shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Uber

The target: Uber, a ridesharing service.

The take: The personal data of 57 million customers and drivers, including names, e-mail addresses and phone numbers, as well as driver’s license numbers for hundreds of thousands of American drivers.

The attack vector: Attackers gained access to an AWS-hosted server with credentials an Uber engineer left publicly exposed in a Github repository.

Uber later came under fire for failing to report the breach at the time that it occurred, and attempting to pay the hackers a $100,000 ransom to delete the stolen data. The handling of the incident resulted in the dismissal of Uber’s Chief Security Officer.

Read more...

Hackers Steal Over $40 Million Worth of Bitcoin from one of the World’s Largest Cryptocurrency Exchanges

2019-05-08

CNBC: Hackers have stolen over $40 million worth of bitcoin from Binance, one of the world's largest cryptocurrency exchanges, the company said on Tuesday. Binance said the hackers ran off with over 7,000 bitcoin and used a variety of attack methods to carry out the "large scale security breach" which occurred on Tuesday...

Read more...

Two Chinese Men Indicted For Hacking Anthem

2019-05-09

FinancialPost: A federal grand jury has indicted two members of “extremely sophisticated” hacking group operating from China in the 2014-2015 theft of the personal information of nearly 79 million customers of insurer Anthem Inc., the biggest known health care hack in U.S. history. The Justice Department said the two also hacked three other U.S.-based companies it did not name, one in the technology sector, the others in basic materials and communications...

Read more...

A Malware Attack Against Accounting Software Giant Wolters Kluwer is Causing a 'quiet panic' at Accounting Firms

2019-05-08

CNBC: A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company's cloud servers. Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services...

Read more...

Amazon Hit by Extensive Fraud With Hackers Siphoning Merchant Funds

2019-05-08

Bloomberg: Amazon.com Inc. said it was hit by an "extensive" fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year. Amazon believes it was the victim of a "serious" online attack by hackers who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a U.K. legal document. The hack took place between May 2018 and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public...

Read more...

In The Face Of Growing Fraud Threats, Finance Firms Should Look At Managed Security

2019-05-07

Forbes: Financial institutions face a complex array of threats — from the immediate such as synthetic identities which have been used to defraud individual firms multiple times. But they also should be looking around and ahead, said Valerie Abend, managing director, Accenture Security and co-author with Howard Marshall, principal director at Accenture Security, of a report entitled “Extreme but Plausible Threat Scenarios In Financial Services.”...

Read more...

French Regulatory Agency Sees 14,000% Surge in Crypto-Related Scam Enquiries Since 2016

2019-05-07

Cointelegraph: The French stock markets regulator AMF has seen over a 14,000% surge in enquiries related to fraudulent crypto offers in 2018 as opposed to 2016, the agency wrote in a new annual report released May 7. In the report, the Autorite des Marches Financiers (AMF) specified that the number of enquiries associated with crypto-related scams online has surged to over 2,600 in 2018 from only 18 similar enquiries back in 2016...

Read more...

‘The Greatest Threat we Face’: Cyber Security Tsar Quits with a Warning

2019-05-03

SydneyMorningHerald: Former prime minister Malcolm Turnbull's handpicked cybersecurity tsar Alastair MacGibbon is quitting his role and has declared cyber attacks "the greatest existential threat we face". Mr MacGibbon has been the face of cybersecurity for federal authorities for the past three years, handling the public response to the cyberattack on the national census in 2016 and the hacking earlier this year of the Parliament and the major political parties...

Read more...

Know Your Breach: Home Depot

The target: Home Depot, an American home improvement retailer.

The take: 53 million e-mail addresses and 56 million credit and debit accounts.

The attack vector: Beginning in April 2014 and lasting several months, attackers used compromised credentials belonging to a third-party vendor to initially breach Home Depot’s network. Once inside, they exploited unpatched Windows vulnerabilities and installed malware on self-checkout registers to skim customer information.

Read more...

Russian Charged in $1.5 Million Cyber Tax Fraud Scheme

2019-04-30

BankInfoSecurity: A Russian citizen has been charged with stealing more than $1.5 million from the Internal Revenue Service after hacking into tax preparation companies and stealing personal data. On Monday, an indictment was returned in U.S. federal court against 33-year-old Anton Bogdanov, aka "Kusok," charging him with wire fraud conspiracy, aggravated identity theft and computer intrusion. Prosecutors have accused Bogdanov of working with unnamed accomplices to steal personal information and use it to file federal tax returns and fraudulently obtain tax refunds...

Read more...

Conman who Scammed £113m in UK’s Biggest Cyber Fraud ‘has Spent £3m on Harrods Shopping Sprees

2019-05-01

TheSun: THE mastermind behind Britain's biggest ever cyber scam splurged £3m on Harrods shopping sprees, parties with popstars and luxury holidays to Dubai, a court heard. Feezan Hameed Choudhary, 28, was jailed for 11 years in 2016 for leading a "vishing" fraud which conned 750 RBS and Lloyds customers out of £113m. "Vishing" or "voice phishing" is a type of phone fraud in which the scammer manipulates the victim into sharing private financial information which can then be used to make cash transfers...

Read more...

Cryptocurrency Thefts, Fraud Hit $1.2 billion in First Quarter

2019-04-29

Euronews: Losses from the theft of cryptocurrencies from exchanges and fraud-related activities surged in the first quarter of the year to $1.2 billion (920.67 million pounds), or 70 percent of the level for all of 2018, cybersecurity firm CipherTrace said on Tuesday. The value of losses from crime in the digital currency sector in 2018 hit $1.7 billion. But cryptocurrency crime has ballooned as the market has slowed down, prices have plunged and business activity has stalled...

Read more...

Red Canary Raises $34 Million to Detect and Remediate Cyber Threats

2019-04-29

VentureBeat: Red Canary, a five-year-old Denver, Colorado-based company developing cloud-based security services, today announced that it’s secured $34 million in growth equity financing led by Summit Partners, with participation from existing investors Access Venture Partners and Noro-Moseley Partners. It follows on the heels of a $6.25 million venture series in May 2018 and brings the company’s total raised to $48.9, and will fuel the expansion of Red Canary’s services and team in the coming months, according to CEO and cofounder Brian Beyer...

Read more...

Morrison on Cyber Alert Through $156 Million Election Promise (Australia)

2019-04-29

TheSydneyMorningHerald: The Morrison government will scale up the cyber security teams that defend Australia’s communications networks in a $156 million election pledge that includes new scholarships and recruitment programs. On alert for attacks from foreign agencies and criminals, the government wants to expand its online security workforce across several departments while using public funds to encourage more young Australians to study computer science...

Read more...

Hedge Funds Besieged by Hackers on a Daily Basis

2019-05-01

BobsGuide: Hackers are exploiting inherent weaknesses in mature hedge funds on a daily basis, say a security vendor and the chief technology officer of an established fund, leading to huge boosts in cybersecurity spending. “Hedge funds are being targeted simply because of cash movements where frequent large transfers are normal at a small business that doesn’t necessarily have all the controls in place,” says Jason Elmer, managing partner at Drawbridge, the cybersecurity consultancy...

Read more...

Cybercrime: 25% Of All Malware Targets Financial Services, Credit Card Fraud Up 200%

2019-04-29

Forbes: Research published on Monday by cyber threat intelligence company Intsights paints a bleak picture for cybersecurity across the global financial services industry. According to the report, more than 25% of all malware attacks hit banks and other financial services organizations, more than any other industry, and there were huge year-on-year increases in the numbers of compromised credit cards (212%), in credential leaks (129%) and in malicious apps (102%)...

Read more...

Know Your Breach: Outlook.com

The target: Microsoft’s personal e-mail service, Outlook.com.

The take: E-mail accounts under the Outlook.com, Hotmail.com, and MSN.com domains were compromised – while Microsoft has offered that ‘only 6%’ of accounts were compromised, they would not confirm the number of accounts that percentage represents. While they initially denied that the attackers had access to customers’ inboxes beyond contacts, folder names, and subject lines, it was later confirmed that email contents could have been viewed.

The attack vector: Attackers were able access Microsoft’s infrastructure by compromising the credentials of a customer support representative.

Read more...

Does Cybersecurity Matter for a Family Office?

2019-04-22

DailyHeraldBusiness: Data breaches are constantly in the news and most companies know they should be concerned about privacy and the security of their data, or at least recognize this is an important and complex area. However, most family offices are not sure how to start addressing their concerns, or worse, don't view the family office as a target...

Read more...

British Cybersecurity Expert Pleads Guilty to Creating Malware

2019-04-20

BostonHerald: A British cybersecurity researcher credited with stopping a worldwide computer virus has pleaded guilty to developing malware to steal banking information. Federal prosecutors in Wisconsin and Marcus Hutchins’ attorneys said in a joint court filing Friday that the 24-year-old agreed to plead guilty to developing malware called Kronos and conspiring to distribute it from 2012 to 2015. In exchange for his plea to those charges, prosecutors dismissed eight more...

Read more...

Kamala Harris: Cyber Attacks Will Become a 'War Without Blood

2019-04-23

Fortune: California Senator Kamala Harris warned that cyber attacks are becoming a “new form of war” Monday night during CNN’s town hall, ominously stating that it will be “a war without blood”—one for which the United States is not prepared...

Read more...

UAE Expert Says Cybercrime is $8trn Threat to Global Economy

2019-04-18

ArabianBusiness: Cybercrime is projected to cost $8 trillion to businesses globally in the next five years, according to UAE-based cyber security firm DarkMatter which is responsible for protecting the IT infrastructure and technologies of Dubai Expo 2020. Dr Karim Sabbagh, CEO of DarkMatter Group, told a regional internal audit conference in Abu Dhabi on Thursday that irreparable reputational damages are on the rise with the escalating regulations increasingly penalising failures to tackle cybercrime...

Read more...

FBI: Cybercriminals Set New Record in 2018 by Causing More than $2.7 Billion in Reported Losses

2019-04-23

TheWashingtonTimes: Financial losses caused by cybercrimes reported to the FBI nearly doubled in 2018 over the year before, according to a government report released Monday. The FBI’s Internet Crime Complaint Center (IC3) received 351,936 complaints in 2018 involving incidents that caused combined losses totaling $2.71 billion, the office said in its annual report. By comparison, the IC3 received 301,580 complaints in 2017 totaling $1.42 billion in losses...

Read more...

Cyber Crime Soars 61% of Companies Are Attacked

2019-04-23

Metro: CYBER attacks against businesses have rocketed with six out of ten companies reporting at least one incident last year, a survey has revealed. The financial cost related to cyber crime also sharply increased, with the average loss reported at £283,000 — up nearly two thirds on the previous year. While large firms remain the most likely to be targeted, the number of small and medium sized businesses affected by the crime also rose significantly in 2018...

Read more...

Millions of People in the UK Expect Account to be Hacked

2019-04-21

TheIrishTimes: More than a third of people in the UK believe that losing money or personal information over the internet is now “unavoidable”, a survey has found, in a further sign of growing public concern about online privacy. The research, carried out by Britain’s National Cyber Security Centre, part of digital intelligence agency GCHQ, also revealed that 70 per cent of the public believe they will be a victim of cyber crime in the next two years...

Read more...

About Castle Hall Diligence

Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

Subscribe to Cyber Updates