Tag: America

1
Bypassing the Castle Walls: Tactical Exploitation of America’s Vulnerable Grid
2
Cambridge Analytica closes its doors
3
DNA Profiles shared online lead to serial killer’s arrest
4
Russian-backed hacking targets Australian businesses
5
Was your Facebook data taken by Cambridge Analytica? Here’s how to find out
6
Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts
7
Facebook ‘hack’: fake news or a serious breach of privacy?
8
Fitness tracking app reveals US army secrets?
9
Impact of Cyberattack on Merck was $135 million
10
Update everything: Discovery of Wi-Fi flaw in connected devices

Bypassing the Castle Walls: Tactical Exploitation of America’s Vulnerable Grid

By Cameron Abbott, Max Evans and Wendy Mansell

A recent Wall Street Journal Report has detailed how America’s utility grid was hacked. The Department of Homeland Security has named Russia as responsible for the overwhelmingly complex and threatening campaign.

The scheme targeted energy companies affiliated with the government and was carried out in a sophisticated manner by initially focusing on small firms within the utility supply chain.

Early techniques involved planting malware on the websites of online publications likely to be read by employees of companies within the energy sector. The hackers would lace the online publications with malicious content allowing them to steal usernames, passwords and infiltrate company systems.

A number of small firms fell victim to these tactics giving the hackers broad access to company networks. Fake emails were subsequently sent out on behalf of the affected firms containing forged and malicious Dropbox links which captured usernames, passwords and other credentials. Further they used fake personas to send emails and pretended to be job seekers, by sending resumes containing tainted attachments to energy companies.

The hackers continued this technique of sending malware emails on behalf of firms until they reached the top of the supply chain. It was reported that on at least 8 occasions the hackers infiltrated companies who had access to the industrial control systems that run the grid.

An alarming aspect was the number of affected companies that remained oblivious of the penetration. The report is a useful description of the variety of methods used to tempt employees to expose their credentials. All too easy to do. These same techniques are regularly used by more pedestrian hackers. Two factor authentication and regular password resets remain measures to limit these threats but so many organisations do not use them.

We repeatedly counsel that employees are the last line of defence for your organisation. Circulating the Report may make an interesting read to remind them of the variety of ways they can be seduced to click an incorrect link.

Cambridge Analytica closes its doors

By Cameron Abbott and Sarah Goegan

Cambridge Analytica, the data company embroiled in the Facebook privacy scandal, is closing down. The firm’s parent company, SCL Elections, announced that it and some of its affiliates including Cambridge Analytica had commenced insolvency proceedings in the UK, and would immediately cease all operations.

In a statement, Cambridge Analytica said it had been “vilified” and the subject of “numerous unfounded accusations” about its activities, which it says are legal and widely accepted in online advertising. It blamed negative media coverage of allegations the company improperly used the data of 87 million Facebook users (which you can read about here, here and here) for a mass exodus of clients.

Read More

DNA Profiles shared online lead to serial killer’s arrest

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, California police arrested Joseph James DeAngelo, the man suspected of being the “Golden State Killer” or “East Area Rapist”, a serial killer and rapist who terrorised parts of California in the 1970s and 80s.

Of particular interest is how he came to be arrested, with the help of DNA matched on a genealogy website.

Read More

Russian-backed hacking targets Australian businesses

By Cameron Abbott, Allison Wallace and Sarah Goegan

Russian hackers are accused of penetrating up to 400 Australian businesses in 2017 as part of an alleged state-sponsored cyber-espionage campaign, targeting millions of computers across the world.

The Australian government made the announcement in light of an extraordinary joint statement from the US and UK governments pointing a stern finger at Russia for sponsoring cyber-attacks on government, private organisations, critical infrastructure providers and internet services providers.

Read More

Was your Facebook data taken by Cambridge Analytica? Here’s how to find out

By Cameron Abbott and Allison Wallace

Over the last few weeks we’ve been blogging about the data “sharing” scandal that has rocked Facebook, and has lead to a boycott of the popular social media site, and sent CEO Mark Zuckerberg to face the music on Capitol Hill.

In case you’d missed the story (which you can read about here, here and here), Facebook estimated 87 million people globally, including 300,000 Australians, had their data shared with Cambridge Analytica, a political consultancy firm used by US President Donald Trump in his 2016 election campaign.

Read More

Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts

By Warwick Andersen, Rob Pulham, Allison Wallace and Sarah Goegan

Facebook indicated in a blog post yesterday that information of up to 87 million people – 37 million more than originally revealed – may have been improperly shared with Cambridge Analytica.

Facebook also reported that this may have included data of more than 300,000 Australians. The company’s chief technology officer, Mike Schroepfer, said the company would make major changes to the way third-parties can access data on the platform. He also said users would be informed if their information could have been improperly shared with Cambridge Analytica.

Read More

Facebook ‘hack’: fake news or a serious breach of privacy?

By Cameron Abbott and Samantha Tyrrell

It has been alleged that Cambridge Analytica, a political data analytics firm specialising in psychological profiling, has tapped more than 50 million users’ Facebook profiles without their consent and subsequently used the data to assist Donald Trump’s 2016 electoral campaign.

Read More

Fitness tracking app reveals US army secrets?

By Cameron Abbott and Allison Wallace

 

Sometimes you don’t need a “hack” to have a cybersecurity issue.  The locations of several US military bases in the Middle East seem to have been inadvertently revealed through US soldiers’ use of fitness tracking devices, and the fitness tracking app Strava. Read More

Impact of Cyberattack on Merck was $135 million

By Cameron Abbott and Olivia Coburn

Drug and vaccine manufacturer Merck & Co Inc has quantified the impact of a cyberattack on its revenue at US$135 million. The company disclosed the figure in its third quarter earnings report.

The cyberattack occurred in June and forced Merck to halt production of its drugs.

Read More

Update everything: Discovery of Wi-Fi flaw in connected devices

By Cameron Abbott, Rob Pulham and Olivia Coburn

A Belgian researcher has discovered a weakness in WPA-2, the security protocol used in the majority of routers and devices including computers, mobile phones and connected household appliances, to secure internet and wireless network connections.

The researcher, Mathy Vanhoef, has named the flaw KRACK, for Key Reinstallation Attack.

Any device that supports Wi-Fi is likely to be affected by KRACK, albeit devices will have different levels of vulnerability depending on their operating systems. Linux and Android are believed to be more susceptible than Windows and iOS, and devices running Android 6.0 are reportedly particularly vulnerable.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.