Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for December 2019

Wipro Launches Cyber Defense Center Down Under

Wipro Launches Cyber Defense Center Down Under

An Indian information technology, consulting, and business process services company has opened its first of what could eventually be many cybersecurity centers in Australia.

Wipro Limited announced the launch of the NextGen Cyber Defense Center on Thursday. The new state-of-the-art facility, which is located in the coastal city of Melbourne, is expected to create over 100 jobs. 

A Wipro spokesperson said: "With the launch of this center, Wipro aims to make substantial investments to upskill its employees, hire more local resources and generate more than 100 jobs in Melbourne for cybersecurity specialists."

With an eye on the future, the company shared plans to roll out similar Cyber Defense Centers in other Australian cities to "offer cyber resilience and provide digital protection to large government organizations."

Manoj Nagpaul, senior vice president of Asia Pacific and Japan at Wipro Limited, said: "We will offer our customers in the Australian market the ability to leverage our global experience, technical expertise and strategic cyber investments to secure their digital operations. 

"Our CDC will be equipped with state-of-the-art technology–enabled infrastructure with continuous security monitoring, a large pool of experienced security professionals and a global delivery model to achieve and scale highly secure integrated platforms."

The new Melbourne facility was inaugurated by Tim Pallas, minister for economic development, Parliament of Victoria, in the presence of customers, technology partners, the leadership team, and local employees.

Pallas said: "Melbourne is Australia’s leading tech city, and we welcome this investment by Wipro—a leading global information technology company. The establishment of this Defense Center will strengthen Victoria’s capability in cybersecurity and draw on the local expertise to help Wipro protect Australian organizations from cyber-related incidents."

According to Wipro’s recently released "State of Cybersecurity Report 2019" (in which 10% of the global organizations surveyed were from Australia), 55% of the respondents highlighted digital lockdowns due to ransomware attacks are their top cyber-risk. 

The report found that the worldwide breach rate, calculated as the number of records stolen per second, has gone up to 232 records per second from the previous year’s average of 88 records/second. 

Despite the rise in the number of security incidents, the same report found that only 25% of respondents said that they carry out security assessments in every build cycle before pushing applications out to the internet.

Source: Information Security Magazine

British Cybersecurity Firm Goes Under Owing Millions

British Cybersecurity Firm Goes Under Owing Millions

An award-winning British cybersecurity firm has gone into administration owing £3.5m to unsecured creditors.

XQ Digital Resilience Limited, which traded as XQ Cyber, brought in administrators David Rubin & Partners after declaring bankruptcy in October by placing a notice in the London Gazette

The company was best known for developing CyberScore, a security testing and rating service that converts raw vulnerability data into more easily digestible security remediation and risk management plans.

According to a statement of affairs document published on the Companies House website this week and dated October, trade creditors are owed just over £500,000. 

The unsecured creditor who is owed the largest single sum of money by the Gloucestershire-based cybersecurity firm is an individual who made a £2.4m loan to the business. He was listed as someone who had significant control of the business in January 2017. 

Aside from this individual investor, HM Revenue and Customs is the largest creditor, left out of pocket for a total amount of £473,649. Five- and six-figure sums are also owed to a small number of tech suppliers. 

The statement of affairs estimates that assets totaling £304,374 are available to be used to pay back unsecured creditors. 

The administrators stated that while XQ Cyber's intellectual property and goodwill have a book value of £645,599, they expect to be able to use them to realize just £200,000.

The National Cyber Security Centre (NCSC)–approved company, which boasted many former GCHQ staffers among its employees, had gone through a recruitment drive in 2019 and made new hires just six weeks before going into administration.  

At XQ Cyber's demise, around 60 workers were made redundant, according to posts made on LinkedIn by former XQ Cyber staff members. 

XQ Cyber was featured as one of 20 UK security start-ups to watch in a profile in Information Age in June. The company's Twitter account has been inactive since November 7; however, its website—which states that the trading name of the company is now CS Information Security Limited—is still up and running.

The news of the company's decline took the cybersecurity industry by surprise, as public-sector UKCloud had reportedly added XQ Cyber’s CyberScore cybersecurity testing and rating tool to its portfolio in May, potentially creating a lucrative sales channel.

Source: Information Security Magazine

Ransomware Attack on Minnesota Health Facility

Ransomware Attack on Minnesota Health Facility

A Minnesota healthcare facility specializing in treatments for the face, teeth, mouth, and jaw has been hit by a ransomware attack.

Southeastern Minnesota Oral & Maxillofacial Surgery (SEMOMS) announced the data security incident on Thursday via their website.

On September 23, 2019, threat actors struck a server used by the organization. IT staff were able to intervene immediately to restore the impacted data. No mention was made as to the amount of money demanded by the attackers or whether the ransom was paid. 

All 80,000 patients of the facility are being informed of the incident, which SEMOMS said "may have resulted in the inadvertent exposure of patients’ health information."  

In a statement published on their website, SEMOMS said: "Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident, including sending letters to anyone whose information may have been exposed."

Computer forensic experts, hired by SEMOMS to discover what, if any, information had been accessed in the attack, were unable to give a definitive answer. 

SEMOMS said: "After examining the impacted server, the investigation was unable to determine if patients’ names and X-ray images had been viewed or accessed by an unknown, unauthorized third party.  

"While our investigation did not identify specific activity surrounding patients’ information, we are notifying potentially impacted individuals out of an abundance of caution."

Letters sent to potentially impacted patients include information about what occurred and a toll-free number where patients can learn more about the incident.

SEMOMS gave a reassurance that any patients' financial information, medical records, or Social Security numbers that had been provided to the health organization had not been impacted by the event. 

The incident has spurred SEMOMS to carry out a review of their current cybersecurity protection and procedures.

SEMOMS said: "SEMOMS remains committed to protecting patients’ information and has taken steps to prevent a similar event from occurring in the future, including reviewing and revising its information security policies and procedures."

Source: Information Security Magazine

Vietnamese Hackers Compromised BMW and Hyundai: Report

Vietnamese Hackers Compromised BMW and Hyundai: Report

A Vietnamese state-backed threat group has been blamed for cyber-attacks that compromised the networks of BMW and Hyundai over recent months.

APT32, also known as “Ocean Lotus,” has been operational for the past few years. This spring it managed to infiltrate the network of the German car giant, installing a pen testing tool known as Cobalt Strike to remotely spy on machines, according to local reports.

However, BMW’s cybersecurity team caught wind of the attack and carefully monitored the group's activity, before finally kicking the attackers out in early December, Bayerischer Rundfunk claimed.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” the carmaker said in a general statement.

It was claimed that the hackers may be looking for trade secrets that will help to spur development at privately owned Vietnamese automotive start-up VinFast, which is currently supplied almost 100% by German manufacturers.

Hyundai’s corporate network was apparently also targeted, but there are no further details about that raid.

APT32 is known mainly for cyber-espionage activities targeting foreign businesses with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors. It has also targeted political activists and free speech supporters inside Vietnam and across south-east Asia, according to FireEye.

“The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam],” the security vendor said in its 2017 report on the group.

“While the motivation for each APT32 private sector compromise varied—and in some cases was unknown—the unauthorized access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organizations.”

Source: Information Security Magazine

FTC: Cambridge Analytica Deceived Facebook Users

FTC: Cambridge Analytica Deceived Facebook Users

Cambridge Analytica deceived tens of millions of Facebook users by working to harvest their personal data for use in political targeting, the FTC has ruled.

The regulator voted 5-0 in favor of issuing the Opinion and Final Order to the notorious consulting firm, which worked with developer Aleksandr Kogan to obtain data on as many as 87 million Facebook users.

That data, harvested via an innocuous-looking app, was subsequently used to target swing voters ahead of the 2016 US Presidential election, it is claimed.

The FTC Opinion confirms the allegations made in an administrative complaint issued in July: “that app users were falsely told the app would not collect users’ names or other identifiable information.”

It also states that Cambridge Analytica falsely claimed it still participated in the Privacy Shield data transfer agreement between the US and EU, despite its certification having lapsed.

“The Final Order prohibits Cambridge Analytica from making misrepresentations about the extent to which it protects the privacy and confidentiality of personal information, as well as its participation in the EU-US Privacy Shield framework and other similar regulatory or standard-setting organizations,” the FTC noted.

“In addition, the company is required to continue to apply Privacy Shield protections to personal information it collected while participating in the program (or to provide other protections authorized by law), or return or delete the information. It also must delete the personal information that it collected through the GSRApp.”

The FTC earlier this year fined Facebook a record $5 billion for deficiencies which allowed third-party app developer Kogan to get away with misleading customers and harvesting data without obtaining informed consent — on both Facebook users and their friends and family.

The social network has since announced a major new privacy-by-design push which will introduce more stringent processes to control what developers can and can’t do.

Although Kogan and former Cambridge Analytica CEO Alexander Nix have agreed to settle the FTC’s allegations, the consultancy itself filed for bankruptcy in 2018.

Source: Information Security Magazine

Bernie Sanders Pledges High-Speed Internet for All

Bernie Sanders Pledges High-Speed Internet for All

US presidential candidate Bernie Sanders today released a plan to introduce high-speed internet to every American household if he wins the 2020 election. 

The High-Speed Internet for All proposal suggests giving local and state governments $150bn in grants and aid to create publicly owned broadband networks. Of this funding, $7.5bn would be ring-fenced to "expand high-speed broadband in Indian Country and fully resource the FCC’s Office of Native Affairs and Policy."

In a statement released on his website that will likely strike a chord with voters far younger than he is, Sanders said that the internet must be treated as "a public utility that everyone deserves as a basic human right." If elected as president next year, the Vermont senator said he would roll out the plan by the end of his first term. 

The plan Sanders has drawn up involves antitrust authorities taking action to dismantle the "internet service provider and cable monopolies" that are currently in play in the US and would see the reinstatement of the net neutrality regulation that was repealed in June last year. 

Sanders said the proposal would stop the internet from operating as a "price-gouging profit machine" for service providers. Internet and cable companies would be required to put a stop to hidden fees and be more transparent in disclosing the cost of services.

Earlier today on Twitter Sanders wrote: "The internet as we know it was developed by taxpayer-funded research, using taxpayer-funded grants in taxpayer-funded labs. Our tax dollars built the internet. It should be a public good for all, not another price-gouging profit machine for Comcast, AT&T and Verizon."

With supreme confidence in his own historical significance, Sanders likened his proposal to President Franklin D. Roosevelt's campaign to bring electricity to every rural community in America. In 1933, when Roosevelt first took office, only one in ten farms in rural America was on the grid.

"Just as President Roosevelt fundamentally made America more equal by bringing electricity to every community, urban and rural, over 80 years ago, as president, I will do the same with high-speed internet," Sanders wrote on Twitter today.

In broadband deployment, the United States ranked tenth out of 22 in a 2018 comparison with European countries, and in America's rural communities, more than 31 percent of people are without broadband. 

Source: Information Security Magazine

Real Life Director of Evil Corp Indicted for 10-Year Cybercrime Spree

Real Life Director of Evil Corp Indicted for 10-Year Cybercrime Spree

US and UK authorities have indicted the leader of a notorious cybercrime gang that stole $70m from bank accounts around the world using malware.

Ukrainian-born Russian national Maksim V. Yakubets allegedly headed up an organized crime syndicate that used Bugat malware—also known as Cridex and Dridex—to drain money from the customers of just under 300 organizations in 40 different countries. 

He is further accused of participating in a second scheme involving Zeus malware, which similarly used a botnet and money mules to pilfer bank accounts.   

Yakubets, who is known online primarily as Aqua, is wanted in relation to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present day. 

The 32-year-old was indicted in a US federal court on Thursday along with a fellow alleged cyber-criminal, 38-year-old Igor Turashev from Russia's Yoshkar-Ola-Ola. Turashev is wanted in connection with the deployment of Bugat malware. 

According to the UK's National Crime Agency, the organized crime syndicate of which Yakubets was the ringleader called itself Evil Corp—the nickname given to fictional multi-national conglomerate E Corp in the smash hit TV series Mr. Robot

Yakubets allegedly ran his large-scale criminal organization from the basements of Moscow cafes, employing dozens of people. He is currently thought to be in Russia, where he is known to sport a coiffed hairdo and cruise around in a customized Lamborghini supercar with a personalized number plate that translates to "Thief." 

A reward of $5m—the largest ever to be offered for a cyber-criminal—is being offered under the Transnational Organized Crime Rewards Program for information leading to the arrest or conviction of Yakubets.  

Lynne Owens, director general of the NCA, said: "The significance of this group of cyber-criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade. We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions."

FBI Deputy Director David Bowdich said: "The charges highlight the persistence of the FBI and our partners to vigorously pursue those who desire to profit from innocent people through deception and theft. By calling out those who threaten American businesses and citizens, we expose criminals who hide behind devices and launch attacks that threaten our public safety and economic stability."

Source: Information Security Magazine

Six Customers Affected by Ransomware Attack on CyrusOne

Six Customers Affected by Ransomware Attack on CyrusOne

One of the largest data center providers in America has become the victim of a ransomware attack.

Texas company CyrusOne confirmed yesterday that an attack involving REvil (Sodinokibi) ransomware had taken place on Wednesday. Customers of the company's New York data center, located in Wappingers Falls, suffered a loss of service as a result of the incident. 

A CyrusOne spokesperson said: "Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network.

"Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going, and we are working closely with third-party experts to address this matter."

The attackers advised CyrusOne that they would decrypt one file encrypted in the ransomware attack as a show of good faith that the remaining hijacked data would be returned upon receipt of payment. 

Exactly how the attackers gained entry to the company's network is currently unknown. The attackers say they have a private key, which they claim is the only way to access the stolen information. 

CyrusOne serves thousands of customers across 48 different data centers located around the world. Among its customers are over 200 Fortune 1,000 companies. The company said that it is currently using backups to help its customers recover lost data.

This incident is not the first time that this particular strain of the Sodinokibi ransomware has been a total pain in the coco de mer. REvil was used to attack Oracle's WebLogic server in April of this year, and since then it has also been deployed against more than 400 American dental practices and over 20 Texas municipalities.

Thomas Hatch, CTO and co-founder at SaltStack, commented: "The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack. However, this situation highlights that data center and IaaS providers are just as vulnerable to attacks as other companies. While IaaS providers generally create very secure infrastructures, there is still the liability that they can be attacked in this manner."

Source: Information Security Magazine

Banking Trojans Are Top Financial Services Threat

Banking Trojans Are Top Financial Services Threat

Banking Trojans represent the biggest potential threat to financial institutions and their customers, and are on the rise, according to new research from Blueliv.

The Spanish threat intelligence firm released data from a recent Twitter poll of over 11,000 users and its newly launched report for the banking sector, Follow the Money.

Nearly a third (31%) of respondents claimed banking Trojans were the biggest threat to financial services firms, followed by mobile malware (28%), a category also increasingly comprised of Trojans designed to access customer accounts.

The bad news is that activity appears to be escalating in this area: Blueliv’s report revealed the firm tracked a three-digit uptick in Trickbot (283%) and Dridex (130%) detections over Q2 and Q3 this year.

The botnets are known to distribute banking Trojans as well as other malware targeting financial services.

The poll also revealed that skills shortages (28%) are the biggest challenge facing banks’ IT security teams as they try to build out programs.

Recent data from (ISC)2 revealed that global skills shortages now exceed four million. In Europe the crisis is particularly acute: shortages have soared by 100% over the past year to reach 291,000.

The poll also highlighted the challenges associated with high volumes of threats and alerts (26%) and poor visibility into threats (20%), which it is claimed are hampering banking cybersecurity teams as they struggle to combat attacks.

“Because they are such high-value targets for cyber-criminal activity, it is imperative that financial services organizations monitor what is happening both inside and outside their networks in real-time to create effective mitigation strategies before, during and after an attack,” argued Blueliv CEO Daniel Solís.

“Security teams can be easily overwhelmed by the number of threat alerts they receive which can very quickly result in alert fatigue and desensitization to real, preventable threats. Threat intelligence can address the cyber skills gap through continuous automated monitoring combined with human resource to provide context, helping FSIs develop highly-targeted threat detection, prevention and investigation capabilities.”

Breaches in the financial sector tripled over the five years to 2018, with the average cost of cybercrime in the sector over $18 million, more than any other vertical, according to Accenture.

Source: Information Security Magazine

Microsoft: 44 Million User Passwords Have Been Breached

Microsoft: 44 Million User Passwords Have Been Breached

Tens of millions of Microsoft customers are using log-ins that have previously been breached, putting themselves and their organization at risk of account takeover, the computing giant has revealed.

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases.

It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and AzureAD accounts, which is more worrying for businesses.

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,” it explained.

“Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.”

Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. A report from Akamai earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting organizations such as TfL, OkCupid, TurboTax and many more.

A 2018 study of around 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Source: Information Security Magazine