computer crime

Cybercrime wake-up call

by

. ALBUQUERQUE, N.M. — Cybersecurity experts say the massive breach of credit-reporting company Equifax Inc.’s data systems may be a needed wake-up call to galvanize business and government into much more aggressive action to protect online data in today’s hyperconnected cyber world.
Equifax faces congressional investigations, class-action lawsuits, inquiries by the Federal Trade Commission and the Consumer Financial Protection Bureau, and action by attorneys general from around the country.
Details are still scarce, but apparently hackers broke into Equifax through a flaw in the Apache Struts software package that runs one of its online web portals.
That apparently lax security, plus the immense damage cybercriminals could now inflict on consumers and businesses, may convert Equifax into a watershed event that pushes government and industry into much more aggressive efforts to fight cybercrime, according to industry experts.
Nearly 1.1 billion identities were stolen worldwide through data breaches last year, almost double the 2015 tally, according to the latest annual Internet Security Threat Report released last spring by global cybersecurity firm Symantec Corp.
“Growing hacker sophistication is a factor, but it’s the evolution in online data sharing that’s creating havoc,” said Srinivas Mukkamala, co-founder and CEO of Albuquerque-based cybersecurity firm RiskSense.
As a result, cybersecurity’s traditional focus on teaching employees what to do and not to do to protect systems is inadequate, said Jack Miller, chief information security officer for cybersecurity firm SlashNext, which created hardware to monitor all traffic on a company’s network.
It’s the interface between artificial intelligence and humans, plus the sharing of lessons learned among everybody, that will allow industry and government to get ahead of cybercrime, Mukkamala said.

Identifying ‘key indicators of compromise’ crucial to data breach detection

by

Which is why organisations should do more to look out for “key indicators of compromise”.
Odd endpoint activity The first thing includes strange activity on employee endpoints, like smartphones, tablets and laptops.
Logons often are the first step to gaining access to an endpoint with valuable data on it.
Anything more than two logins from that kind of person should be enough to alert you to a breach.
Lateral movement Lateral movement is the process of jumping machines in an attempt to locate and access a system with valuable data — something that’s necessary for most attacks because a hacker’s initial foothold is often a low-level workstation with no access rights to anything of significant value.
and authentication (read: logons) can point to indicators of a breach.
Location is also an important factor — valuable data normally accessed by endpoints within the network should be monitored for access by endpoints that are either external to the network or on the perimeter.
The last indicator of compromise is access to an abnormal amount of data.
It’s difficult for an attacker to cause damage to your organisation unless they are able to compromise a set of employee credentials.
By monitoring logon activity more closely, you can identify compromises before key actions, such as lateral movement and data access, take place.

WannaCry Helps Push Cyber-Crime Attacks to New Heights in 2Q17

by

WannaCry Helps Push Cyber-Crime Attacks to New Heights in 2Q17.
The Q2 2017 ThreatMetrix Cybercrime Report was compiled using data on actual attacks that occurred from April to June 2017, as detected by the ThreatMetrix Digital Identity Network, which analyzes approximately 2 billion transactions per month.
In the second quarter of 2017, ThreatMetrix detected 144 million attacks, nearly doubling the attack volume detected in the second quarter of 2016.
Of note, ThreatMetrix saw a large spike in attack volume following the WannaCry ransomware attack in mid-May as attackers aimed to take advantage of consumers.
In this slide show, eWEEK takes a look at some of the highlights of the latest ThreatMetrix Cybercrime Report.
Attackers are increasingly using stolen identities to create new accounts that are then used for fraudulent transactions.
Device spoofing was the top attack vector in the second quarter, according to ThreatMetrix.
With a device spoofing attack, a hacker changes browser and other device settings to change a device’s identity.
On the dark web, cyber-criminals can buy and sell just about type of personal information.
eWEEK looks at how hackers make their money and how much stolen data is worth.

How likely are you to become a victim of a data breach?

by

How likely are you to become a victim of a data breach?.
More than six billion records have been stolen in 2017, surpassing the total number of records infiltrated during 2016.
The news came just months after the tech company confirmed more than one billion accounts had been leaked in 2013.
Arby’s also fell victim to a breach between October 2016 and January 2017, when more than 335,000 customers had their payment card information stolen. “We’re building this connected world, but we don’t have the workforce to protect it,” Michael Kaiser, executive director of National Cyber Security Alliance, tells us Wednesday.
Criminal data breaches are becoming more prevalent – it’s estimated they’ll cost businesses a total of $8 trillion over the next five years. “You can’t worry about getting into an accident every time you drive.
But you can take precautions to keep yourself safe,” Kaiser says.
He recommends using one credit card to make online purchases, since many providers have zero-liability policies to protect consumers from fraudulent charges.
Kaiser also suggests monitoring bank accounts on a regular basis.

Hackers take control of US voting machines in less than 90 minutes

by

Security experts cracked the security of digital ballot boxes used in US elections within 90 minutes at the Def Con hacking summit in Las Vegas.
They also found hardware weaknesses that could have let cyber criminals tamper with the machines.
One of the worst devices was the WinVote machine, used in some county elections, in which the hackers found a problem with the Wi-Fi connection that let them break in.
The Department of Homeland Security said Russian hackers targeted 21 US states’ election systems in 2016, as well as conducting email hacking and an online propaganda campaign.
Alleged Russian hacking cases | Timeline of suspected Russian cyber intrusions February 2015 Director of National Intelligence warns of Russian cyber threat James Clapper, Director of National Intelligence tells a US Senate Committee that he fears “the Russian cyber threat is more severe than we have previously assessed”.
22 July 2016 DNC email leak Wikileaks discloses almost 20,000 emails from the Democratic National Committee.
26 July 2016 Russian hackers behind DNC leak NBC reports that three cybersecurity experts told them that Russian hacking groups “Cosy Bear” and “Fancy Bear” were responsible for the DNC email leak.
30 July 2016 Clinton campaign hacked It emerges that a data program used by the Democratic presidential nominee Hillary Clinton’s campaign was also attacked by suspected Russian hackers.
The organisation believes Russian hackers to be behind the attacks.
9 December 2016 Russians “wanted Trump to win” The CIA reports to US lawmakers that it has evidence that the Russian hacking operation had the specific aim of helping Donald Trump to win the presidency.

Man Believed to Be Notorious Russian Hacker Awaiting Extradition to U.S.

by

Man Believed to Be Notorious Russian Hacker Awaiting Extradition to U.S.. (MOSCOW) — From the early days of online stock scams to the increasingly sophisticated world of botnets, pseudonymous hacker Peter Severa spent nearly two decades at the forefront of Russian cybercrime.
Now that a man alleged to be the pioneering spam lord, Pytor Levashov, is in Spanish custody awaiting extradition to the U.S., friends and foes alike are describing the 36-year-old as an ambitious operator who helped make the internet underground what it is today. “He has significantly contributed to the professionalization of cybercrime,” said Werner, who has tracked the alleged hacker for years.
30 , one of the first schools in the Soviet Union to specialize in computer programming.
Internet registry records preserved by DomainTools suggest Levashov launched a bulk mailing website called e-mailpromo.com in August 2002 under his real name.
Court documents suggest that Levashov teamed up in 2005 with Alan Ralsky, a legendary bulk email baron once dubbed the “King of Spam.”
Ralsky, Levashov and several associates were indicted for fraud in 2007; Ralsky went to prison while Levashov — safe in Russia — avoided arrest. “There were spam botnets, certainly, before Storm, but it took things to a next level,” Joe Stewart, a security researcher with cyberdefense startup Cymmetria who grappled with Storm at its height, said.
Indictments unsealed this year accuse the Russian of renting out Kelihos at $500 per million emails to send spam or to seed computers with ransom software or money-draining banking programs. “I have been serving you since the distant year 1999,” the ad said.

Ransomware ‘Here To Stay’, Warns Google Study

by

Ransomware ‘Here To Stay’, Warns Google Study.
News broke today of a Google study that indicated ransomware attacks have increased, and are likely to continue to do so, with cybercriminals realising how lucrative the business is.
The research also found out that cyber-thieves have made at least $25m (£19m) from ransomware in the last two years.
IT security experts commented below.
Andrew Clarke, EMEA Director at One Identity: “It is no surprise to read that the Google and New York University research, which effectively created a honey-pot to measure real-world activity associated with ransomware, revealed a sophisticated set of payment techniques.
Criminals that appear to have switched their focus to this method of extortion have access to easy-to-use tools through “ransomware-as-a-service” offerings – which means that they can mass target communities very quickly.
“Although the recent wave we read about, Wannacry and NotPetya did not generate much income – there are so many other variants emerging that it is still a worthwhile business for them to persue with an overall multi-million payout.
Companies can mitigate the risk involved by ensuring that their systems are fully patched, regularly backed up and protected by network firewalls blocking malicious communication ports.
They can ensure that their users receive regular updates to prepare them for the various techniques employed by cyber criminals.
And they can manage their user population by having a solid provisioning/de-provisioning tool to ensure that only the right people have access to the right systems at the right time.” Jim Walter, Senior Research Scientist at Cylance: “This is not a ‘new’ revelation, but I think they do a really good job of evidence collection and analysis to support the findings.

Public bodies are vulnerable to hacking – government needs to step up to protect them

by

Public bodies are vulnerable to hacking – government needs to step up to protect them.
The threat of cyber crime is only going to increase as hackers develop more sophisticated methods.
Barely a month passes in 2017 without some kind of IT failure hitting the headlines, but the hacks, leaks and breaches that make the news may represent just the tip of the iceberg.
More than half of NHS trusts and one in ten councils refused to answer questions put to them by the i’s team of reporters.
To casual observers, the threat may seem abstract – but cyber crime has a real world impact, a truth thrown into stark relief in May when the NHS faced its biggest hack yet.
Public bodies such as the NHS are far from alone in being targeted by hackers.
It’s a sentiment echoed by the Charted Institute for IT, which concluded in a report last month that the WannaCry strike could have been averted if hospitals had spent more time skilling up staff.
Even with the best will in the world, executives in the public sector are powerless to protect their organisations unless they have the money to do so.
Government needs to ensure NHS trusts and other bodies have the funds to adequately secure their systems.
If custom-made ransomware takes off, WannaCry 2.0 could be far more destructive – and it may not have a killswitch.

Cyber-crime prosecutions fall as experts warn police are being overwhelmed

by

Cyber-crime prosecutions fall as experts warn police are being overwhelmed.
There were 57 prosecutions under the Computer Misuse Act in 2016, falling from 61 in 2015.
There has been a general rise in prosecutions over recent years; growing from 10 cases in 2010.
The figures were obtained by City law firm RPC under a Freedom of Information Act request to the Ministry of Justice.
The government’s Cyber Security Breaches Survey 2017 found almost half of all UK businesses suffered a cyber breach or attack in 2016.
But police are often hamstrung in their investigations with cyber-criminals being based abroad.
“Given the resources they have to work with, it’s unreasonable to expect the police in the UK to be able to track down cyber-criminals for whom covering their tracks electronically is often trivially easy,” said RPC partner Richard Breavington.
“International law enforcement needs significantly greater capability and until then every business needs to be on top of its cyber risks, and be insured should the worst happen.” The UK has around 250 specialist cyber-crime police officers, according to RPC.
Last month the head of Lloyd’s of London warned the financial and reputational fallout from cyber attacks could be terminal.
Inga Beale said: “In a world where the threat from cyber-crime is when, not if, the idea of simply hoping it won’t happen to you, isn’t tenable.”

Cyber crime: Britain’s public bodies hacked more than 400 times in the last three years

by

Cyber crime: Britain’s public bodies hacked more than 400 times in the last three years.
These are not lovable rogues – they want money.” Dr Tim Owen, director of the University of Central Lancashire’s Cyber Crime Research Unit Attacks But data obtained under Freedom of Information rules by the i and Johnston Press Investigations can reveal for the first time the full extent to which the cyber defences of Britain’s public bodies are being penetrated on a regular basis.
Between March 2014 and April this year there were 424 successful attacks, mostly using ransomware, on the computer systems of 182 NHS bodies, local authorities and other public bodies.
A total of 111 UK councils reported 256 ransomware incidents.
These incidents, the vast majority of which have not been previously made public, range from the blocking hospital websites for months at a time to the encryption of 20,000 adult social care records at an English local authority.
Nine health service trusts and several councils confirmed that they had not reported successful breaches of their security systems to law enforcement while one NHS trust said it had been told by police that an attacker had been found to be outside the European Union and therefore no further action was taken.
One leading expert told i that hackers were targeting with the NHS with “murderous intent” in the full knowledge that attacking the computer systems of hospitals put lives at risk.
The investigation revealed one incident in which a ransom had been paid.
Dr Tim Owen, director of the University of Central Lancashire’s Cyber Crime Research Unit, said: “These people targeted the NHS because they wanted to cause maximum danger and disruption to people’s lives.
Several prominent organisations, including the Human Tissue Authority (HTA), the National Gallery in London and UK Sport, said they had been the victim of attacks.