Winter Olympics “draws hackers like flies to a candle,” cybersecurity expert says

Cyber Security is a global issue. Adsero has seen it all and done it all. Read on to discover why hackers are so attracted to the Winter Olympics.

 

Officials in South Korea are investigating a security breach at the Winter Olympics Opening Ceremony. A spectator managed to slide down the ramp leading to the Olympic Flame and wandered around the stage during a performance. He was taken away by security.

Meanwhile, Olympic organizers are investigating a possible cyber attack on their internet and WiFi systems before the Opening Ceremony. There were no serious problems, but officials are concerned that the Games could be targeted again by hackers.

The most pressing threat to the Winter Olympics may be one that South Korean security teams can’t see.

“It’s got political importance. It’s got a lot of money — that draws hackers like flies to a candle,” said cybersecurity expert Jim Lewis.

He told CBS News hackers have repeatedly targeted the Games.

During the Olympics in Beijing, London and Brazil, there were reportedly millions of attempted cyber attacks a day. Some succeeded.

“Low-level but scamming tickets, stealing money,” Lewis said

The Department of Homeland Security alert warned travelers to Pyeongchang that their mobile devices could be monitored or compromised.

One concern in South Korea is whether Russian hacking units may seek payback for the decision to ban Russia’s Olympic team from the Games amid doping allegations.

“And in previous Olympics, they’ve done their usual trick,” Lewis said. “They hack emails and release things that are damaging to American athletes or athletes from other countries.”

Cybersecurity firm Trend Micro says a hacking unit with Russian ties called “Pawn Storm”  recently sent malicious emails to the International Ski Federation, International Ice Hockey Federation and several other organizations with a stake in the Winter Games.

Read more »

Viewpoint: Equifax breach is a reminder of society’s larger cybersecurity problems

Our society is faced with an array of opportunities of being hacked. This is why Adsero Security’s specialty in writing IT security policies and training your staff on policy adherence thus developing a culture of compliance is so important. Read on to discover why cybersecurity issues affect society as a whole.

The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures.

Although this specific incident is still under investigation, the fact that breaches like this have been happening – and getting bigger – for more than a decade provides cybersecurity researchers another opportunity to examine why these events keep happening. Unfortunately, there is plenty of responsibility for everyone.

Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the day-to-day issues. Companies must be made to get serious about cybersecurity – at a time when many firms have financial incentives not to, also. Until then, major breaches will keep happening and may get even worse.

Finding the right people

Data breaches are commonplace now, and have widespread effects. The Equifax(NYSE: EFX) breach affected more than 143 million people– far more than than the 110 million victims in 2013 at Target, the 45 million TJX customers hit in 2007, and significantly more than the 20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incidentYahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.

Read more »

Uber says hackers behind data breach were in Canada, Florida

Hackers can strike from anywhere. This means that any organization is vulnerable. Adero’s penetration testing allows clients to detect their areas of vulnerability. Read on to discover how easy it was for two people to hack into Uber’s system.

The two people behind a 2016 data breach at Uber Technologies Inc. were found to be in Canada and Florida, an Uber cyber security executive told the U.S. Congress on Tuesday.

About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to a Senate Commerce Committee panel.

Uber announced the breach of 57 million worldwide users last November. Of those impacted in the United States, 4.1 million were drivers, according to the testimony.

Uber Canada announced late last year that 815,000 Canadian riders and drivers may have been affected.

The testimony from Flynn is the most comprehensive public account to date of the Uber hack, the handling of which prompted newly appointed Uber chief executive Dara Khosrowshahi to fire two of the company’s top security officials.

Reuters reported in December that a 20-year-old man was primarily behind the massive data breach, and that he was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities.

Flynn confirmed the man who obtained data from Uber was in Florida and that his partner, who first contacted the company on Nov. 14, 2016, to demand a six-figure payment, was located in Canada.

The company’s security team made contact with both people and received assurances the pilfered data had been destroyed before paying the intruders $100,000, Flynn said.

Read more »

Consumer Reports finds Samsung, Roku TVs vulnerable to hacking

You may not know exactly what your IT Security issue is. We will find it and develop and implement a solution. The more reliant on technology that we become, the more prone to hacking our society is. Listen to how easily Roku TVs can be hacked.

We’ve written in the past about how your TV is probably tracking you, and now Consumer Reports, as part of a broad privacy and security evaluation, has has found that millions of smart TVs are vulnerable to hackers and “raise privacy concerns by collecting very detailed information on their users.”

According to the report, the problems affect Samsung televisions, plus models made by TCL and “other brands that use the Roku TV smart TV platform, as well as Roku’s popular streaming devices.”

“We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening,” Consumer Reports said. “This could be done over the web, from thousands of miles away.”

The good news is these TVs’ security vulnerabilities apparently won’t allow hackers to spy on you or steal your information, according to Consumer Reports.

The report singled out Samsung, TCL and other Roku TVs as being vulnerable, but smart TVs from LGSony and Vizio were also evaluated. While they were cleared from a security standpoint, the testing found “that all these TVs raised privacy concerns by collecting very detailed information on their users.”

As CNET’s David Katzmaier wrote last year, Vizio was slapped with a $2.2 million fine by the FTC for failing to properly disclose how it shares its tracking information, and in previous years Samsung and LG have both faced similar scrutiny. Streamers from Roku, AppleAmazon and Google haven’t yet made any major privacy missteps, but their policies are generally less intrusive than those of TVs. Read more »

How a Sneaky Data Hack Increases Liability Risks for Corporate Directors

Adsero Security develops long-term solutions that are supported by written policies. Issues arise such as hacking. This can be prevented via penetration testing. Check out this article about how easy it is for organizations to be hacked.

Directors Facing Increased Liability for Data Breaches

Because two of my clients – 360 Advanced and Adsero Security – provide IT data breach auditing and remediation services, I was especially interested when I learned of how a major corporation had been so easily hacked recently.

The hackers got inside the corporation’s accounts payable department and had a pretty hefty check sent to them, which was cashed and cleared. The corporation’s vice president for information technology (IT) and his team reported to the board at its monthly directors and management meeting that “everything’s OK now.”

Is it? Could the hackers still be inside, or worse, inside the company’s vendor and partner IT systems?

“Duty of care” Demands Auditing Risks as Hacks Increase

Statistics show that once data thieves are in, they can hide for months undiscovered until they strike again – this time at an even greater cost to the victim and their vendors and partners. Data thieves got inside Target through an air conditioning/heating vendor and loitered at their leisure, and Yahoo! and Equifax still aren’t certain who or how they were breached.

Which brings me back to the corporate board of directors. The corporation victimized by the hackers in this instance has not had an outside, third-party audit of its IT systems and data security processes and protocols by a QSR – Qualified Security Assessor. Could that failure lead to a lawsuit against its officers and directors for failure to exercise the concept of duty of care when there is another future hack? With news of major hacks every day now, should boards be more diligent in ordering management to have such audits? Read more »

Hacked at Sea: Concerns Grow Over Lax Cybersecurity for Ships, Ports

With a combined 45 years in IT security, Adsero’s principals have seen it all. There is no problem we can’t solve. By land or sea, we always have your back. Check out what happens when you are hacked at sea,

As hacking risks grow and maritime operations become more digitally connected, experts in industry and government have long said no one is prepared. This summer was a wake-up call.

THE PORT OF New York and New Jersey is the largest port on the east coast of the United States, touted by officials as the “gateway to one of the most concentrated and affluent consumer markets in the world.” But for a few weeks last summer, the goods moving through one of its terminals slowed to a crawl because of a global cyber attack that originated 4,500 miles away.

“The delays were six to eight hours to pick up a container,” said Jeffrey Bader, chief executive of the trucking company Golden Carriers, recalling when a terminal in Elizabeth, New Jersey, switched to manual operations while its systems were down. “The line was many, many miles long. Trucks, trucks, trucks.”

The terminal’s operator, APM Terminals, is a subsidiary of the world’s largest container shipping company, A.P. Moller-Maersk Group. The company, which transports roughly 20 percent of the world’s cargo containers, was among the hardest hit by the NotPetya ransomware. NotPetya sprouted in hacked accounting software in Ukraine in late June, and by exploiting a weakness in Microsoft Windows operating systems, quickly went global as it infected corporate networks and locked down the data of contaminated computers. Hackers would usually restore access after a ransom payment is made, but NotPetya was engineered to cause chaos more than extort funds, cybersecurity experts say.

Maersk and many other global firms affected, such as FedEx and pharmaceutical giant Merck, were not specific targets of the attack, but that didn’t matter. In a “heroic effort” over 10 days, Maersk reinstalled 4,000 servers, 45,000 personal computers, and 2,500 applications, chairman Jim Hagemann Snabe said at the World Economic Forum meeting in Davos last month

Read more »

What your employees need to know about cybersecurity

An IT Security audit merely observes the status of your environment, and always requires follow-up to address the deficiencies the audit identified. Most firms don’t have the staff to effectively execute implementation and develop written policies to continually safeguard their businesses. That is where Adsero Security has demonstrated expertise. Adsero Security can teach your employees what they can do to be safe. Read on to learn some office basics to prevent cybersecurity issues.

f you are not educating your employees on cybersecurity best practices, you are missing the biggest opportunity for improvement in your cybersecurity profile.

Employees have business-need access to a lot of important data, and their ability to protect that data – or to inadvertently let it walk out the door of your organization – is vital.

Lack of education was at the heart of a number of incidents of a major security breach. You probably heard about the new human resources employee who got an email from the president of the organization asking for tax information on every employee, so that person sent them exactly as instructed.

The employee did not recognize the email came from a hacker impersonating the CEO, and there was a major security breach.

Entire business models are based on this kind of fraud. Let’s pretend I am going to build a site with the world’s best collection of cute pet pictures. I’ll give you the first 10 for free (and those 10 are the most adorable pictures you have ever seen), but to see more, you need to set up a username and password. The access is still free, though.

No big deal, right? Wrong. In this scenario, I own this website and I am a criminal, and my business model is to try to use the username and password you just entered at every major banking website, on all major email providers, on your company’s VPN portal, and anywhere else that I think you might have used the same username and password.

Read more »

Equifax, Strava, And Russian Facebook Ads: How To Hold Websites Accountable For Data Breach

Luckily, Adsero Security has the knowledge and experience to prevent data breaches from happening to your organization. You will sleep better at night with Adsero on your side. Read on to see how security breaches happen to other people.

Pollution was the negative product of an industrialized economy. Misuse of Big Data is the new pollution—the negative artifact of a digital economy. And it is occurring with increasing frequency. Strava, a fitness app, may have weakened the U.S. military by posting data that exposes the geographical location of users, many of whom are military personnel. Facebook may have weakened the U.S. democracy by showing ads purchased by foreign manipulators to swing voters. And Equifax may have weakened the U.S. financial security by exposing a large database of consumer finances to hackers.

One common thread running through these notorious cases of recent privacy breaches is the potential harm arising from tracking people. Strava, Facebook, and Equifax created phenomenal databases of people’s behavior. Each of these platforms uses the data for many good purposes, but they also, unintentionally and sometimes negligently, expose the data to harmful uses.

Another less noticed a common thread running through these cases of privacy breach is the social nature of the harm they caused. The injury from the exposed data was not always to the individual users being tracked and exposed. Rather, it is more akin to pollution: the injury arises from the aggregation of exposure and it is affecting many others.

Take Strava’s case. The extraction of publicly-shared location tracking data from Strava and using it to map out military locations does not specifically harm the individuals being tracked, but rather the military interests. It is only by clustering many individuals that a meta-picture about the concentrated military activity can emerge. The injury is labeled “privacy” breach, but the informational harm here is distinctly social, not private. Read more »

War room to boardroom: The new era of cybersecurity

The audit is one step in the process. Once the risks have been identified have been addressed, IT Security policy written, risk management standards set and people trained, you can feel confident that probability of a breach has been significantly reduced. Read on to learn how pertinent this is even from a national security perspective.

Facebook’s hire of its first-ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter. Sophisticated cyber threats presented by state-sponsored actors have long challenged sensitive United States government computer networks. What’s new — as Facebook’s move indicates — is that these complex state-sponsored cyber attacks are now also threatening America’s leading companies to a larger extent than ever.

The resources, skill, and complexity posed by hackers managed by Russian intelligence agencies, for instance, far surpass the motivations and abilities of typical cybercriminals. In this new era, U.S. companies must bolster their defenses and leverage advanced cyber tools designed to stop state-sponsored attacks. The mounting threat against American commerce — the bread and butter of America — must be addressed. It’s not business as usual anymore.

While Russia is not the only state engaging in these activities, its cyber operations are relatively known. Unable to dominate in conventional military terms, Russia views cyber operations as an affordable way to disrupt its adversaries. As part of this effort, Russia has increasingly targeted civil and commercial computer networks. This includes measures to cripple critical infrastructure, financial networks, and internet services and capture proprietary data or sensitive communications, such as a CEO’s emails. While working at the Pentagon, I saw firsthand how Russia tested these capabilities in Ukraine as major coordinated cyber intrusions shut down power grids, interrupted television broadcasts and generally disrupted commerce. Ukrainian President Petro Poreshenko stated that in the space of two months in 2016 alone, 6,500 cyber attacks were conducted against government, critical infrastructure and industrial targets. Read more »

Top 7 Cyber Security Threats of 2018

Clients come to us to solve real-world security problems, not to just check the boxes. At Adsero Security, our job is to make sure you are secure. This is why it is imperative for you to be aware of the threats that could make an impact on your organization. Read on to discover more.

Cyber crime is quickly becoming one of the greatest threats to businesses, government institutions and individuals. This year alone, victims of one type, ransomware, lost $5 billion dollars according to Cybersecurity Ventures research.

In the world of the dark web, 2017 is defined by devastating cyber attacks like the Equifax breach, and that type of impact is something Cyber Security expert Steve Weisman, with Bentley University,predicted both last year.

Here are his Top 7 Cyber Security Threats for 2018:

1. Health Insurance Hacks

“Medical identity theft is the most serious form of ID theft both personally and financially, it’s the only form of Identity theft that can actually kill you and it’s getting worse,” said Weisman.

He says the 145 million involved in the Equifax breach are especially at risk, since their social security numbers may have been compromised. Also, Medicare is still a year away from giving all people new cards with ID numbers not tied to their SS#.

2. Cryptocurrency Scams
This one affects investors, specifically those interested in currency.

“I think scams involving cryptocurrency such as bitcoin are going to be the biggest scams of 2018,” said Weisman.

He says many of the offerings are bogus, but scammers use social media to create hype.

3. Ransomware Spike

To prevent your computer from getting hijacked avoid clicking on unknown links, keep security software up to date, and back-up everything on an external hard drive.

4. Foreign Cyber Attacks on Banks

“A cyber war with North Korea is certainly something that’s not out of the question,” said Weisman. Read more »