Tag: cyberattack

1
Research reports say risks to smartphone security aren’t phoney
2
Report savages US Government agencies’ cybersecurity efforts
3
Not so happy families: Online genealogy website suffers data breach
4
North Korean cyberattacks increase ahead of summit
5
US Department of Homeland Security unveils five point strategy to combat cyber risk
6
Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack
7
Is nothing safe? New malware targets industrial control systems
8
A New Type of Cyberattack: AI-Powered Cyberattacks
9
Bangladesh Bank considers legal action against the NY Fed in Hollywood-esque hack
10
Breaches Update – July 2015

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Report savages US Government agencies’ cybersecurity efforts

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Read More

Not so happy families: Online genealogy website suffers data breach

By Cameron Abbott, Rob Pulham and Sarah Goegan

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

Read More

North Korean cyberattacks increase ahead of summit

By Cameron Abbott and Sarah Goegan

North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.

North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.

Read More

US Department of Homeland Security unveils five point strategy to combat cyber risk

By Cameron Abbott and Sarah Goegan

This week, the US Department of Homeland Security (DHS) released its Cybersecurity Strategy. The five “pillar” strategy will be executed by the DHS over the next five years, and aims to improve national cybersecurity risk management.

Read More

Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

By Cameron Abbott and Harry Crawford

The NSW Government’s vulnerability to hacking has been exposed in a report by state’s auditor-general, in which it was revealed that one government agency took 49 days to shut down a hack.

This hack started with an email account of the unnamed agency being compromised and used to send out “phishing” emails to get the credentials of finance staff members. By day 20, 300 staff had clicked on the bogus link in the phishing email. 200 email accounts ended up being under the control of the hackers.

Read More

Is nothing safe? New malware targets industrial control systems

By Cameron Abbott and Harry Crawford

I’m sure I saw this in Die Hard 4 but “life imitates art”.   A new type of malware has been discovered in a very rare field of operation for hackers: attacking industrial control systems. Cybersecurity firm FireEye has been tight-lipped in detailing the attack, but has indicated that it was against “a critical infrastructure organization” which inadvertently caused operations to shut down. The attack is also reminiscent of the infamous “Stuxnet” virus that was used against Iranian nuclear power plants in 2010. Read More

Bangladesh Bank considers legal action against the NY Fed in Hollywood-esque hack

By Cameron Abbott and Simon Ly

In a story that would make an excellent plot to a sequel to Ocean’s 13, the Federal Reserve Bank of New York has been the target of a successful major cyber hack. Part of the targeted attack was an attempt to steal nearly $1 billion from Bangladesh Bank’s account.

If anyone would be well protected it would be the NY Fed, right? Well, while they were able to block some 30 transactions, 5 were successful, resulting in $81 million being stolen from Bangladesh Bank’s account.

The NY Fed has released a statement outlining that its systems were not breached, but instead pointing to SWIFT, a member-owned cooperative relied upon by banks to authenticate international monetary transactions. In response, a SWIFT representative stated that it “reiterates that the SWIFT network itself was not breached”. For its part, the NY Fed agreed that it “viewed this as a major lapse on the part of FRB NY”.

It will be fascinating to see how this he-said she-said blame game plays out. The current state of events is that the Bangladesh Bank is engaging legal counsel to establish grounds for recompense.

It goes without saying that these mind boggling figures and the nature of the attack emphasise that no one is immune from attacks. Next time someone tells you that it can’t happen to your organisation – remember this example.

For more information, please see Bloomberg’s report here.

Breaches Update – July 2015

by Jim Bulling and Julia Baldi

U.S. Office of Personal Management (OPM)
The U.S. government has confirmed a second cyber attack on the OPM database. Hackers are confirmed to have stolen the personal information in relation to former, current and prospective federal government employees effecting at least 21.5-mllion people (almost 7% of the entire U.S. population).

See the ABC report here, CNN report here and Guardian report here.

OPM’s website, sets out how person’s may have been affected by the breach and what OPM is doing to assist those affected. OPM has sent notifications to those affected by the incident and is offering free identity theft monitoring and restoration services including identity theft insurance and credit monitoring.

OPM has also outlined a cybersecurity action report, available here.

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.