Monthly Archives: June 2016

FBI: Email Scams Take $3.1 Billion Toll on Businesses

Scam

Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015.

Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into money wire transfers, forwarding sensitive employee data such as W-2 data, paying fake invoices, or hijacking employee email accounts in order to use stolen email identities to win the confidence of scam targets.

The FBI has stepped up its BEC awareness campaign less than a month since it released its annual Internet Crime Complaint Center (IC3). In that report, the FBI reported U.S. businesses were hit hardest by BEC scams in 2015 with 7,838 complaints and losses of more than $263 million.

On Tuesday, the FBI refreshed those BEC numbers reporting 22,143 worldwide BEC victims representing $3.1 billion in losses since January 2015. Closer to home the FBI reports 14,032 U.S. BEC victims representing $961 million dollars in losses between October 2013 and May 2016.

The FBI data shows U.S. businesses are disproportionately affected by BEC crimes with 88 percent of all worldwide victims being U.S.-based and 90 percent of losses coming from U.S. companies.

“The BEC scam continues to grow, evolve, and target businesses of all sizes,” wrote the FBI. “The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.”

Security experts say these types of cybercrimes are difficult to protect against. “With BEC attacks there is no malware involved. You are exploiting human trust and business processes that involve email,” said Ryan Kalember, SVP cybersecurity strategy at the security firm Proofpoint in an interview with Threatpost reacting to the May IC3 report.

Despite the low-tech email attack vector, the FBI warns business e-mail compromise attacks can be extremely sophisticated. Attackers can lie in wait for extended periods of time studying whom a business does business with and what the business protocols are for wire transfers.

Security experts tell Threatpost they are seeing an uptick in elaborate and sophisticated ruses that involve CEOs, CFOs, COOs, HR departments and accounting. Attacks are become more sophisticated involving criminals going so far as monitoring a CEO’s social media feed to best time and color a fake request for a wire transfer.

The FBI says that BEC can also be springboards to other types of crimes with victims reporting romance, lottery, employment, and rental scams as well. In some instances, the FBI warns, victims are unwittingly drawn into becoming “money mules.” In these instances, money is transferred into target account and then directed to quickly transferred to a second offshore account or shell corporation.

Tips for steering clear of becoming a BEC victim, according to the FBI, include:

  • Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchical information, and out of office details.
  • Be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider additional IT and financial security procedures, including the implementation of a 2-step verification processes for out of band and communication
  • Consider implementing two factor authentication for corporate e-mail accounts.
  • Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.

 

Japanese travel agency suffers massive data breach

Japan

If you’ve taken a trip to Japan through a travel agency, you might be in a bit of trouble. JTB Corp., a major Japanese travel agency, has suffered a data breach in which the personal information on nearly 8 million people was compromised.

BatBlue reports that the leak began with an email phishing attack, where an employee of the subsidiary company i.JTB Corp. opened an email attachment that infected his or her computer. From there, the hacker could access the main server, and obtained access to the personal data of JTB Corp. customers. The data may also include information on customers who used the booking services by NTT Docomo Inc.

Among the stolen data, Nikkei reports, are the names, addresses, email addresses, and passport numbers of approximately 7.93 million people. JTB states that around 4,300 of those passport numbers are still valid, which means the hacker or anyone who purchases the stolen information can misuse them.

If your passport number was among those stolen, report it and get a replacement immediately. Identity Theft Awareness provides instructions on reporting stolen passports and requesting new ones, and advises acting as soon as possible.

JTB President Hiroyuki Takahashi has apologized for the breach, and has notified law enforcement. The investigation is ongoing, but there are currently no instances of the data being abused.

Weak Passwords Pose Cybersecurity Risk for Campus Networks

Passwords
Colleges and universities already present prime targets for hackers, and easily guessable passwords make the problem worse.

Using a weak password is the equivalent of laying out the welcome mat for hackers, but that hasn’t stopped some users from prioritizing convenience over password strength.

A SplashData analysis of 2 million passwords found that “123456” and “password” once again topped of the list of the most popular passwords in 2015. Other frequently used passwords included “12345678,” “qwerty” and “12345.”

Easy to type and just as easy to guess, these risky passwords are especially problematic for colleges and universities, which not only have a large number of users accessing the network but also represent enticing targets for cybercriminals.

Higher ed IT professionals can help protect users’ personally identifiable information and researchers’ intellectual property by teaching faculty, staff and students the importance of strong passwords and passphrases.

 

https://youtu.be/TzCs-M3JNWQ

Ransomware is Growing as Cyber Crime Pays Off

Ransomware
Ransomware is growing and transforming and cyber criminals are taking it to the bank!

Ransomware is growing into a huge business for cyber-criminals. This is business venture has a very low cost to maintain so criminals jump in and out of the business very easily.

An analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.

Published on PhishMe’s Q1 2016 Malware Review identified ransomware is growing by three key trends previously recorded throughout 2015, but have come to full fruition in the last few months:

  1. Encryption Ransomware
  2. Soft Targeting by Functional Area
  3. Downloader/Ransomware: the one-two combination

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains Rohyt Belani, CEO and Co-Founder of PhishMe.

Rohyt continues, “Another 2015 trend that emerged into fuller fruition during the first quarter of 2016 is threat actors’ use of soft targeting in phishing. In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world. Criminals target this subset with content relevant to their role. Such malicious emails are typically accompanied with Microsoft Office documents laden with malware or the ability to download the same.” During the first quarter, JavaScript applications even surpassed Office documents with macro scripts to become the most common malicious file type accompanying phishing emails.

Whichever way the cyber-criminals succeed to infiltrate the organization, the impact on the victimized organization is significant because it needs to use up scarce incident response resources for cleaning up, managing a potential public relations nightmare, and in some cases even caving in to hacker demands of paying the ransom being demanded.

The latest Infoblox DNS Threat Index for Q1 2016 reports a 3,500 percent increase in ransomware domain creation quarter on quarter from 2015. “The relative cost of infrastructure is so low that it completely makes sense from the criminal’s point of view,” Rod Rasmussen, vice president of cyber security at Infoblox.

Another factor behind the fact that ransomware is growing is that people are paying the ransoms.  Don’t mistake this as an honorable act though. According to SecureWorks senior security researcher Keith Jarvis, more than four dozen distinct families of ransomware have emerged since the start of 2015 and “generally, 0.25% to 3.0% of victims elect to pay a ransom,” Jarvis explains, “meaning attackers need to destroy data on anywhere from 30 to 400 computers for every victim who relents and pays the ransom.”

Estimating the ransomware industry, we find that the largest operations are pulling in several million dollars per year. Which is hardly surprising when you consider that 93% of phishing emails delivered last quarter contained ransomware.”

It’s an attractive threat sector for many reasons. Number one, persistent attacks can be avoided. “Ransomware that encrypts all the data and destroys local backups before asking for a lump sum payout,” Dave Venable, VP of cyber security at Masergy told SC, “lets hackers avoid the higher costs and labor of maintaining the infrastructure of persistent attacks.”

Ransomware is popular because the malware can be monetized anonymously and quickly. “Through the use of bitcoin payment systems,” explains Gunter Ollmann, CSO at Vectra Networks, “the criminal can force the victim to pay the ransom in a monetary unit that facilitates complete anonymity and can be trivially converted to cash.” Gone are the days of requiring different and specialist criminal hands to both launder the data and anonymously monetize it.

As Ilia Kolochenko, CEO of High-Tech Bridge, concludes, “Ransomware is not a technical problem, but a business model problem: while it will remain the easiest way to extort money, it will continue skyrocketing.”

Napolitano: FBI Plan to Access Browser History “Major Step Towards Police State

It never gets better no matter who is in the White House, he said

DOJ

The Obama administration is pushing Congress to amend existing surveillance laws to give the FBI unquestionable authority to access a person’s browser history without a warrant, a move Judge Andrew Napolitano slammed as “a major step towards a police state.”

Under existing law, the FBI and National Security Agency (NSA) are required to obtain a surveillance warrant from the Foreign Intelligence Surveillance Court (FISA) before accessing an individual’s electronic records.

However, the FBI is able to bypass the court system and access information relating to an individual’s phone records through the use of a “National Security Letter.”

“NSLs are shadowy administrative subpoenas for information issued by the FBI, whose authority to use them was bolstered by the Patriot Act in 2001,” as reported by US News and World Report. “The requests often are accompanied by a gag order disallowing the company from which information is sought from discussing it.”

FBI Director James B. Comey has requested Congress pass legislation to amend a “typo” in the Electronic Communications Privacy Act that, he claims, has allowed some tech companies to refuse to provide data that Congress originally intended them to hand over to the FBI.

The new legislation, if passed, would allow the FBI to access an individual’s browser history by using a National Security Letter, rather than a warrant from the FISA Court. A National Security Letter only requires approval from the special agent in charge of a FBI Field Office.

Appearing before the Senate Intelligence Committee in February, Comey claimed the inability to obtain electronic information without a NSL affects the FBI’s work, “in a very, very big and practical way.” The Intelligence Authorization Act of 2017, with the NSL amendment attached, will now head to the full Senate for a vote.

Senator Ron Wyden (D-Ore.) was the sole member of the Intelligence Committee in opposition to the amendment.

“This bill takes a hatchet to important protections for Americans’ liberty,” he said. “This bill would mean more government surveillance of Americans, less due process, and less independent oversight of US intelligence agencies.”

Texas Republican Senator John Cornyn is a co-sponsor of a similar amendment that is set to be voted on by the Senate Judiciary Committee on Thursday; He has argued a “scrivener’s error” in the law is “needlessly hamstringing our counterintelligence and counterterrorism efforts.”

A coalition of tech firms and privacy advocates submitted a letter to the members of the Senate Judiciary Committee expressing concern over the amendment and the threat it poses to civil liberties.

“This expansion of the NSL statute has been characterized by some government officials as merely fixing a ‘typo’ in the law,” they wrote. In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight.”

Appearing with Shepard Smith on Fox News, Judge Andrew Napolitano expressed anger over the amendment and warned the American people to wake up to the ongoing erosion of their civil liberties.

“It gets worse, it never gets better no matter who is in the White House, no matter which party controls the Congress,” he said. “The American people should wake up….This is a major step towards a police state.”

“It’s done in the name of, it’s always done in the name of keeping us safe. Who or what will keep our liberties safe?”

 

 

 

Hacker puts up 167 Million LinkedIn Passwords for Sale

LinkedIn

LinkedIn’s 2012 data breach was much worse than anybody first thought.

In 2012, LinkedIn suffered a massive data breach in which more than 6 Million users accounts login details, including encrypted passwords, were posted online by a Russian hacker.

Now, it turns out that it was not just 6 Million users who got their login details stolen.

Latest reports emerged that the 2012’s LinkedIn data breach may have resulted in the online sale of sensitive account information, including emails and passwords, of about 117 Million LinkedIn users.

Almost after 4 years, a hacker under the nickname “Peace” is offering for sale what he/she claims to be the database of 167 Million emails and hashed passwords, which included 117 Million already cracked passwords, belonging to LinkedIn users.

The hacker, who is selling the stolen data on the illegal Dark Web marketplace “The Real Deal” for 5 Bitcoins (roughly $2,200), has spoken to Motherboard, confirming these logins come from the 2012 data breach.

Since the passwords have been initially encrypted with the SHA1 algorithm, with “no salt,” it just took ‘LeakedSource‘, the paid search engine for hacked data, 72 hours to crack roughly 90% of the passwords.

Troy Hunt, an independent researcher who operates “Have I Been Pwned?” site, reached out to a number of the victims who confirmed to Hunt that the leaked credentials were legitimate.

The whole incident proved that LinkedIn stored your passwords in an insecure way and that the company did not make it known exactly how widespread the data breach was at the time.

In response to this incident, a LinkedIn spokesperson informs that the company is investigating the matter.

In 2015, Linkedin also agreed to settle a class-action lawsuit over 2012’s security breach by paying a total of $1.25 million to victims in the U.S, means $50 to each of them.

According to the lawsuit, the company violated its privacy policy and an agreement with premium subscribers that promised it would keep their personal information safe.

However, now new reports suggest that a total 167 Million LinkedIn accounts were breached, instead of just 6 million.

Assuming, if at least 30% of hacked LinkedIn Accounts belongs to Americans, then the company has to pay more than $15 Million.

Meanwhile, I recommend you to change your passwords (and keep a longer and stronger one this time) and enable two-factor authentication for your LinkedIn accounts as soon as possible. Also, do the same for other online accounts if you are using same passwords on multiple sites.

Do you see a pattern here?  Social media is getting hit hard so as I said above and many times before, change your passwords frequently and make then stronger !!!

Hacker Selling 65 Million Passwords From Tumblr Data Breach

tumbler

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned.

“As soon as we became aware of this, our security team thoroughly investigated the matter. Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” read Tumblr’s blog.

A Hacker, who is going by “peace_of_mind,” is selling the Tumblr data for 0.4255 Bitcoin ($225) on the darknet marketplace The Real Deal.

The compromised data includes 65,469,298 unique e-mail addresses and “salted & hashed passwords.”

The Same hacker is also selling the compromised login account data from Fling, LinkedIn, and MySpace. I wonder if he has more data sets yet to sell…

Salt makes passwords hard to crack, but you should still probably change it.

 

 

427 Million Myspace Passwords leaked in major Security Breach

My Space

MySpace has suffered a major data breach in which hundreds of Millions of users have had their account details compromised.

You may have forgotten Myspace and have not thought of it in years after Facebook acquired the market, but Myspace was once-popular social media website.

On Tuesday, Myspace confirmed that the company was hacked in 2013 and that the stolen Myspace username and password combinations have been made available for sale in an online hacker forum.

The hacker, nicknamed Peace, who is selling the database of about 360 Million Myspace accounts with 427 million passwords, is the same hacker who was recently in the news for leaking 164 Million LinkedIn and 65 Million Tumblr accounts.

“We believe the data breach is attributed to Russian Cyberhacker ‘Peace’,” Myspace wrote in a blog post. “Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk.”

Like LinkedIn, the stolen Myspace passwords were also stored in SHA1 with no “salting.” Salting is a process that makes passwords much harder to crack.

Myspace said it has taken “significant steps” to strengthen its users’ account security since the data breach in 2013 and now the company uses double-salted hashes to store passwords.

I strongly advise users who tend to reuse the same passwords between sites to set new passwords on those websites immediately.

Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked

Twitter copy

The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace.

However, these are only data breaches that have been publicly disclosed by the hacker.

I wonder how much more stolen data sets this Russian, or other hackers are holding that have yet to be released.

The answer is still unknown, but the same hacker is now claiming another major data breach, this time, in Twitter.

Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

LeakedSource, a search engine site that indexes leaked login credentials from data breaches, noted in a blog post that it received a copy of the Twitter database from Tessa88, the same alias used by the hacker who provided it hacked data from Russian social network VK.com last week.

The database includes usernames, email addresses, sometimes second email addresses, and plain-text passwords for more than 32 Million Twitter accounts.

Twitter strongly denied the claims by saying that “these usernames and credentials were not obtained by a Twitter data breach” – their “systems have not been breached,” but LeakedSource believed that the data leak was the result of malware.

“Tens of millions of people have become infected by malware, and the malware sent every saved username and password from browsers like Chrome and Firefox back to the hackers from all websites including Twitter,” LeakedSource wrote in its blog post.

But, do you remember how Facebook CEO Mark Zuckerberg Twitter account was compromised?

The hackers obtained Zuck’s account credentials from the recent LinkedIn data breach, then broke his SHA1-hashed password string, tried on his several social media accounts and successfully hacked Zuckerberg’s Twitter and Pinterest account.

So, one possibility could also be that the alleged Twitter database dump of over 32 Million users is made up of already available records from the previous LinkedIn, MySpace and Tumblr data breaches.

The hacker might just have published already leaked data from other sites and services as a new hack against Twitter that actually never happened.

Whatever the reason is, the fact remain that hackers may have had their hands on your personal data, including your online credentials.

So, it’s high time you changed your passwords for all social media sites as well as other online sites if you are using the same password.

US warns of hacking threat to interbank payment network

_89909468_thinkstockphotos-507473994

US regulators have warned banks about potential cyber attacks linked to the interbank messaging system.

The statement came two weeks after the Federal Bureau of Investigations sent a notice cautioning US banks after the hacking of Bangladesh’s central bank.

The FBI message warned of a “malicious cyber group” that had already targeted foreign banks.

In February, hackers stole $81m (£56m) from Bangladesh’s account with the Federal Reserve Bank of New York.

The hackers used the Bangladesh central bank’s Swift credentials to transfer money to accounts in the Philippines. Swift is the system banks use to exchange messages and transfer requests.

The hackers attempted to steal nearly $1bn, but several of their requests were rejected because of irregularities.

The Federal Financial Institutions Examination Council (FFIEC) – a group of US banking regulators- issued a statement encouraging banks to check the security of their links with interbank messaging and payment systems.

The council said that following recent attacks banks should “actively manage the risks associated with interbank messaging and wholesale payment networks”.

The FFIEC said the statement was intended to alert banks to specific security steps that could protect their messaging and payment networks from “unauthorized entry”.

It warned that unauthorised transactions may subject the originating bank to losses and compliance breaches.

The Bangladesh central bank and Swift have blamed each other for the security shortfalls that led to the February hacking.

The FBI sent its warning to US banks on 23 May, telling them to pay particular attention to potentially fraudulent international transfer requests.

“The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorised monetary transfers over an international payment messaging system,” the alert said.

The Bureau said it would not comment on these alerts, but a spokesman added: “The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”