Industry News: Cyber

Know Your Breach: Magecart Group

The target: Over 17,000 websites using Amazon’s S3 public cloud storage.

The take: Credit Card payment information and personal data.

The attack vector: MageCart Group perpetrated the hacking campaign which methodically scanned and identified 17,000 unique, misconfigured Cloud Storage buckets. After locating an unsecured cloud storage server, they focused on JavaScript files which they then downloaded, added their card skimming script, and then reuploaded the now infected files.

Australia's NAB says 13,000 Customers' Personal Data Breached

2019-07-26

Reuters: National Australia Bank Ltd (NAB.AX) said 13,000 customers are being contacted after a data breach where personal data was uploaded without permission to two data service companies.

Equifax Will Pay up to $700 Million to Settle Investigations Over its Data Breach

2019-07-26

CNN: If you're among the 147 million Americans whose credit data was compromised in the 2017 Equifax data breach, read on. You may be eligible for compensation.

FTC Fines Facebook $5B for Privacy Violations

2019-07-24

CBC: The fine is the largest the Federal Trade Commission has levied on a tech company, though it won't make much of a dent for a company that had nearly $56 billion US in revenue last year.

NSA Creates New Cybersecurity Arm to Combat Foreign Threats

2019-07-23

CNN: The National Security Agency announced Tuesday it is creating a new Cybersecurity Directorate, which will "unify NSA's foreign intelligence and cyberdefense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base."

Public Service to Roll out 13 Measures to Protect Citizens' Personal Data Following Data Breaches

2019-07-15

The Straits Times: The entire public service will have to conform to a common framework to safeguard citizens' personal data, beginning with 13 new measures developed after a spate of breaches in the past year.

DefenseStorm Raises $15 Million for Automated Cybersecurity and Compliance Solutions

2019-07-15

Venture Beat: CEO Harold Brewer says the DefenseStorm team will work with the VC firm’s Georgian Impact team to accelerate adoption of applied AI and will tap its expertise to further develop DefenseStorm’s solutions suite and build out its sales and engineering team.

Do These Six Things to Protect Your Company Online

2019-07-15

ZDNet: Cyberattacks and data breaches have cost UK mid-market companies over £30 billion, yet organisations remain complacent about their cybersecurity capabilities – putting them at greater risk from hackers and cybercrime.

Know Your Breach: Bitpoint

The target: Bitpoint - A Tokyo based cryptocurrency exchange.

The take: 28 million USD total. 24 million were customer assets and 4 million were company assets. All of Bitpoint’s services are now suspended for customers.

The attack vector: Unauthorized access to its hot (stored/accessible online) wallet system through the mismanagement and compromise of user’s private keys. No breach of cold (offline storage) wallets were detected.

IT Failures Reported by Financial Firms Up 300%

2019-07-18

Financial Times Adviser: Speaking at the FCA’s annual public meeting, July 17, Megan Butler said the number of incidents reported to the regulator had increased to 916 for the year 2018-19 from 229 the year before.

Advisor Group Introduces CyberGuard Program To Protect Advisors And Clients From Ever-Increasing Threat Of Cyber Attacks

2019-07-18

Cision: Advisor Group, one of the nation's largest networks of independent wealth management firms, comprising FSC Securities Corporation, Royal Alliance Associates, SagePoint Financial and Woodbury Financial, announced the introduction of the CyberGuard Program, an evolving toolkit of cybersecurity services and support platforms aimed at empowering its 7,000 advisors across the country to protect themselves and their clients from the ever-increasing threat of cyber-attacks.

'Wizard' Cybersecurity Expert Charged with Record Hack of Bulgarian Tax Agency

2019-07-17

Reuters: A 20-year-old Bulgarian cybersecurity worker has been arrested and charged with hacking the personal and financial records of millions of taxpayers, officials said on, as police continue to investigate the country’s biggest-ever data breach.

Banking Cybersecurity Start-up DefenseStorm Raises $15m

2019-07-16

Retail Banker International: Banking cybersecurity and cyber-compliance services provider DefenseStorm has raised $15m in a Series A financing round.

The financing round was led by Georgian Partners. As a part of the deal, Georgian Partners managing partner Justin LaFayette will join the DefenseStorm board of directors.

Banks Told to Report Fraud Within 2 Hours

2019-07-16

Standard Digital: Banks and mobile money firms will from October be required to furnish the Central Bank of Kenya (CBK) with information on cyber-attacks on a real-time basis.

This latest measure follows a decision by the banking regulator to step up surveillance on cyber fraud.

JPMorgan’s Top Cybersecurity Counsel Joins Hogan Lovells

2019-07-15

Law.com: Peter Marta, most recently chief cybersecurity lawyer at JPMorgan Chase & Co., has joined the privacy and cybersecurity practice of Hogan Lovells in New York as a partner, where he plans to help clients handle regulatory issues and cyber threats.

Facebook 'To Be Fined $5bn Over Cambridge Analytica Scandal'

2019-07-13

BBC: The Federal Trade Commission (FTC) has been investigating allegations that political consultancy Cambridge Analytica improperly obtained the data of up to 87 million Facebook users.

Know Your Breach: The American Land Title Association

The target: The American Land Title Association (ALTA)

The take: Usernames and passwords of insurance agents, abstracters and underwriters.

The attack vector: A threat actor claiming to be an ethical hacker who claimed they had access to over 600 records. They also enacted a phishing campaign asking members to open a PDF listing the membership directory to confirm their information.

Cyber Attacks Cost The World $45 bn in 2018; Ransomware Hit Govts Hard

2019-07-09

Business Standard: An estimated two million cyber attacks in 2018 resulted in more than $45 billion in losses worldwide as local governments struggled to cope with ransomware and other malicious incidents, a study showed.

Mozilla Blocks UAE Bid to Become an Internet Security Guardian After Hacking Reports

2019-07-09

Reuters: Mozilla said in a statement it was rejecting the UAE’s bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users.

Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program.

NAB Ventures Leads $14 Million Raise for Cyber Security Start-up

2019-07-09

Financial Review: The venture capital arm of National Australia Bank has led a $US10 million ($14 million) investment in Silicon Valley-based cyber security start-up Digital Shadows, a business which helps brands identify their exposure to cyber threats and better manage their digital assets.

Marriott Faces $124 Million Fine From U.K. for Data Hacking

2019-07-09

Bloomberg: The cyber attack, which Marriott disclosed last year, exposed information on 339 million guest records, including 7 million related to British residents, the U.K. Information Commissioner’s Office said in a statement. It’s the second time in two days the regulator has taken advantage of far-reaching European Union powers after proposing a 183.4 million-pound penalty against British Airways.

Privacy Watchdogs Launch Investigation Over Desjardins Privacy Breach

2019-07-09

CBC: The Office of the Privacy Commissioner of Canada and its Quebec equivalent said the probes will examine whether Desjardins was in compliance with federal and provincial laws around personal information protection.

Orange Completes the Acquisition of SecureLink, Reinforcing its Cybersecurity Operations in Europe

2019-07-08

Orange: With more than 660 employees, SecureLink reported revenues of 248 million euros in 2018. Today, the company serves more than 2,100 customers from a wide range of industries. SecureLink offers its customers specialist services in cybersecurity consulting, security maintenance and around-the-clock support from its “CyberSOCs” (Cyber Security Operations Centers), as well as advanced incident detection and response capabilities.

The Canadian Centre for Cyber Security Releases Baseline Controls

2019-07-08

Mondaq: The Canadian government’s Canadian Centre for Cyber Security (“CCCS”) has released Baseline cybersecurity controls for small and medium organizations in an effort to help small and medium-sized businesses improve their cybersecurity practices and their overall resiliency to cybersecurity threats.

Know Your Breach: Georgia Tech

The target: The Georgia Institute of Technology, a public university headquartered in Atlanta

The take: The personal information of 1.3 million employees and students, including names, addresses, social security numbers and dates of birth.

The attack vector: Security failures in a web application allowed attackers to access the connected database and exfiltrate the contained data.

Scammers Utilize Social Media, CFTC Warns

2019-07-03

Investment Executive: Fake, unregistered investment schemes and other sorts of scams being touted on social media are the focus of a new investor warning from U.S. derivatives regulators.

The U.S. Commodity Futures Trading Commission (CFTC) issued an advisory warning investors about scammers utilizing social media platforms to lure victims.

Kaspersky Extends Cooperation with INTERPOL in Joint Fight Against Cybercrime

2019-07-03

Business Wire: This cooperation strengthens the existing relationship between the two organizations, ensuring information and technology sharing can support INTERPOL in cybercrime-related investigations. Within the new agreement, Kaspersky will share information about its cyberthreat research and provide the necessary tools to assist with full digital forensics, aimed at strengthening efforts on the prevention of cyberattacks.

NZ’s $8 Million Cyber Security Funding Boost

2019-07-03

Insurance Business Magazine: It has allocated $8 million over the next four years to help implement its efforts - this is on top of $9.3 million increased funding for CERT NZ.

India, Japan to Collaborate on Outer Space and Cyber Security Projects

2019-07-02

The Economic Times: India and Japan have decided to collaborate in the areas of cybersecurity and outer space as part of their growing security partnership in the Indo-Pacific region, a development that comes in the backdrop of increasing violation of social media platforms by extremists and India’s successful Anti-Satellite Weapons (ASAT) test.

Sweden’s Protective Security Act Targets Cyber Risks

2019-07-02

Computer Weekly: The goals and regulations set out in the legislation represent the end-product of several years of close consultation by the Swedish government with the IT industry and digital players. This collaboration focused on preparedness and drawing up legislation that would add an effective weapon to Sweden’s cyber threat defence arsenal.

Report: HSBC in Talks to Launch New AI System to Identify Financial Crime

2019-07-01

S&P Global: One of the sources noted the algorithm of the system would look at a banking customer and compare its financial behavior with other similar customers and make a probability if there is anything suspicious. The talks are understood to be a "multiyear conversation," according to the sources.

Florida City Fires IT Employee After Paying Ransom Demand Last Week

2019-07-01

ZDNet: Officials from Lake City, Florida, have fired an IT employee last week after the city was forced to approve a gigantic ransomware payment of nearly $500,000 last Monday.