Monthly Archives: July 2016

Cybercriminals Target Executives with Whaling Attacks

It looks like cybercriminals are looking for the “bigger fish in the sea” with the rise of whaling. While phishing middle to lower level employees is still extremely relevant in the world of cybersecurity, some attackers are now looking for a bigger reward by going after the executives. The term “whaling” is more than fitting as it refers to phishing executives (whales) of large corporations.


What is Whaling?
Whaling refers to targeted spear-phishing campaigns directed at senior executives, who often have access to delicate information such as employee or customer data. A successful whaling attack can yield executive passwords and other account details that can open up corporate hard drives, company networks, and even commercial bank accounts.

Where a regular phishing email will typically address a personal aspect of the target’s life, a whaling email will likely take the form of a business critical email, customized to a senior executive’s precise position and responsibilities in the company. Last year, a senior executive in charge of customer satisfaction at his company opened an email about a customer complaint. He followed the link to see the details of the complaint only to find himself redirected to an illegitimate website that ended up giving the attacker access to his company’s network.

Going After the Big Catch
In the last two years alone, as many as 7,000 US businesses have fallen victim to whaling attacks, resulting in over $740 million in losses. With the rewards for a successful cyberattack becoming bigger and bigger each day, so too are the security measures corporations are taking. Unfortunately, cybercriminals are also becoming more sophisticated with their attacks. With whaling, however, criminals must become more educated about their targets.

Most senior executives are aware of all the malicious spam they could encounter. Cybercriminals are now taking months to research the company they are after, to find out as much as possible in order to craft an email in a way that seems completely legitimate to the recipient. A successful attack happens only when the cybercriminal sends an email that has a reasonable rationale and builds trust by including pertinent and specific information that seems confidential.

Attackers have even begun to take to social media to see what charities or hobbies their target executive is involved in. Executives with open public profiles make prime targets for whaling attacks.

Don’t Become the Next Trophy Catch
Here are some guidelines to follow to limit your exposure to becoming the next trophy on the wall for cybercriminals:

  • Minimize or lock down the exposure of senior management by implementing privacy restrictions
    • Facebook – Don’t have an open profile that is visible to the general public and be weary of accepting friend requests from individuals you don’t know
    • Twitter/Instagram – Don’t let anyone and everyone follow you. Make sure to implement security measures where you can accept/deny follow requests.
  • Don’t rely on traditional security tools to safeguard network user information
  • Monitor suspicious emails by creating a reporting system
  • Assess your organization’s overall exposure to phishing attacks – launch a practice phishing attack to see how many employees actually visit the website in the email.

Ransomware Incidents at Health Organizations are now Classified as a Data Breach


According to new guidelines issued by the United States Department of Health and Human Services (HHS), ransomware incidents in HIPAA regulated organizations are now classified as a data breach. HIPAA is the Health Insurance Portability and Accountability Act, that must be followed by any health care provider who transmits health information in electronic form. In America, with the use of electronic medical records, this means just about every health care provider.

To most security professionals, this is an unusual approach, as a data breach has previously indicated the exfiltration of data by an attacker. In fact, the Code of Federal Regulations defines a breach as “the acquisition, access, use, or disclosure of protected health information in a manner not permitted . . .”

Although there have been rumors of ransomware that steals data, there is still no proof of any such ransomware in the wild.

The HHS has codified a breach as the following:

“A breach has occurred because the Electronic Protected Health Information (ePHI) encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information). . .”

In a parenthetical statement, the HHS has memorialized the act of encrypting data as “control” of the information. I would hope that this new classification will have many scratching their heads, wondering, “If I have good backups, then the control is mitigated.” (Failure to protect data is also a violation of HIPAA rules.)

In fairness to the Department of Health and Human Services, the new guidelines also allow an organization to demonstrate that there is a “low probability that the Protected Health information has been compromised,” however, the 4-step risk assessment is geared more towards a general malware outbreak, rather than a ransomware event.

Ransomware simply does not work the way the authors of the new HHS guidelines have implied. Even in a targeted attack, the ransomware authors are not seeking to use any of the data that is encrypted; they are after the value of the target getting back in operation. In random ransomware events, the attacker simply fires up the spam-generating engine and hope for some bites on their phishing lures.

Ransomware is a lucrative business. One strain has been reported to cost victims over $18 million in one year. Ransomware criminals do not have to waste their time trying to fence stolen data.

The greatest concern with this new breach classification is that it can spread to other regulations, and eventually find its way into the general practice of corporate risk officers.

Nothing could be more wasteful of a security team’s time than explaining that no data was stolen every time a piece of ransomware is detected.

Of course, the best protections against ransomware remain the same:

  • A layered defense;
  • Good backups that are stored offline and regularly tested;
  • Security awareness training for all staff;
  • Access controls;
  • Vulnerability assessments and penetration testing (including hunt team exercises);
  • Maintaining a patch management strategy.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor.

Employees: The Weakest Link in Cybersecurity


From day one, we have said that employees are the weakest link in the cybersecurity chain for an organization. In a recent webcast, Michael Gelles and Robert McFadden of Deloitte Consulting LLP highlighted just how big of a threat “insiders” are to an organization’s cybersecurity well-being.

Insider Threats

The term “insider threats” often refers to individuals who use their knowledge of or access to an organization and its systems to deliberately perpetrate wrongdoing, whether fraud, sabotage, theft or a violent act. These individuals may be current or former employees, contractors, or employees of third-party service providers.

However, insider threats are not all the same. There are three types of insider threats:

  • Malicious Insiders: These are the least frequent, but have the potential to cause the most damage due to their insider access. Administrators with privileged identities are especially risky.
  • Exploited Insiders: This refers to employees who may be tricked by external parties into providing sensitive data that shouldn’t be shared.
  • Careless Insiders: The type of insider seen most frequently within an organization. This person may be a new employee who doesn’t know their organization’s policies or an employee who is aware of the organization’s policies but has become complacent about them.
Insider Threat Statistics

In a study titled  “The Widespread Risk of Insider Threats” the following data was collected:

  • 97% of insider threat cases involved an employee whose behavior a supervisor had flagged, but that the organization had failed to follow up on.
  • 92% of insider threat cases were preceded by a negative work event, such as a termination, demotion, or dispute with a supervisor.
  • 90% of IT employees indicate that if they lost their jobs, they’d take sensitive data with them.
  • 59% of employees who leave an organization voluntarily or involuntarily say they take sensitive data with them.
  • 51% of employees involved in an insider threat incident had a history of violating IT security policies leading up to the incident.

Let’s take a moment to review the above statistics. I think it’s safe to say that we are our own worst enemy. There are two trends we can take away from the study. One, we aren’t doing a good enough job (statistics actually show that we aren’t doing this job at all) of monitoring the activity of our employees. With the evident threat of cybersecurity issues being in the limelight as of late, you would think this would be a major priority of managers and high-level executives. However, this leads us to our second trend that we can identify. If an employee has a negative experience at work, such as being flagged for their suspicious work behavior, statistics show that nine out of ten cases could lead to an insider threat occurrence. That has to be an extremely daunting area of concern for managers and executives to analyze. How do you manage your insider threats without unintentionally creating an insider threat?

The Stakes

The stakes of becoming the next big breach in the news are higher than ever. Cybercriminals are making very lucrative careers out of breaching networks and stealing personally identifiable information. As we become an increasingly information-based economy, securing your network and sensitive data are more critical than ever to any organization’s survival. In 2015, it was estimated that 58% of all data security threats came from the extended enterprise (employees, ex-employees, and trusted partners). Statistics also showed that an insider attack costs a company over $400,000 per incident and approximately $15 million in annual losses per company. Some incidences have gone on to cost a company more than $1 billion.


Whether you are dealing with a malicious, exploited or careless insider, they all end with unauthorized users having access to your company’s sensitive data. Below are “12 Steps to Future Proofing Your Internal Security” from IS Decisions:

  1. Educate Users: More training in more innovative, engaging ways, as well as the right technology to grow awareness.
  2. Use Technology: The majority of IT professionals will be spending more on security technology in the near future, with technology and tools being the most common element of any insider threat
  3. Consider Partners & Supply Chains: When we say users, we do not just mean immediate employees. Anyone who has access to your network has to be subject to the same process and restrictions, or there is little point in having them in place.
  4. Include a Post Employment Process: As we can see from the statistics above, this one is extremely important! Ensure that a process is in place that makes sure ex-employees can no longer access the organization’s systems or data as soon as they have ceased employment.
  5. Consult External Sources: Analysts, media, and organizations dedicated to cybersecurity (like WatchPoint) can help you gain an objective view of how to structure your insider threat.
  6. Stay Up-To-Date: The technologies and thinking involved in combating insider threat are evolving as quickly as the threat itself, so it is imperative to stay informed.
  7. Educate Senior Management: Senior-level management should be just as educated as lower level management and employees about insider threats and cybersecurity in general.
  8. Get C-Level Commitment and Buy-In: The commitment to enforcing your policies must go to the top of an organization so that it can be properly enforced at all levels.
  9. Implement Greater User Access Restrictions & Control: The more restrictions there are, the smaller the surface of attack.
  10. Generate User Alerts: Generating alerts is especially useful when a user’s activity triggers suspicious behavior, so users learn to know what is and what isn’t good
  11. Take a Multi-Layered Approach: Biometrics (fingerprints), two-factor authentication, etc. all make it harder (but not impossible) for an unauthorized user to access sensitive data.
  12. Be Transparent – Externally & Internally: A good internal security policy is one that is transparent and properly communicated to all employees. But you should also ensure that you communicate your approach to security externally as well.

Customers are increasingly going to be scrutinizing companies on their approach to security, so it helps to be able to show them that you have the right attitude about keeping their data safe.


New trend alert: Angler Phishing

Don’t Let Angler Phishing Lure Your Customers into a Trap

Fraudsters create fake social media accounts for many reasons. They may want to use your brand’s popularity to distribute malware, ads, pornography, or hate speech. Alternatively, they might want to protest or embarrass your brand. Fake accounts are never good for your company or your customers, but the most harmful fake accounts are those created to launch phishing attacks against your followers.

This type of fraud is on the rise. In 2016 Proofpoint has already seen a 150% increase in social media phishing attacks when compared to the same period last year. In particular, we’ve seen an increase in a dangerous new variation called angler phishing.

What is angler phishing?

This attack is named after the anglerfish, which uses a bioluminescent lure to entice and attack smaller prey. In this case, the glowing lure is a fake customer support account that promises to help your customers but secretly steals their credentials instead.

How does it happen?

Fraudsters create highly convincing fake customer service accounts and then monitor social media channels for customer support requests. Angler phishing hackers often wait to strike on evenings or weekends when your brand is less likely to monitor social media interactions. When the hacker sees a customer contact your brand, they hijack the conversation by responding directly to that customer using their fake support page. You can see an example of a hijacked conversation below.


The fraudsters are looking for any tweet or post that mentions the brand “Major Bank”. Even though John Smith tweeted his request to @majorbank, the hackers were able to intercept his tweet and respond using their fake account @askmajorbank. The link in the fraudulent response will lead John to a perfect replica of the bank’s login page. There the hackers can steal his online banking credentials, ATM pin, security questions and answers, and more.

Who is at risk?

Fraudulent customer support accounts are a problem for any business that provides customer service on social media. However, 2016 research from the Anti-Phishing Working Group shows that more than 75% of phishing attempts target financial service and ecommerce organizations to steal banking credentials and make fraudulent purchases.

How can I stop angler phishing attacks?

The first step in preventing angler phishing attacks is account discovery. But it is ineffective to manually search for fraudulent accounts that can be created and taken down in a matter of hours or even minutes.

It is also important to safeguard your social media interactions with your customers.   When getting request from customer service representatives make sure you know who you are talking with !!

Police Want to 3D Print a Dead Man’s Fingers to Unlock His Phone


Asking Apple to help break an iPhone is so three months ago. Police have a new, and higher-tech idea: 3D print the fingers of a dead man and use those fingerprints to unlock the phone instead.

Michigan State University professor Anil Jain—who has been assigned six U.S. patents on fingerprint recognition—told Fusion that police showed up at his lab to ask for help in catching a murderer in an ongoing investigation. They had scans of the victim’s fingerprints from a previous arrest and thought that unlocking his phone (the make and model weren’t divulged) might provide clues as to who killed him.

Jain and his PhD student Sunpreet Arora have already printed all 10 digits using the scans and coated them in a layer of metallic particles to mimic how conducive skin is and make it easier to read. The final 3D-printed fingers aren’t finished, but they’ll be ready for police to try out in a matter of weeks.

It’s possible that the whole move will be futile because many phones that use biometric data require a PIN to be entered if it hasn’t been used in two days. If that’s the case, fingerprint won’t unlock anything.

The legality of this move is still up in the air, but the case is further proof that fingerprints, while cool, are not really the safest way of securing our private data.

Not that it matters for a dead man, but in 2014 a judge ruled that suspects can be required to unlock a phone with a fingerprint.  While the Fifth Amendment protects the right to avoid self-incrimination and makes it illegal to force someone to give out a passcode, biometric indicators like fingerprints are not covered by the Fifth Amendment, according to the ruling.

Maybe it’s time to go back to a 6-8 digit PIN.

U.S. Voter Registration Database for Sale

As if we do not already have enough to worry about in the upcoming U.S. election, now hackers have access to the entire U.S. Voter Registration database.  A seller going by the handle “DataDirect” on TheRealDeal market is offering to sell the voter database for .5 Bitcoin or about $330 USD per state.  DataDirect is offering a value pack if you buy all 50 states for 12 Bitcoin.


TheRealDeal is a DarkNet marketplace selling everything from drugs to exploit code.

The first questions you might ask are “What would someone do with the data?” and “Why would they want it?”  First, let’s take a look at what data is being offered.  Below is a sample.


With this data, any number of a targeted scams could be run.  Marketers or criminals would know the name, address, date of birth, party affiliation, and if they are an active voter.

Is the data legit?

It is hard to know for sure if the data is legitimate.  The only way to know would be to pay and download the data.  From the sample data, it certainly looks like the real deal.  The sample data is not redacted on the site, and the name checks out as an actual person in California.

Where did the data come from?

In December 2015, Chris Vickery, a security researcher, claimed to have found 191 million US voter records.  He claimed there was no security needed to access the data, no password or other authentication needed at all.  At the time, Chris made attempts to get authorities to close the open door, but couldn’t get anyone to take responsibility. It is uncertain if the U.S. Voter Registration data was downloaded from the same source in December or if it was stolen from a political party or government agency’s server.

Every day we hear of a new database being offered for sale on the DarkNet.  This same seller is also offering a Thompson Reuters World-Check (2.4 million records) database and an (126,000 entries) user database.  Seller “thedarkoverlord” has two healthcare databases for sale from Farmington, Missouri (48,000 patients) and Atlanta, Georgia (397,000 patients).

The DarkNet, Bitcoin, and markets like TheRealDeal make it possible for criminals to continue to profit in anonymity and without repercussions. Good work if you can get it, and don’t have a conscience.

Beware! Your iPhone Can Be Hacked Remotely With Just A Message

In Brief
Do you own an iPhone? Mac? Or any Apple device?
Just one specially-crafted message can expose your personal information, including your authentication credentials stored in your device’s memory, to a hacker.
The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message.

Cisco Talos senior researcher Tyler Bohan, who discovered this critical Stagefright-type bug in iOS, described the flaw as “an extremely critical bug, comparable to the Android Stagefright as far as exposure goes.”

The critical bug (CVE-2016-4631) actually resides in ImageIO – API used to handle image data – and works across all widely-used Apple operating systems, including Mac OS X, tvOS, and watchOS.

All an attacker needs to do is create an exploit for the bug and send it via a multimedia message (MMS) or iMessage inside a Tagged Image File Format (TIFF).

Once the message received on the victim’s device, the hack would launch.

“The receiver of an MMS cannot prevent exploitation and MMS is a store and deliver mechanism, so I can send the exploit today and you will receive it whenever your phone is online,” Bohan quoted as saying by Forbes.

The attack could also be delivered through Safari web browser. For this, the attacker needs to trick the victim into visiting a website that contains the malicious payload.

In both the cases, no explicit user interaction would be required to launch the attack since many applications (like iMessage) automatically attempt to render images when they are received in their default configurations.

It is quite difficult for the victim to detect the attack, which if executed, could leak victims’ authentication credentials stored in memory such as Wi-Fi passwords, website credentials, and email logins, to the attacker.

Since iOS include sandbox protection to prevent hackers exploiting one part of the OS to control the whole thing, a hacker would require a further iOS jailbreak or root exploit to take total control of the complete iPhone.

However, Mac OS X does not have sandbox protection that could allow an attacker to access the Mac computer remotely with the victim’s passwords, potentially making users of Apple’s PCs completely vulnerable to the attack.

Apple has patched this critical issue in iOS version 9.3.3, along with patches for other 42 vulnerabilities, including memory corruption bugs in iOS’ CoreGraphics that helps render 2D graphics across those OSes, according to Apple’s advisory.

Apple also addressed serious security vulnerabilities in FaceTime on both iOS and OS X platforms, allowing anyone on the same WiFi network as a user to eavesdrop on the audio transmission from FaceTime calls even after the user had ended the call.

“An attacker in a privileged network position [could] cause a relayed call to continue transmitting audio while appearing as if the call terminated,” reads Apple description.

The FaceTime vulnerability (CVE-2016-4635) was discovered and reported by Martin Vigo, a security engineer at Salesforce.

So users are advised to patch their devices as it would not take enough time for bad actors to take advantage of the vulnerabilities, which are now known.

FDIC was hacked by China, and CIO covered it up


800px-FDIC_Seal_by_Matthew_Bisanz-640x338A report published by the House Committee on Science, Space and Technology today found that hackers purported to be from China had compromised computers at the Federal Deposit Insurance Corporation repeatedly between 2010 and 2013. Backdoor malware was installed on 12 workstations and 10 servers by attackers—including the workstations of the chairman, chief of staff, and general counsel of the FDIC. But the incidents were never reported to the US Computer Emergency Response Team (US-CERT) or other authorities and were only brought to light after an Inspector General investigation into another serious data breach at the FDIC in October of 2015.

The FDIC failed at the time of the “advanced persistent threat” attacks to report the incidents. Then-inspector general at the FDIC, Jon Rymer, lambasted FDIC officials for failing to follow their own policies on breach reporting. Further investigation into those breaches led the committee to conclude that former FDIC CIO Russ Pittman misled auditors about the extent of those breaches and told employees not to talk about the breaches by a foreign government so as not to ruin FDIC Chairman Martin Gruenberg’s chances of confirmation.

The cascade of bad news began with an FDIC Office of the Inspector General (OIG) investigation into the October “Florida incident.” On October 23, 2015, a member of the Federal Deposit Insurance Corporation’s Information Security and Privacy Staff (ISPS) discovered evidence in the FDIC’s data loss prevention system of a significant breach of sensitive data—more than 1,200 documents, including Social Security numbers from bank data for more than 44,000 individuals and 30,715 banks, were copied to a USB drive by a former employee of FDIC’s Risk Management Supervision field office in Gainesville, Florida. The employee had copied the files prior to leaving his position at the FDIC. Despite intercepting the employee, the actual data was not recovered from him until March 25, 2016. The former employee provided a sworn statement that he had not disseminated the information, and the matter was dropped.

However, Gruenberg told Science, Space and Technology Committee Chairman Rep. Lamar Smith (R-Texas) in a February letter about the breach that only about 10,000 “individuals and entities” were affected by the leak and that the former employee was cooperative. That claim was contradicted by the FDIC’s Office of the Inspector General after it used that breach for an audit of the FDIC’s security processes—indicating that the actual number was several times larger and that there were other breaches that had not been reported. One of those was a similar breach in September when a disgruntled employee in New York left with a USB drive containing the SSNs of approximately 30,000 people. That breach had been glossed over by the FDIC’s CIO, Lawrence Gross, and had only been mentioned in an annual Federal of Information Security Management Act (FISMA) report, despite its classification as a “major” breach. This was in addition to a similar, reported breach in February when another departing employee in Texas “inadvertently and without malicious intent” downloaded 44,000 records.

Then in May, the FDIC “retroactively reported five additional major breaches” to the committee, according to the report. Only after a Congressional hearing on those breaches did the FDIC offer credit monitoring services to the more than 160,000 individuals whose personal information was included in the data leaked.

The committee’s report accuses Gross—who took over in 2015 after former FDIC CIO Barry West disappeared on “administrative leave” in June of last year for unknown reasons—of creating a “toxic workplace” for FDIC’s IT team and of sabotaging efforts to improve the agency’s security footing. Nearly 50 percent of FDIC employees can use portable storage devices such as USB drives or portable disk drives, and the only thing assuring the FDIC that data was not being disseminated by former employees are signed affidavits. Gross is also the driving force behind an initiative to purchase 3,000 laptops for FDIC employees, arguing that laptops are more secure than desktops.

8 Ways to Avoid Being “Extremely Careless” with Data


On July 5th, FBI Director James Comey made a statement that the FBI would not recommend criminal charges against Democratic Party presidential nominee, Hillary Clinton. The announcement was the result of an investigation into the fact that, while serving as secretary of state, Clinton relied exclusively on a personal email account housed by her own personal server rather than using an official, protected email address. She also communicated from her private email across several electronic devices. Amongst emails about yoga appointments and family outings, Clinton exchanged highly classified information – including Benghazi communications – leading the FBI to question possible breaches of the account from foreign governments and hackers. After months of exhaustive investigation and countless hours of media coverage, the FBI did not uncover sufficient evidence to recommend criminal charges in the case, but concluded that “[Clinton and her staff] were extremely careless in their handling of very sensitive, highly classified information.”

While it’s evident that Clinton probably didn’t think she was being so careless with her data, there are a few simple ways that people in heavily-regulated and litigated industries can avoid being extremely careless. This is especially important when it comes to ediscovery, a time when you’re highly likely to make private information public.

1. The personal & professional are inseparable. Nowadays, people answer work emails on their personal devices and vice versa. They send company files to their home computers so they can work nights and weekends, and send personal documents to print or fax from work. This can be a major headache when it comes to data security, as we saw with the Clinton email scandal. Data that was once relativity secure on company premises leaves the office on portable devices and home networks and is then exposed to the risk of physical and virtual theft. Companies with BYOD or work-from-home policies should establish and enforce strict and specific security guidelines. Employees who work from home or from portable devices should always logout of email accounts and be careful not to join any unknown networks.

2. Keep passwords fresh. Update passwords every 4-6 months. Contrary to popular belief, updating your passwords every 60 or 90 days won’t necessarily result in better security measures, especially when your passwords aren’t strong in the first place. Experts recommend using a password manager like LastPass,  DashLane, or KeePass to generate stronger passwords and keep track of them.

3. Beware of the cloud. Add security layers anywhere sensitive data lives, particularly if it’s shared in the cloud. Putting locks on network file directories is simple enough, but with the massive surge in cloud usage, data leaks become more difficult to control. According to expert Joe Moriarty, businesses can better protect cloud-based data “by adding content controls, protection, tracking and deep analytics to files.” Content controls that a company can easily implement to secure data include watermarking files and videos; limiting employees’ ability to forward or print files; and most importantly, preventing unauthorized viewing, saving, and sharing of data.

4. Continued education by HR. Training your employees on security best practices is crucial to preventing a breach. Consider assigning a compliance officer who can be involved in business decisions. Such a position helps bridge the gap between tech-savvy IT employees and those who may not be able to answer, “How does this affect PCI, PII compliance of HIPAA?”

5. Remember printers? According to expert Michael Howard, the biggest mistake companies make when it comes to securing sensitive data is not securing their printing fleet. He goes on to say a staggering 90% of enterprise businesses have experienced a breach due to unsecured printing. In order to avoid this risk, Michael recommends installing security software that limits printing and helps protect your company paper trail.

While establishing day-to-day security practices is important, safeguarding data during ediscovery is a whole new ballgame. During ediscovery, data changes hands many times internally and externally. Data is gathered from multiple network drives, sources, and authorities then handed over to another party or two, and some of that data might end up in the public record. Penalties for breaches during ediscovery can include mistrials, fines, sanctions, and even lawsuits, so the stakes are extremely high.

6. Know your data. Every organization needs to be familiar with where its data resides, the laws governing it, and  how it may be collected, processed, retained, and transferred before litigation begins. This is especially important when working with cross-border litigation, given the recent changes in EU data protection laws.

7. Limit scope as much as possible. Evaluate the scope of data that is being requested during discovery. For litigation purposes, can the data requested be reasonably limited so that personal data issues can be reduced or eliminated altogether?

8. When in doubt, redact. Redaction is the only foolproof way to protect sensitive data. With the growing amount of ESI and increasing regulations surrounding things like PII, you can’t risk letting sensitive data slip through the cracks during ediscovery and into the hands of opposing counsel. Unfortunately, the viability and cost of manual redaction is quickly approaching an unsustainable level. With the correct redaction software, companies can ensure sensitive data gets redacted automatically, saving time, costs, and reducing the risk of human error during review.

While the data we deal with on a day-to-day basis may not be labeled as “Highly Classified” like Clinton’s, it’s still very important to have the proper procedures in place for handling and protecting it. With ESI volumes growing at an alarming rate, it’s important that we look to technology for help with data security, particularly during ediscovery, so that we aren’t caught being extremely careless.

HSBC suffers major security breach as hackers launch cyber attack on bank’s servers

HACKING group OurMine claim they took down US and UK HSBC servers following a spate of cyber attacks on major tech firm bosses.


The hacking group announced details of the security breach on its website, including links to HSBC’s US and UK sites.

In a shock strike, the so-called security firm took the major bank’s UK and US servers offline on Tuesday.

In a statement, the cyber attackers wrote: “Hello Guys, today we checked HSBC Bank security, and their website was able to be attacked!, and now we took it down.

“If you are working on HSBC Bank, please contact us…we will stop the attack and we will let you know how to protect it from people attacks!”

BREACH: It is not know whether the hack caused any disruption for HSBC’s online customers

TARGETED: OurMine claims it can “help you with your accounts security”

By early Wednesday, HSBC’s U.S. and U.K. websites appeared to be working normally.

OurMine positions itself on its website as an account and company security firm. “We scan the whole company websites and staffs and give you the weaknesses and how to fix it,” it says.

Buzzfeed reports the company recently claimed to have attacked social media accounts of prominent CEOs in order to promote its business. One if its most prominent alleged attacks was in early June, when it claimed it took over Facebook CEO Mark Zuckerberg’s social media accounts. Since then, it claims to have also targeted accounts of the several CEOs including Google’s Sundar Pichai, Uber’s Travis Kalanick, and Twitter’s Jack Dorsey.

In December, it claimed it attacked WikiLeaks.

In a second post on Tuesday, the group announced it “stopped the attack” after “a staff of HSBC talked with us”.

It is not know whether the hack caused any disruption for HSBC’s online customers.

Daily Star Online has contacted HSBC for comment.

SECURITY BREACH: The group announced it “stopped the attack” after talking to the bank.

This seems to be an everyday occurrence in today’s “Digital Age”.  Make sure you change your passwords regularly….l.