Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

Zoom Phishers Register 2000 Domains in a Month

Zoom Phishers Register 2000 Domains in a Month

Over 2000 new phishing domains have been set up over the past month to capitalize on the surging demand for Zoom from home workers, according to new data from BrandShield.

The brand protection company analyzed data from its threat hunting system since the start of the year, and found 3300 new domains had been registered with the word “Zoom” in them.

The vast majority of these (67%) were created in March, as the COVID-19 pandemic forced lockdowns in multiple European countries and across parts of the US.

With surging levels of interest in Zoom and other video conferencing apps, comes renewed scrutiny from cyber-criminals.

Nearly a third (30%) of the new “Zoom” websites spotted by BrandSheild have activated an email server, which the firm claimed proves these domains are being used to facilitate phishing attacks.

These could include attempts to: covertly download malware to the victim’s machine, steal money from Zoom users who think they’re buying a subscription and harvest user details to compromise accounts and/or infiltrate sensitive calls.

“With global businesses big and small becoming increasingly reliant on video conferencing facilities like Zoom, sadly, cyber-criminals are trying to capitalize,” argued BrandShield CEO, Yoav Keren.

“Businesses need to educate their employees quickly about the risks they may face, and what to look out for. The cost of successful phishing attacks is bad for a company’s balance sheet at the best of times, but at the moment it could be fatal.”

The news comes as experts continue to warn Zoom users of the potential security risks involved in logging-on to the video conferencing app.

The app was banned for employee use by the UK’s Ministry of Defence (MoD), although the Prime Minister, Boris Johnson, still used it for a Cabinet meeting.

Experts have urged users not to share meeting IDs on social media, and to ensure they generate a password for each meeting, or else risk being “Zoombombed” — that, is having uninvited guests enter the meeting.

Trend Micro principal security strategist, Bharat Mistry, argued that cyber-criminals are always on the lookout for opportunities to make a fast buck from globally trending news.

“It’s no surprise that hackers are looking to take advantage and exploit the current situation with Covid-19 especially with the mass explosion of remote working and even remote social interactions taking place,” he told Infosecurity.

Privacy experts have also expressed concerns over employer monitoring of their staff, as admin settings can provide detailed usage statistics for each employee.

Toni Vitale, head of data protection at JMW Solicitors, argued that transparency is key.

“Employees need to be told that their activities are being monitored,” he said. “In the rush to get everyone online I doubt many companies checked their HR policies.”

Source: Information Security Magazine

Ransomware Attackers Exploit #COVID19 to Target Hospital VPNs

Ransomware Attackers Exploit #COVID19 to Target Hospital VPNs

Microsoft has been forced to alert several dozen hospitals in a “first of its kind notification” that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints.

The tech giant claimed that attackers behind the REvil (Sodinokibi) variant, for one, are probing the internet for vulnerable systems, with VPNs in high demand at the moment as COVID-19 forces home working.

The group appears to be repurposing malware infrastructure it used last year in the new attacks, which aim to take advantage of vulnerable healthcare organizations already under extreme pressure dealing with infected patients.

These “human-operated” attacks differ from commodity ransomware efforts in that the hackers use their extensive knowledge of system administration and common network security misconfigurations, said Microsoft.

“Once attackers have infiltrated a network, they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network,” it continued.

“In these attacks, adversaries typically persist on networks undetected, sometimes for months on end, and deploy the ransomware payload at a later time. This type of ransomware is more difficult to remediate because it can be challenging for defenders to go and extensively hunt to find where attackers have established persistence and identify email inboxes, credentials, endpoints or applications that have been compromised.”

Reports emerged earlier this year that ransomware attackers including REvil were targeting flaws in Citrix ADC and Gateway products. It’s also suspected that the group exploited vulnerabilities in the Pulse Security VPN platform to compromise Travelex last year.

The National Cyber Security Centre (NCSC) and the NSA pushed out alerts last October that these products were being targeted by APT groups.

Microsoft’s advice is to patch promptly, monitor remote access carefully, turn on attack surface reduction rules in Windows, and switch on AMSI for Office VBA in Office 365 environments.

A report it issued last month details further steps to mitigate targeted ransomware.

Source: Information Security Magazine

Morrisons Wins Insider Breach Ruling but Liability Concerns Persist

Morrisons Wins Insider Breach Ruling but Liability Concerns Persist

Businesses have been urged to tighten their data protection technologies, policies and procedures after a UK Supreme Court ruling yesterday left the door open for employers to be sued by their staff for insider breaches.

The case involved supermarket chain Morrisons, which suffered such a breach in 2014 when former internal auditor Andrew Skelton published online the details of nearly 100,000 employees — included NI numbers, birth dates and bank account data.

Some 5000 of these employees then brought civil proceedings against the firm, arguing it was liable for the misuse of their data. Both the High Court and the Court of Appeal ruled that, although the supermarket chain was not primarily to blame, as its security safeguards were sound, it was “vicariously liable” for Skelton’s actions.

“In simple terms Morrisons had to underwrite Skelton’s actions as an employee,” explained legal firm Cordery Compliance. “This was in part because they had selected Skelton for the trusted position of being the middle-man in transferring the [HR data] to KPMG.”

However, the Supreme Court has now ruled in Morrisons’ favor: in effect saying that in this case the employer cannot be held vicariously liable as the employee (Skelton) was pursuing a vendetta.

This is a victory for the supermarket, and several legal experts have argued that employers will also be breathing a sigh of relief that they won’t be held liable in similar circumstances.

Yet firms aren’t completely off the hook, according to Claire Greaney, senior associate at Charles Russell Speechlys.

“It wasn’t all good news for businesses today. The court did not say there could never be vicarious liability for the conduct of employees in the world of data protection. If the door to vicarious liability was left ajar by the Court of Appeal, the Supreme Court has confirmed that it is staying open,” she argued.

“In the GDPR era of mandatory notification businesses will need to look carefully at the measures they take to mitigate these risks, including taking out data insurance to protect themselves.”

Cordery Compliance speculated that the case may also have gone differently had the subject of primary liability been considered.

“Under GDPR there is a very strong emphasis on organizations having ‘technical and organizational measures’ (TOMs) in place to ensure GDPR compliance, including with regard to keeping data secure,” it argued.

“Whilst the law was similar pre-GDPR it could be argued that employers should be more conscious of TOMs like access rights and data loss prevention now that GDPR is in force. With this in mind, had the Morrisons case been decided under GDPR might there have been a different outcome as regards primary liability and the personal data that left Morrisons’ systems?”

It’s also true that companies can still be held liable for the actions of their staff in a data breach context, if those employees are not acting outside the course of their employment: i.e. accidental leaks and negligence.

Source: Information Security Magazine

Company Launches Lockdown-Friendly Hacking Competition

Company Launches Lockdown-Friendly Hacking Competition

A cybersecurity company has launched a lockdown-friendly hacking competition that doesn't require any travel or socializing. 

Participants of Cyber 2.0's new Home Hackers Challenge can compete for a cash prize without having to leave their houses. 

The competition is open to every hacker in the world, and the premise is simple—the first competitor to break into a computer-simulated organization scoops the glory and 10,000 NIS, equivalent to 2,850 USD. 

Protecting the fake organization is the company's own patented cybersecurity solution, the Cyber 2.0 program.

Cyber 2.0's Sneer Rozenfeld has no qualms about laying the reputation of the company and its cybersecurity products on the line. He said previous attempts to break through their protective layer by private hackers, companies, and specialized military units had all failed. 

"We did two hacking challenges already—this is our third one. We ran the first one in 2018 in Israel; no-one succeeded. Then in 2019, we ran a second competition in Atlanta, Georgia, with a $100,000 prize, and no-one succeeded. So, we do believe our system will not be hacked."

The competition will take place on April 6 between 11 a.m. and 3 p.m. (GMT+3). Hackers can enter through the company's website, cyber20.com.

Rozenfeld said: "The prize will go to the first hacker who breaks in with no prize for second place."

In previous years, when no hacker was able to defeat the company's cybersecurity program, Cyber 2.0 kept the prize money. However, this year, if no hacker manages to successfully break into the faux organization, the prize money will be donated to an Israeli charity that supports families in need. 

Rozenfeld said: "Everyone is affected by the coronavirus, so we want to be humble and this time not keep the money but give it away."

The ongoing health crisis has meant that Cyber 2.0 can only give hackers a short window in which to complete the challenge.

Rozenfeld said: "Holding this sort of challenge takes a lot of resources of the company so we decided to do it for 4 hours. Due to coronavirus regulations in Israel, we can't have more than 2 people on the premises, and we need more than 2 for supporting the challenge."

Source: Information Security Magazine

Affordacare Patient Data Allegedly Published Online

Affordacare Patient Data Allegedly Published Online

An American healthcare provider whose patients' records were allegedly published online in a ransomware attack has told patients their data is secure.

Affordacare runs an urgent care walk-in clinic network out of five locations in Texas. The organization was hit by a ransomware attack in February.

In a breach notification published on the organization's website, Affordacare wrote: "Hackers attacked Affordacare’s servers and were able to compromise some limited, confidential information on or around Feb. 1, 2020. The hackers also installed ransomware on the servers."

The healthcare provider said that data exposed in the incident included names, addresses, telephone numbers, dates of birth, ages, dates and locations of visits, reasons for visits, insurance plan providers, insurance plan policy numbers, insurance group numbers, treatment codes and descriptions, and comments from health care providers.

Despite refusing to pay the ransom, Affordacare told patients that "this incident did not affect your electronic health records, labs, Social Security number or any personal payment information."

The healthcare provider said that the majority of health care records were stored in a cloud-based electronic health records system that was not affected by the incident.

Ransomware group MAZE has claimed responsibility for the February attack on Affordacare. The threat group claims to have exfiltrated more than 40 GB of data from the healthcare provider, including sensitive patient health data.  

MAZE published what it claims is Affordacare data in a data dump on February 1 at http(colon)//mazenews(dot)top/site after the healthcare provider allegedly refused to pay the ransom.  

After viewing the alleged Affordacare data, Emsisoft threat analyst Brett Callow told Infosecurity Magazine: "The dump includes information relating to numerous patients, including reports that were presumably requested by Affordacare from other medical practices, as well as details relating to Affordacare’s own payroll and the resumes of people who had applied for employment." 

What appear to be Affordacare patient records published online by MAZE and viewed by Infosecurity Magazine included names, Social Security numbers, and details of a testicular sonogram. 

After notifying patients about the breach by letter on March 30, Affordacare stated on its website: "At this time, we do not know if your information was actually taken or misused."

Source: Information Security Magazine

Ransomware Payments on the Rise

Ransomware Payments on the Rise

More ransomware victims than ever before are complying with the demands of their cyber-attackers by handing over cash to retrieve encrypted files. 

New research published March 31 by CyberEdge shows that both the number of ransomware attacks and the percentage of attacks that result in payment have increased every year since 2017.

The CyberEdge 2020 Cyberthreat Defense Report states 62% of organizations were victimized by ransomware in 2019, up from 56% in 2018 and 55% in 2017. 

"Ransomware is trending in the wrong direction . . . again," states the report's authors. 

"This rise is arguably fueled by the dramatic increase in ransomware payments."

In 2017, just 39% of organizations hit by ransomware paid to retrieve their encrypted data. That figure rose to 45% in 2018, then shot up to 58% in 2019. 

To create the annual report, CyberEdge surveyed 1,200 qualified IT security decision makers and practitioners from organizations with over 500 employees in 19 different industries. The organizations were located in 17 countries across North America, Europe, the Middle East, Africa, Asia Pacific, and Latin America.

Another key finding of the report was that last year, for the first time ever, more than a third (35.7%) of organizations experienced six or more successful attacks.

When questioned over the future cybersecurity of their organization, respondents revealed that they were picking up bad vibes. 

"The number of respondents saying that a successful attack on their organization is very likely in the coming 12 months reached a record level," states the report. 

Of those IT security professionals surveyed, 69% believe a successful attack to be in the cards in 2020. This doom-laden percentage was up from 65% in 2019 and 62% in 2018. 

As for which cyber-threats caused the greatest amount of concern, survey respondents said malware was the biggest problem, closely followed by phishing and ransomware, which tied in second place.

This year was the first time that the CyberEdge survey respondents were asked if they were concerned about attacks on brand and reputation in social media and on the web. This new threat tied in tenth place with watering-hole attacks, but the report's authors predict it will place higher next year.

They wrote: "We think this category (which includes hijacking social media accounts, using typo squatting website for fraud, and selling counterfeit goods online) will become more of a concern in the cybersecurity community."

Source: Information Security Magazine

Lack of Understanding of US Legislation Putting UK Business Data at Risk

Lack of Understanding of US Legislation Putting UK Business Data at Risk

UK businesses could be putting customer data at risk by having a low understanding of important data protection legislation. Research from IONOS has shown that 44% of IT decision makers in the UK do not have a comprehensive understanding of the US CLOUD Act. In contrast, 92% had a comprehensive understanding of the EU’s General Data Protection Regulation (GDPR).

The survey included 500 UK-based IT decision makers, analyzing their knowledge of key data legislation, attitudes towards data storage and cloud services usage. In particular, it highlighted a significant lack of understanding of the US CLOUD Act, passed into law in 2018. Among the provisions of the Act, it gives US law enforcement agencies the power to request data stored by most major cloud providers. Around six months ago, the UK and US signed the CLOUD Act agreement, making it applicable to UK businesses.

The study revealed that 47% of the IT decision makers were unaware that, under the legislation, US cloud hosting providers may be required to disclose customers’ data to US officials. This applies regardless of whether the information was stored inside or outside of the US, and is irrespective of GDPR regulations.

“GDPR compliance has been a key focus for many European and global businesses since it was introduced, but IT professionals are under pressure to keep up with the constantly evolving data security landscape,” explained Achim Weiss, CEO at IONOS. “The US CLOUD Act adds another layer of potential misunderstanding for those hosting with US cloud providers.”

Surprisingly, a high proportion of those polled were willing to store sensitive information in the cloud, including personal customer and employee details (54%) and accounting data (50%).

Weiss added that much more education around the US CLOUD Act as well as storage best-practice is required for UK businesses to ensure their data is safe and secure.

Source: Information Security Magazine

Chinese #COVID19 Conspiracy Theories Date Back to January

Chinese #COVID19 Conspiracy Theories Date Back to January

Chinese conspiracy theories that COVID-19 was some kind of US military bioweapon date back to January, months before a foreign ministry official in Beijing began to spread the same fake news, according to a new study.

An analysis from the Stanford University Cyber Policy Center has revealed how fringe conspiracy theories can eventually become weaponized by governments to further their geopolitical ends.

Zhao Lijian, a deputy director-general of the Chinese Foreign Ministry’s Information Department, took to Twitter on March 12 to suggest “the US army brought the epidemic to Wuhan.” He included a clip from the chief of the US Center for Disease Control who merely said that some patients who died from COVID-19 might not have been tested.

This was followed a few hours later by another tweet of Zhao's which shared an article from a conspiracy theory site that “the virus originated in the US.”

After Washington complained at the unfounded allegations, Chinese ambassador to the US, Cui Tiankai, distanced Beijing from the rumors.

Stanford’s analysis revealed that these could be found online as far back as January 2, when a Chinese language YouTube video dismissed the idea of COVID-19 as a US bioweapon. Chinese Twitter users at the end of the month took the opposite line, claiming the coronavirus was a US creation. These posts remain online, despite the social media site’s crackdown on COVID-19 misinformation.

By February 1, speculation began to spread that the virus was linked to US attendance at the Military World Games, which took place in Wuhan in October 2019.

The Stanford report authors urged online users to exercise skepticism at what they read online, even when posted by government officials.

“In times of uncertainty, speculation and political blame games, continued vigilance is key when it comes to assessing and sharing information — even, or sometimes especially, when it comes from state channels,” they said.

“Social media companies need to maintain their efforts to proactively remove unfounded speculation and disinformation on their own platforms, regardless of who posts it. Citizens and journalists should question the intentions an actor promoting online content may have before possibly amplifying misleading voices.”.

Source: Information Security Magazine

Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites

Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites

Online threats have risen by as much as six-times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyber-attacks, according to Cloudflare.

The web security and content delivery vendor analyzed UK traffic figures for the past four weeks compared to the previous month and noted a sharp uptick in malicious activity.

It revealed that hacking and phishing attempts were up 37% month-on-month, while on some days, the firm was blocking between four- and six-times the number of attacks it would usually see.

The firm said the uptick was the result of “recreational” hackers with more time on their hands. However, professional cyber-criminals are also using the global incident to further their own agendas.

Phishing attempts have soared by over 600% since the end of February, including traditional impersonation scams but also business email compromise (BEC) and extortion attacks, according to Barracuda Networks.

In Hong Kong, likely state-sponsored attackers are even using the virus as a lure to trick users into clicking on news links booby-trapped with iOS spyware.

Domain registrars are ramping up efforts to halt automatic registration of any website names that are linked to COVID-19, for fear they may be phishing sites or those selling counterfeit goods like surgical masks and pharmaceuticals.

Interpol announced last week that it had already managed to seize $14m worth of such fake goods.

Even the National Cyber Security Centre (NCSC) has been stepping in to remove malicious and phishing sites.

Aside from the rise in threat levels, Cloudflare also noted an overall uptick in internet use of 17%, as the majority of the country is urged to stay indoors and work from home.

Online searches for tutoring grew most during the past four weeks, up 400%, while politics (320%), TV (210%) and gardening (200%) also spiked.

Source: Information Security Magazine

IASME Named Sole Cyber Essentials Certification Body

IASME Named Sole Cyber Essentials Certification Body

A new partnership has been announced between the National Cyber Security Centre (NCSC) and the IASME Consortium to relaunch the Cyber Essentials Scheme, with IASME as the sole certification body.

The NCSC has carried out research, determining the path to certification for Cyber Essentials could be made clearer, that the standard was being implemented consistently across the UK and that assessor and advisor standards were consistent. Its research showed that customers were confused by the use of five different organizations to deliver the scheme, as each organization operated the scheme in a slightly different way.

After a tender process, the NCSC has appointed a single Cyber Essentials Partner – The IASME Consortium, with effect from today.

Introduced in 2014, Cyber Essentials enables organizations to demonstrate that they meet defined standards of online security and seeks to identify that organizations have key controls in place. The scheme provides successful applicants with a certificate that lasts for 12 months.

It was intended to enable companies to understand the basic controls all organizations should implement to mitigate the risk from common internet-based threats, and concentrated on five key controls:

  • Boundary firewalls and internet gateways
  • Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organization
  • Access control – ensuring only those who should have access to systems have access and at the appropriate level
  • Malware protection
  • Patch management – ensuring the latest supported version of an application is used and all necessary patches have been applied

IASME said that today’s new partnership will help make fundamental cyber-protection more understandable, accessible and practical. Dr Emma Philpott, MBE, chief executive of IASME, said: “IASME contributed to the original writing of the scheme and has been involved in its delivery ever since. We welcome the prospect of continuing to work in partnership with NCSC to further develop and grow the Cyber Essentials scheme.

“We are particularly looking forward to working with the wider network which includes all Cyber Essentials Certification Bodies which will allow us to offer expert support and certification to organizations across the whole of the UK and Crown Dependencies.” 

IASME welcomed new certification bodies whom had come on board during the transition period, and thanked other certification bodies that had been a part of the journey to date. “Together we will provide a comprehensive, UK-wide network of licensed Certification Bodies to ensure regional support is available to all those who need it.”

Anne W from the NCSC, added: “The move to a single Cyber Essentials Partner allows us to work closely with IASME to develop the scheme and build further on the success to date. Cyber Essentials is an important scheme within the NCSC’s extensive portfolio of tools and guidance, all of which make a significant contribution to making the UK one of the safest places in the world to live and do business online.”

Source: Information Security Magazine