Intelligent Connections. Powerful Impact.
Call Us: 415-510-2973

Archive for the News Category

Cloud Biometrics Use to Soar in Two Years: Report

Cloud Biometrics Use to Soar in Two Years: Report

Over half a billion customers worldwide will be using cloud-based biometrics to securely authenticate with their banks within two years, according to a new analyst report.

London-based Goode Intelligence’s Biometrics for Banking report details what might happen to the market over the next five years.

It claims that by the end of 2020, 1.9 billion bank customers will be using biometrics to: withdraw cash from ATMs, prove their identity over the phone, access banking services through smart devices and more. Sometimes a combination of biometrics will be needed, for example to initiative a transfer of funds from a web-based interface.

There’s a $4.8bn market expected for biometrics companies by 2023, but not all types of the technology are the same, according to the report.

Unlike device-based biometric systems — like FIDO, and Apple’s Touch ID and Face ID — cloud-based biometrics capture the information on the device but then send it to the cloud for processing.

Goode Intelligence CEO, Alan Goode, argued that banks need to choose the model that best fits their particular application or use case.

“There is definitely room for both biometric models and one model will not necessarily win over the other,” he said.

“Banks are beginning to understand the benefits and disadvantages of one model over the other and will adopt either or both to match risk, regulations and regional cultural differences. In Europe, GDPR is having a significant impact on the design of biometric systems as biometric data is considered sensitive data that needs high levels of protection.”

Another regulation set to drive the adoption of the technology is PSD2, which will mandate strong customer authentication for many transactions.

The report predicted 586 million bank customers will be using biometrics-as-a-service by 2023, to authenticate over the phone, digitally via their handset, or to withdraw cash from an ATM.

Source: Information Security Magazine

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million Users

US fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.

The women’s clothing company revealed at the end of last week that its network had been targeted by a “concerted criminal cyber-attack” and that it had hired a forensic cybersecurity firm and a law firm to handle the investigation.

Details are scarce, but the firm said it had scanned for and removed backdoor malware found on its servers.

“While the full extent of the attack will continue to be investigated, it can now be confirmed that the personal information illegally acquired by the intruders included email addresses and encrypted password credentials of customers who visited the company website,” a statement noted.

“It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. SHEIN may update this information at a later date based on any new findings.”

As no card details were taken, it does not appear as if the retailer was hit by the recent spate of Magecart attacks skimming financial details as customers enter them into e-commerce sites.

It’s unclear how strongly the passwords are encrypted so the hackers may look to brute force them. They would then have a handy email/password combination which could be used to unlock other accounts around the web via credential stuffing, if users have been careless in sharing their credentials across multiple sites.

There’s also a risk that these could be used to access corporate accounts if SHEIN customers used their work email addresses to register with the site.

That’s not uncommon: in January researchers uncovered over one million email addresses belonging to staff at the UK’s 500 top law firms up for sale on the dark web, 80% of which had an associated password. It’s believed the credentials were lifted from breaches at third-party sites.

Source: Information Security Magazine

Attack Threats Believed to Increase Collaboration

Attack Threats Believed to Increase Collaboration

It’s not uncommon that vendors want to understand the experiences and opinions of security experts who are in the trenches, which is why Black Hat is often an opportune time to conduct surveys. Since this year's conference, AlienVault has analyzed the data of a survey it administered and today released its newest report, Extortion, the Cloud, and the Geopolitical Landscape.

The survey asked a wide range of questions to almost 1,000 security professionals to gauge their perspectives on topics including the public infrastructure being prepared to protect itself against cyber-threats, best reactions to cyber-threats of extortion and the security concerns hampering cloud adoption.

Of all the survey participants, 54% believe the public sector infrastructure in the US is either unprepared or very unprepared to defend against cyber-attacks, with 20% saying the US is currently "very unprepared."

Survey questions looked specifically at preparedness for attacks on reputation and brand. “While reputational damage has always been well-understood, it’s the more recent rise of social media, and the speed at which news travels, that has made it more of a risk. The takeover of corporate social media accounts by attackers, or disgruntled (or recently fired) employees is perhaps the most visible and commonly-seen example of a reputational attack on a company,” the report said.

Interestingly, 36% of security professionals feel that the potential of nation-state cyber-threats has had a positive impact on security practices in their organization. Still, 25% of businesses said that if there were any type of blackmailing attack, their organization would not know whether data had in fact been exfiltrated. If there were an instance of extortion, though, 38% of survey respondents believe negotiating the demands would be the responsibility of the CISO.

Because of their security concerns, 44%, of businesses reported that they are actively considering moving certain operations, apps, or data back to on-premises from the cloud, with 46% citing security as the biggest blocker to cloud adoption.

A majority (64%) of respondents believe that the security community is becoming more collaborative when it comes to sharing intelligence information. “When discussing attacks, it’s important to also bear in mind the collaborative nature of attacks and how defense also relies on collaborative measures. It was reassuring to see the vast majority of participants stated that they believe security professionals are becoming more collaborative in their efforts to secure enterprises,” the report said.

Source: Information Security Magazine

Solution to Skills Gap Is Strong Cyber Culture

Solution to Skills Gap Is Strong Cyber Culture

According to a new study released by (ISC)2, organizations that have made a strong investment in cybersecurity technology are better able to retain the talent they need to protect against both internal and external threats.

The study, Building a Resilient Cybersecurity Culture, surveyed 250 organizations, representing a range of sizes. The prerequisite was that the companies had demonstrated a solid cybersecurity track record. Rather than focus on the skills gap from the negative, the study sought to identify demonstrable solutions to the workforce gap from companies that report that they have “all the cybersecurity experts that they need to be successful.”

The survey participants were all full-time employees with cybersecurity responsibilities and who affirm that their companies do an adequate job staffing the cybersecurity teams. Of the 250 participants, 84% work at companies with more than 100 employees, while 16% work at companies with fewer than 100 employees.

Only 18% of survey participants said they worry about losing members of their security staff, yet 99% said they have influence or decision-making authority in hiring and evaluating IT professionals.

“Respondents in the survey worry less about losing cybersecurity employees than actual threats, an indication that having competent, experienced people in place allows them to focus on what is important – protecting the organization. Hence, 57% say their biggest concern is the constant evolution of threats they face, and 43% say it’s the determination of threat actors,” the report said.

That top management understands the importance of strong cybersecurity seems to be critical to the successful staffing of the security teams, as the study also found that a strong culture begets professionals who hold certifications. When hiring for their cybersecurity team, 70% of participants said they give priority to hiring certified security professionals. The same number focuses on training and promoting from within. Also key to successful staffing is drafting clear job descriptions, which 52% of participants said they give priority to when hiring.

“One of the challenging things for growing organizations is aligning their job descriptions with both what the market can provide as well as the security org their trying to build is inside," said Dr. Bret Fund, founder and CEO at SecureSet. "This may sound much simpler than it really is, but it can be a real challenge to the organizations."

"As organizations look to security educators, standards bodies and certification providers, having a sense of how their organization aligns with some of the best practices of industries is going to be vital.”

Part of strengthening their security teams includes offering training and certification opportunities to employees as well as cross-training on cybersecurity skills and responsibilities. “The (ISC)2 report is a good example of the growing awareness of a strategic gap in cybersecurity training in the US," said Brajesh Goyal, vice president of engineering at Cavirin.

"If you go back to the end of WW2, there was a call for additional engineering training. [We're experiencing the] same thing [now], and in fact the just-released ‘National Cyber Strategy’ document called out the need for additional training, both for the US government and for the commercial sector. These actions trickle down to proposed initiatives like a cyber Peace Corps or even the new Girl Scouts cybersecurity badge.”

Source: Information Security Magazine

Crytocurrency Mining Soars 459% from 2017 to 2018

Crytocurrency Mining Soars 459% from 2017 to 2018

The Cyber Threat Alliance (CTA) recently released a new report, The Illicit Crytopcurrency Mining Threat, in which the group found that crypto-mining has increased 459% from 2017 through 2018. The most recent quarters show that the trend continues to grow rapidly with no indication of slowing down.

“As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-of-things (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies,” the report stated.

While mining for cryptocurrency is a drain on resources that will result in higher electric bills, it also increases the workload that could result in either decreased productivity of business operations that use computing power or even physical damage to the IT infrastructure.

According to the CTA, though, of greater concern is if illicit cryptocurrency mining is happening within an organization, it is a strong indication that there are flaws in the overall cybersecurity posture.

“The majority of illicit mining malware takes advantage of lapses in cyber hygiene or slow patch management cycles to gain a foothold and spread within a network,” the report said. If crypto-miners can gain access to the processing power of a network, there’s a strong likelihood that an attacker can gain – or already has gained – access as well.

“As the threat of crypto-jacking grows, organizations should be ever-vigilant. Crypto-jacking steals valuable resources from the business and organizations should carefully monitor what’s taking place on the network to prevent crypto-jackers from getting a foothold,” said Justin Jett, director of audit and compliance for Plixer Network.

“Traffic analytics is a critical resource in successfully monitoring and detecting threats like crypto-jacking and should be deployed wherever possible. By leveraging the existing data from the network, IT professionals can easily and quickly identify where crypto-mining malware has entered the network.”

Source: Information Security Magazine

Scottish Brewery Recovered from Ransomware Attack

Scottish Brewery Recovered from Ransomware Attack

It’s a new week, and the folks at Arran Brewery in Scotland are likely drinking to that after last week’s ransomware attack took their computer systems offline. The brewery has reportedly recovered from what managing director Gerald Michaluk believes was a targeted Dharma Bip ransomware attack.

Arran staff received what they thought was a cover letter as part of a job application, but the email attachment contained malware, according to the BBC. Why the application was submitted in the first place is what seems suspicious.

In the aftermath of a legitimate job posting, the position had been filled, yet the listing reportedly reappeared on multiple recruitment sites. Apparently the position was quite desirable, because the fraudulent post resulted in an influx of applications from candidates around the world, creating a bit of email chaos. Hackers leveraged the surge in emails and sent an infected message containing the ransomware payload within a PDF.

Once the malicious email was opened, the systems became infected, at which point the attackers demanded two Bitcoins to have the system files restored. Knowing that it would lose three months of sales records, Arran reportedly decided not to pay and instead brought in external experts to enhance its cybersecurity strategies, according to The Scottish Sun.

"To pay or not to pay, that is the seemingly million-dollar question when it comes to ransomware,” said Barry Shteiman, VP of research and innovation at Exabeam. “While many security experts warn about paying ransoms or entering into negotiations, the answer, in reality, comes down to simple economics.”

One reason many companies choose to pay the ransom is the losses incurred during downtime when data is unavailable. In other cases, restoring backups may be more expensive than paying the ransom.

“If giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organization would pay the ransom. Of course, this is a last resort, if all other options have been exhausted,” Shteiman said.

Arran opted not to pay. “We chose to bring in an expert who having identified the problem was able to eliminate the virus and restore part of our system, and is confident in due course when the key is cracked will be able to restore the lost data,” Michaluk told The Scottish Sun.

“I hope if anyone finds themselves in a similar position they can recognize the MO of these bandits and not have the same issues we have had.”

Source: Information Security Magazine

Scan4You CAV Operator Gets 14 Years

Scan4You CAV Operator Gets 14 Years

A Latvian man has been sentenced to 14 years behind bars for helping to run notorious Counter Anti-Virus (CAV) service Scan4You.

Ruslans Bondars, 38, was convicted back in May of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

A second man, Russian Jurijs Martisevs, pleaded guilty in March 2018 to offenses related to the CAV service.

Bondars is said to have operated Scan4You from at least 2009 until 2016. The platform allowed would-be hackers to test their malware against over 30 AV engines without notifying the AV vendors themselves, to help improve their chances of success.

The site is said to have had thousands of users and was indirectly responsible for the development and deployment of malware such as “Citadel” which infected over 11 million computers worldwide, and resulted in over $500 million in fraud-related losses.

Another strain of malware tested on the site was used to steal around 40m credit and debit card numbers and 70m pieces of PII from an unnamed retail store operator which lost over $290m as a result. The numbers tally with those related to an infamous 2013 breach at US retailer Target.

Security vendor Trend Micro was instrumental in helping the Feds get their man. Its recent report, The Rise and Fall of Scan4You, reveals how the vendor first caught wind of Scan4You.

It began in 2012, when Trend Micro researchers were investigating a private exploit kit called g01pack. Unusually, minutes before the exploits were used in the wild, IP addresses in Latvia checked the security vendor’s web reputation system to see if it was blocking the URLs hosting the exploits.

On further investigation, Trend Micro found that the same Latvian IP addresses were checking not only g01pack exploit URLs but many others. After handing over its findings to law enforcers in 2014 a further three-years of painstaking work followed before the individuals were identified and arrested.

Earlier this year, a UK investigation between the National Crime Agency and Trend Micro resulted in a guilty plea from the operator of a CAV site called reFUD.me site, which effectively resold Scan4You’s service.

Source: Information Security Magazine

MoD and GCHQ Set to Launch Offensive Cyber Force

MoD and GCHQ Set to Launch Offensive Cyber Force

The UK’s Ministry of Defence (MoD) and surveillance service GCHQ are reportedly working on launching a £250m cyber task force designed to enhance the nation’s offensive capabilities.

The new unit will apparently combine contractors, GCHQ spies and military personnel in a force of up to 2000 online experts.

"By adopting offensive cyber techniques in the UK we are levelling the playing field and providing new means of both deterring and punishing states that wish to do us harm," said general Richard Barrons, former commander of Joint Forces Command.

While Russia could be a natural focus for operations given its own increase in activity in this space, the force will also be tasked with targeting terrorist groups, according to Sky News.

It revealed how the UK has already been playing a major role alongside the US in a series of clandestine operations against the Islamic State, including one known as Glowing Symphony.

These efforts have apparently helped to suppress IS propaganda online and restrict the ability of groups to organize effectively.

James Hadley, CEO of Immersive Labs, welcomed the news.

“This statement shows that the UK is continuing its responsibilities as a forerunner in cybersecurity and positions it as a secure place to conduct global business,” he added.

“Equally, companies should be looking to create their own cyber-strong workforces and ensuring that their skills process is consistent to keep up with the changing threat landscape.”

However, it’s unclear whether the UK even has the numbers necessary to staff such an operation, given current skills shortages.

“This announcement highlights the growing need for more cyber-savvy workers in the UK, to secure our future at a national, organizational and personal level,” argued Colin Lobley, CEO of Cyber Security Challenge UK.

“While many people are still unsure of what a career in cybersecurity would look like, the reality is that many of these jobs require similar skills and knowledge to more known careers; for example, we need architects to build secure networks, lawyers to process cybercrime cases, psychologists to assess how human behavior influences security, as well as military roles to act against national threats.”

Source: Information Security Magazine

Cyber-Attack Inevitable, Businesses Not Prepared

Cyber-Attack Inevitable, Businesses Not Prepared

As the cyber industry continues to evolve, it becomes increasingly difficult for organizations to stay ahead of the curve, making the ever-changing threat landscape a major concern for many businesses, according to the 2018 Travelers Risk Index published by The Travelers Indemnity Company.

Evolving threats and new digital developments make cyber a top concern for large technology, banking and professional services businesses, second only to the inflation of medical costs, the study found.

Given these concerns, it’s not surprising that 52% of survey respondents believe that suffering a cyber-attack is inevitable; however, the fact that a majority of those surveyed reported not taking adequate steps to protect the business raises alarm.

More than 1,000 companies participated in the survey, which found that 55% of businesses have not completed a cyber-risk assessment. In addition to not assessing their own risks, 63% of respondents also said they have not completed a cyber-risk assessment on vendors who have access to their data.

Well over half (62%) have not developed a business continuity plan, leaving them with no outline of the steps the organization should take in the event of a breach. Despite this lack of preparation, only 50% of survey respondents have cyber insurance.

“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations,” said Tim Francis, enterprise cyber lead at Travelers, said in a press release. “These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyber-attack.”

The survey also found an increase in the number of businesses that have actually fallen victim to a cyber-attack. The number of participants citing they had been a victim doubled from 10% in 2015 to 20% in 2018. Additionally, concerns over operational software systems being remotely hacked, insufficient resources to recover from a cyber incident and falling victim to cyber extortion increased by 5% since last year.

Source: Information Security Magazine

Independence Blue Cross Breach Exposed 17K Records

Independence Blue Cross Breach Exposed 17K Records

Independence Blue Cross, a Philadelphia-based health insurer notified thousands of its members this week that a data breach had exposed some of their protected health information (PHI), according to Healthcare Informatics.

On July 19, 2018, Independence Blue Cross's privacy office announced a breach in which the personal information of approximately 17,000 members – fewer than 1% of the total membership – was potentially accessed by unauthorized individuals after an employee uploaded a file to a public-facing website on April 23, 2018. Unfortunately, the file, which contained the PHI of members remained accessible until it was removed on July 20.

"Information privacy and security are among our highest priorities. Independence has strict security measures in place to protect information in its care. Upon learning of this incident, Independence quickly took steps to ensure the file was permanently removed from the website. We reviewed company policies and procedures and implemented additional technical controls to help prevent future incidents of this kind. We also ensured that the appropriate action was taken with the employee responsible for uploading the subject file," the company wrote.

In addition, the breach notification emphasized that no social security numbers, financial information, or credit card information was included in the exposed data.

“Criminals stealing your medical information or diagnosis codes is no longer a plot twist reserved for TV dramas with the latest records breach,” said Aaron Zander, senior IT engineer at HackerOne.

“Cybercrime damage is expected to hit $6 trillion annually by 2021, and this is just the beginning of medical record breaches, as these records are worth far more than your easily replaceable credit card. Like in the 2016 election with the release of fake medical records for presidential candidate Hillary Clinton, public announcement of a private condition can cause real damage.”

Though the company did conduct a thorough investigation, it was not able to determine whether malicious actors had accessed any of the exposed data. Still, “the Independence Blue Cross data breach represents yet another example of an exposure of sensitive information at the hands of an employee," said Zohar Alon, co-founder and CEO, Dome9 Security.

"This underscores the critical importance of properly training all employees in an organization on cybersecurity best practices and providing continuous educational opportunities as threats evolve. Additionally, because humans are prone to error, companies need to be looking to automate processes as much as possible, minimizing the need for human handling of data and reducing the risk of errors that can lead to data exposure.”

Source: Information Security Magazine