Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

UK Government Launches New Fraud Taskforce

UK Government Launches New Fraud Taskforce

The UK government has teamed up with police, the banks and industry to launch a new taskforce focused on tackling fraud – much of which comes today from online channels.

The Home Office-led Joint Fraud Taskforce will be announced later today by the home secretary and features participation by the country’s leading banks alongside the National Crime Agency, fraud prevention service Cifas, Financial Fraud Action UK, City of London Police and the Bank of England.

It will try to spot intelligence gaps that currently exist; improve intelligence sharing between banks and law enforcers; work to identify victims more efficiently; raise awareness of fraud; and tackle systemic vulnerabilities in online systems and processes.

“Fraud shames our financial system. It undermines the credibility of the economy, ruins businesses and causes untold distress to people of all walks of life. For too long, there has been too little understanding of the problem and too great a reluctance to take steps to tackle it,” May will say in a statement.

“I am delighted to officially launch the Joint Fraud Taskforce, which will bring the collective powers, systems and resources of banks, payment providers, police, wider law enforcement and regulators to bear on this threat.”

The taskforce will build on some good work already being done in the industry to tackle fraud, such as public-private partnership the Dedicated Card and Payment Crime Unit (DCPCU) – set up by the Home Office, Financial Fraud Action UK, City of London Police and the Met.

As far back as September 2014 the British Bankers' Association announced a new initiative whereby its members would receive crime/fraud alerts from government bodies and law enforcers.

The BBA also has a separate information sharing partnership with the National Fraud Intelligence Bureau.

But fraud remains a major problem in the UK – costing an estimated £5.1m last year, according to the ONS.

Thanks to chip and PIN, improved awareness, and the success of e-commerce, much of it is shifting online to "card-not-present" scenarios.

In fact, e-commerce fraud has reached its highest point since records began, accounting for £217m in 2014, or nearly half (45%) of all card fraud, according to Financial Fraud Action UK’s Fraud the Facts 2015 report.

John Lord, managing director at identity data intelligence company GBG, welcomed the new taskforce initiative.

“As instances of fraud increase, so too does the butterfly effect of its occurrence – the implications that impact an individual or business long after the fraudulent activity has occurred or is discovered,” he added.

"Data transparency can be used incredibly effectively as a way of battling fraud. When data is shared freely between the public and private sectors, across geographical and political boundaries and amongst international bodies, a more accurate picture of global fraud patterns can be established.”

Source: Information Security Magazine

Two-thirds of Business Resigned to Suffering a Security Breach

Two-thirds of Business Resigned to Suffering a Security Breach

Just one in five (22%) business decision makers feel all of their company’s data is secure, according to recent research by global information security and risk management company NTT Com Security.

The survey of 1000 respondents revealed that two-thirds are resigned to suffering a security breach at some point in the future, with the cost of recovering from an attack reported to start from around $1 million.

Although more than half (54%) of those surveyed said information security forms a vital part of their business strategy and 18% agreed that a weak security infrastructure is a significant risk, three in ten felt that more is spent on HR than information security.

However, the study did reveal that 13% of an organization’s IT budget is now being put towards security, a slight improvement on the 10% reported in a similar survey conducted by NTT back in November 2014.

Garry Sidaway, SVP Security Strategy and Alliances at NTT Com Security, believes the findings from this latest report suggest the effects of the high-profile data breaches we saw in 2015 are starting to hit home. He said:

“Attitudes to the real impact of security breaches have started to change, and this is no surprise given the year we have just had. We’ve seen household brands reeling from the effects of major data breaches, and struggling to manage the potential damage to their customers’ data – and the cost to their reputation. While the majority of people we spoke to expect to suffer a breach at some point in the future, most also expect to pay for it – whether that’s in terms of remediation costs, customer confidence or possibly even their jobs.”

Almost all respondents admitted that if information was stolen from their organization there would be both external and internal impacts such as loss of customer confidence (69%) and damage to reputation (60%). The report also found that just 41% of companies have some form of insurance covering them for the financial impact of data loss and security breaches, with 12% not covered for either. However, more than half (52%) said they have a formal information security policy in place and a further 27% are in the developmental stages of implementing one.

Stuart Reed, Senior Director at NTT Com Security, feels this represents a positive step towards the goal of secure data privacy within organizations, even if there is still work to be done. In an email to Infosecurity, he said:

"It’s really encouraging to see that the majority of UK businesses now have or are working to have a formal IT security policy in place, although it seems that many still require help in implementing these policies, given that a lack of compliance and incident response planning are both cited as reasons that any relevant insurances could be invalidated."

Dr. Adrian Davis, Managing Director EMEA, (ISC)2 told Infosecurity that whilst it is refreshing that organizations now understand that breaches or incidents will occur, their belief that they will suffer both financial and non-financial losses is a cause for concern.

He added:

“Other noticeable results from this survey are that just over one in five (22%) respondents feel their data is secure – a realistic viewpoint I think, as the modern organization doesn’t typically keep its data in one secure location; rather it is spread across many different devices, stored in the cloud and shared with suppliers and consumers. It may be that the organization does secure their data but they are unsure of how other organizations protect the data the organization has shared.”

“I’m also interested by the spending comparison with HR. It’s really difficult to say how much organizations should spend on security: it’s a business decision, a risk-based decision, a capability-based decision. You can buy lots of security technology, but if you don’t have the staff to implement or use the technology – or staff who can understand the value of that technology, then it could turn out be a waste of money. Investing in staff at all levels, enabling them to be digitally-literate and security aware and recruiting people with these skills is just as valuable as buying technology and making direct information security investments. Cybersecurity is a people issue and having good staff, well trained, is vital.”

Source: Information Security Magazine

Google Set to Ban Flash Display Ads Next Year

Google Set to Ban Flash Display Ads Next Year

Google has stepped up the pressure on advertisers to shift from Adobe’s insecure Flash format to HTML5, telling them they have around a year to make the transition before support is switched off.

Starting from 30 June this year, Google will no longer allow Flash ads to be uploaded to AdWords or DoubleClick Digital Marketing, it said in a Google+ post yesterday.

Then from 2 January 2017, Flash-based display ads won’t be allowed to run on the Google Display Network or through DoubleClick, it said.

“Over the last few years, we’ve rolled out tools to encourage advertisers to use HTML5, so you can reach the widest possible audience across screens,” noted the web ads giant.

“To enhance the browsing experience for more people on more devices, the Google Display Network and DoubleClick Digital Marketing are now going 100% HTML5.”

Google pointed AdWords advertisers who use Flash in their campaigns to this help page to get them started on the transition to HTML5.

The move has been a long time coming and follows Google’s decisions to withdraw support for the buggy software across Android and Chrome.

Amazon has also announced a ban on Flash ads on its platforms.

Apple famously withheld support for Flash on its iOS devices, with Steve Jobs engaging in a very public spat with Adobe CEO Shantanu Narayen.

Jobs cited not only the software’s security holes but also its lack of touch support and poor performance on mobile devices at the time as contributing to Apple’s decision.

Adobe Flash continues to be a favorite target for hackers.

Just yesterday, Microsoft announced bulletin MS16-022 would fix 22 remote code execution vulnerabilities in the software.

In fact, Redmond has taken the unusual step of allocating the third-party software with its own bulletin, reflecting the volume of fixes needed for Flash embedded in IE or Edge. 

Source: Information Security Magazine

February Patch Tuesday Signals Six Critical Microsoft Bulletins

February Patch Tuesday Signals Six Critical Microsoft Bulletins

Security admins are in for another busy start to the month as Microsoft’s Patch Tuesday update round yielded 13 bulletins, six of which are rated “critical” remote code execution issues.

They include MS16-022, which is the first time Microsoft has given Adobe Flash Player embedded in IE and Edge its own bulletin.

“Previously, Microsoft updated the same KB on a month by month basis with no defining elements. This is a welcome change and hopefully it bodes well for other areas where Microsoft continues to do this,” argued Tripwire software development manager, Tyler Reguly.

That bulletin fixes 22 critical remote code execution vulnerabilities in the much maligned Adobe software.

“Attack scenarios vary from compromised, but otherwise innocent websites (look at some of the recent WordPress issues for example) that link to malicious attacker controlled domains to Flash embedded in other files such as Office documents, which targets access through e-mail,” wrote Qualys CTO Wolfgang Kandek.

“In addition attackers have shown last year that they invest into Flash based attacks, so this bulletin is on our top spot.”

MS16-015 probably comes next, fixing seven flaws in Word, Excel and Sharepoint, and the ubiquitous Internet Explorer-related bulletin is also there in MS16-009, updating 13 CVEs.

It’s notable that the critical Edge browser update, MS16-011, addresses six CVEs. However, all but two are shared with IE.

The remaining critical bulletins relate to Microsoft Journal (MS16-013) and PDF Reader (MS16-012).

"Also noteworthy this month is the Windows 10 upgrade message for Win 7 and Win 8.1 users moved from ‘Optional’ to ‘Recommended.’ For users who have chosen the ‘Give me recommended updates the same way I receive important updates’ setting, this will initiate the automatic update process to Win10,” explained HEAT senior product management director, Russ Ernst.

“For the organizations that use Windows Update, this is a big deal and you may now see your Win7 and 8.1 machines automatically updating.”

Finally, Shavlik product manager, Chris Goettl, pointed out that just two of the flaws resolved in this update round have been publicly disclosed – CVE-2016-0040 and CVE-2016-0039.

Image credit: StockStudio / Shutterstock.com

Source: Information Security Magazine

Obama Debuts $19Bn Cybersecurity National Action Plan

Obama Debuts $19Bn Cybersecurity National Action Plan

The Obama administration has introduced its Cybersecurity National Action Plan, which would create a federal chief information security officer, establish a new commission tasked with protecting computer networks, and increase coordination between federal officials who focus on privacy issues.

Part of the plan is a much-needed software patching and updating audit, and more training and recruiting for cybersecurity specialists.

None of this will be cheap, of course—the White House will look for Congress to approve a 35% increase in the cybersecurity budget to secure $19 billion in funding for implementation starting next year. About $3 billion of that will be earmarked for the IT modernization effort.

"The cyber-threat continues to outpace our current efforts," Michael Daniel, the White House's cybersecurity coordinator, told reporters on a conference call.

"The President’s Cybersecurity National Action Plan aims to modernize agencies’ technology and user behavior, and we believe it is a broadly positive step forward,” Harley Geiger, director of public policy, Rapid7, said via email. “If implemented, the proposal will help support federal agencies that are very much in need of more secure IT to help prevent or mitigate more serious breaches. We hope Congress and the Administration will collaborate to execute this plan.”

It’s unlikely however that the president’s plan will be supported by Republicans, who have vowed to not consider any new funding this year ahead of the election. Geiger said that they may make an exception for cybersecurity efforts.

“Last year, Congress made cybersecurity a clear priority as it passed a cybersecurity information-sharing bill, but, as demonstrated by the President’s proposal, information sharing is only one of many actions needed to strengthen cybersecurity,” he said. “The President’s plan would help address some other needed improvements, though there is still a long way to go before US national cyber defenses are commensurate with today’s threat landscape."

The news comes as US officials are reeling in the wake of an attack by an anonymous hacker who claimed to have stolen the details of 29,000 government employees including FBI staffers.

The hacker is said to have compromised the email account of a DoJ employee, attempted to log-in to a departmental portal and then phoned up the help desk when that failed. The breached data included phone numbers, email addresses and job titles for 20,000 Department of Justice employees and a further 9,000 working for the Department of Homeland Security, according to a report on Motherboard.

Photo © Christopher Halloran/Shutterstock.com

Source: Information Security Magazine

Poseidon Group Carries Out Global Cyber Espionage by Land, Air and Sea

Poseidon Group Carries Out Global Cyber Espionage by Land, Air and Sea

The first ever publicly-known Brazilian Portuguese-speaking cyber-espionage campaign has been uncovered, targeting financial institutions as well as telecommunications, manufacturing, energy and media companies.

The Poseidon Group is an advanced threat actor active in global cyber-espionage operations. According to the Kaspersky Lab Global Research and Analysis Team, it was heretofore undiscovered despite being active since at least 2005.

“The Poseidon Group is a long-standing team operating on all domains: land, air and sea. Some of its command and control centers have been found inside ISPs providing Internet service to ships at sea, wireless connections as well as those inside traditional carriers,” said Dmitry Bestuzhev, director, Global Research and Analysis Team, Kaspersky Lab Latin America. “In addition, several of its implants were found to have a very short life span which contributed to this group being able to operate for such a long time without being detected.”

The group’s standard M.O. is to manipulate victim companies into contracting the Poseidon Group as a security consultant, under the threat of exploiting the stolen information in a series of shady business deals.

“What makes the Poseidon Group stand out is that it’s a commercial entity, whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims to coerce them into a business relationship,” researchers said in a blog post. “In addition, the malware is designed to function specifically on English and Brazilian Portuguese Windows machines, a first for a targeted attack.”

At least 35 victim companies have been identified. Along with various verticals, Kaspersky Lab experts have also detected attacks on service companies that cater to top corporate executives. However, the victim spread is heavily skewed towards Brazil, where many of the victims have joint ventures or partner operations.

The Poseidon Group relies on spear-phishing emails with RTF/DOC files, usually with a human resources lure, that drop a malicious binary into the target’s system when clicked on. Once a computer is infected, the malware reports to the command and control servers before beginning a complex phase of lateral movement.

“This phase will often leverage a specialized tool that automatically and aggressively collects a wide array of information including credentials, group management policies and even system logs to better hone further attacks and assure execution of the malware,” the firm said.

By doing this, the attackers actually know what applications and commands they can use without alerting the network administrator during lateral movement and exfiltration.

Source: Information Security Magazine

Mass EK-as-a-Service Campaign Compromises 30K+ Websites

Mass EK-as-a-Service Campaign Compromises 30K+ Websites

A spike in infected websites spreading Angler and Cryptowall has resulted in more than 30,000 compromised domains since the beginning of this year—and the trend is likely to continue.

The team at Heimdal Security identified the campaign, in which attackers are using small websites to broaden their malicious reach.

“As long as you have an email address or share any kind of data on the web, you’re a target,” said Andra Zaharia, security specialist at Heimdal, in a blog. “If you have a website, even more so. It’s not that cyber-criminals care about the contents of your website. Not at all. What they want is to gain control over it so they can use it as a platform for distributing malware.”

The malware economy is also getting a boost from the on-demand use of exploit kits, and from automation.

“[The] exploit kits-as-a-service branch [of the malware business]…makes kits such as Angler or Nuclear highly available to anyone who has the resources to buy and use them,” Zaharia said.

Attackers have an established way of compromising websites they can later use as platforms for drive-by attacks. They either find the website’s admin account or console and hack the credentials; they can compromise the server that is used to host the website; or could use vulnerable programming scripts to inject infected code.

By using stolen or cracked credentials, cyber-criminals can log into the victim’s domain registrar, where they can set up new subdomains. This technique is called domain shadowing. By registering many subdomains and IP addresses, attackers can avoid blacklists and significantly enhance their distributions channels for the notorious Angler exploit kit.

“Website owners don’t exactly make it difficult, since they use default settings and credentials, such as ‘admin’ for both username and password,” Zaharia said. “That takes under a minute to crack.”

So, “Cyber-attackers are taking advantage of two core factors at this time: the fact that access to technology has become pervasive and the fact that cybersecurity education has a difficult time keeping up with the fast pace of technology adoption,” she added.

Photo © Carlos Amarillo

Source: Information Security Magazine

Microsoft Adds Mobile Email Protection for Exchange

Microsoft Adds Mobile Email Protection for Exchange

With an eye to mobile access, Microsoft Exchange is building in protection for the intellectual property and sensitive information stored in email.

Email access on mobile phones provides necessary, but risky, access to sensitive corporate information on both BYOD and corporate-owned devices. An integration with Skycure will allow IT to control whether a risky or compromised device has access to Exchange email resources.

Skycure for Exchange calculates a Mobile Threat Risk Score which acts as a kind of “credit score,” to measure the risk of threat exposure for mobile devices. Factors that affect the risk score include: Recent threats the devices were exposed to such as network threats or malware, device vulnerabilities, configuration, as well as user behavior. Rankings of high, medium, low and minimal risk are calculated based on the number, significance, and recency of factors and assigned to the device in real-time.

“Email is the number one way enterprises exchange information,” said Adi Sharabani, CEO of Skycure. “Private corporate data could be leaving your network without your knowledge through a risky or compromised mobile device. Our goal has always been to create seamless strategies for enterprises to ensure that only security-compliant devices have access to key organizational resources, and email is the most ubiquitous resource.”

Also, when a device enters a high-risk zone, Skycure for Exchange can automatically prevent unauthorized users or apps from accessing email with no manual intervention from IT. In addition, Skycure automatically alerts the user that security policy has been violated and provides information for the user to take appropriate action to resolve the threat. IT departments thus can create granular security and compliance enforcement policies that limit Exchange access by mobile device type, downloaded apps on the device, networks the device connects to, or if they have high-severity unpatched vulnerabilities.

“Not only does Skycure for Exchange help us protect the company from mobile threats, it helps us enforce security policy,” said Amir Kadar, director of IT for Ceragon Networks. “We can now easily see which devices are complying with mobile security policy and which aren’t. Skycure is so valuable to our organization that any device that does not have Skycure installed is automatically blocked from accessing email—a feature the Exchange integration makes easy.”

The integration will have a far-ranging impact. Microsoft Exchange Server is the most-deployed on-premise messaging and collaboration application, and Office 365 users now match 35% of that installed base.

Photo © Bloomua

Source: Information Security Magazine

Russian Hackers Shifted Ruble Exchange Rate – Report

Russian Hackers Shifted Ruble Exchange Rate – Report

Russian-language hackers managed to artificially move the ruble-dollar exchange rate last year after infecting a regional bank with a little-known trojan and placing over $500m in trades, it has been revealed.

Moscow-based security company Group-IB told Bloomberg that the group successfully attacked the Energobank in February 2015, gaining remote access to systems which allowed them to make the huge orders at “non-market rates.”

Doing so apparently caught the attention of the Russian central bank, which suspected an attempt at deliberate currency manipulation.

A statement by the Bank of Russia following the incident claimed the volatility lasted 14 minutes and caused the exchange rate to move between 55 and 66 rubles per dollar, which “significantly differed from the prevailing market rate,” the report said.

The Moscow Exchange claimed its systems had not been hacked that day, focusing attention on the Kazan-headquartered Energobank, which has reportedly tried to claim losses of 244m rubles ($3.2m) due to the trades.

Unusually, the hackers themselves appear not to have made any money from the campaign, although they might have used it as a test run for a future attack, Group-IB told the newswire.

Corkow is less well known than its banking trojan siblings like Zeus, Carberp and Shiz, but it’s probably been around since 2011.

Eset claimed it was seeing hundreds of Corkow infections per day back in February 2014.

The malware is modular, meaning its capabilities can be changed according to the purpose of the attack. Remote access and password stealing are among those capabilities and would seem to fit in with the MO of the attack on Energobank.

It was also designed to evade detection and analysis by researchers – namely by encrypting its payload after installation, and behaving innocuously if run on a PC other than the one it first infected, Graham Cluley wrote back in 2014.

Corkow, also known as ‘Metel’, has also been spotted by Russian AV firm Kaspersky Lab as recently as last summer, enabling ATM theft, the firm explained in a blog post.

“The malware, used exclusively by the Metel group, infected the bank’s corporate network via e-mail and moved laterally to gain access to the computers within the bank’s IT systems,” Kaspersky Lab’s Global Research and Analysis Team revealed.

“Having gained access to the bank operator’s money-processing system, the gang pulled off a clever trick by automating the rollback of ATM transactions. This meant that money could be stolen from ATM machines via debit cards while the balance on the cards remained the same, allowing for multiple transactions at different ATM machines.”

Source: Information Security Magazine

Majority of Mobile Business Users Tap Risky Apps

Majority of Mobile Business Users Tap Risky Apps

When it comes to mobile security, business users display the riskiest online behavior: About 79% of businessmen and 67% of businesswomen use potentially risky apps every day.

That’s according to the Allot Mobile Trends Report H1 2016, which found that potential malware risk is affected both by the online behavior of the user and by the app or URL itself. In other words, it’s not just the app; it’s how you use it.

The digital experience is driven by millions of mobile apps with new ones popping up all the time. Moreover, millions of people use mobile browsers to search, find and consume an endless variety of content and services online. The digital lifestyle invites and encourages us to share information, content and experiences via email, social networks, online storage and other apps, which often become a vehicle for malware to spread. Without knowing, mobile users click malicious links, forward infected content and download infected files, putting themselves and their online contacts at risk.

Youth and Millennials are also at high risk, with 65% of them using potentially risky apps every day. While mobile app downloads are often protected, their ongoing use is not protected, making users vulnerable to malware threats.

“Our MobileTrends findings clearly show that safeguarding users at the network level would be the most effective method for protecting against multiple types of mobile threats, as the security measures can provide a protective umbrella for all online activity,” said Yaniv Sulkes, AVP of marketing at Allot.

When it comes to the potential riskiness of specific apps and URLs, the study found that more than 90% of the apps in these categories are potentially risky: P2P file sharing, Web conferencing, file storage and sharing, remote administration and search portals. Meanwhile, about 23% to 36% of social networking, network protocols, Web content aggregators and e-commerce apps were found to be risky, and 5%-10% media sharing and instant messaging apps were.

It’s an opportunity for some in the ecosystem to capitalize. “Mobile operators are perfectly positioned to provide protection to consumers and businesses,” said Sulkes. “We see a golden opportunity for mobile operators to identify and reach out to customers at risk, targeting them with personalized security-as-a-service from their network or cloud.”

Photo © CruzeWizard

Source: Information Security Magazine