Tag: feared | SpinSafe

Home addresses of hundreds of cops feared to have fallen into the hands of computer hackers

September 3, 2023/in Computer Security

HOME addresses of some Met cops are feared to be in the hands of computer hackers.

Commissioner Sir Mark Rowley reassured his 47,000 officers and support workers that personal details were not subject to the IT breach at a company which produces warrant cards and passes.

Home addresses of hundreds of Met cops are feared to be in the hands of hackersCredit: Alamy

But The Sun on Sunday can reveal an initial survey of data held by Stockport-based Digital ID from 2,000 Met workers shows, in some cases, hackers could get home addresses.

The ransomeware attack came after new warrant cards and passes were produced in a scheme, codenamed Operation Fortress, to improve security.

Many officers complained news of the bungle was posted on an internal intranet over a Bank Holiday weekend instead of sent to them in emails.

This meant they found out only by reading our exclusive about the hack.

Hackers who hit firm which makes police warrant cards thought to be abroad

Met warrant cards hackers stole details from had been replaced at cost of £500k

Sir Mark apologised and wrote a personal message saying: “Whilst it does not include the most personal data such as addresses or financial data, this breach I know causes wider concern.”

A review of all data held on the Met by the firm is now being carried out.

It is thought hackers were blackmailers rather than terrorists, and that the Met plans to personally tell staff whose home location may be compromised.

Ex-Met commander John O’Connor said: “The hack has put officers at risk, particularly those involved in undercover work. I can’t believe the Met could be so careless.”

The National Crime Agency is leading the probe, supported by the National Cyber Security Centre.

The Met said it was a “complex incident” and added: “Our understanding of what data may be at risk is evolving.

“We are working with technical specialists and keeping staff informed.”

Other police forces, government departments and major companies also used Digital ID.

But it is believed that, rather than sharing information, they used printing equipment supplied by the firm.

Source…

Extortion spree feared after breach of file-sharing software

June 6, 2023/in Computer Security

NEW YORK CITY – Cybersecurity experts are bracing for a potential wave of extortion demands after a vulnerability was discovered in encrypted file-sharing software, a flaw that hackers have already used to target a string of high-profile victims, including British Airways and the BBC.

Several companies and a Canadian province said on Monday that they were dealing with breaches related to the secure file transfer product MOVEit from Progress Software Corp, according to statements from several of the affected entities. The vulnerability allowed hackers to steal files that companies had uploaded to MOVEit, according to Progress.

The flaw had prompted security alerts in recent days from the United States Department of Homeland Security, the United Kingdom National Cyber Security Centre, Microsoft Corp and Mandiant, a subsidiary of Alphabet’s Google Cloud.

Progress released a patch for the software last week.

“When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps,” its spokesman John Eddy said in a statement.

Microsoft said the hackers responsible for the attacks on MOVEit servers also run the Clop extortion website. Clop is the name of a ransomware variant that has been deployed against companies and organisations around the world, and it also sometimes refers to the hacking gang that uses it.

Hackers affiliated with the group also steal data and threaten to publish it on its website if a ransom is not paid.

The group has primarily targeted the health care and financial sectors and has existed since February 2019, according to Trend Micro. The same attackers were responsible for previous hacks of two other secure file transfer products developed by Accellion and Fortra, said Mr Allan Liska, senior intelligence analyst at cyber security firm Recorded Future.

Publicly available data sources show there are thousands of vulnerable MOVEit servers that could have been affected by the software flaw, Mr Liska said. The criminal hackers are expected to begin contacting companies and demanding payment in cryptocurrency in exchange for not uploading the company’s…

Source…

Toronto feared 35,000 citizens’ data would be made public after cyberattack: documents

January 2, 2022/in Internet Security

The City of Toronto expected metadata concerning some 35,000 citizens to be posted on an online forum run by Eastern European cybercriminals after a data breach earlier this year — but ended up escaping the worst, new documents obtained by CTV News Toronto show.

Some six months after an internal city agency sounded the alarm in confidential documents, the information has yet to be shared publicly and the city says it never received a ransom request, leading some cybersecurity experts to wonder if the city escaped what has been described as a massive spree of cyberattacks.

“It looks like they failed. The silence is somewhat deafening,” said cybersecurity expert Claudiu Popa. “Maybe the attacker failed to get what they wanted and didn’t have the leverage to extort this particular victim.”

The attack on Toronto was one among thousands of remote, sometimes automated attacks seeking to get data, and then threaten to expose it or destroy it unless handsome sums are paid, often in digital currency.

Ontario’s Information and Privacy Commissioner says cybercriminals are increasingly targeting public agencies, warning breaches are up 151 per cent in 2021 — with 39 public institutions attacked this year in Ontario.

“Hackers are taking advantage of the current public health crisis, and cybersecurity incidents are on the rise,” a spokesperson for the agency said.

The City of Toronto threat assessment, obtained through a Freedom of Information request, describes the attack in January of 2021 as happening through a “zero day” weakness in the city’s Accellion file transfer system.

Hackers known as “CLOP” discovered the weakness in the file transfer system at that time and used it to exploit a large number of organizations, including the Region of Durham.

CTV News Toronto has already shown that those attackers gained and then posted health and schooling data of tens of thousands of individuals, as well as a video of the arrest of a young man by Toronto police on a Durham Region transit bus.

The document appears to link the Toronto attack for the first time publicly to CLOP, which is believed to be a network operating out of…

Source…

Ransomware 3.0 – Where the CISO’s most feared scenario goes next

January 28, 2021/in Internet Security

Ask any CISO what keeps them awake at night and the answer is bound to be: ransomware. A proven money-maker for cybercriminals, ransomware can be devastating to your business – it can wipe out core operational systems; can cost you millions of dollars to recover from; can result in a stock downturn and job losses; and it should be entirely avoidable.

A brief history of ransomware

Ransomware 1.0 really kicked in with the advent of cryptocurrency, allowing cyber criminals to anonymously monetize the attacks. In this first iteration, the malware was sent out in massive quantities of malicious emails into the wild and it would demand payment from whatever machine it happened to infect. This reached a peak when, in May 2017, the global WannaCry outbreak used an automated attack mechanism to infect hundreds of thousands of machines, bringing panic across the security industry, and impacting critical national infrastructure like healthcare institutions. Unprecedented in its scale, WannaCry underlined the fact that ransomware was able to create massive extortion opportunities from public and private organizations alike.

The current incarnation, often called big game hunting ransomware or ransomware 2.0, is a more targeted and methodical attack. Criminals will compromise an individual endpoint (either via email, remote desktop protocol, or a vulnerable internet-facing device like a VPN), enter the network and attempt to hide. Over time they will escalate their access privileges, identify valuable data, exfiltrate information, poison backups, and then plant the ransomware.

When the malware is detonated, the victim has little recourse. The option of not paying is challenging because backups are compromised, and, even if they do recover on their own, the attacker will leak all their sensitive data. It’s a bleak situation – and the reason that CISOs the world over fear this very situation.

So, while this is bad enough, what comes next?

The next stages in ransomware

As cloud adoption has accelerated, partially driven by Covid, firms have more reliance on third party systems and data storage. In 2021, we can expect to see ransomware evolve to more aggressively target the cloud infrastructure,…

Source…

Tag Archive for: feared

A brief history of ransomware