Australian Parliament Hit By Cyber-Hack Attempt*:
- Authorities in Australia say they are investigating an attempt to hack into its parliament's computer network.
- Lawmakers said there was "no evidence" that information had been accessed or stolen, but politicians' passwords have been reset as a precaution.
- Local cyber-security experts have suggested the hack likely came from a foreign state.
- Australian PM Scott Morrison said he didn't intend to comment in depth on "the source or nature of this".
- He said there was "no suggestion" that government agencies or departments had been targeted. MPs and their staff use the parliament network to store emails, among other data.
- Earlier, senior lawmakers said there was no evidence that the hacking attempt aimed to "disrupt or influence electoral or political processes".
- However, opposition leader Bill Shorten described the incident as a "wake-up call". It also sparked commentary from other lawmakers.
- The Australian government has faced a number of cyber-attacks in recent years, some of which have been attributed in local media to nations such as China.
- In 2015 and 2016, there were high-profile attacks on the government's weather and statistics agencies.
- In 2011, senior Australian ministers also had their email systems breached.
*Source: BBC, February 08, 2019
Exposed Consumer Data Skyrocketed 126% In 2018*:
- The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
- The data comes from the Identity Theft Resource Center (ITRC), which has been tracking publicly available breach disclosures and reporting on trends since 2005 alongside sponsor CyberScout.
- Its "2018 End-of-Year Data Breach Report" reflects severe compromise of sensitive consumer data and the methods with which cybercriminals now access personal information.
- There were 1,244 breaches reported in 2018, marking a 23% drop from the year prior.
- But the reported number of consumer records containing personally identifiable information (PII) significantly increased from 197.6 million to 446.5 million – a 126% jump.
- ITRC notes the actual total number of records exposed is likely higher, given that only half of reported breaches disclose the number.
- Sensitive PII wasn't the only type of data tracked for this year's report.
- The number of non-sensitive records (email addresses, passwords, usernames) exposed in data breaches amounted to an additional 1.68 billion compromised records exposed in only 37 of 1,244 incidents.
- The lowest rate of exposure was in the business sector, which was hit with the most data breaches (571) but had the smallest amount of data compromised in each.
- Healthcare had the second-highest number of breaches (363) but had the highest rate of exposure at 9.92 million records total.
- The ITRC's team took a look at the decline in breaches versus amount of information exposed and determined the explanation is twofold.
- First, businesses are creating more data troves, placing larger amounts of user-submitted data into on-prem and cloud-based stores.
- At the same time, attackers are scouring the Web for massive data sets, which makes it easier to achieve their goals.
- The more data an attacker has on a victim, the easier it is to assume the person's identity, an ITRC spokesperson explains.
- If one vulnerable account grants access to birthdates, home and email addresses, Social Security numbers, and driver's license data, an attacker stops looking.
- Savvy hackers will take usernames and passwords and try to credential crack into more online accounts, where they could potentially access financial data, shopping history, or travel plans.
- Hacking was the most common breach tactic in 2018, seen in 482 data breaches.
- Considering the different types of breaches, it led to the third-highest exposure of data (16.7 million consumer records).
- In 2017 hacking was the most popular type of breach, as seen in 956 breaches, and ranked first for records exposed (168 million in total).
- Unauthorized access was the second most common form of attack in 2018, when it led to 377 data breaches and exposed the most records, at 404 million.
- Accidental exposure was the cause behind 114 data breaches and ranked second for the total number of records exposed (22 million).
- Other sources of data compromise included employee error/negligence/improper disposal, which made up 12% of 2018 incidents, insider theft (4%), and data on the move (2%).
*Source: Dark Reading, February 04, 2019
Bleichenbacher Oracle Attack Variation Subjects TLS Encryption To Further Vulnerabilities*:
- Encryption is one of the safest forms of securing data; yet academics recently found a vulnerability that allowed attackers to intercept encrypted Transport Layer Security (TLS) traffic.
- Encryption uses ciphertext to code data sent or stored.
- The encryption then reverses when the recipient unlocks it with their key.
- By unlocking it, the recipient decrypts the message turning it back into plain text and enabling them to read the message.
- If intercepted during transmission, an intruder will receive the ciphertext as they do not have the key.
- TLS is a cryptographic protocol providing end-to-end security over networks such as emails, instant messaging and web browsing applications.
- It uses Rivest, Shamir and Adelman (RSA) algorithms to de/encrypt messages.
- Although designed to secure the data sent or stored, attempts such as the Bleichenbacher oracle attack managed to authenticate and RSA decrypt with a private key of a TLS server.
- In 1998, Bleichenbacher exploited the error messages by SSL servers with the PKCS#1 v1.5 function, to carry out an adaptive-chosen ciphertext attack.
- The attack sent millions of ciphertexts to the decryption device.
- In the past years, a slight variation to this attack has formed, with organizations witnessing attacks such as DROWN and ROBOT.
- Each time, attackers added stronger countermeasures when attempting to guess the RSA decryption key.
- The newfound Bleichenbacher attack, not yet named, works against Google’s new QUIC encryption protocol.
- In the past, individuals and organizations were advised against using only RSA key exchanges because of this vulnerability.
- The attack not only leads to the hacker stealing data but also allows them to impersonate and change the data in transmission.
- Victims in the past have included Citrix Net Scaler Application Delivery Controller, IBMs HTTP server and Cisco ASA’s products.
- During recent testings by researchers, vulnerabilities were found in GnuTLS, WolfSSL, Apple CoreTLS and Amazon s2n.
- These organizations consequently released patches.
*Source: Reuters, February 11, 2019
Your Cell Phone Is A Security Threat Hackers Can Use To Steal Your Accounts*:
- If you're at all savvy about online security, you already know to be cautious about sharing personally identifiable information.
- You think twice before you post your birth date to social media, or tell people your street address or your mother's maiden name.
- But there's one piece of personal information you can't avoid giving out--your mobile phone number.
- Without it, no one would be able to contact you.
- Whenever you buy anything online, subscribe to a new service, meet a new friend, or sign up for any kind of text notification it's something you inevitably share.
- It turns out that, in the wrong hands, that simple piece of information can be used to steal your identity and take over nearly every online account you have.
- And it's surprisingly easy for hackers to do just that in a simple two-step process:
- Step 1: A hacker who's found out your cell phone number and one or two other bits of information, such as your address and date of birth, contacts your mobile carrier provider claiming to be you.
- The hacker tells your carrier to "port out" your number to a different phone--one in the hacker's possession.
- If your provider asks questions such as your address and date of birth to confirm that this is you, the hacker will answer them correctly.
- Soon the hacker has switched your phone is able to receive calls and texts intended for you.
- Step 2: The hacker next logs into your email account.
- The hacker doesn't know your password.
- The hacker can tell your email software that he or she "forgot" the password and have a reset sent to "your" mobile phone.
- You've probably given your email provider your mobile phone number as a backup in case you ever forget your password, in which case this is a pretty easy step.
- Once the hacker has access to your email account, it's easy to gain access to any of your other accounts--just click "Forgot Password" and wait for a password reset link to arrive in what was once your email.
- If you have two-factor authentication enabled on any of your accounts, the secret codes will be sent to the hacker at "your" phone number.
- He or she can even gain access to your bank accounts, and if the hacker calls the bank, their caller ID will make it look like the call is coming from you.
- So what can you do about it? Actually, there's a pretty simple way to prevent it.
- Let your mobile carrier know that you want to add an extra layer of security or password to your account, something you can often do online.
- You may also want to simply call your carrier and ask them to enable this extra protection.
- Once it's in place, anyone who tries to make changes to your mobile account, such as switching it to a different phone or SIM chip, will need to provide this password first, effectively preventing anyone who doesn't know the password from stealing your phone number and all that goes with it.
*Source: Inc., February 05, 2019
Metro Bank Hit By Cyber Attack Used To Empty Customer Accounts*:
- Metro Bank has become the first major bank to fall victim of a new type of cyber attack targeting the codes sent via text messages to customers to verify transactions.
- Hackers were able to intercept an additional layer of security offered by Metro Bank, which asks customers to type in a code sent by text message to their phones to confirm transfers and payments.
- The attack, which was first discovered by Motherboard, involved hackers tracking phones remotely and intercepting messages to authorise payments from accounts.
- Other banks are understood to have also been affected by this attack.
- Hackers were able to exploit flaws in SS7, a protocol used by telecoms companies to coordinate how they route calls and SMS messages around the world.
- A Metro Bank spokesman said that a "small number" of the bank's customers had been affected.
- Metro Bank first reported the issue to authorities.
- Other companies were affected by this cyber attack, but have not been made public.
- Telecoms giant BT said that it is aware of the potential of SS7 being used to try to commit banking fraud.
- Metro Bank has had a difficult week after it was forced to admit that the Bank of England found a flaw in its accounts despite having previously claimed that it had spotted the error itself.
- Investors were told that the bank's risky assets would be $900m higher than expected due to the error.
*Source: Telegraph, February 01, 2019