FBI sees a surge in Cyber Attacks

Federal Bureau of Investigation widely known as FBI has made it official that it is witnessing a spike in cyberattacks, especially on remote workers who are struggling to keep their critical office functions alive during the COVID 19 pandemic.

Speaking at the virtual Aspen Institute event, Tonya Ugoretz, the Deputy Assistant Director shared some insights on what the Internet Crime Compliant Center of FBI was witnessing currently. Tonya added that the center was receiving complaints related to cyber fraud between 3000 to 4000 on a daily note which is alarming and is far above the regular average count of 600-800 per day.

Cyber crooks are seen setting up fake websites in the name of information sharing related to COVID 19 and are seen asking for personal information from the traffic visiting them, paving way for a bigger fraud such as Phishing- a popular method in the cyberattack chain nowadays proving lucrative for cybercriminals.

And as work from home employees are increasingly using their personal and corporate devices for resource sharing, there is a threat that hackers might use these endpoints as vulnerable targets to enter into corporate networks.

FBI has also observed that in the first quarter of this year 2020, there has been a surge in nation-state cryptojacking attacks where hackers are seen targeting endpoints and stealing computing resources to mine cryptocurrency such as BTC.

Healthcare, financial sector, manufacturing units, and government entities are said to be acting as prime targets for cybercriminals as attacks on these firms are proving profitable for hackers.

US law enforcement agency suggests that the only way to protect organizational resources from threats is by managing and monitoring privilege access and installing automated cyber response solutions which not only helps in detecting attacks but also assists in mitigating them before time.

The post FBI sees a surge in Cyber Attacks appeared first on Cybersecurity Insiders.

May 01, 2020 at 11:03AM

Read More

Ransomware news headlines trending on Google

Canada’s Northwest Territories Power Corporation (NTPC) is believed to have become a victim of ransomware attack recently, triggering the authorities to shut down their email systems and some essential services to contain the incident and neutralize the repercussions.

Noel Boykin, the President & CEO of NTPC confirmed the incident and added that government entities, financial institutes, and power utilities are becoming soft targets of those spreading ransomware

NTPC is working closely with a cybersecurity agency and law enforcement to investigate the culprits behind the attack. And a source on the condition of anonymity has not ruled out the possibility that it could be a state-sponsored attack.

In another finding related to ransomware, US Security Exchange Commission (SEC) has officially disclosed that several companies are now listing ransomware as a risk factor in their yearly filings.

According to an update on the website, more than 1,120 companies have listed the file-encrypting malware as a risk factor in their filing in the past 12 months followed by 700 in 2020 alone- which might easily surpass the 2019 estimate.

Some of the companies which included ransomware in their SEC filings as a major cyber threat include McDonald’s Tupperware, Pluralsight, American Airlines, and Alphabet- the parent company of Google.

Coming to the third ransomware news headline trending on Google, a ransomware incident report from Coveware says that on an average the ransom demanded by hackers has reached $111,605 in the first quarter of this year with Sodinikibi and Ryuk being largely responsible for 33% of average payments.

Coverware reports also highlight the fact that out of the 1000 ransomware cases it worked on the 1Q of the year 2020 more than 8.7% proved to be of the data-stealing genre as a hacker was seen threatening the victimized firms of making the stolen files public if they fail to meet their demands on time.

While it was found that the year 2019 witnessed 76% of cases related to Maze ransomware, Coveware found that other gangs such as CLOP, Nephilim, Sekhmet, Sodinikibi, DopplePaymer and Mespinoza along with Netwalker were also active on data exfiltration schemes targeting mainly healthcare providers, government entities such as municipalities and multinational manufacturing companies.

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

May 01, 2020 at 11:01AM

Read More

AT&T Cybersecurity receives Frost & Sullivan award in Managed Security Services

Recently, we learned the good news from industry analyst firm, Frost & Sullivan, that we received the 2019 Frost Radar Award for Growth, Innovation & Leadership (GIL) in the Global Managed Security Services (MSS) Market. Frost & Sullivan’s global team of analysts and consultants recognized our achievements in innovating and creating new products and solutions that serve ever-evolving customer needs.
The criteria analyzed by Frost & Sullivan to determine the award were innovation, scalability, research and development, product portfolio, mega trends leverage, customer alignment as well as business factors including market share, revenue growth, growth pipeline, vision and strategy, sales and marketing. In particular, the analysts noted AT&T Cybersecurity as one of the most significant contributors to the rapid growth of the security market, as well as the overall pace of technological innovation.
This recognition is noteworthy. It validates our years of experience in helping to protect…

Posted by: Theresa Lanowitz

Read full post

      

The post AT&T Cybersecurity receives Frost & Sullivan award in Managed Security Services appeared first on Cybersecurity Insiders.

April 30, 2020 at 09:09PM

Read More

Hackers selling stolen data on Facebook and Twitter

Which?, the UK based consumer group has discovered in its recent survey that hackers and scammers are seen selling stolen digital personal & financial details on social media platforms such as Facebook, Twitter, Instagram, and WhatsApp.

 

The data which is being sold includes credit card details, compromised credentials of Netflix, and Uber eats user accounts, Google ad-related identifies social media profile data and fake passport numbers.

 

The purchased data will be used by cyber crooks in cyber scams and blackmail related digital campaigns.

 

Quoting some details about a Facebook profile related to a man from Yorkshire, Which? reported that the full identity and financial information of that person were sold on FB for a handsome amount.

 

And since it doesn’t dilute any community posting standards, FB said that it cannot remove the post related to the man without the account admins permission.

 

On the other hand, Instagram and Twitter are all set to filter such content provided it was brought to the notice of its content moderation bots.

 

Note- In the first week of April 2020, speculations were rife that hackers who stole account details of more than 267 FB users early this year we’re selling the same on Dark web. And the stolen info includes passwords, email addresses, phone numbers, interests, and geographic location. Security analysts say that the stolen details can be used in phishing campaigns or to spread malware like ransomware via email accounts and messages.

 

The post Hackers selling stolen data on Facebook and Twitter appeared first on Cybersecurity Insiders.

April 30, 2020 at 08:36PM

Read More

Black Rose Lucy Ransomware attack on Android Devices

Security Researchers from Check Point Research have discovered that those spreading Black Rose Lucy Malware has added file-encrypting capabilities to their malicious software which was originally designed as a botnet to deliver malware-as-a-service and dropper for other malicious codes.

 

As per the details available to select media channels, Black Rose Lucy Malware turned ransomware encrypts files and data on an Android device and then sends a message to the victim via a web browser mimicking the FBI.

 

The pop message states that the victim has visited a Forbidden X rated website which was banned by law enforcement and threatens to leak info to the FBI if the victim fails to pay a ransom.

 

Check Point claims that the victim is only left with an option of paying $500 penalty within 3 days or might face serious consequences. Another highlight in this ransomware saga is that the victim needs to pay the hackers through credit cards and not Cryptocurrencies such as Bitcoins and Monero.

 

Researchers say that hackers are turning to tactics like spreading mobile ransomware as such devices usually tend to have fewer security features.

 

Note- Black Rose Lucy is reported to have originated in Russia in 2018 and was initially spread through social media links and messaging apps.

 

How to keep your Android Phones secured from ransomware attacks

 

1.) The best way to prevent ransomware attacks on your mobile phone is to keep your phone loaded with antivirus software

 

2.) Think twice before clicking on email & message links as they might turn into phishing scams distributing malware.

 

3.) Never download apps from unknown sources like websites and prefer downloading from only the Apple App Store or Google play store.

 

4.) Better to back your file to a cloud storage platform

 

5.) Always keep your operating system with the latest updates

The post Black Rose Lucy Ransomware attack on Android Devices appeared first on Cybersecurity Insiders.

April 30, 2020 at 10:25AM

Read More

Rapid 7 acquires Cloud Security firm DivvyCloud for $145 million

Rapid 7, a Massachusetts based Data Security firm has made it official that it is acquiring Virginia based cloud security company DivvyCloud Corporation for $145 million to help businesses bring their DevOps Teams and Security onto a single platform.

 

Trade analysts suggest that the deal will do great benefit to Rapid 7 customers who have been asking the company for automated detection of misconfigurations, policy violations, external and internal threats and identity and access management challenges on multi-cloud and container environments.

 

Rapid 7 is said to integrate DivvyCloud’s technology into its platform to help enterprise security teams offer the best of the breed compliance as it supports the world’s biggest cloud service providers such as AWS, Azure, Google Cloud Platform and Alibaba cloud. Furthermore, the technology is also incepted with risk management and ease of governance features on multi-cloud and container environments.

 

Cybersecurity Insiders has learned that Rapid 7 has closed the deal at the Nasdaq Exchange on Tuesday through cash and shares and might complete the entire deal procedure by June 2020.

 

Note- Due to the widespread of Corona Virus across the world, most of the Merger and Acquisition deals have been paused or dropped down. But Rapid 7 CEO Corey Thomas sees the pandemic rise differently and feels that the virus spread will accelerate companies’ shift more towards cloud computing and so companies offering utmost cloud security will see this as a win-win situation.

 

The post Rapid 7 acquires Cloud Security firm DivvyCloud for $145 million appeared first on Cybersecurity Insiders.

April 30, 2020 at 10:23AM

Read More

Have you started working from home? Secure your endpoints!

This blog was written by an independent guest blogger.
Due to recent international events, there are likely millions of people in the United States and around the world who have just started working from home. There are a lot of office jobs that could move from the company’s workplace to employees’ homes– accountants, web designers, application developers, network administrators, lawyers, clerical jobs, stock traders, data entry people, call center agents, tech support agents, and probably many other white collar roles. I write web content about cybersecurity for a living, and I’ve always worked from home. Welcome to my world, millions of people!
Try to save watching a TV show or playing a video game for after you’ve done your tasks for the day. But if your work has frustrated you by lunchtime, a nice long relaxing shower often helps. Maybe you have young…

Posted by: Kim Crawley

Read full post

      

The post Have you started working from home? Secure your endpoints! appeared first on Cybersecurity Insiders.

April 29, 2020 at 09:09PM

Read More

COVID 19 Vaccine development will lead to more Cyber Attacks and Data Theft

As the world is struggling to find a sure-shot vaccine to end the Corona Virus pandemic, British Defense Committee Chairperson Tobias Ellwood felt that it will lead to more cyber attacks on Pharma companies like GlaxoSmithKline, Johnson & Johnson, Sanofi, Imperial College and Oxford University’s Jenner Institute as they are in a race to find a cure.

“What amazes me is that nations like China are trying to establish New ‘Health Silk Road’ by showing diplomatic bonds of gratitude,” said Tobias Ellwood.

A few months ago, the trade from China was either banned or kept under surveillance by countries like the UK and the US. But now they are seen lining up for help from Chinese companies like Alibaba and Huawei which are now into the business of selling protective equipment, low-cost sanitizers, protective gowns, Goggles, and masks added Mr. Ellwood.

The British Conservative Party Leader expressed that President XI is trying to consolidate a grip of power over the world by authoritarianism and creating Chaos among countries. As he is planning to make China a global leader leaving behind its immediate adversary America. Already the nation has proven its negative mindset by exposing the fragility of some international institutions like WHO- an organization now in the bad books of Donald Trump.

Now coming back to the Corona vaccine, all those companies around the world which are on the verge of developing a medicine, please be alert with snooping eyes that are on a lookout to grab every opportunity to steal the data and label it as their hard work to seek economic salvation.

The post COVID 19 Vaccine development will lead to more Cyber Attacks and Data Theft appeared first on Cybersecurity Insiders.

April 29, 2020 at 08:41PM

Read More

NHS rejects Google and Apple Coronavirus tracking app due to data security fears

Last week, Apple and Google came forward to offer a Corona Virus tracking app to NHS which will be in lines with India’s Aarogya Setu Mobile app.

However, UK’s government-funded healthcare service provider had rejected the plea due to data security concerns as the tech giants said that the App developed by them on a collective note will be running on a central database which will be in full control of them- creating a blueprint for unethical mass surveillance after the Wuhan Virus spread ends in UK & Europe.

Therefore, the NHS decided to build its app which runs on a centralized information collecting system and will be ready to be used by Britain’s population in two or three weeks.

NHSX, a digital arm of NHS will be building the app which will not only help the users in tracking COVID 19 patients but will also share insights on the spread of the pandemic, the mitigation measures are taken by the government to stop the spread, several people who are being infected, recovered and dead and also some precautionary measures to be taken by the users to help flatten the curve of the Coronavirus Infection spread.

What’s special about the upcoming NHS app is that it keeps exchanging data with every phone that comes within the Bluetooth range over a fixed period, notifying users if they have come in the vicinity or contact with a Geotagged Covid 19 patient. And all the collected data will be stored on NHS servers and will be strictly used for the care, management, and evaluation, and research purposes.

A source from NHS said that GCHQ will, however, receive the Operating system expertise from Apple and Google in developing the NHS app which will then turn smartphones operating in the region into Novel COVID 19 virus tracking devices.

Currently, the development of the app is in the nascent stage and so more details about the app like its name, functions, and benefits will be updated as soon as they are available to the media.

The post NHS rejects Google and Apple Coronavirus tracking app due to data security fears appeared first on Cybersecurity Insiders.

April 29, 2020 at 10:44AM

Read More

Ransomware attack on Zaha Hadid Architects

Zaha Hadid Architects (ZHA), a London based Architects syndicate recognized internationally all over the world is reported to have become a victim of a ransomware attack last week. And the highlight in this whole cyber incident is that hackers who infiltrated the database of the Architectural services rendering firm have started to threaten the firm that they will dump all the encrypted data onto the dark web if their demanded ransom gets rejected.

 

ZHA which was founded by world-renowned architect Zaha Hadid first reported the incident to the law enforcement authorities on April 21st,2020, and has clarified that it is not going to pay any ransom in exchange for a decryption key.

 

Cybersecurity Insiders has learned that a hackers group named “Light” is behind the incident as they first stole the data from the company’s network and then later locked down the files with malware.

 

Architect’s Journal reported that the stolen information includes financial documents, employee details, life insurance data, employee contracts, email inbox dumps, and more.

 

However, the IT staff of Zaha Hadid Architects firm argues that all their sensitive data was backed up and they are still unsure of what exactly was stolen from the database.

 

Note 1- From the past few months, hackers spreading ransomware are seen indulging in first stealing the data from the database and then encrypting it until a ransom is paid. This is to ensure a pay-guaranty if in case the victim fails to pay, the hacker can earn by selling the stolen data on the dark web.

 

Note 2- Zaha Hadid Architects is known to offer architectural designs to world’s renowned buildings such as Vitra Fire Station in Germany, Bergisel Ski Jump in Austria, BMW administration building in Germany, Bridge Pavilion in Spain, MAXXI Entrance & Interior in Italy, Sheikh Zayed Bridge in Abu Dhabi, The Guangzhou Opera House in China, London Olympics Aquatics Center, Broad Art Museum in Michigan of United States, Glaxo Soho in China and Port Authority in Belgium to name a few.

 

The post Ransomware attack on Zaha Hadid Architects appeared first on Cybersecurity Insiders.

April 29, 2020 at 10:42AM

Read More

Working from home? Use the spare time for professional development

This blog was written by an independent guest blogger.
It’s 2020 and our world is rapidly evolving.  Many conferences and training programs have been cancelled, most of us are working from home, and it may seem like learning opportunities are scarce.  If you are locked in your house due to COVID-19, what could you be doing to improve your cybersecurity & information security skills?  Let me share a few ideas.
Let’s start with the most straightforward suggestion I give every person who wants to jump into infosec.  In my opinion, it is the fundamental skillset that will lift you above any and all of your peers and most seasoned professionals. It is considered by many in the industry to be beneath them and boring work that it is often overlooked, but is so essential to almost all organizations that people who have this…

Posted by: Robert Fitzgerald

Read full post

      

The post Working from home? Use the spare time for professional development appeared first on Cybersecurity Insiders.

April 28, 2020 at 09:08PM

Read More

Microsoft and Google security update their respective Virtual Machines

Microsoft and Google have made it official that their Virtual Machine instances on a respective note can now process highly sensitive information making it difficult for cloud admins to access or tamper information while in process. Also, the latest update will make it extremely difficult for hackers to induce malware into Trusted Executed Environments(TEE).

So, from now on government organizations and financial institutions can use Microsoft Azure and Google Compute Engines without any apprehension that their data might be snooped by hackers or by those handling the operations in Cloud data centers.

Individual speaking about the newly induced technology, Azure Dcsc2- Series VMs which are now on general availability mode will now on function with Intel’s SGX or Software Guard Extensions running with hardware-based Trusted Execution Environments(TEE).

Technically speaking, TEEs are secure enclaves where information processing takes place in a separate memory located in the CPU away from the host operating system and hypervisors- thus making it difficult for data center administrators to access the processing info as it is encrypted while in rest and transit.

Speaking about Google Cloud Engine(GCE), the internet juggernaut has announced that it is making its Unified Extensible Firmware Interface (UEFI) and Shielded VM as a default for all GCE users for free.

While Shielded VM protects the guest Operating systems from malicious firmware, Kernel Compromise, and Persistent BOOT manipulation can be eradicated in guest OSes with the help of UEFI.

So, customers using CentOS, Core OS, Google Container Optimized OS, Ubuntu, SUSE Linux Enterprise Server version, Windows Server, SQL Server, Debian, and RHEL can stay protected with Shielded VM.

Furthermore, all Managed Service for Microsoft AD, Kaggle, Kubernetes Engine, Cloud SQL server instances can also avail the services of Shielded VMs at zero cost.

The post Microsoft and Google security update their respective Virtual Machines appeared first on Cybersecurity Insiders.

April 28, 2020 at 08:41PM

Read More

Ransomware attack on US Pharma Company ExecuPharm

ExecuPharm, a US-based pharmaceutical company is reported to have become a victim of a Ransomware attack on March 13th of 2020. And as per a letter sent by the company to the Attorney General, Vermont details such as social security numbers, financial info, driving license details, passport numbers, and other sensitive data might have been accessed and stolen by hackers.

 

News is out that the hackers belonging to the CLOP ransomware group have posted a vast cache of data including email records, financial data, and accounting records along with user docs and data backups on the dark web.

 

Note- Some ransomware spreading gangs ( DopplePaymer, Maze, and Sodinokibi) are seen stealing a portion of data from the victimized database before encrypting it until a ransom is paid. This is to ensure that they earn money either way by selling the data on the dark web; only if the victim fails to pay the demanded sum in Crypto before time.

 

Federal and local law enforcement authorities have been notified about the incident and a 3rd party Cybersecurity firm has been pressed into service by ExecuPharm to deeply investigate the incident.

 

Meanwhile, amidst the news of ransomware spread, there is some good news to rejoice. Shade Ransomware gang has decided to shut down their business of spreading the file-encrypting malware and have published more than 750,000 decryption keys on GitHub for the past victims to unlock their database files.

 

Russian Cybersecurity firm Kaspersky has endorsed the decryption keys as authentic and has announced to create a free decryption tool in the next few weeks.

 

First spotted in 2014, Shade Ransomware gang is touted as one of the oldest ransomware spreading groups available on the web. For some reason, it decided to shut down its operations at the end of 2019 and made it official this week by releasing decryption keys.

 

The post Ransomware attack on US Pharma Company ExecuPharm appeared first on Cybersecurity Insiders.

April 28, 2020 at 10:22AM

Read More

UK DASA further offers £1m to develop Cyber Attack prediction technology

United Kingdom’s Department of Security Accelerator (DASA) is offering a £1 million funding to three teams who have been assigned the task of developing a technology that predicts and thwarts Cyber Attacks. Therefore, with the latest financial input, DASA has succeeded in putting the UK’s Defense Sector in top position ahead of its adversaries and boosting the UK’s prosperity.

 

DASA’s latest £1m phase 2 funding which brings the overall figure to £2m has been assigned to three organizations in the following way-

 

1.) Vauxhall based DecisionLab – £240,000 million in collaboration with DIEM Analytics and Arctica.

 

2.) Gloucestershire based Montvieux Limited- £250,000

 

3.) RiskAware LTD of Bristol funding £450,000 in collaboration with the University of Southampton

 

All the 3 organizations will work to develop, adapt and merge new technologies with UK’s Military Systems and Networks which are facing a rapid threat of offensive cyber action from nations such as North Korea, China, and Russia.

 

“Cyber Security has been in the arms race for decades while hackers are continuing to exploit vulnerabilities before they could be patched. DASA is planning that its funds will be used by 3 organizations in developing a new tech that helps the military in predicting, preparing, and thwarting the nation against all future cyber attacks”, said Rebecca Duncan, Project Manager, DASA.

 

“The funding in phase 2 will help the military environment to adapt to the ever-evolving cyber landscape and will enhance its defensive skills with the predictive approach”, said Robert Hammond, Delivery Manager, DASA.

 

Note- DASA is known to find and fund R&D related to innovation-driven technology solutions to give UK’s defense sector a great boost; positioning it at the top of all its adversaries.

 

The post UK DASA further offers £1m to develop Cyber Attack prediction technology appeared first on Cybersecurity Insiders.

April 28, 2020 at 10:21AM

Read More

Stories from the SOC – Web Server Attack

Executive Summary
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
During the Investigation of a Web Server Attack alarm for a large multinational enterprise Customer, we conducted an Investigation that inevitably led to the customer isolating the system entirely. The sophistication of the Correlation Rules developed by the AT&T Alien Labs™ team recognized patterns that indicated an attack on the web server. Armed with the information presented by the alarm itself, we then expounded on those details which lead to the customer being informed that a public-facing server was actively vulnerable. While personally interfacing with the Customer, they conveyed they were unaware of this system being open and hastily took corrective measures; thus, resulting in the isolation of the…

Posted by: Leo Garcia

Read full post

      

The post Stories from the SOC – Web Server Attack appeared first on Cybersecurity Insiders.

April 28, 2020 at 09:08AM

Read More

Using Video Conferencing Tools Securely During COVID-19

By: Tony Howlett, CISO, SecureLink

Since the world-wide spread of the COVID-19 virus over the last two to three months, many challenges have been thrown at organizations of all kinds and sizes. With much of the country and world under “shelter-in-place” or similar orders from governments, many workforces, especially white-collar ones, have gone to near 100% work from home. This has necessitated the rapid deployment or increase of video-conferencing and other collaboration tools practically overnight with little thought given to security.

In a pre-coronavirus world, these types of mass deployments would be studied over many months and deployed in a much more rational fashion. But the exponential spread of the virus did not allow for typical corporate IT risk assessment and technology vetting processes.

Video Conferencing Flaws Highlight the Need for Stricter Cybersecurity

The much-publicized security flaws in the popular Zoom and subsequent incidents have shown how these “flash” deployments, while born of necessity, aren’t always the most sound, security-wise, right off the bat. The fact of the matter is that these platforms, while conveniently available, were typically used for one-to-many webinars and other types of presentations and were not necessarily purpose-built for highly confidential internal business meetings or other sensitive environments.

Since the media buzz around Zoom, the company has both responded and created patches for the flaws. To ensure that your organization is staying on top of cybersecurity with the increased use of video conferencing tools, here is a list of best practices for operating these platforms for the full breadth of your business operations.

Ensure Teleconferencing Apps are Supported

First of all, you must make sure that your teleconferencing applications are fully supported. That means paid, corporate versions; now is not the time to be a cheapskate. You must also make sure they are patched up to the currently available stable versions, on both server and client-side (depending on if you are using SaaS or in-house infrastructure). Like we stated above, Zoom has patched most of its issues, but you only benefit from that if you are up to date. Make sure your user base has the latest version, ideally with enforced updates.

Enable Built-In Security Features

Beyond patching, make sure that you take full advantage of built-in security features. Previously, in Zoom, many of these features were disabled by default to make it easier for large numbers of people to log into online seminars. However, for regular use for internal corporate meetings, you should definitely have passwords required. Also using the waiting room feature in Zoom and similar features in other platforms, you can vet any entrants to your meeting to make sure you don’t have any uninvited guests or eavesdroppers.

Don’t Share Meeting IDs

As far as policies around your use of video conferencing technology go, don’t make a habit of sharing your meeting ID liberally. This can be used to enter your meetings and do other reconnaissance. And when sending out passwords for the meeting, now that they are required, send them separate from the initial meeting and RSVP and only to registered attendees. Not allowing sharing and reuse of meeting passwords is a big step towards securing your online meetings.

Be Aware of Phishing

Finally, make sure everyone in your organization is aware of video conference phishing scams. Some new techniques that hackers are using are sending you a meeting invite from a spoofed co-worker. Once they click on the meeting link, the malware is launched. Beware of meeting invites that don’t make sense or aren’t expected. You can also mouse over (don’t click!) the actual links to see where they lead or what they are launching. The bottom line is to be more vigilant about these kinds of links in emails. Also, when it comes to user education, it is not a bad idea to create a short email or Wiki article to inform your employees how to use them properly, especially since many employees who would never be setting up these kinds of meetings before are now using them for their one-on-ones and other daily interactions

Stay Safe While Working From Home

This is not an exhaustive list of video conferencing security tips; each platform has its own features and settings that can be adjusted. When using video conferencing for all internal business, you need to be more careful about how these tools are configured and used. Even though they were never intended for the kinds of use cases we are seeing during this pandemic, with a little extra diligence and user education, you can use them for your work from home initiative and other applications and be assured of reasonable security.

 

The post Using Video Conferencing Tools Securely During COVID-19 appeared first on Cybersecurity Insiders.

April 28, 2020 at 04:29AM

Read More

Microsoft Teams fixes GIF Viewing Cyber Attack Vulnerability

Microsoft, the American Tech Giant has issued a fix to the security vulnerability which exposed the users of its Microsoft Teams to GIF based Cyber Attacks which could have otherwise allowed hackers to take over data related to targeted systems.

 

Going deep into the matter, on March 23, 2020, a team of researchers from CyberArk has issued a warning to Microsoft about a security issue that allows the threat actors to take over an account or steal data of those who viewed GIFs on the Teams account.

 

The Redmond giant took note of the issue and issued a fix on Monday last week where the compromised subdomain serving up the malicious images was updated with misconfigured DNS records.

 

Now, to those who did not understand the true concept of this attack, here’s a gist in basic language- Microsoft Teams exhibited a subdomain vulnerability which could have been exploited by an attacker to weaponize a GIF Image and use it to steal data and spread malware like ransomware on the targeted systems.

 

The attack involved tweaking of weaknesses in the Application Programming Interface(API) which is used to communicate between services and servers.

 

NOTE- Microsoft Team is a chat-based communication and collaboration platform which allows users to chat with team-mates, video meet and allow applications to be integrated. And like other chat apps, it also allows its users to send team-mates or colleagues animated GIF images depending on the situation, context, and mood of the user. Researchers from CyberArk have discovered that a security hole in this Microsoft subdomain allowed hackers to serve malicious images which later can be used to scrape data from their accounts and lead to data thefts and corporate espionage.

The post Microsoft Teams fixes GIF Viewing Cyber Attack Vulnerability appeared first on Cybersecurity Insiders.

April 27, 2020 at 08:39PM

Read More

Canada Govt to offer Cybersecurity for Teleworkers during COVID 19 Pandemic

To all those public and private employees in Canada who are working from home, due to Corona Virus spread crisis, here some good news. A Canada spy agency is all set to use its huge database of cyber threats to protect employees who are working from home to keep their critical office IT operations free from cyber attacks of any range during the COVID 19 shutdown.

In the past few weeks, it’s a fact that multiple instances of fraudulent activity have been witnessed around the globe. For instance, scammers are seen targeting Canadian individuals with offers such as advance payouts and products such as sanitizers and face masks. Some individuals are also seen receiving messages from fake Public Health Canada websites that they have been tested positive and need special attention on an immediate note.

As such scams have become rampant; Canada’s Spy agency Communications Security Establishment Canada, in association with non-profit Canadian Internet Registration Authority (CIRA) has set to launch a free tool named CIRA Canadian Shield.

Canadian Shield is developed in such a way that it helps prevent online users from connecting to malevolent websites and other platforms. All without the need to input any personal information as it can lead to monetization of user data by the company at a later stage.

CIRA issued a public statement yesterday on this note and said that its new online app will especially help employees working and learning from home en masse get enterprise-grade privacy and Cybersecurity protection- which is otherwise only seen in corporate environments of large companies and organizations.

The post Canada Govt to offer Cybersecurity for Teleworkers during COVID 19 Pandemic appeared first on Cybersecurity Insiders.

April 27, 2020 at 10:44AM

Read More

Israel Water Supply Authority hit by Cyber Attack

Israel’s Water Supply was reportedly hit by a coordinated cyberattack on Friday and Saturday (April 24th-25th 2020) of last week. However, reports are in that no noted damage to ‘Programmable Logic Controllers’ or compromise of systems was witnessed in the cyber incident.

 

And as a precautionary measure, the water supplying company authorities changed their passwords of control systems related to water supply, pumping, and sewage on the advice of Israel’s National Cyber Directorate.

 

A statement issued early today by Israel’s National Cyber Directorate has confirmed that an attack did take place on command and control systems of wastewater treatment plants, pumping stations, and sewage. But failed to mention any information regarding the attack genre, the impact, and the mitigating efforts.

 

All relevant companies and institutions indulging in the water supply were urged to change their passwords on an immediate note and have been asked to upgrade their software and hardware channels with the latest updates.

 

Daniel Lacker, the head of Water Authority’s Security Department has assured that the security of the command and control systems will be upgraded soon to avoid any untoward in the future. Nevertheless, he failed to confirm the attack was state-funded.

 

Note- Cyber Attacks on water utilities can spell trouble and in some cases claim lives of the innocent populace. For instance, if the chlorine discharge into the water treatment facility is intercepted and altered to be high, it can cause health issues like nausea, stomach troubles, digestion issues, skin allergies, and in rare cases death in people who consume it.

The post Israel Water Supply Authority hit by Cyber Attack appeared first on Cybersecurity Insiders.

April 27, 2020 at 10:41AM

Read More

DDoS attack on Whiskey Auctioning Firm

A UK based whiskey auctioning firm named ‘Whisky Auctioneer’ had to shut down the auctioning of beverages on Monday this week which includes a rare whiskey named Macallan sale. And the decision was taken due to a Distributed denial of attack(DDoS) on its auctioning website and database.

 

Highly placed sources say that the officials were in thought to sell over 4000 bottles of rare whisky which could have fetched them around 10 million pounds. But due to the DDoS attack auctioning of only 1900 bottles took place forcing the Perth based firm to postpone ‘The Perfect Collection: Part Two’ auction at sometime in June or September this year.

 

Details related to the hack were put forward before the customers across the world via email and they have been suggested some Cybersecurity tips to follow to avoid any digital incidents shortly.

 

Whisky Auctioneer says that no credit card or bank details of its customers were leaked in the cyber incident. 

 

But a source from the company says that a more sophisticated cyber attack took place on Tuesday resulting in the partial data leak. However, no details related to the attack are being updated to the media for reasons.

 

Iain McClune, the founder of Whisky Auctioneer has confirmed that a dedicated IT team has been investigating the attack and are busy improving and updating the systems in line with Cybersecurity expert advice.

 

Meanwhile, the Scotland Police have also launched a probe on the action fraud, and the Information Commissioner’s Office and NCSC were notified about the DDoS attack on Whisky Auctioneer.

 

Note- The website is currently displaying a cyber-attack incident notice on its home page.

The post DDoS attack on Whiskey Auctioning Firm appeared first on Cybersecurity Insiders.

April 24, 2020 at 08:40PM

Read More

Malware being distributed through NHS Fake website says Kaspersky

Cybersecurity researchers from Kaspersky have discovered that a fake NHS website is being used by hackers to distribute malware. And the news is out that already the fake website has been accessed by thousands of online users seeking online help and advice related to Corona Virus.

 

Going deep into the details, Kaspersky researchers say that the website is acting as a Trojan distributing hub where it lures the online users in clicking malicious links thereafter stealing a password, credit card details, and other such sensitive info from the internet browser.

 

“Found a fake NHS website spreading COVID 19 messaging and tricking people in clicking malicious links filled with malware filled attachments and download,” says Yury Namestnikov, head of Kaspersky Global Research and Analysis Team.

 

Yury said that his Russian firm has seen a 43% growth in such malicious cyber attacks between January and March of this year i.e. during the time when the Coronavirus was spreading abruptly.

 

Kaspersky is advising its online users to protect their devices with anti-malware solutions, keep their operating systems up to date, keeping regular backups of data, using unique and complex passwords for every online account, and always typing the URL of the company or service directly into the browser instead of clicking on links and ensuring that it starts with Https if it is likely a payment acceptance website.

 

Note- NHS has strongly disclaimed the media speculations that a fake healthcare website is doing rounds on the internet in its name, but has cautioned the public to remain vigilant while accessing any government-related services online.

The post Malware being distributed through NHS Fake website says Kaspersky appeared first on Cybersecurity Insiders.

April 24, 2020 at 10:53AM

Read More

Zoom App now takes Cybersecurity seriously

Zoom App which is nowadays hitting news headlines for offering poor encryption in its video streaming services seems to have taken Cybersecurity seriously. It has made it official that in a few days’ time, the company will be rolling out a new version with utmost encryption to provide security and privacy to users using its services.

In March 2020, as the world was pushed into a lockdown due to COVID 19 spread, computer users around the world chose to use the Zoom web conferencing app in order to stay in touch with their colleagues to keep their office operations intact. So, from 10 million users, Zoom witnessed a spike in its app usage and has declared at the start of April 2020 that it has now over 200 million users.

But at the same time, few white hat hackers found several flaws in the app which could have led threat actors to gatecrash a video meeting or intercept and manipulate a conversation taking place among zoom users remotely.

“ So, the remote meeting app has decided to cover up the security vulnerabilities with apt fixes in its next version that happens to be Zoom 5.0- due to be launched next week,” said Eric Yuan, CEO of Zoom.

Zoom 5.0 will be enabled with an AES 256-Bit GCM encryption standards- an algorithm developed to protect data for the US government in 1996-1997. Thus, it will have 3 standard block ciphers- 128,192,256 which are used to encrypt and decrypt messages.

Therefore, those using Zoom cloud meetings can expect their online meetings to be protected with extra security layers which help keep data secure and intact while in transit; resisting tampering and assuring confidentiality and integrity of Webinars, Phone conversations and online classes.

At the same time, the Zoom account admins will be notified details such as data center location where the real-time traffic from their meetings will be stored, password settings complexity, contact sharing security, and dashboard customization to allow the admin to see how their zoom login users are connecting to the service.

The post Zoom App now takes Cybersecurity seriously appeared first on Cybersecurity Insiders.

April 24, 2020 at 10:51AM

Read More

Why cybersecurity needs a seat at the table

Introduction
A shift has occurred in the bastion of corporate hierarchy in the last few decades that has fundamentally changed how organizations operate. This shift started about sixteen years ago in 1994 with Citibank/Citigroup. After suffering a cybersecurity incident, they created the role of Chief Information Security Officer (CISO); a role which has only grown in prominence since. It’s common today to see even small, privately owned, organizations feature a CISO or similar role on their executive team.
Along with the growing presence of both executive and non-executive cybersecurity professionals, there has been an interesting dynamic introduced to the corporate environment. Instead of just dealing with the complexities of maintaining a technical environment; organizations are realizing they also need to contend with the security of  them as well.
Unfortunately, many organizations have not taken the requisite steps to properly integrate cybersecurity into their general operations.
Why it…

Posted by: Zachary Curley

Read full post

      

The post Why cybersecurity needs a seat at the table appeared first on Cybersecurity Insiders.

April 23, 2020 at 09:10PM

Read More

California City of Torrance hit by Ransomware demanding 100 BTC

City of Torrance, based in the metropolitan area of California was reported to have been hit by a ransomware attack launched by DopplePaymer gang on March 1st,2020. And reports are now in that since the authorities failed to pay the demanded ransom of 100 Bitcoins($698,000) the hackers have revealed around 200 GB of data online in retaliation.

 

Readers of Cybersecurity Insiders have to notify a fact over here that almost 50 days ago, the DopplePaymer Ransomware gangs managed to infiltrate the computer network of the City of Torrance and managed to wipe off the local backups along with the activity of encrypting over 150 servers and 500 workstations.

 

At that time the city’s IT staff confirmed that no data related to 145,000 residents were compromised in the attack.

 

However, a new post published on Doppel leaks has some sample files related to the city’s financial budget, accounting stats, and some information related to the City Manager of Torrance. On deep inquiry, the files are reported to contain sensitive info such as names, date of births, social security numbers, and financial transactions which occurred in the financial year 2018-2019.

 

Note 1- According to an FBI report released in March 2020, ransomware victims paid $144 million in BTC to hackers between Oct’13 to Nov’19. But as most of the attacks went unreported, the said number might just be an underestimate.

 

Note 2- Cybersecurity firm Emsisoft says that the ransomware attacks might increase in Q1 2020 as most of the Corporate workforce are working from home due to COVID 19 virus spread.

The post California City of Torrance hit by Ransomware demanding 100 BTC appeared first on Cybersecurity Insiders.

April 23, 2020 at 08:42PM

Read More

Cynet offers a $5000 reward for cyber attack incident response challenge

Cynet, an Israeli based Cybersecurity company having offices in UK and US has announced a “Cyber Attack Incident Response (IR)” challenge where the contest winner will be awarded a $5000 vacation on offer.

Officially dubbed as Cynet IR Challenge which begins on May 15th, 2020, the participants need to respond to real-world environments such as cyber-attacks and data breaches. On an overall note, those participating will be tested in damage mitigation, data breach response management, improvement in recovery times, and cut down in costs arising from simulated attacks.

“Cybersecurity professionals will be allowed to enter the contest based on their skills in automated breach detection. This includes investigation skills in over 25 IR challenges such as determining the cause of the attack vector and its potential impact” said a statement released by Cynet.

It will be a 2-week long contest and the winner will be determined based on the time they take to complete each task and correct responses.

Due to the Corona Virus pandemic, most of the technology geeks are at home and so the competition will prove as a great platform to groom their skills in combating a variety of cyber threats. All participants and the winner will be getting recognition in the industry along with the certificate of completion along with the financial help- only to the winner.

So, if you are interested, then you can register on the Cynet IR Challenge web portal

The post Cynet offers a $5000 reward for cyber attack incident response challenge appeared first on Cybersecurity Insiders.

April 23, 2020 at 10:33AM

Read More

How to protect your iPhone from Hackers

First and foremost advice is never ‘jailbreak’ your device to access apps and software not available on the Apple store. As it not only defers you from the company warranty but also blocks help from Apple if something unfortunate takes place to your device.

 

Secure your iCloud account- Never use the same password twice or on any other websites as it allows hackers to target your device for the valuable info. So, for securing the information on iCloud better to use an iCloud Keychain as it helps generate unique passwords and helps your account stay safe from hackers. If possible enable 2-factor authentication as it helps to truly secure your Apple ID.

 

Update the security patches- Always ensure that your device is loaded with the latest software as it helps in securing the phone from major security flaws and bugs which might others invite hackers to exploit.

 

Find my iPhone- As soon as this feature is turned on, it helps in tracking down your device when it gets lost. This can be done through another device or computer via iCloud.com. And if by chance the device gets into the wrong hands, then you can erase all the data on the device. 

 

As Apple has made a 6 digit device passcode as mandatory, better to switch to a password which is even longer and must be a combination of numbers and letters. 

 

Self Destruct feature- If in case you lose your Apple iPhone and imagine it gets into the wrong hands, then you can keep the data on the phone private by enabling the –Self Destruction feature as it helps wipe the device after 10 failed passcode attempts. But if you have children in your house, then better watch this feature as it can backfire.

 

Just stay away from Phishing scams and pop-ups by not opening emails, and messages sent by unknown senders. 

 

Better to change your Apple ID password on a regular note- say once in 3-6 months.

 

Never download any apps which might be spying on your device activity. So, download apps only from trusted resources and never-ever jailbreak.

 

Only use trusted charging stations and stop using the internet from public Wi-Fi as it allows hackers to steal data from your device.

 

Experts are suggesting disabling SIRI on Lockscreen as it helps hackers in hacking your device remotely.

 

The post How to protect your iPhone from Hackers appeared first on Cybersecurity Insiders.

April 23, 2020 at 10:31AM

Read More

Enforcing Secure Access with Global Login Policies

With more and more employees working from home, it’s now more important than ever to ensure the security of your SaaS applications. With so many remote workers, the context and security of their access is more ambiguous and it is important to validate the user’s identity and apply controls when the security of their device or the location they are accessing applications from is unknown. 

 

The post Enforcing Secure Access with Global Login Policies appeared first on Cybersecurity Insiders.

April 23, 2020 at 09:10AM

Read More

Securing Remote Work Part 1: Your Data Is on the Move

Over the last several years, the IT landscape and the business world have undergone extensive changes. Data, applications, and even infrastructure have all been moving off premises at an ever-increasing rate, while remote and personal devices are being granted unprecedented access to corporate IT systems both in the cloud and on premises. Bitglass research has shown that 86% of organizations now make use of the cloud, and that 85% now enable bring your own device (BYOD) in some capacity. Interestingly, both of these trends enable and are fueled by the rise of employees working remotely. 

 

The post Securing Remote Work Part 1: Your Data Is on the Move appeared first on Cybersecurity Insiders.

April 23, 2020 at 09:10AM

Read More

Donating while you sleep

This blog was written by an independent guest blogger.
By now, you have probably come to the stark realization that we are indeed living in the most interesting times.  Even the most hard-core introverts have noticed the value of human interaction.  It is how our species has survived.  One of the biggest challenges of our new, isolated existence is our sense of Locus of Control.  One common sentiment during times of uncertainty is the desire to help.  Most people want to help, but not all have the means to do so.  Fortunately, there is a way to help that costs no money at all.
Have you heard of distributed computing power?  This is where a group of computers are given a task that is too great for a single computer to solve.  The computer is used for the distributed computing task while…

Posted by: Bob Covello

Read full post

      

The post Donating while you sleep appeared first on Cybersecurity Insiders.

April 22, 2020 at 09:08PM

Read More