MENTIS

Week of June 24, 2019

MENTIS
news

Week of June 24, 2019

Cost Per Cyberattack Jumps to $4.6M in 2019*:

  • The cost of cyberattacks spiked more than $1.5 million in the past year, going from $3 million per incident in 2018 to $4.6 million in 2019.
  • Pricier breaches are becoming more frequent: The percentage costing $10 million or more nearly doubled from 7% in 2018 to 13% this year.
  • Radware researchers who compiled the report "2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security into a Competitive Advantage" found there are four main business impacts after a cyberattack: customer loss (45%), brand reputation loss (44%), and revenue loss and operational effects (32% each).
  • Cybersecurity has also become an executive issue, with 72% of executives reporting it's on every board meeting agenda.
  • Respondents are now working to meet the expectations of an increasingly cyber-savvy customer base; people want to know what companies are doing to protect their information.
  • Three-quarters of executives say security is a key part of their marketing messages.
  • Half of businesses sell dedicated security products and services; 41% offer security features as add-ons.
  • Still, companies have a long way to go.
  • Seventy percent of senior executives polled in North America and Europe say their organization experienced a cyberattack in the 12 months prior.
  • Three-quarters of those in EMEA admit their networks are vulnerable to cyberattacks.

*Source: Dark Reading, June 19, 2019

 

Personal Data Of 2.7 Million People Leaked From Desjardins*:

  • An employee with "ill-intention" at Desjardins Group collected information about nearly three million people and businesses and shared it with others outside the Quebec-based financial institution, officials revealed Thursday.
  • The data breach affects around 2.7 million people and 173,000 businesses, more than 40 per cent of the co-operative's clients and members.
  • Desjardins is the largest federation of credit unions in North America, with outlets across Quebec and Ontario.
  • The leaked information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits.
  • However, Desjardins said, passwords, security questions and personal identification numbers were not compromised.
  • Desjardins CEO and president Guy Cormier said the security breach was not the result of a cyberattack, but the work of an employee who improperly accessed and shared the information.
  • That employee has been fired.
  • He was arrested by Laval police but has not yet been charged.
  • The breach looks to be one of the largest ever among Canadian financial institutions, according to one cybersecurity expert and author.
  • It took several months for Desjardins to learn the scope of the data-gathering scheme, after it referred a suspicious transaction to Laval police, amid routine monitoring, in December 2018.
  • In May, police told Desjardins that the personal information of some its members had been leaked.
  • An internal investigation was conducted with the help of Laval police, Desjardins' chief operating officer, Denis Berthiaume, said Thursday.
  • That investigation identified the employee. He was suspended and his access to Desjardins information systems was frozen.
  • In the meantime, Laval police continued to investigate and, on Friday, informed Desjardins of the scope of the data breach and the identities of those affected.
  • Cormier defended the security procedures that were in place when the breach occurred.
  • "There is no one at Desjardins who can turn on their computer in the morning and get access to the information of all our members," said Cormier. "We're a lot more secure than that."
  • The suspected employee created a scheme to win the trust of his colleagues, he said. The employee allegedly used their access, and his own, to assemble the data trove.
  • A spokesperson for Laval police refused to give details about the investigation, or the suspect, in order to protect the ongoing investigation.
  • Desjardins said the employee, a male, worked in the data department.
  • Quebec's regulator of financial institutions, the Autorités des marchés financiers (AMF), described the situation as "very serious" but said it is "satisfied with the actions" taken so far by Desjardins Group.
  • The Desjardins Group said additional security measures have been put in place to protect data, and it will be contacting every member affected by the leak individually.
  • Anyone whose data was affected will receive a 12-month credit monitoring plan, paid for by Desjardins.
  • That service includes access to daily credit reports, alerts of any changes and identity theft insurance.
  • Desjardins Group's chief operating officer, Denis Berthiaume, said he cannot yet put a dollar figure on the financial loss to the co-operative.
  • There has not been, he said, a noticeable increase in reported fraud compared to last year, suggesting the damage may be limited.
  • If members notice any unusual activity, they're asked to notify the co-op. Desjardins has also set up a website for affected members and businesses.

*Source: CBC, June 20, 2019

 

CNIL Issues Fine Of €20,000 Against a Small Company In France*

  • The French data protection authority, the CNIL, announced on 18th June 2019 that it has issued a 20,000 euros fine against Uniontrad Company, a small company (9 employees) based in France and specialized in translations, for "excessive video surveillance".
  • According to the CNIL, employees of the company had filed complaints with the CNIL between 2013 and 2017 over the filming.
  • In February 2018, the CNIL conducted an investigation at the company's offices and found that a camera was continuously recording the staff's activities at their work station, without sufficient information being provided to the staff.
  • In addition, the CNIL found that the computers were not protected by a password and that the translators were all using the same messaging system with a single, shared password.
  • In July 2018, the CNIL ordered the company to change its practices; however, an audit conducted in October 2018 found that the company had not taken any remedial action, which led to today's decision of the CNIL to issue a sanction against the company.
  • The CNIL stated that in deciding the amount of the fine to be imposed, it took into account the small size of the company (9 employees only), the financial situation of the company (including the fact that the company reported a loss for the financial year 2017) as well as the inaction of the company to comply with the CNIL's previous order.
  • The CNIL further stated that the amount imposed is intended to be "dissuasive yet proportionate".
  • In addition to the fine of 20,000 euros, the company has also been ordered to move the camera (so that the employees are no longer constantly filmed), to provide information to employees on the video surveillance, to implement security measures to restrict access to computers and to ensure traceability of access to the messaging system (i.e. not to have a shared password).
  • Last but not least, the company has been granted a two-month period to remedy its current practices, otherwise it would face a 200 euros fine for each day it remains in noncompliance.

*Source: FieldFisher, June 21, 2019

 

NASA Experiences a Hack*

  • The U.S. National Aeronautics and Space Administration (NASA) this week confirmed that its Jet Propulsion Laboratory (JPL) has been hacked.
  • An audit document from the U.S. Office of the Inspector General was published by NASA this week.
  • It reveals that an unauthorized Raspberry Pi computer connected to the JPL servers was targeted by hackers, who then moved laterally further into the NASA network.
  • The hackers apparently got as far as the Deep Space Network (DSN) array of radio telescopes and numerous other JPL systems.
  • The extent of the breach, which happened in April 2018, was such that the Johnson Space Center, with responsibility for programs including the International Space Station, decided to disconnect from the gateway altogether.
  • The audit report states that, "Johnson officials were concerned the cyber attackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."
  • the report says that while the use of limited spacecraft data was restored in March this year, as of that date, "Johnson had not restored its use of all communications data because of continuing concerns about its reliability."
  • Without going into all the technical detail of every mistake that has been identified by this audit, needless to say it paints a very poor picture of JPL network security indeed.
  • Everything from poor IT asset visibility and security violation ticket resolution shortcomings, through to untimely delays in patching known vulnerabilities were detailed by the auditors.
  • All in all it reads like a security basics 101 list that has been ignored.
  • System administrators lacked security certifications, no role-based security training was in place and JPL, unlike the main NASA security operations center (SOC), didn't even have a round-the-clock incident reporting capability.

*Source: Forbes, June 20, 2019

 

The Fake French Minister In A Silicone Mask Who Stole Millions*

  • For two years from late 2015, an individual or individuals impersonating France's defence minister, Jean-Yves Le Drian, scammed an estimated €80m (£70m; $90m) from wealthy victims including the Aga Khan and the owner of Château Margaux wines.
  • The hustle required targets to believe they were being contacted by Mr Le Drian, who then requested financial help to pay ransoms for journalists being held hostage by Islamists in the Middle East.
  • Since France officially does not pay ransoms to hostage-takers, the fake Le Drian assured payments could not be traced and asked for the funds to be placed in a bank in China.
  • Many of those approached smelled a rat and rang off.
  • But, some didn't - enough for it to become one of the most outlandish and successful rackets of recent times.
  • Why Jean-Yves Le Drian was chosen has not been fully explained.
  • Presumably the fact that as defence minister he might be in charge of ransom demands was part if it, but another factor may have been his relative obscurity.
  • Before 2012, Mr Le Drian had been a Socialist politician in Brittany.
  • Someone with a higher international profile would have been harder to carry off.
  • The case is now under judicial investigation in France, with suspicions centring on a convicted French-Israeli con-artist called Gilbert Chikli.
  • He is currently in jail in Paris following extradition from Ukraine and faces charges of organised fraud and usurpation of identity.
  • Chikli, of Tunisian Jewish background, grew up in the working-class Belleville neighbourhood of northeast Paris.
  • In 2015, Chikli was found guilty of scamming money out of French corporations by pretending to be their chief executive.
  • But by this time he was living in the safety of Israel, which refuses to extradite its nationals.
  • According to investigators, Chikli's first move against the minister came shortly after his conviction in a bid to get the Tunisian government to pay for a number of Tiger helicopters that had never actually been ordered.
  • A contract apparently signed by the minister demanded millions of euros, but was spotted as a fake at the last moment.
  • The fraud then switched direction, targeting "friends of France", who were asked to contribute to the ransoms.
  • According to Ms Meillet, there were scores of calls to business leaders and heads of African governments, but also to church leaders such as the Archbishop of Bordeaux and charities like the Aids foundation, Sidaction.
  • The system started with an initial telephone call from someone claiming to be a member of Mr Le Drian's inner circle, such as his special adviser Jean-Claude Mallet.
  • This person would then arrange a conversation with the "minister" himself.
  • Initially these "ministerial" calls were also over the phone.
  • But then - in an effort to be more convincing - the scam went up a level, to video.
  • Now the fake Le Drian not only had to sound like the defence minister, he had to look like him, too.’
  • So, in meetings arranged on Skype, the fraudster wore a custom-made Le Drian mask and sat in a facsmile of Le Drian's ministerial office, complete with flags and portrait of then-President François Hollande.
  • The ruse would still have been detectable, but the gang - it's assumed they were several - had the impostor badly lit and at some distance from the camera.
  • They also made sure the connection was bad and only lasted a short time - just enough to put out the bait.
  • Ms Meillet has a long list of victims whose names are attached to the judicial dossier.
  • For obvious reasons none wished to talk.
  • Of the €80m that was scammed, more than half the sum came from an unnamed Turkish businessman. The Aga Khan lost €18m.
  • One who did not fall for the trap was Senegalese leader Macky Sall.
  • This was because the fake Le Drian made the basic error of addressing the president with the polite French vous.
  • In fact the two men know each other well, and when talking together use the familiar tu.
  • Chikli's luck ran out in August 2017 when he made the mistake of travelling to Ukraine.
  • Arrested at the request of the French, he told police he was on a pilgrimage to the tomb of a well-known rabbi
  • But on his phone was evidence he had come to buy a mask.
  • In prison in Kiev, Chikli lived up to his reputation as a man of massive narcissism.
  • He paid guards to get him a fridge stocked with steaks and vodka, and then showed it off in a foul-mouthed, social media video in which he also taunted the French justice system.
  • That may have been a bad idea. Released, he was almost immediately re-arrested and this time extradited to France.
  • There the story would normally end, except for a strange coda.
  • Because earlier this year, with Chikli safely behind bars, the con started again.
  • Reports began to arrive at embassies that once again a fake Le Drian, by now French foreign minster, was trying to finagle money out of influential "friends of France".
  • In February, three French-Israeli citizens were arrested near Tel Aviv.
  • For now the calls have stopped.
  • But the suspicion has been raised that, far from there being a single con-artist, maybe there are several: a whole gang schooled in the art of being Jean-Yves Le Drian.

*Source: BBC, June 20, 2019

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top