Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year

2017/11/22 by admin

Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning.

Bloomberg was first to report that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Finally, this week, they fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers to “delete the data”. Yeah, sure!

Victim Of A Simple Credentials Phishing Attack?

Here’s how the press describes the hack: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.

From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. If you read between the lines, that could very well be a simple credentials spear phishing scheme, done with some crafty social engineering, or perhaps careless developers leaving internal login passwords lying around online:

Read the full article ->

KnowBe4 Releases Email Exposure Check Pro

2017/09/07 by admin

KnowBe4 Releases Email Exposure Check Pro to Help Organizations Identify At-Risk Users

September 6, 2017 - PRWeb -

KnowBe4, provider of the most popular security awareness training and simulated-phishing platform, today announced the release of the new version of its Email Exposure Check (EEC). The new version is called the EEC Pro, has powerful additional features and is still provided at no cost.

While employees give out their corporate email for various reasons, IT is hard-pressed to keep track and

manage the risk. EEC Pro helps IT by identifying an organization’s at-risk users by crawling social media information and scouring hundreds of breach databases to identify risk associated with user emails and identities. The more at-risk email addresses a company has, the bigger its attack surface, and the higher its risk. EEC Pro only requires filling out a form, and works in two stages. The first stage performs deep web searches to find publicly available organization data provided on sites such as LinkedIn and Facebook. This allows the EEC Pro to show what organizational structure an attacker would be able to easily pull together and use to craft targeted attacks.

The second stage of EEC Pro utilizes the Have I Been Pwned data breach service to find users that have had their account information released in any of several hundred breaches. These users are particularly at-risk because an attacker knows more about them, potentially including their actual passwords. As the final step, EEC Pro provides a detailed summary report to the IT team, including an overview of the data found, a summary of organizational risk levels, and a link to a web report that contains a full list of all users found, the breaches the users were found in, and an overview of the data included in the breach. This allows IT managers to ensure exposed emails or exposed passwords are modified.

“Since 91% of data breaches start with a successful phishing attack, an organization must act reasonably or do what is necessary or appropriate to protect its data and take steps to identify weaknesses that expose their employees,” said Stu Sjouwerman, Founder and CEO of KnowBe4. “Employees are the last line of defense within an organization. We want to make it as easy as possible for IT professionals to reduce their attack surface and strengthen their weakest links. You need to create a ‘Human Firewall.’”

Exposed emails and passwords can lead to recent data breaches such as those experienced by security companies Mandiant and Enigma where compromised passwords were not changed.

For more information on KnowBe4 or the Email Exposure Check Pro, contact us via email or give us a call.

Two Dangerous Ransomware Are Back – Protect Your Computers

2017/08/15 by admin

From the Hacker News - Swati Khandelwal

Ransomware has been around for a few years but has become an albatross around everyone’s neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars.

In just past few months, we saw a scary strain of ransomware attacks including WannaCry, Petya and LeakerLocker, which made chaos worldwide by shutting down hospitals, vehicle manufacturing, telecommunications, banks and many businesses.

Before WannaCry and Petya, the infamous Mamba full-disk-encrypting ransomware and the Locky ransomware had made chaos across the world last year, and the bad news is—they are back with their new and more damaging variants than ever before.

Diablo6: New Variant of Locky Ransomware

First surfaced in early 2016, Locky has been one of the largest distributed ransomware infections, infecting organisations across the globe.

By tricking victims into clicking on a malicious attachment, Locky ransomware encrypts nearly all file formats on a victim’s computer and network and unlocks them until the ransom in Bitcoins is paid to attackers.

The ransomware has made many comebacks with its variants being distributed through Necurs botnet and Dridex botnet.

Read the full story ->

Don’t be Held Hostage by Ransomware - CFO Magazine

2017/06/07 by admin

In this article from CFO Magazine, it is unfortunate that an attack such as the WannaCry/WanaCrypt0r has to occur to be the impetus of organizations and endusers alike to take security to the next level, but the five steps are crucial. You may not be immune, but you can reduce the chances of becoming a victim.

Kelly Bissell - June 6th, 2017

Five fundamental steps your company can follow to curb its chances of falling victim to a ransomware attack

If there’s a positive spin that can be placed on last month’s ransomware attacks, it’s that the topic of cybersecurity has finally emerged from the shadows and into the public eye. When 200,000 systems began to be infected across more than 150 countries on May 12, security became not just a matter for a few black-hat specialists and a wave of creative naming — from WannaCry to WanaCrypt0r and everything in between — it was suddenly everybody’s business.

Of course, businesses recognize they’re not immune from cyberattacks, and threat intelligence and law enforcement agencies have warned that such attacks can be expected to accelerate in frequency. In short, ransomware is rampant. Often delivered via e-mail, ransomware, also known as cryptoware, it’s used to attack a company’s data by encrypting it until a ransom is paid to an unknown source — in some respects, the criminals who use it are the “stand and deliver” highwaymen of the modern age.

Any approach to handling ransomware must take into account that it triggers fast-moving situations and that there’s no guarantee that an approach that works for one organization will also work for another. But here are five fundamental steps your company can take to curb its chances of its falling victim to a ransomware attack:

1.Adopt prevention programs. Most ransomware attacks start as a phishing attack. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. Guide your employees on how to recognize and avoid fraudulent e-mails or what to do in the event of a social engineering attack. Keep testing internally to prove the training is working.

2.Strengthen e-mail controls. Ransomware attacks are frequently delivered via e-mail. Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Make sure you have strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and how e-mail is configured and file extensions are displayed.

3.Improve CMDB. Companies need to be very diligent about building a complete configuration management data base (CMDB). It may be surprising, but most companies do not know all the IT systems in their environment across all subsidiaries and business lines. If you don’t know what you have, how can you protect it?

4.Insulate your infrastructure: Attackers are getting smarter, and it’s easier for unsuspecting employees to make mistakes by failing to recognize malicious e-mails. There’s a host of solutions here, from removing or limiting local workstation administration rights to seeking out the right configuration combinations (including virus scanners, firewalls, and so on). Regular patches of operating systems and applications can foil known vulnerabilities: Microsoft patches related to this particular threat was one kind of measure that Accenture used back in March 2017 as part of our normal patching cycle.

5.Plan for continuity. Ransomware attacks are far from random — they are highly targeted and intentional, meaning that many can be averted via meticulous prevention. But even with the best defenses in place, successful attacks can occur. Having a strong business continuity plan for recovery — one that’s regularly reviewed, updated, and tested— makes it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers shouldn’t be constantly connected to backup devices. Further, the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.

Today’s Phishing Attacks

2017/04/10 by admin

From CIO Insight

The phishing landscape has undergone a major shift that’s affecting what is being attacked, targeting email addresses rather than user names, according to a new report. This news was reported in the “2017 Phishing Trends and Intelligence Report” by Joseph Opacki and Crane Hassold, both formerly with the FBI and now with PhishLabs. Exploiting human vulnerabilities continues to be the most attractive and successful path for targeting organizations’ and individuals’ assets, the report said. “Phishing was and continues to be, by a wide margin, the most prolific method used to distribute ransomware. Fighting back against ransomware requires fighting back against phishing,” the authors said. Last year, they analyzed 1 million confirmed malicious phishing sites that resided in 170,000 unique domains. They also investigated and mitigated 7,800 phishing attacks every month by identifying the underlying infrastructure used and then shutting them down. They also analyzed thousands of unique malware samples from 100 ransomware variants in 20 banking Trojan families. Key findings of the report follow.

Phishing attacks are growing in the US, but the statistic that was surprising to us, is that Canada was one of the hardest hit with a 237% increase in 2016.