Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

US, Australia Defend Democracy With Cyber Center

US, Australia Defend Democracy With Cyber Center

In collaboration with the US, Australia is endeavoring to fight the threat of fake news with the creation of a new cybersecurity center, according to The Lead.

The Jeff Bleich Centre for the US Alliance in Digital Technology, Security and Governance in Adelaide, Australia, is named after Jeff Bleich, special counsel to former President Barack Obama. From 2009 to 2013, Bleich served as ambassador to Australia. The ambassador will also be named a Flinders University Professorial Fellow.

South Australian researchers will work with the US to improve cyber-intelligence capabilities that will combat both the threat of deep fakes and the potential for foreign adversaries to meddle in national elections. 

According to the center’s website, it will provide “an Australian research hub, focused initially on social science research, for government, industries and NGOs to address current and emerging issues of digital technology, security and governance, especially in relation to the US-Australia Alliance.” 

The center will also enable Australia to strategically collaborate with and establish partnerships among and between academia, industry and defense both at home and abroad. 

Commenting on the disruptive cost of cyber-threats on democracy, Ambassador Bleich said, “We know that the advent of digital technology has fundamentally changed the way we each work, eat, shop and live. But it has also changed our societies and how we defend ourselves.

“Our nations – both separately and together – must operate in new ways to preserve our values and protect our people and allies in new battle spaces. This is the mission of the Jeff Bleich Centre for the US Alliance in Digital Technology, Security and Governance. Flinders is the ideal home for the center with its long-term track record in American studies, its focus on disruptive technologies and its successful binational programs," Bleich said.

“The center aligns with the South Australian and federal governments’ cyber-security plans and will further strengthen South Australia’s position as Australia’s defense state. It will consolidate Flinders University’s research expertise and strengths in digital technologies, security and governance and build upon Flinders existing strengths in US policy studies and the university’s strong US alliance.”

Source: Information Security Magazine

Netanyahu Boasts of Israel's Cyber Intelligence

Netanyahu Boasts of Israel's Cyber Intelligence

At Israel’s Cyber Week 2019 being held at Tel Aviv University, Prime Minister Netanyahu boasted that Israel learned of and was able to stop an attacker from hijacking a flight from Sydney to Abu Dhabi because of the country’s cyber-intelligence capabilities, according to today’s press release.

“We alerted the Australian police, and they were able to prevent it. If you multiply that times 50, that would give you an idea of the contribution that Israel has made in protecting against terrorist activities, and most of those contributions were made with cybersecurity,” Netanyahu reportedly said.

“Israel has invested more than any other country proportionally,” he continued. “We invest vast sums of money, probably #2 in the western world, in our military intelligence, which goes to the army, the Mossad, to the Shin Bet [Israel Security Agency] and to other arms as well. We have created an enormous investment in human capital, people, who can deal with the internet, can deal with the ramifications of this revolution, both as workers and as entrepreneurs.”

Recognizing the challenges that Israel had to overcome to become a competitor in industries that require large-scale operations, Netanyahu spoke of the benefits of collaboration, adding, “We’re encouraging international associations. We have today unbelievable cooperation, first with our great and irreplaceable ally the USA, we’re collaborating on cybersecurity and on many other things.” 

Following Netanyahu, Yigal Unna, director general of the Israel National Cyber Directorate (INCD) took to the stage, stressing, "Iran and its proxies continue to pose a main cyber threat on the Middle East. Israel is prepared for cyber-threats and we have the capability to respond forcefully to cyber-attackers.”

Reporting on a survey conducted by INDC, in which more than 300 companies across Israel participated, Unna noted that 68% of companies reported that they had experienced at least one attempted or actual cyber-attack in the past year; however, in the majority (63%) of those incidents, the organizations said they incurred no damage. 

Source: Information Security Magazine

Dramatic Increase in Abuse of File Sharing Services

Dramatic Increase in Abuse of File Sharing Services

Security researchers are warning of a “dramatic” increase in the exploitation of legitimate file sharing services to deliver malware in email-based attacks, especially OneDrive.

FireEye claimed in its latest Email Threat Report for Q1 2019 that services including WeTransfer, Dropbox, Google Drive and OneDrive are increasingly being used to host malicious and phishing files.

However, while Dropbox was most commonly used of all the services, OneDrive is catching up fast. From hardly being used in any attacks in Q4 2018, it shot up by over 60% in the intervening months.

Hackers are using such services as they bypass the initial domain reputation checks made by security tools.

Detection filters are also challenged by the use of “nested emails.” With this tactic, a first email contains a second email as attachment, which in turn contains the malicious content or URL.

FireEye also warned of a 17% increase in total phishing emails spotted over the previous quarter, with the most-spoofed brands including Microsoft, followed by OneDrive, Apple, PayPal and Amazon.

Hackers are increasingly using HTTPS in phishing attacks featuring URLs in a bid to trick users into clicking. FireEye observed a 26% quarter-on-quarter increase in the tactic, which exploits the consumer perception that HTTPS is inherently secure.

In fact, the FBI was recently forced to issue an alert warning that HTTPS and padlock icons in the address bar are not enough to prove the authenticity of sites.

It said that users should resist clicking on links in unsolicited emails, it added.

Finally, FireEye warned that cyber-criminals are expanding their repertoire when it comes to BEC attacks.

In one version they target the payroll department with requests to change the bank details of senior executives with the hope of diverting their salary. In another, they focus on accounts payable but pretend to be trusted suppliers who are owed money, instead of the CEO/CFO.

Source: Information Security Magazine

Recipe for Disaster as Tech Support Scammers Use Paid Search

Recipe for Disaster as Tech Support Scammers Use Paid Search

Tech support gangs have been spotted using paid search to reel in unsuspecting victims looking for food-related content online, according to Malwarebytes.

The security vendor spotted scammers buying ads for Google and Bing which it said are designed to lure older netizens searching for food recipes.

“This scheme has actually been going on for months and has intensified recently, all the while keeping the same modus operandi,” it said. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months.”

As paid search entries are displayed at the top of search listings, users are more likely to click through. Doing so took them to specially created food blogs built by the scammers, complete with comments on the various articles.

“However, upon closer inspection, we can see that those sites have basically taken content from various web developer sites offering paid or free HTML templates,” said Malwarebytes.

In the right circumstances, the user is redirected to a browlock, or fake warning page, which is common in tech support scams. It checks for browser and OS and displays a relevant message claiming the user’s machine has been blocked because of a virus alert from Microsoft.

Calling the number, the white hats spoke to tech support scam ‘technicians’ who tried to sell them expensive support packages on the back of the fake AV alert. That company was listed as A2Z Cleaner Pro (AKA Coretel Communications).

Malwarebytes notified Google and Bing about the fraudulent ads and GoDaddy about the fake blogs and reiterated the importance of industry cooperation in tackling the tech support threat.

It’s unclear exactly how widespread the campaign was, but one URL shortening service used by one of the websites revealed over 50,000 hits in a single week in early May, mainly in the US.

Source: Information Security Magazine

Fake Ads that Lock Browsers Target Elders

Fake Ads that Lock Browsers Target Elders

A scam that was discovered last month that involved cyber-criminals invading Microsoft Azure Cloud Services reportedly remains ongoing. According to Malwarebytes’ threat intelligence team, the scam has continued but with a new trick: utilizing paid search results.

Instead of targeting victims through false emails claiming to be from Microsoft or Apple, scammers have been buying ads displayed on major internet portals to target an older demographic to drive traffic to decoy blogs that then redirects victims to a browser lock page, according to researchers. 

“To support their scheme, the scammers have created a number of food-related blogs. The content appears to be genuine, and there are even some comments on many of the articles,” the researchers wrote. 

Though it’s been going on for months and the method of deception remains the same, researchers said the scheme has intensified recently. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months,” the researchers wrote. 

Scammers tricked users into believing their computers have been compromised via these blogs. As a result, the crooks were able to convince users that they needed expensive but ultimately useless “support packages” in order to clean up their computers. These specious offerings, not surprisingly, do next to nothing when it comes to protecting a user’s computer. 

"Tech support scams are one of the top threats affecting older folks, costing consumers millions of dollars in losses. Despite many takedowns and arrests in recent years, this industry is still very active and using the same social engineering techniques via fake browser alerts,” the Malwarebytes Threat Intelligence team told Infosecurity.

“It is important to remember that those browser lockers are not harmful in and out of themselves and that they can be closed safely. Victims that ended up calling the alleged Microsoft technicians for assistance should change their passwords, scan their machine for malware, revert any payment made, as well as monitor their bank statements closely.”

Source: Information Security Magazine

'Dashboard Act' Would Force Orgs to Disclose Data

'Dashboard Act' Would Force Orgs to Disclose Data

On Monday, Sens. Mark Warner (D-Va.) and Josh Hawley (R-Mo.) proposed the Designing Accounting Safeguards to Help Broader Oversight and Regulations on Data, also known as the DASHBOARD Act, which would put strict requirements on data operators, according to CNBC News.

“For years, social media companies have told consumers that their products are free to the user. But that’s not true – you are paying with your data instead of your wallet,” Warner reportedly said in a press release.

Those companies identified as data operators are defined as having more than 100 million active monthly users, which is most social media platforms and tech giants like Google. If voted into law, the new requirements would mandate that data operators “provide each user of the commercial data operator with an assessment of the economic value that the commercial data operator places on the data of that user; and in a clear and conspicuous manner.”

Data operators would also need to convey to each individual user the exact types of data that are being collected by either the company itself or a partner. “The concept of forcing large companies such as Facebook, Twitter, and Google to show their cards and actually tell people what their personal data is worth to the company is a novel one,” wrote Dennis Fisher in a June 24 blog post for Duo Security

“Most users of those companies’ services likely have little if any idea of how much data is collected by them, let alone what the monetary value of that information is. But those companies most certainly do, as their business models depend upon it,” Fisher continued.

In response to the news, CEO and president of the Internet Association Michael Beckerman wrote, “Data helps businesses – across all industries and of all sizes and business models – provide consumers with better products and services. We are encouraged by policymaker interest in addressing consumer privacy and providing Americans with greater transparency and control over how their data is used and protected. The internet industry supports a comprehensive, economy-wide federal privacy law that covers all companies – from social media sites to local grocery stores to data brokers – to give consumers the protections and rights they need to take full control of the data they provide to companies.”

Source: Information Security Magazine

Breach at Dominion National Likely Began in 2010

Breach at Dominion National Likely Began in 2010

Dental and vision benefits insurer and administrator Dominion National announced a data security incident in which the personal information of members was potentially compromised.

“Safeguarding the privacy of your personal information is a top priority for us, and we make every effort to protect your information. Despite these efforts, Dominion National experienced a data security incident,” Dominion National president Mike Davis wrote in a company message.

The unauthorized access might have started as long ago as August 2010, according to the notice. “On April 24, 2019, through Dominion National's investigation of an internal alert and with the assistance of a leading cyber security firm, Dominion National determined that an unauthorized party may have accessed some of its computer servers. The unauthorized access may have occurred as early as August 25, 2010. Dominion National moved quickly to clean the affected servers.”

The company reports that it currently has no evidence that data was actually misused or wrongfully accessed. “However, we began mailing notification letters to potentially affected individuals on June 21, 2019, and we have established a dedicated incident response line to answer any questions.”

The data that was potentially accessed could include the enrollment and demographic information for current and former members. In addition to members of both Dominion National and Avalon Insurance, others who are affiliated with the organizations could have also had their data compromised. 

“The servers may have also contained personal information pertaining to plan producers and participating healthcare providers. The information varied by individual, but may include names in combination with addresses, email addresses, dates of birth, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, and subscriber numbers,” according to the announcement.

Source: Information Security Magazine

#DISummit19: Fraudsters Shifting Focus to Mobile Attacks

#DISummit19: Fraudsters Shifting Focus to Mobile Attacks

Speaking at the EMEA Digital Identity Summit 2019 in London Rebekah Moody, fraud and identity market planner at LexisNexis Risk Solutions, reflected on the findings of the new ThreatMetrix EMEA Cybercrime Report.

Moody discussed how the report, based on data from attacks between January-March 2019, revealed EMEA to be one of the most mobile regions in the world, with 71% of transactions originating from a mobile device in EMEA, compared to 55% globally.

That was a key factor in driving a lower overall attack rate in the EMEA region, she added, because mobile transactions are generally “safer than desktop transactions,” with attack rates on mobile five-times lower than desktop.

“However, we have started to see some really interesting shifts and evolution in the way that fraudsters are using mobile,” Moody added, explaining that fraudsters have recently begun adapting to changing consumer behaviors and are now turning their focus to mobile attacks.

“It’s really interesting how fraudsters are using mobile as a facilitator to develop different ways to attack user accounts.”

The industry that is currently most at risk from rising mobile attacks is the media industry, Moody said, explaining that “fraudsters are likely using media as an identity-testing ‘test bed’ because it’s generally an easier target than the e-commerce or financial service industries.”

Source: Information Security Magazine

#DISummit19: Online Fraud Becoming More Complex & Sophisticated

#DISummit19: Online Fraud Becoming More Complex & Sophisticated

Speaking at the EMEA Digital Identity Summit 2019, Stephen Topliss, vice-president, fraud & identity at LexisNexis Risk Solutions, said that online fraud is becoming more intricate and sophisticated.

“Fraud has become much, much more complex,” he said, pointing to a particular rise in “networked fraud,” which consists of cross-border fraud, omi-channel fraud and cross-industry fraud.

“With cross-border fraud, attackers are using VPN and proxies to hide where they are originating from.

“We’re also seeing omni-channel fraud, so while in the past an attack might have focused specifically on an online banking channel, fraudsters are getting much more sophisticated and are using channels to investigate and learn more about a target or their account.”

Then there’s cross-industry fraud, Topliss added, which involves fraud attacks that first target one industry and then become stepping stones to target other industries.

There have also been recent rises in the amount of social engineering being used in fraud attacks, Topliss said. “It’s really becoming the new norm; in the financial sector, the early years of fraud really focused on third party fraud, but now there are so many layers of defense that are actually working quite well, so fraudsters have figured out that the human is the weakest link.”

Then there’s the rise in bot activity, with bots continuing to be a bigger and bigger problem within the fraud threat landscape. “It’s not just the sheer volume of them,” Topliss explained, “they are becoming more sophisticated and they’re invading traditional layers of defense. By doing that, they’re really able to do credential testing.”

Some emerging fraud opportunities have also come to light, Topliss said. “What’s interesting on the emerging fraud side of things is that we’re seeing both completely new types of fraud that are associated with new types of industries,” such as the ride-sharing industry, and fraud that targets established industries offering services “that historically were not susceptible to fraud or not targeted by fraudsters, but are suddenly becoming really, really interesting.”

Source: Information Security Magazine

Botnet Abusing Android Debug Bridge, SSH is Back

Botnet Abusing Android Debug Bridge, SSH is Back

A new cryptocurrency-mining botnet malware is abusing Android Debug Bridge (ADB) and SSH, according to Trend Micro.  

“This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant. This bot’s design allows it to spread from the infected host to any system that has had a previous SSH connection with the host," the researchers wrote.

"The use of ADB makes Android-based devices susceptible to the malware. We detected activity from this malware in 21 different countries, with the highest percentage found in South Korea.”

The attack vector is one that has been abused before. Last year Juniper Threat Labs identified some of the vendors that had shipped ADB enabled.

“The number of publicly vulnerable devices has declined from about 40,000 devices one year ago to about 30,000 devices today. Most of the remaining vulnerable devices are located in Korea, Taiwan, Hong Kong and China,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks.

“It should be noted that some of the vulnerable devices are set-top boxes used for IPTV, not mobile phones. It is our speculation that most of the phones are, or become, vulnerable due to enabling the Android Debug Bridge during device rooting, a process which allows a locked down device to move freely between service providers.”

Because Android devices are beholden to their carriers or device manufacturers, Sam Bakken, senior product marketing manager, OneSpan, said it can be difficult for the general user to keep devices secure.

“Even if they wanted to harden their device with security updates or more secure configurations they simply can’t. The general layperson is becoming more aware of security and privacy issues as it relates to the mobile devices and apps they use,” Bakken said.

“Security is becoming a more important criterion in consumer decisions about which devices and apps they will and will not use. Savvy organizations are responding, building security into their mobile apps with technologies, such as app shielding and other in-app protections. This not only protects a developer’s intellectual property/app but also provides at least one safe haven for their users so they can rest easy knowing at least their usage of that one app is secure and protected."

Source: Information Security Magazine