Why a Supplier Should Care If Its Customer Is Hacked

Posted in Commentary with tags on March 21, 2024 by itnerd

Cyber-attacks are costing suppliers higher auditing fees, even when it was their customer that experienced the attack, not them. 

According to a recent study in Science Direct magazine, “The impact of customer firm data breaches on the audit fees of their suppliers”, a suppliers auditing fees often jump as much as 6% when a big customer experiences a cyberattack, “when the supplier itself didn’t suffer a breach.”

“It’s not enough to know that your company is secure. A cyber breach at a key customer could have a big financial impact for your company,” said Tom Smith, co-author of the study and associate professor at the University of South Florida.

“Other possible repercussions for suppliers in the wake of a cyberattack at a key customer: Earnings could be significantly lower, inventory could sit longer than expected or there may not be enough cash on hand to make debt payments, says Smith, who is also associate director at the University of South Florida’s Lynn Pippenger School of Accountancy.

“Auditors for public companies are required to account for supply-chain risk. When a company in the supply chain suffers a cyberattack, auditors may need more time or people to get a full grasp of the impact of the cybersecurity breach on a supplier’s financial statement. Accountants might also face increased litigation and reputational risk for auditing a company in the same supply chain as a company that has been hacked.”

Jason Keirstead, VP of Collective Threat Defense, Cyware:

“Today’s organizations need to broaden the scope of their security programs to include aiding in the defense of suppliers as well as the organization itself. Collective defense for supply chains enables critical intelligence sharing, operationalization, and collaboration for interconnected business ecosystems. This collaborative approach fosters a more proactive and resilient stance against cyber threats, getting beyond individual organizational boundaries.”

The fact that supply chain attacks for example are incredibly devastating show the need for everybody you deal with to be on the same page as you. There’s simply no option anymore as the threat landscape is too great.

Leave a comment »

Vans Provides Further Information On Data Breach With Bad News For Their Customers

Posted in Commentary with tags on March 20, 2024 by itnerd

Earlier this year, Vans parent group VF Group disclosed a cyber incident. At the time, I said this:

The filing did not say specifically what kinds of personal data was taken or if any corporate data was stolen but VF Corp said it does not retain consumer Social Security numbers, bank account information, or payment card information for its consumer businesses.

Now Vans has put out a statement. And here’s the key part that you should pay attention to:

Our investigation revealed that the incident has affected some personal information of our customers, that we normally store and process in order to manage online purchases, such as email address, full name, phone number, billing address, shipping address. In certain cases, the affected data may also include order history, total order value, information about what payment method was used for the purchases.

Please note that, in any event, we never collect or retain in our IT systems any detailed payment/financial information, such as, for example, bank account or credit card information, so there is no chance that any detailed financial information was exposed to the threat actors. The information we hold is only what payment method was used for the purchases (for example “credit card”, “Paypal”, or “bank account payment”), with no additional details attached.

We can also confirm that no consumers’ passwords were exposed to the threat actors, so you can rest assured that the security of your online accounts was not affected as a result of this incident.

The evidence collected indicates that the affected data set may include one or more of the above personal data categories relating to you, since you previously interacted online with Vans, and possibly with other Brands belonging to the VF Group.

Darren Williams, CEO and Founder, BlackFog:

     “The attack on VF Group is a clear example that securing data must be at the forefront of retailers’ minds. The safety of customers must be of the utmost priority, otherwise, as we can see, loyal customers can quickly turn to victims. VF Group now risks not only financial but reputational damage which can last for years. To avoid becoming the next example, companies must invest in the latest anti data exfiltration technology to prevent any unauthorized data from leaving their systems.”

That’s not exactly reassuring if you are a customer of Vans. And it took way too long to get to this point. That really doesn’t make me want to buy from Vans going forward.

Leave a comment »

Guest Post: Announcing the Launch of StorageMAP 6.7

Posted in Commentary with tags on March 20, 2024 by itnerd

Enabling Customers To Master Data Management And Reach Business Objectives

By Carl D’Halluin, CTO, Datadobi

March 20, 2024 

We are delighted to introduce StorageMAP 6.7, with key capabilities designed to further enhance automation and unify data management capabilities.

REST API Improvements for Large or Complex Unstructured Data Environments

In response to the growing demand for increased capabilities around seamless integration and automation, we have extended our REST API with improvements tailored for large or complex environments.

With StorageMAP 6.7, users can now leverage REST API calls to:

– Add or configure file or object servers, streamlining the setup process for large data management projects

– Dynamically adjust server throttling, allowing for precise control over performance and resource utilization

– Retrieve real-time status updates of ongoing data management jobs, including critical information such as status and error counts.

These enhancements are particularly beneficial for organizations managing extensive data lifecycle or migration projects, such as our recent work with a well-known global luxury car manufacturer. With almost real-time automatic control over storage impact, and detailed progress insights, StorageMAP empowers users to accelerate and simplify operations, while maximizing efficiency. The end result? Greater use of automation to reduce both cost and risk for your business.

Replication Capability Now included in StorageMAP Act

In addition to REST API improvements, StorageMAP 6.7 brings about significant product unification by integrating replication functionality into StorageMAP. This means that StorageMAP now encompasses both N2N (NAS-to-NAS) and O2O (Object-to-Object) replication capabilities, consolidating all replication functionalities under a single, comprehensive solution.

Bottom line… whether juggling the complexities of managing existing (and growing) data created by the business or dealing with next-generation projects requiring the preparation of data for AI or Machine Learning applications, StorageMAP delivers all the capabilities needed to achieve your business goals in a single scalable solution.

StorageMAP has been and continues to be engineered from the ground up to empower its users to understand, harness, and protect their data in order to meet today’s business objectives while positioning themselves to meet the opportunities of tomorrow.

Leave a comment »

ServiceNow Accelerates Enterprise Transformation With Washington, D.C. Platform Release 

Posted in Commentary with tags on March 20, 2024 by itnerd

ServiceNow today announced its first platform release of 2024, designed to accelerate enterprise transformation with smarter, faster, simpler experiences. The Now Platform Washington, D.C. release includes new features that boost intelligent automation and deliver fast time to value, critical elements of a business’s digital transformation roadmap. 

According to Gartner, global spending on technology is forecast to rebound from 4.8% in 2023 to 7% in 2024, reaching $5 trillion. As CEOs seek to transform their businesses and work smarter, leaders are concentrating their digital investments into proven, strategic platforms that deliver net‑new innovation and maximize digitization across the enterprise. ServiceNow’s Washington, D.C. release makes it easier than ever for customers to put the power of the Now Platform to work, connecting and orchestrating processes to build seamless experiences that increase productivity and reduce costs.

Simplifying experiences to drive productivity and business efficiency

The Now Platform drives seamless, intelligent experiences among businesses, customers, and employees to propel growth. With a focus on enhancing efficiency, satisfaction, and productivity, the Washington, D.C. release includes new tools to optimize crucial interactions, fueling business growth and helping organizations adapt to ever‑shifting customer and employee needs.

Sales and Order Management (SOM) helps organizations increase revenue by uniting the sales and order lifecycles across front, middle, and back‑office teams on the ServiceNow platform. Sales and fulfillment agents can easily manage opportunities, configure and price quotes, and capture and fulfill orders. SOM empowers customer service agents to complete post‑sale commercial changes, helping drive upsell and cross‑sell opportunities – all in the same platform they use to manage customer service requests. Service agents can create opportunities, quotes, and orders just like sales staff. Improving the sales experience is a core need for businesses in industries like telecommunications, manufacturing, and technology—SOM helps companies orchestrate a more connected sales experience on a single platform to simplify processes, improve customer experiences, and accelerate results.

Platform Analytics offers a secure, simple, unified experience for reporting and analytics across the entire Now Platform. Customers can now seamlessly create data visualizations and dashboards that incorporate multiple data inputs into one, easy to understand experience to power faster, smarter decision making. Platform Analytics also surfaces meaningful, personalized, and timely information directly within Next Experience workspaces effortlessly connects to Workflow Studio, so customers can easily create condition‑based workflow triggers based on analytics thresholds out‑of‑the‑box to seamlessly go from insight to action. 

New AIOps experiences in Service Operations Workspace for ITOM allows AIOps users and administrators to speed issue resolution and achieve faster time to value with enhancements to Express List and alert automation. Express List helps operators work and address issues quickly and effectively—bringing historical alert trends and automated root cause analysis into a single, digestible screen view. Alert automation provides helpful context for operators to more easily understand and action events with alert simplification and grouping, so they can onboard more quickly and speed up resolution times.

A single intuitive interface for end‑to‑end workflow automation

Automating workflows not only simplifies experiences, but improves productivity, freeing up time for employees to focus on more complex tasks rather than manual and menial ones. The Washington, D.C. release includes new features to unlock end‑to‑end workflow automation across the enterprise, powering innovation and creating new efficiencies.

The new Workflow Studio allows creators to create workflow automations quickly and easily from start to finish. Users simply describe the process they’d like to automate, and Workflow Studio will visualize and create the workflows. The solution integrates capabilities like Flow Designer, Automation Engine, Process Automation Designer, and Decision Builder into one view, so employees can collaborate and easily create, configure, and monitor automated workflows. 

The Washington, D.C. release also updates the ServiceNow Operational Technology (OT) solution portfolio to serve industrial environments and smart factories. Operational Technology (OT) Knowledge Management adds to existing OT Visibility, Service Management, and Vulnerability products by accelerating the resolution of shop floor issues, further breaking down organizational barriers by capturing and sharing known resolutions for OT incidents and process deviations across sites. With upgraded asset inventory and amplified security, ServiceNow does for OT what it did for IT over the past two decades – accelerating digital transformation, specifically for industrial environments and smart factories.

Security Posture Control (SPC) is a new solution in the Security Operations portfolio that helps organizations gain visibility into critical security tool coverage gaps, identify assets with high‑risk combinations, and automate response workflows across the enterprise. This solution builds on customers’ existing investments in ITOM Visibility and Service Graph Connector programs. With Security Posture Control, customers will have a better understanding of their security posture, improving cybersecurity strength and resilience.


Driving consistency and efficiency with one extensible data model

Poor or inconsistent data can create risk, cost organizations time and resources, and lead to mistakes. The latest Now Platform release includes new pre‑built, cross‑functional workflows developed with our Common Services Data Model (CSDM), so companies can harness the power of their operational data and drive efficiencies at scale. Through automation, CSDM allows organizations to collect data across hardware or software, cloud or data center, into a trusted, auditable data model that can be used across multiple workflows and follows compliance guidelines.

These solutions can be applied across use cases in security incident management, human resources, and governance, by helping IT teams retain accurate, audit‑ready data for executive and regulatory reporting, decreasing time spent on maintaining applications.

Availability

Innovations announced today are generally available to all customers in the ServiceNow Store on March 20. In addition to the above, new, generative AI‑focused innovations were also announced. More details can be found here

Additional information:

  • Watch a demo on innovations from the Now Platform Washington, D.C. release.
  • Learn more about the Now Platform Washington, D.C. release from Jon Sigler, senior vice president of Platform and AI.

Leave a comment »

GuidePoint Security Details RaaS Recruitment Efforts Following Law Enforcement Disruption Of Other RaaS Groups

Posted in Commentary with tags on March 20, 2024 by itnerd

GuidePoint Security has revealed that it has discovered three RaaS groups attempting to recruit new members through advertisements on illicit forums on the dark web following Alphv and LockBit law enforcement disruptions, identifying Cloak on UFO Labs and Medusa and RansomHub on the Russian-language RAMP forum for posting ads. 

Each ad had a boilerplate with a short group description, ransom split rates, and contact for TOX. Cloak’s ad was the least remarkable, with few unique features that entice a potential affiliate with options. Medusa was particularly appealing with a sliding payout scale and affiliate/core split dependent on the size of the ransom payment obtained, incentivizing the appearance of high ransom demands. RansomHub was less materialistic, implicitly addressing the crisis of confidence in RaaS groups by declaring that its affiliates could collect ransom payments directly before paying the core group a 10% fee.

GuidePoint Security’s analysis observations include signs of distrust and discontent among RaaS groups and affiliates, indicating that the model is increasingly scrutinized.

You can read the report here.

Leave a comment »

Over 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Program

Posted in Commentary with tags on March 19, 2024 by itnerd

The Department of Defense Cyber Crime Center (DC3) announced that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking vulnerability disclosure program:

Unlike short-duration bug bounties, VDP’s crowd-sourced ethical hackers report vulnerabilities continuously as part of a defense-in-depth approach. Through its function as the focal point for receiving vulnerability reports, DC3 VDP continues to contribute significantly to DoD’s overall security.

Olivier Beg, Co-Founder and Chief Hacking Officer at Hadrian had this to say:

“The DoD reaching 50,000 processed vulnerabilities through its Vulnerability Disclosure Program is a major milestone!  As a security researcher who has submitted to the VDP, I’ve seen firsthand the program’s dedication to continuous improvement. The expansion of scope and focus on automation make it an attractive option for researchers to contribute to national security.

I’m excited about the DoD VDP’s future. With continued emphasis on researcher recognition, transparency around remediation efforts, and greater accessibility for the security community, this program has the potential to become a true benchmark for cybersecurity collaboration.”

Bug bounty programs are great for surfacing all sorts of issues. This is an initiative that I applaud and I hope to see more of going forward.

Leave a comment »

Appdome Delivers Real-Time Defense To Social Engineering Attacks On Mobile Apps

Posted in Commentary with tags on March 19, 2024 by itnerd

Appdome today unveiled its new Social Engineering Prevention service on the Appdome Platform. The new service enables mobile brands to continuously detect, block and intervene the moment social engineering attacks attempt to exploit user trust or manipulate user behavior. The new service includes several new real-time defenses against voice phishing (vishing), remote desktop control, FaceID bypass, fake applications, and SIM swapping, all of which protect user safety, brand reputation, business continuity, and revenue generation.

Social engineering attacks exploit brand trust by using impersonation and psychological manipulation to cause mobile users to divulge sensitive information, such as passwords, OTP keys, and more, perform actions in a mobile app on behalf of the attacker, or install new apps that give the attacker control over the user’s mobile device. Such mobile app attacks can have far-reaching consequences for consumers, including account takeover, financial loss, identity theft, confusion, and fear. Traditionally social engineering attacks were only discovered after an attack was successful, leaving mobile brands and users with months of financial, reputational, and emotional harm. Now, brands have the power of the first real-time solution to detect and intervene in social engineering attacks the moment they happen, disrupting the multi-billion-dollar social engineering fraud ecosystem.

Appdome’s Social Engineering Prevention empowers mobile brands to break the cycle of live attacks by detecting and defending in real time the top methods social engineering attackers use to injure brands and users:

  • Voice Phishing (Vishing) Fraud: Uses behavioral analysis to detect when mobile end users’ activity in a mobile app coincides with a potentially malicious phone call, via attacks such as FakeCalls.
  • Remote Desktop Control: Detects third-party applications, such as TeamViewer, used in social engineering attacks to remotely control mobile devices and applications.
  • Biometric (FaceID) Bypass: Detects when an attacker attempts to spoof, fake or bypass biometric (facial) recognition in Android and iOS mobile apps, such as in GoldPickaxe. 
  • SIM Swapping: Detects when an attacker uses the mobile application with a replacement SIM card that the attacker controls.
  • Admin-SU Profiles: Detects if the device has an MDM, admin-SU, or similar profile installed on the device, which could spy or control the user’s application.
  • Trojan Apps: Prevent trojan apps, embedded with Malware such as FjordPhantom, used to spy on end users and gather data for social engineering attacks.

The new Social Engineering Prevention features can be deployed stand-alone or combined with any or all of Appdome’s 300+ other mobile app security, anti-fraud, anti-malware, geolocation compliance and other defenses. Together, Appdome makes it easy for mobile brands to unify mobile app defenses vs. the cost and complexity of cobbling together several disparate technologies to attempt to achieve a workable defense.

Like all of Appdome’s mobile app defenses, the new social engineering prevention features are available in several enforcement modes – in-app defense, in-app detection, and using Appdome’s Threat-Events™ in-app control framework. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to leverage the power of their brand voice to break the cycle of a social engineering attack by restricting transactions, triggering SMS check-ins or educating users with in-app popups when threats are present. Mobile brands can track and monitor social engineering attacks via Appdome’s ThreatScope™ Mobile XDR, either before or after the deployment of social engineering prevention features.

For more information on Appdome’s Social Engineering Prevention service, visit https://www.appdome.com/mobile-fraud-detection/social-engineering-prevention/.

Leave a comment »

Here’s The Story Of One Of My Clients Who Just Narrowly Avoided Getting Caught Up In A #Scam

Posted in Commentary with tags on March 19, 2024 by itnerd

Yesterday was a typical Monday for me. Which meant that I was busy as Monday and Fridays are my busy days. I had just come back to my home office after seeing a number of clients and found a voice mail with an urgent request for a call back from one of my clients. I could hear the panic in her voice so I called her back. And what unfolded next was someone who was clearly freaked out by a run in with a pop up scammer.

Before I get into the weeds of the story, let me quickly explain what a pop up scam is. Pop ups are generated by websites to offer users additional information or guidance (such as how to fill in a form, how to apply a discount code, etc.). So a pop up is typically not harmful. However, scammers have leveraged pop ups to allow them to perpetrate their scams in a variety of ways. Scammers use pop-up scams to make money by preying on concerned users who want to ensure their computer is secure and extorting money from you to fix problems and resolve threats that do not exist. Or they want to get into your computer to collect information to steal your identity or steal your money, or both. In the worst case, these pop-ups can install malware onto your computer which can cause all sorts of damage and issues.

Back to the story. My client saw this pop up on her computer:

She tried to get rid of this screen, but couldn’t do so. More on that later. She then panicked and called the number on the screen. The scammer who claimed he was a “Level 5 Microsoft Technician” (Fun fact: Microsoft doesn’t have “Level 5 technicians”) then proceeded to execute the scam. He got access to her computer and then blanked her screen so that he could install ConnectWise Screen Connect which would give him access to her computer anytime he wanted to. The reason that the scammer blanked her screen is that he didn’t want her to see what he was up to as that would have made her suspicious. He then ran a variety of commands to convince her that her computer had been “hacked”. For example the scammer ran the “Tree” command inside a command window followed by the “netstat” command to accomplish that. After that he tried to convince her to open her online banking. That’s when she got suspicious and not only ended the call, but she also disconnected her Internet entirely. Then she called me.

Now let me stop here and say something. Scammers rely on putting pressure on you so that you suspend your critical thinking which allows them to do what they want. But my client did not suspend her critical thinking and was able to stop this scam from going further. Or put another way, her “Spidey Sense” went off and she paid attention to it. That’s good because if something doesn’t seem right, it usually isn’t. And you should run from that situation as quickly as possible. Thus I really applaud this client for listening to her gut and taking action to stop the scam before it went too far.

When I arrived on site, I had a look at her computer. The first thing that I dealt with was the installation of ConnectWise Screen Connect. The scammer had installed it as a service, meaning that it not only would activate every time the computer was on, but the owner of the computer would have difficultly finding it and removing it. But because this wasn’t my first rodeo in terms of dealing with scammers, I found it and killed it quickly. I then examined her computer to see what the threat actors did, and it seemed that they were early in executing the scam. So that meant that they likely didn’t have time to do much of anything. I also found the pop up that she encountered and I noted that the pop up made itself take up the entire screen. That made it difficult to close. However, the pop up was designed to have a close button that was small and not easily noticed so that the scammer could “fix” the threat that the pop up allegedly created. Other than that, I could find no other problems with the computer. Thus I had her turn on the Internet.

That’s the good news. Here’s the bad news. On the computer she had a Microsoft Word document with all her passwords on there. Thus I advised her to change all those passwords immediately as I could not guarantee that the scammers didn’t steal this document. The second thing that I advised her to do is to get credit monitoring because the same document had her social insurance number in it. Meaning that there was the possibility of identity theft. Finally, I advised her to watch the computer for any unusual activity.

Now let me dissect some key points of the scam so that you don’t fall victim to something like this:

  • If you encounter a pop up like this. It’s guaranteed to be a scam. Your antivirus software will never require you to call a phone number to resolve an issue. Anything that the antivirus software encounters is usually resolved by the software itself.
  • The pop up can usually be closed without too much of a problem. However, if the pop up will not go away by closing it, try restarting the computer. If that doesn’t work, turn off the computer contact a computer professional for assistance. 
  • Microsoft does not provide support for end users and they never have. Any and all support for Windows is provided by whomever you bought the computer from. As in Dell, or HP, or Lenovo for example.

Finally, I handed the phone number from the picture above to the scam baiter community so that they can have “fun” with these scammers. By that I mean that they will get more intel on them and do things to disrupt their scams. Because I know from experience that getting law enforcement in these situations is difficult at best. But scam baiters can do a lot of damage to these scumbags and expose their activities. Thus that is the best that I can do to make these scumbags pay for what they did to this woman as they really freaked her out. And that’s not cool with me.

Hopefully this story was informative and gives you some insight. If you have any questions, please reach out by leaving a comment below.

Leave a comment »

Tornado Cash used in Lazarus Group’s latest money laundering

Posted in Commentary with tags on March 19, 2024 by itnerd

The thing about cyberattacks is that if the threat actors get paid via say ransomware or outright theft, they need to launder the money somehow so that they can spend it. Otherwise it would have been pointless to “acquire” the cash. Well a new report from The Record shows what the Lazarus Group based out of North Korea will do to launder money:

North Korea’s Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.  

Investigators at blockchain research company Elliptic said on Friday that in the last day they had  seen the funds — part of the $112.5 million stolen from the HTX cryptocurrency exchange in November — laundered through the Tornado Cash mixing service.  

The use of Tornado Cash stood out to Elliptic because the service was sanctioned by U.S. authorities in August 2022, prompting Lazarus actors to turn to another mixing service called Sinbad.io. The U.S. Treasury Department sanctioned Sinbad.io in November

“Lazarus Group now appear to have returned to using Tornado Cash as a way to launder funds at scale and obfuscate their transaction trail,” Elliptic said, noting that the hackers sent the more than $23 million in about 60 transactions.  

“This change in behavior and return to the use of Tornado Cash likely reflects the limited number of large-scale mixers now operating, thanks to law enforcement takedowns of services such as Sinbad.io and Blender.io,” the company said. 

The researchers noted that Tornado Cash has been able to continue operating despite the sanctions because it runs on decentralized blockchains, meaning it “cannot be seized and shut down in the same way that centralized mixers such as Sinbad.io have been.”

Ken Westin, Field CISO, Panther Labs had this comment:

The Lazarus threat group from North Korea have been primarily targeting the crypto currency, financial services and cybersecurity industries. Their techniques focus primarily on developers through social engineering attacks to gain access to code repositories, devops and cloud infrastructure with the goal of gaining access to crypto wallets and accounts, as well as access to code and secrets. These attacks have proven to be quite lucrative, and by stealing cryptocurrency, has provided the North Korean regime a method to evade financial sanctions and further fund their military endeavors. This should be a bigger cause for concern for the the US government and its allies given the collaboration North Korea has with helping the Russian military, where it recently shipped 7K containers of munitions and other military supplies. Although the US has been cracking down on crypto currency mixing services, which are commonly used to launder money through crypto exchanges, North Korea has still been able to take advantage of the rising value of crypto currencies and continue to use these services to convert stolen crypto currency to fund their military operations.

This illustrates how hard it is so shut down avenues for groups like this one to launder money. That means that nations really have to redouble their efforts to make harder and harder for groups to launder money. That way it makes it less profitable for these groups.

Leave a comment »

VPN Mentor Sees 234.8% Surge In VPN Demand In Texas Following Adult Site Ban

Posted in Commentary with tags on March 18, 2024 by itnerd

VPN Mentor’s research team has conducted an analysis of user demand data in Texas after the well known adult site Pornhub blocked access to its users in Texas following a new age verification law that came into force on March 14th. In just one day, VPN Mentor witnessed a surge of 234.8% in VPN demand in Texas. 

You will find all the details to their findings here: https://www.vpnmentor.com/news/vpn-demand-surge-texas/

Leave a comment »

« Older Entries
Newer Entries »