Ransomware increasingly dangerous cyber security threat

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.

Ransomware attacks now account for around a quarter of cyber security threats targeting internet users in the UK- according to Eset.Eset’s LiveGrid telemetry shows an increase in detections of the JS/Danger.ScriptAttachment malicious code, which tries to download and install various malware variants to the intended victims’ machines.

The majority of the code consists of crypto-ransomware, including some well known groupings, such as Teslacrypt.

The most recent wave of attacks has been focused on victims in the UK, where it accounted for roughly every fourth threat in the third week of April 2016, said the security firm.

“To reach as many potential victims as possible, attackers are spamming inboxes in various parts of the world,” said Ondrej Kubovič, security specialist at Eset. “Therefore, users should be very cautious about which messages they open.”

Meanwhile, the latest Verizon Data Breach Investigations Report (DBIR) also warns that ransomware attacks are steadily increasing.

Laurance Dine, managing principal of investigative response at Verizon Enterprise Solutions, said: “Ransomware is going crazy. It is everywhere. As an incident response team we are dealing with ransomware attacks all the time.”

Eset’s Kubovič recommends that companies should train their employees to report incidents to their internal security departments.

“Users should keep their operating systems and software up to date, as well as install a reliable security suite offering multiple layers of protection and regular updates,” he added.

“Last but not least, users need to back up all their important and valuable data, allowing for its recovery in case of ransomware infection,” he said.

While ransomware is becoming an increasing problem for businesses, a recent spate of attacks on hospitals in the past few months – mainly in the US, but also in Canada, Germany and New Zealand – has underlined the potentially life-threatening impact of ransomware, which works by encrypting data and demanding a ransom to be paid for its release.

The dangers of the IoT

A report by Institute for Critical Infrastructure Technology (ICIT) has also highlighted the fact that internet of things (IoT) devices offer a potential growth opportunity to any ransomware operation, given the devices are interconnected by design and many lack any form of security.

According to the report, while a lot of traditional malware will be too large to ever run on many IoT devices, ransomware (predominantly consisting of a few commands and an encryption algorithm) is much lighter.

Many medical devices, such as insulin pumps and other medication dispersion systems, are internet- or Bluetooth-enabled, the report pointed out, and warned that ransomware could used to open connections to infect the IoT device.

Part of the problem with the security of IoT communications is that the designers are more concerned by the ease of connectivity than the safety of their users.

New ransomware threat- with your address

A new email ransomware that quotes people’s postal addresses is a costly new cyber security threat.

A new email ransomware that quotes people's postal addresses is a costly new cyber security threatAndrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4’s You and Yours that discussed the phishing scam.

Mr Brandt discovered that the emails linked to ransomware called Maktub. The malware encrypts victims’ files and demands a ransom be paid before they can be unlocked.

The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link – but that leads to malware, as Mr Brandt explained.

Maktub doesn’t just demand a ransom, it increases the fee – which is to be paid in bitcoins – as time elapses.

A website associated with the malware explains that during the first three days, the fee stands at 1.4 bitcoins, or approximately £400. This rises to 1.9 bitcoins, or £550, after the third day.

The phishing emails tell recipients that they owe money to British businesses and charities when they do not.

One remarkable feature of the scam emails was the fact that they included not just the victim’s name, but also their postal address.

Many have noted that the addresses are generally highly accurate.

According to Dr Steven Murdoch, a cybersecurity expert at the University of London, it’s still not clear how scammers were able to gather people’s addresses and link them to names and emails.

The data could have come from a number of leaked or stolen databases for example, making it hard to track down the source.

Several people contacted the You and Yours team to say that they were concerned data might have been taken from their eBay accounts, as their postal addresses had been stored there in the same format as they appeared in the phishing emails.

The UK’s national fraud and cybercrime reporting centre has been flooded with queries from people targeted by the scam.

“We have been inundated with this,” said deputy head Steve Proffitt. “At Action Fraud on Monday we received an additional 600 calls and from then onwards we’ve received 500 calls to our contact centre a day,” he added.

Mr Proffitt advised people who had received the phishing emails to under no circumstances click on the link, but instead delete the message from their system and inform Action Fraud.

Referring specifically to Maktub and the approach taken by the phishers, Dr Murdoch said he believed the scam was “significant” in more ways than one.

“It also appears to be quite widespread – I’ve heard about it from multiple sources so it seems like they were fairly successful getting a lot of these sent out,” he told the BBC.

He added that it was hard to know how to advise people who were unfortunate enough to have their files encrypted by ransomware.

For some individuals without backups, paying the ransom might be the only way to retrieve their data.

“However, every person that does that makes the business more valuable for the criminal and the world worse for everyone,” he said.

From:  http://www.bbc.co.uk/news/technology-35996408#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa

Panana Mossack Fonseca may be victim of hacking

Mossack Fonseca, the Panamanian law firm at the centre of a huge leak of confidential financial data claims that it was the victim of a hacking.

Mossack Fonseca, the Panamanian law firm at the centre of a huge leak of confidential financial data claims that it was the victim of a hackRamon Fonseca- a senior partner at the firm said the leak was not an “inside job” – the company had been hacked by servers based abroad. It had filed a complaint with the Panamanian attorney general’s office.

Several countries are investigating possible financial wrongdoing by the rich and powerful after the leak of more than 11 million documents.

Last week the company reportedly sent an email to its clients saying it had suffered “an unauthorised breach of our email server”.

The company has accused media organisations reporting the leak of having “unauthorised access to proprietary documents and information taken from our company” and of presenting this information out of context.

In a letter to the Guardian newspaper on Sunday, the company’s head of public relations threatened possible legal action over the use of “unlawfully obtained” information.

The revelations have already sparked political reaction in several countries where high-profile figures have been implicated.

On Tuesday Iceland’s Prime Minister Sigmundur Gunnlaugsson stepped down after the documents showed he owned an offshore company with his wife but had not declared it when he entered parliament.

He is accused of concealing millions of dollars’ worth of family assets. Mr Gunnlaugsson says he sold his shares to his wife, and denies any wrongdoing.

European football body Uefa confirmed today that Swiss police had searched its offices in relation to the Panama papers.

It said police had a warrant to look for contracts between Uefa and Cross Trading/Teleamazonas.

The Panama papers suggest current Fifa president Gianni Infantino signed off on a contract with two businessmen who have since been accused of bribery.

Mr Infantino signed off the contract in 2006 as a Uefa director. He says he is “dismayed” that his “integrity is being doubted” and denies any wrongdoing.

Also on Wednesday, Ukraine’s President Petro Poroshenko reacted to his name being linked to the papers.

He said he had created an offshore holding company for his confectionery business when he became president in 2014 but not to avoid taxes.

He said: “If we have anything to be investigated, I am happy to do that. This is absolutely transparent from the very beginning. No hidden account, no associated management, no nothing.”

Eleven million documents held by the Panama-based law firm Mossack Fonseca have been passed to German newspaper Sueddeutsche Zeitung, which then shared them with the International Consortium of Investigative Journalists. BBC Panorama and The Guardian are among 107 media organisations in 76 countries which have been analysing the documents.

$100 million cyber theft from Bangladesh Central Bank

The cyber theft of $100 million from the Bangladesh Central Bank – by way of the New York Federal Reserve – is the largest bank theft to date.

The cyber theft of $100 million from the Bangladesh Central Bank - by way of the New York Federal Reserve - is the largest bank theft to date

On February 5, the New York Fed was allegedly “penetrated” when “hackers” (of supposed Chinese origin) stole $100 million from accounts belonging to the Bangladesh central bank.

The money was then channeled to the Philippines where it was sold on the black market and funneled to “local casinos” (to quote AFP). After the casino laundering, it was sent back to the same black market FX broker who promptly moved it to “overseas accounts within days.”

The whole situation was quite embarrassing for the NY Fed, because what happened is that someone in the Philippines requested $100 million through SWIFT from Bangladesh’s FX reserves, and the Fed complied, without any alarm bells going off at the NY Fed’s middle or back office.

“Some 250 central banks, governments, and other institutions have foreign accounts at the New York Fed, which is near the centre of the global financial system,” Reuters notes. “The accounts hold mostly U.S. Treasuries and agency debt, and requests for funds arrive and are authenticated by a so-called SWIFT network that connects banks.”

As it turns out there is much more to the story, and as Bloomberg reports today now that this incredible story is finally making the mainstream, there is everything from casinos, to money laundering and ultimately a scheme to steal $1 billion from the Bangladeshi central bank.

And yes, it does appear that hackers managed to bypass the Fed’s firewall:

“Even as banks continue to harden their defenses against such sabotage, hackers too have upped their game to breach servers by utilizing both technical skills and rogue elements within the financial institutions,” said Sameer Patil, an associate fellow at Gateway House in Mumbai who specializes in terrorism and national security.

A Bangladesh central bank official who is part of a panel investigating the disappearance of the funds said that a separate transfer of $870 million had been blocked by the Fed, something the Fed refused to comment on. It does not, however, explain why $100 million was released.

Essentially the dispute is about whether the Fed went through the right procedure when it received transfer orders.

Naturally, the Fed’s story is that it did nothing wrong. Bloomberg writes that according to a Fed spokeswoman, instructions to make the payments from the central bank’s account followed protocol and were authenticated by the SWIFT codes system. There were no signs the Fed’s systems were hacked, she said.

The problem is that the counterparty on the other side of the SWIFT order was not who the Fed thought, and what should have set off red lights is that the recipients was not the government of the Philippines but three casinos.

Bangladesh is quite understandably – furious: a local official said the Fed should’ve checked the payment orders with the central bank to ensure they were authentic, even if they used the correct SWIFT codes. The official also said there are plans to take legal action against the Fed to retrieve missing funds.

Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organization was held up because the hackers misspelled the name of the NGO, Shalika Foundation.

Hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.

Luckily, the Fed stopped some of the $1 billion in total requested funds. The unusually high number of payment instructions and the transfer requests to private entities – as opposed to other banks – raised suspicions at the Fed, which also alerted the Bangladeshis, the officials said. The details of how the hacking came to light and was stopped before it did more damage have not been previously reported.

The transactions that were stopped totaled $850-$870 million, one of the officials said. At least $80 million made it through without a glitch.

The funds were used to buy casino chips or pay for losses at venues including Bloomberry Resorts Corp.’s Solaire Resort & Casino and Melco Crown Philippines Resort Corp.’s City of Dreams Manila, according to the paper. There was no suggestion in the report the banks or casinos named were complicit with any improper movement of funds.

In other words, the Fed was funding gamblers, only these were located in Philippine casinos, not in the financial district. Ironically, that’s precisely what the Fed does, only it normally operates with gamblers operating out of Manhattan’s financial district.

From: http://www.bloomberg.com/news/articles/2016-03-16/printer-error-set-off-bangladesh-race-to-halt-illicit-transfers

Ransomware targets Apple Mac computers

Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them.

Security researchers have found malware to encrypt Apple Mac computers and demand ransom to unlock them
Mac computers tend to be regarded as relatively safe from attack, but the migration of so-called ransomware targeting the Microsoft Windows operating system to Apple’s Mac OS X is yet another indicator that things are changing.

Mac users need to be more vigilant and aware of the risks, while cyber security professionals need to equip themselves to identify and quickly respond to this new malware threat, especially in having a pragmatic approach in place for managing extortion-style threats, say security industry pundits.

“As Apple computers and devices become more popular with corporate IT departments, there’s a recognition by attackers that valuable data and resources are available by targeting Mac users,” said Vann Abernethy, chief technology officer at security firm NSFOCUS IB.

“These types of attacks will become increasingly common as the platform gains acceptance within the enterprise world, just as Microsoft Windows is targeted for similar reasons,” he said.

Ransomware is currently one of the most popular ways for cyber criminals to extort money from individuals and organisations in the form of the unregulated bitcoin cryptocurrency.

According to the UK National Crime Agency, ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services.

The newly discovered KeRanger ransomware targeting Mac was discovered hidden in a version of the Transmission BitTorrent client by researchers from security firm Palo Alto Networks.

Businesses are still getting caught by ransomware, despite the fact that there are fairly straightforward methods to avoid it.

Like its Windows counterparts, KeRanger encrypts files on infected computers with a strong encryption algorithm and contains a payment process enabling the victim to purchase decryption for 1 bitcoin- currently worth around £290.

A special feature of KeRanger is a three day delay after infection, which researchers believe was aimed at getting as many users to download the infected version of the Transmission client before its hidden payload was revealed.

By hiding the ransomware in the Transmission client for downloading and sharing BitTorrent files, attackers were attempting to bypass Mac OS security because the Transmission software is signed with a valid developer certificate, causing the Mac operating system to consider it safe and allow installation.

The discovery of Keranger is a sign that Mac users need to be educated on basic information security practices, just like Windows users have been over the past 10 to15 years.

Cyber crime is fastest growing economic crime

Cyber crime is up 20% since 2014 and is the fastest growing economic crime, according to PricewaterhouseCoopers’s (PWC) latest biennial Global Economic Crime Survey.

Cyber crime is up 20% since 2014 and is the fastest growing economic crime, according to PWCThe UK has seen a double digit rise in economic crime against corporates in the past two years, with 55% of organisations affected – up 11% since 2014 and well above the US (38%) and China (28%).

The survey found that 60 % of economic crime in the UK was committed by external perpetrators, up from 56% in 2014. While there was a decline in economic crime perpetrated by employees (31%), there was an 11% increase in fraud committed by senior management to 18%.

“While the prevalence of traditional fraud – such as asset misappropriation – has fallen since 2014, there has been a huge rise in organisations reporting cyber crime, with technology driving almost every other area of economic crime,” said Andrew Gordon, PwC’s global and UK forensics leader.

“Businesses need to minimise the opportunities for economic crime through rigorous fraud risk assessment, supported by a culture based on shared corporate values, robust policies and compliance programmes,” he said.

Some 44% of UK organisations that experienced economic crime in the past two years were affected by cyber incidents, a jump of 20% from 2014 and 12% greater than the global response of 32%.

The rise of cyber crime, the report said, is in stark contrast with some of the traditional forms of economic crime, including asset misappropriation and procurement fraud, which have declined.

Just over half of UK organisations say they expect to be the victim of cyber crime in the next two years, suggesting it will become the UK’s largest economic crime.

Global corporate intelligence leader at PwC Mark Anderson said cyber attackers are now more ambitions than ever.

“Their aim goes beyond targeting financial information to include a company’s ‘crown jewels’ – customer data and intellectual property information, the loss of which can bring down an entire business,” he said.

“The threat of cybercrime is now a board level risk issue, but not enough UK companies treat it that way.”

UK respondents say the greatest concern about a cyber attack is the potential disruption to services, with 31% saying it would have a medium to high impact.

Surprisingly, almost half say that cyber crime would have no effect on their reputation, and almost 60% are not concerned about the potential for theft of intellectual property.

The strong shift towards more senior and experienced employees carrying out corporate fraud in the UK should be of particular concern, the report said, because senior management fraud is often more difficult to detect and prevent, and usually has a much greater effect on an organisation.

While those in middle management remained the most responsible for economic crime (36%), half the instances committed by staff in the UK involved employees over the age of 40, and the number carried out by staff over the age of 50 tripled from 6% to 18%.

The survey found that 45% of internal fraudsters had worked for more than five years in the organisation they defrauded and 21% had more than a decade of service.  In contrast, the number of junior staff carrying out economic crime has fallen since 2014 from 45% to 28%.

While the majority (86%) of UK organisations have formal business ethics and compliance programmes in place, far fewer (63%) back up these rules with regular training and communication.

Financial services companies are set to be the biggest spenders on compliance in the UK in the next two years, while compliance budgets for other industries are under pressure as they face demands to do more with less, according to the survey.

The survey also found that 20% of UK organisations say they have never performed a fraud risk assessment, while 44% do so annually. Some 5% of respondents say they have been asked to pay a bribe in the past 24 months, while 7% feel they lost a business opportunity to a competitor who was willing to pay it.

More than a fifth of frauds were detected through suspicious transaction monitoring, 14% through fraud risk management, 8% through data analytics, 8% through internal audit and 8% through accidental discovery.

Small business risks cyber attack damage

Small businesses are underestimating the impact a cyber attack would have on their reputation and must take steps to protect themselves.

Small businesses are underestimating the impact a cyber attack would have on their reputation and must take steps to protect themselvesThe warnings come as a result of research published according to the findings of the Small Business Reputation and the Cyber Risk report, by the Government’s Cyber Streetwise campaign and KPMG.

Less than a quarter of small businesses cite cyber security as a top concern, but it’s of vital importance to consumers and within the supply chain.

The impact of a cyber attackbreach can be huge and long lasting, affecting brand, client retention and ability to win new business.

In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to transform Government, business and the ways in which we interact with each other. Cyber crime undermines confidence in our communications technology and online economy.

There were an estimated 5.1 million incidents of fraud and 2.5 million incidents falling under the Computer Misuse Act recorded last year (ONS, 2015). Add in recent high profile hacking cases and the issue of cyber security is now more important than ever.

Cyber Streetwise and KPMG surveyed 1,000 small businesses and 1,000 consumers across the UK to assess how small businesses feel about cyber security, how they are protecting themselves and the impact of a cyber breach on their reputation.

Key cyber security research findings:

  • Cyber security was cited as one of the top concerns by less than a quarter of small businesses (23%), yet it is fast becoming the only way to do business:
  • 83% of consumers surveyed are concerned about which businesses have access to their data and 58% said that a breach would discourage them from using a business in the future.

Recently published KPMG Supply Chain research supports this; 94% of procurement managers say that cyber security standards are important when awarding a project to an SME supplier and 86% would consider removing a supplier from their roster due to a breach.

UK small businesses value their reputation as one of their key assets. Yet they are hugely underestimating the likelihood of a cyber breach happening to them and its long term impact:

60% of small businesses surveyed have experienced a cyber breach, but only 29% of those who haven’t experienced a breach cited potential reputational damage as an ‘important’ consideration.

The impact of a cyber breach can be huge and long lasting. 89% of the small businesses surveyed who have experienced a breach said it impacted on their reputation.  Those who experienced a breach said the attack led to:
Brand damage (31%)
Loss of clients (30%)
Ability to win new business (29%)

Quality of service is also a risk. Those surveyed who experienced a cyber breach found it caused customer delays (26%) and impacted the business’ ability to operate (93%).

The full report was published at: https://home.kpmg.com/uk/en/home/insights/2016/02/small-business-reputation-and-the-cyber-risk.html

UK businesses expect cyber attacks to cost £1.2 million

Half of UK businesses expect to be hit by a cyber attack and that recovery costs will be £1.2 million or more.

Half of UK businesses expect to be hit by a cyber attack and that recovery costs will be £1.2 million or more.This is the highest figure globally, according to the Risk:Value 2016 report by information security and risk management company NTT Com Security.

The report is based on a survey of business decision-makers in the UK, the US, Germany, France, Sweden, Norway and Switzerland.

Although about 50% of UK respondents said information security was vital to their organisation and agreed it was good practice, 20% admitted that poor information security was the single greatest risk to the business, ahead of decreasing profits (12%), competitors taking market share (11%) and on a par with lack of employee skills (21%).

Well over half (57%) agreed that their organisation would suffer a data breach at some point, while only one third disagreed and one in 10 said they did not know.

They expected recovery from a cyber attack to take an average of two months, and they anticipated a 13% drop in revenue, on average, following a breach.

The survey showed that recent high profile data breaches are starting to hit home, with organisations spending 11% of their IT budgets on information security, up from 10% the previous year.

However, nearly a quarter of the UK businesses surveyed revealed that more is spent on human resources than on information security.

Detailing remediation costs following a security breach, the report said respondents indicated that they expected 18% to be spend on legal fees, 18% on fines or compliance costs, 17% on compensation to customers, and 11% on third-party remediation.

Other anticipated costs included PR and communications (14%) and compensation paid to suppliers (12%) and to employees (11%).

According to the report, the vast majority of UK respondents admitted they would suffer both externally and internally if data was stolen, including loss of customer confidence (66%) and damage to reputation (57%), as well as direct financial loss (41%). More than one-third of decision-makers (34%) expected to resign or expected another senior colleague to resign because of a breach.

The study found that although only 41% of UK organisations have a disaster recovery plan in place and only 40% have a formal security policy, in both cases almost half are in the process of implementing or designing one.

In terms of responsibility for managing a company’s recovery plan, 15% of respondents said the CEO now has responsibility, although it still largely falls to the chief risk officer, chief information officer or chief security officer.

While 77% agreed it is vital that their business is insured for security breaches, only 26% have dedicated cyber security insurance – but 38% are in the process of getting a policy.

One in five UK respondents said they did not know if their organisation had any type of insurance to cover for the financial impact of data loss or an information security breach.