Economic Pressures has Fraud and Auto Theft on the Minds of Canadians: Equifax Canada

Posted in Commentary with tags on February 27, 2024 by itnerd

A new survey* by Equifax Canada sheds light on a public increasingly worried about the potential rise in fraudulent activity across industries. In addition, Equifax Canada data shows mortgage fraud and identity fraud continuing to escalate across the country as economic pressure continue.

Key Overall Findings: 

  • Economy Fuels Fears: Over 76 per cent of Canadians surveyed believe financial hardships may increase the likelihood of people committing fraud and theft, suggesting economic anxieties may contribute to growing auto theft and identity fraud concerns.
  • Auto Industry Alarm: Over 74 per cent of Canadians surveyed believe insurance fraud impacts their auto insurance payments, highlighting the financial burden of this growing crime. Over 56 per cent believe that keyless entry and ignition systems have increased the risk of auto theft, with 48 per cent knowing someone who has had their vehicle stolen.

Equifax Data: Tracking Identity Fraud Across All Sectors
While overall fraud rates have seen a slight decline compared to the peak levels of 2022, the prevalence of identity fraud has increased. In the fourth quarter of 2023, identity fraud accounted for a staggering 75.21 per cent of all fraudulent applications across all sectors, marking a significant increase from 64.7 per cent in the previous year. This rise in identity fraud poses a substantial risk to consumers and financial institutions alike, as fraudsters employ increasingly sophisticated tactics to exploit the system. The biggest proportion of identity fraud was seen in the banking sector, where 73.5 per cent of all fraudulent credit card applications and 89.3 per cent of all deposit frauds in Q4 2023 were found to be because of identity fraud.

Auto Industry 
The Equifax application fraud data also suggests nearly 80 per cent of auto fraud cases involve first-party fraud, where individuals falsify income or financial statements when applying for a car loan. New data indicates that the proportion of identity fraud in auto fraud applications has doubled since 2019. Secured lending institutions are especially vulnerable to these attacks, as fraudsters manipulate identity information to secure loans and acquire vehicles through deceptive means.

In response to these fraud trends, Equifax Canada emphasizes the importance of proactive fraud prevention measures and heightened consumer awareness. Equifax Canada suggests businesses consider adopting a fraud prevention platform like FraudIQ Manager to protect their business.

Mortgage Woes
Equifax Canada quarterly data** also shows fraud rates in mortgage applications continue to rise, up by 9.9 per cent in Q4 compared to Q4 2022, with Ontario having the highest mortgage fraud rate among all the provinces. Mortgage fraud is most commonly seen in the form of first-party fraud, where an individual provides false information to qualify for a mortgage.

Equifax Canada encourages consumers to explore ID theft protection products that can help detect fraud sooner by alerting them to key changes on their credit reports and scores, as well as reviewing tips to protect their information, including:

  • Using strong and unique passwords
  • Being cautious of suspicious calls and emails
  • Carefully disposing of sensitive documents like bank statements and credit card bills
  • Being careful about sharing personal information and only sharing personal information and photo identification with trusted institutions

* Equifax surveyed 1,614 Canadians ages 18-65, Feb. 2-4. A probability sample of the same size would yield a margin of error of +/- 2.5 per cent, 19 times out of 20.

* *Equifax data pulled from Q4 2019 to Q4 2023

Leave a comment »

DoE Initiative Releases Cybersecurity Baseline For Electric Distribution Systems And DER Companies

Posted in Commentary with tags on February 27, 2024 by itnerd

On Thursday, as part of a Department of Energy funded initiative, The National Association of Regulatory Utility Commissioners (NARUC) released voluntary cybersecurity baselines for electric distribution systems and distributed energy resources (DER) companies.

According to the press release, the electric distribution systems and DER industries are fast-growing, and given that regulatory authorities are at the state level instead of through the Federal Energy Regulatory Commission, which enforces mandatory cybersecurity compliance for the U.S. grid, cybersecurity regulation among states can vary widely and the guidance is necessary to provide uniform requirements.

This initiative is divided into two phases:

  1. Cybersecurity Baselines define the cybersecurity controls that should be implemented, without specifying which procedures or technologies to use, as a framework for regulatory bodies and distribution utilities to develop their own cybersecurity requirements in conjunction with Phase 2 implementation strategies.
  2. Implementation Strategies and Adoption Guidelines to support electric distribution system stakeholders as they continue to develop and refine their cybersecurity requirements, including recommendations for assessing cybersecurity risks, prioritizing the assets to which the cybersecurity baselines might apply, and prioritizing the order in which the baselines might be implemented based on cyber risk assessments.

The guidance is also a part of the national cybersecurity strategy which directs DOE to promote cybersecurity resilience into the grid transition. DOE has other efforts aimed at securing the transition, such as the Clean Energy Cybersecurity Accelerator and the Energy Cyber Sense vulnerability testing program for grid equipment.

Mark B. Cooper, President & Founder, PKI Solutions had this to say:

   “The evolving threats facing critical infrastructure, especially electric distribution systems, continue to increase while there’s a lack of proper tools that increase resilience. Regardless of the implementation of effective technologies, the mindset needs to shift to a more proactive strategy that includes real-time monitoring to identify misconfigurations so that remediations can be performed before they become security threats.

   “A resilient energy grid relies on foundational cryptography systems like PKI, but historically these systems have had challenges. It’s good to see the DOE’s initiative offering a framework for these stakeholders to defend against cyber threats and promote cyber-resilience with a uniform approach, but success of the program will be dependent on implementation of enhanced identity management and encryption standards and tools in order to defend against unauthorized access and threats in the energy sector.”

Emily Phelps, VP, Cyware follows with this:

   “This effort to create cybersecurity clarity and consistency is a positive step towards defending our critical infrastructure. We aim for resilience of critical energy infrastructure, and these baselines provide organizations within the energy sector a good framework to enhance their cybersecurity measures, align with industry standards, and collaboratively address the challenges posed by the evolving cyber threat landscape.”

This is a good move as this brings organizations into line. Which means they are more likely to be prepared for a cyberattack. And better yet, better able to defend against it.

Leave a comment »

Phishing-as-a-Service group LabHost Targeting Canadian Banks

Posted in Commentary with tags on February 26, 2024 by itnerd

Global cybersecurity software and services provider Fortra has been monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. 

Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service groups growing as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms offer membership services that boast features such as access to an array of stolen industry branding, monitoring tools, security bypass abilities, and more.

LabHost services allow threat actors to target a variety of financial institutions with features ranging from ready-to-use templates, real-time campaign management tools and SMS lures. In order to protect against attacks targeting their organizations, security teams should be aware of the spaces these attacks are occurring in and monitor for activity targeting their brands.

You can read the full details here.

Leave a comment »

Two Ways To Save Money On Apple Hardware

Posted in Commentary with tags on February 25, 2024 by itnerd

Apple hardware is expensive because of the fact that Apple makes it that way. But you can save some money with zero risk in terms of warranty and the quality of the gear. And there’s two ways to do that.

  • The Apple Refurbished Store: This is the first method to save money on Apple hardware. Apple has their refurbished store at either https://www.apple.com/shop/refurbished in the USA or https://www.apple.com/ca/shop/refurbished in Canada. The advantage of going this route is that the products that are sold are usually returns from customers who didn’t want the products in question. These products are refurbished by Apple back to new status, and are eligible for AppleCare. Which means there’s no risk in terms of buying these products. But the best part is that you can save a significant amount of money depending on the product. One of the only catches is that the products that are available can often change. Sometimes on a daily basis. So if there’s something that you want, you need to jump on it as soon as you see it. The only other catch is that you have to take the products as you see them. In other words, you can’t customize things like storage or RAM.
  • The Amazon Apple Store: Apple maintains a store on Amazon where products which are new have a tendency to go on sale. For example, Apple AirPod Pro will often be on sale for example. Having said that, the selection can vary. And you may have to play the long game to find the product that you want at the price you want to pay. But if you’re willing to do that, this can save you some money.

Are there any other ways that people can save money on buying Apple hardware? Leave a comment and share your suggestions.

2 Comments »

New Report Shows The True Cost Of Ransomware

Posted in Commentary with tags on February 24, 2024 by itnerd

A new report out by Cybereason this week revealed some very interesting key elements on the state of ransomware attacks in the US and internationally.

Access Methods: Ransomware attackers utilizing various techniques for access including:

  • supply chain (41%)
  • direct access (24%)
  • insider assistance (22%)

Second Attacks After Paying:

  • Despite paying the ransom, many organizations face second attacks, with 76% of German and 71% of French organizations reporting repeat attacks

AI Turbocharging Ransomware Attacks:

  • Generative AI tools like ChatGPT enable dynamic translation for localized attacks and automate personalized social engineering attacks, accelerating the trend of localized attacks
  • AI also lowers the skills barrier, increasing automation in writing attacks, and offers tools like wormGPT for specific purposes

Cyber Insurance Efficacy and Pitfalls:

  • 95% of organizations are enhancing resilience to ransomware attacks through cyber insurance
  • However, many lack a clear understanding of their coverage, leading to unexpected payouts and incomplete protection.
  • if there’s any evidence that your payment was used to fund terrorism or organized crime, you could find yourself facing criminal charges.

Geographical Targeting and Ransom Amounts:

  • The US faces the highest ransom, with reported payments at $1.4 million
  • Non-English language countries are increasingly targeted, with ransoms likely to rise as attackers gauge the value businesses place on avoiding disruption.

Troy Batterberry, CEO and Founder, EchoMark:

   “So much effort in the cybersecurity industry has been applied to the well understood problem of better securing organizational assets from unauthorized access. However, ransomware attacks from insider assistance remains a big and growing problem. Over 90% of the world’s organizations are completely unprepared for the risks imposed by insiders. Furthermore, these threats are growing in frequency by nearly 50% each year, and the scope of the damage for single event is growing as well.

   “Insiders already have access to an organization’s most valuable assets, including customer information, intellectual property, trade secrets, etc. Simply put, insiders inherently know what is valuable, and they can access it. Unfortunately, their theft or leakage can even become an ”extinction event” for an organization.”

This is a report that everyone should read as it will open your eyes to the true cost of ransomware. And ideally you should also figure out how it can apply to your situation so that you are adequately prepared.

Leave a comment »

AT&T Outage Was Caused By A Software Update…. That Will Sound Familiar To Canadians

Posted in Commentary with tags on February 23, 2024 by itnerd

Yesterday, AT&T had a massive outage that I compared to the Rogers outage that happened almost two years ago. This outage like the Rogers outage was so crippling that it took out the ability to call 911, which is of course bad. It now seems that the cause of this outage is similar to the cause of the Rogers outage, which you can get details about here. Which is a software update caused this outage:

AT&T told ABC News in a statement ABC News that the outage was not a cyberattack but caused by “the application and execution of an incorrect process used as we were expanding our network.”

“We are continuing our assessment of today’s outage to ensure we keep delivering the service that our customers deserve,” the statement continued.

The software update went wrong, according to preliminary information from two sources familiar with the situation.

Sources have told ABC News that there was nothing nefarious or malicious about the incident.

The outage was not caused by an external actor, according to a source familiar with the situation. AT&T performs updates regularly, according to the source.

Now that may be what actually happened. But clearly that’s not a good enough answer for the FBI and DHS:

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported, according to a confidential memo obtained by ABC News, that “the cause of the outage is unknown and there are no indications of malicious activity.” CISA is an agency within DHS tasked with monitoring cyber threats.

The FCC has been in touch with AT&T to figure out what caused the outage, according to National Security Communications Advisor John Kirby.

Kirby told reporters Thursday afternoon that DHS and the FBI were looking into the outage as well and working with the tech industry and network providers to see what can be done “from a federal perspective to enhance their investigative efforts to figure out what happened here.”

“The bottom line is we don’t have all the answers,” he said. “We’re working very hard to see if we can get to the ground truth of exactly what happened.”

Like I said yesterday in my initial post about this, AT&T will have some hard questions that they need to answer. It looks like that’s starting now. And it is likely to get more and more intense for AT&T. Sucks to be them.

Leave a comment »

Hugging Face, the “GitHub for AI” presents major vulnerabilities 

Posted in Commentary with tags on February 23, 2024 by itnerd

Researchers with HiddenLayer, a provider of security for artificial intelligence (AI) models and assets, have published new research on major security vulnerabilities in Hugging Face – the popular repository and platform that allows AI developers to share open-source code, models, and data to kick-start their artificial intelligence projects. The researchers found that vulns exposed can potentially impact everyone now hosting their AI models that have had models converted into the Safetensors format, as well as all users of those models.

In “Silent Sabotage: Hijacking Safetensors Conversion on Hugging Face” 2/21/24 research from HiddenLayer reveals that Hugging Face’s widely-used SFconvertbot, designed to convert insecure machine learning model formats to the more secure Safetensors format, has inadvertently become a vector for potential security breaches.

Malicious actors can exploit the Safetensors conversion process to submit pull requests containing malicious code or backdoored models to any company or individual with a public repository on the platform.

Their research also finds that any user who enters their user token to convert a private repository is liable to have had their token stolen and, consequently, their private model repositories and datasets accessed.

Unlike conventional code review processes, identifying and mitigating these malicious changes is exceptionally challenging and time-consuming for affected companies.

Chris “Tito” Sestito, Co-Founder and CEO of HiddenLayer, said: “The compromise of the conversion service has the potential to rapidly affect the millions of users who rely on these models to kick-start their AI projects, creating a full supply chain issue. Users of the Hugging Face platform place trust not only in the models hosted there but also in the reputable companies behind them, such as Google and Microsoft, making them all the more susceptible to this type of attack. This vulnerability extends beyond any single company hosting a model.”

Out of the top 10 most downloaded models from both Google and Microsoft combined, the models that had accepted the merge from the Safetensors bot had a staggering 16,342,855 downloads in the last month. While this is only a small subset of the 500,000+ models hosted on Hugging Face, they reach an incredible number of users. The bot itself has made over 42,657 pull requests to repositories on the site to date, any of which have the potential to be compromised.

HiddenLayer researchers demonstrated how tokens for the official Safetensors conversion bot to submit pull requests could be stolen, and how, from there, an attacker could take over the service to automatically hijack any model submitted to the service.

The potential consequences for such an attack are huge, as an adversary could implant their own model in its stead, push out malicious models to repositories en-masse, or access private repositories and datasets. Moreover, where a repository has already been converted, a malicious actor could still submit a new pull request, or in cases where a new iteration of a PyTorch binary is uploaded and then converted using a compromised conversion service, repositories with hundreds of thousands of downloads could be affected.

Hugging Face is an important resource for the growing AI/ML community: it lets users share models, research and resources, helps accelerate model training, and reduces AI’s resource consumption and environmental impact.

Despite the best intentions of Hugging Face to secure machine learning models in its ecosystem, the conversion service has proven to be vulnerable and has had the potential to cause a widespread supply chain attack via the Hugging Face official service. Researchers also showed how an attacker could gain a foothold into the container running the service and compromise any model converted by the service.

Leave a comment »

Change Healthcare Appears To Have Been Pwned In A Cyberattack

Posted in Commentary with tags on February 23, 2024 by itnerd

Change Healthcare has confirmed a cyberattack resulting in the company disconnecting its systems which is impacting its operations.

Change Healthcare is owned by UnitedHealth Group and is one of the largest healthcare technology companies in the US handling 15 billion patient, healthcare transactions annually.

Although the nature of the cyber incident has not been disclosed, Change Healthcare login pages have been inaccessible resulting in local pharmacies and healthcare providers, especially those in Michigan, unable to process prescriptions due to the “nationwide outage from the largest prescription processor in North America,” said Scheurer Health, a healthcare provider in Michigan on its Facebook page.

The incident began early on Tuesday morning and, as of yesterday, a statement on the company website says the disruption is expected to last through the day.

Mark B. Cooper, President & Founder, PKI Solutions had this to say:

   “While Change Healthcare’s swift response and communications are commendable, the cyber-attack highlights the challenges the healthcare industry and its vendors face in safeguarding against evolving cyber threats to their Critical Infrastructure Protection (CIP) environments.

   “The ongoing repercussions of the cyber-attack, such as unfilled prescriptions, underscores the critical need for real-time vigilant monitoring to quickly identify misconfigurations to and alert the appropriate technical and security resources for prompt remediation, preventing them from becoming vulnerabilities. Such proactive measures are essential to defend against unauthorized access that leads to these debilitating outcomes.”

I do applaud their quick action. But I wonder if a post mortem of this incident will reveal that there were things that they could have done to prevent this. Hopefully they are open and transparent about what led up to this and what they have done to prevent a similar occurrence going forward.

4 Comments »

Hadrian Recognized as the Only Vendor That is Both a Leader and Outperformer in GigaOm Radar Report for Attack Surface Management 2024

Posted in Commentary with tags on February 23, 2024 by itnerd

Hadrian, a trailblazer in automated offensive cybersecurity, has earned the distinction as the only vendor recognized as both a Leader and Outperformer in the prestigious GigaOm Radar Report for Attack Surface Management 2024. According to Chris Ray, Analyst at GigaOm “This positioning reflects Hadrian’s commitment to pushing the boundaries of cybersecurity technology, demonstrating its capability to lead the market with forward-thinking solutions that address complex security challenges.”

Since its inception, Hadrian’s goal has been to shift organizations away from reactive approaches to cyber security to a proactive strategy. Hadrian believes that by embracing continuous threat exposure management organizations can leapfrog maturity levels and become more secure. 

Hadrian’s automated penetration testing capability, powered by sophisticated Orchestrator AI, stood out in GigaOm’s testing for providing high-fidelity testing by emulating real-world attacker behavior without manual intervention.

GigaOm’s rigorous evaluation criteria scrutinize key features, emerging technologies, and business capabilities. Across the key features assessed, Hadrian received a rating of “exceptional” or “superior” in four of the five criteria. Chris Ray adds “Hadrian is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant due to its cutting-edge approach to ASM solutions.” 

To learn more about Hadrian’s innovative approach read the GigaOm Radar for Attack Surface Management report.

Leave a comment »

HHS Fines Company For Issues That Led Them To Get Pwned In A Ransomware Attack

Posted in Commentary with tags , on February 23, 2024 by itnerd

HHS’s Office for Civil Rights (OCR) has levied a $40,000 fine against Green Ridge Behavioral Health, a MD psychiatric health services provider for HIPPA violations related to a ransomware attack on the company.

Green Ridge experienced a ransomware attack in 2019 that encrypted the healthcare records of some 14,000 patients. Though the company did not pay the ransom and was able to recover their systems from backups, HIPPA’s investigation revealed them to have been well out of compliance with HIPPA regulations.

Green Ridge Behavioral Health failed to:

  • Have in place an accurate and through analysis to determine the potential risks and vulnerabilities to electronic protected health information;
  • Implement security measures to reduce risks and vulnerabilities to a reasonable and appropriate level; and
  • Have sufficient monitoring of its health information systems’ activity to protect against a cyber-attack.

 
Under the terms of the settlement with Greenridge, HHS required the company to:

  • Conduct a comprehensive and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information;
  • Design a Risk Management Plan to address and mitigate security risks and vulnerabilities found in the Risk Analysis;
  • Review, develop, or revise its written policies and procedures to comply with the HIPAA Rules;
  • Provide workforce training on HIPAA policies and procedures;
  • Conduct an audit of all third-party arrangements to ensure appropriate business associate agreements are in place, where applicable; and
  • Report to OCR when workforce members fail to comply with HIPAA.

This is the second time that OCR has fined a HIPAA regulated company for violations identified during a ransomware investigation.

Steve Hahn, Executive VP, BullWall had this comment:

   “There is a reason HIPPA has strict compliance guidelines and cyber security is supremely important to the security of patient information. Ransomware attacks on medical service providers have become a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information. The impact of these attacks can in fact be devastating, as they can leave medical providers struggling to recover their data and regain control of their systems. In this case, Green Ridge did not pay the ransom, but whether the ransom is paid or not, the costs in dollars and lost patient services severely cripple these already struggling institutions.

   “Hospitals and healthcare organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable. It is very encouraging to see OCR enforcing compliance with a cyber security “Best Practices” approach for providers.”

Mark B. Cooper, President & Founder, PKI Solutions follows with this:

   “The fact that this is only the second time OCR has fined a HIPAA company for violations after a cyberattack should be a wake-up call for the Security Teams at every health services provider. Medical records are far more valuable for hackers than credit card numbers or Social Security numbers, so a mindset shift is needed into proactive monitoring and visibility in critical infrastructure protection (CIP) misconfigurations should be a priority and not an afterthought. Invest in proactive monitoring and visibility now or pay later.”

I’m all for punishing companies who don’t have their act together when it comes to security. The fact that this company got pwned, and then got punished for getting pwned should send the message that everyone needs to up their game. Or else.

Leave a comment »

« Older Entries
Newer Entries »