Hackers Are Hijacking Verified Accounts to Spread Fake News*:
- Security research group Access Now has discovered a clever attack being used against influential social media users as a means of disseminating fake news.
- The “Doubleswitch” not only involves hijacking verified accounts, but it makes it extremely difficult for the legitimate owner to regain control of their handle.
- The hacker takes control of a verified account through the usual methods like email phishing, then the hacker changes the email and password on the account.
- The first switch comes when the hacker changes the account name to something like Bernie Sanders and changes the handle to @BernieSander (one letter off of the real Bernie).
- The second switch comes when the hacker starts a new account with the original handle and name.
- The hacker proceeds to disseminate fake news through both accounts and users click retweet as they go about their day.
- Twitter does have a form for reporting issues that will be reviewed by humans, but it’s a slower process.
*Source: Gizmodo, June 11, 2017
Microsoft is Worried About an 'Elevated Risk for Destructive Cyber Attacks'*:
- Microsoft has made a rare decision to combat attacks similar to the WannaCry epidemic that struck hospitals and banks.
- Microsoft said this week it would be releasing additional updates to Windows because “vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations” and to provide further protection against potential attacks similar to the WannaCry ransomware.
- WannaCry ransomware hit over 300,000 PCs in 150 countries last month, and can spread to unprotected Windows machines over the Internet.
- The problem for users and IT departments is that WannaCry encrypts their data – making it inaccessible – then demands ransom in bitcoin to get access back.
- A Microsoft spokesperson said they “encourage people to take action” and “recommend those on older platforms prioritize downloading and applying these critical updates.”
- According to Microsoft, the best protection is to be on a modern, up-to-date system that incorporates the latest innovations.
- Despite this advice, Windows XP is still a widely-used operating system, ranked as the third most popular Windows operating system.
- The security updates are being made available to all customers, including all those using older versions of Windows.
*Source: Fox News, June 15, 2017
EU Banks Could Face Fines Totalling €4.7 Billion in the First Three Years Under GDPR*:
- A new report estimates that financial institutions may experience 384 data breaches during the first three years of GDPR, with fines as high as €260m per breach.
- The figures were compiled from an analysis of historic data breach figures, adjusted for the size of financial institution, and GDPR sanction levels were then applied to the data.
- It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10m or 2% of global annual turnover.
- Consult Hyperion stresses that the €4.7 billion figure is a conservative forecast.
- New European regulations such as PSD2, ePR and AMLD4/5 are likely to compound the issue by opening additional liabilities.
*Source: Finextra, June 15, 2017
U.S. Muni Market Slowly Starts Paying Heed to Cyber Risks*:
- A rise in cyber-attacks on U.S. public sector targets so far has had little impact in the $3.8 trillion municipal debt market.
- That’s beginning to change - the shift follows a particularly steep rise in ransomware attacks, when criminals hold an entity's computer system hostage until a small ransom is paid.
- The number of global ransomware detections rose 36 percent in 2016 from the year before, to 463,841, with the United States most heavily affected.
- Ransomware attacks on state and local governments and their agencies have risen in proportion with the overall increase.
- Considering a potential cyber attack as a similar risk to a natural disaster, S&O has already been reviewing cyber security defences of utilities, hospitals, and colleges because they were early sector targets for hackers.
- Many breaches are handled quickly and financial damage is limited, but not every attack will necessarily end that way.
- Some investors still are not concerned enough to ask for details; in part, because it can be difficult to assess the operational and financial fallout of such attacks.
- Some high profile breaches so far have also done limited damage to issuers' finances.
- South Carolina suffered possibly the work cyber attack of any city or state in 2012, and the total cost is around $76 million and counting.
- Many issuers do not disclose any information to potential investors in bond documents about cyber risks or defenses.
- Hospitals are also ahead on cyber security disclosure because they rely on huge amounts of data, and others are expected to follow suit eventually.
*Source: Reuters, June 14, 2017
GameStop Confirmed that Customer Credit Card Data was Stolen*:
- The retailer has confirmed that customer credit card information may have been stolen.
- The game purveyor released a statement noting that it “recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website.”
- The company assured customers, however, that it hired a leading security firm the same day in order to investigate the claims.
- GameStop sent affected customers an email, admitting that hackers could have made away with names, addresses, and credit card information from just about anyone who placed an order on their website between August 2016 and February 2017.
- A security blog noted a breach had taken place as early as April of this year, and reported that information such as credit card CVVs was compromised even though online retailers aren’t supposed to store CVV data.
- GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges.
*Source: Digital Trends, June 10, 2017
Top University Under 'Ransomware' Cyber-Attack*:
- University College London, one of the world’s leading universities, has been hit by a major cyber-attack.
- The university describes it as a ransomware attack, such as last month's cyber-attack which threatened NHS computer systems.
- The university has warned staff and students of the risk of data loss and very substantial disruption.
- University College London is a “centre of excellence in cyber-security research”, a status awarded by the GCHQ intelligence and monitoring service.
- The central London university, ranked last week in the world’s top 10, says a “widespread ransomware attack” began on Wednesday.
- Ransomware attacks are where computer systems are locked and threatened with damaging software unless payments are made.
- The university says that it believes the risk of further infection has been contained, but it is urging staff and students to help with efforts to reduce any “further spread of this malware.”
- One thing UCL did is to quickly switch all drives in the system to read-only following the attack, which essentially prevented the malware from doing real damage.
*Source: BBC, June 15, 2017
Cyber firms warn of malware that could cause power outages*:
- Two cyber security firms have uncovered malicious software that they believe caused a December 2016 Ukraine power outage, and warned the malware could be easily modified to harm critical infrastructure operations around the globe.
- The firms released detailed analyses of the malware, known as Industroyer or Crash Override, and issued alerts to governments and infrastructure operators.
- The two firms said they did not know who was behind the cyber-attack, and Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.
- Dragos founder Robert Lee said the malware was capable of attacking power systems across Europe and could be leveraged against the United States “with small modifications.”
- Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.
- Crash Override can be detected if a utility monitors its network for abnormal traffic, including signs the malware is searching for the location of substations or sending messages to switch breakers.
- Malware has been used in other disruptive attacks on industrial targets, including the 2015 Ukraine power outage, but in those cases human intervention was required.
*Source: Reuters, June 12, 2017