Cyber Insurance News February 2019
In the February edition of Cyber Insurance related news we look at:
Stay up to date with useful information to reduce your risks.
Any comments and opinions on this blog is NOT ADVICE. They are the personal opinions of the author only. They may not be shared by any company or organisations associated with the author or INDAGARD.
Australian Parliament targeted by cyber-hack attempt
There is no proof of any of the data being accessed or stolen and it doesn’t seem like any of the government department has been targeted. Also, there aren’t any proofs suggesting that the attack was done to influence or interrupt parliament or to control electoral or political processes.
The government had immediately identified the breach at its earlier stage and acted quickly to take the necessary actions to prevent any data leakage. The parliament network is mainly used by the MPs and the staffs to store their emails along with the other data. All the passwords were reset as a precautionary measure.
The opposition Labor Party leader Bill Shorten commented that the attack on parliament must be considered as a “wakeup call”, and that what happened now must be a part of something bigger. A lot of data is being provided to several companies and it is important to take necessary steps to protect the data.
Bill Shorten also has concerns about SME businesses not being able to protect themselves when it comes to cyber attacks.
“But what I was thinking about this morning as we see the extent of the security necessary to restore the integrity of the system is are we doing enough in this country for small and medium businesses to help protect them?
In the recent years, Australian government systems has been targeted frequently just like any other country. Since 2012, the Department of Parliamentary Services that supports various functions of the Australian Parliament has taken considerable progress in increasing the cyber defenses for the Australian Parliament House computer networks.
According to the local cyber experts, a foreign government is presumed to be behind the attack, possibly China. This might be due to the upcoming elections or other political processes in the country by China. In order to try such an attack, it requires huge resources, so it is supposed to be a state actor.
Since 2017, the relations with China have collapsed when Canberra accused Beijing of interfering in its domestic affairs and Australia had been cautious of China after that. There were reports that Australia cancelled the visa of a famous Chinese businessman and it was just few months back that the Chinese telecom company Huawei Technologies were banned from Australian 5G broadband network.
Currently further information regarding the attack is not available. However, investigation process is going on with the relevant security agencies and at present their main concern is to secure the network and protect the users. Any updates will be provided to the members, senators and media as soon as it is available.
New Phishing Attack
Most of the internet users are aware of the usual phishing techniques and depends on the basic security practices to find out whether a website or an email is legitimate or not. The normal methods adopted by a user to check whether a website is legit or not is by looking if the URL is correct or not or checking whether the site use HTTPS. Some make use of browser extensions to help detect phishing domains.
But in the case of newly discovered phishing attack campaign, the cyber attackers distribute links to blogs and services that urges the users to first login using their Facebook account to access it or purchase a discounted product.
Accessing any website using your Facebook account or any social media account seems to be fine and safe and numerous websites enable this option so that the users can easily sign up for a third-party service easily.
Usually when the user clicks on “Log in with Facebook” button on the third-party websites, they are redirected to facebook.com or a new pop up window of facebook.com open up. The users provide their Facebook user credentials to authenticate using OAuth which allows the service to access your profile details.
Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, has discovered that there are many malicious blogs and services that uses a fake Facebook login prompt when the users click the login button which actually get hold of your credentials similar to other phishing websites.
The fake window also acts exactly the same way as that of a legitimate window where the users can drag it anywhere or exit it.
Vincent states that the only method to prevent being a victim of this phishing technique is to try to drag the prompt away from the window from which it is displayed. If it fails to drag properly where part of the popup vanishes over the edge of the window, it indicates that the popup is fake.
Also, it is advised to enable two-factor authentication with all services to prevent hackers from accessing your accounts if they happened to get your credentials.
At any time, phishing schemes are always considered as a serious threat for users as well as companies. The attackers always come up with creative tricks to access your personal information to steal or hack your online accounts.
LandMark White Data Breach
The customer’s data were exposed through an unprotected online service. The customer information that was revealed includes property valuations and contact details such as customer names, addresses, email IDs and phone numbers of home owners, residents, lenders and property agents.
LandMark White had been used by banks and lenders for various services such as to assess the mortgage applications. However, the bank details and loan agreements of the customers were not disclosed by the breach.
It was found that the documents exposed were from the period between January 2011 and January 2019. Around 137,500 unique valuation records and 1680 supporting documents were accidentally exposed and 250,000 individual records were also included in the collection out of which there were duplicates also.
Soon after the news of data breach came, numerous clients of LandMark White have suspended their services. Major banks in Australia have suspended important contracts with the company. The company also halted their services temporarily for up to a month.
LandMark White reported that a security vulnerability in one of the firm’s valuation platforms are responsible for the data exposure. The company has started investigation regarding the incident and they have employed expert consultants for assisting in data breach and cyber security issues. They have also taken measures to prevent further leakage of data. At present there is no proof of any data misuse. It is found that only a small percentage of the customers were potentially affected.
On investigation they found that an anonymous third party had posted the collection of records on a dark web forum which remained there for around 10 days and was then later taken down. It is however not known how many users must have accessed it from the dark web.
LandMark White has set up FAQ page to reveal the information about the data breach. They have worked cooperatively with its affected partners and also the law enforcing agencies.
The data breach has affected the reputation of the company badly as they were suspended from receiving works from numerous clients which will affect their revenues, profit and cashflows. Currently, they are not in a situation to confirm when will the clients be restoring LMW and also when LMW will be able to assess the financial impact of the breach.
Sources: Sydney Morning Herald, DarkReading
NAB takes aim at supply chain attacks
The bank’s Chief Enterprise Security officer, David Fairman stated that the bank is establishing an Integrated security function to bring the cybersecurity, fraud, investigations and physical security together. NAB would be the first institution in Australia to implement such a thing.
All the various security functions management will be combined and they are on the way to merge the security operations centers and processes for those functions.
To merge these functions together, new big data analytics techniques are being employed to bring together data from IoT devices, physical security equipment, the data network of the bank and threat intelligence networks.
This initiative which has been named as ‘security fusion’ targets to bring all the separate data pieces into one big data pool and supporting artificial intelligence, machine learning and clustering analysis to identify patterns and unknowns.
Fairman is worried about the chance of NAB being attacked where the credentials of a third-party user such as a contractor being exploited.
There were instances where attackers stole network credentials through a third-party user when they held active network credentials for the retailer to provide real-time updates.
NAB also works with several third parties and sometimes these parties use other companies and contractors also. This brings up the challenge to ensure the security of a complex supply chain.
Supply chain risk is a big issue to be dealt with and so it is important to engage with the sellers for various services.
There is a rapid increase in the supply chain attacks and it is mainly regarding the third-party hardware or software being compromised. It is also important to be concerned about the physical security systems as there are chances that it might become the entry point for attacks on the IT networks.
One of the most devastating cyberattacks, NotPetya malware was spread due to the compromise of hosted software, that lead the hacker’s way to several multinational firms such as DLA Piper and Maersk.
Supply chain attack has been considered as a rising and critical new threat vector that impacts organizations of every industry. It got more attention after the news of server boards being compromised.
Companies like NAB are very much concerned about the risk due to supply chain attack and are taking measures to provide more security.
Millions of records up for sale on Dark Web
The data was stolen and sold by a hacker/hacker group known by the name “gnosticplayers”. As of now the stolen records were put up for sale as 3 different collections. The first collection was put up for sale in the beginning of this month. It included 620 million records that were collectively stolen from 16 popular websites. The data consists of hashed passwords which need to be cracked before using. They sold the records for a huge amount of $20,000 in Bitcoins.
The second collection of data were stolen from 8 different websites and it contains 127 million records. It was sold for $14,500 worth of bitcoins and the data is believed to contain users’ credentials along with their passport details as well. The 8 hacked websites include Houzz, YouNow, Ixigo, Stronghold Kingdoms, Roll20.net, Ge.tt, Petflow and Vbulletin forum and Coinmama (Cryptocurrency Exchange). A majority of the compromised services have confirmed about the data breach.
The collection was then later removed from the market in order to avoid large number of buyers for the same collection. They had also removed the first collection for the same reason. It is not known how many buyers have already purchased the records and who have bought it.
The latest collection of data comprises of 92 million accounts that were stolen from 9 websites. The hackers are selling each database separately and the cost of all these collections together comes to around $9,700 worth Bitcoins. The websites that are affected by this breach includes Gyfcat, Pizap, Jobandtalent, Storybird, Legendas.tv, Onebip, Classpass, Streeteasy and Btcturk. However, these websites were not aware of the breach. The data stolen comprises of account user’s name, email address and passwords.
In total around 840 million records of data were stolen from 33 websites.
If you are a user of any of the services mentioned above, it is highly recommended to change your passwords if you have used the same passwords across different sites, just as a precaution.
Source: Appauls HackerNews
Australian data breach on the rise
The Office of the Australian Information Commissioner (OAIC) stated that they have received around 262 notifications in the final quarter of last year of the scheme’s operation and it is greater than the previous 3 months which received 245 notifications. OAIC does not give details of the companies that had their data breached. But among the companies that were affected in the last quarter includes International hotel chain Marriott and Defense Shipbuilder Austal to name a few.
Out of the notifications received around 64% of the breaches are due to the malicious attack on the companies. The breaches occur due to compromised credentials including usernames and passwords as a result of phishing and brute-force attacks.
The increase in data breaches shows the need for upgraded security systems and better staff training. However, the data breaches due to human errors and system faults have slightly reduced. But millions of people are always affected by data breaches at any time.
When it comes to the industries that gets affected by breaches, the one that leads is the health service providers with a count of 54 breaches. Then comes the financial services followed by legal, accounting and management services.
The cyber criminals are always attracted towards mid-sized companies as the management in small firms normally does not take much efforts to implement necessary resources to cyber security.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk stated that the prime duty of any organization to safeguard user’s personal information, must be to prevent data breaches and enhance cyber security. The staffs must also be made aware of the usual traits which the hackers use to steal the user credentials.
However, the bitter truth is that the cyber crimes will always continue to grow both in frequency and complexity targeting at the various organizations no matter whatever measures are implemented. So, the IT department and the business must adopt various steps like training the employees, allocate sufficient funds to cover protection from breaches. Even though it is impossible to have a perfect security, it is important to have a balanced cyber security strategy.
Hacker destroys all data held by US email provider
VFEmail provides both free and paid email services to the users and they had to suffer a disaster due to the attack. The primary and the backup data has been destroyed by the attacker and the company staff is currently working hard to recover them.
The issue came to be noticed when the company’s website and webmail client went down without any intimation. The hacker had formatted every disk on all of the servers, the VM, file servers and backup server is also lost. VFEmail acknowledged the problems through their Twitter account.
They have servers at Netherlands, even though it hosts only a smaller dataset and the backups in these servers are not damaged.
It was evident that the main aim of the attacker was to just attack and destroy the data and were not asked to pay any ransom. It is not a usual thing for the hackers to completely wipe out the data of a company. It is believed that the hacker had launched the attack using a virtual machine.
When the website is back online all its secondary domains have not yet started working which includes chewiemail.com, clovermail.net, mail-on.us, manlymail.net, metadatamitigator.com, offensivelytolerant.com, openmail.cc, powdermail.com, and toothandmail.com.
The users can now send and receive the emails but all their old emails and archived messages will be lost. It has been explained in the company’s site that those users who is not able to access their inbox must try sending emails to their own account. The spam filtering is also not working.
Security breaches like this are a wake-up call for organizations to ensure that their business continuity plans are working properly with set procedures for situations like this that can happen at any time.
Optus email phishing compromise
The messages pretend to be recipients of remittance advices, invoices or insurance documents that are attached with the mail for download. When the users open the messages and click on the download links in it, the malware gets downloaded.
They stated that the emails arise from numerous compromised addresses that uses the optusnet.com.au domain. However, they did not disclose how many had been detected.
If you are an Optus email user, when you receive any email check your security because it is considered that the mails are being sent to compromised accounts.
The users must be very vigilant while accessing their emails and are highly recommended to avoid emails that does not address recipients properly, or has grammar mistakes or obscure email addresses.
Numerous customers have already complained to Optus about the data breach while they accessed their emails. For some users their screen kept refreshing, while some received huge bills and there are some users who were logged in as different customer when they tried to login into My Account.
Optus is aware of the issue and have responded to the customers on social media. As a precautionary measure they also disabled the Optus My Account website temporarily. Later the website became operational and Optus together with third party vendors worked together to identify the cause of the issue.
Aussie IT firm encryption laws bite
However, there are many oppositions against this law concerning about the privacy and overall security of the users.
This law is likely to affect the tech firms as it could lessen their potential sales commitments. The technology companies in the country are now facing questions from their clients on how the new encryption law will affect the products which they have installed and are using.
This is going to impact their business badly in such a way that the foreign competitors who need not follow such laws can win the business over the Australian tech companies by siting this as an advantage.
According to ASX listed Senetas, a company that provides guaranteed encryption for data in motion, the fears about the affect of the Encryption law is justifiable.
In a presentation made by the company to the Joint Parliamentary inquiry that looks the laws, it was stated that the several risks mentioned by many industry providers regarding the legislation damaging the Australian developers’ and manufacturers’ reputations in international markets has now turned to be true. The trust of the users in the country’s tech companies operating in this market has been ruined.
Senetas stated that the extensive disapproval of the law made by the International media were being taken advantage by the external governments and competitors. They consider it as a proof that the Australian IT products and services must not be trusted.
This law is also going to affect the jobs in the IT firms and the specialist security skills will also be at danger. The financial impact due to this law is something which will be tough to evaluate.
As an example, Senetas mentioned that the TPG telecom had to halt the construction of its mobile telephone network because of issues with the main supplier Huawei technologies whose equipment were banned by the government on security reasons. This is one of the economic impacts as a result of the government decisions.
Similarly, the impact on the businesses and the citizens in Australia commercially are really offending.
Senetas also mentioned that the government must clarify the weaknesses in the laws. At present, the law enforcing agencies can demand a tech company to assist, as long as it does not find a systemic weakness or vulnerability that affects all users of a product or service.
It wanted to perceive that the industry feedback must also be taken into account for the laws to be maintained properly. It strongly wishes that the government must reconsider the Act.