Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for November 2016

Tokyo Denies Major Military Cyber Attack

Tokyo Denies Major Military Cyber Attack

Japan’s Defense Ministry has denied reports that it was targeted by a sophisticated state-backed cyber-attack which may have compromised an internal military network.

An unnamed public affairs official at the ministry told Bloomberg on Monday that it's forced to deflect cyber-attacks every day, but that the new report isn’t accurate.

The highly regarded Kyodo News had claimed that a possibly state-backed intruder managed to gain an initial foothold by infiltrating computers at the National Defense Academy and the National Defense Medical College back in September.

They were then able to penetrate the Defense Information Infrastructure network, which links Self Defense Force (SDF) facilities.

Even worse, the report claims that the attackers were able to take advantage of a security loophole to pivot from the internet-connected part of the network to a nominally separate intranet.

The unnamed sources told the newswire that the incident forced the ministry and SDF to issue an internet ban while they investigated.

The Defense Ministry’s denial carries less weight given that it refuses to comment on such attacks anyway as it could compromise security further.

Mike Ahmadi, global director of Critical Security Systems at Synopsys, claimed government agencies are ironically among the most exposed on the global stage.

“Despite expending resources on cybersecurity, governments are generally unaware of the staggering number of vulnerabilities found in the software running on both modern and legacy systems, and any attempt to force software providers to be held accountable at any level is met with strong resistance by a software industry that has long been accustomed to EULA [end user license agreement]-based exemptions,” he argued.

“Additionally, the lack of metrics to empirically determine the distribution of resources throughout cybersecurity practice areas leaves most agencies guessing when it comes to determining both needs and effectiveness of their activities in managing security."

Source: Information Security Magazine

100,000+ Sign Petition to Repeal Investigatory Powers Bill

100,000+ Sign Petition to Repeal Investigatory Powers Bill

With the House of Lords recently passing the controversial Investigatory Powers Bill (or ‘Snoopers' Charter’) the legislation, which is currently just awaiting royal assent, looks set to become law in the UK in the very near future.

However, this has not stopped 122,000+ people (at the time of writing) signing a parliament UK petition opposing the Bill, which will allow UK intelligence agencies and police unprecedented levels of power regarding the surveillance of UK citizens.

With the Bill, the ‘powers that be’ will be able to hack, read and store any information from any citizen's computer or phone, without even the requirement of proof that the citizen is up to no good. In essence, whether you’re a law-abiding citizen or not, intelligence agencies and the police will be entitled free reign to your files.

Jim Killock, executive director of the Open Rights Group, said:

“The IP Bill was debated and passed while the public, media and politicians were preoccupied by Brexit. Now that the Bill has passed, there is renewed concern about the extent of the powers that will be given to the police and security agencies."

In particular, Killock added, people appear to be worried about new powers that mean our web browsing activity can be collected by Internet Service Providers and viewed by the police and a whole range of government departments.

However, UK parliament considers all petitions that get more than 100,000 signatures for a debate, so they will have to at least respond to this petition or will surely run the risk of facing a backlash from campaigners.

"Parliament may choose to ignore calls for a debate but this could undermine public confidence in these intrusive powers,” said Killock.

"A debate would also be an opportunity for MPs to discuss the implications of various court actions, which are likely to mean that the law will have to be amended.”

Source: Information Security Magazine

Met’s Siloed IT Systems Putting Children at Risk – Report

Met’s Siloed IT Systems Putting Children at Risk – Report

Poorly designed IT systems are contributing to serious failings by police in child exploitation cases, according to Her Majesty's Inspectorate of Constabularies (HMIC).

The inspectorate’s latest report highlighted problems with the Met’s crime recording information system (CRIS).

It’s intended to provide a handy repository of information for officers on children in London at risk of child sexual exploitation (CSE).

However, police told the inspectors that this information was “not easy to locate” on the system

The report added:

“It is also a complicated system: for instance, the CSE guidance for officers gives them a choice of 12 different flags to use. Furthermore, staff told us that the responsibility for adding flags rests with individual officers, and is neither universally adhered to nor universally understood.”

These problems surrounding the flagging and retrieval of CSE information could contribute to cases being tackled in isolation, leading to intelligence gaps, HMIC warned.

It added:

“The lack of connection between the MPS IT systems, databases and spreadsheets used to record such analyses exacerbates this problem. As a result, much of the information on victims, offenders and risk is kept in isolated pockets across the force. This contrasts sharply with the free movement of people (both victims and offenders) around the capital.”

One example of the Met’s shockingly ineffective and siloed information systems involved key information on a 13-year-old girl at risk of CSE.

Despite receiving a report that the child was at home “alone and unsafe” in a house with three men, the info sat in a Met police inbox for 14 hours before it was acted upon, HMIC claimed.

“At the time of the case audit, the MPS had not formally interviewed the three men she was with while she was missing, which meant that potentially they still posed a risk,” the report added.

It concluded that staff should also be made aware of the importance of conflating all available info from police systems, especially when investigating CSE cases.

Source: Information Security Magazine

San Francisco ‘Muni’ Rocked by Ransomware Attack

San Francisco ‘Muni’ Rocked by Ransomware Attack

There was chaos on the San Francisco public train network this weekend as passengers traveled for free after a major ransomware attack took computer systems offline.

Photos taken in some of the stations show screens belonging to employees of San Francisco's Municipal Railway (Muni) displaying the following message:

“You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681.”

Ticket machines were out of service and barriers raised to allow passengers to travel free of charge following the attack on Friday, which is said to have taken out thousands of endpoint terminals and servers.

The hackers were apparently demanding 100 Bitcoins ($73,100) in return for the decryption key.

Jon Geater, Thales e-Security CTO, argued that robust cybersecurity techniques and trust management are essential to face down crises like this one.

“Cyber-security is not and cannot be a choice between ‘black and white’ or on and off – it’s about making an economic decision. This breach didn't directly take the barriers offline: the operator chose to turn them off and forego revenue, or catching fare cheats, in favor of protecting the wider system and possible further data losses,” he explained.

“Customers are likely to recognize this commitment and favor a company actively taking steps to protect its wider data eco-system.”

The past 12 months have been a busy time for ransomware writers.

The most recent stats from Check Point claim that volumes of the malware soared 13% from August to September, but worryingly, some AV tools are not doing their job.

Endpoint security firm Barkly claimed recently that 100% of organizations it spoke to who’d been hit by a successful ransomware attack in the past 12 months were running some kind of anti-virus software.

More concerning still is the fact that 43% of those firms didn't invest in any additional solutions following their ransomware infection. 

Source: Information Security Magazine

DMARC Helps HMRC Block 300 Million Phishing Emails

DMARC Helps HMRC Block 300 Million Phishing Emails

UK taxpayers were hit by half a billion phishing emails last year, but HMRC is claiming to have made huge strides in protecting them of late by turning on DMARC.

As Infosecurity reported in September, the Cabinet Office’s Government Digital Service (GDS) recently mandated that the strongest DMARC policy (“p=reject”) be the default for email services from 1 October.

The Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol helps protect against phishing and spam by authenticating incoming mail.

By using it, HMRC has so far this year blocked a whopping 300 million phishing emails, explained head of cybersecurity, Ed Tucker.

“It allows us and email service providers to identify fraudulent emails purporting to be from genuine HMRC domains and prevent their delivery to customers. We have just implemented DMARC fully on @HMRC.gov.uk, by far the most abused HMRC domain by cyber-criminals,” he added.

HMRC’s Customer Protection Team has also been hard at work this year, responding to over 300,000 phishing ‘referrals’ from taxpayers, and taking down over 14,000 phishing sites.

The tax office is hoping to act as a high-profile proponent for the protocol, encouraging wider take-up of the security system.

“By proving DMARC works we hope to encourage implementation by other organizations across the UK, and indeed globally. It is only through the wholesale take-up of DMARC that we can truly protect all of our customers from the scourge of phishing emails,” argued Tucker.

“The National Cyber Security Centre is heavily pushing DMARC adoption across the UK and my team are proud to have put HMRC at the forefront of that movement.”

Also in September, the Cabinet Office mandated the use of HSTS and HTTPS for all government sites, in a bid to help protect against Man in the Middle and other attacks.

However, there’s still much work to do inside government to improve cybersecurity.

Also in September, the National Audit Office (NAO) slammed Whitehall’s “chaotic” approach, arguing that there are too many bodies with overlapping security responsibilities, which makes it difficult to know where to go for advice.

Source: Information Security Magazine

Facebook Developed Censorship Software for China: Report

Facebook Developed Censorship Software for China: Report

Facebook has developed software capable of suppressing certain posts in China in an effort to get its ban in the country lifted, according to reports.

The New York Times says that Facebook developed the censorship tool to stop posts from appearing in people’s news feeds within certain geographical regions. The report says that Facebook hopes the software will help it to operate in China once again; the social network was blocked in the country in 2009, just one year after launching there.

As Bloomberg points out, Facebook faces a battle to succeed in China. It had only a few hundred thousand users at the point it was blocked, and since then a number of rivals have emerged to rule social media in China. These include Tencent QQ, WeChat, and Sina Weibo.

This latest development would enable third-parties, rather than Facebook itself, to decide which posts are promoted on users’ news feeds. It would give these third-parties the power to monitor what was being read and shared on the site and make a decision whether to censor content from there.

It is worth noting that, according to the report, the software hasn’t been offered to China. It is still in the experimental stage and may never actually be released. In a statement Facebook said: “We have long said that we are interested in China, and are spending time understanding and learning more about the country.”

No decision on Facebook’s future approach to China has been made, the statement added.

Facebook’s most recent Government Requests Report revealed that the site is no stranger to blocking content. However, this is generally only if it’s served with a court order.

In the United Kingdom, for example, Facebook said it “restricted access to 97 items in compliance with legal requests from the Gambling Commission.” In Russia, meanwhile, 56 items on content were blocked due to “allegedly violating the integrity of the Russian Federation and local law which forbids activities such as mass public riots and the promotion and sale of drugs.”

Facebook has come under fire recently for the proliferation of fake news on its website. Although Mark Zuckerberg has denied the problem, many commentators have suggested that the issues may have been severe enough to have played a part in the US election, were Donald Trump claimed an unexpected victory over Hillary Clinton.

Source: Information Security Magazine

Security Pros Warn of Black Friday Cyber Threats

Security Pros Warn of Black Friday Cyber Threats

Today is Black Friday, the day after Thanksgiving which marks the start of the Christmas shopping period. Retailers across America, and increasingly other parts of the world, offer huge discounts to spur shoppers into action.

Given the rush at brick and mortar stores across the country many are choosing to mark Black Friday by shopping online, and retailers like Amazon have also slashed prices to attract more shoppers. However, as we’ve seen so many times recently, where people go online, cyber-criminals follow.

While many online shoppers are savvy enough these days to know how to best protect themselves it is the retailers that are most likely to suffer on Black Friday, according to experts.

“Much has been spoken about how customers can protect themselves from online thieves, however it’s retailers themselves that will be more at risk due to the scale and nature of the information they hold,” said Ross Brewer, vice-president and managing director of international markets at LogRhythm.

“Cyber-criminals will undoubtedly take advantage of online sales peaks to access networks unnoticed, or, more than likely, they will execute malware that has been sitting on the network for months,” Brewer added. The Target hack is a perfect example of what can happen around this time of year, when increased shopping means more credit cards details to steal.

Another threat facing retailers at this time of year is DDoS attacks. According to security firm Digital Shadows, Black Friday is a chance for cyber-criminals to show off their skills.

“Some might deem the busy sales period as an opportune moment to showcase their capability or cause widespread disruption by targeting retailers,” the company said. “Allied to this is the threat of DDoS extortion, as attackers may use the threat of disabling retail operations during the busiest period of the year as a means of earning a quick profit.”

Digital Shadows also warned shoppers about the possibility of compromised eCommerce sites, where keyloggers could be used to steal credit card and other payment information. On a similar theme, phishing pages are also a threat this Black Friday. Cyber-criminals set up fake websites with enticing offers on popular products, which then steal credit card information when the shopper tries to pay.

Retailers are of course taking action. NuData Security points out that many are boosting their automation, account takeover and fraud detection capabilities, but that cyber-criminals are evolving more complex ways to get around these defenses.

The company has taken a look at some of the cyber-threats facing online retailers on Black Friday and Cyber Monday. This is the Monday following Black Friday when online retailers launch their sales, although it’s worth pointing out many start on Black Friday rather than waiting the extra couple of days.

According to its research, many fraudulent accounts are created throughout the year and left dormant until now. “Typically, cyber-criminals target these times of year because they know security teams are stretched and policies are loosened up to accommodate volume. They can generally hide attacks within the volume of transactions,” the company said.

This time last year NuData picked up on 50 million fraudulent attempts; it expects that figure to be 82 million this holiday period. Account takeovers are also likely to cause problems. This period in 2015 saw a 600% rise in login anomalies. “Both volume and sophistication has spiked, as stolen personal data is so easy to obtain, and consumers continuing to use the same user names and passwords from site to site, login processes have never been so easy to subvert,” NuData Security’s research said.

“Organizations must be ever vigilant as fraudsters leverage the mass of freely available data on the dark web for cybercrime. Expecting consumers to maintain strong, non-reused passwords isn’t realistic, meaning retailers need to shoulder an even larger responsibility to protect their brand and users,” said Robert Capps, VP, business development, NuData Security.

Source: Information Security Magazine

European Commission Hit By DDoS Attack

European Commission Hit By DDoS Attack

A cyber-attack took the European Commission’s services offline on Thursday, although it is thought hackers didn’t gain access to any systems and no data was compromised.

According to Politico, internet services at the EC were down for several hours on Thursday afternoon following a DDoS attack. An email sent to EC staff said that a DDoS attack “resulted in the saturation of our internet connection.”

Although DDoS attacks are often used as a decoy by cyber-criminals to deflect attention away from a different type of attack, there is no evidence that’s the case here. “No data breach has occurred,” the EC said in a statement sent to Politico. “The attack has so far been successfully stopped with no interruption of service, although connection speeds have been affected for a time.”

Despite the EC’s claim that there was no interruption to its services, one staff member told Politico that the internet connection went down for several hours on two separate occasions, stopping employees from getting work done.

There is no indication at the moment who carried out the attack or what the motivation was. The EC is, however, bracing itself for further trouble as DDoS attacks often come in waves.

The EC and the European Union (EU) are dealing with a number of cyber-related issues at the moment. Top of the agenda is the potential impact of Brexit on cybersecurity across the region, as well as incoming data protection laws. The European General Data Protection Regulation (GDPR) comes into force in May 2018, but there is plenty of work ahead for businesses and governments before that deadline.

Source: Information Security Magazine

Thai Computer Crime Law Raises Rights Concerns

Thai Computer Crime Law Raises Rights Concerns

Amendments to Thailand’s controversial Computer Crime Act were debated in parliament this week, with rights groups expressing concerns that the law will bolster government efforts to restrict online freedoms and spy on users.

The 2007 legislation was originally created to stop spam, identity fraud, hacking and other computer-related offenses.

However, there are fears the military junta will use these new amendments to help in its bid to suppress dissent in the country, which it often does by using the ancient lese-majeste law forbidding criticism of the Royal Family.

The proposed amendments, seen by Reuters, include articles 18 and 19 which say the authorities can grab user and traffic data from service providers without court approval, as well as demand computer devices from users.

Article 20, meanwhile, apparently states that any website deemed to threaten national security or "offend people's good morals" can be removed or suspended.

Although it suggests a committee composed of non-government groups would be in charge of screening such content, the lack of judicial oversight is a concern for many.

Last month, Amnesty International appealed to the global community to express “grave concern” over the new rules.

It warned:

“The proposed amendments still allow for the prosecution and imprisonment of computer users who peacefully express their opinions online as well as internet service providers hosting sites where such opinions are posted. The proposed amendments would also preserve the authorities’ power to conduct invasive surveillance of internet traffic – in some cases without prior judicial authorization – and to suppress electronic content deemed to threaten a variety of vaguely defined state interests.”

The Computer Crime Act amendments are not the only pieces of legislation alarming rights groups in the region.

Experts claim the proposed Cyber Security Act, set for passage through parliament early next year, could sanction state-sponsored mass surveillance.

The UK, of course, has already passed its own version – the Investigatory Powers Act or Snoopers' Charter. This formalizes such surveillance powers for the first time and will force ISPs to retain the internet records of all citizens for up to a year, as well as giving the authorities the power to ban encryption products they can’t hack.

Source: Information Security Magazine

Insider Threat Enabled by Disloyal Employees and Organizational Failures

Insider Threat Enabled by Disloyal Employees and Organizational Failures

Organizations are not in touch with employees, and “misunderstand the strength of someone’s loyalty who doesn’t necessarily want to work 9-5”.

Speaking on a roundtable hosted by Balabit held in central London on the theme of insider threat, social engineer and speaker Jenny Radcliffe said that a social engineer is not always looking for someone who needs money, but looking for someone who is not enamored at that moment and has ambitions beyond the 9 to 5.

“People over-estimate how loyal employees are, and how loyal they can be, but they are more loyal to themselves than the company that they work for,” Radcliffe said.

Also on the panel was Dr Lee Hadlington, senior lecturer in Cognitive Psychology & Chartered Psychologist at De Montfort University, who acknowledged the stigma of reporting insider threats, as it says to the external world that “not even our employees are that engaged with us".

He said that it demonstrates that the employee is not engaged with the company culture or ethos, and most companies ignore and do not accept the problem.

“Companies like to believe in the illusion of security where you put things in the way to stop people attacking the system, but then you get down to the fact that to understand the human is the most complicated element that you could engage with,” he added.

Asked on how an insider threat can be detected and stopped, Adrian Asher, CISO of the London Stock Exchange Group, said that the main problem is that organizations do not know where their critical assets are or where they are hosted, and bad cyber hygiene is missing that organizations do not get the basics right.

“Once you know what they are trying to get to, you can increase the level of controls of monitoring behavior or even more static rules, and if you’re in the privileged position to understand [your users] you can start adding defenses to that,” he said.

“For me, the context of whether they are an internal person or an external person is immaterial, if someone is doing something that I am not expecting them to do whether it is something that I have given them or that they have hijacked, I need to be able to detect and alert and give the business the context to make a decision on whether they should be cut off or alert the authorities.”

Radcliffe said that whilst you have different personalities in an organization you’ll always have bad and lazy behavior, and people will always try and get around what defenses you put in place.

Source: Information Security Magazine