shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Aadhaar

The target: India’s national ID database, Aadhaar.

The take: Names, unique identity numbers, bank details and other private information for more than 1.1 billion registered Indian citizens.

The attack vector: One utility’s channel to access the Aadhaar database was without any access control in place, used a hardcoded access token, and enforced zero rate-limiting – meaning that an attacker could cycle through all possible Aadhaar numbers and obtain information every time a valid number was hit.

Read more...

Cyber attack on Malta bank tried to transfer cash abroad

2019-02-13

Reuters: Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros ($14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong...

Read more...

Home Loan Details of 100,000 Customers Hacked in Major Data Breach

2019-02-12

TheSydneyMorningHerald: The nation's biggest banks are scrambling to contact up to 100,000 customers who may have been caught up in a major data breach at property valuation firm, LandMark White. The breach, which LandMark White first revealed late on Friday, could include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, residential addresses and contact numbers...

Read more...

The Great Equifax Mystery: 17 Months Later, The Stolen Data Has Never Been Found, and Experts are Starting to Suspect a Spy Scheme

2019-02-13

CNBC: It was the consumer data security scandal of the decade. The information included Social Security numbers, driver's license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared completely...

Read more...

Hong Kong Banks Must Step Up Cybersecurity, Protect Customers’ Data as Online Scams Multiply, Warns Industry Leader

2019-02-13

SouthChinaMorningPost: Mary Huen Wai-yi, chairwoman of the Hong Kong Association of Banks (HKAB), said that as lenders have rolled out more digital banking services allowing customers to conduct transactions on their computers or smartphones, so the risks have multiplied. Her concerns are supported by figures from the Hong Kong Monetary Authority (HKMA), the city’s de facto central bank, which show cyberattacks on banks doubled last year. Online scams – including false banking websites, phishing emails and fake banking apps – reached 142 cases in 2018, a threefold increase from the 44 reported incidents in 2017 and a big leap from 35 a year before that...

Read more...

Russia considers 'unplugging' from internet

2019-02-11

BBC: The test will mean data passing between Russian citizens and organisations stays inside the nation rather than being routed internationally. A draft law mandating technical changes needed to operate independently was introduced to its parliament last year. The test is expected to happen before 1 April but no exact date has been set...

Read more...

Cybercrime Skyrockets in NSW as Murders and Robberies Fall

2019-02-10

ABCAustralia: In the first three months of 2017, the Australian Cybercrime Online Reporting Network (ACORN) received 11,775 reports, and the number increased to 14,189 at the start of 2018 — a rise of around 20 per cent. The reporting of cybercrime to police led to Katherine Nguyen, 23, becoming the first person in Australia to be charged over the alleged theft of crypto-currency last October...

Read more...

Ex-US Intel Officer Charged with Helping Iran Target her Former Colleagues

2019-02-13

DarkReading: A former US Air Force intelligence specialist and counterintelligence agent with the Defense Department has been indicted for conspiring to provide national defense information to four Iranian nationals acting on behalf of the Iranian Revolutionary Guard Corps (IRGC)......

Read more...

Know Your Breach: Firebase

The target: Firebase, a Backend-as-a-Service offering from Google that is marketed towards mobile app developers .

The take: Over 100 million records from thousands of mobile apps, including plaintext user id & password combinations, GPS location records, financial records, health records and session tokens

The attack vector: Security researchers discovered that the default configuration for Firebase databases does not secure data or require authentication, allowing unauthorized third parties to view and exfiltrate application data.

Read more...

‘Abuse of Trust’: Former AMP Worker Pleads Guilty to Downloading Customers’ Personal Data

2019-02-07

SydneyMorningHerald: A former AMP contract worker who tried to install a dark web browser on his work laptop after downloading personal identification of 20 customers has pleaded guilty to taking the sensitive data from the financial services company. The Chinese national faced the Downing Centre Local Court on Thursday, charged with possessing identification information with the intention of committing and facilitating the commission of an indictable offence...

Read more...

China Hacked Norway’s Visma to Steal Client Secrets: Investigators

2019-02-06

Reuters: Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cyber security researchers said, in what a company executive described as a potentially catastrophic attack. The attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cyber security firm Recorded Future..

Read more...

Cost of a Cyber Security Breach Reaches a Record High as Canadian Businesses Spend up to $5.8 Million to Recover

2019-02-07

FinancialPostCyber security incidents have become the new normal for Canadian companies, with one hundred per cent of organizations experiencing attacks, according to the findings of a new study from Scalar Decisions Inc. of more than 400 Canadian IT and security workers. Released today, the 2019 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that cyber security incidents are occurring on a regular basis and the cost of these compromises is at an all-time high. The average cost per organization of responding to, and recovering from, cyber security incidents increased to between $4.8 million to $5.8 million, up from $3.7 million last year...

Read more...

Federal MPs' computer network hacked in possible foreign government attack

2019-02-08

SMH: National security agencies are continuing to scour the Parliament's computer network for threats to MPs' data after what is being described as a "sophisticated" hack attack that could be the work of a foreign government. The hacking comes just three months ahead of the federal election, prompting fears that if MPs emails or data were stolen they could be used to cause political interference of the style Russia perpetrated against the United States in the 2016 presidential campaign...

Read more...

Cyber-warfare Could be Entering a New and Alarming Phase, ex-CIA Analyst tells MPs

2019-02-06

CBC: Online attacks on Canada's financial system could become far more destructive as more militaries around the globe get involved in cyber operations, a security expert and former CIA analyst told a House of Commons committee Wednesday. Christopher Porter, the chief intelligence strategist for the cyber security company Fireeye, Inc., testified that as NATO countries share their expertise on how to defend against and defeat online threats, "major cyber powers outside the alliance" will likely do the same...

Read more...

Cyber-Security in New York City, the Financial Capital of the United States

2019-02-05

CyberDefenseMagazineNew York’s position as a financial capital makes the city especially vulnerable to cyber attacks. Although Manhattan is an established gateway for financial services and business in general, it’s still developing as a cyber hub. As hackers’ tools become increasingly sophisticated, it’s no secret that there’s room for improvement in cybersecurity in NYC. To address this urgent need, the New York City Economic Development Corporation (NYCEDC) unveiled Cyber NYC, a huge initiative to transform NYC into a global leader in cybersecurity innovation and talent through collaborations with world-renowned partners in tech, academia, and finance...

Read more...

Hackers Targeting Canadian Banks, Mining Companies, Expert Tells MPs

2019-02-07

NationalPost: Foreign hackers have targeted Canadian banks, mining companies and government institutions in recent years to steal valuable secrets and spread malware, a leading cybersecurity analyst warns. In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye...

Read more...

EU Cyber Defense Agency Warns Against Iran's Expansion Of Cyber Espionage

2019-01-28

JPost: Iran is likely to expand its cyber espionage activities as its relations with Western powers worsen, the European Union digital security agency. Online disinformation campaigns in recent years as the country tries to strengthen its clout in the Middle East and beyond, a Reuters Special Report published in November found. This month the European Union imposed its first sanctions on Iran since world powers agreed a 2015 nuclear deal with Teheran, in a reaction to Iran's ballistic missile tests and assassination plots on European soil...

Read more...

UAE Used Cyber Super-Weapon To Spy On Iphones Of Foe

2019-01-31

A team of former US government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world’s superpowers and into the hands of smaller nations...

Read more...

Cyber Attacks Outpacing Physical Terror Attacks

2019-01-27

BusinessStandard: With increasing cases of data breaches and information loss happening on the Internet, cyber attacks are outpacing physical attacks among far-left groups and can cause greater destruction, researchers say. According to lead author Thomas Holt, Professor at the Michigan State University (MSU), the high-profile nature of the internet -- on which the ideological groups can manipulate traffic -- is the ideal platform to attack...

Read more...

About Castle Hall Diligence

Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

Subscribe to Cyber Updates