Archive:2018

1
US, Russia and China don’t pledge to fight cybercrime
2
Q3 Notifiable breaches industry league results: Health first … lawyers a solid third!
3
Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word
4
Australia identified as the link in a major Chinese hack!
5
Ransomware, get your ransomware here, and you too can share in the profits!
6
Step right up and get your malware – no skill required, prices start at $20!
7
Apple calls for comprehensive US privacy laws
8
Sony Smart TV’s ….clearly not smart enough, or secure!
9
Move over Mirai – Torii is tipped to be the new botnet boss
10
Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016

US, Russia and China don’t pledge to fight cybercrime

By Cameron Abbott and Wendy Mansell

Fifty countries including Japan, Canada and many EU nations have come together with over 150 tech companies, pledging to fight against cybercrime. United State’s tech giants such as Facebook, Google and Microsoft have also joined the party.

The United States, Russia and China however have decided not to sign on. Each has no doubt very different reasons for this – the disappointment is mostly directed to the US. However it is a shame that Russia and China did not also feel the weight of the international community pressure to accept these principles.

The effort to combat cybercrime is being led by France, with French President Emmanuel Macron claiming that it is urgent that the internet is better regulated.

The countries and companies involved are fighting against illegal online activity like censorship, cyber interference in elections, hate speech and trade secrets theft.

The pledge has been made in a document titled the “Paris call for trust and security in cyberspace”.

Q3 Notifiable breaches industry league results: Health first … lawyers a solid third!

By Cameron AbbottKeely O’Dowd and Colette Légeret

The Office of the Australian Information Commissioner (OAIC) has released its third quarterly report of notifiable data breaches. This is the second OAIC report to be released covering a full quarter.

The report revealed that OAIC received 245 notifications of data breaches, marginally up from 242 notifications in the second quarterly report.

Some interesting figures from the OAIC’s report are as follows:

  • 18% of notifications were from health service providers, 14% were from the finance sector; 14% were from the legal, accounting and management services sector; 7% were from the private education sector, and 5% were from the personal services sector;
  • 85% of data breaches involved individual’s contact details, 45% involved financial details, 35% involved identity details, 22% involved health details, 22% involved tax file numbers, and 7% involved other types of personal information; and
  • 57% of data breaches were due to malicious or criminal attack, with 37% due to human error, and 6% due to system faults, with cyber incidents, namely compromised credentials or phishing being the main the cause of

Of the 245 data breaches, 58 affected only one individual – however, 7 affected more than 10,000 individuals.

These figures are a clear reminder of the need to ensure that your business is equipped to deal with data breaches. To learn more about this, take a look at this 60-second video by Cameron Abbott. With professional services ranking a solid third, we’ll take some of our own advice too!

Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word

By Cameron Abbott and Colette Légeret

Cymulate, a leading provider of Breach and Attack Simulation solutions and a Gartner 2018 Cool Vendor, announced last week that its Security Research Team had uncovered a security flaw in the Microsoft Office Suite (Office) that may affect Microsoft Word (Word) users.

The Office security flaw identified is a JavaScript code execution within the embedded video component of Word. This has the potential to impact all users of Office 2016 and users of older Office versions. Cymulate noted that no configuration was required to reproduce the issue and no security warning is presented while opening the document with Word.

Read More

Australia identified as the link in a major Chinese hack!

By Cameron Abbott and Jessica McIntosh

According to the US, China is trying to advance its aviation manufacturing capability using stolen information – and the latest is…. the information is being stolen out of Australia!

An Australian IT company dubbed “Company L” has been placed smack bang in the middle of a major hacking case in the US where US authorities have very publically and powerfully accused China of using compromised domain names to steal important aviation technology, alarmingly this has been happening for the large part of the last five years.

Read More

Ransomware, get your ransomware here, and you too can share in the profits!

By Cameron Abbott and Colette Légeret

The expansion of the “service industry” into malware-as-as-service (MaaS), is not the only cyber-attack available online, Bleeping Computer found ransomware-as-a-service (RaaS), that not only uses FilesLocker malware and targets Chinese and American victims, it also offers users a sliding commission pay-scale that rises the more ransomware victims infected.

Bleeping Computer was put on the trail of this RaaS by security researcher, Neutral8✗9eR, who saw it being marketed through a Chinese malware forum on TOR.

Read More

Step right up and get your malware – no skill required, prices start at $20!

By Cameron Abbott and Colette Légeret

It seems that the “service industry” has expanded into cyber-crime without us knowing about it as the Fortinet research team recently discovered. They came across malware-as-a-service schemes available on several Dark Web forums, with one designed as an easy-to-use point of entry for beginner Distributed Denial of Service (DDoS) attackers.

The DDoS kit disguises itself as a legitimate “booter” or “stresser” service and as it is relatively easy to set-up, almost anyone can go into the “DDoS a website for a fee” business. Some of the offerings are incredibly customisable. The research team found one such service that went operational on 17 October 2018 called “Ox-booter” which uses the Bushido botnet for its attacks. Bushido itself is relatively new, having only been identified in September 2018.

Read More

Apple calls for comprehensive US privacy laws

By Cameron Abbott and Jessica McIntosh

It’s uncomfortable to think one of the world’s biggest business leaders has this week stood up and told us all ”our own information from the everyday to the deeply personal is being weaponized against us with military efficiency” what’s more uncomfortable, these powerful words are only a small snippet of a seriously forceful and passionate speech Tim Cook delivered in Brussels on Wednesday.

Read More

Sony Smart TV’s ….clearly not smart enough, or secure!

By Cameron Abbott and Jessica McIntosh

Security researchers at Fortinet have found flaws in eight Sony Bravia Smart TV models and consequently have got us all thinking…… just how vulnerable does having a smart TV make us?

According to Fortinet the flaws found can facilitate complete ‘remote code execution with root privilege’, in other words – those with a Sony Smart TV are left totally exposed to an attack!

Read More

Move over Mirai – Torii is tipped to be the new botnet boss

By Cameron Abbott and Jessica McIntosh

It’s been hailed a true example of the evolution of IoT malware with researchers from security vendor Avast last week explaining in detail just how persistent and powerful this “new” strain of botnet can be. According to Avast, Torii is a “level of sophistication above anything they have seen before”.

For us, it’s newly found cutting-edge techniques and features mean it is a threat to EVERY type of computer and device… it’s a threat to all of us.

Read More

Tesco Bank fined £16.4 million for failing to protect account holders against an avoidable cyber-attack in 2016

By Cameron Abbott and Colette Légeret

The UK’s banking watchdog, the Financial Conduct Authority (FCA), has fined Tesco Bank, the banking arm of UK supermarket chain Tesco, £16.4 million (approximately AU$29.5 million) for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that occurred in 2016.

This cyber-attack affected thousands of account holders and netted the cyber-criminals £2.26 million (approximately AU$4.07 million) in 48 hours. It was described, at the time, as an unprecedented assault against a UK regulated bank.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.