Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for February 2018

IRS Scams Balloon Ahead of US Tax Day

IRS Scams Balloon Ahead of US Tax Day

As the US tax season gets underway, the FBI has issued a warning on increased IRS-related phishing emails.

The alert noted that the IRS’s Online Fraud Detection & Prevention (OFDP) department, which monitors such things, has observed an increase in reports of compromised or spoofed emails requesting W-2 information. A W-2 is the form used to report wages for tax purposes and contains sensitive information, including Social Security numbers.

The most popular gambit remains impersonating an executive, using a compromised or spoofed email account, to obtain W-2 information from an HR professional within the same organization. Individual taxpayers may also be the targeted, the FBI said, but criminals have evolved their tactics to focus on mass data thefts.

It also warned that sometimes these requests were followed by, or combined with, a request for an unauthorized wire transfer.

This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.

“If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft,” the FBI said. “Any breach of personal information could have an effect on the victim’s tax accounts with the states as well as the IRS.”

To avoid becoming a victim, organizations should limit the number of employees within a business who have the authority to approve and/or conduct wire transfers and handle W-2–related requests or tasks and should use verbal authentication to verify requests for W-2–related information or wire transfer requests that are seemingly coming from executives.

Source: Information Security Magazine

LA Times Hit with Crypto-Mining Software

LA Times Hit with Crypto-Mining Software

The LA Times website was found to be hosting crypto-mining software as a result of a hack.

According to Troy Mursch, a security researcher at the Bad Packets Report, attackers were able to exploit an improperly configured Amazon Web Services (AWS) S3 cloud storage bucket to gain access to the site, injecting the Coinhive software script into the proceedings. The affected page was the Homicide Report, which reports on those murdered in the last 12 months in Los Angeles county.  

Coinhive, which is estimated to impact about a quarter of organizations globally, performs online mining of Monero cryptocurrency when a user visits a web page. Implanted JavaScript uses the computational resources of the end user’s machines to mine coins, impacting system performance. While it’s offered as a legitimate service for webmasters looking for a monetization alternative to advertising, criminals often embed it into websites without the site knowing, and unscrupulous websites use it without letting site visitors know.

In this case, the script was set to mine at non-maximum levels, thus consuming less compute power and allowing it to go undetected, possibly for as long as two weeks, according to the researcher.

It’s a different take on the usual S3 headlines, Zohar Alon, co-founder and CEO, Dome9, told Infosecurity.

"Last year, we saw a spate of breaches where hackers went after valuable data in the public cloud. But data is not the only valuable asset in the cloud,” he said. “Now we're starting to see hackers steal compute cycles for crypto-mining. By flying under the radar, these illegal mining operations can go undetected for months, racking up the public cloud bill and costing millions."

Carl Wright, chief revenue officer, AttackIQ, pointed out that the frequency of cloud misconfiguration incidents should be putting companies on notice to lock down their infrastructure. “This is seriously getting ridiculous,” he said via email.

“It’s another all-too-common tale for organizations – and it could have been avoided,” he said. “The attack surface has significantly expanded for many enterprises – without any guarantee of uniform security controls and processes. Consequently, it’s even more imperative that organizations assume attackers are constantly testing security controls for misconfigurations. If organizations are not continuously validating their security controls at this stage of the game, they are going to end up a headline. How many more epic failures that could have been prevented will it take before people start testing?”

Source: Information Security Magazine

Nation-State Attacks Grow in Prevalence

Nation-State Attacks Grow in Prevalence

The propagation of advanced exploits has blurred the lines between statecraft and tradecraft, evolving the threat landscape beyond the defense capabilities of conventional security measures.

According to the 2018 CrowdStrike Global Threat Report: Blurring the Lines Between Statecraft and Tradecraft, which analyzes comprehensive threat data from 100 billion events a day across 176 countries, extortion and weaponization of data have become mainstream among cybercriminals, heavily impacting government and healthcare, among other sectors. Part of this is due to the fact that nation-state–linked attacks and targeted ransomware are on the rise and could be used for geopolitical and even militaristic exploitation purposes.

Additionally, supply-chain compromises and crypto-fraud and -mining are presenting new attack vectors for both state-sponsored and e-crime actors.

“We’ve already seen cyber-adversaries launch massive, destructive attacks that render organizations inoperable for days or weeks,” said Dmitri Alperovitch, CrowdStrike co-founder and CTO. “Looking ahead, security teams will be under even more pressure to detect, investigate and remediate breaches faster.”

The report also shows that established and well-resourced cyber-operations continue to innovate, developing new methods of distributing crimeware and incorporating advanced tactics to infiltrate, disrupt and destroy systems. In 2017, 39% of all attacks that CrowdStrike observed constituted malware-free intrusions that were not detected by traditional antivirus software, with the manufacturing, professional services and pharmaceutical industries facing the most malware-free attacks.

Based on observed incidents, CrowdStrike also established that the average “breakout time” in 2017 was 1 hour and 58 minutes. Breakout time indicates how long an intruder takes to laterally move from the initial system they had compromised to other machines within the network.

Said Adam Meyers, vice president of intelligence at CrowdStrike,“Today, the lines between nation-states and e-crime actors are increasingly blurring, elevating the sophistication of threats to a new level.” 

Source: Information Security Magazine

PhishMe Announces Acquisition and Rebrand as Cofense

PhishMe Announces Acquisition and Rebrand as Cofense

A consortium of private equity firms has announced the acquisition of PhishMe, which has been rebranded as Cofense.

With the backing of multiple private equity firms, including BlackRock and Pamplona Capital Management, to support future innovation via organic and inorganic growth initiatives, Cofense will continue to deliver solutions in phishing defense by offering solutions that sit at the intersection of human intelligence and technology. The deal is valued at around $400m.

Rohyt Belani, CEO and co-founder of Cofense, said that PhishMe was founded to challenge the cliché that people are the weakest link in security, but its customers affirm that not only can their employees be conditioned to be less susceptible to cyber-attacks but, in fact, they can be turned into sensors of such attacks that provide very timely intelligence.

“The Cofense solution set leverages internal employee-generated attack intelligence in concert with purpose-built response technologies to break the attack kill chain at delivery,” he said.

“Cofense reflects the full breadth of our portfolio of enterprise-wide attack detection, response and orchestration solutions.

“This acquisition further strengthens the alignment between our management team, employees and investors as we focus on building an enduring company. With cybersecurity a top priority for organizations everywhere, our goal is to continue bringing innovative products to markets around the globe to help stop active attacks faster than ever.”

Scott Crawford, research director for information security at 451 Research, said: “PhishMe is the second deal in less than a month involving anti-phishing, reflecting the high interest of enterprises in solutions for combating the impact of targeted users on information security.

“According to recent 451 Research Voice of the Enterprise studies, user behavior is by far the number one pain point reported by enterprise security professionals, with the challenges of security awareness training in the top five, while security awareness initiatives were the number one infosec project reported by enterprises in 2017.

“PhishMe has distinguished itself in this space by broadening beyond anti-phishing to connect phishing intelligence with security operations and incident response, reflecting the continued significance of phishing and related tactics as primary vehicles for attack penetration.”

Source: Information Security Magazine

US Spies: Russia Hacked Pyeongchang 2018

US Spies: Russia Hacked Pyeongchang 2018

Kremlin hackers were responsible for cyber-attacks targeting the Winter Olympics in South Korea earlier this month, according to US intelligence.

The unnamed sources told the Washington Post that the operatives most likely work for the Russian military agency GRU’s Main Center for Special Technology (GTsST), the same body that is said to have been responsible for the infamous NotPetya ransomware attack in 2017.

The hackers apparently compromised as many as 300 computers linked to the games, and also placed malware on routers in South Korea on the opening day.

The state-sponsored hackers are said to have tried to run a “false flag” operation aiming to implicate North Korea.

There have been numerous reports of cyber-attacks ahead of and during the games in Pyeongchang.

Most notably, the official website of the games was taken offline for 12 hours ahead of the opening ceremony in early February, with some visitors unable to print their tickets and therefore missing out.

Wi-Fi connectivity and televisions in the media center also went down, according to reports at the time.

McAfee also discovered a new variant of malware being targeted at individuals in key organizations involved with the Winter Games, as part of the Korean-language Operation GoldDragon.

If Russia is responsible for attacks on the games it would make sense, given that its athletes have been banned from competing under the Russian banner, with many excluded altogether after a large-scale, state-sponsored doping campaign was uncovered a few years ago.

Infamous hacking group Fancy Bear has been highly active in trying to discredit Olympic athletes, as well as the games itself, in retaliation — stealing and leaking sensitive medical and other documents.

It’s not just state-sponsored hackers that have been active during the past few weeks. Cyber-criminals usually try to jump on the coat tails of popular sporting events to defraud consumers, and Pyeongchang 2018 was no different, according to Proofpoint.

Since 2010, 105 spoof domains have been registered using variations on the official pyeongchang2018 moniker, facilitating illegal streaming, non-sanctioned ticket sales and other illicit activities, the firm claimed.

Source: Information Security Magazine

US Federal Contractors Lag in Cyber Best Practices

US Federal Contractors Lag in Cyber Best Practices

The US federal government relies on tens of thousands of contractors and subcontractors – sometimes referred to as the federal “supply chain” – to provide critical services, hold or maintain sensitive data, deliver technology and perform key functions. When it comes to their cyber-risk, BitSight has found that the cybersecurity posture of US federal contractors lags far behind that of federal agencies.

In an analysis of 1,200 federal government contractors, the mean BitSight Security Rating for federal agencies was at least 15 or more points higher than the mean of any contractor sector.

“To some this may be surprising: Some agencies have made public their large data breaches in recent years,” the report noted. “However, many agencies maintain a strong security posture overall and the aggregate performance of agencies has increased steadily. The mean rating for agencies as of January 2018 was 725. This is markedly higher than any of the other sector of contractors for the US federal government observed in this study.”

The analysis reveals that 8% of healthcare/wellness contractors have disclosed a data breach since January 2016; aerospace/defense firms had the next highest breach disclosure rate at 5.6%. It also reveals that botnet infections are especially prevalent among the government contractor base, particularly for healthcare/wellness and manufacturing contractors.

The report uncovered an issue with best practices, as well: many contractors are simply not following them. On the network encryption and email security front, nearly 50% of contractors have a BitSight grade below C for the “protective technology” subcategory of the NIST Cybersecurity Framework.

Also, nearly one in five users at technology and aerospace/defense contractors have an outdated internet browser, making these employees and their organizations highly susceptible to new variants of malware.

“US government contractors, subcontractors and other third parties can be the cause of significant losses of government data,” the report notes. “Agency leadership must ensure that these organizations are protecting the sensitive government data with which they have been entrusted. Political, technology and civil service leaders within an agency all must be involved in addressing this risk.”

Source: Information Security Magazine

CISOs See Incidents Growing and Preparedness Waning

CISOs See Incidents Growing and Preparedness Waning

When it comes to cybersecurity and preparedness, a recent survey paints a grim picture: A full 66% of CISOs believe their organization will experience a data breach or cybersecurity exploit that will seriously diminish shareholder value in the future – even as security postures aren’t likely to improve.

A survey from Ponemon Institute and defense contractor Raytheon of 1,100 senior-level IT and IT security global practitioners found that 54% of CISOs believe that their cybersecurity posture will either stay the same (35% of respondents) or decline (19% of respondents) in the coming year. Just 46% believe their cybersecurity strategy will improve, down from 59% in 2015. Also, 60% expect their companies will have to spend more to achieve regulatory compliance and respond to lawsuits and litigation.

However, worries and concerns are escalating. On the internet of things (IoT) security front, with the use of IoT devices in organizations being inevitable, 82% of respondents predict unsecured IoT devices will cause a data breach in their organizations. To boot, 80% said such a breach could be catastrophic.

Further, 67% believe cyber-extortion, such as ransomware and data breaches, will increase in frequency and payout, and 60% predict nation-state attacks against government and commercial organizations will worsen and could potentially lead to a cyber-war.

The report postulated that the disconnect between impending threat and readiness is critical and will lead to 2018 being even more breach heavy than 2017.

“Our hope is that CISOs and senior leaders can use this report as a tool to start a deep dialogue about the critical need for cybersecurity within their organizations,” said Raytheon chairman and CEO Thomas Kennedy. “Every day the cyber-threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors. To reduce risks, leaders must urgently work with their IT teams to identify potential vulnerabilities, develop an action plan and make the investments needed to protect the value of their organization.”

The 2018 Study on Global Megatrends in Cybersecurity, however, also shows that despite growing threats, 64% of IT professionals believe cybersecurity is still not considered a strategic priority among senior leadership. Senior leadership are seen as seemingly disengaged in the oversight of their organization’s cybersecurity strategy, with 68% of CISO/IT executives surveyed saying their boards are not being briefed on measures taken to prevent or mitigate the consequences of a cyber-attack.

“Conversations around cybersecurity resiliency are happening among our nation’s top intelligence chiefs, yet business leaders still have not made cybersecurity a business priority,” said Larry Ponemon, chairman and founder of Ponemon Institute. “This important research reveals an urgent need for executives to appropriately address cyber-threats against their organizations.”

Source: Information Security Magazine

DDoS Costs Skyrocket for SMBs and Enterprises Alike

DDoS Costs Skyrocket for SMBs and Enterprises Alike

The financial impact of a distributed denial-of-service (DDoS) attack is continuing to rise globally – with significant cost spikes for both small to medium-sized businesses (SMBs) and enterprises per attack.

Kaspersky Lab’s IT Security Risks Survey 2017, which polled 5,200 business representatives from 29 countries, shows that whether as the result of a single incident or as part of a multi-faceted cyberattack, the financial implications of reacting to a DDoS attack in 2017 is $123,000 for SMBs per incident, compared to $106,000 in 2016.

For enterprises, the cost has soared more than half a million dollars – from $1.6 million in 2016 to $2.3 million in 2017 on average per attack. The rising financial costs of DDoS attacks, coupled with unquantifiable impacts such as reputational damage, are crippling for many organizations.

When asked about the specific consequences experienced as a result of a DDoS attack, most organizations (33%) claim that the cost incurred in fighting the attack and restoring services is the main burden, while a quarter (25%) cited money spent investing in an offline or back-up system while online services are unavailable. Additionally, 23% said that a loss of revenue and business opportunities occurred as a direct result of DDoS attacks, whereas 22% listed the loss of reputation among clients and partners as another direct consequence of a DDoS attack.

Previous Kaspersky Lab research also found that the attack rate is accelerating, with more than a third (33%) of organizations facing a DDoS attack in 2017, compared to just 17% in 2016. Even so, organizations are undereducated about taking steps to protect themselves. For instance, they often expect third parties to protect their businesses.

According to the research, 34% of organizations expect their ISP will protect them from DDoS attacks, and another 26% expect their data center or infrastructure partners will do so. Additionally, nearly a third (28%) claim that it is unlikely that they will be targeted by a DDoS attack in general.

“DDoS attacks, both standalone or as part of an attack arsenal, can cost an organization thousands, if not millions – that’s without counting reputational damage and lost clients and partners as a result,” said Kirill Ilganaev, head of Kaspersky DDoS protection, Kaspersky Lab. “It is therefore wise to be aware of these threats and invest in their own protective measures in advance. It is also important to choose reliable specialized security solutions that are based on cybersecurity expertise and tailored to fight the most sophisticated DDoS attacks organizations face today.”

Source: Information Security Magazine

Half of UK Firms Hit by Cyber-Related Fraud in Past Two Years

Half of UK Firms Hit by Cyber-Related Fraud in Past Two Years

Nearly half of UK organizations (49%) have suffered from cyber-related fraud in the past two years, according to the latest research from PwC.

The global consulting firm polled over 7200 business decision makers to compile its Global Economic Crime & Fraud Survey.

The research is slightly unusual in that it approaches cybercrime in the context of it being a source of fraud. As such, it ranks highest, above others in the top five: asset misappropriation (32%), procurement fraud (23%), bribery and corruption (23%) and business misconduct (21%).

PwC forensics partner, Fran Marwood, confirmed to Infosecurity that: "the other categories are not cyber-related. They are what you might call traditional frauds."

“Much of the cybercrime in the UK comes from external overseas threats, and as the world’s fifth largest economy, it’s no surprise that the resources of UK organizations are seen as an attractive target by global fraudsters,” she added.

“Over half of respondents reported suffering phishing attacks, which are done on a large scale to play the odds. But ultimately cyber-defense relies on people understanding the threat, so training, awareness and escalation routes are just as important as defensive technology.”

UK organizations are actually behind their international counterparts when it comes to implementing anti-fraud technology and don’t seem to be using advanced tools as effectively as many.

Suspicious activity monitoring spotted just 10% of fraud, while data analytics detected only 1%, down from 8% two years ago, according to the report.

This doesn’t bode well for the future, with over two-fifths (42%) of UK respondents claiming that cybercrime would be the most disruptive ‘fraud’ type over the next two years.

More concerning still is the fact that a quarter of UK firms don’t have a cybersecurity program in place, although it does appear to be high on the agenda for most: 82% of CISOs report directly to the board, for example.

Source: Information Security Magazine

US Government in Epic Border Security Fail

US Government in Epic Border Security Fail

The US government has been left red-faced after it emerged that its Customs and Border Protection (CBP) has failed for over a decade to verify passports are authentic because it has not been able to properly read their built-in smart chip.

Democratic Party senators Ron Wyden and Claire McCaskill sent a letter this week to the acting commissioner of the CBP, demanding that the anti-forgery and anti-tampering features of the e-passports are utilized.

The ‘smart’ passports, implemented in the US back in 2007, contain a chip on which is stored the holder’s information and cryptographic information to verify its authenticity, making it virtually impossible to forge.

Countries that want to retain visa waiver status must also support e-passports for their citizens.

However, the senators claimed that: “Despite these efforts, CBP lacks the technical capabilities to verify e-Passport chips.”

“CBP has been aware of this security lapse since at least 2010, when the Government Accountability Office (GAO) released a report highlighting the gap in technology,” the letter continued.

“Eight years after that publication, CBP still does not possess the technological capability to authenticate the machine-readable data in e-Passports.”

The senators argued that “it is past time” for the features to be utilized, and urged the agency to work with experts to calculate the costs before developing and implementing a plan to validate the digital signatures in smart passports.

The security fail comes amid a renewed attempt by the Trump administration to act tough on border control, with a controversial “extreme vetting” policy which requires those from certain countries to reveal detailed social media histories and other information or risk being turned away.

Source: Information Security Magazine