Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Meath County Council Targeted By Hackers

(pc-Google Images)
We stand to discuss about the €4.3 million Meath County Council so-called “cyberattack” that emerged into the limelight just like Donald Trump’s 400lb hacker from his bedroom lair.

In brief, the Meath County Council was found victim of a specifically popular type of scam in which, an employee who has the control of accounts is sent a spoof message purporting to be from, for instance, the company chief executive. That person is asked to transfer a large sum of money into an account. The money is duly transferred to the scammers.

If in case, the whole thing comes to light fast enough, the shift can perhaps be retrieved or frozen, as was the case with the Meath mega-sum, now stuck in a Hong Kong account.

(pc-Google Images)
At every mention of the word cyber, my will to believe the world's literacy declines further. What makes media and communications people rush to use this particular word for about anything related to computers and the internet? With the Meath story, cyber was splattered everywhere. 

Mathematician Norbert Wiener’s 1948 book Cybernetics or Control and Communication in the Animal and the Machine, is acceptable to utilise ”cyber" in order to discuss cybernetics (should you be so inclined) or even cyborgs – short for cybernetic organisms.

And cyber also may be used at will if discussing William Gibson’s famed 1984 novel Neuromancer, which is known for introducing the term cyberspace to the world. The popularity of the novel, however, seems to be responsible for the release into the wild of all the unwanted silly cyber variations that taint our knowledge today.

Just because the novel passes for cool cyberpunk (arguably, an allowed usage) does not mean your use of cyber is cool. It almost certainly is not.

Nothing catches a wannabe geek desperately vying for street cred, a generalist in search of a trendy speciality, or an insecure self-promotional IT security professional like sticking "cyber" in front of a job title or using the word liberally in every reference to anything digital.

This is of course why governments, surveillance agencies and a host of makey-uppy experts wave the word around as legitimate with all aspects.

Because let's get this straight. If the term cyberattack is going to be forced on us at every level, it has to at least be in an appropriate context in which it is just about acceptable for security experts to sometimes use it. That means a major and debilitating attack using computers and the internet, by the most sophisticated of criminal hackers or those acting on behalf of a nation state.

Garden variety fraud 

It should not be extensively used because an email was used to perpetrate a garden variety fraud, as in the case of the Meath scam. It could just as easily have been a letter in the post, a text or a phone call. But in this case “the vector of attack" appears to have been an email. This uses basic social engineering – pretend to be someone you are not and sometimes a third party will be taken in and you’ll get useful information, access to networks, or money transfers.

By international measures, this was indeed a big scam. When the FBI sent out an alert last spring warning about a massive increase in these so-called CEO scams, it noted the average loss to duped companies was $25,000-$75,000.

Mattel – the giant multinational toy company – lost $3 million in 2015 to a CEO scam. Meath County Council nearly outperformed Mattel.

Incidentally, one common way of perpetrating these scams, according to the FBI, is free email services. Hack into someone in authority’s account, send an email seeming to come from that person . . . Just saying, maybe some of our politicians and State employees need to think again about those Gmail accounts they also use for business matters.
Read more »

Corporate Sector Struggles To Handle Cyberattacks

(PC-Google Images)
Major cyberattacks against organizations of various sizes seem to happen on a regular basis now. On Dec. 14, Yahoo announced the largest-ever data breach, involving around 1 billion customer accounts.

Despite the scale and harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to save their companies against these attacks. It's not just an issue of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.

"Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats," said Gartner analyst Avivah Litan, a longtime cybersecurity consultant to many organizations.

"Some organizations do a better job than others, but those efforts are almost always led by CIOs, CISOs or business line managers and not by corporate boards, CEOs and executive management throughout government and the private sector," Litan added.

Unless senior partners, corporate boards and other senior stakeholders get their act together, the threat actors will continue to succeed.

Litan said what's needed is a national response and cyber protection plan, but said she fears that the federal government is "way too fragmented and politicized to make any real progress towards the execution of this goal."

Threats against national infrastructure, including the electricity grid, are "enormously serious," she added. "Unless senior executives, corporate boards and other senior stakeholders get their act together, the threat actors will continue to win. I'm not sure how many more wake-up calls we need in this country."

Litan's worries seem to have impacted some quarters of the corporate governance community. The National Association of Corporate Directors (NACD) recently released a survey of more than 600 corporate board directors and professionals that discovered only 19% believe their boards have a high level of understanding of cybersecurity risks. That's an improvement from 11% in a similar poll conducted a year earlier.

The survey also inferred that 59% of respondents find it challenging to overlook several cyber risks. The nonprofit NACD, which has 17,000 members, is working along with security awareness firm Ridge Global and Carnegie Mellon University to establish a Cyber-Risk Oversight program to educate corporate directors about the systemic risks of cyberattacks.

Litan suggests that education is important, but she also supports state and federal laws to require organizations to report cyber attacks so that customers and partners will know how to change passwords and make other adjustments to protect sensitive data.

At the federal level, a number of U.S. senators have backed breach notification laws, but no bills have passed congressional muster. President Barack Obama proposed such legislation in 2015.

With the January inauguration of Donald Trump as the next U.S. president, it remains a mystery whether a federal breach notification law will take effect in the next four years, or longer.


Read more »

North Korean Hackers Could Weaken US Pacific Command

(pc-Google Images)
A cyberattack by North Koreans could potentially knock out the computer network for the US Pacific Command, warned a report issued out by a South Korean state-run agency.

According to a report by the South Korean Defence Agency for Technology and Quality (DATQ), North Korea’s cyber warfare specialists could “paralyze” the networks for the U.S. Pacific Command’s control center and cripple parts of the U.S. power grid.

Pyongyang has around 6,800 cyber warfare specialists, according to the South Korean Ministry of National Defense. Some experts believe the North could have as many as 30,000 hackers in its employ.

"The enemy (North Korea) will seek to disable our cyber capacity at a critical point via an all-out cyberattack. ... It is crucial (for South Korea) to establish an asymmetrical cyber warfare capacity to overwhelm that of the North," the report said.

North Korea has been the primary suspect in a number of cyber attacks in recent years.

Local cyber expert Lim Jong In, a professor at the graduate school of information security at Korea University, said cyber terrorism appeals to poorer countries like North Korea, as it can be done on a relatively small budget but still has a large impact.

Cyber tension between North and South have recently escalated, amid a wave of allegations and cyberattacks.

The South Korean military reported that its cyber command, a division set up to prevent hacking, was breached by North Korea earlier this month. Over a period of several years, North Korea hacked into over 140,000 computers and breached the security systems of more than 160 South Korean firms and government agencies.
Read more »

Bangladesh bank heist: Police suspect IT technicians

(pc-Google Images)
One of the biggest bank hacks of 2016 was the Bangladesh bank hack. The hackers successfully broke into the Central Bank of Bangladesh and stole nearly $1 Billion, of which $81m (£65.9m) still remains unrecovered.

Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world's biggest cyber-heists last February.

The suspect in this case are now considered to be IT technicians from the bank hooking up its transactions to the public internet, giving access to the hackers.

"There were a number of other things, which if the Bangladesh Bank people had not done, the hacking would not have been possible," said Alam.

Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist. It is supposed to be removed and locked in a secure vault after business hours each day.The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.

Alam said that he was waiting for "specific information" on any communications between the suspects and the hackers, which may help further solidify the case.

No suspects have been named or arrested yet. The Bangladesh bank, Swift and the FBI, which also launched its own probe into the attack, are yet to comment on that matter.
Read more »

Obama imposes sanctions on Russia

The Treasury Department of United States has announced the new sanctions against five entities and four individuals after President Barack Obama has signed the papers on Wednesday night.
In the executive order, the president said “additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities… in view of the increasing use of such activities to undermine democratic processes or institutions.”

The five institutions included in the list are: the Professional Association of Designers of Data Processing Systems, an autonomous non-commercial organization; Federal Security Service (Federalnaya Sluzhba Bezopasnosti or FSB); Main Intelligence Directorate (Glavnoe Razedyvatelnoe Upravelenie or GRU); Special Technology Center; and Zorsecurity, formerly known as Esage Lab or Tsor Security.

The list of sanctioned people includes:  GRU's  first deputy chief,  Vladimir Stepanovich Alexseyev; the deputy chief,  Sergey Gizunov; Igor Korobov, chief of the GRU; and Igor Kostyukov, the first deputy chief of the GRU. The Treasury Department included two other names to the list "for malicious cyber-enabled activities," Aleksey Alekseyevich Belan and Evgeniy Mikhaylovich Bogachev.

In retaliation for reports of harassment of US diplomats in Moscow, White House has expelled 35 Russian intelligence officials,  giving them 72 hours to leave the country. However, there is no correlation between both the cases.

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” Obama said in a statement.
Read more »

Cisco India Introduces 3 Cyber Security Initiatives

(pc-Google Images)
Cisco India has announced three new initiatives to help the country build a transparent and secure digital infrastructure environment.

Cisco will open a new Security Operations Centre (SOC) in Pune which will provide services in monitoring and management to comprehensive threat solutions and hosted security that can be customised.

The company’s Cisco Cyber Range Lab in Gurugram will provide specialised technical training workshops to help security staff build the skills and experience necessary to combat new-age cyber threats.

Cisco's global Security & Trust Organization (S&TO) and Cisco India announced the formation of Cisco S&TO-India that will help the government shape the national cyber-security strategy and initiatives.

Meanwhile, Cisco and Ministry of Electronics and Information Technology's (MeitY) Indian Computer Emergency Response Team (CERT-In) signed a Memorandum of Understanding (MoU) in the presence of Electronics and IT Minister Ravi Shankar Prasad.

"In light of rapidly evolving cyber tactics and shared risks in cyberspace, the need to work side-by-side with industry partners on pressing cyber-challenges becomes increasingly important. We are happy to have Cisco collaborate with us to enhance the security of India's digital infrastructure," said Prasad.

Cisco's "Active Threat Analytics" provides round-the-clock monitoring and advanced-analytics capabilities combined with industry-leading threat intelligence and expert investigators to rapidly detect advanced threats.

Cisco will also provide 24-hour service for customers regardless of time zone. "As India digitises, security will become fundamental to seizing the unprecedented opportunities for businesses, cities and citizens. Cisco is committed to enable a digital-ready infrastructure and security everywhere. Today's cyber-security announcements reaffirm Cisco's long-term commitment to India," added Dinesh Malkani, President, Cisco India and SAARC.

"By 2020, the Indian digital payments industry will grow 10 times and mobile transactions will grow 90 per cent per year by 2020. As of 2016, three new Indians join internet every second and by 2030, one billion Indians will be online so digital security is paramount," Malkani added.
Read more »

New York Financial Regulator Delays Cyber Security Rules

(pc-Google Images)
The New York Department of Financial Services (NYDFS) will delay the effective date of their proposed cybersecurity regulation until March 1, 2017. Earlier the anticipated deadline was January 1 for banks and insurers doing business in the state to comply with controversial cyber security rules.

Banks and insurers have been fighting for an extension of the compliance deadline and other changes ever since the regulator formally unveiled the proposed rules in September.

Banking and insurance industry representatives raised their objections that included the fact that ‘The rules did not distinguish between small and large financial institutions and would possibly conflict with future U.S. government cyber security rules.’

The original proposed regulation met with significant resistance, including reportedly more than 150 comment letters. Many of the comments identified the proposed regulation as highly prescriptive and lacking allowance for Covered Entities to make risk-based decisions on certain important technology matters.

A number of comments also requested the ability to distinguish between small and large Covered Entities in structuring cybersecurity programs based on size and risk. Some comments expressed concern that inconsistencies with federal and other state regulations, which are anticipated in the future, would make compliance highly complicated.
Read more »

Turkey Blocks Tor Browsing Network

(pc-Google Images)
For years, Turkey has been known as a nation to suppress dissent and journalists, and now it is turning its attention towards the freedom of internet access.

Turkey has blocked direct access to the Tor anonymous browsing network as part of a wider crackdown on the ways people circumvent internet censorship.

Internet advocacy group Turkey Block recently confirmed that the Tor anonymity network has been blocked in the country.

In a statement, Turkey Block said, "Our study indicates that service providers have successfully complied with a government order to ban VPN services."

The free virtual private network (VPN) has exploded in popularity in recent years as countries expand their cybersecurity laws to allow for them to have an increased ability to snoop on unsuspecting citizens in the name of state security.

Users of commercially available VPNs – typically used by people within a country to watch or read content not legally available in their own country – have also been affected, as per Turkey Blocks.

Tor is an anonymity service that conceals the browsing footprints of users when they go online. Tor uses a sophisticated protocol of encryption and random bouncing of packets through connected networks in order to hide the user's location.
Read more »

Critical flaws in PHPMailer leaves millions of websites vulnerable

A security researcher has discovered a critical vulnerability in the PHPMailer that might affect millions of websites users making them vulnerable to remote exploit.

It is being estimated that more than 9 Million users worldwide are affected by this vulnerability named as CVE-2016-10033, which affects PHPMailer. It is one of the most popular open source PHP libraries used to send emails.

There are millions of websites who uses  PHP and popular CMS, including WordPress, Drupal, and Joomla which currently use the PHPMailer for sending emails.

The CVE-2016-10033 affects all versions of the library before the PHPMailer 5.2.18 release.

The flaw was discovered by the security researcher  Dawid Golunski who works in  Legal Hackers.  “An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application,” Golunski explained.

“To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.”

The expert has confirmed that he will soon provide the details of the CVE-2016-10033 vulnerability.

Golunski has informed about the flaws to the developers which they promptly fixed the PHPMailer 5.2.18. He also plans to publish an advisory as a proof-of-concept exploit code and video PoC of the attack.

Read more »

Ransomware cases rises exponentially in Singapore

The year 2016 has seen an exponential rise in ransomware cases around the world. In Singapore alone,  17 cases of ransomware were reported in the first 11 months this year, up from just two in 2015, the Cyber Security Agency (CSA) said.
Ransomware attacks mean when a hacker is successful in encrypting the user's  files or lock a user's computer and then he demand money from the user in order to regain the access to his own files or computer. 
According to one of the firms who got badly affected by ransomware was a subsidiary of maritime supply chain management company BH Holdings. The company got affected when two of its staff members tried to open an email attachment from an unknown source, recounts IT executive Roberto Ang. "They double-clicked on it, and they could not open it. So they thought that it's just some file that cannot be opened. So they just ignored it and continued working.
"Then after half a day, they started to find that they cannot access some of the files, and these had a weird extension."
 Mr. Ang. noticed that something is wrong when, "I saw that there was a text file inside the encrypted folder that showed that it was ransomware, asking for payment to decrypt the files."
The company refused to pay the ransom of US$1,000 (S$1,447). Instead, their technical team tried to rebuild  3,000 infected files with data of the accounts and stocks from hard copy files.
Attackers are more interested in targeting big businesses rather than individuals as they have more critical and important information rather than any individual and that would compel them to pay up a ransom, an expert told Channel NewsAsia.
Tarun Kaura,  security advocate at Symantec explains this scenario. "Let's say I'm an HR professional in a specific enterprise, and I've been given a target for a recruitment drive. I have to hire a few people - it's important because there are deadlines," he said. 
"If I go on public social websites saying I'm hiring ... someone (an attacker) can craft an email sending a maybe a resume or information on a talent pool that I would want to look into. That's how they go after certain departments or people in an enterprise - by being more relevant and contextual to a business."
So how you should protect yourself from ransomware attack? Mr. Kaura gives advice to the common people, before opening any email just look at the header of the email and scrutinize its contents. "If you see a bit of ambiguity in that in terms of how it's been named and where it's coming from, which domain it's coming from, it is easy for a consumer to figure out that this mail is not coming from a legitimate source.
"You should take a step back and see ... let's not click everything that comes to you."

Read more »

Kids' hi-tech toys threat to cyber security

Gifting hi-tech toys for your kids?  Beware of these hi-tech toys that are very easily available in markets. They have inbuilt Wi-Fi, cameras, and apps that could be easily connected to your home network.

A member of Colorado Cyber, Molly Wendell said that  "There are some really cool smart toys, smart-enabled toys, Wi-Fi-enabled toys like little dolls that talk back to you or listen to you.The toys could be listening to your child or recording video or recording the voice of your child."

This ability will help hackers to hack into your home computer network and access your bank statements online, credit cards and even medical records.

According to the chief information security officer at TeleTech Holdings (TTEC) in Englewood, Colo, "There is the tradeoff between the security and privacy of your family and the coolness of the toy," said Sam Masiello.

Some of the toys are intelligent enough to record and translate the conversation,  so it helps the manufacturers in selling the information to advertisers, Masiello said.

"If it overhears you really want to buy a new car, it might send it over to car manufacturers," he said. To solve this problem, many of the toy companies has privacy deal with customers,  promising whatever a toy hears or stores is protected.

It is recommended from the cyber experts that you should keep changing your home Wi-Fi passwords often.

"We have young kids, so we definitely don't get toys with Internet," said Adam Rutan of Lakewood, Colo.


Read more »
Subscribe to: Comments (Atom)