HSE finds recruiting cyber security staff 'difficult'

The Health Service Executive has said it is "especially difficult" to recruit cyber security staff right now because of the competition for talent.

Tomorrow will be the first anniversary of a major cyber attack on the HSE which caused months of disruption and could end up costing €100m.

An independent review of the attack carried out by PwC found that the HSE was operating on a frail IT system and did not have proper cyber expertise or resources.

One of the main recommendations of the report was the need to hire more IT staff.

SolarWinds hackers found conducting widespread spear-phishing campaign

 Microsoft has issued an alert to expose a targeted spear-phishing campaign launched by Russian hackers behind the SolarWinds hacking campaign to target more than 150 different organisations across sectors and conduct data exfiltration or additional malware deployment.

The targeted spear-phishing campaign, conducted by NOBELIUM, the hacker group behind the SolarWinds hacking campaign, was first detected in late January and since then, the hackers have used a variety of tools and techniques to make organisations click on malicious links and enable the deployment of malware into their networks.

According to the Microsoft Threat Intelligence Center (MSTIC), the spear-phishing campaign has so far targeted approximately 3,000 individual accounts across more than 150 organisations. The hackers have been found employing "an established pattern of using unique infrastructure and tooling for each target, increasing their ability to remain undetected for a longer period of time."

New Zealand central bank hit by cyberattack

On Sunday, New Zealand's central bank reported that it was responding with urgency to a "malicious" breach of one of its data systems.

The Reserve Bank of New Zealand (RBNZ) announced that a third-party file-sharing service used by the bank to share and store some sensitive information was illegally accessed.

RBNZ Governor Adrian Orr said the breach had been contained and the bank's main functions "remain sound and operational."

"We are working closely with domestic and international cybersecurity experts and other relevant authorities as part of our investigation and response to this malicious attack," Orr said in a statement.

"The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information," he said.

Cyberattacks on rise

It's unclear when the breach took place, who was responsible and in what country the file-sharing service is based. It willk take time to understand the full implications of the breach, according to the bank.

In a November 2019 Financial Stability report, the RBNZ warned that cybersecurity incidents were on the rise in New Zealand.

Several major organizations in New Zealand have been the target of cyberattacks in the past year. Last August, the New Zealand Stock Exchange had been targeted by sustained DDoS (distributed denial of service) attacks, halting trade for four consecutive days.

In its latest report, the government agency CERT (Computer Emergency Response Team) said cyber attacks in the country had increased 33% year-on-year.

How Standard Chartered approaches cyber security

Speaking at the ConnectGov Leaders Summit 2020, Darren Argyle, Standard Chartered’s group chief information security risk officer, said “seamless security” was being built into new banking platforms and digital banking services in a security-by-design approach.

Besides offering traditional banking services, the bank operates digital-only banks in Africa, and more recently in Hong Kong.

To secure these services, it uses secure application programming interfaces to facilitate dynamic exchange of transactions within financial systems, as well as verification and authentication mechanisms.

“Digital transformation and having the confidence of our customers goes hand in hand,” said Argyle. “We’re continuing to maintain that sustainable trust over the longer term.”

Like other large organisations, Standard Chartered has had its share of cyber attacks, including phishing threats which have grown by 31% since the start of the year. The bank is also concerned about the rising number of ransomware attacks on third-party suppliers across the industry.

Argyle said he hoped third-party suppliers would get a handle on their security posture, “given the difficulties that a lot of companies are having with remote working, which is stretching people quite thinly”.

Banks need stronger cyber security - RBNZ

Reserve Bank deputy governor Geoff Bascand - responsible for financial stability - said improving cyber resilience had become a key priority for regulators around the world.

The central bank's draft guidance on the topic would apply to all the entities it regulated and draws heavily from international and national cybersecurity standards and guidelines.

"As cyber risk continues to rise, there is growing awareness that cyber incidents could present risks to the stability of the entire financial system," Bascand said.

He said the recent spate of cyber attacks across New Zealand was a reminder of the disruption they can cause.

"Last November we announced an evolution in our policy stance towards taking a more proactive interest in improving the cyber resilience of the financial sector in New Zealand."

Consultation on the draft closes 29 January, with the final guidance to be released early next year.

"We are open to feedback on the guidance, but we expect it will be useful for firms as they develop their own frameworks to address the cyber risks they face," he said.

Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw

 Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.

BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible.

Due to its battery-saving features, BLE has been massively adopted over the past decade, becoming a near-ubiquitous technology across almost all battery-powered devices.

As a result of this broad adoption, security researchers and academics have also repeatedly probed BLE for security flaws across the years, often finding major issues.

TrickBot Trojan: A Short Analysis of the Modular Banking Malware

 TrickBot is a well known modular banking trojan that sometimes acts as an info-stealer or malware dropper. Active since 2016, it has been updated several times with new features and modulations. Recently, it was used along with Ryuk ransomware to target several organizations.

Top targets

TrickBot is used in various attack campaigns to provide a gateway inside a targeted network and act as a dropper to deploy additional ransomware (e.g., Conti, Ryuk, and Emotet). However, it is mostly used to steal information from financial institutions located in the U.S.

In August 2020, it was used in Emotet’s spam campaign sending COVID-19 related emails to U.S. businesses.

In the month of July, TrickBot was observed being installed along with Emotet to infect Windows computers.

In April 2020, TrickBot operators were also observed to be taking advantage of the coronavirus pandemic by sending spam emails related to the Department of Labor FMLA theme.

Modus operandi

TrickBot used several techniques of propagation ranging from smishing, COVID-19 lures, and spam emails, to brute-forcing Remote Desktop Protocol (RDP) endpoints and using the mworm module.

TrickBot's Anchor malware platform known as “Anchor_DNS” was ported to infect Linux devices in July.

At the beginning of July, TrickBot started a new technique of evading detection by checking the screen resolutions of victims to identify if they are running virtual machines or not.

In early-June 2020, the TrickBot operators were found to be using the BazarBackdoor to gain access to targeted networks.

Hackers targeted thousands of CRA, government service accounts in ‘credential stuffing’ attacks

 The federal government is warning Canadians not to reuse old passwords after thousands of accounts, including CRA logins, were targeted in a credential stuffing attack.

Hackers obtained and attempted to use the GCKey passwords and usernames of 9,041 people, the Treasury Board of Canada Secretariat said in a statement Saturday.

GCKey is the online authentication system that allows people access to Service Canada, Refugees and Citizenship Canada and more than two dozen other government departments.

For a third of the accounts affected, the hackers were successful in accessing government services online. Those accounts will be “further examined for suspicious activity,” the statement said.

As part of that attack and another recent incident, 5,500 CRA accounts were targeted.

STORY CONTINUES BELOW ADVERTISEMENT

The federal government said all compromised accounts have been disabled and those affected are being contacted. They will receive instructions on how to restore their GCKey or CRA MyAccount access.

Credential stuffing is a form of cyberattack that relies on databases of stolen login information made available through previous data breaches. The hackers use those credentials try to gain access to different online services.

FSCA and cybercrime — making sure the guard dog is guarded

The digital age is characterised by rapid change and the introduction of pioneering solutions that have the power to make a real difference. Unfortunately, with these innovative solutions comes increased exposure to cybercrime — a fact many South Africans are intimately familiar with, given that more than nine attempted attacks take place every second.

The truth is that no individual or business is immune to the possibility of an attack. Addressing this risk and the catastrophic consequences that come from it requires an intensive approach, something we as the Financial Sector Conduct Authority (FSCA) are aware of, take seriously and are investing in. As the authority responsible for regulating the way SA financial firms conduct themselves, we are required to stay ahead of the curve.

Our cybersecurity technology investments need to be targeted, business-driven, and focused on mitigating the threats and vulnerabilities of our current operations. Improving our ability to detect and respond to cyber threats swiftly is core to what we do. This thinking is important for us to avoid incidents of stolen intellectual property, lost customer data, crippling ransomware and other forms of cybercrime. This is why we have adopted a risk-based approach in our cybersecurity strategy, supported by a dedicated team that is charged with ensuring its implementation.

Security with a spin: How Xinja’s creating a secure bank in a digital age

Banking in Australia is changing, and quickly. 

The banking and finance sector has seen a flood of tech-driven neobanks and fintechs hit the market in recent years, and if the levels of interest these players have generated is anything to go by, Australians have a real appetite for change. 

In fact, according to a 2019 Mozo survey, one in four Aussies have switched or are considering switching to a neobank.

However, one of the biggest hurdles these digital players face is convincing consumers that the move to a digital-only platform won’t compromise safety and security. Hardly a surprise when money is on the line. 

So, to delve into the issue and learn more about how one of Australia’s leading neobanks is approaching all things security, we sat down with Jean-Baptiste Bres, chief information security officer at Xinja.

More than just money 

Cost, features, ease of use - these are all factors considered important by Australians when it comes to their banking experience. But as 42% of respondents in our 2019 neobank survey showed, the number one priority is security. 

So why is security important, and just what are banks protecting? 

As Bres explains, for a bank - especially a new bank - proving oneself on the issue of security is vitally important - particularly in building trust with customers. 

COVID heightening bank vulnerability to cyber attack

The “large-scale shift” to digital banking and remote work off the back of the COVID-19 crisis has heightened the banking sector’s exposure to cyber attack, according to Moody’s.

Over the past few months, banks, like most businesses, have leveraged digital technology to facilitate remote work in response to social distancing measures imposed to curb the spread of COVID-19.

However, according to Moody’s Investors Service, the transition has “increased banks’ vulnerability to cyber attacks”.