Category: Uncategorized

In 2022, 59 percent of business in the Asia-Pacific region reported being the victim of a cyber attack, 32 percent reported being the victim of multiple cyber attacks and the region suffered a shortage of 2.1 million cyber security professionals.
This has culminated in the Asia-Pacific region being victim to a number of high-profile cyber attacks within the last 12 months. In this article, Cyber Security Hub explores seven of these attacks.
In December 2022, an IT managed service provider that supports a range of organizations across New Zealand including several within its government suffered a cyber attack, compromising access to its data and systems.
Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora (Health New Zealand), although health service delivery was not been affected. 
The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack impacted access to some coronial data. This allegedly included thousands of autopsy reports.
New Zealand’s National Cyber Security Center (NCSC) said that it was coordinating governmental response to the cyber attack, both within the Government Communication Security Bureau and alongside the New Zealand Police, CERT NZ and the Privacy Commissioner.
Lisa Fong, deputy director-general of the NCSC, said that the organization is working with the compromised third party to “understand more fully the nature of the data that has been impacted” and how the cyber attack occurred. 
On October 13, 2022, Australian health insurance provider Medibank suffered a data breach which affected 9.7 million people.
The malicious actor responsible for the breach attempted to extort the company by contacting them directly to negotiate the release of the data. Medibank refused, which led to the hacker releasing private medical information obtained in the breach on the dark web.
The hacker posted a file labelled “abortions” to a site backed by Russian ransomware group REvil on November 10, 2022, which apparently contained information on procedures that policyholders have claimed on, including miscarriages, terminations and ectopic pregnancies.
They also released files containing customer data called “good-list” and “naughty-list” on November 9, 2022. The so-called “naughty-list” reportedly includes details on those who had sought medical treatment for HIV, drug addiction or alcohol abuse or for mental health issues like eating disorders.
The hacker added to the November 10 data leak post, saying: “Society ask us about ransom, it’s a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer.”
During question time in Australian Parliament on November 10, minister of home affairs Clare O’Neil hit back at the hackers, saying: “I want the scumbags behind this attack to know that the smartest and toughest people in this country are coming [at] you.
“I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cyber-security but more importantly, as a woman, this should not have happened, and I know this is a really difficult time.”
David Koczkar, CEO of Medibank, called the release of the data “disgraceful” and a “weaponization of people’s private information”. He also called those involved in the cyber-attack and data leak “deplorable”.
In an attempt to protect those affected by the cyber security incident and the subsequent data leaks, Medibank urged members of the public and the media to not “unnecessarily download sensitive personal data from the dark web” and to “refrain from contacting customers directly”.
On October 7, 2022, Japanese car manufacturer Toyota issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 2022. 
The breach occurred because a section of the source code for T-Connect, an app which allows customers to connect their phone to their car, had been posted on source code repository GitHub in December 2017. As the source code contained an access key for the server, this may have allowed unauthorized access to customer data for five years.
Any customers who registered for the app from December 2017 to September 2022 were at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access included email addresses and customer management numbers. Personal or sensitive information including payment card information, name and address were not accessed.
Following a security investigation, Toyota said that while it “cannot confirm access by a third party based on the access history of the data server where the customer’s email address and customer management number are stored, at the same time [it] cannot completely deny it”.
Toyota also said that it would individually notify all those who were affected by the breach.  
Australian online retail marketplace MyDeal confirmed in October 2022 that it was the victim of a data breach that exposed the data of around 2.2 million customers.
The retailer, which is a subsidiary of supermarket chain Woolworths, said that it would be contacting all those affected by the breach via email, as well as alerting the “relevant regulatory authorities and government agencies”.
Woolworths said that the breach was caused by a malicious actor using “a compromised user credential” to gain unauthorized access to MyDeal’s Customer Relationship Management (CRM) system.
Customer information exposed during the cyber-attack included names, dates of birth, phone numbers and email addresses. For 1.2 million customers, the data exposed was limited to their email address. Confidential information like passport, payment card and drivers license details is not stored by MyDeal, and therefore was not exposed in the hack.  
A GPS tracker manufactured by Chinese company MiCODUS was been revealed to have numerous critical cyber security vulnerabilities that could allow bad actors to remotely hack a vehicle’s system in August 2022. 
At the time of the discovery, the MiCODUS MV720 GPS tracking device had been sold to customers across 169 countries and installed in more than 1.5 million devices. 
The critical cyber security issues were first discovered by cyber security startup BitSight. Following the discovery of the vulnerabilities, BitSight informed the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).
The CISA confirmed that “successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands and the disarming of various features (e.g. alarms)”. 
In a report on the vulnerabilities, BitSight said it had found MiCODUS devices were being used by a range of organizations including “a Fortune 50 energy company, a national military in South America, a national government and a national law enforcement organization in Western Europe, and a nuclear power plant operator”.
It was also revealed that MiCODUS has a global customer base of 420,000, with 1.5 million devices sold. However, BitSight did note that it was unable to determine the number of MiCODUS MV720 units currently in use globally, as well as the number of MiCODUS devices used for personal or businesses uses.
Australian telecommunications company Telstra revealed on Tuesday that it had been hit by a data breach that had revealed the details of 30,000 current and former employees.
The details included employee’s first and last names and email addresses, and were posted on hacking forum BreachedForums.
In a tweet, Telstra confirmed that the data leak “wasn’t a breach of any Telstra system” and that it has notified its employees and authorities first, before notifying former employees, despite “minimal risk” to them.
You may have heard about a data breach involving Telstra employee details. Here are the key facts:

👉 This wasn’t a breach of any Telstra system
👉 No customer account info was included
👉 The data includes first/last names and employee email addresses
👉 The data is from 2017


A Telstra spokesperson said the company had been “made aware of a data breach affecting a third party that included limited Telstra employee information from 2017.”
Of the information shared, 12,800 of the employees named were current employees.
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that led to the details of 11 million customers being accessed.
The information accessed includes customers’ names, dates of birth, phone numbers, email addresses, home addresses, driver’s license and/or passport numbers and Medicare ID numbers. Payment detail and account passwords were not compromised in the breach.
Optus confirmed that it has now contacted all customers to notify them of the cyber-attack’s impact, beginning with those who had been affected by the breach and finishing with those who had not had their data accessed.
Someone claiming to be the hacker told Australian journalist Jeremy Kirk that they had “accessed an unauthenticated API endpoint” meaning that they did not have to log in to access the data and that it was “all open to internet for any one[sic] to use”.
A person claiming to be the hacker responsible for the data breach posted a small sample of the customer data stolen to the hacking forum BreachedForums on September 23. 
Using the alias optusdata, the hacker demanded that Optus pay them $1mn ransom, or they would leak the data of all 11 million customers affected by the breach. When Optus did not respond to the ransom demand, optusdata then posted a text file of 10,000 customer data records on September 26, allowing other malicious actors to use the data in their own phishing campaigns.
Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data will be sold to other hackers.
However, on the same day, the supposed hacker posted a new message on BreachedForums, rescinding their demand and apologizing to Optus.
The hacker said there were “too many eyes” so they will not be selling the data to anyone and claimed that they had deleted all the data from their personal drive, and that they had not made any copies. They offered an apology also to the 10,200 people who had their data exposed via their posts on BreachedForums, and to Optus itself, saying “hope all goes well with this”.
They finished by saying they “would have reported [the] exploit if [Optus] had [a] method to contact” and that while the ransom was not paid, they “dont[sic] care anymore” as it was a “mistake to scrape publish data in the first place”.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.
Join Now
08 – 09 March 2023
Free CS Hub Online Event
08 March, 2023
Online
15 March, 2023
Online
15 March, 2023
Online
March 21, 2023
Free CS Hub Online Event
22 March, 2023

Insights from the world’s foremost thought leaders delivered to your inbox.
2023-04-20
10:00 AM – 11:00 AM EST
2023-04-12
10:00 AM – 11:00 AM EST
2023-04-05
10:00 AM – 11:00 AM SGT
Reach Cyber Security professionals through cost-effective marketing opportunities to deliver your message, position yourself as a thought leader, and introduce new products, techniques and strategies to the market.
Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.
Cyber Security Hub, a division of IQPC

Careers With IQPC| Contact Us | About Us | Cookie Policy
Become a Member today!
Already an IQPC Community Member?
Sign in Here or Forgot Password
Sign up now and get FREE access to our extensive library of reports, infographics, whitepapers, webinars and online events from the world’s foremost thought leaders.
We respect your privacy, by clicking ‘Subscribe’ you will receive our e-newsletter, including information on Podcasts, Webinars, event discounts, online learning opportunities and agree to our User Agreement. You have the right to object. For further information on how we process and monitor your personal data click here. You can unsubscribe at any time.

source

By John P. Mello Jr.
Contributor, CSO |
An underground economy that mirrors its legitimate ecommerce counterpart is supercharging online criminal behavior, according to a report released Thursday by HP Wolf Security in collaboration with Forensic Pathways. Cybercriminals are now operating on a professional footing with easy-to-launch malware and ransomware attacks being offered on a software-as-a-service (SaaS) basis, allowing people with even rudimentary IT skills to launch cyberattacks at targets of their choosing, the report notes.
It found that competition in the underground has driven down the price of malicious tools, making them affordable to anyone. In an analysis of 174 exploits advertised on the dark web, HP Wolf researchers found an overwhelming number (91%) were selling for less than $10. A look at 1,653 malware ads revealed more than three quarters (76%) selling for under $10. And on average, information stealers were selling for $5, remote access Trojans (RATs) for $3, exploits for $2.23, and crypters for $1.
“As we got into the 2010s, we started to see a really big push toward commoditization,” said Michael Calce, a former hacker known as “MafiaBoy” and chairman of HP Wolf Security Advisory Board, speaking at an online “fireside chat” on the report. “These communities and hackers are looking to push these exploits out at a cheaper price. Why? Because there’s competition involved now.”
As the underground economy became more like the above-board economy, it’s had to grapple with trust. “We’re seeing a lot of mechanisms that the operators of underground markets have come up with to encourage fair dealings between buyers and sellers,” explained Alex Holland, a senior malware analyst at HP Wolf and author of the report, also speaking at the fireside chat.
Those mechanisms include vendor feedback scores—all cybercriminal marketplaces include those, according to the report. In addition, 92% of the marketplaces have some kind of third-party service for resolving disputes, 85% have escrow services, and 77% require “vendor bonds,” which must be paid before anyone can start selling in the marketplace.
“Vendor bonds discourage short-term scammers,” Holland said. “In order to sell on an underground market, you need to reach a certain threshold of revenue. If you’re a scammer, you’re never going to meet that threshold.”
Looking ahead, the report identified four trends security pros should be aware of, such as an increase in destructive data denial attacks. “We can expect to see extortion attacks using the threat of data destruction against sectors that depend on IoT devices and data in time-sensitive and critical ways,” the report predicted.
Another trend identified in the report is a continuation of the blurring of lines between criminals and nation-state threat actors, with criminals adopting techniques that require human-operated attacks harnessing a deep understanding of victims’ networks.
Meanwhile, nation-states will show a greater interest in monetizing their activity. “Nation-states not only see the internet and cybercrime as strategic tools, but also to use cybercrime as a way of generating GDP,” said Mike McGuire, a senior lecturer in criminology at the University of Surrey in the UK, speaking at the fireside chat.
The report also warned of threat actors using leading-edge technologies to power their malicious activities. Deep fakes could be used to power data integrity attacks, for example, and “cloud cracking” could become catastrophic if powered by a quantum computer.
In the future, attackers will focus less on new vulnerabilities and more on efficiently exploiting old ones, the report added. “We are likely to see attackers using AI and machine learning techniques to enable targeted spear-phishing attacks at scale.”
A world rife with cyber threats is the reality everyone has to live in, Calce observed. “We’ve decided to surround ourselves with technology,” he says. “We did not make security the core feature of this technology. Now we’re paying the price.”
John Mello writes on technology and cyber security for a number of online publications and is former managing editor of the Boston Business Journal and Boston Phoenix.
Copyright © 2022 IDG Communications, Inc.
Copyright © 2023 IDG Communications, Inc.

source

ipopba / iStock / Getty Images Plus via Getty Images
The rapid proliferation of new attack surfaces means more opportunities for threat actors than ever before, and this will only continue as new technologies are introduced, according to Vulcan Cyber’s Cyber Risk in 2022: A 360° View report.
The report, developed by the Vulcan Cyber in-house research team, Voyager18, highlights the biggest developments and underlying narratives to cyber risk in 2022 and suggests ways to improve and maintain security posture as we enter 2023. According to the report, organizations need to be aware of the following seven trends in 2023:

Security in the cloud remains immature, with default cloud services often providing inadequate essential security functions. Threat actors are keenly aware of this, and security teams must keep up with their organizations’ appetite for cloud adoption.

With around two-thirds of the world’s population using smart devices as of 2021, it is no surprise that mobile is fast emerging as a major target for threat actors. Attackers leverage easy opportunities in e-commerce, banking and online booking applications. With mobile devices not going anywhere soon, this attack surface will only continue to grow.

Expect to see more sophisticated and targeted attacks on Internet of Things (IoT) devices and a greater range of malicious actors targeting this technology in their attacks.

The healthcare sector is increasingly vulnerable with more patient data being stored online and in the cloud, and the residual impact of the COVID-19 pandemic on healthcare services.

A welcome development for 2023 will be the increased implementation of advanced machine learning and other artificial intelligence (AI) techniques in identifying and responding to threats.

An organization’s user base will remain a primary target, with threat actors leveraging phishing, social engineering, and other techniques to try to compromise the organization’s employees and their customers.

With the avenues of attack growing in number, IT security teams cannot rely on outdated methods to stay secure.
The report explores a number of ways organizations can meet the increased demands of the cyber risk landscape, including:
For more information, visit www.securitymagazine.com.

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
CISA is committed to supporting efforts to maintain safe and secure houses of worship and related facilities while sustaining an open and welcoming environment. In partnership with the Department of Homeland Security Center for Faith-Based and Neighborhood Partnerships and the Faith-Based Information Sharing and Analysis Organization, CISA provides resources that assist houses of worship in securing physical and cyber infrastructure.
CISA is a first stop for guidance and resources to inform FBO-HOW security-based decisions. Included below are numerous resources, which provide building blocks for effective safety and security programs. The resources include a guide, a self-assessment tool, trainings, exercises, and other materials focused on a wide range of man-made threats (e.g., bombing, active shooter, vehicle ramming, etc.) that could be used against the FBO-HOW community.
These resources are intended to help act as the building blocks for improving the security of an organization’s congregants and facilities.
This Paper-based Security Self-Assessment to assists personnel to understand potential vulnerabilities and identify options for consideration to mitigate them.
The guidance and resources on this page outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.
This tool is designed to guide personnel at houses of worship through a security-focused self-assessment to understand potential vulnerabilities and identify options for consideration in mitigating those vulnerabilities.
This tool is designed to guide personnel at houses of worship through a security-focused self-assessment to understand potential vulnerabilities and identify options for consideration in mitigating those vulnerabilities. 
Building a safe and secure environment for faith-based communities is no different than typical security planning. However, there are nuances pertaining to a congregation’s desire for openness and access, engagement with their congregants and visitors, and rituals that may be impacted by heightened security. 
There are several factors that must be considered when making security decisions and planning security enhancements. Knowing the factors that influence your facility’s overall security risk will provide you with focus areas and shed light on where to begin lowering risk. CISA provides a variety of resources, which, when used effectively, can help you improve your preparedness and the safety and security of your community.
Today, houses of worship face a unique set of safety and security challenges that they didn’t just a few years ago. This video was developed to inform the faith-based community about options for consideration to mitigate risk to places of worship and related facilities.
The PSA Program’s primary mission is to proactively engage with federal, state, local, tribal, and territorial government mission partners and members of the private sector stakeholder community to protect critical infrastructure.
The US Department of Homeland Security through FEMA provides nonprofit security grants, which are managed in partnership through each state’s Homeland Security Advisor’s office, to improve facility security, preparedness, and emergency planning.
A trusted community that shares timely, actionable, and relevant information with an all-hazards approach as incidents affecting the community come in the form of physical threats, cybersecurity issues, health outbreaks, and natural disasters.
A trusted network to share sensitive but unclassified information. FSLTT and private sector partners can use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to perform their duties.
If you would like more information on upcoming webinars and resources from the DHS Center for Faith-Based and Neighborhood Partnerships, please contact Partnerships@fema.dhs.gov.

source

Sign in
A newsletter briefing on cybersecurity news and policy.
with research by Aaron Schaffer
A newsletter briefing on cybersecurity news and policy.
Welcome to The Cybersecurity 202! We don’t really cover it in today’s edition, but I partly suspect one of the reasons BEC (defined below) doesn’t get as much attention as other cybercrimes is because it has a lame-sounding acronym.
Below: Records indicate that an Indian intelligence agency bought equipment from NSO Group, and an undersea cable disruption causes issues on an island. But first:
As ransomware steals the headlines, another kind of cybercrime is quietly making off with far, far more money — and there are signs it’s on the rise, too.
In “business email compromise,” or BEC, criminals pose as someone a victim trusts, such as their company’s CEO, sometimes by hacking them and taking over their email. The criminals send an urgent message to transfer money, which they then pilfer.
BEC regularly tops the FBI’s annual list of costliest internet crimes, which it collects from complaint data. In 2021, BEC accounted for approximately a third of the year’s $6.9 billion in cyber losses — around $2.4 billion. Ransomware lagged behind with just $50 million. An FBI alert from May said the amount of BEC losses and attempted theft increased as a result of the coronavirus pandemic, which forced companies to conduct more routine business virtually.
During the second quarter of this year, cybersecurity company Arctic Wolf said the rate of BEC cases it responded to doubled, from 17 percent to 34 percent. 
Adding to the risks of BEC, it’s also a kind of cybercrime that thrives on volume.
“We end up with a situation that is really death by 1,000 papercuts,” Pete Renals, principal threat researcher for Palo Alto Networks’ Unit 42, told me. (The company this year alone has aided in multiple Interpol and Nigerian Police Force operations to arrest BEC suspects.)
There are a number of reasons BEC has proven so effective for so long.
Most of what the BEC criminals do is “really easy,” and the techniques have been honed over time such that “they’re really just rinsing and repeating at this stage of BEC evolution,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, told me.
It’s not hard to deploy malware that steals access to accounts and sends an email to a victim from that compromised account, he said. The part that’s harder is setting up the bank accounts to move money around, he said, but gangs have figured out how to manage that, too.
The criminals also don’t have to target big companies to be effective, Kalember said.
It’s also a kind of crime that takes advantage of people’s trustworthy sensibilities, Daniel Thanos, vice president of Arctic Wolf Labs, told me. “Human nature sometimes is too trusting,” he said. “People also respond to urgency.” 
Unlike other cyber-related crimes, the victims don’t always know they’ve been hit until much later, Renals said. A ransomware attack encrypts an organization’s systems, grinding everything to a halt immediately. Law enforcement can help get ransom payments back, but by the time someone realizes they’ve been scammed by a BEC criminal, the money’s usually long gone.
BEC doesn’t get as much attention in part because of the ways it’s not like ransomware. 
It’s not destructive, like a ransomware attack can be if it shuts down a hospitals’ systems. Because it doesn’t hit key systems, it’s not treated as any kind of national security threat, Renals said. Because of the “death by 1,000 papercuts” effect, the smaller heists that add up over time are also less likely to make news, he said.
Many of the thefts might not even get reported. That’s because being the victim of a BEC scam is potentially more embarrassing than suffering a ransomware attack, Renals said.
“With ransomware, they got into a vulnerability in your network. It happens,” he said. “With business email compromise … that is a very embarrassing story to say, ‘Hey, I got an email from the CEO that told me to transfer money and I did it.’ Nobody wants to own up to that because there’s more of a human aspect there.”
BEC also isn’t interesting in a technical way that might get a ton of attention from security researchers who would make headlines presenting about it at a high-profile cyber conference, Kalember said.
Some of the ways to defend against BEC are similar to the way anyone would defend against most cyberattacks, like using multi-factor authentication to protect email accounts.
Some sound more mundane, but can make a big difference. “Have an actual process that is validated and tested for how you authorize funds to leave your company,” Renals said. “No funds should ever leave you just based off an email, right? There should be someone you call, there should be a piece of paper that has to be signed and physically handed.”
Import data shows that India’s domestic intelligence agency received a shipment of hardware from NSO Group in 2017 that matches what has been used to run Pegasus spyware, the Organized Crime and Corruption Reporting Project’s Sharad Vyas and Jurre van Bergen report. While it doesn’t conclusively show that the agency purchased Pegasus, it adds to a growing body of evidence about India and the spyware.
“The consignment included Dell computer servers, Cisco network equipment, and ‘uninterruptible power supply’ batteries, which provide power in case of outages, according to a bill of lading obtained through a global trade data platform that draws on national customs documents,” they write. “The shipment, delivered by air, was marked ‘for Defence and Military Use’ and cost $315,000. That description — and the timing of the shipment — appeared to match the account given in January by the New York Times, which reported that Pegasus and a missile system had been ‘centerpieces’ of a major 2017 arms deal between Israel and India.”
Pegasus has infected at least seven phones in India, The Post previously reported. Indian authorities said at the time that “the allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever.” It also said lawful surveillance occurs through a “well established procedure.” NSO Group denied the “false claims” in reports by The Post and its media partners.
NSO Group and the spy agency, the Intelligence Bureau. didn’t respond to OCCRP’s request for comment.
U.S. authorities seized billions of dollars in stolen cryptocurrency whose value soared after a 2016 hack, but Bitfinex and its customers could battle in court over who the rightful owners are, CNBC’s Jessi Joseph and Eamon Javers report. Bitfinex says it made its customers whole by providing them with digital tokens they could sell after the hack, but some customers say what they were given wasn’t valuable and they didn’t have another choice besides accepting the funds.
“Essentially, Bitfinex wants the bitcoins that were stolen in the 2016 hack returned to the company and it will give a portion of that back to some of their customers in cash, not in bitcoins,” Joseph and Javers write. “But some of the hack victims still assert the bitcoins belong to them. And the idea that they could lose their bitcoins not once, but twice, seems impossible.”
People and entities who claim that their money was stolen will be able to submit claims to a court that will decide how the money will be distributed, Deputy Attorney General Lisa Monaco told CNBC. But authorities are still prosecuting a couple — Heather Morgan and Ilya Lichtenstein — who they say conspired to launder the cryptocurrency, and that could hold up the process.
Scottish First Minister Nicola Sturgeon said there was an emergency situation on Shetland after the disruption of an undersea cable, the BBC reports. People on the islands were not able to use some telephones or pay with credit cards at some shops, the outlet reported.
Faroese Telecom’s head of infrastructure, Páll Vesturbú, told the BBC that the firm believes the cable disruption — and another one last week, which affected a cable connecting Shetland and Faroe — was caused by a fishing vessel.  
NATO has warned that undersea cables are vulnerable and some experts fear that Russia could target cables, which transmit most internet traffic, amid the war in Ukraine. In April, U.S. authorities in Hawaii said they had disrupted a “significant breach involving a private company’s servers associated with an undersea cable” by an “international hacking group.” They haven’t released additional information.
MercyOne says it has begun restoring systems following ransomware attack (Des Moines Register)
Twitter purges foreign network of fake accounts trying to sway Israeli elections (Haaretz)
Loeffler’s texts post-2020 election go public, raising new investigative questions (Politico)
Top DOJ official ‘pleased’ with multiagency and branch response to courts data breach (CyberScoop)
Dog slide.. 😊

🎥 IG: wim.berendsen.dtc pic.twitter.com/LhMGAWNhTC
Thanks for reading. See you next week.

source

The International Criminal Police Organization, also called the Interpol, has announced the arrests of 75 individuals as part of a coordinated global operation against an organized cyber crime syndicate called Black Axe.
“‘Black Axe’ and other West African organized crime groups have developed transnational networks, defrauding victims of millions while channeling their profits into lavish lifestyles and other criminal activities, from drug trafficking to sexual exploitation,” the agency said.
The law enforcement effort, codenamed Operation Jackal, involved the participation of Argentina, Australia, Côte d’Ivoire, France, Germany, Ireland, Italy, Malaysia, Nigeria, Spain, South Africa, the U.A.E, the U.K., and the U.S.
Black Axe, which originated as a confraternity in Nigeria around 1977 before evolving into a mafia group, has not only been linked to killing and scamming operations, but also has been accused of infiltrating the country’s political system.
Two of the alleged online scammers, who were arrested late last month in South Africa, are believed to have orchestrated a variety of fraudulent schemes that netted them $1.8 million from victims.
The probe further led to 49 property searches, resulting in the seizure of 12,000 SIM cards and other luxury assets, including a residential property, three cars, and tens of thousands in cash. It also intercepted €1.2 million in the suspects’ bank accounts.
In October 2021, eight members of the cartel were charged by the U.S. Justice Department for engaging in “widespread internet fraud involving romance scams and advance fee schemes” from at least 2011 through 2021.
“Illicit financial funds are the lifeblood of transnational organized crime, and we have witnessed how groups like Black Axe will channel money gained from online financial scams into other crime areas, such as drugs and human trafficking,” Interpol’s Stephen Kavanagh said.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

The Home of the Security Bloggers Network
Home » Cybersecurity » Cyberlaw » The FBI Told Me: Analyzing the FBI’s Cyber Crime Report
When you are a vendor who provides a valuable service, you look for opportunities to help companies. Sometimes, a vendor’s claims can be exaggerated or even contrived. For that reason, we refer to trusted third-party data to make our point. This month we will use the FBI’s annual Internet Crime Report to show the continued rise of social engineering attacks in the US, especially through voice phishing, or as its commonly referred, vishing.
The FBI’s Internet Crime Complaint Center tracks cybercrime complaints and data each year and compares the result from the previous five years. As one might expect, both the number of complaints and the financial losses to cybercrimes has increased each year.
The report breaks down the crime types into thirty different categories including denial of service, computer intrusion and gambling. However, the majority could be considered scam or social engineering related. Among the scams, the FBI includes Romance Scams, Rental Scams and the largest category, Phishing/Vishing/SMiShing/Pharming.
This FBI report graph shows just how much the social engineering category outweighs even the next four most common crime types.
Most are aware of phishing as a malicious attack that often comes through a messaging service like email. Vishing is voice phishing, where an attacker tries to elicit sensitive information or action over the phone. SMiShing is similar to phishing but uses SMS, or text messages.
The last category, pharming, can be difficult to understand its difference from phishing, as both will often include a lookalike or fake web page that steals data. The real difference between the two is how the victim arrives at the page. With phishing, the victim will be directed to the data-stealing page by a message of some type, often an email. In a pharming attack, the victim will arrive at the page passively, such as by search results, purchased advertising, or a watering hole attack. Instead of the attack being targeted through a message like an email or text, the attack sits passively, letting interested and unaware victims walk right in.
The FBI report also includes other attack types, including Business Email Compromise (BEC) and Ransomware. These are two other attack vectors we hear about often. These are both legitimately concerning attacks for businesses and keep security practitioners awake at night. However, there is an aspect to them that is often overlooked, the initial vector to these attacks. How does an attacker send emails from inside a business executive’s mail account? How does an attacker get sufficient access to a network to install ransomware? That initial threat vector is often through social engineering.
The attackers may use a phishing email to obtain a password to a mailbox. Once they have access to the victim’s mailbox, the attackers can send trusted emails within the company. If your job is to pay invoices and the Chief Financial Officer sent you an email from their corporate account and asked you to pay an invoice, you likely would do it. If a high-level manager sends an email asking for information on employees, salaries, customers or the latest project, the recipient will trust that email and respond. This is how a BEC can be devastating to a company.
Malware and ransomware also will often find a foothold through social engineering. Attackers may try to attach the malware to an email, but modern email filters are doing a much better job of blocking those attacks. Another vector is to load the malware from a web site after the victim clicks on a link.
A third method attackers use is through what the FBI refers to as Tech Support Fraud (TSF). Over the last five years, the FBI has reported a huge increase in TSF financial losses from $14 million in 2017 to more than $347 million in 2021. The way that TSF can play a role in malware and ransomware infections is the attacker calls employees as a trusted member of the IT department and gets the employee to install remote access software on their computer. Once the software is installed, the attacker has full access to the workstation, the same access as if they were sitting in the employee’s seat. The attacker can then install the ransomware, force it to propagate through the network, locking up vital resources within the company.
We know that cybersecurity intrusions are a problem, and this FBI report indicates they are increasing. Where problems of past years have been in the software and lack of updates and patching, now they are more human-based. IT departments have done an outstanding job of hardening their networks to technical attacks. However, companies now need to be more focused on the employees. Companies need to focus more on education and testing of the human attack vector. As the FBI report showed, social engineering is currently the top risk, and it is increasing.
To test your employees against vishing and phishing attacks or even from an on-site physical access compromise see how Social-Engineer, LLC can help you.
 
At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:
https://www.Social-Engineer.com/Managed-Services/.
*** This is a Security Bloggers Network syndicated blog from Social-Engineer, LLC authored by Social-Engineer. Read the original post at: https://www.social-engineer.com/the-fbi-told-me-analyzing-the-fbis-cyber-crime-report/
More Webinars

source

Prevention, response, and recovery are the key to mitigating ransom threats in our daily lives.

Cyber attacks put everyone at risk by compromising the data that runs the world and cost companies millions of dollars. Simon Taylor, founder and CEO, HYCU, shares how organizations can take steps to prepare, react and recover from a breach without paying a ransom.
Ransomware is the most significant cyber threatOpens a new window faced by private and government organizations. These organizations manage crucial data, from healthcare to education to infrastructure. Cybercriminals accessing and holding that data for ransom threaten our everyday activities and potentially our lives. The key to mitigating that threat is prevention, response and recovery.
Data is our most valuable and exploitable asset. Our society relies on it to survive, and losing data costs money and reduces global security. Each company plays a role in the endeavor to secure this vital asset. 
How much damage do cyber attacks cause? Take a look at these statistics. 
Each time an organization pays a ransom, it emboldens cybercriminals. Being prepared to recover data in case of attack prevents the need for payments and removes the financial incentive for the hackers.
See More: Five Cybersecurity Misconceptions Putting Organizations At Risk
Hacking has become incredibly easy. Ransomware as a service means people don’t have to write code to execute an attack. With more bad actors out there, taking immediate precautions to protect your data is imperative. 
Organizations can take these steps to help prevent a breach: 
Training employees may be the most vital step. Stanford University research Opens a new window found that employee mistakes cause 88% of data breaches. Company leaders must take the time to educate their staff about phishing and other security threats and implement best practices to prevent them.
With the current state of cybercrime, anti-intrusion measures matter. But don’t stop there. Prepare your organization to respond in the inevitable event of a breach.   
Breaches are expensive – the longer your system is down, the more it costs your organization in time, lost revenue and resources – not to mention the risk of being unable to access crucial data. But you can keep criminals from accessing your most valuable assets and set yourself up to recover and restore your data quickly with the right backup and recovery strategies. 
Let’s look at the necessary steps:
Under the cloud shared responsibility model, in an enterprise that runs and manages its own IT infrastructure on-premise, IT staff is responsible for the security, as well as the applications and data that run on it. That means your cloud service stores your data but places the responsibility on you to protect it. Bringing in a third party to look after your data can ensure you have the proper steps and policies in place to recover lost data. 
When backing up your data, you need to understand where it is backed up and if you have immutable storage where no one can access it. One standard to adopt is the 3-2-1 rule: your data should be backed up three times on two different media (on an appliance and in the cloud, for example) with at least one backup offsite. You should also periodically check to ensure your critical information is, in fact, stored. 
Many companies may be surprised to learn they can’t recover their data, even if it is backed up. A backup system is only as strong as the recovery plan. Your data may be lost without one. 
If you are hacked and decide to pay the ransom, should the hacker actually return access, there is a significant amount of cleanup required, including removing hacked files and inspecting databases in addition to restoring the data. That process can cause extensive system downtime and drive up the costs of the attack. If you don’t pay a hacker, rebuilding your network from backups is not a quick operation without a restoration process. This process requires a pre-planned step-by-step procedure to retrieve and restore your data. This strategy significantly cuts the time needed to get your system up and running. You might consider three restoration infrastructures: software, appliance, or Backup as a Service (BaaS).
Using software involves in-house deployment of backup software. Third-party appliances combine the software and hardware components necessary to back up data within one device. Backup as a Service provides automated, no-maintenance backups.
Each infrastructure has its pros and cons, but Backup as a Service can make a recovery from offsite backups faster and simpler than the other solutions. It also reduces the amount of regular backup maintenance required from your organization’s IT department. 
Your disaster recovery process is not a set-it-and-forget-it strategy. You need to write out the plan. Set a schedule to update the process based on business needs and IT environment changes. Don’t forget to test it to ensure you can execute the plan during a worst-case scenario.
For the cyber ecosystem to work together to stop global cybercrime, organizations need to focus on quantifying what steps they can and should take to avoid paying a ransom.
There are multiple free services available to evaluate your company’s readiness to respond to an attack, that identify gaps in backup and recovery processes so you can address them.
We are all in this fight together. Ensuring you can recover your data without paying a ransom saves you significant time and money and removes the incentive for criminals to continue their attacks. It will take all of us to end the global scourge of ransomware and make the world a safer place for everyone.
How are you upgrading your cyber attack response strategy? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Founder and CEO, HYCU

source

Kids, it’s time to have “the talk” with your parents and grandparents.
Cybercrime cost Americans over 50 nearly $3 billion last year, a whopping 62% increase from 2020, according to the FBI’s 2021 Elder Fraud Report.
In fact, the number of victims could be much higher, as seniors are also less likely to report fraud, says the FBI. This is supported by figures from the FTC, which show that while 44% of younger people in their 20’s reported losing money to fraud, only 20% of those in their 70’s did the same.
The risks are wide-ranging, from fraudulent phone calls to phishing attempts via email, texts to social media messages, or shopping scams designed to dupe seniors out of their savings.
The pandemic played a role here, too, believes Michael Jabbara, Visa’s vice president and global head of fraud services.
“It’s no surprise we’ve seen a massive shift over the years towards digital transactions, but with this shift there’s also an increase focus from fraudsters,” says Jabbara. “This is especially true for elder individuals who may be a target because of a lack of technical sophistication and because they don’t always report these crimes to authorities.”
Jabbara says “grandparent scams” are still a popular attack method.
“This is where a fraudster spoofs a relative’s phone number and sends a message asking for money due to a medical emergency or text books, or whatever the case may be,” he said
Jabbara says Visa has invested more than $9 billion in anti-fraud measures over the over the last five years, including the use of artificial intelligence and advanced data analytics, “to ensure we’re keeping our network safe and secure across the globe.”
“Fraudsters are able to glean those personal details the grandparent posted pictures on Facebook or Instagram, allowing them to craft a very believable message,” Jabbara said. “Or in other cases, a family member’s account is hacked and a fraudster gets access to their email, they’ll target an elder family member with a similar plea for money or help. They play on their emotions.”
Seniors also pay out more. Disturbing data published by cybersecurity company Comparitech shows that while the average loss from those in their ‘was $324, it jumps to $426 for victims in their 60’s, $635 among 70-somethings, and a staggering median loss of $1,300 among those in their 80’s.
Daniel Markuson, digital privacy expert with NordVPN, a leading Virtual Private Network (VPN) provider, see below, says its recent survey found that 84% of Americans have experienced a form of “social engineering,” where fraudsters attempt to fool you into divulging confidential or personal information.
“Phishing scams are one of the most common tactics among cybercriminals, designed to trick people into clicking on links that download malicious files often containing a virus,” explains Markuson. “So, one of the main tips we have for seniors is to be cautious and question everything they receive from unknown senders.”
Markus says often there are grammar mistakes in the email you received, a sense of urgency to confirm your details, or a strange-looking email domain.
When it comes to protecting our loved ones, letting them know about these risk plays a big role.
Jabbara says one of the best practices to fight back is to have a “tech check-in” with aging relatives, to go over these assorted tips.
Share with care: Limit how much personal information you share online. Set your social media profiles to private. If someone asks to connect with you on social media, only accept their request if you know them.
Be wary of “emergencies”: Your family or friends can easily be hacked to send out emails or text messages claiming to be urgently in need of cash or gift cards, scamming you out of money or gift cards.
When in doubt, just ask: If you really think it could be your daughter or grandson reaching out, don’t confirm by replying to the message you received. Instead, reach out in another fashion, such as calling them. Chances are, it’s fake. Block and report the fraudulent message.
Lock your devices: Use a passcode or fingerprint to lock your phone or tablet. If you have a computer, use a strong password that’s at least 12 characters long.
Shop safer: Always use a secure Internet connection when making a purchase. Reputable websites use technologies such as SSL (Secure Socket Layer) that encrypt data during transmission. You will see a little padlock icon in your browser(and usually “https” at the front of your address bar to confirm it’s a secure connection. Only shop on sites that take secure payment methods, such as credit cards.
Enable multifactor authentication: When it comes to logging into your online accounts, add a second layer of defense by enabling multifactor authentication, sometimes referred to as “two-factor authentication.” This means you not only need a password or passcode (or biometrics logon, like a fingerprint of facial scan) to confirm it’s you, but also a one-time code you’ll receive on your mobile phone to type in.
Install good cybersecurity software: Just as you wouldn’t leave the front door to your home unlocked, you shouldn’t let your tech be vulnerable to attacks, whether it’s a virus or other malicious software, called “malware,” that sneaks onto your device or caused by being tricked into giving out sensitive information.
Good antimalware that’s updated often can identify, quarantine, delete and report any suspicious activity coming into your computer or flag sensitive info going out.
“Seniors have more important things to do than worry about than being protected online,” says Gagan Singh, executive vice president and chief product an revenue officer for cybersecurity company McAfee.
A just-announced tool called McAfee+, from $49.99/first year, then $139.99/year after that, was created to make it easy for everyone to confidently live life online no matter how much or little they know about technology and online threats including identity theft.
“Our new product lineup includes tools that help people prevent identity theft and credit fraud, including credit monitoring, credit lock, removing their personal data online, identity monitoring, and website safety notifications,” says Singh.
Resist free wireless Internet at, say, a coffee shop or in an airport. It’s best to wait until you’re on a secured Internet connection at home, or use your smartphone as a personal hotspot, which is safer than public Wi-Fi. If you must use a hotspot, never conduct any financial transactions – like online banking, trading or shopping – as you never know if your information is being tracked and logged.
A VPN conceals your online identity by using encryption technology, therefore what you do and where you go online cannot be seen by your service provider, the government, search engine, browser company, social media sites, advertisers and malicious types.
“VPN is an easy-to-use tool that helps users to make sure their network is secure at all times,” confirms Markuson. “For seniors, who sometimes find it hard to keep up with latest technology and cybersecurity trends, it is a perfect solution [as] VPN not only helps to stay safe while using public Wi-Fi, it also make sure user’s private data is safe from snooping.”
NordVPN can be purchased starting at $3.69/month with a two-year subscription that includes three months for free.
Follow Marc on Twitter for his “Tech Tip of the Day” posts: @marc_saltzman. Email him or subscribe to his Tech It Out podcast. The views and opinions expressed in this column are the author’s and do not necessarily reflect those of USA TODAY.

source

Expert insights, analysis and smart data help you cut through the noise to spot trends, risks and opportunities.
Join over 300,000 Finance professionals who already subscribe to the FT.
OR
BEST VALUE – SAVE 20%
Then ₹5,667 every 3 months
Sign in
Check if your university has an FT membership to read for free.
We use cookies and other data for a number of reasons, such as keeping FT Sites reliable and secure, personalising content and ads, providing social media features and to analyse how our Sites are used.
International Edition

source