Industry News: ESG5

The target: Norway’s largest healthcare authority, Health South-East.

The take: Patient records and private health information for almost 3 million people.

The attack vector: Apparently focused on the health service’s relationship with Norway’s armed forces and the ‘Trident Juncture 18’ NATO exercise scheduled for October 2018, cybercriminals exploited legacy systems and substandard security to exfiltrate health data for almost half of Norway’s population. Reports indicate that as of June 2017, more than 1,200 of Health South-East’s endpoints were running the Windows XP operating system (which reached end-of-life in 2014).

Read more...

2019-05-30

Cointelegraph: United States sanctions incentivized North Korea to launch cyberattacks involving cryptocurrency, a senior FBI official told a conference. The comments were quoted by South Korean English-language news outlet Korea Herald on May 30. Speaking at an event organized by U.S. thinktank The Aspen Institute, Tonya Ugoretz, deputy assistant director of the FBI’s cyber division, said financial strain had driven North Korean state actors to cybercrime.....

2019-05-30

Zdnet: Over 2.3 billion files -- including sensitive data like payroll information, credit card details, medical data and patents for intellectual property -- are exposed publicly online, putting both people and organisations at risk of data theft, cybercrime, espionage and other malicious activities. Analysis by researchers at cybersecurity company Digital Shadows found the highly sensitive information stored alongside other data in publicly exposed or misconfigured online storage and cloud services, including SMB file shares, rsync servers, and Amazon S3 buckets....

2019-05-28

YNetNews: While there have been repeated attacks on the country's financial institutions, officials say little damage has been done, but warn customers must take responsibility to secure their own accounts online. Cyber attacks on Israel's banking system have increased considerably over the past two years, according to the annual report by Supervisor of Banks Hedva Ber...

2019-05-27

Reuters: Microsoft Corp and Facebook Inc have agreed to help boost the security of Canada’s October election by removing fake accounts and cracking down on bots, a top government official said on Monday. Last month the Liberal government of Prime Minister Justin Trudeau complained that the world’s major social media companies were not doing enough to help combat potential foreign meddling in the vote and said Ottawa might have to regulate them. ...

2019-05-26

ItWire: China has unveiled new cyber security regulations calling for "secure and controllable" technology in its networks, raising the possibility that it could be used to block American technology companies on national security grounds. A report in the South China Morning Post said the draft document, Cyber Security Review Measures, had been published by the country's Cyber Space Administration on Friday and would be up for comment until 24 June...

2019-05-25

CNN: A leading US real estate and mortgage insurer, First American Financial Corp., left vulnerable an enormous trove of digital documents, some of which may have contained social security numbers and bank account information. Bad actors only needed a web address to view the documents as they were left without password protection or other encryption, according to a Friday post from the popular cybersecurity blog Krebs on Security, which is run by journalist Brian Krebs...

2019-05-24

Zdnet: Canva, a Sydney-based startup that's behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned.Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet. Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world....

The target: Instagram, a Facebook-owned picture-sharing social network.

The take: 49 million user records, including name, number of followers, location, phone number and e-mail addresses.

The attack vector: An AWS database belonging to social media marketing firm Chtrbox was discovered to be publicly exposed and accessible to anyone with an internet connection.

Read more...

2019-05-23

SecurityIntelligence: Just how much are companies struggling to get a handle on cybersecurity risks and digital disruption? According to the National Association of Corporate Directors (NACD)’s “2019 Governance Outlook,” boards are uneasy about the various digital risks their organizations face. The report is designed to provide leadership with a picture of the business landscape, and as you might expect, regulations, cybersecurity risks and disruptive technology feature prominently in the list of concerns...

2019-05-22

BigLawBusiness: A former federal prosecutor will oversee cybersecurity oversight and enforcement for New York’s financial services regulator. Justin Herring, the leader of the cyber crimes unit for the U.S. Attorney for the District of New Jersey, will take the helm of a newly created Cybersecurity Division at the New York Department of Financial Services, the agency announced May 22. No other state banking and insurance regulator has a unit specifically devoted to cybersecurity, the DFS said...

2019-05-22

CBSNews: The former head of the Mossad, Israel's intelligence service, warned in a recent interview that the low cost and relative ease for states and non-state actors to conduct cyberattacks pose among the gravest security threats in the world. Tamir Pardo, who spent more than three decades in the intelligence service before being tapped to lead it from 2011 to 2016, also told Intelligence Matters host and CBS News senior national security contributor Michael Morell that Washington may be ill-prepared to respond to a large-scale cyber attack on infrastructure or other critical targets...

2019-05-22

Forbes: One does not have to look hard to find cybersecurity in the news. From seemingly daily reports of data breaches to state-sponsored hacking, data security is quickly becoming a real-life threat for most Americans. Federal policymakers also have cybersecurity in front of mind in recent days. Specifically, some lawmakers are reacting to suggestions from a government watchdog agency that the U.S. pipeline system is vulnerable to cybersecurity threats...

2019-05-20

ComputerWeekly: Danske Bank has rolled out a Technical Support Initiative (TSI) to help its small to medium-sized enterprise (SME) customers in Denmark reinforce their IT systems and infrastructure defences against increasing cyber attacks. The TSI is guided by a 12-month research project, conducted in-house by the bank, which revealed that around 27% of Danish SMEs had experienced cyber attacks in recent years...

2019-05-20

UsNews: In an age where cybersecurity threats are an increasing worry, the European Council is pushing a plan to better respond to cyberthreats. The Council adopted on May 17 a framework for targeted sanctions in order to respond to and deter cyberattacks on the European Union and its member states...

2019-05-19

ChyperNews: On May 8, Amazon announced that it had fallen victim to an "extensive" fraud involving unidentified hackers letting money from trading accounts onto the platform for a six-month period. The company believes that it was a victim of a serious cyber attack and that the attackers had compromised around 100 accounts. The motive? As is the case with most of these attacks, money. As Amazon explains, that is very likely the accounts were compromised using phishing techniques that misled the sellers to give away their login details. With this information, the hackers were able to change the bank details on the Seller Central platform, so that the money earned by the sellers ended up in the criminal's accounts, according to the legal documents presented in the UK...

The target: Saks Fifth Avenue and Lord & Taylor, high-end department stores.

The take: 5 million credit and debit card account numbers.

The attack vector: Attackers appear to have gained complete access to the breached department stores’ networks, and installed card-scraping malware on point-of-sale terminals at all 51 Lord & Taylor and 83 Saks Fifth Avenue locations. The compromise appears to have initiated in May of 2017 and was discovered and remediated one year later.

Read more...

2019-05-16

Reuters: Police in six countries have dismantled a complex cybercrime network that operated from Eastern Europe and fleeced victims - including small businesses and charities - of some $100 million, Europe’s police agency said on Thursday. The GozNym network, led by a man from Tbilisi, Georgia, used phishing emails to infect the computers of more than 41,000 victims with malware. Specialised members of the group in Bulgaria and Ukraine then seized control of victims’ online bank accounts and tranferred their funds to laundering accounts...

2019-05-14

TheTelegraph: WhatsApp has urged users to update their messaging app after concerns were raised that hackers could inject spy software on to phones via the call function. The Facebook-owned company said the spyware was spread by an “advanced cyber actor”, and infected multiple mobile phones using a major vulnerability in the app. The spyware, developed by the secretive Israeli spyware company NSO Group, has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera...

2019-05-16

Globe Newswire: The healthcare organizations are increasingly adopting cyber security solutions to keep cybercriminals at bay. The healthcare providers are taking more precautions in securing devices and connected networks, which, in turn, is increasing the popularity of healthcare cyber security tools and solutions. The key factors driving the cyber security in healthcare market is the increasing number of cyber-attack threats, as the medical records contain huge volumes of information that can be used to perform identity fraud...

2019-05-15

ABC10: In the greater Sacramento region, 6,311 people lost a total of $29,595,487.70 to various cyber crimes in 2018, according to the Federal Bureau of Investigation's Internet Crime Complaint Center. Overall, the state of California has the most amount of victims to cyber crimes and the most amount of loss by these victims in the nation, according to the 2018 report on cyber crimes. In California, nearly 50,000 victims lost over $450 million to cyber crimes...

2019-05-16

CTV: A proposed class-action lawsuit seeking $60 million in damages against Casino Rama following a cyber-attack has been denied. Lawyers for the plaintiffs argued as many as 200,000 people might have had their personal information stolen in the hack, including employees and patrons. In November 2016, the casino announced it had been the victim of a cyber-attack through which a large quantity of personal information was stolen from two of its servers...

2019-05-10

CBS Baltimore: The FBI is investigating a ransomware attack on Baltimore City’s network, while city officials try to bring back the network to its full capacity. Although city services are no longer are being affected, hackers are still accessing the system, according to Mayor Jack Young. “These people are so sophisticated that their job is just to disrupt,” Young said. “I wish they would use it for more good than they are for just bad in trying to extort money from cities and companies. It’s just not right.”...

2019-05-10

Silicon UK: New malware from North Korea used to raise much needed funds has been identified by FBI and DHS Authorities in the United States have this week identified malware allegedly from North Korea, which is said to be part of that country’s hacking program to raise funds from targets aboard. The malware, dubbed ‘ElectricFish’, was identified by both the FBI and Department for Homeland Security (DHS)...

The target: Uber, a ridesharing service.

The take: The personal data of 57 million customers and drivers, including names, e-mail addresses and phone numbers, as well as driver’s license numbers for hundreds of thousands of American drivers.

The attack vector: Attackers gained access to an AWS-hosted server with credentials an Uber engineer left publicly exposed in a Github repository.

Uber later came under fire for failing to report the breach at the time that it occurred, and attempting to pay the hackers a $100,000 ransom to delete the stolen data. The handling of the incident resulted in the dismissal of Uber’s Chief Security Officer.

Read more...

2019-05-08

CNBC: Hackers have stolen over $40 million worth of bitcoin from Binance, one of the world's largest cryptocurrency exchanges, the company said on Tuesday. Binance said the hackers ran off with over 7,000 bitcoin and used a variety of attack methods to carry out the "large scale security breach" which occurred on Tuesday...

2019-05-09

FinancialPost: A federal grand jury has indicted two members of “extremely sophisticated” hacking group operating from China in the 2014-2015 theft of the personal information of nearly 79 million customers of insurer Anthem Inc., the biggest known health care hack in U.S. history. The Justice Department said the two also hacked three other U.S.-based companies it did not name, one in the technology sector, the others in basic materials and communications...

2019-05-08

CNBC: A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company's cloud servers. Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services...

2019-05-08

Bloomberg: Amazon.com Inc. said it was hit by an "extensive" fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year. Amazon believes it was the victim of a "serious" online attack by hackers who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a U.K. legal document. The hack took place between May 2018 and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public...

2019-05-07

Forbes: Financial institutions face a complex array of threats — from the immediate such as synthetic identities which have been used to defraud individual firms multiple times. But they also should be looking around and ahead, said Valerie Abend, managing director, Accenture Security and co-author with Howard Marshall, principal director at Accenture Security, of a report entitled “Extreme but Plausible Threat Scenarios In Financial Services.”...

2019-05-07

Cointelegraph: The French stock markets regulator AMF has seen over a 14,000% surge in enquiries related to fraudulent crypto offers in 2018 as opposed to 2016, the agency wrote in a new annual report released May 7. In the report, the Autorite des Marches Financiers (AMF) specified that the number of enquiries associated with crypto-related scams online has surged to over 2,600 in 2018 from only 18 similar enquiries back in 2016...

2019-05-03

SydneyMorningHerald: Former prime minister Malcolm Turnbull's handpicked cybersecurity tsar Alastair MacGibbon is quitting his role and has declared cyber attacks "the greatest existential threat we face". Mr MacGibbon has been the face of cybersecurity for federal authorities for the past three years, handling the public response to the cyberattack on the national census in 2016 and the hacking earlier this year of the Parliament and the major political parties...

The target: Home Depot, an American home improvement retailer.

The take: 53 million e-mail addresses and 56 million credit and debit accounts.

The attack vector: Beginning in April 2014 and lasting several months, attackers used compromised credentials belonging to a third-party vendor to initially breach Home Depot’s network. Once inside, they exploited unpatched Windows vulnerabilities and installed malware on self-checkout registers to skim customer information.

Read more...

2019-04-30

BankInfoSecurity: A Russian citizen has been charged with stealing more than $1.5 million from the Internal Revenue Service after hacking into tax preparation companies and stealing personal data. On Monday, an indictment was returned in U.S. federal court against 33-year-old Anton Bogdanov, aka "Kusok," charging him with wire fraud conspiracy, aggravated identity theft and computer intrusion. Prosecutors have accused Bogdanov of working with unnamed accomplices to steal personal information and use it to file federal tax returns and fraudulently obtain tax refunds...

2019-05-01

TheSun: THE mastermind behind Britain's biggest ever cyber scam splurged £3m on Harrods shopping sprees, parties with popstars and luxury holidays to Dubai, a court heard. Feezan Hameed Choudhary, 28, was jailed for 11 years in 2016 for leading a "vishing" fraud which conned 750 RBS and Lloyds customers out of £113m. "Vishing" or "voice phishing" is a type of phone fraud in which the scammer manipulates the victim into sharing private financial information which can then be used to make cash transfers...

2019-04-29

Euronews: Losses from the theft of cryptocurrencies from exchanges and fraud-related activities surged in the first quarter of the year to $1.2 billion (920.67 million pounds), or 70 percent of the level for all of 2018, cybersecurity firm CipherTrace said on Tuesday. The value of losses from crime in the digital currency sector in 2018 hit $1.7 billion. But cryptocurrency crime has ballooned as the market has slowed down, prices have plunged and business activity has stalled...

2019-04-29

VentureBeat: Red Canary, a five-year-old Denver, Colorado-based company developing cloud-based security services, today announced that it’s secured $34 million in growth equity financing led by Summit Partners, with participation from existing investors Access Venture Partners and Noro-Moseley Partners. It follows on the heels of a $6.25 million venture series in May 2018 and brings the company’s total raised to $48.9, and will fuel the expansion of Red Canary’s services and team in the coming months, according to CEO and cofounder Brian Beyer...

2019-04-29

TheSydneyMorningHerald: The Morrison government will scale up the cyber security teams that defend Australia’s communications networks in a $156 million election pledge that includes new scholarships and recruitment programs. On alert for attacks from foreign agencies and criminals, the government wants to expand its online security workforce across several departments while using public funds to encourage more young Australians to study computer science...

2019-05-01

BobsGuide: Hackers are exploiting inherent weaknesses in mature hedge funds on a daily basis, say a security vendor and the chief technology officer of an established fund, leading to huge boosts in cybersecurity spending. “Hedge funds are being targeted simply because of cash movements where frequent large transfers are normal at a small business that doesn’t necessarily have all the controls in place,” says Jason Elmer, managing partner at Drawbridge, the cybersecurity consultancy...

2019-04-29

Forbes: Research published on Monday by cyber threat intelligence company Intsights paints a bleak picture for cybersecurity across the global financial services industry. According to the report, more than 25% of all malware attacks hit banks and other financial services organizations, more than any other industry, and there were huge year-on-year increases in the numbers of compromised credit cards (212%), in credential leaks (129%) and in malicious apps (102%)...

The target: Microsoft’s personal e-mail service, Outlook.com.

The take: E-mail accounts under the Outlook.com, Hotmail.com, and MSN.com domains were compromised – while Microsoft has offered that ‘only 6%’ of accounts were compromised, they would not confirm the number of accounts that percentage represents. While they initially denied that the attackers had access to customers’ inboxes beyond contacts, folder names, and subject lines, it was later confirmed that email contents could have been viewed.

The attack vector: Attackers were able access Microsoft’s infrastructure by compromising the credentials of a customer support representative.

Read more...

2019-04-22

DailyHeraldBusiness: Data breaches are constantly in the news and most companies know they should be concerned about privacy and the security of their data, or at least recognize this is an important and complex area. However, most family offices are not sure how to start addressing their concerns, or worse, don't view the family office as a target...

2019-04-20

BostonHerald: A British cybersecurity researcher credited with stopping a worldwide computer virus has pleaded guilty to developing malware to steal banking information. Federal prosecutors in Wisconsin and Marcus Hutchins’ attorneys said in a joint court filing Friday that the 24-year-old agreed to plead guilty to developing malware called Kronos and conspiring to distribute it from 2012 to 2015. In exchange for his plea to those charges, prosecutors dismissed eight more...

2019-04-23

Fortune: California Senator Kamala Harris warned that cyber attacks are becoming a “new form of war” Monday night during CNN’s town hall, ominously stating that it will be “a war without blood”—one for which the United States is not prepared...

2019-04-18

ArabianBusiness: Cybercrime is projected to cost $8 trillion to businesses globally in the next five years, according to UAE-based cyber security firm DarkMatter which is responsible for protecting the IT infrastructure and technologies of Dubai Expo 2020. Dr Karim Sabbagh, CEO of DarkMatter Group, told a regional internal audit conference in Abu Dhabi on Thursday that irreparable reputational damages are on the rise with the escalating regulations increasingly penalising failures to tackle cybercrime...

2019-04-23

TheWashingtonTimes: Financial losses caused by cybercrimes reported to the FBI nearly doubled in 2018 over the year before, according to a government report released Monday. The FBI’s Internet Crime Complaint Center (IC3) received 351,936 complaints in 2018 involving incidents that caused combined losses totaling $2.71 billion, the office said in its annual report. By comparison, the IC3 received 301,580 complaints in 2017 totaling $1.42 billion in losses...

2019-04-23

Metro: CYBER attacks against businesses have rocketed with six out of ten companies reporting at least one incident last year, a survey has revealed. The financial cost related to cyber crime also sharply increased, with the average loss reported at £283,000 — up nearly two thirds on the previous year. While large firms remain the most likely to be targeted, the number of small and medium sized businesses affected by the crime also rose significantly in 2018...

2019-04-21

TheIrishTimes: More than a third of people in the UK believe that losing money or personal information over the internet is now “unavoidable”, a survey has found, in a further sign of growing public concern about online privacy. The research, carried out by Britain’s National Cyber Security Centre, part of digital intelligence agency GCHQ, also revealed that 70 per cent of the public believe they will be a victim of cyber crime in the next two years...