Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for November 2019

Alaska Named America's Riskiest State for Cybercrime

Alaska Named America's Riskiest State for Cybercrime

A new risk index has named Alaska as the state most vulnerable to cybercrime. 

The index was created by payments platform Cardconnect using data published by the Federal Bureau of Investigation's Crime Complaint Center. 

The company analyzed state-by-state statistics on four of the most prominent types of online crime—credit card fraud, identity theft, personal data breaches, and phishing scams that involve phishing, vishing, smishing, and pharming.

For each crime type, the number of instances per 100,000 residents was calculated, and each state was then ranked from 1 to 50, with 50 being the riskiest. The totals were then combined to give an overall risk index figure.

Despite boasting one of the nation’s smallest populations, Alaskans face the biggest risk of falling victim to online fraud of any state in the United States. Out of a possible worst-case scenario score of 200, Alaska came in at 195 on the risk index. 

Alaska accumulated 48 out of 50 points for credit card fraud and identity theft, 49 for personal data breaches, and 50 out of 50 for phishing.

At just one point behind Alaska, Nevada was found to be the second riskiest state for cybercrime, scoring 50 out of 50 for identity theft and personal data breaches and 49 out of 50 for credit card fraud. 

The Silver State only managed to slink into second place by the width of an eyelash for being slightly safer when it came to phishing, scoring 45 out of 50 on the risk index for crimes of this type.

In January 2019, Alaska’s Division of Public Assistance sent letters to 87,000 people—11.7% of the state’s entire population—notifying them that personally identifiable information such as names, Social Security numbers, and healthcare details may have been accessed by cyber-attackers. 

Seven months later, 650,000 Nevada students were the victim of a data breach, which resulted in the exposure of dates of birth and email addresses.

The safest state on the risk index, with an overall risk score of just 12 out of 200, was Iowa. 

"There were only 53 reports of credit card fraud in Iowa, resulting in a tiny ratio of 1.68 reports for every 100,000 residents," said a spokesperson for Cardconnect.

"This Midwestern state ranked in second place for credit card fraud, eighth place for phishing, and rated as the safest state of all for identity theft and personal data breaches."

Source: Information Security Magazine

United States Post Office Faces Cybersecurity Challenges

United States Post Office Faces Cybersecurity Challenges

Cybersecurity has been listed as one of the challenges facing the United States Postal Service (USPS) in a semi-annual report to Congress by the Office of the Inspector General (OIG). 

The report, which was released on Monday, outlines the most critical management issues with which the service has had to contend during the six-month period from April 1 to September 30, 2019.

Modernization, IT, and cybersecurity were all flagged as challenges, along with the long-running problem of illegal narcotics being sent through the mail. 

In the report, USPS inspector general Tammy Whitcomb wrote: "The use of the mail system to ship illicit narcotics continues to demand our attention both in our audit work and our investigations. While narcotics allegations are rapidly becoming our greatest investigative area of focus, our special agents cover a wide swath of areas: health care fraud (claimant and provider); mail theft; contract fraud; and financial fraud."

During the six-month period covered by the report, the USPS completed 1,362 investigations that led to 436 arrests and nearly $1.48bn in fines, restitutions, and recoveries. Of that total, more than $77m was returned to the Postal Service.

Whitcomb highlighted the difficulties of meeting the demands of the customer base in an increasingly digital world. 

Whitcomb wrote: "A modern information technology network with sufficient capacity is critical to the success of the Postal Service. Customers and businesses demand timely, relevant, and accurate information and data as part of their digital experience. 

"The network must have the ability to meet these demands as well as the flexibility to continually adjust to the ever-changing business and regulatory environment. As information technology and the cyber-threat landscape evolves, security continues to be an ongoing challenge."

review of the cybersecurity of the USPS conducted in November 2018 found a lack of long-term planning in which ongoing costs such as software licenses and contractor support had not been considered. This in turn had led to overspending. 

In the review, the OIG recommended that the USPS "create and execute a program/administrative budget to adequately plan and administer an ongoing cybersecurity program." The current target implementation date for fulfilling this recommendation is March 2020.

Source: Information Security Magazine

Third-Party Vendor Exposes Data of Palo Alto Employees

Third-Party Vendor Exposes Data of Palo Alto Employees

American cybersecurity firm Palo Alto Networks has suffered a data breach after a third-party vendor accidentally published personal data regarding the firm's employees online. 

The privacy of seven current and former employees of Palo Alto Networks was compromised in the incident, which took place in February of this year. Details shared on the internet for all to see included names, dates of birth, and Social Security numbers, which were contained in a database of company employee details. 

News of the breach came to light after a former Palo Alto Networks employee disclosed the breach to Business Insider. The American financial and business news website has kept the identity of the story's source under wraps. 

In their testimony, the former employee said that the incident had been undetected for months. 

Palo Alto Networks, which is headquartered in Santa Clara, California, has more than 60,000 customers in over 150 countries. Upon being contacted, the global cybersecurity company confirmed that the breach had taken place and said that the contract with the third-party vendor that inadvertently published the data had been terminated.

The decision to dissolve the contract and send a clear message out to other vendors of what is expected of them was made by CEO of Palo Alto Networks, Nikesh Arora.

A Palo Alto Networks spokesperson said: "We took immediate action to remove the data from public access and terminate the vendor relationship. We also promptly reported the incident to the appropriate authorities and to the impacted individuals.

"We take the protection of our employees' information very seriously and have taken steps to prevent similar incidents from occurring in the future."

Precisely which third-party vendor ensnarled Palo Alto Networks in this embarrassing data exposure has been revealed by neither the firm nor—assuming that they were in fact privy to this particular piece of information—Business Insider.

Absent also from the press reports on the incident are exact details of how the breach came to occur. All that's revealed is that the data was exposed as a result of a security error on the part of the third-party vendor.

It is unknown whether the exposed data ended up on the dark web as a result of the breach.

Source: Information Security Magazine

Hotels Under Attack as Guest Data is Swiped from Front Desks

Hotels Under Attack as Guest Data is Swiped from Front Desks

Security researchers are warning of an information stealing malware campaign that has already impacted hotel guest data in 12 countries worldwide.

The RevengeHotels operation has been running since 2015 but recently expanded its presence this year, according to Kaspersky.

It refers to the activities of at least two groups, dubbed “RevengeHotels” and “ProCC,” which target hotel front desks with remote access Trojan (RAT) malware.

“The main attack vector is via email with crafted Word, Excel or PDF documents attached. Some of them exploit CVE-2017-0199, loading it using VBS and PowerShell scripts and then installing customized versions of RevengeRAT, NjRAT, NanoCoreRAT, 888 RAT and other custom malware such as ProCC in the victim’s machine,” explained the report.

“One of the tactics used in operations by these groups is highly targeted spear-phishing messages. They register typo-squatting domains, impersonating legitimate companies. The emails are well written, with an abundance of detail. They explain why the company has chosen to book that particular hotel. By checking the sender information, it’s possible to determine whether the company actually exists. However, there is a small difference between the domain used to send the email and the real one.”

Once malware has been installed, cyber-criminals could sell subscription-based access to the infected machine on the dark web. That means fraudsters could get access to guest details, including credit card data copied from online bookings during the charging process, Kaspersky warned.

Over 20 hotels in 12 countries have so far been confirmed with victims in Latin America, Asia and Europe. However, many others may have accessed the malicious link in the phishing emails, the Russian AV vendor claimed.

“As users grow wary of how protected their data truly is, cyber-criminals turn to small businesses, which are often not very well protected from cyberattacks and possess a concentration of personal data,” argued Dmitry Bestuzhev, head of Kaspersky’s Global Research and Analysis Team, LatAm.

“Hoteliers and other small businesses dealing with customer data need to be more cautious and apply professional security solutions to avoid data leaks that could potentially not only affect customers, but also damage hotel reputations as well.”

Source: Information Security Magazine

Security Giant Prosegur Struck by Ransomware

Security Giant Prosegur Struck by Ransomware

Private security giant Prosegur has become the latest multi-national to suffer operational problems after being struck by ransomware.

The Spanish firm — which produces building alarms, and offers physical security services including cash transit vans — has over 60,000 employees around the globe and declared profits of €118m ($130m) for the first nine months of 2019.

However, it posted a statement to its Twitter account on Wednesday claiming the company had been struck by the Ryuk variant. Prosegur added that it had “enabled maximum security measures” to prevent the spread of the malware, including the “restriction of all communications.”

Security researchers monitoring the incident claimed in a series of tweets that the impact was severe, with the firm's websites taken offline in various regions.

“Prosegur appear to be in a hell of a mess, I’ve been monitoring social media posts and staff outside Spain in multiple offices report Ryuk ransomware on systems and outage of all services, so I’m guessing they have a common AD domain,” said UK-based Kevin Beaumont.

“Prosegur incident is just over a day old, customers and resellers are taking to Twitter saying alarms aren’t working and resellers saying they’re getting abusive calls from their customers. An entire ecosystem of security and cash handling services are up in the air.”

A statement from the firm on Thursday appeared to suggest it was on top of things.

“The ransomware, Ryuk, has been fully contained and the company has already deployed all the necessary mitigatory controls. Likewise, Prosegur has already begun the process of restoring its services,” it said.

“In addition to restricting its communications, the company initiated an investigation to determine the typology of the incident, its behavior, evaluation of the scope and definition of containment and recovery procedures, all of them included in the response plan for incidents of information security.”

The firm said it is also in contact with the “competent authorities” and is providing relevant technical information to “other actors” — stressing the need for collaboration to fight an ever evolving cyber-threat.

Source: Information Security Magazine

Missed Security Targets Start to Trouble Senior Execs

Missed Security Targets Start to Trouble Senior Execs

Companies that fail to set their IT security teams targets that directly correlate with overall business performance are causing problems for their CEOs, according to new research from Thycotic.

The privileged access management solutions provider surveyed more than 100 UK IT security decision-makers, with 61% admitting that there are implications for the CEO if security teams are unable to meet targets set to them.

With regards to the types of consequences they can face, the respondents noted facing a hard time from shareholders (44%), longer hours spent at work (40%) and even more serious implications such as penalties including lost bonus payments (37%) and threats to job security (35%).

Of particular note though, Thycotic’s research discovered that, when asked to describe what success looks like to them, IT security teams felt that being valued by the company (45%) was of more importance than achieving targets set by the board (42%). That suggests that CEOs risk repercussions if they set targets that do not effectively inspire IT and security professionals in their work.

Joseph Carson, chief security scientist and advisory CISO at Thycotic said: “The data breach at TalkTalk ushered in a new era where CEOs can and will be held accountable for IT security failures that occur on their watch. Today, when cybersecurity teams do not meet their targets, it impacts the CEO with longer hours, shareholder pushback, job insecurity and bonus reductions.”

To minimize the risks, he added, CEOs need to set IT security professionals proactive measures and appropriate budgets that demonstrate the positive contribution they make to overall business performance.

“A good example is to appoint an IT security professional with good communication skills in charge of cross-departmental co-operation. This has the dual advantage of putting IT security on a more proactive footing and increasing the chances of spotting/remediating digital risks early before they can escalate and cause trouble at board level.”

Source: Information Security Magazine

Googlers Fired for Breaking Security Policy

Googlers Fired for Breaking Security Policy

Tensions at Google have kicked up another notch this week after four employees were fired for apparently breaking data security policy, in what others have claimed is a witch hunt.

The four ex-staffers were accused of breaking policy by spying on colleagues’ work, including calendars and email. The back story appears to be that those they were monitoring were working on projects they didn’t approve of, such as a collaboration with the US Customs and Border Protection.

According to reports they repeatedly scoured through these colleagues’ data and distributed it to others despite this being “outside the scope of their jobs.”

“We have always taken information security very seriously, and will not tolerate efforts to intimidate Googlers or undermine their work, nor actions that lead to the leak of sensitive business or customer information,” a Google statement noted.

“This is not how Google’s open culture works or was ever intended to work.”

However, former colleagues and defenders of the four have claimed that what they did was in keeping with the tech giant’s code of conduct, which states: ​​​​​​​“And remember… don’t be evil, and if you see something that you think isn’t right — speak up.”

They argued that Google had ulterior motives in firing the four because they were involved in union organizing at the firm.

“Here’s how it went down: Google hired a union-busting firm. Around the same time Google redrafted its policies, making it a fireable offense to even look at certain documents. And let’s be clear, looking at such documents is a big part of Google culture; the company describes it as a benefit in recruiting, and even encourages new hires to read docs from projects all across the company,” they wrote in a blog post.

“Which documents were off limits after this policy change? The policy was unclear, even explicitly stating the documents didn’t have to be labelled to be off limits. No meaningful guidance has ever been offered on how employees could consistently comply with this policy. The policy change amounted to: access at your own risk and let executives figure out whether you should be punished after the fact.”

The incident comes at a time of unprecedented employee unrest at the tech goliath, with accusations that it has been too slow to tackle sexual harassment and has a problem with unequal pay.

Source: Information Security Magazine

US Man Charged with Stealing 100+ Songs from Recording Artists

US Man Charged with Stealing 100+ Songs from Recording Artists

A Texas man has been charged for his part in an alleged conspiracy to steal music tracks from 20 recording artists and release them online.

Christian Erazo, 27, from Austin, has been charged with aggravated identity theft, conspiracy to commit computer intrusion and conspiracy to commit wire fraud.

Between 2016 and 2017 he’s alleged to have worked with three others to target two music management companies in New York and LA.

The group is said to have obtained employee log-ins which enabled them to access the companies’ cloud storage accounts and steal over 100 songs from 20 artists that had not yet been released. They illegally accessed one company’s trove over 2300 times in just a few months, the DoJ said.

Erazo is also accused of hacking the social media account of an LA-based musician and producer and using it to send messages to recording artists and producers asking them for tracks.

The music obtained from these ventures was later released online in public forums, causing the victims financial losses, the court documents allege. In one case an entire album that had been in production for a year was effectively scrapped, potentially costing its creator $2m in lost sales.

The conspirators then allegedly tried to pin the blame for the attacks on someone else. A member of the group emailed one of the management companies claiming that an unnamed “Individual-1” was hacking the firm’s cloud storage accounts.

Erazo and others are said to have repeated the allegations to undercover officers posing as music executives, claiming he was helping them “for the love of the artists.”

He’s later alleged to have sent an email to one of the conspirators claiming the scheme was the “perfect cover-up.”

Music is big business. In June this year, world-famous band Radiohead revealed that a hacker stole lead singer Thom Yorke’s minidisc archive and was asking $150,000 in return for not releasing it. The band subsequently decided to publish the 18 hours of music themselves and donate the proceeds to a climate change group.

Source: Information Security Magazine

Cryptocurrency Exchange UpBit Loses $52m in Attack

Cryptocurrency Exchange UpBit Loses $52m in Attack

One of the world’s biggest cryptocurrency exchanges has been forced to suspend account withdrawals and deposits after being hit by a major online heist.

South Korea’s UpBit issued the temporary suspension notice on Wednesday followed by a message from Lee Seok-woo, CEO of company owner Dunamu.

At around 1pm local time on Wednesday, 342,000 ETH ($52) were transferred from an UpBit hot wallet to an unknown recipient, he said.

Affected users will have their losses covered by the company, which has transferred all other cryptocurrency into the company’s cold wallet for improved security.

“It is estimated that it will take at least two weeks for the deposit and withdrawal to resume. I'll tell you again when this is done,” said Lee.

UpBit’s travails are the latest in a long line of successful cyber-attacks targeting cryptocurrency exchanges over recent months.

These included US firm Coinbase, which spotted double spend attacks topping $1m, Japan-based Bitpoint, which lost $32m, Singaporean company Bitrue, which was robbed of $4.5m and Malta-headquartered Binance.

Peter Wood, CEO of CoinBurp, argued that the latest hack should be a warning to investors about the importance of operating only on secure and reliable trading platforms.

“This is particularly important when it comes to cryptocurrency, as it is virtually untraceable and there is often no governing body to insure or refund any losses,” he added.

“However, potential investors should not be deterred by this catastrophic error, as UpBit, and other Korean crypto-exchanges have been the target of hackers before. It is important that all individuals properly research the security protocols and measures before operating on any crypto trading platform.”

North Korea was earlier this year blamed by the UN for using its growing hacking capabilities to target cryptocurrency exchanges in a bid to fill the state coffers. It's said to have amassed $2bn from such attacks.

Source: Information Security Magazine

Minor Arrested for Jack Dorsey Twitter Hack

Minor Arrested for Jack Dorsey Twitter Hack

A former member of the Chuckling Squad is presumably not laughing now after being arrested for hacking the Twitter account of Twitter CEO Jack Dorsey. 

The alleged hacker, who is a minor, is said to be part of a group that used a SIM-swapping technique to hack into Dorsey's account in August of this year and send out multiple tweets containing racial slurs. They also tweeted bomb threats and retweeted anti-Semitic material. 

The group, known as the Chuckling Squad, have claimed responsibility for a number of high-profile social media hacks, including one perpetrated against actress Chloe Grace Moretz. 

The threat group was able to carry out the hack after gaining access to Dorsey's phone number and transferring that number to a new SIM card. Following the hack, Twitter has updated its two-factor authentication so that users no longer have to give their phone number. 

"We applaud the efforts of all the law enforcement agencies involved in this arrest," said the Santa Clara County District Attorney's Office, which manages the Regional Enforcement Allied Computer Team (REACT).

"REACT continues to work with and assist our law enforcement partners in any way we can. We hope this arrest serves as a reminder to the public that people who engage in these crimes will be caught, arrested, and prosecuted."

Hacker Debug, a leader of the Chuckling Squad, told Motherboard that the minor was arrested about two weeks ago after being kicked out of the threat group in October. 

"He was a member of Chuckling Squad but not anymore. He was an active member for us by providing celebs/public figure [phone] numbers and helped us hack them," Debug said. 

After the minor furnished the group with Dorsey's number, other squad leaders known as Aqua and NuBLoM tricked a wireless provider into giving them control of the phone number. They were then able to receive two-factor authentication SMS codes. 

Guidelines issued by the Federal Trade Commission on how to protect yourself from a SIM-swap attack include recommendations to limit the personal information you share online and set up a PIN or password on your phone account. Phone users are also advised never to reply to calls, emails, or text messages that request personal information, as they may be phishing attempts.

Source: Information Security Magazine