Russian Company Pins European Bank Attacks on North Korea*:
- Russian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages.
- Other experts caution that such conclusions shouldn’t be made solely based on technical data.
- Security companies and law enforcement officials say Lazarus was behind attacks that employ fraudulent money-moving messages sent via the international messaging system maintained by SWIFT.
- Lazarus has been connected to North Korea before, perhaps most significantly by former FBI Director James Comey.
- Earlier this year, Kaspersky Lab said it noticed a North Korean IP address in server logs while investigating the same attack studied by Group-IB, but stopped short of attributing the attacks to North Korea.
- IP addresses identify a machine on a network, but they don’t identify who is using that machine or who may have gained unauthorized access to it.
- Group-IB says it found transliterated Russian words inside code used by Lazarus, but some words were incorrectly used – leading the company to believe that Lazarus wants security analysts to think the hackers are Russian speakers.
*Source: Data Breach, May 30, 2017
Secure Cloud Services Paramount to Data Security*:
- In order to ward off growing cyber threats against the banking and finance sector, standardizing security infrastructure is the key and deploying secure Cloud services is the first step towards that.
- The State Bank of India (SBI) has deployed proactive security governance that includes security coding practices, master-data management policy, data dictionary and log maintenance policy.
- The CIO of SBI stressed the need for an infrastructure where cyber threats can be detected and the need for deployment of Standard Operating Procedures when a system breach happens to mitigate it.
- The CIO added, “No matter how hard you are prepared, security incidents will happen because hackers have the element of surprise and they will perpetrate risk.”
- Cloud is now being looked at as a panacea for all cyber security-related issues because the cloud is managed centrally and can be updated uniformly.
- In response to reports of the massive data breach that affected SBI and other banks last year, the CIO stated the credit cards were compromised in a third party system and there was absolutely no data breach in SBI.
- The breach prompted SBI to discard six million debit cards, costing the bank nearly Rupees 2 crore.
- At a time when hundreds of new cyber-threats are detected every minute, the security breach is likely to happen if the infrastructure is not up-to-date and standardized.
*Source: News18, June 01, 2017
WannaCry Hit Indian Railways' Wi-Fi Network Hardest*:
- Indian Railways' free Wi-Fi network was affected more than any other ISP in India by WannaCry and other recent ransomware attacks.
- Railwire, the free Wi-Fi service, was launched by RailTel in association with Google.
- RailTel was formed in 2000 to help create nationwide broadband, telecom and multimedia network to modernize the train control operations and safety system of Indian Railways.
- eScan says the attackers could easily sneak through as the SMB traffic had not been blocked by RailTel.
- WannaCry ransomware used an exploit called eternal blue which took advantage of an SMB vulnerability to infect the host system.
- Some security practitioners say Indian Railways apparently failed to filter out unnecessary connections to all devices connected to the Railwire network via the Wi-Fi; if they had configured their firewall in such a way that all unconventional connection requests are blocked at the firewall level, they could have prevented the spread of WannaCry or other ransomware.
- As the use of public Wi-Fi networks in India continues to grow, updating security measures is becoming more critical.
- Public Wi-Fi networks also need to take more steps to improve user authentication, because of the risk of credential theft via phishing attacks.
*Source: Data Breach Today, May 29, 2017
UK Healthcare Accounts for 43% of All Breaches*:
- The British healthcare system experienced 2447 incidents and accounted for 43% of all reported incidents between January 2014 and December 2016.
- The number of incidents rose by 20% compared to the previous time period from 184 incidents in the last quarter of 2014, to 221 in the last quarter of 2016.
- Following the WannaCry exploit, the vulnerability of the healthcare industry, and the critical importance of improving its cybersecurity has come into sharp focus.
- The incidents were attributable to theft or loss of paperwork, data faxed or posted to incorrect recipient, data sent by email to incorrect recipient and failure to redact data.
- A data protection expert thought it was a stretch to say the UK health sector suffered a "disproportionate number of data breach incidents" just because the reports for this sector are highest, as this is the only sector which has a mandatory duty to self-report incidents and takes that duty seriously.
- The mandatory breach reporting requirement that GDPR brings in will make a difference to the distribution of reporting figures.
- NHS bodies are required to report serious data security incidents and except for telecoms, no other sector is required to report itself to the ICO.
- The health sector faces particular challenges in regard to the handling of information which other sectors such as retail, commercial services and utilities are not as much impacted by because they need to exchange large volumes of confidential data across multiple channels with external organizations.
*Source: Info Security, June 02, 2017
OneLogin Shares More Details on Breach*:
- OneLogin, whose services are used by more than 2,000 enterprises across 44 countries, informed customers on May 31 that on the same day it had detected and blocked unauthorized access at its U.S. data center.
- OneLogin later shared more information and clarified that the attacker gained access to its systems using compromised Amazon Web Services (AWS) keys.
- The hacker used the stolen keys to access the AWS API from an intermediate host with a different, smaller US-based service provider.
- The affected AWS instance and the keys leveraged by the hacker were disabled roughly seven hours later after OneLogin staff noticed unusual database activity.
- The company clarified that the threat actor gained access to a database containing data on users, apps, and various types of keys.
*Source: Security Week, June 02, 2017