The target: Three large UK and Israeli-based Private Equity firms, among others, were targeted by an organized criminal enterprise dubbed ‘The Florentine Banker’ by security researchers.
The take: 1.1M GBP, transferred to fraudulent bank accounts – only half of which was able to be recovered.
The attack vector: The unnamed victims were targeted with a prolonged business e-mail compromise attack, where targeted phishing e-mails were sent to various employees, until eventually, attackers had access to multiple e-mail accounts. Over time, the attackers reviewed correspondence in these accounts to compile an overview of the structure of the firms, relationships with outside parties, and gained an understanding of the channels and procedures used to move money. From there, they added mailbox rules to redirect messages pertaining to wire transfers, and interjected themselves into those conversations using look-alike domains in order to intercept and redirect funds.
This story highlights the vital importance of compensatory controls and secondary validation steps around critical actions like transfer of cash (voice/video confirmation of the details of an e-mail request, for example). Furthermore, incidents like these serve to highlight the necessity of enabling (and enforcing) two-factor authentication on e-mail accounts and rigorous social engineering training and testing of staff to help prevent compromise. Ultimately, firms must nurture a culture of critical thought and encourage employees to question requests or actions which seem out-of-the-ordinary.
Pensions&Investments: The millions of Americans now working from home due to the COVID-19 pandemic presents an opportunity for bad actors looking to infiltrate individual retirement accounts, sources said.
Reuters: Zoom video conferencing app’s user base grew by another 50% to 300 million in the last three weeks, as the company fought to quell a backlash around security and safety that has seen a number of governments and firms ban its applications.
American Banker: The agency has been informing applicants for its EIDL program by paper mail that it discovered the data breach on March 25. It said in its letter that it disabled the website, took steps to prevent the breach from happening again and is offering identity theft protection services to victims through ID Experts.
Reuters: The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019. Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.
CNBC: Within minutes of the U.K. government’s furlough scheme going live, it was targeted by opportunistic hackers impersonating the country’s tax collection agency.
ETFExpress: The virus has debilitated regions, and decimated sectors with an unparalleled level of speed and ferocity. Its impact on companies and business models has been indiscriminate, hurting particularly those companies with weaker or under-developed digital underpinnings. Stronger players have had to shock themselves into emergency measures designed to prevent discontinuity. Companies have had to learn how to operate remotely, and virtually. And billions of people are now working from home and adjusting to virtual workplaces thanks to teleconferencing services like Zoom and Microsoft Teams.
HedgeWeek: With the closure of non-essential workplaces during the Covid-19 pandemic shaking up the way financial services companies do business, the remote working environment is raising an assortment of operational challenges for hedge fund firms, spanning communication technology, data and information security, and infrastructure vulnerability.
The target: Zoom, a popular videoconferencing service
The take: More than 500,000 username/password combinations, along with personal meeting URLs and HostKeys for active Zoom accounts were found currently for sale on the dark web.
The attack vector: Security researchers suspect that the list was not stolen from Zoom directly, but was rather compiled through ‘password stuffing’ attacks – where e-mail/password combinations from past breaches are tried against different sites and services. Attackers take previously breached username/password combinations and cycle through login attempts using the breached credentials – the successful combinations are compiled and sold.
This incident highlights a few key issues – namely, for individuals, the risks inherent in password re-use: this incident confirms that at least 500,000 active Zoom users are still re-using known compromised passwords, which attackers can use to gain control of their other accounts.
Institutionally, it highlights reputational issues – while this particular list of credentials was not exposed directly by Zoom, attackers are using the service’s popularity to market the list, and it gives the appearance of being yet another in a string of recent security incidents the videoconferencing service has had to answer for.
ZDNet: Router vendor Linksys has locked user accounts on its Smart WiFi cloud service and is asking users to reset passwords after hackers have been observed hijacking accounts and changing router settings to redirect users to malware sites.
Reuters: U.S. government officials warned on April 15, 2020 about the threat of North Korean hackers, calling particular attention to banking and other financial services.
Financial Times Adviser: In an email to advisers, sent last week (April 9), Prudential said it had been alerted to a number of emails which “at first glance” looked to be from a Prudential email account.
Reuters: Standard Chartered Plc (STAN.L) is the first major global bank to tell employees not to use Zoom Video Communications Inc (ZM.O) during the coronavirus pandemic due to cybersecurity concerns, according to a memo seen by Reuters.
Insurance Business: C-suite executives will increasingly be targeted as cyber criminals look for ways to extort money from large corporations, according to a new report from cyber analytics provider CyberCube.
IT News: A report on the ‘Commonwealth cyber security posture in 2019’ [pdf], released as Australia headed into the Easter weekend, provided a detailed breakdown of incidents that impacted Commonwealth (or federal) entities last calendar year, though it does not disclose which entities were victims.
Dark Reading: As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
The target: General Electric, a Fortune 500 technology firm
The take: Personally identifiable information and documentation of current and former employees, as well as their beneficiaries – including direct deposit forms, driver’s licenses, passports, birth certificates, marriage certificates, child support orders, and many others.
The attack vector: While their own systems were not compromised, GE were notified by a service provider of a breach affecting their data. Canon Business Process Services reported that one of their employee’s email accounts was breached by an unauthorized party for a period of just under two weeks in February of this year. This employee had processed data on behalf of GE and the attackers gained access to a litany of confidential information.
Service provider relationships continue to pose increasing challenges for firms in today’s security landscape, as subcontracted entities may handle a firm’s sensitive data – be that business-critical data or the PII of their employees. A firm is ultimately responsible for their data regardless if they or a subcontractor are the ones handling it, and as such, a firm’s own security controls must follow that data and extend to third party processors.
ZDNet: Elon Musk's SpaceX has banned employees from using video-conferencing app Zoom over "significant privacy and security concerns", according to a memo seen by Reuters.
In response to these concerns, Zoom has announced it is immediately freezing feature development for 90 days to improve security and privacy and will conduct a third-party security review.
Dark Reading: A recent lawsuit filed regarding the infamous 2017 Equifax data breach revealed that the company was using "admin" as a username and password to protect sensitive data from 147 million customers — even though this password has been exposed through data breaches almost 50,000 times, according to the Have I Been Pwned database.
Tech Crunch: As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of growth funding.
Hedgeweek: Drawbridge Partners, a cybersecurity software and services firm specialising in the needs of hedge fund and private equity managers, has appointed Simon Eyre as Managing Director overseeing the European market.
Dark Reading: Over recent weeks, the ongoing spread of the COVID-19 coronavirus has forced companies around the country to make difficult decisions about how to protect their employees — as well as their communities as a whole.
CTV: Marriott says guests' names, loyalty account information and other personal details may have been accessed in the second major data breach to hit the company in less than two years.
CPO Magazine: The London-based fintech company, Finastra, which provides financial software to the global banking sector, has reported suffering a ransomware attack that prompted the company to shut down its servers and caused disruptions to its global operations.