Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

Virgin Media Facing Huge Compensation Bill Over Data Breach

Virgin Media Facing Huge Compensation Bill Over Data Breach

Virgin Media could be liable to pay up to £4.5bn in compensation following the company’s data breach, in which the details of 900,000 customers were freely available online for hackers to exploit for 10 months. This has left the victims vulnerable to scams including phishing emails, account takeovers and identity theft, with the resulting compensation claims for financial and emotional distress suffered expected to be around £5000 per claimant.

Aman Johal, director at Your Lawyers, the legal firm supporting those affected in taking action, stated: “Virgin Media failed to take the steps required to keep customer data safe. It is vital for the company to understand the severity of this breach. When data is left exposed online it is open season for fraudsters to scam and attack vulnerable people. Your Lawyers has formally notified Virgin Media that we are taking action and our claimant base is growing daily. We urge anyone affected by the breach to make a claim as soon as possible.”

The breach was caused by an incorrectly configured database, and exposed sensitive customer information such as full names, email addresses, dates of birth and contact numbers since at least April 19 2019. Additionally, some customers had details of their contract exposed. This included requests to block or unblock pornographic or explicit websites, potentially enabling blackmail and extortion opportunities for fraudsters.

Johal added: “This is a serious breach of consumer rights and it’s time companies like Virgin Media abide by the law and implement stricter cybersecurity measures to protect its customers from future data breaches. There’s simply no excuse now given the volume of preceding breaches, and this was an avoidable event. Even though the breach occurred due to ‘human error,’ we must hold Virgin Media to account.”

It is believed that Virgin Media could be facing other financial costs as a result of its mistake, in the form of a large GDPR fine.

Source: Information Security Magazine

UK Government Uses Zoom Despite MoD Security Concerns

UK Government Uses Zoom Despite MoD Security Concerns

The British government is using popular conferencing platform Zoom to conduct Cabinet meetings, despite reported Ministry of Defence (MoD) warnings about the security implications.

The government appears to be heeding its own COVID-19 advice in forcing ministers to adhere to social distancing and work from home rules. However, a photo circulated by Boris Johnson showed the Prime Minister using Zoom to host a Cabinet meeting.

The same US-produced platform, which reportedly has a large China-based engineering team, was banned by MoD officials on security concerns, with staff at the department told to stop using it until further notice.

A government spokesperson told Sky News that, according to guidance from the National Cyber Security Centre (NCSC) “there is no security reason for Zoom not to be used for conversations below a certain classification.”

However, others were not so sanguine. University of Bristol researcher, Andrew Dwyer, raised concerns about previous vulnerabilities uncovered in the platform, and of the firm’s privacy policy, as outlined here.

“Should we be letting a company we know so little about be entering our highest office of state? Should we be divulging so [much] personal data to this company with lax policies?” he tweeted. “The rush to online means we need to pay more attention and not less.”

Last July, researchers revealed a zero-day bug in the Mac Zoom client which could have allowed hackers to spy on users via their webcams. IT took several months for it to fix the bug, which was first reported to the firm in March.

“Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner,” argued researcher Jonathan Leitschuh. “An organization of this profile and with such a large user base should have been more proactive in protecting its users from attack.”

This was followed by a further security snafu in October, when researchers revealed an API-targeted enumeration attack affecting the platform.

Source: Information Security Magazine

#COVID19 News Links Hijacked With iOS Spyware

#COVID19 News Links Hijacked With iOS Spyware

Apple iOS users in Hong Kong have been targeted by a large-scale spyware operation using news links posted in popular online forums to snare victims, according to Trend Micro.

In what the vendor is calling Operation Poisoned News, links in four different forums frequented by Hong Kong residents were found to use a hidden iframe to execute malicious code, exploiting flaws in iOS 12.1 and 12.2.

“The articles were posted by newly registered accounts on the forums in question, which leads us to believe that these posts were not made by users resharing links that they thought were legitimate,” said Trend Micro.

“The topics used as lures were either sex-related, clickbait-type headlines or news related to the COVID-19 disease.”

Alternatively, hackers copied a legitimate website and injected it with a malicious iframe.

The distribution of links to these malicious sites started on January 2, Trend Micro said.

The exploit chain includes a Safari bug which has no CVE, and a customized kernel exploit related to CVE-2019-8605. The final spyware payload, lightSpy, is designed to take full control of a victim’s device, exfiltrating GPS data, SMS messages, browsing history, contacts and content from messaging apps Telegram, QQ and WeChat.

A similar campaign was uncovered targeting Android devices in 2019, using spyware dubbed dmsSpy. It’s believed the two are linked.

“The design and functionality of operation suggests that the campaign isn’t meant to target victims, but aims to compromise as many mobile devices as possible for device backdooring and surveillance,” said Trend Micro.

The vendor refused to be drawn on the potential source of the attack. However, given the current political climate and widespread criticism of the Chinese Communist Party’s handling of the COVID-19 pandemic, Beijing-backed spies would be a natural choice.

Source: Information Security Magazine

BadUSB Stick Mailed to Company From ‘Best Buy’

BadUSB Stick Mailed to Company From ‘Best Buy’

Security experts have intercepted a highly targeted attack in which a malicious USB device was mailed out to a US company.

Trustwave was alerted to the attempted attack on one of its customers’ partners, after they were sent an unsolicited letter in the post purporting to come from Best Buy.

A brief message thanked the company for being a loyal customer and enclosed a ‘$50 gift card’ alongside the USB, which the sender claimed contained a list of the items the gift balance could be spent on.

In fact, the device was a “BadUSB,” in other words, its firmware had been overwritten to automatically inject malicious commands once connected to a PC.

On analysis, Trustwave discovered a PowerShell payload designed to download second stage PowerShell code from the internet, which in turn installed malicious JavaScript.

“The JScript code could be anything, but when we decoded it, it reveals a code that gathers system information from the infected host,” the vendor explained.

Information including username, hostname, domain name, computer model, running processes, Office and Adobe Acrobat installations and OS info are encoded and sent back to the C&C server.

“The main Jscript code [then] enters an infinite loop sleeping for two minutes in each loop iteration then getting a new command from the command and control,” said Trustwave.

It’s unclear what the end goal was for these attackers, but a USB attack of this kind, whilst used by pen testers, is rare to see used in anger, the vendor concluded.

“These types of USB devices are widely known and used by security professionals. The fact that they are also cheap and readily available to anyone meant that it was just a matter of time to see this technique used by criminals in the wild,” it explained.

“Since USB devices are ubiquitous, used and seen everywhere, some consider them innocuous and safe. Others can be very curious about the contents of an unknown USB device. If this story teaches us anything, it's that one should never trust such a device.”

Source: Information Security Magazine

VPN Usage in US Quadruples

VPN Usage in US Quadruples

American usage of VPNs has increased by four times since 2010, according to a new study published today by American cybersecurity company PC Matic.

Researchers found that in 2010, only 1.57% of Americans were using Virtual Private Networks (VPNs) compared to 6.26% in 2019.

From 2010 through 2017, the usage of VPNs remained fairly consistent, hovering at round 1.6%. However, the networks have become increasingly popular in the last couple of years. VPN usage in the US grew from 2.40% in 2017 to 3.77% in 2018 before surging to 6.25% in 2019. 

Virtual Private Networks were initially created as a way for employees to work remotely. PC Matic Researchers said that today VPNs are being used in a different way. 

Researchers wrote: "VPNs were first developed to allow work-from-home employees to access company applications and files. However, over time individuals began using VPNs for personal use, to increase their security while using public networks. Since a VPN replaces a device’s IP address with one within the VPN service and also encrypts transmitted data, it adds an additional layer of security and privacy for online communications."

The use of personal VPNs has increased significantly. In 2010, only 0.13% of endpoints had a personal VPN installed, but by the end of the decade, personal VPN use had increased 3,477% to 4.65%.

Researchers linked the growth in VPN usage to an increased desire for privacy and security, especially while using public WiFi.

"Individuals need to ensure what they’re doing online is secure, specifically while they are using public WiFi connections like those found in airports, restaurants, coffee shops, and other public facilities. The use of a VPN while on public networks leaves the integrity of the data transmitted uncompromised by encrypting all transmitted data; meaning it cannot be read by others on the public network," wrote researchers.

Back in 2010, the most widely used commercial Virtual Private Network was CiscoVPN. In 2019, OpenVPN had the lion's share of the commercial VPN market, followed by Cisco, Sophos, Pure, and WatchGuard. 

While Cyberghost was the biggest personal VPN provider in 2010, in 2019 that title went to NordVPN.

Source: Information Security Magazine

Data Deposit Box Exposes PII of 270K Users

Data Deposit Box Exposes PII of 270K Users

A company that provides secure cloud storage services has exposed over a quarter of a million private files uploaded by its customers. 

Data Deposit Box left a database containing over 270,000 customer files on an unsecured Amazon S3 bucket. As a result of the breach, data including personally identifiable information (PII) belonging to Data Deposit Box customers was exposed. 

The open bucket was discovered on Christmas Day, 2019, by a Vpnmentor research team led by cybersecurity analysts Noam Rotem and Ran Locar. 

Inside the unsecured cloud storage device, researchers discovered a database packed with thousands of files dating from 2016 to December 25, 2019. Researchers were able to view private user data, including admin usernames and unencrypted passwords in plain text. 

Researchers were also able to access IP addresses, email addresses, and GUIDs (globally unique identifiers for resources).

In a report on the breach published March 25, Vpnmentor researchers wrote: "In this case, we identified Data Deposit Box as the owner of the database. Before publishing this report, we reached out to the company to share our findings and provide guidance on how to resolve the issue."

Data Deposit Box was contacted regarding the breach on December 20, 2019. By January 6, the database on the open bucket had been secured. 

Researchers warned that the breach could have dire consequences.

"The unencrypted usernames and passwords exposed in this breach may allow malicious parties to access Data Deposit Box’s customers’ accounts," wrote researchers.

"We didn’t log into any users’ accounts for ethical reasons, but we could’ve easily done so. The bad news is that if we’re able to do this, hackers could do it too."

Data Deposit Box is a public company based in Canada that claims to offer a "top rated secure cloud backup storage service for small businesses" that is "100% secure." The company's business model allows customers to continuously back up an unlimited number of devices to their accounts through the company’s app and web portal.

Data Deposit Box has over 350,000 users and 200 partners spread across 53 countries. On February 6, the company entered into an agreement to be acquired by HostPapa Inc..

Source: Information Security Magazine

All 4G Networks Susceptible to DoS Attacks

All 4G Networks Susceptible to DoS Attacks

New research has uncovered a vulnerability affecting all 4G and some 5G telecommunications networks.

study of the security of diameter networks completed by Positive Technologies found that weaknesses in the diameter-signaling protocol meant that 100% of 4G networks are susceptible to denial of service (DoS) attacks. 

The diameter-signaling protocol is used to authenticate and authorize messages and information distribution in 4G networks. It is a crucial component in LTE, facilitating translation and communication between Internet protocol network elements. 

Researchers found that every attempt they made to infiltrate 28 telecommunications operators across South America, Asia, Europe, and Africa with attacks between 2018 and 2019 was successful.

The findings aren't just bad news for 4G; the vulnerabilities in the protocol are a problem for any 5G networks built on top of the previous generation of networks, using the same LTE network core. Networks linked in this way could be susceptible to the same threats, such as tracking user location and obtaining sensitive information.

Researchers warned that users of 5G networks that are riddled with weaknesses inherited from their 4G predecessors could see their service downgraded to insecure 3G networks.

Dmitry Kurbatov, CTO at Positive Technologies, said: "A lot of the major mobile operators are already starting to roll out their 5G networks and so the industry needs to avoid repeating the mistakes of the past by having security front and centre of any network design. If left unchecked, their 5G networks will not be immune from the same vulnerabilities of previous generation networks." 

Other vulnerabilities detected in the diameter protocol allow external actors to track subscriber location and obtain a subscriber's sensitive information. This information could later be used to intercept voice calls, bypassing restrictions on mobile services.

"Gartner predicts 25 billion IoT devices to be connected by 2021. Therefore, a denial of service attack becomes so much bigger than simply a slow internet connection stopping you from posting a picture on Instagram," said Kurbatov. 

"It can cripple cities which are beginning to use IoT devices in various ways from national infrastructure to industry."

Source: Information Security Magazine

#COVID19 Drives Phishing Emails Up 667% in Under a Month

#COVID19 Drives Phishing Emails Up 667% in Under a Month

Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic, according to Barracuda Networks.

The security vendor observed just 137 incidents in January, rising to 1188 in February and 9116 so far in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed.

As is usually the case, the attacks used widespread awareness of the subject to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers

Of the COVID-19 phishing attacks, 54% were classified as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC).

As well as the usual lures to click through for more information on the pandemic, some scammers are claiming to sell cures and/or face-masks, while others try to elicit investment in companies producing vaccines, or donations to fight the virus and provide support to victims.

“This is a new low for cyber-criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable,” argued MP Dean Russell, member of the Health and Social Care Select Committee. “It’s vital that the public remain vigilant against scam emails during this challenging time.”

Unfortunately, computer users are as exposed as ever to phishing scams like these, according to new research.

Security awareness training company KnowBe4 claimed that 38% of untrained end users are susceptible to phishing, i.e. they will fail realistic phishing scenarios. This is up by over 8% from 2019 figures.

The good news is that this average dropped 60% after 90 days of phishing training with real-world simulation exercises, the vendor claimed.

Source: Information Security Magazine

Tupperware Site Hacked by Digital Skimming Gang

Tupperware Site Hacked by Digital Skimming Gang

Household brand Tupperware has had several websites compromised by digital skimming code, potentially exposing a million monthly visitors, according to Malwarebytes.

The security vendor discovered a targeted attack aimed at the company’s main dot com site and several localized versions last week.

To harvest Tupperware customers’ card details, the hackers inserted a fake iframe in the site’s checkout page to mimic a real payment form. On further discovery it was found to be loading content from deskofhelp[.]com, a domain registered just days earlier, on March 9, buy a .ru email address.

The same domain is also hosted on a server alongside multiple phishing domains, explained director of threat intelligence, Jérôme Segura.

“The criminals devised their skimmer attack so that shoppers first enter their data into the rogue iframe and are then immediately shown an error, disguised as a session time-out,” he added.

“This allows the threat actors to reload the page with the legitimate payment form. Victims will enter their information a second time, but by then, the data theft has already happened.”

The fraudulent payment form itself was activated by malicious code hidden inside a PNG file, a technique known as steganography. It’s unclear exactly how Tupperware was first hacked to insert the malicious image, but Segura claimed it may have been running an outdated version of the Magento e-commerce platform.

However, the group behind the attack isn’t as polished as many others carrying out Magecart-like attacks. For one, they forgot to localize the iframe, so that on foreign language versions of the site, the fake payment page still appeared in English.

Segura claimed that digital skimming attacks are likely to be ramping up now as online orders come flooding in from shoppers kept at home by COVID-19.

Although Tupperware did not respond to Malwarebytes’s emails, phone calls and social media messages, the PNG file and malicious JavaScript was removed as of Wednesday.

Source: Information Security Magazine

Three-Quarters of Large Firms Suffered Security Breach Last Year

Three-Quarters of Large Firms Suffered Security Breach Last Year

Nearly half (46%) of UK firms reported suffering a security breach or cyber-attack over the past year, an increase on previous years, but they are getting better at recovering from and deflecting such blows, according to the government.

The annual Cyber Security Breaches Survey revealed an increase in the overall volume of businesses reporting incidents, up from 32%. The number of medium (68%) and large (75%) businesses reporting breaches or attacks also jumped, from 60% and 61% respectively.

This puts the 2020 report’s findings in line with the first government analysis in 2017, it claimed.

Of those businesses that reported incidents, more are experiencing these at least three times a week than in 2017 (32% versus 22%).

The government also claimed that organizations are experiencing more phishing attacks (from 72% to 86%) whilst fewer are seeing malware (from 33% to 16%) than three years ago.

However, the rise in incidents has been offset by stronger response and resilience, according to the report. Since 2017, the proportion of businesses listing any outcome from an incident has fallen by 19% and the proportion being negatively impacted has fallen by 18%.

Cybersecurity is also becoming more of a board-level issue: 80% of respondents said it’s a high priority for their senior management and 37% said they have board members with a security brief.

However, elsewhere there’s still some way to go: just 32% reported having cyber insurance, half (50%) have conducted audits in the past year, 15% have reviewed supply chain risk and only a quarter (27%) said they’d reported breaches to anyone beyond their IT/security providers.

The latter is particularly concerning given the strict reporting requirements of the GDPR.

Redscan CTO, Mark Nicholls, questioned whether malware is really on the wane, given new variants of fileless threats that are harder to detect, and pointed out another discrepancy in the report’s findings.

“The most concerning thing for me, is the significant number of organizations that have been targeted and aren’t aware of it. While a significant percentage of businesses identify multiple attacks each week, more than half say they haven’t had a single one in 12 months,” he argued.

“Being able to swiftly detect attacks is key to minimizing damage but many organizations still lack the appropriate controls and a deep awareness of what activity to look for.

RSA Security UK & Ireland regional director, Chris Miller, argued that supply chain risk assessments should be carried out through the lens of potential impact on business operations.

“First, you must identify the most important parts of your business and then focus on protecting them. Ask yourself: which data flows in and out of the business? Which suppliers have access to what corporate data? Where is my most critical data and who can access it?” he said.

“By taking this approach, you can align your security protocols so you know how much access to grant to, and how much trust to place, in your suppliers.”

Source: Information Security Magazine