or upload malware discovered during operations.

Categories: Cyber Risk News

Poor Cybersecurity Behaviors Prevalent Amongst UK Remote Workers

Info Security - Thu, 08/20/2020 - 14:32
Poor Cybersecurity Behaviors Prevalent Amongst UK Remote Workers

Nearly a quarter (23%) of UK office workers rely on unauthorized devices to work from home, a new study by CybSafe has found.

The research revealed that poor personal cybersecurity practices are commonplace amongst workers operating outside of corporate environments, which is worrying as home working is expected to become far more prevalent following the COVID-19 crisis.

The survey of 600 UK workers also found that one in 10 (9%) share their work devices with other people in their household.

One in five (20%) said they do not keep collaboration and video conferencing software, such as Zoom, Webex and Microsoft teams up-to-date, while 23% do not ensure software on devices connected to their home WiFi network, including work computers, are updated.

These bad habits could be linked to a lack of adequate cybersecurity training for staff, according to the report, with 65% of workers revealing that they have not received any training on keeping data secure when working remotely in the last six months. Additionally, only 37% of workers had received a working from home cybersecurity policy from their employer by the start of lockdown.

Oz Alashe, CEO of CybSafe, commented: “We now live in a world of borderless organizations where increasing numbers of people work remotely. Many are mobile. The lines between personal and professional are increasingly blurred, and everyone is at greater risk.

“Some staff are making cybersecurity mistakes in their homes, and businesses will need to adjust their cybersecurity approaches accordingly. What may have worked in the past doesn’t necessarily work now. Cybersecurity policy as well as awareness and behavior change programs will all require updates based on today’s working conditions.”

Dr John Blythe, head of behavioral science at CybSafe, added: “While our latest research suggests that many UK businesses have been forthcoming with changes to cybersecurity strategy, these haven’t taken place on the scale that we would have hoped for.”

In June, a study by CyberArk found that employee work from home habits are putting businesses at greater risk of cyber-attack.

Categories: Cyber Risk News

US Reveals New North Korean BLINDINGCAN RAT

Info Security - Thu, 08/20/2020 - 11:10
US Reveals New North Korean BLINDINGCAN RAT

The US government is warning of a new remote access trojan (RAT) being used by North Korea’s notorious Lazarus Group.

The latest Department of Homeland Security (DHS) malware analysis report (MAR) is the product of an investigation between DHS body the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.

Named as “BLINDINGCAN,” the RAT was used by Lazarus (aka Hidden Cobra) earlier this year to target government contractors for intelligence on “key military and energy technologies,” according to the report.

“The malicious documents employed in this campaign used job postings from leading defense contractors as lures and installed a data gathering implant on a victim's system. This campaign utilized compromised infrastructure from multiple countries to host its command and control (C2) infrastructure and distribute implants to a victim's system,” it added.

“CISA and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber-activity.”

The report urged any users or admins that spot activity associated with the RAT to report it to CISA or the FBI’s CyWatch immediately and prioritize mitigation.

Among recommended best practices for organizations listed by CISA were up-to-date AV and operating systems, strong password policies, user web monitoring, access control lists, disabling file and printer services, improved phishing awareness and more.

North Korean state-sponsored hackers have become increasingly belligerent, prompting a flurry of alerts from US government agencies.

An April advisory warned organizations to be on the lookout for crypto-jacking, extortion campaigns, cyber-enabled financial theft and money-laundering scams.

Meanwhile, a US army report from last month claimed that many of Pyonyang’s elite Cyber Warfare Guidance Unit operatives are actually working from outside the hermit state in countries such as Belarus, China, India, Russia and Malaysia.

Categories: Cyber Risk News

Facebook Expands Policy to Take Down QAnon and US Militias

Info Security - Thu, 08/20/2020 - 10:10
Facebook Expands Policy to Take Down QAnon and US Militias

Facebook has removed or restricted over 10,000 Groups, Pages and accounts across the social network and Instagram linked to conspiracy theory outfit QAnon as part of a major new crackdown on it and US militias and anarchist groups.

The social media giant announced an expansion of its Dangerous Individuals and Organizations policy yesterday to cover those who have “demonstrated significant risks to public safety” but are not necessarily designated as a dangerous organization and banned outright.

“Under this policy expansion, we will impose restrictions to limit the spread of content from Facebook Pages, Groups and Instagram accounts. We will also remove Pages, Groups and Instagram accounts where we identify discussions of potential violence, including when they use veiled language and symbols particular to the movement to do so,” it continued.

“While we will allow people to post content that supports these movements and groups, so long as they do not otherwise violate our content policies, we will restrict their ability to organize on our platform.”

In Facebook’s armory are the options of: removing outright Pages, Groups and Instagram accounts linked to the movements, limiting recommendations to others, lowering their ranking in news feeds and search results, banning their Pages from running ads and preventing them selling products or raising funds in other ways.

“As a result of some of the actions we’ve already taken, we’ve removed over 790 groups, 100 Pages and 1500 ads tied to QAnon from Facebook, blocked over 300 hashtags across Facebook and Instagram, and additionally imposed restrictions on over 1950 Groups and 440 Pages on Facebook and over 10,000 accounts on Instagram,” Facebook said.

However, the new policy is not only intended to cover the right-wing conspiracy theory movement, but also “militia organizations and those encouraging riots, including some who may identify as Antifa.”

The social network said it has removed over 980 groups, 520 Pages and 160 ads from Facebook and restricted over 1400 hashtags related to these organizations.

As well as encouraging violence, these groups have also been accused of spreading misinformation. QAnon, for example, has been blamed for spreading lies about COVID-19 and famously purports that Donald Trump is secretly battling an underground faction of celebrities and Democrats that are members of a global pedophile ring.

Categories: Cyber Risk News

Businesses Opt to Outsource Cybersecurity Services

Info Security - Thu, 08/20/2020 - 09:20
Businesses Opt to Outsource Cybersecurity Services

More than 50% of UK businesses are opting to use outsourced partners for cybersecurity services.

According to research by Skurio, there is a lack of in-house expertise in the area of digital risk protection – the ability to monitor risks, threats and breaches outside the network. The research found 80% of respondents stated their teams lack skills and knowledge in this area.

Jeremy Hendy, CEO of Skurio, said: “We’re facing exceptional circumstances in terms of working practices and how we need to manage cyber-threats, and this is placing significant pressures on businesses of all sizes. We know that the luxury of in-house security teams, on call 24/7 to monitor for external threats, is simply out of reach for many organizations.”

He said that it is encouraging that organizations not only recognize the importance of protecting their customer data, but that there’s also an appetite for innovative and disruptive technologies to protect against new threats.

Commenting, Ed Williams, EMEA director of SpiderLabs at Trustwave, said he was not surprised by the 52% figure, as cybersecurity skills are highly specialized and can take a number of years to gain. 

“The adoption of the cloud is a key area of focus for organizations and they are increasingly looking for security-related expertise to aid that journey,” Williams said. “They understand that they can’t afford to get this wrong as getting it wrong could have serious consequences for them. When we also look more recently, the COVID-19 pandemic highlighted that when organizations need to act quickly, they also need to balance that with ensuring that decisions and actions have been done securely.

“For example, there have been recent instances when we looked at VPN configurations and discovered a number of critical issues that could have been catastrophic, fortunately, we were able to identify these issues and they were remediated quickly.”

Faiz Shuja, co-founder and CEO of SIRP, called outsourced partners “an absolute lifeline for overstretched teams” as while cost is a driving force, “organizations also rely on the range of services that partners provide to protect against advanced attacks, to a level they can’t always replicate in-house.”

The Skurio research also found that as organizations manage more digital channels and use more third-party suppliers, the threat vectors rise exponentially. “Understanding your digital risk – all those threats on the deep and dark parts of the web – is a great first step in protecting against them. Businesses are much better prepared to mitigate an attack if they see it coming,” Hendy added.

In an email to Infosecurity, Sam Roguine, director at Arcserve, said there are always organizational and procedural steps that businesses must follow to have a complete cyber-threat protection strategy, but the tools and solutions would be too costly to insource, therefore he understands why outsourcing is so popular.

Asked about the 80% statistic around teams lacking skills and knowledge in the area of digital risk protection, Roguine said IT and cloud transformation initiatives put most organizations into a “transitional” state with up to a dozen different IT infrastructures, including the locations of where workloads and data reside.

“This causes an exponential rise of complexity when using a traditional approach to business continuity, data protection and cybersecurity – and a proportional increase of required relevant skills and knowledge. IT and other teams just cannot keep up internally,” he said. “That is why one of the primary trends is to simplify, consolidate and outsource.

“For example, hyper-converged infrastructure (HCI) is a way to combine all the pieces of a data center into one instead of planning – and making mistakes with – multiple components. Similarly to HCI, appliances and purpose-built devices combine preconfigured hardware and software, creating a shortcut from no solution to full implementation without a myriad of details. Also, cloud services (IaaS, SaaS, BaaS) provide a way to focus on business tasks, while letting the service provider handle the backend. All of these make IT more effective and allow teams to close skill and knowledge gaps, including business continuity, risk management, cybersecurity and data protection.”

Categories: Cyber Risk News

Experian Data Breach Hits 24 Million Customers

Info Security - Thu, 08/20/2020 - 08:30
Experian Data Breach Hits 24 Million Customers

Experian has suffered a major breach of customers’ personal information, affecting an estimated 24 million South Africans and nearly 800,000 businesses.

The credit reporting agency revealed in a statement yesterday that an individual fraudulently claimed to represent one of its client and then requested “services” from the firm, prompting the release of the data.

Experian sought to play down the seriousness of the incident by claiming that this information “is provided in the ordinary course of business or which is publicly available.” It did not clarify exactly what customer records were taken, but said that the trove did not contain consumer credit or financial information.

Experian was also tight-lipped on the number of customers affected, although one of the authorities it has engaged with following the incident, non-profit the South African Banking Risk Information Center (SABRIC), claimed 24 million consumers and 793,749 business entities were involved.

It explained that domestic banks have been working behind the scenes to identify how their customers may have been impacted.

“The compromise of personal information can create opportunities for criminals to impersonate you but does not guarantee access to your banking profile or accounts,” said SABRIC CEO, Nischal Mewalall. “However, criminals can use this information to trick you into disclosing your confidential banking details.”

SABRIC urged affected Experian customers not to reveal any additional personal information if they receive unsolicited contact online or by phone, and to change their passwords regularly.

Experian claimed that the individual involved in the incident has already had their “hardware” confiscated and the stolen data has been secured and deleted.

“Our investigations do not indicate that any misappropriated data has been used for fraudulent purposes,” it added. “Our investigations also show that the suspect had intended to use the data to create marketing leads to offer insurance and credit-related services.”

It confirmed that its own IT infrastructure had not been compromised.

This isn’t the first major data breach to hit the credit reporting giant. Back in 2015, 15 million North American customers and applicants had their personal data, including Social Security numbers and ID details, stolen.

Categories: Cyber Risk News

Chrome to Warn Users Completing Suspicious Forms

Info Security - Wed, 08/19/2020 - 17:46
Chrome to Warn Users Completing Suspicious Forms

Users of Google's cross-platform web browser Chrome are to be shown a warning when they start to complete a form that may not be secure. 

Beginning in M86, Chrome will warn users when they try to complete forms on secure (HTTPS) pages that are submitted insecurely. These forms, which are described on the Chromium Blog as “mixed forms,” have been deemed by Google to be unsafe.

post published on the blog on Monday reads: "These 'mixed forms' (forms on HTTPS sites that do not submit on HTTPS) are a risk to users’ security and privacy.

"Information submitted on these forms can be visible to eavesdroppers, allowing malicious parties to read or change sensitive form data."

In an effort to protect users from inadvertently sharing details with malicious actors, Chrome will be disabling the autofill facility on mixed forms. 

However, the change will not affect the autofill process used by Chrome's password manager.

"On mixed forms with login and password prompts, Chrome’s password manager will continue to work," the blog states. "Chrome’s password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely than to reuse passwords."

From M86, when a user begins filling out a mixed form, they will be shown warning text alerting them that the form is not secure. The text will read: "This form is not secure. Autofill has been turned off."

If a user ignores the warning and tries to submit a mixed form, they will see a full-page alert highlighting the potential risk and asking them to confirm if they’d like to go ahead with the submission.

Explaining why Chrome is making these changes, Chrome Security Team's Shweta Panditrao wrote: "Before M86, mixed forms were only marked by removing the lock icon from the address bar. We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms."

Tim Wade, technical director, CTO Team at Vectra, commented: “By creating simple, straightforward warnings that users understand demystifies security for the end user, which makes the web a much safer place.”

Categories: Cyber Risk News

Majority of ICS Vulnerabilities Can Be Exploited Remotely

Info Security - Wed, 08/19/2020 - 17:11
Majority of ICS Vulnerabilities Can Be Exploited Remotely

New research has found that more than 70% of industrial control system (ICS) vulnerabilities disclosed in the first half of 2020 can be exploited remotely.

The discovery was unveiled in the inaugural "Biannual ICS Risk & Vulnerability Report," released today by Claroty, a global leader in operational technology (OT) security.

The report details the assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting a total of 53 vendors. 

Claroty's research team found that ICS vulnerabilities published by the NVD in 2020 increased by 10.3% from the 331 published last year. 

The number of ICS-CERT advisories published over the same period had increased much more significantly, with 32.4% more in 2020 than the 105 published in 2019. 

Alarmingly, more than 75% of vulnerabilities published in the first half of 2020 were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

“There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” said Amir Preminger, vice president of research at Claroty. 

“Our findings show how important it is for organizations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimize and mitigate the potential impacts of these threats.”

Researchers found that more than 70% of the vulnerabilities published by the NVD can be exploited remotely, illustrating the rarity of fully air-gapped ICS networks that are isolated from cyber-threats. 

The most common potential impact was remote code execution (RCE), found to be possible with 49% of vulnerabilities. This was followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%).

Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water and wastewater had 171.

Categories: Cyber Risk News

New Vulnerability Threatens IoT Devices

Info Security - Wed, 08/19/2020 - 16:52
New Vulnerability Threatens IoT Devices

A team of IBM hackers has discovered a vulnerability in a component used in millions of Internet of Things (IoT) devices. 

The flaw in Thales' (formerly Gemalto) Cinterion EHS8 M2M module was uncovered by IBM's X-Force Red team. 

After further testing, Thales confirmed that the newly detected vulnerability also affected nine other modules within the same product line of the EHS8, including the BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, and PLS62.

The modules found to carry the weakness are mini circuit boards that enable mobile communication in IoT devices. These modules run and store Java code that frequently includes sensitive data like encryption keys and passwords. 

If a malicious actor managed to steal such information from the modules, they could potentially get control over a device or gain access to the central control network to conduct widespread attacks.

Thales is one of the leading manufacturers of components that enable smart devices to connect to the internet, verify identities, and securely store information. The company's vast portfolio connects over 3 billion devices per year ranging from cars to medical monitoring devices.

Explaining how such an attack could work on a medical device, a spokesperson for X-Force Red said: "Cybercriminals could manipulate readings from monitoring devices to cover up concerning vital signs or create false panic. In a device that delivers treatment based on its inputs, such as a pacemaker or insulin pump, they could also over or underdose patients."

If attackers used the flaw to target energy and utilities devices such as smart energy meters, the consequences could potentially be just as dire.

The spokesperson said: "Attackers could hack smart meters to deliver falsified readings that increase or reduce a monthly bill. With access to a large group of these devices through a control network, a malicious actor could also shut down meters for an entire city causing wide-reaching blackouts that require individual, in-person repair visits, or even worse, damage to the grid itself." 

The vulnerability was discovered by X-Force Red in September 2019 and discussed by the team at their virtual Red Con 2020 event earlier today. 

In February 2020, Thales released patch CVE-2020-15858 to customers. 

Categories: Cyber Risk News

SpyCloud Raises $30m in Funding to Tackle Surge in Online Fraud During #COVID19

Info Security - Wed, 08/19/2020 - 14:45
SpyCloud Raises $30m in Funding to Tackle Surge in Online Fraud During #COVID19

Cybersecurity firm SpyCloud has raised $30m from a Series C round of funding as it looks to further develop its fraud detection and prevention capabilities.

The new investment was led by Centana Growth Partners and included contributions from M12 (Microsoft’s venture fund), Altos Ventures, Silverton Partners and March Capital Partners.

The announcement follows a surge in online scams during the COVID-19 crisis, with cyber-criminals exploiting the increasing reliance on internet services during the lockdown. SpyCloud revealed that in the early days of the pandemic, it uncovered 139,000 new web domains related to the virus. There have also been multiple new scams carried out by fraudsters, including posing as government agencies to launch phishing attacks and undertaking credential stuffing attacks on food delivery apps.

The security company therefore wants to expand its product and engineering teams and create new technologies to protect against these kinds of activities.

“Criminals work together to steal information and find creative ways to monetize it. As a result, even the most careful and sophisticated organizations are vulnerable,” explained Ted Ross, SpyCloud CEO and co-founder. “SpyCloud will continue to pursue new and innovative ways to stay ahead of criminals and provide solutions that make the internet a safer place for individuals and businesses.”

SpyCloud added that the takeover of business accounts to commit fraud via stolen employee and customer credentials is one of the most common methods used by cyber-criminals, and this threat has grown as a result of the rise in home working during the pandemic.

Eric Byunn, partner at Centana Growth Partners who has joined SpyCloud’s board, commented: “With so many people now working from home and multiple family members sharing devices with a mix of personal and professional applications, attack surfaces have increased significantly. Criminals are certainly taking full advantage of these new opportunities to exploit your employees and their family members. SpyCloud is dedicated to protecting everyone from attacks and preventing them before they happen.”

Categories: Cyber Risk News

Data Firm Exposes 235 Million Social Media Profiles

Info Security - Wed, 08/19/2020 - 13:01
Data Firm Exposes 235 Million Social Media Profiles

A social media data broker has exposed the public-facing profiles of 235 million users via a misconfigured online database, according to researchers.

Comparitech teamed up with Bob Diachenko to uncover three identical copies of the data on August 1, left online with no password or other authentication required to access it.

In total, 192 million profiles were scraped from Instagram, 42 million from TikTok and four million from YouTube.

Each record contained some of the following: profile name, real name, profile pic, account description, age, gender and more.

Around a fifth of profiles also contained either a phone number or email address, according to Comparitech.

Although the personal information contained in this trove was all publicly available, social media companies like Facebook have threatened legal action in the past against automated data scraping firms that subsequently sell their collections to marketers.

Comparitech said that although access to the exposed database was shut down three hours after its first disclosure, it’s unclear how long the information was left online without a password.

The firm warned that, if discovered, the trove could have been used by spammers or to make follow-on phishing attacks more convincing.

The data itself was traced back to Social Data, a firm that apparently sells data on social media influencers to marketers. It was at pains to point out that the exposed information was taken from publicly available profiles, even though their consolidation into a single database makes it a more attractive prospect for cyber-criminals.

Comparitech also claimed that “evidence” suggests a connection between the data and a now-defunct company known as Deep Social which was removed from Facebook and Instagram marketing APIs in 2018 and threatened with legal action.

Social Data reportedly denied any connection between the two companies, although some of the original datasets were labelled as follows: “accounts-deepsocial-90” and “accounts-deepsocial-91.”

Categories: Cyber Risk News

Police and Industry Take Down $42m “Bulletproof Exchange”

Info Security - Wed, 08/19/2020 - 09:35
Police and Industry Take Down $42m “Bulletproof Exchange”

Bitcoin exchange Binance has revealed how it joined forces with Ukrainian police to take down a cybercrime gang thought to be responsible for laundering $42m in cryptocurrencies.

First announced by the Cyberpolice of Ukraine back in June, the raid led to the arrest of three residents from the Poltava region. They have been accused of laundering the funds via 20 online cryptocurrency exchanges over the 2018-19 period.

More than $200,000 worth of computer equipment, weapons, ammunition and cash were seized during the swoop.

In a blog post published on Tuesday, Binance explained that the police operation was the product of a first-ever collaboration with its Binance Sentry security team and Security Data Science analytics arm.

The “Bulletproof Exchanger” project began in early 2020.

“One of the Security Data Science team’s tasks is to identify transactions between Binance and high-risk entities, including what we refer to as ‘bulletproof exchangers.’ These cryptocurrency platforms often serve as the cash-out points for cryptocurrency operations connected to financial crimes and other fraud,” it explained.

“Similar to bulletproof hosting services, which are web hosting providers with more lenient rules regarding what can be hosted on their servers, bulletproof exchangers are well-known for their lenient know-your-customer (KYC) and anti-money laundering (AML) policies.”

In conjunction with Blockchain analytics firm TRM Labs, Binance looked for entities handling large transaction volumes linked to high-risk categories like ransomware attacks, exchange hacks and darknet-related activities.

Its big data analysis provided police with crucial evidence for its investigation, which remains ongoing.

“As the digital currency market has a large number of financial transactions with money obtained from hacker attacks on international companies, the spread of malware, theft of funds from the bank accounts of foreign companies and individuals, the Department of Cyberpolice with Binance and its methodological assistance, promotes more prompt detection of those involved in such offenses,” said police chief Oleksandr Hrynchak.

Categories: Cyber Risk News

Marriott Hit by Another Class Action Lawsuit After Breach

Info Security - Wed, 08/19/2020 - 09:00
Marriott Hit by Another Class Action Lawsuit After Breach

Marriott International is set for another courtroom showdown with victims of a major data breach announced in 2018, affecting 339 million global customers.

Tech journalist Martin Bryant, 41, has reportedly filed a collective action lawsuit on behalf of the estimated seven million former guests of the hotel giant from England and Wales whose personal data was compromised.

Represented by law firm Hausfeld, Bryant is claiming damages for loss of control of personal data, under the UK’s Data Protection Act 1998 and the EU General Data Protection Regulation, according to the Financial Times.

“Personal data is increasingly critical as we live more of our lives online but, as consumers, we don’t always realize the risks we are exposed to when our data is compromised through no fault of our own,” he told the paper.

The suit comes on the back of other legal action in the US and Canada.

It comes after UK data protection regulator the Information Commissioner’s Office (ICO) has come in for criticism after delaying its final decision on the size of the fine to be levied.

The ICO originally issued a notice of intent in July 2019 to fine Marriott £99m for security failings that led to the incident. However, the company has since made representations to the regulator in an attempt to dial down the fine.

Originally extended to May 2020, the final decision from the ICO is now likely in September.

However, the latest legal action proves that regulatory fines are only one small part of the total costs of a data breach that victim organizations can expect to pay.

“As well as being subject to GDPR and the legal, financial and reputational implications that come with it, organizations have a duty of care to their customers,” argued Stuart Reed, UK director of Orange Cyberdefense.

“Preventative measures are simply not sufficient. There must also be ongoing monitoring of key systems and robust response procedures in place to minimize the impact should the worst happen and a breach occur.”

Categories: Cyber Risk News

Former CIA Officer Charged with Espionage

Info Security - Tue, 08/18/2020 - 19:18
Former CIA Officer Charged with Espionage

A Hawaii resident who worked for the Central Intelligence Agency in the 1980s has been charged with espionage.

Alexander Yuk Ching Ma was arrested on August 14 for allegedly passing classified information to intelligence officials of the People's Republic of China (PRC) over a ten-year period in exchange for money and expensive gifts.

The 67-year-old is accused of conspiring with a relative of his who was also previously employed as a CIA officer to communicate information up to the Top Secret level. 

Ma was born in Hong Kong but became a naturalized US citizen. While working for the CIA from 1982 to 1989, Ma held a Top Secret clearance and signed numerous non-disclosure agreements in which he acknowledged his responsibility and ongoing duty to protect US government secrets.

After leaving the CIA, Ma lived and worked in Shanghai, China, before moving to Hawaii in 2001.

Court documents allege that Ma and his co-conspirator's involvement with PRC spies began in March 2001 with three days of meetings in Hong Kong. During these meetings, the two former CIA officers allegedly sold information to the foreign intelligence service about the CIA’s personnel, operations, and methods of concealing communications.  

Part of the meeting was captured on videotape, including a portion where Ma can be seen receiving $50,000 in cash from the PRC intelligence officials.

It is further alleged that after Ma moved to Hawaii, he sought employment with the FBI in order to once again gain access to classified United States government information that he could sell on to his PRC handlers. 

Ma was hired as a contract linguist in 2004 by the FBI’s Honolulu Field Office. It is alleged that for the next six years, Ma used his position to regularly copy, photograph, and steal secret documents.  

It is further alleged that Ma gave some of these documents to his handlers during his frequent trips to China from which he would often return with thousands of dollars in cash and expensive gifts.

Ma is charged with conspiracy to communicate national defense information to aid a foreign government and faces a maximum penalty of life imprisonment if convicted.

Categories: Cyber Risk News

Fortinet Partners with IBM for New Training Program

Info Security - Tue, 08/18/2020 - 18:44
Fortinet Partners with IBM for New Training Program

Fortinet and IBM have joined forces to provide a new training program that aims to bridge the skills gap in the cybersecurity industry.

In an announcement made earlier today, Fortinet said that it would be integrating its Network Security Expert training and certification curriculum with IBM’s SkillsBuild, a digital platform for users to develop technology and professional skills, including cybersecurity. 

SkillsBuild will now include cybersecurity curriculum from Fortinet’s NSE Training Institute for jobseekers looking for a career in security.

“Some of the toughest challenges businesses are facing today need skills that don’t require a traditional degree, such as cybersecurity experts, which is why there is a critical need to make sure everyone, from job seekers to professionals transitioning to new careers, are gaining meaningful skills that align to industry needs," said Lisa Neddam, SkillsBuild program leader, IBM Corporate Social Responsibility. 

"That’s why, regardless of background, education or life experience, SkillsBuild will equip learners with the professional skills and mentorship they need to be more employable and navigate jobs in the new digital economy.”

Under the SkillsBuild program, learners can earn badges of achievement that can be shown to prospective employers as evidence of their expertise. The badges can act as building blocks toward a professional certification. 

The two companies said that they are focused on creating new cybersecurity career pathways by training traditionally untapped forests of candidates and connecting learners to employers. 

Through their collaboration, the companies hope to attract those with long-term unemployment, refugees, asylum seekers, veterans, military spouses, migrants, career changers, young adults without traditional degrees, and students to train for careers in the cybersecurity industry. 

“To further address the cyber skills shortage, we’re excited to partner with IBM to integrate Fortinet’s Network Security Expert training and certification curriculum with IBM’s SkillsBuild digital platform," said Sandra Wheatley, SVP, customer marketing, threat intelligence, and influencer communications at Fortinet.

"As both a technology company and learning organization, Fortinet will work with IBM to make it easier for anyone to start a career in cybersecurity regardless of their background, previous access to education, or life experience.” 

Categories: Cyber Risk News

US Jails Sextortionist for 35 Years

Info Security - Tue, 08/18/2020 - 16:26
US Jails Sextortionist for 35 Years

A 21-year-old convicted sex offender from Minnesota who used social media and chat platforms to sextort more than 40 underage girls has been jailed for 35 years.

Dylan Matthew Deling, who grew up in Fairmont, was previously convicted in Nicollet County in March 2018 of possessing child sexual abuse images. He was 19 years old 

An investigation was launched into his activities when a Dropbox employee discovered an account containing sexually explicit images of children as young as 2 years old and reported it to the police. Law enforcement officers were able to trace the account back to Deling.

On February 22, 2019, Deling was indicted on new charges of extortion and child sexual abuse image possession. According to the indictment, on May 14, 2018, Deling persuaded, induced, and coerced a minor victim to engage in sexually explicit conduct so he could video it. 

“As the cyber-threat landscape continues to evolve, sextortion crimes are becoming more prevalent through the use of social media platforms and messaging apps,” said US Attorney Erica MacDonald, speaking at the time of Deling's 2019 indictment. 

“These types of cases cause very real harm and can have a devastating impact, especially on young victims. Teachers, parents, and students alike need to be aware of this issue, know how to defend against online predators, and be vigilant in reporting these crimes.”

On July 18, 2019, Deling pleaded guilty to producing child sexual abuse images and extortion between October 2017 and August 2, 2018. 

Deling confessed to using social media and chat platforms, including Snapchat, Facebook, Instagram, Kik, and Skype, as well as text messages to extort sexually explicit images from more than 40 minor girls aged between 11 and 17. 

Victims were threatened with rape and told violence would be wreaked upon them and their loved ones if they did not comply with Deling's demands. 

To underscore his threats, Deling sent screenshots of maps of the girls’ residences, family members’ contact information, and other identifying information to the girls, as well as posted the information online.

Yesterday, Deling was sentenced to 420 months in prison and 30 years of supervised release.

Categories: Cyber Risk News

61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud

Info Security - Tue, 08/18/2020 - 15:00
61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud

The majority of airline companies are potentially leaving their customers vulnerable to email fraud, such as phishing, according to a new analysis by Proofpoint.

It found that 61% of member airlines belonging to the International Air Transport Association (IATA) do not have a published Domain-based Message Authentication, Reporting & Conformance (DMARC) record, increasing the risk of having their identity spoofed and of customers being targeted by email fraud. IATA member airlines make up 82% of total air traffic.

In addition, 93% of global airlines included in the study have not implemented the recommended level of DMARC protection, known as Reject. This blocks fraudulent emails from reaching their intended target.

DMARC is an email validation protocol that verifies that the domain of the sender has not been impersonated.

Adoption rates were found to vary significantly between regions, with 85% of airlines in China and North Asia having no published DMARC policy, followed by Asia Pacific (70%), Europe and Middle East and Africa (both 57%) and The Americas (43%).

Adenike Cosgrove, cybersecurity strategist, international at Proofpoint, commented: “The COVID-19 pandemic saw international travel halted and while many regions are still unable to travel, a number of countries worldwide are slowly ungrounding their airlines.

“While the travel sector has always been a rife target for cyber-criminals, the pandemic has offered new grounds for the targeting of travellers globally. Whether booking new flights, or seeking information on flight cancellations, one thing remains the same: many people worldwide are eagerly awaiting communication from airlines.

“Worryingly, at a time when opportunistic cyber-criminals may look to take advantage of such global uncertainty, the majority of international airlines are leaving their customers exposed to email fraud.”

In June, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) called for greater DMARC support and adoption to prevent rampant phishing, which has been emboldened and bolstered by the global pandemic.

Categories: Cyber Risk News

HMRC Investigating Over 10,000 COVID-Related Phishing Scams

Info Security - Tue, 08/18/2020 - 14:10
HMRC Investigating Over 10,000 COVID-Related Phishing Scams

More than 10,000 email, SMS, social media and phone scams exploiting the COVID-19 pandemic are being investigated by Her Majesty’s Revenue and Customs (HMRC) in the UK.

The official figures, published following a Freedom of Information (FOI) request by the Lanop Accountancy Group, highlight how the health and economic crisis has provided major scamming opportunities for cyber-criminals.

The data showed that May was the month in which the highest number of phishing scams were reported by members of the public to HMRC, at 5152, representing a 337% rise compared to March when lockdown measures were first introduced in the UK. This was followed by 2558 reports in June, and 2105 in April. The total since March comes to 10,428.

Government programs introduced to support businesses and workers impacted by the lockdown have been a common target for scammers. Examples include an email purporting to be from HMRC regarding the government’s Coronavirus Job Retention Scheme, which attempted to get business owners to reveal their bank account information, while another offered a bogus tax rebate under the guise of the Self-Employment Income Support Scheme.

The FOI also showed that 106 COVID-related websites have been requested for removal since March, with April the highest month at 42, followed by 24 in May and 17 in March. In May, it was revealed that HMRC formally asked internet service providers (ISPs) to remove 292 scam web addresses exploiting the coronavirus outbreak.

Chris Ross, SVP international at Barracuda Networks, commented: “With HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hackers have chosen to exploit the crisis in an effort to cash-in on COVID-19. These scams are often cleverly designed with official branding and are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords."

Stav Pischits, CEO of Cynance, added: “Tackling this problem requires companies to recognize that these scams are not going to go away anytime soon. It’s also key to recognize that hackers have no limits and will target everyone from the CEO to the newly hired graduate in an effort to capture their objectives.

“That’s why all businesses need dedicated security and data protection policies and procedures, addressing network security, staff training and more, not only to ensure that they are compliant with data protection regulations, such as the GDPR, but also to improve their actual protection against phishing attacks and other online threats.”

Last month, research revealed that over 10% of all phishing attempts in Q1 of 2020 were related to COVID-19.

Categories: Cyber Risk News

Huawei Phones Unlikely to Receive Security Updates as Trade Ban Begins

Info Security - Tue, 08/18/2020 - 13:30
Huawei Phones Unlikely to Receive Security Updates as Trade Ban Begins

Some Huawei phones are set to stop receiving software updates after a US reprieve, which allowed some trade with Huawei, lapsed last week.

According to the Washington Post, the reprieve expired last Thursday, and provided some exceptions to a trade ban which the Trump administration imposed last year on Huawei.

The ban generally prohibited US companies from exporting technology to Huawei, but the reprieve allowed US software providers to continue sending updates and patches to Huawei, so it could provide them to customers using Huawei phones or Huawei wireless network equipment.

In a support update published in February, Google said the ban “prohibits all US companies, including Google, from collaborating with Huawei.

“We have continued to work with Huawei, in compliance with government regulations, to provide security updates and updates to Google’s apps and services on existing devices, and we will continue to do so as long as it is permitted,” Google said earlier this year.

The Commerce Department confirmed that the license has expired, telling the Washington Post that the license had provided “an opportunity for users of Huawei devices and telecommunications providers to continue to temporarily operate such devices and existing networks while hastening the transition to alternative suppliers.”

Brian Higgins, security specialist at Comparitech.com. told Infosecurity that, in this case, Huawei has been caught in the political crossfire and it looks like whilst support remains available, it can no longer be installed. “The best, and quite possibly only, advice for Huawei customers is to take the hit and upgrade to a post-May 2019 device as soon as possible,” he said. “At least they run on proprietary Huawei software and you can update them whenever you’re prompted. Just don’t ever decide to update later.”

Niamh Muldoon, senior director of trust and security at OneLogin, said: “The Huawei saga keeps being pushed around the political playing field, but this eventuality is likely to have an impact on the individual Huawei user. Failure to update to the latest version of a mobile device’s software is one of the main in-roads for cyber-criminals looking to compromise a device, or to compromise the accounts hosted on the device, such as banking, messaging or social media applications.

“If a vulnerability is patched in a software update, and a user installs said update, they are protected from it. However, if this option is taken away from people, it leaves them with no option but to continue using an outdated software model which may leave them vulnerable to compromise. While the concerns around Huawei are politically complex and not appropriate for simple answers, for them to be potentially affecting the end user in this method is unacceptable.”

Also in a statement published on Monday, the Bureau of Industry and Security in the Department of Commerce added 38 Huawei affiliates to the entity list, which imposes a license requirement for all items subject to the Export Administration Regulations. It also imposed license requirements on any transaction involving items subject to Commerce export control jurisdiction where a party on the entity list is involved, such as when Huawei (or other list entities) acts as a purchaser, intermediate or end user.

“These actions, effective immediately, prevent Huawei’s attempts to circumvent US export controls to obtain electronic components developed or produced using US technology,” the statement said.

Categories: Cyber Risk News