Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

Fraud Attacks from Mobile Spiked 300% in Q1

Fraud Attacks from Mobile Spiked 300% in Q1

Fraud attacks from mobile apps spiked by 300% in the first quarter of 2019, according to new researcher from RSA.

Published today, the Fraud Attack Trends: Q1 2019 report found that the total fraud attacks from rogue mobile applications on January 1 was 10,390 but had jumped to 41,313 by March 31.

Rogue mobile apps are those designed to duplicate legitimate apps of trusted brands, which are a fast-growing phenomenon among cyber-criminals and a huge digital risk for consumers and businesses, according to the report.

In addition, the report found that fraud attacks introducing financial malware increased 56%, from 6,603 in Q4 2018 to 10,331 in Q1 2019. Of all the fraud attacks RSA observed in the first quarter, phishing accounted for 29%, though the overall phishing volume grew less than 1% quarter over quarter. Additionally, phishing decreased rather significantly in terms of overall fraud attacks, which the report said was due to the exponential growth of attacks from rogue mobile apps.

An increasing threat for e-commerce business is fraud attacks on card-not-present (CNP) transactions, which grew by 17% in the first quarter of 2019. Of those attacks, 56% originated from mobile. 

“Canada, Spain and the Netherlands remain the top three countries targeted by phishing, representing 78% of total attack volume. The Philippines appeared on the list, replacing Brazil as a top target with 2% of total phishing volume in Q1,” the report said.

Of all the countries observed, Spain was targeted with a high volume of phishing, which the report attributed to the launch of new innovative digital payment services among many prominent financial institutions, which serves as a reminder that cyber-criminals are looking to exploit digital transformation initiatives.

“The old username/password combination is simply no longer sufficient as a form of consumer authentication. The use of multi-factor, adaptive authentication and transaction risk analysis to watch for signs of fraud based on device, user behavior and other indicators is another critical layer to prevent the onslaught of account takeover in the event of a successful login attempt,” the report said.

Source: Information Security Magazine

Firmware Vulnerability in Mitsubishi Electric

Firmware Vulnerability in Mitsubishi Electric

A vulnerability in Mitsubishi Electric’s MELSEC-Q Series Ethernet Module could allow a remote attacker to gain escalated privileges, according to an ICS-CERT advisory.

Reported by Nozomi Networks, the vulnerability “could allow an attacker to render the PLCs statue in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or executive arbitrary code in the context of the affected system of the workstation engineering software,” said Nozomi Networks co-founder and CTO Moreno Carullo.

On May 21, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an ICS-CERT Advisory (ICSA-19-141-0s), noting that the vulnerability in uncontrolled resource consumption was exploitable remotely and required a low skill level to exploit. 

“Organizations that may be potentially impacted can implement the following National Cybersecurity and Communications Integration Center (NCCIC) mitigations: Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the internet,” Carullo said.

“Locate control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may also have vulnerabilities and should be updated to the most current versions available. Also recognize that VPN is only as secure as the connected devices.”

Mitsubishi Electric has issued a firmware patch and recommends operating the affected device behind a firewall.

NCCIC encourages users to take defensive measures to minimize the risk of exploitation of this vulnerability, noting that users should:

  • Minimize network exposure for all control system devices and/or systems and ensure that they are not accessible from the internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from the business network.
  • Use secure methods when remote access is required, such as VPNs, recognizing that VPNs may have vulnerabilities and should be updated to the most current version available and that a VPN is only as secure as the connected devices.

Source: Information Security Magazine

US May Ban Chinese Surveillance Camera Companies

US May Ban Chinese Surveillance Camera Companies

Citing human rights as the primary concern, the US announced that it is considering a ban on surveillance technologies produced by five Chinese companies, adding Hangzhou Hikvision Digital Technology Co. and Zhejiang Dahua Technology Co., to a blacklist that bars them from US components or software, according to The New York Times and Bloomberg.

Hikvision’s cameras are used the world over, which has raised human rights concerns given the recent revelation that nearly 1.2 million Muslims are being detained in camps in Xinjiang, where Hikvision won five contracts worth billions of yuan last year, according to Forbes.

“We hope the company receives a fair and just treatment,” Hikvision’s secretary of the board, Huang Fanghong, reportedly said in a statement. Dahua representatives had no immediate comment, according to Bloomberg.

Evidence supports the claims that Hikvision is involved in the surveillance efforts conducted in Xinjiang, despite the company asserting that it is nothing more than a product provider.

“Hikvision's own website directly contradicts this claim,” wrote Charles Rollet for IPVM. “In 2017, Hikvision proudly posted that it had won a $79 million safe city project in Xinjiang's capital of Urumqi, stating the project included about 30,000 cameras and data centers.

“Bidding documents also show Hikvision itself directly bid and won wide-ranging surveillance projects in Xinjiang. For a $46m project in Xinjiang's Karakax (or Moyu) county, Hikvision is listed as the sole winner in Chinese bidding documents, which even include its headquarters' address in Hangzhou and state the project is 'BOT,' a scheme in which companies Build, Operate, and then Transfer projects to authorities. Hikvision is also listed as the only winner in bidding documents for a different $53 million surveillance project in Pishan County, which also list its Hangzhou address.”

In addition, Hikvision, Dahua and other companies have reportedly “benefited handsomely from Chinese President Xi Jinping’s unprecedented push to keep tabs on the country’s 1.4 billion people,” according to Bloomberg.

In 2016 IHS Markit reported that China had approximately 176 million video surveillance cameras in use through its public streets, buildings and public spaces, more than three times the 50 million used in America, Bloomberg reported.

Source: Information Security Magazine

Google Stored Plaintext Passwords Since 2005

Google Stored Plaintext Passwords Since 2005

Google has admitted that some of its enterprise customers’ passwords have been erroneously stored in plaintext, in a security issue dating back 14 years.

The tech giant’s VP of engineering, Suzanne Frey, explained that the problem occurred when it introduced a new way for G Suite domain administrators to upload and manually set new passwords for their employees, to help with onboarding and account recovery.

“We made an error when implementing this functionality back in 2005: The admin console stored a copy of the unhashed password. This practice did not live up to our standards,” she added.

“To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

It’s unclear exactly how many users have been affected by this security snafu: Google would only say that it relates to a “subset of G Suite” customers. No consumer Google accounts were impacted.

Frey’s team also spotted a separate but similar security issue, dating back to the start of this year.

“As we were troubleshooting new G Suite customer sign-up flows, we discovered that starting in January 2019 we had inadvertently stored a subset of unhashed passwords in our secure encrypted infrastructure,” she explained.

“These passwords were stored for a maximum of 14 days. This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords. We will continue with our security audits to ensure this is an isolated incident.”

All G Suite admins impacted by these issues have been notified, and Google said it will reset passwords on any affected account where action is not taken.

Facebook, Twitter and GitHub have all admitted storing user passwords in plaintext over the past year or so. In Facebook's case, hundreds of millions of users are thought to have been affected.

Source: Information Security Magazine

FCA: £27m Lost to Crypto Scams Last Year

FCA: £27m Lost to Crypto Scams Last Year

The UK’s financial regulator has warned that £27m was lost in the last financial year to scams promising big returns on cryptocurrency and foreign exchange (forex) investments.

The Financial Conduct Authority (FCA) claimed that investors lost on average £14,600 to fraud during the 12-month period, with reports of scams more than tripling to 1800.

This kind of fraud typically starts on social media, where investors are lured by “get rich quick” promises, images of luxury items and celebrity endorsements. Clicking through takes them to legitimate-looking websites where they are tricked into handing over money.

“Investors will often be led to believe that their first investment has successfully made a profit,” warned the FCA.

“The fraudster will then contact the victim to invest more money or introduce friends and family with the false promise of greater profits. However, eventually the returns stop, the customer account is closed and the scammer disappears with no further contact.”

The findings are part of an awareness campaign being run by the FCA, supported by Action Fraud and the City of London police.

Its ScamSmart website is designed to make consumers more skeptical of get rich quick cryptocurrency and forex schemes.

“We’re warning the public to be suspicious of adverts which promise high returns from online trading platforms,” said Mark Steward, executive director of enforcement and market oversight at the FCA.

“Scammers can be very convincing so always do your own research into any firm you are considering investing with, to make sure that they are the real deal. Before investing online find out how to protect yourself from scams by visiting the ScamSmart website, and if in any doubt — don’t invest.”

Anyone that has fallen victim is urged to contact Action Fraud.

A report by Ernst & Young last year revealed that 10% of cryptocurrency ICOs lose their funds to hackers, with phishing a popular way to trick investors into handing over the private keys to their digital wallets.

Source: Information Security Magazine

DHS Issues Alert on Chinese-Made Drones

DHS Issues Alert on Chinese-Made Drones

Chinese-made drones may be sending sensitive flight data to their manufacturers in China, according an alert issued by the US Department of Homeland Security (DHS), CNN reported on May 20.

In a copy of the alert obtained by CNN, DHS said, "The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access.”

While the report refrains from naming specific manufacturers, approximately 80% of the drones used in the US and Canada reportedly come from DJI in Shenzhen, China. DHS reportedly is concerned about "potential risk to an organization's information…[from products that] contain components that can compromise your data and share your information on a server accessed beyond the company itself," according to CNN.

"Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities," the alert reportedly added.

“The Department of Commerce required Google to pull rights to use Google Play and apps on Android from Huawei. Now, we are hearing about risks of Chinese-made drones, which the primary manufacturer is DJI based in China,” said Chris Morales, head of security analytics at Vectra.

“The overall theme is that a third-party manufacturer could be using personal data for malicious intent. This is a theme that should expand beyond just a specific nation state actor. This is a real concern for any device that is collecting data on a user, regardless of where they are based.

“It doesn’t mean everyone is bad, though. Most organizations are in the business of making money and are not intentionally causing harm to consumers. Personally, I don’t even like enabling features, such as location services, on my personal device that gives even American companies too much data about me and my own personal habits.”

Source: Information Security Magazine

Ransomware Not Gone but More Targeted, Report Says

Ransomware Not Gone but More Targeted, Report Says

Cyber-criminals continue to grow more sophisticated, developing advanced attack methods, including tailored ransomware, according to the Q1 Global Threat Landscape Report, published today by Fortinet. In addition to targeted attacks, criminals are also using custom coding, living-off-the-land (LotL) and sharing infrastructure to maximize their opportunities, the report said.

Despite a decline in previous high rates of ransomware, ransomware itself is far from gone. Instead, cyber-criminals are using more targeted attacks. Ransomware “is being customized for high-value targets and to give the attacker privileged access to the network. LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analyzed,” the report said.

Researchers also detected an uptick in malicious actors leveraging dual-use tools, preinstalled on targeted systems to carry out cyber-attacks. 

The report noted the trend of shared infrastructure. Researchers detected a rise in the total malware and botnet communication activity, as well as the number of domains shared between threats at each stage of the kill chain.

“Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure. IcedID is an example of this 'why buy or build when you can borrow' behavior. In addition, when threats share infrastructure they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns,” the report said.

“We, unfortunately, continue to see the cyber-criminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” said Phil Quade, chief information security officer, Fortinet, in a press release.

“Organizations need to rethink their strategy to better future-proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defense. Embracing a fabric approach to security, micro and macro segmentation and leveraging machine learning and automation as the building blocks of AI can provide tremendous opportunity to force our adversaries back to square one.”

Source: Information Security Magazine

Encryption is Often Poorly Deployed, if Deployed at All

Encryption is Often Poorly Deployed, if Deployed at All

Encryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.

According to research by Thales and IDC, encryption for email is only adopted by around 27% of European of the respondents they recently surveyed, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European respondents ranking higher than a global number was in the instance of using cloud-native provider encryption.

Speaking at an event in London, Thales senior regional sales director, Kai Zobel, said that despite the introduction of GDPR a year ago “companies struggle to understand where the data is” and he has seen some companies buy a product to “encrypt some islands but then they struggle to continue. So we see thousands of potential servers that need to be encrypted but they [some companies] just do 200 and they think they are done.”

Zobel added that with more and more politics in the workplace, data “doesn’t want to be touched” and there is a feeling that security cannot be relied upon.

“They [organizations] have long lists of what to implement in the next 12 months, but they struggle to implement it and one of the main reasons is because of complexity,” Zobel said. “This is because they don’t have enough people to understand the technology in the best way possible.”

He also commented that a number of companies look for “good enough compliance” and people would rather spend less than ensure 100% security, “so they are just trying to find good solutions but not 'The Best' solution.”

Jason Hart, security evangelist at Thales, said that there is a wider problem of nothing changing in the last 25 years, except that we are creating more and more data. That has become a commodity, and “because of the acceleration of cloud I say to a company ‘what are you trying to protect?’ and after an hour we may get to a conversation about data and two hours later we may get to the type of data that they deem to be valuable.”

However, Hart argued that companies do not understand the risks that they are trying to mitigate, “and information security is really simple, it is about people, data and process.”

Speaking to Infosecurity, Hart said that if you look at every major breach that has occurred, there are too many instances of companies not deploying encryption properly, and also people do not look at the risk.

“You encrypted the data in the database, but what talks to the database? The application, so the data now transverses into the application’s code text and then from the application it goes into the cloud,” he said. “So they do it in silos and elements, but when people do it wrong, there is a false sense of security.” 

Source: Information Security Magazine

DDoS Attacks on the Rise After Long Period of Decline

DDoS Attacks on the Rise After Long Period of Decline

The number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab.

The global cybersecurity company’s findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shifting their attention to other sources of income last year, such as cryptomining.

What’s more, Kaspersky Lab discovered a substantial growth in the amount of attacks that lasted more than an hour. The company suggested that the launch of newer DDoS-for-Hire services could explain the sudden rise in the number of DDoS attacks in 2019.

“The DDoS attack market is changing,” said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. “New DDoS services appear to have replaced ones shut down by law enforcement agencies. As organizations implement basic countermeasures, attackers target them with long-lasting attacks. It is difficult to say if the number of attacks will continue to grow, but their complexity is showing no signs of slowing down.

“We recommend that organizations prepare themselves effectively, in order to withstand sophisticated DDoS attacks.”

Kaspersky Labs’ advice for DDoS attack defense included:

•           Ensuring that web and IT resources can handle high traffic

•           Using professional solutions to protect the organization against attacks

Source: Information Security Magazine

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei

The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August.

Despite reports emerging over the weekend of various chipmakers halting supplies to the Chinese firm after it was placed on an Entity List last week, the Commerce Department appears to have softened its stance.

Issued on Monday, the temporary general license for Huawei and 68 non-US affiliates will run for 90 days, bringing it up to August 19 2019.

It covers various areas, including: supplies to ensure Huawei’s networks and equipment are fully operational; software updates for existing Huawei handsets; and disclosure of any security vulnerabilities to the firm.

The license also authorizes US firms to engage with Huawei and its affiliates “as necessary for the development of 5G standards as part of a duly recognized international standards body.”

At the same time, Huawei founder Ren Zhengfei has struck a defiant tone in state media reports, claiming the US “underestimates” the firm’s capabilities and that it has already made efforts to mitigate the impact of any supply chain restrictions.

He has also reportedly claimed that no company can catch Huawei in terms of its 5G technology, a fact that Western lawmakers are grappling with in weighing up how to treat the company.

Lock the company out of 5G completely and it could add years to implementation, impacting customers — or at least, that’s Huawei's argument.

Although UK Prime Minister Theresa May agreed only to allow Huawei to supply non-core parts of carriers’ 5G networks, the decision by the leading Five Eyes nation remains controversial.

A new report by right-wing think tank the Henry Jackson Society co-authored by a Conservative MP and a former government security advisor claims there is “significant risk” in allowing Huawei to supply the UK’s 5G networks.

The report includes a foreword from former MI6 boss, Richard Dearlove, calling on the government to reconsider its position.

Source: Information Security Magazine