Week of February 25, 2019


Week of February 25, 2019

New Malware Campaign Targets Job Seekers*:

  • Scammers tend to be skilled at finding the most vulnerable individuals and turning them into victims.
  • Case in point: Researchers at Proofpoint have been tracking campaigns that prey on those looking for work.
  • The payoff is not a job: It's a copy of the More_eggs backdoor.
  • The criminal (or criminals) conducting these campaigns seems patient and persistent.
  • The person targets the potential victim through LinkedIn direct messaging, builds rapport, and then begins follow-up through fake websites stuffed with malicious links, email with malware payloads, or both.
  • LinkedIn profiles provide the threat actor with the information required to craft spear-phishing messages.
  • The malicious payloads are not unique to the campaign: More_eggs is a JScript downloader, while VenomKit and Taurus Builder are malware builders that have been made available for purchase by their developers.
  • There are overlaps between these campaigns and a campaign launched against anti-money laundering officers at various financial institutions.
  • In this case, More_eggs seems likely to lead to more_grief for its victims.

*Source: Dark Reading, February 22, 2019


Top 6 Countries with the best cyber security measures*:

  • Cyber risks represent a genuine risk to governments, economies, organizations and people.
  • In 2015, the US Government’s Office of Personnel Management was breached and traded off, with the organization declaring that 21.5 million social security numbers were stolen from one source, and 4.2 million from another.
  • The World Economic Forum’s Partnership for Cyber Resilience is an initiative made in light of the developing significance of cyber security.
  • More than 100 enterprises are included, concentrating on measuring the effect of cyber attacks.
  • Organizations and governments are progressively putting resources into enhancing their cyber security conventions as the recurrence of attacks rises.
  • Actually, every one of them is attempting to remain on track against the most recent cyber attacks, yet there are a few nations committing most to cyber security.
    • United States Of America
      • The United States of America is one of the nations that is encountering a huge amount of cyber attacks every year.
      • That is the reason around 58% of the digital security organizations are situated there and endeavour to discover better approaches to battle with the most recent attacks.
      • Among the methodologies that the nation has deployed is significantly encouraging policies and best practices.
      • The government is constantly reassuring transparency, productivity and development with regards to data security.
      • All the more along these lines, the government has been seen working with stakeholders in cultivating internet governance through the development of models and the dismissal of fake cyber security concerns.
      • The United States has attempted consolidated endeavors with accomplices in executing cyber security strategies, outlying cyber security principles, addressing cybercrime and protecting sensitive framework from cyber threats. It has been very much successful.
    • Russia
      • The United States and Britain blamed Russia for launching cyber attacks on computer routers, firewalls and other systems administration equipment utilized by government organizations, companies and critical infrastructure operators around the world.
      • U.S. intelligence agencies a year ago blamed Russia for interfering in the 2016 election race with a hacking and purposeful publicity campaign supporting Donald Trump’s battle for president.
      • The Trump administration pointed the finger at Russia for a launch of cyber-attacks that focused the U.S. power grid.
      • In spite of the fact that they are all the time blamed for digital cyber activities and attacks by their political adversaries, it isn’t difficult to advise that they additionally realize how to ensure themselves against similar threats and risks.
    • Israel
      • Israel is the nation that takes the second-largest number of cyber security measures and this number is developing as the number of new cyber security startups show up and get funding.
      • It owes to the government playing a noteworthy job in the coordination of the development of a system that will deal with the event of unpredicted cyber threats.
      • Israel is additionally tenaciously putting resources into human capital.
      • That is in light of aptitudes and knowledge that the general population have with respect to the subject.
      • It is through putting resources into cybersecurity education which begins as soon as middle school.
    • China
      • In 2017, China has adopted another Cyber Security Law and it’ fundamental intention was to strengthen the cyber security and the national security.
      • However, it has pulled in warmed discussions among remote businessmen there.
      • The Cyber security Law is an achievement for cyber security legislation in China and fills in as a “Fundamental Law” in its field.
      • The Law is a development of the beforehand existent cyber security policies and regulations from different dimensions and fields, acclimatizing them to make an organized law at a large-scale level.
    • Spain
      • The country has been successful with regards to framing contingency courses of action for national cyber.
      • All the more in this way, endeavors have vigorously been dedicated to the security of foundation.
      • Reaction to incidence has been drastically enhanced in the country including the reporting of the same.
      • Innovative work has likewise been empowered which have made a basic commitment to the organization of cyber security activities.
    • Estonia
      • After facing a bad cyber attack in 2007, Estonia has turned into a worldwide heavyweight in cyber security-knowledge, exhorting numerous different states on the issue.
      • In December 2016, NATO came up with its largest cyber defence exercise in Estonia.
      • Named Cyber Coalition 2016, the three-day occasion pulled in more than 700 cyber defenders and legitimate specialists, government authorities and military officers, academics and industry delegates, taking part from many areas over the alliance and partner countries.

*Source: Analytics Insight, February 18, 2019


Embattled LandMark White Shares Drop 10.6 pc after Data Breach*:

  • Shares in LandMark White have plummeted 10.6 per cent to a four-year low after the valuer resumed trading following a massive data breach, which resulted in details of about 100,000 home loan customers being leaked.
  • A number of its customers, including the major banks, suspended the company following the breach.
  • The company said it was in discussions to get the suspensions lifted after saying it had contained the breach and there was ''no evidence that the data has been misused''.
  • However, the banks had not changed their position at the time of writing.
  • The NSW government body Property NSW has confirmed the group has contracts with it, but at this stage has taken no action.
  • In a statement to the ASX on Monday, LandMark White said the data breach included property valuations and customers' personal information including first and last name, residential and/or business address, email address and telephone number.
  • The breach also included "commentary about the property, relevant to its overall valuation,'' the company said.
  • LandMark White shares fell to 38¢ on light trade as the register is tightly held by staff but the drop was fuelled by a comment from the company saying it was "assessing the costs of the incident and the subsequent reduction in revenue''.
  • The largest shareholder is LandMark White, which is predominantly staff shares held in escrow, followed by Mircoequities Asset Management, which declined to comment when contacted by the Sydney Morning Herald.
  • Individual shareholders include Tony Gandel, son of billionaire property developer John Gandel, the Coad and Pratt Super fund, founded by Anthony Pratt, son of the billionaire businessman Richard Pratt, and the Queensland-based Raptis Property group.
  • In January the company slashed its earnings forecast for the first half by 25 per cent and the data breach could result in another downgrade.
  • LandMark White receives information from the banks and government departments to help assess mortgage applications.
  • On a website set up by investors regarding the breach, LandMark White chairman Keith Perrett said on January, 23 2019, the group closed off a security vulnerability which it had identified in one of its valuation platforms.

*Source: Sydney Morning Herald, February 18, 2019


Tax Returns Exposed In TurboTax Credential Surfing Attacks*:

  • Financial software company Intuit discovered that tax return info was accessed by an unauthorized party after an undisclosed number of TurboTax tax preparation software accounts were breached in a credential stuffing attack.
  • A credential stuffing attack is when attackers compile username and passwords that were leaked from previous security breaches and use those credentials to try and gain access to accounts at other sites.
  • This type of attack works particularly well against users who use the same password at every site.
  • Intuit states that the breach was discovered during a security review of its systems in the TurboTax data breach notification which was filed with the Office of the Vermont Attorney General.
  • Following the discovery of the security breach, Intuit decided to temporarily disable the TurboTax accounts which were breached in the credential stuffing attack.
  • TurboTax users who had their accounts temporarily deactivated have to contact Intuit using the company's Customer Care department at 1-800-944-8596 and say "Security" when prompted, after which Intuit employees will walk them through an identity verification procedure designed to help them reactivate their accounts.
  • The company also provides one year of free identity protection, credit monitoring, and Experian IdentityWorks identity restoration services to customers impacted by the data breach to further protect their TurboTax accounts.
  • Intuit's TurboTax was previously breached and customer tax return information was leaked after two other credential stuffing attacks on 02/01/2014 and 02/27/2015 according to a data breach notice filed with the Office of the California Attorney General on 04/06/2015.
  • BleepingComputer has reached out to Intuit for further information on the breach dates and the number of accounts impacted in the event but had not heard back at the time of this publication.

*Source: Bleeping Computer, February 22, 2019



New Legislation Builds On California Data Breach Law*:

  • California Attorney General Xavier Becerra and Assembly member Marc Levine this week unveiled legislation to close a loophole in the state's existing data breach notification laws.
  • AB 1130, introduced by Levine, requires breached organizations to notify consumers if their passport number or biometric data is exposed.
  • Becerra said this bill "closes a gap in California law and ensures that our state remains the nation's leader in data privacy and protection."
  • California became the first state to pass a data breach notification law in 2003, when it mandated companies inform consumers when they believe an unauthorized party has accessed their information.
  • At the time, this personal data was limited to Social Security numbers, driver's license numbers, credit card numbers, and medical and health insurance data.
  • Legislation introduced this week will update the law to include passport numbers and biometric data, such as a fingerprint or retina/iris scan, as information protected under the statute.
  • The addition was prompted by the 2018 breach of Starwood Hotels' guest database.
  • Marriott, which had acquired the company, revealed the incident had exposed more than 327 million records containing travelers' names, addresses, and more than 25 million passport numbers.
  • California officials note how passport numbers are unique, government-issued, static identifiers, making them especially appealing to cybercriminals. Indeed, passport scans are hot on the Dark Web.

*Source: Dark Reading, February 22, 2019


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top