hacking Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

hacking

WEBINAR REWIND: Solorigate/SUNBURST – Chronology of a supply chain nightmare

 960 640 Stuart O'Brien
By:
0
2

Don’t worry if you missed last week’s essential webinar from SentinelOne and ReliaQuest about the SUNBURST incident – you can now rewatch the entire session online!

SUNBURST was one of the most devastating cyberattacks in recent years and has sent shockwaves like no other attack before. Solorigate/SUNBURST impacted more than 420 of the Fortune 500 companies and thousands of government and commercial organizations. The attack on the ‘digital supply chain’ was uncovered in December 2020, although the foundation was made at the end of 2019 with the first organizations being infected in the second quarter of 2020.

Despite the widespread use of threat intelligence and EPP / EDR solutions, how did this happen? Why did the attack go undetected for so long? 

During this webcast, the course of the attack campaign will be traced and discussed by Elliotte Weng of SentinelOne and Martin Cook of ReliaQuest.

It will also explain how SentinelOne protected their customers from SUNBURST and how ReliaQuest responded immediately to protect their customer base with targeted threat intelligence, detection logic and automated enterprise wide retroactive threat hunting to surface and respond to any evidence of attack.

Click here to watch the webinar again in full

Average cost of data breach in healthcare industry hits $7.13 million

 960 640 Stuart O'Brien
By:
0
0

The healthcare industry tops the list of the most expensive data breaches, with a $7.13 million average data breach cost, 84% more than the global average. 

That’s according to data presented by AksjeBloggen.com, which says that with millions of people working from home and using videoconferencing and cloud applications, the COVID-19 pandemic has only increased the number of malicious attacks.

The data says the global average cost of a data breach has fluctuated between $3.5 million and $4 million in recent years. In 2020, it hit $3.86 million, a 1.5% drop year-on-year, revealed the Ponemon Institute’s Cost of a Data Breach Report 2020 commissioned by IBM. The report also showed it usually took 280 days for an organization to spot and contain a breach, a day more than a year ago. However, statistics indicate these figures vary significantly based on industry.

Besides leading in the average cost of a data breach, the healthcare industry also had the highest average time to identify a violation of 329 days. The energy industry ranked second of the 17 sectors surveyed, with $6.39 million in average cost and 254 days to spot a breach. 

Financial services, pharma industry, and technology sector follow, with $5.85 million, $5.06 million, and $5.04 million in average data breach cost, respectively. 

Analyzed by geography, the United States convincingly leads among all surveyed countries with an average data breach cost of $8.64 million, a 5.5% increase in a year. Statistics also show this figure surged by 60% in the last seven years, growing from $5.4 million in 2013. Financial services represent the costliest industry in the United States in 2020, while companies and organizations need 237 days to identify a breach, compared to 245 days in 2019.

Germany leads among European countries with an average data breach cost of $4.45 million in 2020, a 7% drop year-on-year, while companies usually need 160 days to identify a data breach. 

Malicious attacks caused 52% of all breaches. Human error and system glitches follow with 23% and 25% share, respectively. Statistics also show that around 20% of companies that had been victims of a malicious breach were hacked by using stolen or compromised credentials.

The survey also revealed the number of exposed data significantly raised the total cost of a data breach. Breaches of 1 million to 10 million records cost an average of $50 million, or 25 times the average cost of a data breach in 2020. In breaches that exposed more than 50 million records, the average cost grew to a staggering $392 million. 

The five largest data breaches in 2020 exposed a total of 406.6 million records, according to DataBreaches.net statistics. In January, 250 million Microsoft customer records have been exposed online without password protection, the biggest data breach since the beginning of the year. The exposed data included customer service and support logs detailing conversations between Microsoft agents and customers from 2005 to December 2019. 

In May, 115 million Pakistani mobile user records have leaked online, the second-largest data breach this year. The same month, a massive data breach of the unknown source has exposed the records of 22 million people, including their phone numbers, addresses, and social media links.

The fourth-biggest data breach in 2020 exposed the personal data of more than 10.5 million users who stayed at MGM Resorts. Leaked files included contact details of CEOs and employees at some of the world’s largest tech companies. 

In May, British low-cost airline group EasyJet admitted it had been a target of a highly sophisticated cyber-attack, which has exposed the personal data, including credit and debit card details, of more than nine million their customers.             

McAfee flags autonomous vehicle hacking risks

 960 640 Stuart O'Brien
By:
0
0

IT security giant McAfee’s has successfully tricked an autonomous vehicle to accelerate up to 85 MPH in a 35 MPH zone using just two inches of electrical tape.

The McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, ‘model hacking‘.

McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.

McAfee says the implications of this research are significant, because:

  • By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner
  • However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
  • Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.

Mo Cashman, Principle Engineer at McAfee, said: “The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.

“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.

“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”

McAfee’s Top Tips for manufacturers:

  • Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.
  • Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.
  • Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change. 
  • Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.
  • Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.

£36m public funding for hack-resistant chips

 960 640 Stuart O'Brien
By:
0
0

The UK government has partnered with Arm to develop chip technologies that are more resistant to cyber threats, backed by £36 million in funding.

The move kicks off the the next phase of the government’s Digital Security by Design initiative, which is also backed by Google and Microsoft.

Official figures say the average cost of a cyber-attack on a business – where a breach has resulted in loss of data or assets – has increased by more than £1,000 since 2018 to £4,180.

In addition to robust software, the government says innovative hardware and systems solutions are critical to defend advanced technology and our defence systems.

This project is aiming to prevent hackers from remotely taking control of computer systems as well as targeting cyber-attacks and breaches, meaning more businesses providing online services are better protected. It will also create new business opportunities and help boost productivity.

A further project, backed by £18 million government investment through the Strategic Priorities Fund (SPF), will tackle some of the dangers of the online world from privacy abuses and wrongful use of data like disinformation and online fraud.

The initiative will help provide solutions to some of the issues identified in the government’s Online Harms white paper, which sets out plans for world-leading legislation to make the UK the safest place in the world to be online. The project will help understand what businesses and individuals need to reduce the harm they are exposed to by using online platforms and will aim to develop more trustworthy technology.

This, the government says, will help to prevent incidents of online fraud, phishing emails, impersonating organisations online and viruses or other malware like ransomware, which cost the UK economy millions of pounds in lost productivity.

Business Secretary Andrea Leadsom said: “Cyber-attacks can have a particularly nasty impact on businesses, from costing them thousands of pounds in essential revenue to reputational harm.Cyber-criminals operate in the shadows, with the severity, scale and complexity of breaches constantly evolving. It’s critical that we are ahead of the game and developing new technologies and methods to confront future threats, supporting our businesses and giving them peace of mind to deliver their products and services safely. Investing in our world-leading researchers and businesses to develop better defence systems makes good business and security sense.”

Minister for Digital and Broadband Matt Warman added: “The government wants the UK to be the safest place to be online and the best place to start and grow a digital business. As these investments show, we are determined to create the right environment to foster our thriving digital economy while giving people renewed confidence and trust in online services.We will always be firm in our support for the UK’s tech sector. Thanks to our work with the UK’s world-leading academic institutions and our business-friendly environment, we are helping entrepreneurs use technology to improve people’s lives and find solutions to future challenges.”

Hiscox reveals results of staged ‘real world’ Brompton cyber attack

 960 640 Stuart O'Brien
By:
0
0

Hiscox recently collaborated with iconic bike manufacturer Brompton to stage a ‘real world’ cyber attack, simulating the effects by constructing a complete clone of Brompton Bicycle’s east-London store overnight, hiring ‘staff’ and stocking shelves with counterfeit merchandise.

The fake store, called ‘3rompton,’ opened its doors to the public on the opposite side of the road and subsequently launched a series of cyber attack simulations on the genuine Brompton store in Shoreditch, with reactions of staff and passers by captured on video (https://www.youtube.com/watch?v=Y1b8865GOHU&feature=youtu.be).

Common hacking techniques such as ransomware and phishing were brought to life through a series of simulated offline attacks; the real store was boarded up, displaying a ransom note demanding Bitcoin in exchange for re-entry; genuine stock deliveries were diverted to the fake ‘3rompton’ store, highlighting the potential effects of a phishing scam; finally the real Brompton store was flooded with imitation customers overwhelming staff, simulating a denial-of-service (DDoS) attack.

According to the insurer, one in three (33%) UK small businesses have suffered a cyber breach and this simulation is the latest initiative in its cyber awareness campaign, set-up to highlight this risk. 

The firm says cyber security incidents cost the average small business £25,7003 a year in direct costs (e.g. the costs of IT experts in response to the incident, lost revenue and replacement systems), but this is just the beginning. Indirect costs such as damage to reputation, the impact of losing customers and difficulty attracting future customers, means the true figure can be significantly higher.

Robert Hannigan, former Director of GCHQ and Special Advisor to Hiscox, said: “Cyber crime is one of the biggest security risks facing businesses today but many aren’t taking it seriously and many more are underprepared. It’s a less tangible risk than burglary or a fire which can make it hard for businesses to grasp, so bringing cyber crime to life with an exercise like this is a useful way of conveying an important message. 

“The hacking techniques being simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”

Will Butler-Adams, CEO Brompton Bicycle, added: “Our business is about our bike; the design, function and support we give to our customers over the life of the product. We have spent forty years developing the Brompton brand and continue to take risks to innovate and improve the design. When people copy us, with little understanding of the engineering and care behind the design, they are trying to fool our customers who may go on to buy a potentially dangerous product. We wanted to work with Hiscox to highlight these risks, as it is a serious issue and is not limited to the product but also to online cyber fraud, spam emails and viruses, that hurt businesses and their customers alike.”

NCSC outlines case against Russian military hackers

 960 640 Stuart O'Brien
By:
0
0
The National Cyber Security Centre (NCSC) says it has identified that ‘a number of cyber actors’ widely known to have been conducting cyber attacks around the world are, in fact, the GRU – the Russian military intelligence service.

It says the attacks have been conducted ‘in flagrant violation of international law’, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.

The statement came as part of a joint message coordinated with the likes of the US and France.

Specifically, the NCSC says cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.

It says the campaign by the GRU shows that it is working in secret to undermine international law and international institutions.

The Foreign Secretary, Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The statement from the NCSC used the strongest language possible, saying: “Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.”

The body says the GRU are associated with the following names:

  • T 28
  • Fancy Bear
  • Sofacy
  • Pawnstorm
  • Sednit
  • CyberCaliphate
  • Cyber Berkut
  • Voodoo Bear
  • BlackEnergy Actors
  • STRONTIUM
  • Tsar Team
  • Sandworm

Don’t click if you receive any of these emails…

 960 640 Stuart O'Brien
By:
0
0

Hackers are getting smarter and now know how to leverage psychological triggers to get the attention of victims, according to a new report.

KnowBe4, a provider of security awareness training an simulated phishing platform has published its Top 10 Global Phishing Email Subject Lines for Q2 2018. The messages in the report, which were compiled from analysing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.

Ironically, the top three messages for Q2 2018 show that hackers are playing into users’ commitment to security, all tricking users with clever subject lines that deal with passwords or security alerts.

Hackers continue to take advantage of the human psyche. A recent report from Webroot validates this notion with IT decision makers believing their organisations are most vulnerable to phishing attacks – more so than new forms of malware. Some 56 per cent of IT decision makers in the US believe their businesses will be most susceptible to phishing attacks, while 44 per cent of IT decision makers in the UK are most concerned with ransomware attacks. By playing into a person’s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack.

“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilisation of social engineering in order to get what they want.”

The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:

  1. Password Check Required Immediately
  2. Security Alert
  3. Change of Password Required Immediately
  4. A Delivery Attempt was made
  5. Urgent press release to all employees
  6. De-activation of [[email]] in Process
  7. Revised Vacation & Sick Time Policy
  8. UPS Label Delivery, 1ZBE312TNY00015011
  9. Staff Review 2017
  10. Company Policies-Updates to our Fraternisation Policy

NCSC warns of growing cyber security threat to UK business

 960 640 Stuart O'Brien
By:
0
0

Criminals are launching more online attacks on UK businesses than ever before, according to a new report published by the the National Cyber Security Centre (NCSC).

The NCSC, which is part of GCHQ, released the report to coincide with its flagship CYBERUK 2018 summit, which is taking place this week in Manchester.

The Cyber Threat to UK Business‘ was jointly authored by the NCSC and the National Crime Agency (NCA) in collaboration with industry partners, and details some of the biggest cyber attacks from the last year and notes that risks to UK businesses continue to grow.

Emerging threats are also highlighted, such as theft from cloud storage and cryptojacking, in which computers are hijacked to create crypto currencies such as bitcoin.

The report acknowledges that a basic cyber security posture is no longer enough and most attacks will be defeated by organisations which prioritise cyber security and work closely with government and law enforcement.

Ciaran Martin, Chief Executive of the NCSC, said: “We are fortunate to be able to draw on the cyber crime fighting expertise of our law enforcement colleagues in the National Crime Agency.

“This joint report brings together the combined expertise of the NCA and the NCSC. The key to better cyber security is understanding the problem and taking practical steps to reduce risk.

“This report sets out to explain what terms like cryptojacking and ransomware really mean for businesses and citizens, and using case studies, shows what can happen when the right protections aren’t in place.”

The report also notes that firms are under increasing threat from ransomware, data breaches and supply chain weaknesses which it says can mean serious financial and reputational damage.

It sites real-life case studies from businesses damaged by cyber crime, including ransomware attacks that have affected companies ranging from multi-national firms to independent restaurants.

Furthermore, the report states that while law enforcement and government have successfully battled many cyber threats this year, under-reporting of cyber crime by businesses means crucial evidence and intelligence about cyber threats and offenders is being lost.

Donald Toon, director of the NCA’s Prosperity Command, said: “UK business faces a cyber threat which is growing in scale and complexity. Organisations which don’t take cyber security extremely seriously in the next year are risking serious financial and reputational consequences.

“By increasing collaboration between law enforcement, government and industry we will make sure the UK is a safe place to do business and hostile zone for cyber criminals.

“Full and early reporting of cyber crime to Action Fraud will be essential to our efforts.”

 

UK Hacking Fines

UK firms to face fines of up to £17m if they fail to protect against hackers

 960 640 Stuart O'Brien
By:
0
0

The UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill.

The aim is to give consumers the confidence that their data will be managed securely and safely. Research shows that more than 80 per cent of people feel that they do not have complete control over their data online.

Under the plans individuals will have more control over their data by having the right to be forgotten and ask for their personal data to be erased. This will also mean that people can ask social media channels to delete information they posted in their childhood. The reliance on default opt-out or pre-selected ‘tick boxes’, which are largely ignored, to give consent for organisations to collect personal data will also become a thing of the past.

Businesses will be supported to ensure they are able to manage and secure data properly. The data protection regulator, the Information Commissioner’s Office (ICO), will also be given more power to defend consumer interests and issue higher fines, of up to £17 million or four per cent of global turnover, in cases of the most serious data breaches.

Matt Hancock, Minister of State for Digital said: “Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

The Data Protection Bill will:

  • Make it simpler to withdraw consent for the use of personal data
  • Allow people to ask for their personal data held by companies to be erased
  • Enable parents and guardians to give consent for their child’s data to be used
  • Require ‘explicit’ consent to be necessary for processing sensitive personal data
  • Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA
  • Update and strengthen data protection law to reflect the changing nature and scope of the digital economy
  • Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them
  • Make it easier for customers to move data between service providers

New criminal offences will be created to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.

Elizabeth Denham, Information Commissioner, said: “We are pleased the Government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Data protection rules will also be made clearer for those who handle data but they will be made more accountable for the data they process with the priority on personal privacy rights. Those organisations carrying out high-risk data processing will be obliged to carry out impact assessments to understand the risks involved.

The Bill will bring the European Union’s General Data Protection Regulation (GDPR) into UK law, helping Britain prepare for a successful Brexit.

Julian David, CEO of techUK, offered: “The UK has always been a world leader in data protection and data-driven innovation. Key to realising the full opportunities of data is building a culture of trust and confidence.

“This statement of intent is an important and welcome first step in that process. techUK supports the aim of a Data Protection Bill that implements GDPR in full, puts the UK in a strong position to secure unhindered data flows once it has left the EU, and gives businesses the clarity they need about their new obligations.”