CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Cyber attack spreads globally, thought to use leaked NSA hacking tools

Cyber attack spreads globally, thought to use leaked NSA hacking tools
May 12, 2017

An extensive cyber attack struck computers across a wide swath of Europe and Asia on Friday, and strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients. The  ransomware attack exploited a vulnerability that was discovered and developed by the National Security Agency. The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen NSA hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets—particularly hospitals—had yet to update their systems. The malware was circulated by email. Reuters reported that employees of Britain’s National Health Service were warned about the ransomware threat earlier on Friday. By then, it was already too late. Attacks on hospitals and telecommunications companies were being reported in Britain and 11 other countries, including Turkey, Vietnam, the Philippines, Japan, with the majority of affected computers in Russia. The computers all appeared to be hit with the same ransomware, and similar ransom messages demanding about $300 to unlock their data. Source: The New York Times

Possible travel ban on digital devices could put data at risk

Air passengers flying between the United States and Europe soon may have to go without large electronic devices, as a ban on such devices already in effect for several Middle East and North African airports dramatically expands. The Department of Homeland Security is considering banning electronics larger than a cellphone on all transatlantic flights. That could severely disrupt travel plans, affecting everyone from business travelers hoping to get work done on a laptop to vacationers trying to watch a movie on an iPad. The Global Business Travelers Alliance, a trade group representing corporate travel managers, is concerned that the ban could create problems for business fliers. They’re trained to keep their devices in their sight at all times for security purposes since they may contain sensitive data. Brian Sumers of travel industry business site Skift says business travelers flying in from the Middle East are uneasy about storing laptops full of confidential information in the plane’s cargo hold. Travelers might delay nonessential trips to Europe. Requiring laptops and tablets to be checked with luggage also could cause safety concerns, with potentially dangerous lithium-ion batteries stored in the cargo hold. Sources: Market Watch, CBS News

Feel like someone’s watching? You might be right

The FBI warned of a massive increase in business email compromise phishing scams, in which criminals study victims using social engineering techniques. From January 2015 to December 2016, there was a 2,370 percent increase in identified exposed losses, according to the Internet Crime Complain Center. More than 40,200 domestic and international incidents occurred from October 2013 through December 2016, with an exposed dollar loss of more than $5 billion. Asian banks in China and Hong Kong are the primary destinations of fraudulent funds. Source: CIO Dive

Despite risk, some insurers don’t talk cyber protection with clients

Research from CFC Underwriting found more than half of U.K.-based small and medium-size businesses said their insurance broker has not raised the issue of cyber insurance. CFC’s Graeme Newman said 90 percent of cyber claims come from businesses with less than 50 million pounds ($65 million) in revenue and they get more than one claim every day. Cyber offenses account for more than half of the crime total in the nation, but there is a lack of awareness around the issue. Source: Insurance Business Magazine

Microsoft sends out quick fix to squash email bug

Microsoft released an urgent update to stop hackers from taking control of computers with email. The bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message. The fix was pushed out hours before the software giant’s monthly Tuesday security update. The bug affects Windows 8, 8.1, 10 and Windows Server operating systems. Source: BBC

Europe’s top export might be hack attacks

Cyber crime attacks launched from Europe reached more than 50 million in the first quarter, double the volume coming out of the United States, according to the ThreatMetrix Q1 Cybercrime Report. Italy, France, Germany and the U.K. accounted for half of all attacks originating out of the region. Europe’s open borders allow residents to easily open bank accounts outside of their home country, making cyber crime easier. Political and financial uncertainties, combined with organized crime rings and ecommerce, also contribute to the volume. Source: Dark Reading

They shopped till they dropped (into a holding cell)

Six people were arrested in an identity-theft case, accused of using forged credit cards to rack up $150,000 in luxury cosmetics at Macy’s flagship store in in New York City’s Herald Square, officials said. The defendants allegedly used credit card information stolen from more than a dozen customers at major banks. The crew spent thousands on high-end products, according to a statement from the Manhattan District Attorney’s Office. Source: The New York Post

Got a little problem over the border, eh?

Police say they’ve busted an identity theft ring in the Toronto, Ontario, Canada, area that allegedly caused $10 million in losses to residents in Canada and abroad. The cross-border investigation involved Toronto police, the Royal Canadian Mounted Police and U.S. agencies. Two men have been arrested and warrants are out for two others. Police say they seized about $300,000 worth of goods that included luxury watches, jewelry and about 90 pairs of shoes. Source: Huffington Post Canada

Senate tells White House to get moving on cybersecurity

Senators urged the Trump administration to develop a comprehensive strategy for deterring and responding to cyber threats, voicing concerns about vulnerabilities in U.S. infrastructure. Members of a Senate panel heard testimony on Capitol Hill from experts on threats to internet-connected devices and critical infrastructure, with many lawmakers pointing to a heightened risk of hacking and cyber espionage. Source: The Hill

French president-elect says non, non to Russian hackers

Hacking attacks blamed on a Russian cyber intelligence unit failed at disrupting the campaign of French President-elect Emmanuel Macron. Timely warnings by the U.S. National Security Agency alerted Macron’s campaign team to the Russian threat. Macron’s bare-bones technology team created dozens of false email accounts, complete with phony documents, to confuse the attackers. Source: Defense World

Server problem causes health records to be exposed

Medical records of at least 7,000 people compromised in a data breach involving Bronx Lebanon Hospital Center in New York disclosed patients’ mental health and medical diagnoses, HIV status, and sexual assault and domestic violence reports. Other information in the compromised records, which online security experts said spanned 2014 to 2017, included names, home addresses, addiction histories and religious affiliations. The leak was caused by a misconfigured Rsync backup server hosted by iHealth, a company that offers records management technology. Source: NBC News

Restaurant might get indigestion from data breach lawsuit

Bellwether Community Credit Union filed a class-action lawsuit against Chipotle and is seeking damages related to the restaurant company’s recent data security breach. The suit is the latest in a chain of class-action complaints filed against retailers and restaurant companies, such as Arby’s, Wendy’s, Home Depot and Target. The complaint alleges the breach compromised names, credit and debit card numbers, card expiration dates, card verification values, and other information of Chipotle customers nationwide. Source: Credit Union Times

Trump’s re-election website pulls controversial privacy policy

The website for President Trump’s 2020 presidential campaign made an about-face on its privacy policy after questions arose about its collection of data on users’ locations. The website’s privacy policy said, “We may also collect other information based on your location and your device’s proximity to ‘beacons’ and other similar proximity systems.” Privacy advocates worry the technology can be used to identify individuals and track their movements. Hours after CBS News contacted the campaign about how it intended to use the data, language referring to the devices was removed. Source: CNet


The post Cyber attack spreads globally, thought to use leaked NSA hacking tools appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started