Vale é hackeada e documentos mostram como empresa lida com acidentes

By: Felipe Payão

A mineradora multinacional brasileira Vale foi invadida e documentos internos supostamente confidenciais foram retirados e vazados por invasores. Hackers teriam se aproveitado de uma porta aberta no Microsoft SharePoint, ferramenta de software para colaboração em equipe, para resgatar atas, para extrair ocorrências e incidentes de segurança pelo mundo.

TecMundo recebeu os documentos na terça-feira (29) por uma fonte anônima. São cerca de 40 mil arquivos em uma pasta de 500 MB. Por lá, é possível encontrar incidentes de segurança que aconteceram entre 2017 e 2019 em áreas da Vale no Brasil, Canadá, Moçambique, Nova Caledônia e Indonésia.

“Um dos documentos relata assalto a mão armada em um duto, e não houve registro de ocorrência policial posterior”, afirmou a fonte no email em que enviou os documentos. O TecMundoencontrou o documento citado em específico, mas não a questão da ocorrência policial citada.

A Vale foi contatada sobre o incidente, contudo, não ofereceu qualquer resposta até o momento da publicação desta matéria — atualização: após a publicação, a companhia enviou uma nota que você confere abaixo. Do outro lado, os hackers não detalharam como a companhia foi invadida, apenas notaram que os documentos foram extraídos por meio de uma brecha na URL oculta que estava aberta ao público — “Indexação de documentos secretos em um subdomínio oculto, por meio de motores de busca”, notaram.

Mais: https://www.tecmundo.com.br/seguranca/138314-vale-hackeada-documentos-mostram-empresa-lida-acidentes.htm?f&utm_source=facebook.com&utm_medium=referral&utm_campaign=thumb

Hundreds of German Lawmakers Targeted in Mass Cyber Attack

By: David Gilbert

REUTERS/Wolfgang Rattay

A stolen cache of personal information belonging to nearly 1,000 German politicians — including outgoing Chancellor Angela Merkel — has been leaked, according to a report published Thursday.

The information includes everything from phone numbers and credit card details to private messages with family members, German media said.

The hack has impacted national, regional and EU politicians from all major parties except for members of the far-right Alternative for Germany (Alternative für Deutschland, or AfD) party. Journalists, musicians, comedians and activists were also targeted.

There is currently no indication of who was behind the attack, but the hacker or hackers leaked information for more than a month on Twitter before the media picked it up.

The scale of the hack was first reported by RBB, leading Justice Minister Katarina Barley to call it a “serious attack” Friday morning.

“The people behind this want to damage confidence in our democracy and institutions,” Barley said.

The federal office for information security (BSI) said Friday it was investigating, adding that government networks had not been affected.

 

Private messages from 81,000 hacked Facebook accounts for sale

By: Andrei Zakharov

Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts.

The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure.

Facebook said its security had not been compromised.

And the data had probably been obtained through malicious browser extensions.

Facebook added it had taken steps to prevent further accounts being affected.

The BBC understands many of the users whose details have been compromised are based in Ukraine and Russia. However, some are from the UK, US, Brazil and elsewhere.

The hackers offered to sell access for 10 cents (8p) per account. However, their advert has since been taken offline.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

Intimate correspondence

The breach first came to light in September, when a post from a user nicknamed FBSaler appeared on an English-language internet forum.

“We sell personal information of Facebook users. Our database includes 120 million accounts,” the user wrote.

The cyber-security company Digital Shadows examined the claim on behalf of the BBC and confirmed that more than 81,000 of the profiles posted online as a sample contained private messages.

Data from a further 176,000 accounts was also made available, although some of the information – including email addresses and phone numbers – could have been scraped from members who had not hidden it.

The BBC Russian Service contacted five Russian Facebook users whose private messages had been uploaded and confirmed the posts were theirs.

One example included photographs of a recent holiday, another was a chat about a recent Depeche Mode concert, and a third included complaints about a son-in-law.

More: https://www.bbc.co.uk/news/amp/technology-46065796

FIFA admits hack and braces for new leaks

By: Catalin Cimpanu

 

March 2018 phishing incident pegged as possible origin of latest hack and subsequent data theft.

FIFA officials are bracing for new damaging leaks to be published this week after soccer’s governing body fell victim to a phishing attack.

FIFA President Gianni Infantino admitted to the new hack while talking to the press after a FIFA Council meeting last week in Kigali, Rwanda.

He said that both FIFA, soccer’s global governing entity, but also UEFA, Europe’s soccer body, had received hundreds of questions from journalists about subjects only recorded in FIFA confidential documents.

Officials believe that someone at FIFA fell victim to a phishing attack this March, the New York Times reported on Tuesday.

Hackers are believed to have used this entry point to gain access to confidential data, which they have now leaked to Football Leaks, a website that became famous in late 2015 after it started publishing internal FIFA documents revealing the dirty dealings of the soccer player market. The 2015 leak, believed to have been caused by insiders, led to the firing of many FIFA officials and the prosecution of soccer superstars such as footballer Cristiano Ronaldo and coach Jose Mourinho.

The Football Leaks organization has already shared some of the files obtained from the recent hack with news agencies part of the European Investigative Collaborations (EIC), which said it plans to publish the new revelations starting this Friday, November 2.

More: https://www.zdnet.com/google-amp/article/fifa-admits-hack-and-braces-for-new-leaks/

Phishing attacks: Why is email still such an easy target for hackers?

By: Danny Palmer

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organisation being compromised.

For example, the cyber attack against the Democratic National Committee that led to thousands of private emails being exposed in the run up to the US Presidential election started with just one successful phishing email, while countless espionage and malware campaigns have also gained entry to organisations via an email-based attack.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.

More:  https://www.zdnet.com/article/phishing-attacks-why-is-email-still-such-an-easy-target-for-hackers/

 

Hackers breached into system that interacts with HealthCare.gov

By: Pierluigi Paganini

Centers for Medicare and Medicaid Services announced hackers breached into a computer system that interacts with HealthCare.gov.

Hackers breached into a computer system that interacts with HealthCare.gov, according to Centers for Medicare and Medicaid Services, attackers accessed to the sensitive personal data of some 75,000 people.

After experts discovered the intrusion, the system was shut down and the IT staff is working to restore the operation.

“Officials said the hacked system was shut down and technicians are working to restore it before sign-upseason starts Nov. 1 for health care coverage under the Affordable Care Act.” reported the Associated Press.

“The system that was hacked is used by insurance agents and brokers to directly enroll customers. All other sign-up systems are working.”

In the US, Barack Obama’s health care law ensured the private coverage for about 10 million people that in order to access the public service have to provide extensive personal information, including Social Security numbers, income, and citizenship or legal immigration status.

Starting November 1, people can log in to HealthCare.gov, fill out an application, and enroll in a 2019 Marketplace health plan.

More: https://securityaffairs.co/wordpress/77273/data-breach/system-interacting-healthcare-gov-hack.html

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

By: Pierluigi Paganini

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

More: https://securityaffairs.co/wordpress/77213/hacking/cyber-attacks-crypto-exchanges.html

Cybersecurity isn’t being taken seriously enough: MIT professor

By: Saheli Roy Choudhury

The digital economy is set to unlock tremendous economic value for countries over time. But a common setback for the use of various new technologies is their vulnerability to hackers.

That’s because companies and individuals are not taking cybersecurity seriously, according to Erik Brynjolfsson, director at the MIT Initiative on the Digital Economy and a professor at MIT Sloan School.

The threat of cyber attacks “can be addressed much more effectively than it has been,” he told CNBC’s “Street Signs” at the annual Barclays Asia Forum in Singapore. “I think we’re just not taking it seriously enough.”

Brynjolfsson was commenting on the news that a Google bug exposed the account information of 500,000 users, spurring the tech giant to make a slew of privacy changes and shut down the Google Plus service for consumers.

“The story here isn’t really about Google, it’s about our atrocious cybersecurity — not just in social networks, but in banking or voting systems,” he said. “Whenever I talk to the real cyber experts, they tell me the lights are blinking red, that we’re so vulnerable, and we need to do a lot more to make our information system secure.”

There have been numerous incidents in recent years where technology companies suffered breaches that resulted in user data getting compromised: Uber was fined for a 2016 data breach, Facebook recently discovered a security issue that allowed hackers to access information that could have let them take over around 50 million accounts, and the personal information of millions of Americans was affected in a data breach at credit reporting firm Equifax last year.

Combating cyber threats “boils down to prioritizing at a higher level,” Brynjolfsson said. Some of the fixes are straightforward: For example, he said, two-factor authentication might prevent unauthorized logins and machine-readable paper ballots could make voting systems more secure.

“These small additional steps, they may slow down some of the processes incrementally, add a little bit of cost, a few percent here and there, but they’ll make us tremendously more secure,” he said.

In cybersecurity, he explained, using publicly available cryptography is usually more secure than proprietary systems that are built for specific companies — that’s because the former is extensively tested by the cryptography community.

Digital economies are set to grow as companies spend more money to transform their businesses using technology. International Data Corporation said that in 2018, worldwide spending on digital transformation will shoot past $1 trillion.

More: https://www.cnbc.com/amp/2018/10/09/cybersecurity-isnt-being-taken-seriously-enough-mit-professor.html

Japanese Crypto Exchange Hit by $60m Heist

By: Phil Muncaster

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaifsuffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

More: https://www.infosecurity-magazine.com/news/japanese-crypto-exchange-hit-by/