Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Security. Show all posts
IT Security
British Library Cyber Crime Data Breach Financial Exploit IT Security

British Library Braces for £7 Million Cyber Woes

 



The British Library faces a potential £7 million expenditure from a severe cyber attack that disrupted its website and internal WiFi in October. Perpetrated by the Rhysida group, the attackers demanded a £600,000 ransom, leading to the compromise of hundreds of thousands of files, including customer and personnel data, when the library refused to pay. 

Reports suggest the library plans to utilise approximately 40% of its reserves, around £6 to £7 million out of an unallocated £16.4 million, to rebuild its digital services. The final recovery costs are yet to be confirmed, and investigations are underway by the National Cyber Security Centre and cybersecurity specialists. 

In a recent post on social media, the library explained the ongoing challenges caused by the cyber attack. The incident affected the website, online systems, and some on-site services. The attack is confirmed as ransomware, raising concerns about the potential exposure of user data on the dark web. 

Working in conjunction with cybersecurity specialists and collaborating with the Metropolitan Police, the library anticipates a prolonged period for the thorough analysis of the breached data. Despite persistent issues with online systems, the library's physical locations remain accessible. To address user needs, a reference-only version of the primary catalogue is expected to be back online by January 15. 

Acknowledging the sustained patience and support from users and partners, Sir Roly Keating, the Chief Executive of the British Library, expressed gratitude. He highlighted the ongoing efforts to assess the impact of this criminal attack and implement measures for the secure and sustainable restoration of online systems. 

Providing a precise timeline for the restoration process is premature at this stage, but regular updates will be offered as progress is made in this critical endeavour. 

The primary motivation behind cyber attacks is financial gain. This criminal activity, aptly named ransomware, involves using malicious software to disrupt, damage, or gain unauthorised access to computer systems, compelling organisations and businesses to pay a ransom. 

While the Department for Digital, Culture, Media and Sport (DCMS) chose not to comment on the matter, a Government insider confirmed the expectation that the British Library would tap into its reserves for recovery. 

As the British Library deals with the consequences of this cyber attack, the challenges underscore the pervasive threat posed by ransomware, highlighting organisations must work on their resilience of digital fortifications and guard against the risks posed by such malevolent activities.


Read more »
ransom refusal
Cybersecurity Data Breach Data Theft Estes Express Lines FBI Investigation Freight shipping identity monitoring IT Security Personal Data Breach ransom refusal

Estes Declines Ransom Demand Amidst Personal Data Breach and Theft

 

Estes Express Lines, a major private freight shipping company in the United States, has notified over 20,000 customers about a security breach where their personal information was stolen by unknown hackers.

The company revealed that on October 1, 2023, unauthorized individuals gained access to a part of their IT network and deployed ransomware. Despite the standard advice from the FBI and financial regulators, Estes chose not to pay the ransom demanded by the attackers. 

Initially disclosed in early October as a "cyberattack" affecting their IT infrastructure, Estes later announced the full restoration of their system capabilities by October 24 through a video posted by their chief operating officer, Webb Estes.

A group known as Lockbit claimed responsibility for the breach a month later and disclosed that they leaked data taken from the company on November 13. On New Year's Eve, Estes filed a data breach notice with the Maine Attorney General, providing further insights into the digital intrusion, now confirmed to be a ransomware attack.

According to Estes, they are collaborating with the FBI in the investigation. While the forensic analysis confirmed that personal information was stolen, the specifics of the accessed data were not explicitly mentioned in the sample notification letter. 

However, the Maine filing indicated that it involved names or other personal identifiers combined with Social Security numbers, suggesting a broader scope of compromised information.

Estes has not provided immediate responses to inquiries regarding details about the breach, such as the stolen data specifics, the initial network access point for the hackers, the ransom amount demanded, and the rationale behind the decision to refrain from paying the ransom. 

This decision has sparked a contentious debate encompassing practical considerations like effective backups and financial implications, along with broader ethical concerns such as potential support for criminal activities like human trafficking, terrorism, or future cybercrimes through ransom payments.

Both paying and not paying ransoms have proven to be financially burdensome for affected entities. Caesars Entertainment allegedly paid $15 million to a ransomware group to decrypt their data and prevent customer information leakage after a September breach, while MGM Resorts, despite not paying the ransom in a similar attack, suffered losses surpassing $100 million.

While the US government advises against ransom payments, some voices advocate for a complete ban on such extortion payments. Despite the breach, Estes has stated that they are not currently aware of any instances of identity theft, fraud, or financial losses stemming from the incident. Additionally, they plan to offer affected individuals 12 months of free identity monitoring services through Kroll.
Read more »
Sensitive data
Compliance Cyber Essentials scheme Data Breach Data protection Electoral Commission email security government-backed schemes Hackers Information Security IT audit IT Security IT Systems Sensitive data

Electoral Commission Fails Cyber-Security Test Amidst Major Data Breach

 

The Electoral Commission has acknowledged its failure in a fundamental cyber-security assessment, which coincided with a breach by hackers gaining unauthorized access to the organization's systems. 

A whistleblower disclosed that the Commission received an automatic failure during a Cyber Essentials audit. Last month, it was revealed that "hostile actors" had infiltrated the Commission's emails, potentially compromising the data of 40 million voters.

According to a Commission spokesperson, the organization has not yet managed to pass this basic security test. In August of 2021, the election watchdog disclosed that hackers had infiltrated their IT systems, maintaining access to sensitive information until their detection and removal in October 2022. 

The unidentified attackers gained access to Electoral Commission email correspondence and potentially viewed databases containing the names and addresses of 40 million registered voters, including millions not on public registers.

The identity of the intruders and the method of breach have not yet been disclosed. However, it has now been revealed by a whistleblower that in the same month as the intrusion, the Commission received notification from cyber-security auditors that it was not in compliance with the government-backed Cyber Essentials scheme. 

Although participation in Cyber Essentials is voluntary, it is widely adopted by organizations to demonstrate their commitment to security to customers. For organizations bidding on contracts involving sensitive information, the government mandates holding an up-to-date Cyber Essentials certificate. In 2021, the Commission faced multiple deficiencies in their attempts to obtain certification. 

A Commission spokesperson acknowledged these shortcomings but asserted they were unrelated to the cyber-attack affecting email servers.

One of the contributing factors to the failed test was the operation of around 200 staff laptops with outdated and potentially vulnerable software. The Commission was advised to update its Windows 10 Enterprise operating system, which had become outdated for security updates months earlier. 

Auditors also cited the use of old, unsupported iPhones by staff for security updates as a reason for the failure. The National Cyber Security Centre (NCSC), an advocate for the Cyber Essentials scheme, advises all organizations to keep software up to date to prevent exploitation of known vulnerabilities by hackers.

Cyber-security consultant Daniel Card, who has assisted numerous organizations in achieving Cyber Essentials compliance, stated that it is premature to determine whether the identified failures in the audit facilitated the hackers' entry. 

He noted that initial signs suggest the hackers found an alternative method to access the email servers, but there is a possibility that these inadequately secured devices were part of the attack chain.

Regardless of whether these vulnerabilities played a role, Card emphasized that they indicate a broader issue of weak security posture and likely governance failures. The NCSC emphasizes the significance of Cyber Essentials certification, noting that vulnerability to basic attacks can make an organization a target for more sophisticated cyber-criminals.

The UK's Information Commissioner's Office, which holds both Cyber Essentials and Cyber Essentials Plus certifications, stated it is urgently investigating the cyber-attack. When the breach was disclosed, the Electoral Commission mentioned that data from the complete electoral register was largely public. 

However, less than half of the data on the open register, which can be purchased, is publicly available. Therefore, the hackers potentially accessed data of tens of millions who had opted out of the public list.

The Electoral Commission confirmed that it did not apply for Cyber Essentials in 2022 and asserted its commitment to ongoing improvements in cyber-security, drawing on the expertise of the National Cyber Security Centre, as is common practice among public bodies.
Read more »
OpenAI
Artificial Intelligence ChatGPT Cyber Security Cyberattacks CyberCrime IT Security OpenAI

Generative AI: A Catalyst for Enterprise IT & Security Challenges

 


Every day, new applications of artificial intelligence and machine learning are being explored and there is much to learn from them. Information and opinions are pouring out like a firehose, which is both inspiring and terrifying at the same time. 

Generally, AI tools, speaking, are algorithms that generate new content based on input data, such as text, images, audio files, video files, code, and simulations all derived from the input data. Typically, these machines are driven by machine learning models that are trained on large amounts of data to learn patterns and generate outputs that are a close replica of the original data. This gives them the power to revolutionize industries and domains, including entertainment, education, and healthcare, both of which are revolutionizing industries today. 

By using these tools, users can create new and engaging content, enhance existing content, optimize business processes, and solve complicated problems that can otherwise go unsolved. Within the next few months, the company will be able to significantly improve the quality, accuracy, and speed of response. 

A tectonic shift has taken place in technology adoption in the workplace: 

Over the last five years, top-down IT procurement has been usurped by business-led and employee-led IT adoption. This shift has made it difficult for technology governance leaders to keep tabs on what tools are being used, where sensitive data resides, and who (and what) has access to it.

In regards to governing the use and adoption of new cloud and SaaS technologies, IT and security leaders are facing a difficult balancing act when it comes to balancing various objectives. One technology leader put it like this: There's a fear of missing out, and there's also a fear of messing up. 

If you allow too much experimentation in SaaS without safeguards, you could result in increased risk, sprawl, and inefficiency in your organization. Attempting to block unsanctioned SaaS solutions too far will likely stifle an organization's ability to innovate and, possibly, employees will simply work around these controls and processes entirely and do not care about them at all. 

There is a critical time for enterprises' IT leaders, as well as their risk and security teams. In addition to affecting the perception and influence of the functions they perform within their organizations, how they address AI governance will play an important part in determining their continued success.

If they fail to do this, they will have to go hide in a corner and patch vulnerabilities while the business moves on without them, and it could be an unpleasant experience. By mastering it, they will be able to build the foundation for a modern, adaptable solution for IT security and governance that will allow the business to move forward quickly and with a minimum amount of risk. 

Proactively Take Action Detecting and mitigating security risks associated with generative AI is a complex issue that businesses should take a holistic approach to. Among these are the following: 

The key to using these tools effectively is to understand their basics, to understand what they can do, and to understand what they cannot do, and then to make decisions based on your budget and expertise on which tools users will use. 

Staff and stakeholders need to be educated and trained about the benefits and risks of these new technologies, as well as utilizing best practices and standards when it comes to developing, deploying, and managing these systems. 

Initially, making use of small-scale experiments before scaling up to a larger scale, ensuring that the generated outputs are of adequate quality and relevance, as well as checking for any errors or security issues before scaling. 

Testing, monitoring, and improving the security posture of an organization can be done by using tools and techniques. Adhering to legal and ethical guidelines, safeguarding the rights and privacy of other people by verifying and attributing user-generated content, collaborating with experts or peers, and respecting the rights of other people's data. 

For enterprise IT, risk, and security leaders to ensure that they avoid repeating the mistakes they have made in the past when it comes to securing and governing access to the new cloud-based technologies, they need to adopt a novel approach to balancing risks and rewards.
Read more »
Threat Landscape
Business Security Cyber Security Cyber Threats IT Security Online Safety Threat Landscape

How to Keep Up With a Shifting Threat Landscape

 

Cybercrime is a problem that is only escalating and is bad for business, as one might anticipate. Regardless of how you feel about it, it forces your business to take action in order to secure its infrastructure.

Current threat landscape

It's critical to understand the danger landscape in order to understand what you're up against. Studying this offers you a general idea of the kinds of problems you can anticipate seeing, and just like the environment, it is constantly changing—never remaining static for very long. Even the most creative security researchers and the developers backing them up constantly face numerous threats that aim to impede their work. What will you do to safeguard your company from these difficulties? 

We saw hacktivists launch disruptive assaults, steal technological source code, and utilise wiper malware last year, in addition to hacks on vital infrastructure (particularly rail).

A cyberattack that affected the websites and production lines of the Mobarakeh Steel Company (MSC), Khouzestan Steel Company (KSC), and Hormozgan Steel Company (HOSCO) occurred in June and July of 2022. The hacktivist collective Gonjeshke Darandehat, who earlier in the year used wiper malware to damage the Iranian train system, claimed responsibility for the attack. This incident proves that threat actors can attack key infrastructure, regardless of their intentions or affiliations. 

A number of disruptive attacks on businesses in the manufacturing, oil, water, and electric utility sectors occurred between the months of August and September. The fourth-largest U.S. health system with 140 associate hospitals, CommonSpirit Health, was the target of a ransomware attack in October. The attack caused delays in patient operations such as surgery. Moreover, there were numerous cyberattacks across Europe. A ransomware attack at the French hospital Corbeil-Essonnes in December led to a data loss and operational interruption. 

Additionally in November, a cyberattack targeted Continental, a major player in the automobile and rail industries that creates cutting-edge technologies including autonomous brake systems, vehicle monitoring systems, and navigational systems. Prior to the attack, the attackers had already broken into Continental's networks, giving them access to countless technical documents and source code relevant to Continental's cutting-edge technologies. The possibility of attackers gaining access to these technologies' source code is quite concerning. 

Mitigation tips

The most important thing you can do to safeguard your company is to make sure your staff are aware of the threats they pose and their own personal duty to keep your company safe. You should create a thorough cybersecurity training course that is updated on a regular basis, then give it to your workers.

You can give advice on how to make secure passwords, use two-factor authentication, recognise phishing scams, and other topics. People will behave more consciously throughout the day if you instruct them about security. 

Many software components make up your company, so be sure that all of them are updated to prevent the newest attacks from exploiting a flaw. This also applies to browser add-ons. Researchers advise putting a plan in place to periodically assess your IT assets to make sure they are patched, updated, and secured.
Read more »
XDR Tools
AI tools Cyber Security Cyberwarfare IT Security XDR Tools

How ChatGPT May Act as a Copilot for Security Experts

 

Security teams have been left to make assumptions about how generative AI will affect the threat landscape since ChatGPT-4 was released this week. Although it is now widely known that GPT-3 may be used to create malware and ransomware code, GPT-4 is 571X more potent, which could result in a large increase in threats. 

While the long-term effects of generative AI are yet unknown, a new study presented today by cybersecurity company Sophos reveals that GPT-3 can be used by security teams to thwart cyberattacks. 

Younghoo Lee, the principal data scientist for Sophos AI, and other Sophos researchers used the large language models from GPT-3 to create a natural language query interface for looking for malicious activity across the telemetry of the XDR security tool, detecting spam emails, and examining potential covert "living off the land" binary command lines. 

In general, Sophos' research suggests that generative AI has a crucial role to play in processing security events in the SOC, allowing defenders to better manage their workloads and identify threats more quickly. 

Detecting illegal activity 

The statement comes as security teams increasingly struggle to handle the volume of warnings generated by tools throughout the network, with 70% of SOC teams indicating that their work managing IT threat alerts is emotionally affecting their personal lives. 

According to Sean Gallagher, senior threat researcher at Sophos, one of the rising issues within security operation centres is the sheer amount of 'noise' streaming in. Many businesses are dealing with scarce resources, and there are just too many notifications and detections to look through. Using tools like GPT-3, we've demonstrated that it's possible to streamline some labor-intensive proxies and give defenders back vital time. 

Utilising ChatGPT as a cybersecurity co-pilot 

In the study, researchers used a natural language query interface where a security analyst may screen the data gathered by security technologies for harmful activities by typing queries in plain text English. 

For instance, the user may input a command like "show me all processes that were named powershelgl.exe and run by the root user" and produce XDR-SQL queries from them without having to be aware of the underlying database structure. 

This method gives defenders the ability to filter data without the usage of programming languages like SQL and offers a "co-pilot" to ease the effort of manually looking for threat data.

“We are already working on incorporating some of the prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher stated. “In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.” 

It's important to note that researchers also discovered GPT-3 to filter threat data to be significantly more effective than utilising other substitute machine learning models. This would probably be faster with the upcoming version of generative AI given the availability of GPT-4 and its greater processing capabilities. Although these pilots are still in their early stages, Sophos has published the findings of the spam filtering and command line analysis experiments on the SophosAI GitHub website for other businesses to adapt.
Read more »
security goals
Cyber Security Exabeam IT Industry IT Security IT security experts Prevebtion over Detection Research security goals

A Majority of Security Experts Prioritize Prevention Over Detection


As per a recent report finding, a majority of organizations prefer prevention over detection when it comes to safeguarding their systems. However, a large number of businesses are consequently witnessing data breaches and other cyberattacks, with the severity of these incidents worsening day by day. 

In a survey of 500 IT security experts, Exabeam researchers discovered that nearly two-thirds of their respondents (65%) prioritize prevention over detection as their number one endpoint security objective. For the remaining third (33%), detection remained their utmost priority. 

Late to the Party 

To make the situation worse, the businesses actually act on this idea. The majority (59%) allocate the same amount to detection, investigation, and response, while nearly three-quarters (71%) spend between 21% and 50% of their IT security resources on prevention. 

According to Steve Moore, chief security strategist at Exabeam, the issue with this strategy is that the businesses concentrate on prevention while threat actors are already there, rendering their efforts useless. 

“As is well known, the real question is not whether attackers are on the network, but how many there are, how long they have had access and how far they have gone[…]Teams need to raise awareness of this question and treat it as an unwritten expectation to realign their investments and where they need to perform, paying due attention to adversary alignment and response to incidents. Prevention has failed,” says Moore. 

The majority of responders said yes when asked if they are confident, they can prevent attacks. In fact, 97% of respondents indicated they felt confident in the ability of their tools and processes to detect and stop attacks and data breaches. 

Only 62% of respondents agreed when asked if they could easily inform their boss that their networks were not compromised at the time, implying that over a third were still unsure. 

Exabeam explains that security teams are overconfident and have data to support it. The company claims that 83% of organizations experienced more than one data breach last year, citing industry reports. 

Among the many approaches implemented in order to combat security affairs, most organizations appear to be inclined towards the prevention-based strategy. The reason is, it strives to make systems more resistant to attack. Contrary to detection-based security, this approach is more effective in a variety of situations. 

Implementing a preventive approach could aid a company in significantly reducing the risk of falling prey to a potential cyberattack if it applies appropriate security solutions like firewalls and antivirus software and patches detected vulnerabilities.

Read more »
SEC
Cyber Security Cybersecurity Incident IT Security SEC

SEC Amends Cyber Incident Disclosure, Raises Concerns


SEC taking a tough stand on cyber threats 

Due to rise in breaches among its members and on its systems, the Security and Exchange Commission (SEC) is thinking how it can tackle the problem of cyber threats. 

The SEC suggested new amendments in March to supervise how investment firms and public companies under its purview should strengthen their IT security management and incident reporting. 

Throughout the years, SEC's disclosure regime has advanced to highlight evolving risks and investor needs. 

Current Cyber Security Landscape 

Today, cybersecurity is an emerging risk with which public issuers increasingly must contend. Investors want to know more about how issuers are managing those growing risks. A lot of issuers already provide cybersecurity disclosure to investors. I think companies and investors alike would benefit if this information were required in a consistent, comparable, and decision-useful manner, said SEC Chair Gary Gensler.

SEC being rough on incident reporting and identity theft programs

In July, the SEC thrashed JP Morgan & Co, UBS and online stock-trader TradeStation with having deficient customer identity programs, all these programs have violated the Identity Red Flag rules, or regular S-ID between between January 2017 and October 2019. 

Regulation S-ID aims to protect investors from identity threat risks. All the three financial organizations have agreed to: 1.Cease and desist from violations in future, 2. Getting censored, 3. Pay fines of $1.2 Million, $925,000, and $425,000, respectively. 

Besides these commitments, the SEC's proposed amendments will need the financial institutions to provide current report regarding material cybersecurity cases and periodic reporting to give updates about earlier reported cybersecurity incidents. 

The SEC in March issued that:  

“proposed rule defines a cybersecurity incident as an unauthorized occurrence on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”  Under the new rule, it considered "information systems" in a broad sense, especially when the financial firm made use of a cloud- or host based systems. 

SEC in the amendment says:

"The proposal also would require periodic reporting about a registrant’s policies and procedures to identify and manage cybersecurity risks. The registrant’s board of directors' oversight of cybersecurity risk, and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures." 



Read more »
Ransomware
customer privacy Cyber Attacks IT Security Mobile Apps Ransomware

Car Rental Giant Sixt Hit by Cyberattack, Operations Shut Down

Rental car giant Sixt, a company based in Germany announced that it has been hit by a cyberattack that resulted in large-scale inconvenience in Sixt's global operations. In April, the company closed down some parts of its IT infrastructure to restrict a cyberattack. 

Only important systems were operating, like the company website and mobile applications. Sixt said that the disturbance for employees and customers was expected, it believes that the disruption was contained to great extent. 

According to the company, it has offered business continuity to its customers, but the temporary disruptions in customer care centers and few branches can be expected for some time. "As a standard precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, in particular, the website and apps were kept up and running," said Sixt in a statement. Sixt did most of the car bookings with pen and paper last week, and systems that were not important have been shut down after the cyberattack. 

Calling customers were provided an automated notification "due to a technical problem, we are currently unavailable." No more details are available as of now, Sixt said that it has launched an inquiry into the issue, however, didn't disclose any information on how the attack happened. Sixt is requesting its customers to be patient until the issue is resolved. No ransomware group has claimed the responsibility for the attack as of now, however, the chances of ransomware are highly likely. 

According to Bleeping Computer, ransomware groups are targeting companies like Sixt because of the upcoming tourism season. Vacations are easy money for car rental companies. Ransomware groups generally operate during high traffic periods to increase the chances of damage to the targets. 

The greater the damage, the easier the ransom payment. Sixt said "impacts on the company, its operations and services have been minimized to provide business continuity for customers. However, temporary disruptions, in particular in customer care centers and selective branches, are likely to occur in the short term."

Read more »
Vulnerabilities and Exploits
Cyber Security News Information Security risk IT Security Vulnerabilities Vulnerabilities and Exploits

About 84% of Russian companies have vulnerable IT system

More than 80% of companies in Russia neglect the basic means of protecting information systems and data, as a result of which 84% of companies have vulnerabilities in their IT systems that can be exploited, including by novice hackers who do not have a high level of programming skills.

According to Ekaterina Kilyusheva, head of the research group of the information security analytics department at Positive Technologies, companies suffer from inexperienced hackers in about 10% of cases.

Based on the testing of 19 large companies from different sectors of the economy, it turned out that in 58% of cases, companies have at least one security breach that can be hacked by publicly available software for hackers.

It is noted that most often in Russian companies, security gaps are associated with the use of outdated software, the vulnerabilities of which are already known.

As noted by ESET security specialist Tony Anscomb, in addition to outdated software, companies often have poorly configured network infrastructure and operating systems, lack of encryption and two-factor authentication, which also increases the likelihood of a system being compromised.

It is noted that the best protected are companies in the financial sector and energy industry, which process large amounts of personal information and where the high dependence of business development on the stability of the IT direction, explained the head of Analytics and special projects InfoWatch Andrey Arsentiev.

Read more »
Telegram
Apple Information Security News IT Security Pavel Durov Technology Technology News Telegram

Pavel Durov called on Apple to oblige to install different application stores


Apple should allow users to install apps not only from its own App Store. This opinion was expressed by the founder of Telegram messenger Pavel Durov. According to him, Tim Cook (CEO of Apple) should be obligated to this at the legislative level.

The day before, high-ranking Telegram Manager, Vice President of the company founded by Pavel Durov, Ilya Perekopsky, spoke at a panel discussion with Russian Prime Minister Mikhail Mishustin and representatives of the IT industry in Innopolis. He said that Apple and Google are holding back the development of startups by charging a tax of a 30 percent Commission from app developers. Almost simultaneously with Perekopsky's speech, Durov published an article in which he called for Apple to be legally obliged to install an alternative App Store on the iPhone.

Durov is sure that if this is not done, then app developers, in particular, from Russia, will be forced to sell their startups for little money. At the same time, Apple's capitalization will only grow.
“Preventing two supranational corporations from collecting taxes from all of humanity is not an easy task. Corporations employ thousands of lobbyists, lawyers, and PR agents, and their budgets are unlimited. At the same time, app developers are scattered and scared, as the fate of their projects depends entirely on the favor of Apple and Google," wrote Pavel Durov.

The head of the TelecomDaily information and analytical agency Denis Kuskov noted that changing the market is quite difficult because these two companies are leading it. Therefore, Durov needs to accept this fact.

Durov recalled that in 2016, Apple banned the Telegram team from launching its own game platform: "We had to remove the telegram games catalog that we had already created and almost the entire platform interface, otherwise Apple threatened to remove Telegram from the AppStore." According to Durov, in a similar way the iPhone manufacturer does with many other developers.
Read more »
IT Security
Coronavirus Cyber Security Information Security News IT Security

Coronavirus will double the number of leaks of personal data of users, says security experts


The coronavirus epidemic around the world has affected not only electronics factories, but many companies are also transferring their employees to remote mode. But, according to experts, such a measure will negatively affect the entire field of data storage. Following a four-fold increase in the number of phishing mailings in Russia, analysts predict a significant increase in the number of leaks of personal user information.

According to experts of the Russian company Internet search, the danger of data being leaked to third parties often comes from the company's own employees. Employees working at home are not monitored by either colleagues or CCTV cameras, and the effectiveness of special software is often not enough to prevent leaks.

"It's scary to imagine that banks or IT giants will be unprepared for a new threat — working from home. All last year we observed how weaknesses in building the information security of the largest companies in the country led to catastrophic leaks of user data and other protected information. Now we ask employees to work from home and give them all the necessary access," said Igor Bederov, head of the company.

The expert noted that employees of various organizations at home are not protected from spam attacks and phishing, as well as from hacking their work computers. According to him, cybercriminals have already flooded the e-mail of many users with messages containing malicious codes.

Earlier, experts warned of a sharp increase in the number of leaks of personal and corporate data due to the mass transition to remote work. According to experts, the number of leaks in the near future may grow at least twice.
Read more »
Russian Cyber Security
Cyber Security News IT Security Russian Cyber Security

The e-voting system in Moscow has passed the first tests


On Thursday, July 11, the first stage of testing the e-voting system was completed, which will be used during the experiment in the elections of deputies of the Moscow City Duma on September 8.

According to Artem Kostyrko, the head of the Information Technologies Department of the capital of the Russian Federation, 178 attempts were made to replace the bulletins.

“Several attempts were recorded to find a link to a unique anonymized bulletin during the test voting. The attacks were professional,” Kostyrko said.

Kostyrko explained that it was not a system failure, but a data output failure. However, it happened 3 hours before the end of the voting. By this time, 75% of all participants voted.

He noted that the system was ready for attacks and they were fixed to be sent to the e-voting monitoring group for study.

Moreover, 1253 students took part in the testing and pointed out the shortcomings. "We conducted the first testing with students for a reason, because they are advanced users of gadgets, they can compare with applications and point out shortcomings," Kostyrko added.

Kostyrko noted that several more public tests are planned. "IT professionals will test e-voting system next week. We will ask hackers to try to hack the system, put a fake voice and so on."

In addition, a hacker who can hack the electronic voting system will be offered a cash prize of 1.5 million rubles (23 800 $). He added, “if hackers manage to hack the system, it doesn't mean it's bad. This means that our colleagues gave us an opportunity that we did not see. And we will say thank you to them!”

Recall that the idea of conducting an experiment with the blockchain elections to the Moscow City Duma at the end of February was proposed by a group of Russian State Duma deputies representing United Russia and the Liberal Democratic Parties. The Russian State Duma supported the proposed bill, and on May 29, Russian President Vladimir Putin signed the relevant law. On September 8, electronic voting will be held in three electoral districts, and voters will be able to decide in what form they will vote in traditional or online.
Read more »
Yandex Security
IT Security Yandex Security

Yandex announced the prevention of a large and very dangerous cyber attack


Greg Abovskii, the operational and financial Director of Yandex, spoke about the prevention of planned and dangerous cyber attacks on the Internet company. According to him, it was planned for a very long time and was very dangerous.

Yandex specialists managed to find and suspend the actions of the attackers, working together with Kaspersky Lab specialists.

Abovskii said, "Only by working together we were able to prevent, identify, isolate a cyber attack."

According to him, it is important for the Department of Information Security that the experts work together, cooperate with each other.

The press service of Yandex reported, "Sometimes these attacks are well-prepared, but we care about the security of user data and use all available tools to protect, including cooperation with specialists. We can’t disclose details of this attack, but we can say that user data were not affected.”

It is worth noting that this week it became known that the Federal Security Service (FSB) demanded encryption keys of services Yandex.Disk and Yandex.Mail. This happened a few months ago, but Yandex still has not fulfilled the requirements of the security forces.

The Russian Deputy Prime Minister Maxim Akimov promised that the Government would protect Yandex from excessive administrative pressure. According to the official, the Government will do everything possible to ensure that Russian companies, which are global leaders in some important areas, are not affected. He noted that Yandex is important not only for the national but also for the global economy.

Yandex.Mail and Yandex.Disk are included in the register of organizers of information distribution. Under the law of the Russian Federation, special services can obtain data to decrypt messages from their users upon request. There are 10 days to fulfill such requirements.

On June 4, the press service of Yandex stated that the company is against the violation of data privacy.

Recall that in 2018, the Court blocked the Telegram Messenger on the territory of Russia for refusing to provide encryption keys to Russian security agencies.
Read more »
IT Security
Bank Information Security Information Security News IT Security

Half of the online Banks in Russia does not have enough security

More than half of the Internet applications of Russian Banks were not sufficiently protected. According to the research of Positive Technologies, attackers can view some programs and also edit the information in them.

Cybersecurity Experts analyzed dozens of applications. In their opinion, 61 percent of programs have extremely low or low levels of protection.

It turned out that every second online Bank (54 percent) allows attackers to make fraudulent transactions and theft of money. For example, scammers can spoil the number to which the auto payment is set up or steal the victim's card number.

In addition, according to researchers, almost 80 percent of Banks carry out many operations without additional protection. You can transfer funds or disable the sending of one-time passwords without confirmation by SMS.

Earlier it became known that 85 percent of all ATMs are vulnerable to attacks aimed at stealing money. It turned out that Banks prefer not to update the ATM software, as it requires additional costs.

Information security Experts note that radical measures are needed to correct the situation.
Read more »
IT Security
Information Security News IT Security

Voice messages of social network Vkontakte were in the open access

Part of the voice messages of users of the Russian popular social network Vkontakte (Vk) was in the open access.

On Monday, users of the social network reported that they can find personal voice messages of other users in the "Documents" section. It was noted that messages could be found on the search request “audiocomment.3gp”.

Representatives of the social network stressed that it is not a vulnerability in the mechanism of the site, as all voice messages in the Vk application protected and only participants can access the correspondence materials.

According to the Vk Press Service, audio records could get into open access if users downloaded them through third-party unofficial applications.

The Vk administration also added that the social network does not use the audio format audiocomment.3g. The company recommended using official Vk applications to avoid such leaks. At the moment, the Vk Team quickly removed from public access about two thousand audio messages.

Read more »
IT Security
2018 Cyber Attacks India IT Security

76 percent Indian companies were hit by cyber attacks in 2018





A survey conducted by a UK-based IT security provider Sophos has found out that over 76 percent Indian companies were hit by cyber attacks in 2018.

India stands at third spot of highest number of cyber attacks in 2018 after Mexico and France. Meanwhile, 68 percent organizations in the world admitted of being a victim of the cyber attacks last year.

Managing director sales at Sophos India & SAARC, Sunil Sharma  told Business Today,  "In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them."

The survey was carried out in 12 countries which includes US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa, and there were about  3,000 IT decision-makers from mid-sized businesses.

"Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cyber criminals from getting on to the network," Sharma further added.

"They can't ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can't identify how threats are getting into the system and when."

The survey report reveals that in India, 39 percent of the cybercrimals are detected at the server, 35 percent are on the network, and 8 per cent are found on endpoints.

"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually traveled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.

According to the survey report,  97 per cent IT managers admitted that cyber security is the greatest challenge in India.

Read more »
IT Security News
IT Security IT Security News

IT security firm Trustwave sued for Failing to Stop Data Breach

IT security firm Trustwave has been accused of failing to properly investigate the card breach suffered by the Las Vegas-based casino operator Affinity Gaming in 2013.

Affinity Gaming filed a complaint in the district court of Nevada in December alleged Trustwave of misrepresenting themselves and failed to perform the adequate investigation, identify the breach, and falsely misinform them about the correction of the breach.

In December 2013, Affinity Gaming suffered a security breach that penetrated their payment card systems. They called Trustwave to investigate the matter.

According to the complaint filed “Trustwave informed the company that the malware was removed from its systems and that the breach was contained.”

After Trustwave completed its investigation, Affinity Gaming called Ernst & Young to conduct penetration testing. While penetration testing testers identified suspicious activity associated with a piece of malware.

Now Affinity Gaming  called FireEye-owned forensic specialist Mandiant  for further investigation.

The complaint was filed based on the latest investigation done by Mandiant.

“Trustwave had failed to diagnose that the data breach actually was the result of unidentified outside persons or organizations who were able to compromise Affinity’s data through Affinity Gaming’s Virtual Private Network (VPN), and that the ‘backdoor’ these persons/organizations had created — which Trustwave had speculated may have existed but concluded was ‘inert’ — was very real and accessible,” reads the complaint.

“Mandiant also determined that the unauthorized access and renewed data breach occurred on a continuous basis both before and after Trustwave claimed that the data breach had been contained,” it continues.

Affinity is looking for damages in excess of $100,000 / €92,000.
Read more »
IT Security
IT Security

Google accused of abusing dominance in India

The Competitive Commission of India have received queries from business giants like Flipkart, Facebook, Nokia's maps division, MakeMy-Trip.com and several other companies that US Internet giant Google abused its dominant market position in procuring search results.

The CCI director-general last week filed a report that accuses Google of abusing its dominant position to rig search outcomes, which includes actual search results as well as sponsored links, as seen in the responses from 30 businesses spanning search, social networks, ecommerce, travel and content sites. This marks the first case globally where an antitrust body is formally raising such charges against Google.

This was first initiated when Bharat Matrimony and a Jaipur-based not-for-profit, Consumer Unity and Trust Society, lodged their complaints against the search giant. The Economic Times has highlighted Microsoft's extensive submission on Google's alleged abuse of dominance. Others who responded to CCI include Map-MyIndia.com, Hungama Digital and GroupM.

The company has been asked to present itself in front of a seven-member committee headed by chairman Ashok Chawla, a week prior to which it has to submit a report consisting its findings regarding the complaints. The proceeding can go on for several hearings before the commission makes a decision, which can be challenged in the Supreme Court. If the commission finds Google guilty, it can ask the company to make changes in the way it does business.

There is possibility that  CCI might impose a fine up to 10% of Google's income. The CCI could also pursue against top Google executives. Google posted a net income of more than $14 billion on revenue of $66 billion in 2014.

"We're currently reviewing this report from the CCI's ongoing investigation," a Google spokesman said in an email to ET. "We continue to work closely with the CCI and remain confident that we comply fully with India's competition laws. Regulators and courts around the world, including in the US, Germany, Taiwan, Egypt and Brazil, have looked into and found no concerns on many of the issues raised in this report."

The report finds that the prominence of the search result is dependent on a quality score. The score itself says the report is calculated ambiguously. It highlights that Google modifies its search algorithms without informing users and changes results in dramatic changes. It cites the example of a UK website, Ciao!, which slipped to the second page of search results from one of the top results overnight. As a result of this the organisation lost substantial business. "As a result of Google policy, it is unavoidable for the trademark owners to participate and outbid third parties in the auction process for their ads to appear above others in response to search queries on their own trademark keywords," said the report
Read more »
IT Security
IT Security

Graham Central Station compromised with Empolyees' personal documents

4 Investigates found a pile of records wound up in three giant dumpsters at Graham Central Station  in Albuquerque.The records includes social security number, date of birth and driver’s license number.

According to the tipster, “Driving down the alley, I noticed all the trash cans were full of boxes with what looked like files kind of spilling out the top of them.”

The 4 Investigates team collected the records and  attempted to contact every one of the former employees listed. There’s assurance that if the records had already been compromised or not, but investigative team alerted every one about the possible risk.

The blame game has started. Graham Central Station’s president, based in Texas, Roger Gearhart, refused to answer questions, but sent a statement through his attorney, "Graham Central Station was upset to learn that its landlord... recently discarded dozens of its personnel files into a public dumpster. Ross Plaza One evicted Graham Central Station from its building and offices in November 2014 and changed the locks, which prevented Graham Central Station from accessing its records for a period of months. Although Ross Plaza One assured Graham Central Station that its records would be destroyed, that apparently did not happen."

However, emails from the landlord’s attorney offer a different perspective. The final letter from the landlord to Graham Central Station, which went unanswered, was: “I would like to confirm that Graham is aware that we intend to destroy and dispose of all the boxes…”

Those people who worked at Graham Central Station, need not to worry as  their records are now in safe hands. 

Graham Central Station was famous for having more than one club under one roof, but after eleven years in business, the club was closed down.
Read more »
Subscribe to: Posts (Atom)