Categories
Tech

Money Remains Motivating Factor for Hackers Around the World: Verizon

Image for Representation.

Image for Representation.

Verizon Business 2020 Data Breach Investigations Report found that confirmed data breaches doubled from the prior year.

  • Reuters
  • Last Updated: May 19, 2020, 12:35 PM IST

Money trumped spying as the top motivator for data breaches last year, according to Verizon’s annual report on cybercrimes published on Tuesday. About nine out of 10 breaches were financially motivated, based on an examination of more than 32,000 incidents and nearly 4,000 confirmed break-ins in 81 countries, the report said.

Verizon Business 2020 Data Breach Investigations Report found that confirmed data breaches doubled from the prior year. As the coronavirus pandemic has forced people indoors, cyber attacks on businesses are expected to climb. The report found that 86% of breaches were for money, not for purposes of spying. Credential theft, phishing and compromising business emails caused 67% of the cyber attacks.

As more businesses moved to web-based solutions, so did hackers. According to the report, breaches on web and cloud applications rose to 43%, double the previous year. Companies like Facebook Inc and Salesforce have extended working remotely to at least the rest of the year, with more businesses expected to follow suit. Verizon Business Group CEO Tami Erwin said the “digital transformation” to the work-from-home model during the coronavirus pandemic has presented a number of security red flags.

“A lot of people ended up sending workers to work from home without really thinking through what were some of the security elements in the future,” Erwin told Reuters. “I think employees working from home are probably more vulnerable to attacks,” Erwin said businesses can protect themselves from cyber attacks by keeping employees educated on phishing and other fraudulent tactics to access sensitive information.




https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=Money,Remains,Motivating,Factor,for,Hackers,Around,the,World:,Verizon,Cloud,applications,hacking,coronavirus,&publish_min=2020-05-21T06:18:15.000Z&publish_max=2020-05-23T06:18:15.000Z&sort_by=date-relevance&order_by=0&limit=2

Next Story

Categories
Tech

Data Breach Leaks Personal Data of Top Celebrities Including Priyanka Chopra, Lady Gaga, Madonna

Picture for representation only.

Picture for representation only.

The data was stolen from a large media and entertainment law firm by hackers which included a total of 756GB including contracts, nondisclosure agreements, phone numbers and email addresses, and personal correspondence.

  • IANS
  • Last Updated: May 12, 2020, 12:08 PM IST

A large media and entertainment law firm in the US representing top-notch celebrities like Priyanka Chopra, Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen and more has experienced a major data breach where hackers got access to personal data of these celebrities. The trove of data stolen from the New York-based firm by hackers “a total of 756GB” includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence “, reports Variety.

The law firm Grubman Shire Meiselas & Sacks, or gsmlaw.com for short, experienced a ransomware attack that apparently involved the appropriately named REvil malware. Other celebrities whose sensitive personal data has been hacked are Christina Aguilera, Mariah Carey, Jessica Simpson, Naomi Campbell, Robert De Niro, Sofia Vergara, Spike Lee, the Osbournes (Ozzy, Sharon and Kelly), and several more.

Representatives for the law firm did not issue comment and their website gsmlaw.com was effectively offline, displaying only its logo. In addition, top companies on the firm’s client list include Discovery, EMI Music Group, Facebook, HBO, Imax, MTV, NBA Entertainment, Playboy Enterprises, Samsung Electronics, Sony Corp. Spotify, Tribeca Film Festival, Universal Music Group and Vice Media Group, among others. According to global cybersecurity firm Sophos, rather than simply knocking the law firm out of action temporarily, the ransomware crooks have stolen personal data from a laundry list of celebrity clients.

In such ransomware attacks, said Sophos, cybercriminals use the threat of releasing the stolen data as leverage to extort payment. REVil, also known as Sodin or Sodinokibi, isn’t just operating on the old-school ransomware model of “scramble your files and offer to sell you back the decryption key”. The latest trend in ransomware attacks is to use a double-barrelled weapon that gives victims two reasons to pay up.

According to Sophos, the original criminal plot behind ransomware was that if you didn’t have reliable backups that you could restore quickly, then you might have little choice but to pay up to decrypt all your scrambled files and get your business moving again. In recent months, however, the cybercriminals have doubled down on their leverage. Before scrambling all your files as a way of grabbing your attention, the crooks quietly upload huge troves of so-called acetrophy data” that they use to blackmail anyone who is hesitant to pay up.

In other words, the financial extortion is no longer just a “kidnap ransom” to get your files back, but also a blackmail demand to stop the crooks leaking your data – or, worse still, your customers’ data – to the world. “Indeed, the REvil crew has already followed through on its threats to embarrass victims who don’t pay,” Sophos said in a statement on Tuesday. Given that ransomware crooks are no longer just keeping you away from your data but also threatening to put the rest of the world in touch with it, prevention is very much better than cure, said Sophos.

Less star-studded but no less worrying is a simultaneous report that global mailing equipment company Pitney Bowes has experienced an attack by the Maze ransomware. According to Sophos, Maze is another cybercrime gang that goes in for huge ransoms and threatens to expose stolen data, infamously demanding about $6,000,000 last year from cable and wire manufacturer Southwire. Southwire hit back by filing a so-called John Doe (the name used in the USA where defendants haven’t yet been identified) civil lawsuit against the as-yet-unknown criminals behind Maze.



https://pubstack.nw18.com/pubsync/fallback/api/videos/recommended?source=n18english&channels=5d95e6c378c2f2492e2148a2&categories=5d95e6d7340a9e4981b2e0fe&query=Data,Breach,Leaks,Personal,Data,of,Top,Celebrities,Including,Priyanka,Chopra,,Lady,Gaga,,Madonna,Bruce,Springsteen,celebrities,data,hack,&publish_min=2020-05-18T11:17:04.000Z&publish_max=2020-05-20T11:17:04.000Z&sort_by=date-relevance&order_by=0&limit=2

Categories
Tech

Aptoide App Store Hacked, Data of Over 20 Million Users Leaked

Apart from Apple and Google, there are a variety of companies offering their own app stores. Some are directly offered by phone manufacturers, while others are offered by third party companies. One such example is Aptoid, a Portugal based Android app store having over 150 million users worldwide, which is in the news but not for the right reasons.

According to a report, Aptoide is the latest victim of a hacker who claims to have published details of 20 million users. The details include data of users who registered or used the app store between 21 July 2016 and 28 January 2018. The data has been published on a popular hacking forum, which is a part of a larger group of 39 million records, which was obtained following a hack that happened in the beginning of this month.

Oh, and that doesn’t end there. The hacker also said that another 19 million records have already been procured and those will be published in the future. The second batch is expected to include user registrations between 2018 and today, which means it could be sold instead of being shared openly. The data includes “identifiable personal information” including details like the user’s email address, hashed password, name, date of registration, IP address, device data, and date of birth. It also includes technical information like account status, access tokens, developer tokens and if the account was from a super administrator.

Categories
Tech

Whisper App Leaks Personal Data of Nearly 900 Million Users: Report

Whisper App logo
(Image for Representation)

Whisper App logo
(Image for Representation)

The leaked data included users’ intimate messages, fetishes, workplaces, locations and other personal information, including that of 1.3 million 15-year-olds.

  • IANS
  • Last Updated: March 11, 2020, 3:35 PM IST
  • Edited by: Chhavianshika Singh

Whisper App, the proprietary Android and iOS mobile app, which lets people anonymously post confessions and secrets, has exposed data of millions of users. The data included their intimate messages, fetishes, workplaces, locations and other personal information. A reporter was able to freely browse and search through the records, many of which involved children: A search of users who had listed their age as 15 returned 1.3 million results, The Washington Post originally reported.

The Whisper App left the information of nearly 900 million users exposed to anyone that wanted to view it, located in a database that was not protected by passwords and was open to the public. However, the database of users did not contain real names but tied anonymous whispers to “a user’s stated age, ethnicity, gender, hometown, nickname and any membership in groups, many of which are devoted to sexual confessions and discussion of sexual orientation and desires, according to the CNET.

According to security researchers Matthew Porter and Dan Ehrlich, who run the firm Twelve Security, the Whisper App’s database comprised the user records from the app’s release more than eight years to the present day. The researchers had reportedly said that they informed Federal Law Enforcement of the situation, as well as the Whisper App, before reaching out to The Washington Post.

Categories
Tech

Equifax Hack Alleges Chinese Military Caught Stealing Millions of Americans' Data

Four members of the Chinese military have been charged with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data. The hackers in the 2017 breach stole the personal information of roughly 145 million Americans, collecting names, addresses, Social Security and driver’s license numbers and other data stored in the company’s databases. The intrusion damaged the company’s reputation and underscored China’s increasingly aggressive and sophisticated intelligence-gathering methods.

“The scale of the theft was staggering,” Attorney General William Barr said Monday in announcing the indictment. “This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.” The case is the latest U.S. accusation against Chinese hackers suspected of breaching networks of American corporations, including steel manufacturers, a hotel chain and a health insurer. It comes as the Trump administration has warned against what it sees as the growing political and economic influence of China, and efforts by Beijing to collect data for financial and intelligence purposes and to steal research and innovation.

The indictment arrives at a delicate time in relations between Washington and Beijing. Even as President Donald Trump points to a preliminary trade pact with China as evidence of his ability to work with the Communist government, other members of his administration have been warning against cybersecurity and surveillance risks posed by China, especially as the tech giant Huawei seeks to become part of new, high-speed 5G wireless networks across the globe. Experts and U.S. officials say the Equifax theft is consistent with the Chinese government’s interest in accumulating as much information about Americans as possible. The data can be used by China to target U.S. government officials and ordinary citizens, including possible spies, and to find weaknesses and vulnerabilities that can be exploited — such as for purposes of blackmail. The FBI has not seen that happen yet in this case, said Deputy Director David Bowdich, though he said it “doesn’t mean it will or will not happen in the future.”

“We have to be able to recognize that as a counterintelligence issue, not a cyber issue,” Bill Evanina, the U.S. government’s top counterintelligence official, said of the Equifax case. The four accused hackers are suspected members of the People’s Liberation Army, an arm of the Chinese military that was blamed in 2014 for a series of intrusions into American corporations. Prosecutors say they exploited a software vulnerability to gain access to Equifax’s computers, obtaining log-in credentials that they used to navigate databases and review records. They also took steps to cover their tracks, the indictment says, wiping log files on a daily basis and routing traffic through about three dozen servers in nearly 20 countries. Besides stealing personal information, the hackers also made off with some of the company’s sensitive trade secrets, including database designs, law enforcement officials said.

Equifax, headquartered in Atlanta, maintains a massive repository of consumer information that it sells to businesses looking to verify identities or assess creditworthiness. All told, the indictment says, the company holds information on hundreds of millions of people in America and abroad. None of the accused hackers is in U.S. custody. But officials nonetheless hope criminal charges can be a deterrent to foreign hackers and a warning to other countries that American law enforcement has the capability to pinpoint individual culprits. Even so, while China and the U.S. committed in 2015 to halt acts of cyber espionage against each other, the Equifax intrusion and others like it make clear that Beijing has continued its operations. A spokesperson for the Chinese Embassy in Washington did not return an email seeking comment Monday.

The case resembles a 2014 indictment that accused five members of the PLA of hacking into American corporations to steal trade secrets. U.S. authorities also suspect China in the 2015 breach of the federal Office of Personnel Management and of intrusions into the Marriott hotel chain and health insurer Anthem. Such hacks “seem to deliberately cast a wide net” so that Chinese intelligence analysts can get deep insight into the lives of Americans, said Ben Buchanan, a Georgetown University scholar and author of the upcoming book “The Hacker and the State.” “This could be especially useful for counterintelligence purposes, like tracking American spies posted to Beijing,” Buchanan said.

Barr, who at an event last week warned of Beijing’s aspirations of economic dominance, said Monday the U.S. has long “witnessed China’s voracious appetite for the personal data of Americans.” “This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” Barr said. The criminal charges, which include conspiracy to commit computer fraud and conspiracy to commit economic espionage, were filed in federal court in Atlanta. Equifax last year reached a $700 million settlement over the data breach, with the bulk of the funds intended for consumers affected by it.

Equifax officials told the Government Accountability Office the company made many mistakes, including having an outdated list of computer systems administrators. The company didn’t notice the intruders targeting its databases for more than six weeks. Hackers exploited a known security vulnerability that Equifax hadn’t fixed. While company stock has recovered, Equifax’s reputation has not fully. The company was dragged in front of Congress no less than four times to explain what happened. The company is about to start paying out claims on its $700 million settlement, of which more claimants have opted in to getting a cash settlement than accept credit counseling. So many claims have been made for the cash that the lawyers suing Equifax and the Federal Trade Commission have warned claimants that the chance of getting the full cash value of the settlement was unlikely.

Categories
Tech

Tech Companies Have Paid 114 Million Euros in Fines in Europe for Data Breaches

France has imposed the biggest single fine of 50 million euros against Google.

Tech Companies Have Paid 114 Million Euros in Fines in Europe for Data Breaches
France has imposed the biggest single fine of 50 million euros against Google.

European regulators have imposed 114 million euros ($126 million) in fines for data breaches since tougher privacy rules came into force in mid-2018, with approaches varying widely from country to country. A report by law firm DLA Piper said France has imposed the biggest single fine – of 50 million euros against Google – while the Netherlands, Britain and Germany led in terms of the number of data breach notifications. The General Data Protection Regulation was introduced in an effort to safeguard sensitive personal information and prescribes stiff penalties if companies lose control of data or process it without proper consent.

It is enforced by a patchwork of national data protection offices across the 28-member European Union, with responsibility falling disproportionately on Ireland – the ‘lead’ regulator for Silicon Valley giants that have based their European operations there, such as Facebook. The fines to date pale in comparison to multibillion-euro penalties imposed in EU anti-trust cases, but they are likely to rise over time as appeals and litigation subject the sanctions to scrutiny and create legal precedents.

In principle, regulators can impose fines of 2% or, in some cases 4%, of global turnover. In practice, they will have to judge whether such a heavy penalty would stand up in court, said DLA Piper partner Ross McKean. “It’s going to take time – the regulators are going to be wary about going to 4% because they are going to get appealed,” McKean told Reuters. “And you lose credibility as a regulator if you’re blown up on appeal.”

The largest single penalty threatened so far has been in Britain, where the regulator has proposed a fine of 183 million pounds ($239 million) against British Airways owner IAG over the theft of data of half a million customers.