WebProNews

Tag: Cyber attack

  • McDonald’s Impacted by Data Breach

    McDonald’s Impacted by Data Breach

    McDonald’s now joins an ever-growing list of major companies impacted by data breaches.

    On the same day that VW announced it was impacted by a data breach, fast-food leader McDonald’s announced it too has suffered a breach. The company says private information was accessed for both employees and customers in South Korea and Taiwan.

    According to CNN Business, McDonald’s says it’s cybersecurity investments were to thank for helping the company identify the breach as fast as it did, preventing additional harm.

    “These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”

    It seems the damage could have been far worse had McDonald’s not contained the breach so fast. According to The Wall Street Journal, the hackers also gained access to some US employees’ business contact information, as well minor logistical information on some US restaurants, such as seating capacity. No sensitive or personal information was leaked for US employees or customers.

  • FBI Warns of Increased Voice Phishing Attacks Over VoIP

    FBI Warns of Increased Voice Phishing Attacks Over VoIP

    The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.

    As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.

    The FBI issued an advisory to warn companies and help them mitigate the threat.

    As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.

    In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.

    The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.

  • Garmin the Latest Victim of Ransomware

    Garmin the Latest Victim of Ransomware

    GPS company Garmin is the latest high-profile organization to be the victim of a major ransomware attack.

    Garmin’s customers experienced widespread outages, with some having far-reaching consequences. For example, pilots that rely on flyGarmin lost the ability to download up-to-date aviation information, effectively grounding them unless they could use an alternative option.

    The company has said “it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.”

    Beyond that, Garmin is not disclosing many additional details, including whether they paid the ransom or were able to begin decrypting their systems through other means. In fact, Garmin is only describing the incident as a “cyber attack” although, as the BBC points out, multiple outlets have confirmed it was indeed a ransomware attack.

    Garmin says its services should be up and running within a few days, although there may be some delays as the company catches up on the information backlog.

  • Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security

    Darktrace CEO: People Are Going To Give a Hard Look At Cloud Security

    “People are going to really give a hard look at cloud security,” says Darktrace CEO Nicole Eagan. “At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.”

    Nicole Eagan, CEO of Darktrace, discusses how the Capital One cyber attack happened and how it could have been prevented, in an interview on Bloomberg Technology:

    People Are Going To Really Give a Hard Look At Cloud Security

    There is so much positive momentum around cloud and so many benefits that I don’t anticipate seeing a pendulum swing back to on-prem data centers (because of the Capital One cyber hack). What I do think it means is people are going to really give a hard look at cloud security. This attack was a result of a vulnerability known as a configuration error in a Web Application Firewall that was specific to Capital One. What it does show is these configuration errors are actually really very commonplace. They’re commonplace in on-prem data centers and in cloud.

    This does highlight a few things. It does highlight insider threats, someone who had some insider knowledge. It also highlights supply chain level security. At the end of the day, it also says when you have something of this scale why not use some artificial intelligence or something that could have spotted this. Actually what was done was pretty blatant. It was 30 gigabytes of data moving to unusual storage locations. So there were a lot of ways that something like an AI system could have detected this and also prevented it from becoming an issue.

    Capital One Attack Was Human Error

    Configuration errors are basically a human error. Somebody somewhere made a human error, a mistake. We have to expect that humans are fallible and we’re going to see those type of errors. What’s so strange about this one is how public the disclosure was by the attacker on Twitter and GitHub and other places. That was what made it so unusual but also meant that the investigation moved very quickly. It seems like there’s been quite a bit of transparency as well.

    It’s interesting timing because we’re actually going into Back Hat and DEF CON, which is often known as a summer camp for hackers. There will be literally tens of thousands of people in Las Vegas next week. All of this is going to change the conversation. We’re going to see a lot about cloud security, about 5G security, about encryption and decrypting data, and of course, the evolution towards AI-based attacks. 

    What’s interesting is that people want to kind of say let’s make sure we prevent the kind of attacks we saw in 2016 (regarding the election).  The reality is the way the cybersecurity industry works the attackers keep moving on. They keep changing what’s called threat vectors. I do think we’ll see plenty of threats for 2020 but they may not look anything like the ones we saw in 2016.

    People Are Going To Give a Hard Look At Cloud Security – Darktrace CEO Nicole Eagan
  • How eCommerce Businesses Can Prevent Fraud in 2018 Holiday Season

    How eCommerce Businesses Can Prevent Fraud in 2018 Holiday Season

    Given the dynamic nature of the internet, it’s not surprising to also see frequent changes in consumer buying behavior, which online retailers try to predict and cater to on various digital platforms. Convenience and revenue growth of eCommerce businesses, however, come with a price in the form of fraud.

    Sales transactions from online merchants are on an uptrend, but attacks on eCommerce businesses have alarmingly increased as well. Based on the first-quarter report by ThreatMetrix, 210 million cyber attacks were prevented in real time from January to March 2018 – up by 62 percent from prior year. Some of these attacks have cost the eCommerce industry a whopping $58 billion in losses in 2017, according to the Global Fraud Report done by PYMNTS and Signifyd.

    Image result for threatmetrix fraud report

    Image source: ThreatMatrix (2017 Cybercrime Report)

    With the upcoming holiday season, incidents of digital fraud are expected to further rise in the eCommerce industry. Avoid the pitfalls of fraud by proactively taking steps to detect its forms and prevent them from hurting your bottom line, which can be significant for some eCommerce businesses. Fraudulent purchases can translate to chargebacks from affected online retailers, resulting in financial losses.

    Pay particular attention to these three kinds of eCommerce fraud:

    Types of eCommerce Fraud

    1. Identity Theft

    Among the most common type of fraud, identity theft has been a long-running scheme of cybercriminals. Identities, along with credit card information and addresses, are stolen using the latest techniques on data hacking, malware, and theft of mobile devices, which are then used to purchase from online merchants. Aside from stolen identities of actual individuals, fraudsters can also fabricate fictitious or manipulated personalities and use these instead during transactions.

    2. Friendly Fraud

    Sometimes called “chargeback fraud,” friendly fraud happens when customers call their credit card issuer and dispute the charge. While some fraud incidents are due to misunderstanding, others are done with malicious intent. Dishonest consumers will claim that they never received the item, heavily damaged, or not as described, requesting refunds from the online retailer after getting the package.

    3. Phishing

    This type of fraud is rampant and requires technical capability, as fraudsters pretend to be a company or eCommerce platform to trick customers into typing in personal information on a rigged form. Phishing emails often contain a warning to customers that their accounts have been compromised and need to input details like user ID, password, and personal information as proof of their identity. Armed with an individual’s stolen details, fraudsters can use these to make online purchases or transfer money to another account.

    How Online Merchants Can Protect Against Fraud

    To minimize the increasing risk for eCommerce fraud, there are a few things that you, as a business owner, can do. A proactive approach, rather than a reactive one, is more effective in preventing fraud from happening and taking a cut of your profits, especially during the holiday rush.

    1. Have a good fraud protection system in place.

    Before the buying frenzy of the holidays begins, ensure that your business has fraud prevention and chargeback protection systems set up. There are numerous tools available on the market, so choose one that fits your business needs. It’s a cost-effective solution that’s well worth the investment in the long run.

    2. Use a prevention system that combines human and artificial intelligence.

    While machine learning can effectively analyze patterns of fraud based on millions of transactional data, it still takes human intelligence to know something is off with a transaction.

    3. Take advantage of the verification process as well.

    To mitigate eCommerce fraud, make use of a good address verification system. This will confirm whether the bill-to and ship-to addresses are similar, along with email address and location as part of a customer’s identity verification when the transaction happened. An extra layer of protection helps by employing the card verification value to ensure that the customer holds or has access to the actual credit card.

    Image result for ecommerce fraud 2018

    Image source: Amasty

    4. Use email authentication.

    Even though email fraud is a far-too-common occurrence, you still need a good authentication system for your business. Authentication systems with Domain-Based Message Authentication, Reporting, and Conformance will give you a heads up if an email contains dubious links or potential threats. Aside from protecting your eCommerce business against fraud, email authentication assures your customers that what you send is trustworthy.

    5. Determine transaction origins.

    Each electronic device has a particular fraud profile and depending on what was used for the transaction, you can gauge and screen for potential eCommerce fraud. Device assessment assists online merchants in identifying transactions made by bots, flagging anomalous purchases through account takeovers, and highlighting malicious intents. 

     

    When consumer spending picks up during the holiday season, it is expected that eCommerce fraud will gain momentum as well. Ensure that your business is not losing money from fraudulent transactions by beefing up your prevention and authentication systems and keeping them updated with the latest patches. 

    [Featured image via Pexels]

  • Cyber Attacks on Small Businesses are on the Rise, Here’s How to Stay Safe

    Cyber Attacks on Small Businesses are on the Rise, Here’s How to Stay Safe

    While recent data breaches on large enterprises like Home Depot, Target, and Yahoo made headlines worldwide, a 2016 report by cybersecurity firm Symantec revealed that 43 percent of cybercrimes actually target small businesses. What’s more alarming is that the number of attacks on small business has been trending upward every year since 2011. It’s easier to target small companies because many of their owners are not educated about the risks or don’t implement adequate safeguards to protect themselves.

    However, a data breach can damage your company’s reputation and revenue. It can even put you out of business altogether. In fact, a reported 60 percent of small businesses fold within six months of a cyber attack. The need to protect yourself and your customers cannot be overstated.

    Here are five safety measures your small business can implement to fend off cyber attacks:

    1. Install the right software and keep it updated.

    Good anti-virus, spyware and/or malware prevention software is your initial line of defense. Invest in a reliable one and keep it updated regularly. As a business owner, you should never ignore an update, no matter how busy you are. The older versions of a software or system are what hackers often work on.

    Minimize the risk by making sure your antivirus software and operating system are up-to-date. Once you’ve been notified of an update, designate a time of the week to install it into your data system.

    A lot of small business owners also make the mistake of just buying whatever data security software was recommended to them without understanding it or using it properly. To choose the right software, you’ll need to assess the type of data you’re protecting and how it will be stored. Is the information you’re protecting sensitive or neutral? How many people will have access to the information and for how long do you intend to store it? Data security is not one size fits all.

    2. Invest in a secure network.

    Select a dedicated and secure server that only your company and employees use. It might mean shelling out more money upfront, but your network is guaranteed to be secure from external attacks. This will significantly reduce the risk of your customers’ information being hacked. You should also make sure that your data is always backed up. A second copy will lessen the devastation of a malware attack.

    3. Implement extensive security protocols.

    Use every safety protocol and security strategy to protect data while still keeping it usable. Implement steps like multi-factor authentication and data encryption. Make sure you develop strong passwords to prevent hackers from cracking your code. Experts say passwords should be around 13 to 15 characters and should not be a word. Instead, go with random symbols, letters, and numbers. Investing in good encryption software is another way to protect your customers’ personal data.

    4. Educate your team and train them to follow best practices.

    Most of the time, a data breach is caused by an employee’s negligence or complacency. This was what happened in the Target hack. It’s also something you see all the time in brick-and-mortar stores. Computers are left open and available or passwords scribbled on post-its for everyone to see.

    Root cause of a data breach infographic

    Make sure you take the time to educate your staff on security technology and train them to understand and follow best practices for preventing a security breach. Cybercriminals use ploys that look legitimate so employees should know what to look for. You should also have a memo or a list of best security practices to follow, like changing passwords regularly or being careful when using personal devices at work.

    5. Secure sensitive documents.

    Make it a habit to safeguard important documents even if you no longer need them. Instead of just throwing customer files and documents in the trash, take the extra step of shredding them. It’s also a good idea not to store your clients’ credit card information. After all, there’s no need for you to do so and they can’t be stolen from you if you never collected them in the first place.

    These security measures might look like a lot of work, but it is all worth it. After all, it’s better to err on the side of caution instead of losing customers or your reputation because of a data breach. 

    [Featured image via Pixabay]

  • Stuxnet Debate Continues: How Should Cyberweapons Be Used?

    When the revealing news regarding the Stuxnet computer worm came out, much controversy pursued as a result. David Sanger of the New York Times exposed the information as part of the much larger U.S. “Olympic Games” initiative and has now even written a book on it.

    Since that time, information regarding another form of malware called Flame has also been uncovered and is said to be connected to Stuxnet, which has sparked even more debate. Questions pertaining to cybersecurity, the threat of cyberwarfare, cyber laws, and many others related to the Internet and its capabilities have all risen of late, leaving many people fearful.

    Jon Lindsay, Research Fellow at University of California's Institute on Global Conflict and CooperationAccording to Jon Lindsay, a research fellow with the University of California’s Institute on Global Conflict and Cooperation, Stuxnet and Flame both represent pieces of malware, but they are very different. Stuxnet, for example, is what he calls a cyber attack that was designed to destruct the normal operations of a uranium facility in Iran that has been suspected to be part of a nuclear initiative from the country.

    Flame, on the other hand, is a form of espionage that may use some of the same types of vulnerabilities as a cyber attack would, but the payload, or the amount of damage it causes, determines the difference. Lindsay told us that Flame could get into a targeted computer and essentially do anything the computer does but from a remote location.

    “Olympic Games wasn’t just Stuxnet,” he explained. ”Olympic Games was about creating a toolkit for both espionage and covert action, in this case employed against Iran.”

    As to whether or not either of these efforts was successful, Lindsay went on to say that Flame, in particular, is hard to determine simply because of the nature of espionage. Unless there is a leak in information, the extent of its impact will not likely be known for many years.

    Some data has been recovered on Stuxnet, but based on it, the impact does not seem to be too significant. As Lindsay explained, it’s important to distinguish between the centrifuges that were filled with hexafluoride gas and spinning, which means they’re producing, and those that are spinning and not filled.

    “The breakage data actually shows that it was those that were spinning but not enriching that were broken,” he said. “So, oddly enough… it [Stuxnet] seems to have not attacked the centrifuges that were doing the most work.”

    “Most experts that look at it,” Lindsay continued, “say the program was fairly well-recovered within a year, so [it was] really a minor effect.”

    Another issue with the Stuxnet worm was the reports that, due to an error, it had gotten loose giving practically anyone the opportunity to access it. In the April 2012 edition of Smithsonian, U.S. cybersecurity advisor Richard Clarke expressed his concern over this saying, “If I’m right, the best cyberweapon the United States has ever developed, it then gave the world for free.”

    Ralph Langer, who has been recognized for “solving Stuxnet,” has pushed this theory as well, but Lindsay believes that another interpretation could be that the worm proves just how hard it is to create such a weapon.

    “Stuxnet reveals to an attacker that you need to be really, really good to figure out how to do this,” he pointed out. “You can’t use any of the same tricks because all of those holes have been patched, so you’re going to have to find new tricks, which means you’re going to have to be as good as the people that put that together.”

    What’s more, there has been a lot of hype and fear surrounding cyberwarfare going forward. There has been talk of a “digital Pearl Harbor” occurring, which has many policymakers in Washington anxious to push through cybersecurity legislation. Senator Jay Rockefeller is one lawmaker that is aggressively advocating legislation, and in a hearing earlier this year, expressed the urgency of what could happen:

    “The threat posed by cyber attacks is greater than ever, and it’s a threat not just to companies like Sony or Google but also to the nation’s infrastructure and the government itself,” Rockefeller said at a Senate Intelligence Committee hearing.

    “Today’s cyber criminals have the ability to interrupt life-sustaining services, cause catastrophic economic damage, or severely degrade the networks our defense and intelligence agencies rely on. Congress needs to act on comprehensive cybersecurity legislation immediately.”

    We spoke with Jerry Brito of the Mercatus Center at George Mason University on this issue back in April, and according to him, a lot of the hype surrounding these cybersecurity concerns are being incredibly overblown. As he told us at that time, even though weapons such as Stuxnet could be dangerous, it didn’t result in mass casualties.

    “There really is little evidence for us to believe that we are on the brink of real calamity,” said Brito.

    There have also been some bills introduced to Congress that push for companies to have tighter security, but researchers such as Brito and Lindsay are skeptical of them. Also, on that note, the whole issue of cyberweapons being used at all has been questioned. Eugene Kaspersky of the security expert firm Kaspersky Lab and the man who reportedly discovered Flame suggested in a New York Times piece that an international treaty that would ban militaries and spy agencies from making viruses would solve the problems that these viruses cause.

    According to Lindsay, such a treaty would really be “unenforceable.” Furthermore, he told us that, at this point, there is simply not enough information available to make such judgments or policies. He does believe cyber attacks and cyber espionage will continue and, more than likely, even advance.

    “We will continue to see more and more cybercrime, but no cybercrime that massively brings down financial systems,” he said. “We will continue to see a rise in espionage, but it will continue to be like espionage always is – a very ambiguous instrument.”

    However, until information is able to reveal what type of real threats lie ahead and the hype and hypothetical situations settle, he doesn’t think any action should be taken.

    What’s your take? Are you fearful after the Stuxnet ordeal? Would you like the U.S. to take a more aggressive approach on cyber issues and even utilize cyberweapons more often? Let us know in the comments.