Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Breaches. Show all posts

Expert Urges iPhone and Android Users to Brace for 'AI Tsunami' Threat to Bank Accounts

 

In an interview with Techopedia, Frank Abagnale, a renowned figure in the field of security, provided invaluable advice for individuals navigating the complexities of cybersecurity in today's digital landscape. Abagnale, whose life inspired the Steven Spielberg film "Catch Me If You Can," emphasized the escalating threat posed by cybercrime, projected to reach a staggering $10.5 trillion by 2025, according to Cybersecurity Ventures.

Addressing the perpetual intersection of technology and crime, Abagnale remarked, "Technology breeds crime. It always has and always will." He highlighted the impending challenges brought forth by artificial intelligence (AI), particularly its potential to fuel a surge in various forms of cybercrimes and scams. Abagnale cautioned against the rising threat of deepfake technology, which enables the fabrication of convincing multimedia content, complicating efforts to discern authenticity online.

Deepfakes, generated by AI algorithms, can produce deceptive images, videos, and audio mimicking real individuals, often exploited by cybercriminals to orchestrate elaborate scams and extortion schemes. Abagnale stressed the indispensability of education in combating social engineering tactics, emphasizing the importance of empowering individuals to recognize and thwart manipulative schemes.

One prevalent form of cybercrime discussed was phishing, a deceitful practice wherein attackers manipulate individuals into divulging sensitive information, such as banking details or passwords. Phishing attempts typically manifest through unsolicited emails or text messages, characterized by suspicious links, urgent appeals, and grammatical errors.

To fortify defenses against social engineering and hacking attempts, Abagnale endorsed the adoption of passkey technology, heralding it as a pivotal advancement poised to supplant conventional username-password authentication methods. Passkeys, embedded digital credentials associated with user accounts and applications, streamline authentication processes, mitigating vulnerabilities associated with passwords.

Abagnale underscored the ubiquity of passkey technology across various devices, envisioning its eventual displacement of traditional login mechanisms. This transition, he asserted, is long overdue and represents a crucial stride towards enhancing digital security.

Additionally, Techopedia shared practical recommendations for safeguarding online accounts, advocating for regular review and pruning of unused or obsolete accounts. They also recommended utilizing tools like "Have I Been Pwned" to assess potential data breaches and adopting a cautious approach towards hyperlinks, assuming every link to be potentially malicious until verified.

Moreover, users are advised to exercise vigilance in verifying the authenticity of sender identities and message content before responding or taking any action, mitigating the risk of falling victim to cyber threats.

China Issues Alert on Geographical Information Data Breaches Impacting Transportation and Military

 

 China has recently issued a stern warning regarding the use of foreign geographic software, expressing serious concerns about the potential leakage of critical information related to its essential infrastructure and military. The Ministry of State Security, while refraining from directly attributing blame, has asserted that the identified software is equipped with "backdoors," designed to facilitate deliberate and unauthorized access to sensitive data.

This cautionary move comes at a time of heightened global tensions, with China prioritizing the reinforcement of security measures within key industries. This focus on security has been particularly accentuated amid increased saber rattling towards Taiwan and continued assurances from the United States to the island nation.

There is a growing suspicion that China may be involved in a series of recent cyberattacks aimed at probing the infrastructure of the United States. The alleged objective is to develop a comprehensive attack playbook, presumably in anticipation of potential hostilities between the two superpowers.

In response to these concerns, the United States has taken proactive steps to secure the domestic production of semiconductors, earmarking substantial investments under the CHIPS Act. The objective is to establish semiconductor manufacturing facilities across the country, a move considered essential for national security.

This strategic initiative by the United States is underscored by the perceived risk of Chinese espionage associated with the current reliance on semiconductor imports from production hubs in East Asia. The investment in domestic semiconductor production is thus framed as a crucial measure to mitigate vulnerabilities and safeguard national interests in the face of evolving geopolitical dynamics..

Tips for Banks to Prevent Data Breaches Through Phishing Education


Despite the roaring advancement in the field of technology, phishing remains one of the most common cybersecurity hazards. According to recent studies, phishing losses in the US alone were $52 million.

The lack of proper awareness in regards to cybersecurity could be one of the reasons why phishing attacks are escalating at a concerning rate. While many finance institutions are aware of the importance to cybersecurity, they fail to educate their employees of the same. 

Here, we are mentioning some ideas which might help banks to thwart phishing efforts and safeguard the information of their customers and employees:

Focus on Behavioral Change

The majority of banks use a similar approach for their cybersecurity training programs: they put all of their non-technical staff in a room, have their security team show a lecture with a few slides showing breach numbers, and attempt to scared them into acting accordingly.

It goes without saying that this strategy is ineffective. It is time for banks to start seeing their staff as a bulwark against phishing attempts rather than as a risk.

One way to do this is for banks to change their employees’ behaviors under stress, rather than threatening them by making them aware of the stressful situations. For example, instead of showing them the malicious emails, they must be educated on the right measure they must follow to identify such emails. 

A bank can also do this by running simulations of the situations, where an employee will be free to make mistakes and learn from those mistakes. This way, an employee can as well make judgements on their actions and even receive instant feedbacks in a safe environment. By doing so, an actual breach will not be the only time the employee is dealing with a feedback. 

Employees can view learning paths and review progress on simulation platforms. The skills of a technological employee will differ greatly from those of a non-technical person. The way forward is to provide positive feedback throughout and to customize learning routes.

Install Security as a Founding Principle

For most banks, the importance of security is communicated with a negative attitude. They draw attention to the possibility of a breach, the harm to the bank's reputation, and the possible consequences for an employee's career should they fall prey to phishing scams.

When a worker receives a phony email from someone posing as their manager, these intimidation techniques are ineffective. Because they trust the manager's persona, employees are unlikely to refuse a request from that organization. Rather, banks ought to embrace a proactive stance and integrate security into their overall brand.

For example, inducing fear among the employees into not clicking the malicious links, banks should instead introduce policies when an employee could quickly determine whether an email is a phishing attempt, rather than attempting to scare them into not clicking on harmful links. Giving them access to an automated tool or having a security guard on duty are excellent choices.

Policies like shredding and discarding important documents in secure bins to cybersecurity practices is essential. Employees must be reminded that the work they do is in fact critical and their actions do matter.

Set Communication Templates

Bank personnel utilize emails, which are rich in data, to communicate with a variety of stakeholders. This is used by malicious actors, who impersonate a different individual and deceive workers into downloading malware.

Informing staff members of appropriate communication styles and methods is one way to avoid situations like this one. Establishing a communication template, for example, will enable staff members to quickly spot emails that depart from the standard.

External actors are unlikely to be familiar with internal communications templates, thus they will likely send emails in a manner that is easily recognized by staff as being out of compliance. Although putting in place such a procedure may sound oppressive, it is the most effective technique to assist staff in overcoming the appearance of a false identity.

For instance, the majority of staff members will click on an email from the bank's CEO right away. They will overlook the fact that the email was sent by the CEO persona, though, if they see that the communication format is incorrect. With their minds thus occupied, kids are less likely to click on a link that could be harmful.

These templates are ingrained in the company's culture, and how banks convey their significance will determine a lot. Once more, a fear-based strategy rarely succeeds. Banks need to consider effective ways to enforce them.  

Predictive Analysis: A Powerful Tool to Reduce Risks Associated with Data Breaches


Predictive Analysis Can Reduce Risks Associated With Data Breaches

Data breaches are a growing concern for organizations of all sizes. The consequences of a data breach can be severe, ranging from financial losses to reputational damage. Predictive analysis is one approach that can help reduce the risks associated with data breaches.

What is Predictive Analysis?

Predictive analysis is a technique that uses data, statistical algorithms, and machine learning to identify the likelihood of future outcomes based on historical data. In the context of data breaches, predictive analysis can be used to identify potential threats before they occur. 

By analyzing historical data on cyber attacks, predictive models can be trained to determine the likelihood of different tactics and toolsets being used on different premises. This kind of preparation can help organizations begin reducing the risk of attackers using certain approaches against them.

How Can Predictive Analysis Help Reduce Risks Associated With Data Breaches?

Predictive analysis can help reduce the risks associated with data breaches in several ways. First, it can help organizations identify potential threats before they occur. By analyzing historical data on cyber attacks, predictive models can be trained to determine the likelihood of different tactics and toolsets being used on different premises. This kind of preparation can help organizations begin reducing the risk of attackers using certain approaches against them.

Second, predictive analysis can help organizations respond more quickly to data breaches when they do occur. By analyzing historical data on cyber attacks, predictive models can be trained to identify patterns that indicate a breach has occurred. This kind of preparation can help organizations respond more quickly to data breaches when they do occur.

Third, predictive analysis can help organizations improve their overall security posture. By analyzing historical data on cyber attacks, predictive models can be trained to identify vulnerabilities in an organization's security infrastructure. This kind of preparation can help organizations improve their overall security posture by identifying and addressing vulnerabilities before they are exploited by attackers.

Inside the Carrington Mortgage Services Ransomware Attack: Compromised Data and Cybersecurity Measures

cybersecurity incidents in the mortgage industry

The Carrington Mortgage Services Ransomware Attack

Cybersecurity incidents have become increasingly common in the mortgage industry, with multiple lenders and servicers experiencing data breaches that compromised sensitive customer information. Carrington Mortgage Services is the latest player to be impacted, as a ransomware attack at its vendor Alvaria compromised the information of its customers, including partial Social Security numbers. 

In this blog post, we'll take a closer look at the details of this breach, as well as other recent cybersecurity incidents in the mortgage industry.

Details of the Data Compromised in the Attack

Last week, Carrington Mortgage Services announced that a technology company it uses, Alvaria, experienced a ransomware attack in March. As a result, the personal information of some of Carrington's customers, including partial Social Security numbers, was compromised. 

 Although neither Carrington nor Alvaria disclosed the total number of affected clients, a letter to state attorneys general indicated that at least 4,167 residents of Massachusetts were impacted. This is the most recent hack of a mortgage player, following a series of incidents across the industry last year. 

Alvaria's Response to the Breach

Alvaria responded to the attack by restoring its operations through backups and securing its networks. According to the Lowa letter, “the unauthorized actor obtained some data associated with the company maintained in the technical system log and temp files.” “While Alvaria performed its forensic investigation, the company completed its analysis of the affected data on April 4, 2023 

According to Carrington Mortgage Services, compromised data due to the breach at Alvaria includes clients' names, mailing addresses, telephone numbers, loan numbers and balances, and the last four digits of their Social Security numbers. 

However, when asked about Alvaria's reported data breach, Carrington's attorney declined to comment, while Alvaria's general counsel deferred to a company spokesperson. Alvaria did notify the FBI and took additional security measures following the breach, although the details of these measures were not disclosed. 

Impact of Data Breaches on Mortgage Lenders and Servicers

In an effort to mitigate the effects of the breach, Carrington is offering customers 24 months of free credit monitoring and fraud consultation from Experian. In a letter to the Iowa Attorney General, Carrington defended its information security diligence and stated that it had received positive reviews from state and federal regulators, rating agencies, and banking counterparts. 

The letter signed by the attorney for Carrington said: “Nevertheless, in light of this event, the company has begun an additional assessment of Alvaria's technical security measures to ensure that Alvaria has been providing and will continue to provide the security measures promised to the company and to help ensure this type of incident does not happen again.” 

Carrington Mortgage Services has been actively involved in the mortgage servicing rights market and purchased $62.3 billion in 2020, making it one of the top 25 services in the country. In total, it holds $122.1 billion in MSRs from 682,000 borrowers. This incident is the second data breach at Alvaria within four months, with the previous attack being disclosed in February and impacting 4,695 customers. 

Other Cybersecurity Incidents in the Mortgage Industry

The Hive Ransomware group was responsible for this attack, and in November, the group released corporate records on the dark web, though no customer data was included. It's unclear whether the November breach affected mortgage customer data. In 2021 alone, various mortgage lenders have disclosed cybersecurity incidents that impacted 191,000 customers. 

These attacks have ranged in severity, from incidents affecting as few as 600 customers to a third-party breach that impacted 139,493 customers of Hatch Bank in California. Several class action complaints against impacted companies remain pending in federal courts, including those against servicers such as Key Bank, Lower, and Overby-Seawell Company.

Exfiltration Malware: At the Forefront of Cybersecurity Issues

 

While massive public security breaches are understandably concerning, the increase in malware designed to exfiltrate data directly from devices and browsers is a significant contributor to continued user exposure, according to SpyCloud . Last year, over 22 million unique devices were infected by malware, according to the 2023 report. 
SpyCloud recovered 721.5 million exposed credentials, roughly half of which came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers allow cybercriminals to operate on a large scale, stealing valid credentials, cookies, auto-fill data, and other highly valuable information for use in targeted attacks or sale on the darknet.

“The pervasive use of infostealers is a dangerous trend because these attacks open the door for bad actors like Initial Access Brokers, who sell malware logs containing accurate authentication data to ransomware syndicates and other criminals,” said Trevor Hilligoss, Director of Security Research at SpyCloud. “Infostealers are easy, cheap, and scalable, creating a thriving underground economy with an ‘anything-as-a-service’ model to enable cybercrime. This broker-operator partnership is a lucrative business with a relatively low cost of entry.”

Critical business applications are easily accessible to cybercriminals

 Cybercriminals have doubled down and taken advantage of the economic downturn, expanding their hybrid workforce, creating ghost accounts from terminated employees, and rising outsourcing.

When employees enter corporate networks using malware-infected unmanaged or undermanaged devices, threat actors have a simple route into important company applications such as single sign-on platforms and virtual private networks.

In 2022, SpyCloud researchers recovered millions of credentials stolen from popular third-party business applications that had been impacted by malware. The data stolen from these apps, which include code repositories, customer databases, messaging platforms, and HR systems, provides bad actors with the information they need to launch damaging follow-up attacks such as ransomware.

If these credentials are not properly remediated and remain active, they will continue to pose a threat to organisations even after the malware has been removed from the device.

Organizations are oblivious to the threat of sophisticated malware-based attacks

“Organizations are overlooking the mounting threat of sophisticated malware-based attacks and the protracted business impact of infected devices. Leaders need a new approach that disrupts the flow of stolen authentication data and mitigates the ongoing threat of these exposures,” said Hilligoss.

“Collectively, we need to start thinking about protecting digital identities using a Post-Infection Remediation approach, rather than solely focusing on cleaning individual infected devices. Taking action on exposed employee data before it can be used by criminals is paramount to preventing account takeover, fraud, ransomware, and other forms of cybercrime,” concluded Hilligoss.

By resetting application credentials and invalidating session cookies syphoned by infostealer malware, security teams can supplement their traditional cyber incident response playbooks with additional steps to fully negate opportunities for ransomware and other cyberattacks.

Password hygiene remains a problem

Session hijacking enabled by stolen cookies is becoming more common: In 2022, SpyCloud researchers recovered nearly 22 billion device and session cookies. These records allow criminals to gain access to sensitive information by bypassing MFA and hijacking an active session, effectively turning bad actors into employee clones.

Users' personally identifiable information (PII) is as appealing as it has always been: In 2022, SpyCloud researchers found 8.6 billion PII assets, including 1.4 billion full names, 332 million national IDs/full social security numbers, and 67 million credit card numbers.

Despite increased cybersecurity training emphasis, password hygiene remains poor: 72% of users exposed in breaches in 2022 continued to use previously compromised passwords. SpyCloud recovered over 327,000 passwords related to artists Taylor Swift and Bad Bunny, over 261,000 passwords associated with streaming services such as Netflix and Hulu, and over 167,000 passwords related to Queen Elizabeth's death and the British royal family.

The government sector is more vulnerable to malware-infected devices than the private sector: In 2022, SpyCloud discovered 695 breaches containing.gov emails, a nearly 14% increase from 2021. Password reuse rates among government employees continue to be high, with 61% of users having more than one password exposed in the previous year.

123456, 12345678, and password are the three most commonly exposed plaintext passwords associated with government emails. Malware exfiltrated nearly 74% of exposed government credentials globally in 2022 (compared to 48.5% globally).

OPM Data Breach: Federal Judge Finalizes $63 Million Settlement for 2015 Data Breach Case Victims

 

On October 14, a federal judge granted the final approval for a $63 million settlement in regard to the 2015 Office of Personnel Management (OPM) data breach, bringing an end to the seven-year-long lawsuit over one of the biggest publicly known and reported security failures by the Federal government. 
 
U.S. district judge Amy Berman Jackson gave approval for the settlement to proceed in a fairness hearing, held at the U.S District Court for the District of Columbia. The judge described the approved terms to be “fair, reasonable, and adequate, and in the best interest of named and class members.” 
 

OPM Data Breach, 2015 

 
The United States Office of Personnel Management (OPM) in June 2015 confirmed it has experienced a series of data breaches targeting personnel records. 
 
Reportedly, about 22.1 million personal records were affected in the breach, including those pertaining to government employees, other individuals who had undergone background checks, and their family and friends. 
 
The data breach is considered one of the largest breaches of government data in U.S. history. The information accessed unlawfully included personally identifiable information (PII) of victims, including their names, dates, place of birth, residential addresses, and Social Security numbers.  
 
The cyber attack was carried out by state-sponsored threat actors working for the Chinese government. 
 

Terms of the settlement 

 
Prospective participants will still have until December 23 to join the lawsuit, after the final fairness hearing, following which the validity of each claim will be accessed.  
 
Furthermore, payouts to the claimants are expected to take place in the first or second quarter of next year, assuming there are no appeals. 
 
In accordance with the settlement terms, the prospective claimant is entitled to a minimum of $700 per claim, and a maximum of $10,000 per claim.  
 
As per Everett Kelley, national president of the American Federation of Government Employees and a plaintiff in the lawsuit, the court ruling was a “significant victory for rank-and-file federal employees.” 
 
“We look forward to continuing to educate our members whose personal information was compromised in this data breach about how they can take part in this settlement and receive the compensation they are due under the law,” Kelley said.

Optus Data Breach: Australia’s Telco Giant Confirms Data of Millions of Users Compromised

 

Australia’s second largest Telecom Company, Optus has recently become a victim of a cyberattack that attack apparently led to the exposure of personal data of its current as well as former customers. According to Trevor Long, a Sydney-based tech analyst, the attack is the biggest breach of personal data from any Australian firm. 

The firm states that as soon as the attack was detected, it worked towards containing the attack, subsequently shutting it down before customers could suffer any harm. The company believes that one of the networks was still exposed to the test network with internet access. 

The data breach notification read, “Following a cyberattack, Optus is investigating the possible unauthorized access of current and former customer [..] Upon discovering this, Optus immediately shut down the attack.” 

In the wake of the attack, the firm confirmed that its customers' private data could be compromised since the attackers had an access to the customer identity database and opened it to other systems via Application Programming Interface (API). The firm further told that its network was accessed from an external source.  

The exposed data, as per the firm’s statement in a press release included customers’ names, dates of birth, contact numbers, email addresses, residential addresses, and identity documents numbers such as passport and driving licenses. The company’s services on the other hand, including mobile and home internet, have not been compromised and the attackers were void of access to messages and phone calls. 

Is Human Error Responsible For The Breach? 

At a media briefing, when asked about the possibility of a human error being responsible for the breach, Optus CEO Kelly Bayers Rosemarin stated that “I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so will not be divulging details about that.” 

The company has denied any claims of a human error that could execute this data breach. The CEO also apologized to the firm’s customers, stating it was challenging to offer immediate advice unless the case investigation was complete. 

The CEO also mentioned the strong cyber defense softwares invested in Telco pertaining to the attacks. She further said that this attack should be a wake-up call for all organizations in order to avoid becoming a victim of a data breach. 

Private Details of 1 Billion Chinese Citizens up for Sale on Dark Web

 

In what could be the biggest-ever breach of personal information in history, the massive store of data containing information about more than a billion people has been leaked from a government agency, possibly from China, and put up for sale on Dark Web for 10 Bitcoins. 

More than 23TB of details apparently siphoned from a Shanghai police database stored in Alibaba’s cloud was put up for sale on the underground Breach Forums by someone with the handle ‘ChinaDan’. The leaked data included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records. 

"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen," Changpeng Zhao, CEO of cryptocurrency exchange Binance, posted on Twitter. "Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details."

How did the data leak? 

The root cause of the data leak remains unknown, but experts believe that the database may have been misconfigured and exposed by human error since April 2021 before it was identified. This would contradict a claim that the database’s credentials were inadvertently leaked as part of a technical blog post on a Chinese developer site in 2020 and later employed to steal a billion records from the police database since no passwords were required to access it. 

But according to Bob Diachenko, a Ukrainian security researcher, this may not be correct. In late April, the researchers’ monitoring records show the database was exposed via a Kibana dashboard, a web-based software used to visualize and search massive Elasticsearch databases. If the database didn’t require a password as believed, anyone could have accessed the data if they knew its web address. 

Cybersecurity experts frequently search the internet for leaked exposed databases or other sensitive data. But hackers also run the same scans, often with the motive of copying data from an exposed database, deleting it, and offering the data’s return for a ransom payment — the standard methodology employed by attackers in recent years. 

Diachenko believes that’s what exactly happened on this occasion; a hacker discovered, raided, and deleted the exposed database, and left behind a ransom note demanding 10 bitcoins for its return. 

“My hypothesis is that the ransom note did not work and the threat actor decided to get money elsewhere. Or, another malicious actor came across the data and decided to put it up for sale,” said Diachenko.