MENTIS

Week of October 21, 2016

MENTIS
news

Week of October 21, 2016

Court Rules Bulk Data Collection by UK Agencies Violated Privacy Rights*:

  • The Investigatory Powers Tribunal handed down a ruling which found that UK intelligence agencies had been violating the privacy rights of British citizens for 17 years, from 1998 to 2015.
  • The case was brought to the tribunal after the human rights group Privacy International filed a lawsuit against the British government over its surveillance programs.
  • The tribunal considered two different types of data that were being collected by the agencies, Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD).
  • The ruling states that the agencies had inadequate external oversight to supervise their collection of data.
  • Due to new oversight mechanisms that were implemented in 2015, the current data collection programs were found to be lawful.
  • The British government had argued that bulk data collection cannot itself be a violation of privacy, and only if a human actually looks at the data can it be a violation; the tribunal rejected this argument.

*Source: Tech Raptor, October 17, 2016

https://techraptor.net/content/court-rules-bulk-data-collection-uk-agencies-violated-privacy-rights


NSA Can Access More Phone Data than Ever*:

  • One of the reforms designed to rein in the surveillance authorities of the National Security Agency has perhaps inadvertently solved a technical problem for the spy outfit and granted it potential access to much more data than before.
  • Before the signing of the USA Freedom Act in June 2015, one of the NSA’s most controversial programs was the mass collection of telephonic metadata from millions of Americans.
  • The amount of data the NSA had was only about 30 percent of the total data available; the NSA database was missing a lot of data.
  • The metadata also came in various forms from the different companies, so the NSA had to reformat much of it before loading it into a searchable database.
  • The USA Freedom Act ended the NSA's bulk collection of metadata but charged the telecommunications companies with keeping the data on hand.
  • As a result, the NSA no longer has to worry about keeping up its own database and the percentage of available records has shot up from 30 percent to virtually 100.
  • The trade-off of the new system is in the efficiency of the searches; in the past the NSA could instantaneously run approved searches of its database, now the agency must approach telecommunications companies to ask about a number and wait for a response.

*Source: ABC News, October 20, 2016

http://abcnews.go.com/US/nsa-potentially-access-phone-data/story?id=42892417


3.2 Million Debit Cards May Have Been Compromised in India*:

  • Several Indian banks are issuing an advisory to their customers, asking them to change their ATM pin or replace the card.
  • As many as 3.2 million Indian debit cards could be impacted.
  • 2.6 million cards are powered by Visa or MasterCard, while the other 600,000 cards work on top of the country’s own RuPay platform.
  • Customers of SBI, HDFC Bank, ICICI, Yes Bank, and Axis are among the "worst-hit".
  • The country’s top public sector banking and financial services company, State Bank of India, said it had blocked cards of certain customers after a warning by card network providers about risk to some cards.
  • Though it has not disclosed how many cards were blocked, reports suggest that as many as 625,000 cards were affected.

*Source: Mashable, October 17, 2016

http://mashable.com/2016/10/20/india-sbi-icici-hdfc-axis-bank-debit-card-security-breach


Axis Suffers Cyber-Attack, Hires EY to Probe Damage*:

  • A month ago, Axis bank discovered several of its computers had been breached.
  • Axis filed a preliminary report about the breach to the Reserve Bank of India; the bank has hired EY, the audit and advisory firm, to carry out an investigation.
  • Till now there are no reports of any fund transfers but the bank and EY are trying to figure out the extent of damage, data loss if any, and most importantly whether the virus is still crawling in the institution’s server zone.
  • The bank has strict security protocols and procedures in place and all its online properties are monitored round the clock by its in house team of security experts.
  • In cyber parlance, a malware creeping into a bank’s server with the possibility of the virus finding its way to multiple servers is known as “lateral movement” and can pose, what is known as, Advanced Persistent Threat.
  • A bank runs multiple servers which house a mountain of information and details of various operations like credit cards, ATMs, and real time gross settlements.
  • Most Indian banks, including those which are listed abroad, keep cyber-attacks under wraps and rarely inform the regulator.

*Economic Times, October 19, 2016

http://economictimes.indiatimes.com/industry/banking/finance/banking/axis-bank-yet-to-figure-out-extent-of-server-breach-damage-if-any/articleshow/54927032.cms


London Financial Sector Prime Target of Ransomware Attacks*:

  • Ransomware attackers have set their sights on the UK's capital – security researchers have uncovered that London has been under attack from threat actors, who are specifically launching ransomware attacks to target individuals and businesses.
  • Some of London's top banks, law firms and other businesses were found to have suffered nearly 10,500 ransomware hits, Malwarebytes researchers uncovered.
  • Malwarebytes researchers' analysis of London's Square Mile, which is home to a significant number of financial service companies and other businesses, revealed that the city was hit more times than many other countries, including Sweden, Malaysia and Hungary.
  • Researchers were able to identify the top 10 ransomware campaigns targeting people in the UK.
  • UK businesses are not the only sector to be targeted by ransomware authors, hospitals across the UK have also been targeted by ransomware, but unlike banks, the NHS claims to have not paid up the hackers.

*Source: IB Times, October 19, 2016

http://www.ibtimes.co.uk/london-financial-sector-prime-target-ransomware-attacks-security-researchers-find-1587105


Hackers Used Hijacked Webcams to Bring Down Internet*:

  • A Chinese security camera maker said its products were used to launch a cyber-attack that severed internet access for millions of users at the end of last week, highlighting the threat posed by the global proliferation of connected devices.
  • The attackers hijacked CCTV cameras made by Hangzhou Xiongmai Technology using malware known as ‘Mirai’.
  • The company has recalled some of its vulnerable products in the US, and issued a software update.
  • The attack, which took down sites including Twitter, Spotify and CNN for long stretches, underscored how hackers can marshal an increasing number of online gadgets, collectively known as the Internet of Things, to disrupt the internet on an unprecedented scale.

*Source: Telegraph, October 24, 2016

http://www.telegraph.co.uk/technology/2016/10/24/hackers-used-hijacked-webcams-to-bring-down-internet/

 

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top