Category Archives: Data Breach

Privacy is not a one-time, check the box activity

New research from ISACA reveals critical skills gaps and insufficient training. The survey report also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams. Privacy by design Survey findings—gathered in Q3 2020 from 1,873 professionals who work in data privacy or have knowledge of their organizations’ data privacy functions—show some positive trends for those enterprises … More

The post Privacy is not a one-time, check the box activity appeared first on Help Net Security.

Cybersecurity investments will increase up to 10% in 2021

A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside. Cybersecurity market global forecast assumes current investment trends will persist. The first half of the year will be affected by ongoing lockdown restrictions and furloughs in response to the pandemic. COVID-19 … More

The post Cybersecurity investments will increase up to 10% in 2021 appeared first on Help Net Security.

A Look at the Legal Consequence of a Cyber Attack

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of […]… Read More

The post A Look at the Legal Consequence of a Cyber Attack appeared first on The State of Security.

Dutch police arrested two people for the illegal sale of COVID-19 patient data

Dutch police arrested two individuals for allegedly selling COVID-19 patient data stolen from the Dutch health ministry.

Dutch police have arrested two individuals in the country for selling COVID-19 patient data stolen from the national COVID-19.

The availability of COVID-19 patient data in the cybercrime underground was spotted by the RTL Nieuws reporter Daniel Verlaan.

Verlaan discovered ads for stolen Dutch citizen data advertised on multiple instant messaging apps, including Telegram, Snapchat, and Wickr.

Dutch police arrested the duo within 24 hours of the complaint.

“On Friday, January 22, the police and the Public Prosecution Service received reports from the GGD that personal data from GGD systems would be offered for sale on Telegram. The cybercrime team of the Central Netherlands police immediately started an investigation. This investigation soon led to two employees of the GGD call center. The police immediately tracked them down. The suspects were both in Amsterdam on Saturday evening, where they were arrested and taken to a cell. It concerns a 21-year-old man from Heiloo and a 23-year-old man from Alblasserdam. The men’s homes were searched; computers have been seized.” reads the press release published by the Dutch Police.

“Stealing and selling or reselling personal data is a serious crime. Police and Public Prosecution are on top of this. Two people were arrested in this case within 24 hours.”

According to the Dutch newspaper, millions of patient details were offered for sale, including address details, telephone, and BSN identifiers (Dutch social security number). Data appears to be from the two most important systems of the Dutch Municipal Health Service (GGD).

“On chat services such as Telegram, Snapchat and Wickr, private data from the GGD systems has been offered for sale by dozens of accounts and in various large chat groups for months. Some accounts offer to look up the details of a specific person. That costs between 30 and 50 euros and then you will receive the home and email address and telephone and citizen service number from someone.” reads the post published by RTL Nieuws.

“Other accounts offer large datasets containing the private data of many tens of thousands of Dutch people. Criminals charge thousands of euros for this because it is relatively unique that social security numbers are sold on such a large scale. A social security number is very sensitive and can be misused for identity fraud.”

The data was allegedly stolen from two government systems used by the GGD named CoronIT, which contains details about Dutch citizens who made a COVID-19 test, and HPzone Light, one of the DDG’s contact-tracing systems.

Data was offered for prices ranging from €30 to €50 per person.

Verlaan discovered that the two suspects had access to official Dutch government COVID-19 systems because they were working in DDG call centers.

Experts pointed out that the availability of the BSN number (Dutch social security number) could expose citizens to financial fraud and identity theft.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19)

The post Dutch police arrested two people for the illegal sale of COVID-19 patient data appeared first on Security Affairs.

Hundreds of thousands of cryptocurrency investors put at risk after BuyUCoin security breach

Another day, and another report that a cryptocurrency exchange has been breached by malicious hackers. Indian cryptocurrency exchange BuyUCoin says that is investigating claims that sensitive data related to hundreds of thousands of its users has been published on the dark web, where it is available for free download. Read more in my article on the Hot for Security blog.

Chipmaker Intel reveals that an internal error caused a data leak

The chipmaker Intel Corp. revealed that an internal error it the root cause of a data leak, it confirmed that corporate network was not impacted.

The computer chipmaker Intel Corp. confirmed that an internal error is the cause of a data leak that prompted it to release a quarterly earnings report early.

Intel chief financial officer, George Davis, told The Financial Times that the chipmaker believed a threat actor stole financially sensitive information from its site and for this reason, it anticipated the release of a quarterly earnings report to avoid that attackers could use this data for operations on the stock market.

The company confirmed that attackers did not compromise the corporate network.

““An infographic was hacked off of our PR newsroom site,” the newspaper quoted Davis as saying. It quoted an unnamed company spokesperson as saying Intel was notified that the graphic was circulating outside the company.” reported the Associated Press.

Now the company excluded the hack, and confirmed the incident was caused by an internal error, below the statement issued by the company:

“the URL of our earnings infographic was inadvertently made publicly accessible before publication of our earnings and accessed by third parties.” reads the Intel’s statement. “Once we became aware of the situation we promptly issued our earnings announcement. Intel’s network was not compromised and we have adjusted our process to prevent this in the future.”

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, Intel)

The post Chipmaker Intel reveals that an internal error caused a data leak appeared first on Security Affairs.

Data of 2 million MyFreeCams users sold on a hacker forum

A threat actor was offering for sale on a hacker forum data from 2 million users allegedly stolen from the adult streaming site MyFreeCams.

A threat actor was offering for sale on a hacker forum a database containing user records allegedly stolen from the adult streaming site MyFreeCams.

MyFreeCams it’s one of the top adult streaming websites thta has nearly 70 million visitors each month.

The seller claims that the data related MyFreeCams was stolen in December 2020 through an SQL injection attack. Stolen records belong to 2 million user records of MyFreeCams Premium members, they include usernames, email addresses, MyFreeCams Token (MFC Token) amounts, and passwords in plain text.

At the time of this writing, the threat actor has deleted its post, as well as its account, and emptied the cryptocurrency wallet used for the sale. According to CyberNews that reported the news, the threat actor collected ~$22,400 worth of Bitcoin from the sale of the data across 49 transactions.

“The author of the forum post is asking for $1500 in Bitcoin per 10,000 user records and claims that a single batch would net the buyers at least $10,000, which they could make by selling premium accounts with MFC Token (MyFreeCams’ virtual currency) balances on the black market.” reported CyberNews.

myfreecams

CyberNews contacted MyFreeCams which confirmed the authenticity of the data and notified affected users. In response to the incident, MyFreeCams reset the passwords of impacted users. The investigation conducted by MyFreeCams revealed that data were stolen in “a security incident that occurred more than ten years ago in June 2010.” The company added that it has secured its infrastructure shortly after the attack occurred fixing the issue exploited by the threat actors.

The company pointed out that no financial data was stolen in the attack and added that it did not have evidence that user data was actually compromised as part of the incident.

To see if any of your online accounts were leaked, use our personal data leak checker with a library of 15+ billion breached records.” continues CyberNews.

It is impossible to determine how many accounts were accessed by using the data available for sale before the passwords were reset.

Data stolen by the threat actors could be used to conduct a broad range of malicious activities, such as blackmailing and extorting money from MyFreeCams users, stealing their MFC Tokens to sell them on the black market, conducting credential stuffing attacks, launch phishing and spam campaigns.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, MyFreeCams)

The post Data of 2 million MyFreeCams users sold on a hacker forum appeared first on Security Affairs.

Hackers release over 4,000 files stolen from Scottish environment agency in ransomware attack

The Conti ransomware gang has published corporate plans, contracts, spreadsheets, and personal information about staff, amongst other files stolen in a ransomware attack against the Scottish Environment Protection Agency (SEPA). Read more in my article on the Hot for Security blog.

Smashing Security podcast #211: Fleeking, COVID-19 hacking, and Bitcoin balls-ups

Your privacy may be at risk if you're on Fleek, hackers not only steal COVID-19 vaccine data but then tamper with it to spread mistrust, and the Bitcoin bungles keep on coming... All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Hacker Valley Studio's Ron Eddings.

Companies turning to MSPs as attack vectors get more sophisticated

Research from Infrascale reveals new information security insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust … More

The post Companies turning to MSPs as attack vectors get more sophisticated appeared first on Help Net Security.

Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030

A software-defined wide area network is a type of computer network that allows the bounding of multiple internet access resources, such as cables, digital subscriber lines (DSL), and cellular or any other IP transport to provide high throughput data channels. WAN solutions improve application performance, reducing costs, increasing agility, and addressing various IT challenges. Enterprises are adopting SD-WAN solutions for threat protection, efficient offloading of expensive circuits, and simplification of WAN network management. IT infrastructure … More

The post Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030 appeared first on Help Net Security.

OpenWRT forum hacked, intruders stole user data

The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach.

OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.

OpenWRT forum was compromised during the weekend and user data were stolen by intruders.

The administrators of the forum disclosed the data breach with an announcement published on the forum.

The attack took place on Saturday, around 04:00 (GMT), when threat actors compromised an administrator account and downloaded a copy of the list of users.

“Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum (https://forum.openwrt.org) was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” states the data breach notification published by the administrators of the forum. “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the Discourse community and have reset all passwords on the Forum, and flushed any API keys.”

The list contains email addresses, handles, and other statistical information about the users of the forum. According to the announcement, the compromised account was using a “a good password,” but it was not using two-factor authentication (2FA).

Administrators do not believe the attackers have downloaded the database of the forum containing users’ credentials.

However, with an abundance of caution, forum administrators reset all passwords and flushed any API keys.

Users have to reset their password manually on https://forum.openwrt.org.
and following the “get a new password” instructions. If users use Github login/OAuth key, they should reset/refresh it.

The notice states that OpenWrt forum credentials are separate from OpenWrt Wiki (https://openwrt.org), this means that the data breach did not compromise Wiki credentials.

OpenWRT administrators warn of phishing attempts against forum users.

“You should assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. DO NOT click links, but instead manually type the URL of the forum as above.” states the advisory.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

The post OpenWRT forum hacked, intruders stole user data appeared first on Security Affairs.

500K+ records of C-level people from Capital Economics leaked online

Experts from Cyble recently found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.

During a routine Darkweb monitoring, researchers from Cyble found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.

CapitalEconomics.com is one of the leading independent economic research companies in the world that provides macroeconomic, financial market and sectoral forecasts and consultancy.

CapitalEconomics

“Upon analysis of the data, Cyble discovered that there are 500K+ lines of record containing various prominent user profiles.” reads the post published by Cyble.

Leaked records include email IDs, password hashes, addresses, etc.  

Cyble experts informed its clients about this leak, it pointed out that the availability of corporate email IDs could allow threat actors to carry out a broad range of malicious activities.

Cyble recommends people to: 

  • Never share personal information, including financial information over phone, email or SMSes. 
  • Use strong passwords and enforce multi-factor authentication wherever possible. 
  • Regularly monitor your financial transactions, and if you notice any suspicious activity, contact your bank immediately. 
  • Turn on the automatic software update feature on your computer, mobile and other connected devices wherever possible and pragmatic. 
  • Use a reputed anti-virus and Internet security software package on your connected devices including PC, laptop, and mobile. 
  • People who are concerned about their exposure in the Darkweb can register at AmiBreached.com to ascertain their exposure. 
  • Refrain from opening untrusted links and email attachments without verifying their authenticity.  

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, Capital Economics)

The post 500K+ records of C-level people from Capital Economics leaked online appeared first on Security Affairs.

Vulnerability management isn’t working for cloud security: Here’s how to do it right

Three things in life are seemingly guaranteed: death, taxes and high-profile cloud security breaches. But there is no reason why public cloud or hybrid cloud breaches must remain so stubbornly persistent. The fact is that we understand why these incidents keep occurring: managing risk and vulnerabilities within dynamic cloud environments isn’t easy. The difficulty of this challenge is magnified by the competitive imperative to migrate to the public cloud quickly. It is further compounded by … More

The post Vulnerability management isn’t working for cloud security: Here’s how to do it right appeared first on Help Net Security.

EMA said that hackers manipulated stolen documents before leaking them

The European Medicines Agency (EMA) revealed Friday that COVID-19 vaccine documents stolen from its servers have been manipulated before the leak.

The European Medicines Agency (EMA) declared that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.

In December, a cyber attack hit the European Medicines Agency (EMA). At the time of the disclosure of the hack, the EMA did not provide technical details about the attack, nor whether it will have an impact on its operations while it is evaluating and approving COVID-19 vaccines.

European Medicines Agency

The European agency plays a crucial role in the evaluation of COVID-19 vaccines across the EU, it has access to sensitive and confidential information, including quality, safety, and effectivity data resulting from trials.

Nation-state actors consider organizations involved in the research of the vaccine a strategic target to gather intelligence on the ongoing response of the government to the pandemic. At the end of November, the Reuters agency revealed in an exclusive that the COVID vaccine maker AstraZeneca was targeted by alleged North Korea-linked hackers.

After the attack, Pfizer and BioNTech issued a joint statement that confirms that some documents related to their COVID-19 submissions were accessed by the threat actors.

Last week, the European Medicines Agency (EMA) revealed threat actors have stolen some of the Pfizer/BioNTech COVID-19 vaccine data and leaked it leaked online.

The agency added that the European medicines regulatory network is fully functional and that the cyber attack had no impact on COVID-19 evaluation and approval timelines.

The investigation conducted by the European Medicines Agency showed that threat actors manipulated emails and documents related to the evaluation of experimental COVID-19 vaccines before leaking them online.

The manipulation of the documents is part of a disinformation campaign aimed at raising doubts about the vaccine and the work of the EMA.

“Some of the correspondence has been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines,” the Netherlands-based agency said.

“We have seen that some of the correspondence has been published not in its integrity and original form and, or with, comments or additions by the perpetrators.”

Multiple security firms, such as Cyble and Yarix, have found leaks on underground forums.

“During the assessment of data, our researchers noticed that multiple confidential files, including MoMs, assessment reports, confidential emails, login portal links and images of its internal pages were accessed and leaked.” reported the analysis published by Cyble.  

COVID-19 alleged EMA documents

The experts shared screenshots of the internal email where the portal link was shared, the login page for the portal to access the reports, and images of internal pages.

COVID-19 alleged EMA documents 2

The documents also include the alleged assessment report of COVID-19 vaccine along with the summary report of drug release and stability.

Law enforcement authorities are still investigating the security incident.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, EMA)

The post EMA said that hackers manipulated stolen documents before leaking them appeared first on Security Affairs.

Quebec insurer says personal information of present, past staff may have been exposed in cyberattack

A Montreal-based insurance firm’s website is still offline four weeks after a cyberattack and is still trying to recover from the incident.

Promutuel Assurance says the attack started on Dec. 20 and made its IT systems unavailable. In a statement yesterday, the firm said that, so far, its investigation shows no signs of compromised social insurance numbers, driver’s licence numbers, credit card numbers or banking information of insured members.

However, the statement added, personal information of past, present and retired employees “may have been compromised.” As a precaution, Promutuel says it will provide them with credit monitoring and data protection services.

In an email, a spokesperson for the company was asked to confirm to IT World Canada if the incident was ransomware. According to a source working for a cybersecurity research firm in Canada who wished to remain anonymous, the website of the DoppelPaymer ransomware gang lists Promutuel as a victim. It also lists file names it allegedly copied in an attack. Typically, DoppelPaymer threatens to release copied files if the victim doesn’t pay for a data decryption key.

The spokesperson referred the publication to its official statement, which didn’t explain the attack’s source.

Another attack

Meanwhile, Winnipeg-based fashion retailer Nygard, which is in receivership, has acknowledged that it was hit by a ransomware attack.

Earlier this week, the Journal de Quebec reported that confidential documents from the firm had been published online. In a story today, the news site said Promutuel told it those 15 files were recovered.

Meanwhile, late Friday afternoon, the receiver for the Nygard group of companies issued an advisory to employees, customers and partners about a Dec. 12 ransomware attack.

Richter Advisory Group Inc., the court-appointed receiver of Nygard Holdings (USA) Limited, Nygard Inc., and several related companies, said it issued the statement to advise current and former employees, customers, suppliers and others to monitor their information for any unusual activity, including suspicious emails or other communications that claim to be from the retailer.

Richter has been selling off Nygard assets for several months after taking control of the company in March 2020. The cyberattack happened after the receiver took over the company. However, it says that while the attack encrypted many servers, data copied for forensic purposes wasn’t impacted.

On Dec. 30, Richter issued a report to the Manitoba court on the progress of its work, which included a description of the attack. It said the attackers from the Netwalker ransomware gang initially demanded the equivalent of about $3.6 million in bitcoin for the decryption key or copied data would be released. That demand has gone up to the equivalent of $7 million.

In its statement to the court, the receiver said a ransom wouldn’t be paid.

Richter has hired security firm Sophos to work with it to try and restore data from Nygard backups. As of the end of December, the receiver couldn’t say who might be impacted by the attack. Of Nygard’s 245 servers, 58 were encrypted, including five with data on current and former employees, five with sales data and eight with financial data. The report says 54 backup servers are available, but it isn’t confident the data can be relied on in part because the attack damaged  Nygard’s IT system.

Former company head Peter Nygard was taken into custody Dec. 15 and is awaiting extradition to the U.S. on allegations of racketeering, sex trafficking and related crimes.

The post Quebec insurer says personal information of present, past staff may have been exposed in cyberattack first appeared on IT World Canada.

Understanding third-party hacks in the aftermath of the SolarWinds breach

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion … More

The post Understanding third-party hacks in the aftermath of the SolarWinds breach appeared first on Help Net Security.

CAPCOM: 390,000 people impacted in the recent ransomware Attack

Capcom revealed that the recent ransomware attack has potentially impacted 390,000 people, an increase of approximately 40,000 people from the previous report.

In November, Japanese game developer Capcom admitted to have suffered a cyberattack that is impacting business operations.

The company has developed multiple multi-million-selling game franchises, including Street Fighter, Mega Man, Darkstalkers, Resident Evil, Devil May Cry, Onimusha, Dino Crisis, Dead Rising, Sengoku Basara, Ghosts ‘n Goblins, Monster Hunter, Breath of Fire, and Ace Attorney as well as games based on Disney animated properties.

At the time, the Notice Regarding Network Issues published by the company revealed that on the morning of November 2nd, 2020 is suffered a cyberattack, In response to the incident the game developer shut down portions of their corporate network to prevent the malware from spreading.

The incident has not impacted connections for its players, the company initially declared that had not found any evidence that customer data was stolen.

In Mid-November, the company confirmed that the attackers accessed the personal information of its employees, along with financial and business information. The company believes that other information potentially accessed includes sales reports, financial information, game development documents, other information related to business partners.

No credit card information was compromised in the security breach.

After the attack, the Ragnar Locker ransomware operators claimed to have stolen over 1TB of data from the company.

In an update published by the Ragnar ransomware gang on it leak site the operators leaked a collection of archives as proof of the hack.Greetings !

“Unfortunately even such worldwide leading company as CAPCOM doesn’t values much privacy and security. They was notified about vulnerability and data leak numerous time.” reads the post published by Ragnar gang on its leak site. They checked our page with proofs but even this didn’t help them to make a right decision and save data from leakage. Also we would help them to decrypt and also provide with recommendations on security measures improvement, to avoid such issues in future.” reads the post published by the ransomware on its leak site.

“We are sure that everyone should know about CAPCOM’s decision and careless attitude regarding data privacy. This might seems crazy in 21st century, all corporates should work harder on their security measures, especially IT and online based companies.”

CAPCOM

This week, Capcom provided an update on its investigation, that revealed the incident was worse than initially thought because the number of impacted people is larger than initially believed.

Capcom revealed that the personal information of 16,415 people was stolen by the ransomware gang. Impacted people includes 3,248 business partners, 9,164 former employees, and related parties, and 3,994 employees and related parties. Only 9 people were impacted.

“Further, because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.” reads the update published by the company.

Cumulative maximum number of potentially impacted people is 390,000, an increase of approximately 40,000 people from the previous report.

1. Information verified to have been compromised (updated)

i. Personal Information16,406 people *cumulative total since investigation began: 16,415 peopleBusiness partners, etc.: 3,248 people
At least one of the following: name, address, phone number, email address, etc.Former employees and related parties: 9,164 people
At least one of the following: name, email address, HR information, etc.Employees and related parties: 3,994 people
At least one of the following: name, email address, HR information, etc.
ii. Other InformationSales reports, financial information, game development documents, other information related to business partners

2. Potentially compromised data (updated)

i. Personal InformationApplicants: approx. 58,000 people
At least one of the following: name, address, phone number, email address, etc.*Cumulative maximum number of potentially compromised data for customers,
business partners and other external parties: 390,000 people*Regarding the cumulative maximum number of potentially compromised data above: as part of its ongoing investigation, Capcom has determined that it currently does not see evidence for the possibility of data compromise for the approximate 18,000 items of personal information from North America (Capcom Store member information and esports operations website members) that the company included in its November 16, 2020 announcement. As such, these have been removed from this cumulative maximum number of potentially compromised data.

The company pointed out that the investigation is still ongoing and that new fact may come to light.

“At this point in time, Capcom’s internal systems have in large part recovered, and business operations have returned to normal.” concludes the update.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, CAPCOM)

The post CAPCOM: 390,000 people impacted in the recent ransomware Attack appeared first on Security Affairs.

Ransomware gangs scavenge for sensitive data by targeting top executives

In their attempt to extort as much money as quickly as possible out of companies, ransomware gang know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom. Read more in my article on the Tripwire State of Security blog.

One month after ransomware attack, Metro Vancouver’s transit system still not up to speed

TransLink, Metro Vancouver’s public transportation agency, has warned its staff that hackers accessed their personal bank account details and other information. The warning came in an internal email to workers approximately one month after Translink was struck by the Egregor ransomware and passengers had their journeys disrupted. Read more in my article on the Hot for Security blog.

Seven Debunked Myths of Cybersecurity

Article by Kristin Herman, a writer and editor at Ukwritings.com and Academized.com

The term 'cybersecurity' has been tossed around lately. But although cybersecurity has been viewed as a saving grace for mobile devices, computers, etc. the topic is still cloaked in misconception. Things that might pop up, when it comes to cybersecurity, are:
  • The idea of security
  • Password strength
  • Who cybersecurity threats target and affect
  • If insurance will cover damages
  • How effective an IT team actually is
  • Cybersecurity “costs”
  • What devices are most vulnerable to malware?
However, as one side says one thing, while the other side contests it, it’s easy to get caught up in believing the wrong things. In fact, a lot of people get it all wrong. So, to understand the truth about cybersecurity, then check out this quick guide, which will cover seven of the most debunked myths about the subject matter:

1. “Physical Security and Cybersecurity are Two Different Things”
“The truth is, physical security is not separate from cybersecurity,” says Angela Macquarie, a business writer at Academized and Oxessays. “Both can help safeguard machines and paper documents. And, while both can function online and offline, the things they protect will hold sensitive data, which can be at risk of being exposed if the owner or holder is not careful.”

2. “Having a Good Password Protects You”
When it comes to passwords, you can leave anything to chance. And even as weak passwords are still commonplace, it’s hard to imagine many people using passwords like “123456” or “qwerty,” especially after being warned not to do so. Therefore, it’s imperative to complicate your passwords – make it difficult for other people to figure out. And, always update your passwords, so that you can be one step ahead of cybercriminals every time.

3. “Cybercriminals only Attack Large Businesses”
Wrong. Cybercriminals will go after any type of business – big or small. Since cyber thieves don’t discriminate, it’s important to keep your devices and data safe with an effective cybersecurity framework, regardless of the size of a business.

4. “Insurance will cover Cybersecurity Breaches”
Wrong again. In actuality, most insurance policies won’t cover businesses in the event of a data breach. While some policies might cover financial losses that have transpired from it, most policies won’t.

So, when shopping around for business-related insurance, make sure that policies will be able to compensate you whenever the dreaded breach springs up at any time. Or, you can buy insurance and cybersecurity separately. Purchasing cyber and data insurance will be worth the investment if you’re looking to protect customer and or sensitive data from infiltration.

5. “The IT Team has you Covered”
Think that IT teams can save your business, whenever data breaches happen? Think again!

While IT staff will most likely know about potential vulnerabilities and hacker techniques, they still can’t control all the elements involved. Your IT staff, instead, will only act as a human firewall to prevent breaches that stem from human error. Therefore, make it your job to add more layers of protection, besides your IT team.

6. “Cybersecurity is Costly”
“When people think about cybersecurity, they assume that investing in it will cost hundreds, or thousands, of dollars,” says Sheila Flynn, a marketing blogger at Boom Essays and Paper Fellows. “However, having a strong human firewall to defend you against cybercrime is entirely free – apart from creating an IT security policy and training staff. Investment can go a long way, as cybersecurity will greatly benefit your business.”

As such, consider consulting a cybersecurity expert, or look into comprehensive training and advice from cybersecurity experts, to help you put together an effective system that will protect all of your devices and data.

7. “Viruses only affect Desktops”
As technology continues to evolve – especially with more advanced smartphones and tablets working in almost the same capacity as computers – viruses aren’t just a computer thing. In fact, smartphones, tablets, and other mobile devices can fall victim to malware, if the user doesn’t have enough protection for them. And although it only took Internet access for malware to get to computers, other devices that connect to the Internet are still just as vulnerable to viruses.

Conclusion
As you read through these seven debunked myths, we hope that you have a better understanding of cybersecurity. The ultimate goal of this guide is to keep you – the device user – informed. By learning how cybercriminals work, and learning the truth about today’s debunked myths, you’ll learn from the mistakes that you might be making now with your devices, and fix them right away.

About the Author: Kristin Herman is a writer and editor at Ukwritings.com and Stateofwriting.com. She is also a contributing writer for online publications, such as Essayroo.com. As a marketing writer, she blogs about the latest trends in online advertising and social media influencing.

Check, Please! Adding up the Costs of a Financial Data Breach

Guest article by Andrea Babbs, UK General Manager at VIPRE

Reliance on email as a fundamental function of business communication has been in place for some time. But as remote working has become a key factor for the majority of business during 2020, it’s arguably more important than ever as a communication tool. The fact that roughly 206.4 billion emails are sent and received each day means we’re all very familiar with that dreaded feeling of sending an email with typos, with the wrong attachment, or to the wrong contact. But this can be more than just an embarrassing mistake – the ramifications could, in fact, be catastrophic. 
Check Please! Within the financial services, layered cybersecurity strategy is essential to keep sensitive information secure
In particular, for the financial services industry that deals with highly sensitive information including monetary transactions and financial data, the consequences of this information falling into the wrong hands could mean the loss of significant sums of money. Emails of this nature are the Holy Grail for cybercriminals. So how can financial services organisations keep their confidential information secure to safeguard their data and reputation? 

How much?
According to research from Ponemon Institute in its Cost of a Data Breach Report 2020, organisations spend an average of $3.85 million recovering from security incidents, with the usual time to identify and contain a breach being 280 days. Accenture’s 2019 Ninth Annual Cost of Cybercrime found that financial services incurred the highest cybercrime costs of all industries. And while examples of external threats seem to make the headlines, such the Capital One cyber incident, unintentional or insider breaches don’t always garner as much attention. Yet they are both as dangerous as each other. In fact, human errors (including misdeliveries via email) are almost twice as likely to result in confirmed data disclosure.

Costs will be wide-ranging depending on the scale of each breach, but at a minimum, there will be financial penalties, costs for audits to understand why the incident happened and what additional protocols and solutions need to be implemented to prevent it from happening in the future. There could also be huge costs involved for reimbursing customers who may have been affected by the breach in turn.

Priceless damage
The fallout from data breaches goes far beyond that of financial penalties and costs. Financial services businesses have reputations to uphold in order to maintain a loyal customer base. Those that fail to protect their customers’ sensitive information will have to manage the negative press and mistrust from existing and potential customers that could seriously impede the organisation as a whole. Within such a highly competitive market, it doesn’t take much for customers to take their money elsewhere – customer service and reputation is everything.

Check, please!
Within the financial services sector, the stakes are high, so an effective, layered cybersecurity strategy is essential to mitigate risk and keep sensitive information secure. With this, there are three critical components that must be considered: 
  1. Authentication and encryption: Hackers may try to attack systems directly or intercept emails via an insecure transport link. Security protocols are designed to prevent most instances of unauthorised interception, content modification and email spoofing. Adding a dedicated email to email encryption service to your email security arsenal increases your protection in this area. Encryption and authentication, however, do not safeguard you against human errors and misdeliveries. 
  2. Policies and training: Security guidelines and rules regarding the circulation and storage of sensitive financial information are essential, as well as clear steps to follow when a security incident happens. Employees must undergo cybersecurity awareness training when they join the organisation and then be enrolled in an ongoing programme with quarterly or monthly short, informative sessions. This training should also incorporate ongoing phishing simulations, as well as simulated phishing attacks to demonstrate to users how these incidents can appear, and educate them on how to spot and flag them accordingly. Moreover, automated phishing simulations can also provide key metrics and reports on how users are improving in their training. This reinforcement of the secure messaging, working in tandem with simulated phishing attacks ensures that everyone is capable of spotting a phishing scam or knows how to handle sensitive information as they are aware and reminded regularly of the risks involved. 
  3. Data loss prevention (DLP): DLP solutions enable the firm to implement security measures for the detection, control and prevention of risky email sending behaviours. Fully technical solutions such as machine learning can go so far to prevent breaches, but it is only the human element that can truly decipher between what is safe to send, and what is not. In practice, machine learning will either stop everything from being sent – becoming more of a nuisance than support to users – or it will stop nothing. Rather than disabling time-saving features such as autocomplete to prevent employees from becoming complacent when it comes to selecting the right email recipient, DLP solutions do not impede the working practices of users but instead give them a critical second chance to double-check.
It is this double-check that can be the critical factor in an organisation’s cybersecurity efforts. Users can be prompted based on several parameters that can be specified. For example, colleagues in different departments exchanging confidential documents with each other and external suppliers means that the TO and CC fields are likely to have multiple recipients in them. A simple incorrect email address or a cleverly disguised spoofed email cropping up with emails going back and forth is likely to be missed without a tool in place to highlight this to the user, to give them a chance to double-check the accuracy of email recipients and the contents of attachments.

Conclusion
Email remains a risky, yet essential tool for every business. But with a layered security strategy in place consisting of training, authentication tools and DLP solutions, organisations can minimise the risks involved and take a proactive approach to their cyber defences.

Given the nature of the industry, financial services organisations are a prime target for cybercriminals. The temptation of personal information and financial transactions for hackers is never going to dwindle, so financial institutions must prioritise cybersecurity, regularly assessing risks, deploying innovative, human-led solutions and educating workforces to provide the best defence possible.

Affected by a Data Breach? Here Are Five Security Steps You Should Take

credit card breach

Five Tips to Secure Your Credit Card Data From This Recent Data Breach

Users share their personal information with companies for multiple reasons. Whether they’re checking into a hotel room, using a credit card to make a purchase at their favorite food spot, or collecting rewards points at a local coffee shop, consumers give companies more access to data than they may realize. While this can help you build relationships with your favorite vendors, what happens if their security is compromised?

Dickey’s BBQ Breach

Just this week, for example, cybercriminals were found online to be selling a batch of over three million credit card records – all from cards that were used at Dickey’s BBQ establishments over the past 13-15 months. Researchers stated that Dickey’s payment systems were likely compromised by card-stealing malware, with the highest exposure in California and Arizona. What’s more, financial institutions that have been working with the researchers stated that they have already observed a significant amount of fraud carried out with these cards.

Staying Secure in Light of Data Breaches

If you think you were affected by this breach, there are multiple steps you can take to help protect yourself from the potential side effects.

Check out the following tips if you think you may have been affected by a recent data breach, or just want to take extra precautions:

Keep an eye on your bank account

One of the most effective ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it

Place a fraud alert

If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.

Freeze your credit

Freezing your credit will make it impossible for criminals to take out loans or open new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).

Consider using identity theft protection

A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

Expand your security toolbox

To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. And both, luckily, come included in McAfee Total Protection.

Stay Updated

To stay updated on all things McAfee  and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Affected by a Data Breach? Here Are Five Security Steps You Should Take appeared first on McAfee Blogs.

The DRaaS Data Protection Dilemma

Written by Sarah Doherty, Product Marketing Manager at iland

Around the world, IT teams are struggling with choosing between less critical, but important tasks, versus focusing on innovative projects to help transform your business. Both are necessary for your business and need to be actioned, but should your team do all of it? Have you thought about allowing someone else to guide you through the process while your internal team continues to focus on transforming the business? 

DRaaS Data protection dilemma; outsourcing or self-managing?
Disaster recovery can take a lot of time to properly implement so it may be the right time to consider a third-party provider who can help with some of the more routine and technical aspects of your disaster recovery planning. This help can free up some of your staff’s valuable time while also safeguarding your vital data.

Outsourcing your data protection functions vs. managing them yourself
Information technology has raised many questions about how it really should be done. Some experts favour the Disaster Recovery as a Service (DRaaS) approach. They believe that data protection, although necessary, has very little to do with core business functionality. Organisations commonly outsource non-business services, which has driven many to consider the idea of employing third parties for other business initiatives. This has led some companies to believe that all IT services should be outsourced, enabling the IT team to focus solely on core business functions and transformational growth.

Other groups challenge the concept and believe that the idea of outsourcing data protection is foolish. An organisation’s ability to quickly and completely recover from a disaster - such as data loss or an organisational breach - can be the determining factor as to whether the organisation will remain in business. Some may think that outsourcing something as critical as data protection, and putting your organisation’s destiny into the hands of a third party, is a risky strategy. The basic philosophy behind this type of thinking can best be described as: “If you want something done right, do it yourself.”

Clearly, both sides have some compelling arguments. On one hand, by moving your data protection solution to the cloud, your organisation becomes increasingly agile and scalable. Storing and managing data in the cloud may also lower storage and maintenance costs. On the other hand, managing data protection in-house gives the organisation complete control. Therefore, a balance of the two approaches is needed in order to be sure that data protection is executed correctly and securely.

The answer might be somewhere in the middle
Is it better to outsource all of your organisation’s data protection functions, or is it better to manage it yourself? The best approach may be a mix of the two, using both DRaaS and Backup as a Service (BaaS). While choosing a cloud provider for a fully managed recovery solution is also a possibility, many companies are considering moving away from ‘do-it-yourself’ disaster recovery solutions and are exploring cloud-based options for several reasons.

Firstly, purchasing the infrastructure for the recovery environment requires a significant capital expenditure (CAPEX) outlay. Therefore, making the transition from CAPEX to a subscription-based operating expenditure (OPEX) model makes for easier cost control, especially for those companies with tight budgets.

Secondly, cloud disaster recovery allows IT workloads to be replicated from virtual or physical environments. Outsourcing disaster recovery management ensures that your key workloads are protected, and the disaster recovery process is tuned to your business priorities and compliance needs while also allowing for your IT resources to be freed up.

Finally, cloud disaster recovery is flexible and scalable; it allows an organisation to replicate business-critical information to the cloud environment either as a primary point of execution or as a backup for physical server systems. Furthermore, the time and expense to recover an organisation’s data is minimised, resulting in reduced business disruption.

Consequently, the disadvantages of local backups is that it can be targeted by malicious software, which targets backup applications and database backup files, proactively searching for them and fully encrypting the data. Additionally, backups, especially when organisations try to recover quickly are prone to unacceptable Recovery Point Objectives (RPO).

What to look for when evaluating your cloud provider

It is also essential when it comes to your online backups to strike a balance between micromanaging the operations and completely relinquishing any sort of responsibility. After all, it’s important to know what’s going on with your backups. Given the critical nature of the backups and recovery of your data, it is essential to do your homework before simply handing over backup operations to a cloud provider. There are a number of things that you should look for when evaluating a provider.
  • Service-level agreements that meet your needs.
  • Frequent reporting, and management visibility through an online portal.
  • All-inclusive pricing.
  • Failover assistance in a moment’s notice.
  • Do it yourself testing.
  • Flexible network layer choices.
  • Support for legacy systems.
  • Strong security and compliance standards.
These capabilities can go a long way towards allowing an organisation to check on their data recovery and backups, on an as-needed basis, while also instilling confidence that the provider is protecting the data according to your needs. The right provider should also allow you the flexibility to spend as much or as little time on data protection, proportional to your requirements.

Ultimately, using cloud backups and DRaaS is flexible and scalable; it allows an organisation to replicate business-critical information to the cloud environment either as a primary point of execution or as a backup for physical server systems. In most cases, the right disaster recovery provider will likely offer you better recovery time objectives than your company could provide on its own, in-house. Therefore as you review your options, cloud DR could be the perfect solution, flexible enough to deal with an uncertain economic and business landscape.

Ransomware Could Be the New Data Breach: 5 Tips to Stay Secure

Cybercriminals tend to keep with the times, as they often leverage current events as a way to harvest user data or spread malicious content. McAfee COVID-19 Threat Report July 2020 points to a rather significant surge in attacks exploiting the current pandemic with COVID-19 themed malicious apps, phishing campaigns, malware, and ransomware. However, what many users don’t realize is that ransomware attacks are a lot more than meets the eye.  

COVID-19 Themed Ransomware

During the first few months of 2020, the McAfee Advanced Threat Research (ATR) team saw that cybercriminals were targeting manufacturing, law, and construction businessesAfter pinpointing their targets, hackers spread COVID-19 themed ransomware campaigns to these companies in an effort to capitalize on their relevancy during this time 

An example of one of these attacks in action is Ransomware-GVZ. Ransomware-GVZ displays a ransom note demanding payment in return for decrypting the firm’s compromised systems and the personal and corporate data they contain. The ransomware then encrypts the organization’s files and displays a lock screen if a user attempts to reboot their device. As a result, the company is left with a severely crippled network while the criminals behind the attack gain a treasure trove of data – information belonging to consumers that have previously interacted with the business.   

 

Ransomware Could Be the New Data Breach

As ransomware attacks continue to evolve, it’s not just file encryption that users need to be aware of – they also need to be aware of the impact the attack has on compromised data. Senior Principal Engineer and Lead Scientist Christiaan Beek stated, “No longer can we call these attacks just ransomware incidents. When actors have access to the network and steal the data prior to encrypting it, threatening to leak if you don’t pay, that is a data [infraction].” If a ransomware attack exploits an organization and their network is compromised, so is the data on that network. Hackers can steal this data before encrypting it and use this stolen information to conduct identity theft or spread other misfortune that can affect both the organization’s employees and their customers.  

This surge in ransomware is only compounded by traditional data infringements  which have also spiked in conjunction with the global pandemic. According to the McAfee COVID-19 Threat Report July 2020, the number of reported incidents targeting the public sector, individuals, education, and manufacturing dramatically increased. In fact, McAfee Labs counted 458 publicly disclosed security incidents in the few months of 2020, with a 60% increase in attacks from Q4 2019 to Q1 2020 in the United States alone. Coincidentally, the attacks targeting organizations also impact the consumers who buy from them, as the company’s data consists of their customer’s personal and financial information.  

Don’t Let Your Data Be Taken for Ransom

Because of the high volume of data that’s compromised by ransomware attacks, it’s crucial for consumers to shift how they approach these threats and respond in a similar way that they would a data incidentLuckily, there are actionable steps you can take as a consumer to help secure your data.  

Change your credentials

If you discover that a data leak or a ransomware attack has compromised a company you’ve interacted with, err on the side of caution and change your passwords for all of your accounts. Taking extra precautions can help you avoid future attacks. 

Take password protection seriously

When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials. 

Enable two-factor or multi-factor authentication

Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers. 

If you are targeted, never pay the ransom

It’s possible that you could be targeted individually by a ransomware campaign. If this happens, don’t pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments. 

Use a comprehensive security solution

Adding an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, can help protect your devices from these cyberthreats.  

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?,  and ‘Like’ us on  Facebook. 

The post Ransomware Could Be the New Data Breach: 5 Tips to Stay Secure appeared first on McAfee Blogs.