now browsing by tag
Nearly 4,000 new students at Catholic schools in Boston, 700 in Springfield as they field calls from parents wanting in person learning | #Education | #parenting | #parenting | #kids
Nearly 4,000 new students at Catholic schools in Boston, 700 in Springfield as they field calls from parents wanting in person learning | #Education | Parent Security Online […] View full post on National Cyber Security
Emilia Clake And Matt Smith Are All Smiles As They Enjoy Dinner Date In London | #tinder | #pof | romancescams | #scams
By Becca Longmire.39 mins ago Credit: Splash News Emilia Clarke and Matt Smith were spotted enjoying a night out together in London Friday. The “Game of Thrones” actress was pictured […] View full post on National Cyber Security
#bumble | #tinder | #pof Virtual Blind Date: Tim and Janet’s date gets cut short, but they make plans for a redo | romancescams | #scams
Our Blind Date series is proudly presented by Criswell & Criswell Plastic Surgery. Husband and wife team, Dr. Bryan and Kara Criswell, know how important it is to find someone who brings […] View full post on National Cyber Security
#childsafety | Should Ofsted visit schools in England when they reopen? | Education | #parenting | #parenting | #kids
As parents and teachers worry about school safety, Ofsted, the schools watchdog, will start a “phased return” to inspections in September, starting with all schools graded “inadequate”, plus a sample […] View full post on National Cyber Security
Mindy Kaling Admits It Was ‘Challenging’ to Work With BJ Novak on the Show After They Broke Up | #facebookdating | #tinder | #pof | romancescams | #scams
Mindy Kaling and BJ Novak played love interests on The Office. Like Kelly and Ryan, Kaling and Novak had a very up-and-down real-life connection. Today, the actors/writers are close friends. […] View full post on National Cyber Security
What we train our police to do — and what they actually do | #schoolshooting | #parenting | #parenting | #kids
Richard Nixon called police forces “the real front-line soldiers in the war on crime.” Bill Clinton, in his signing ceremony for the 1994 crime bill, called them “the brave men […] View full post on National Cyber Security
December 1989 marks 30 years since the first ransomware attack was spammed out on 20,000 floppy disks [1’39”]. We also talk about the Snatch ransomware [8’08”], iPhone 11 tracking concerns [18’10”], and open-source supply chain madness [28’14”].
Host Anna Brading is joined by Sophos experts Mark Stockley, Peter Mackenzie and Paul Ducklin.
Listen below, or wherever you get your podcasts – just search for Naked Security.
Click-and-drag on the soundwaves below to skip to any point in the podcast.
The post Why don’t they send ransomware on floppies anymore? – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
The ransom demand was electronic.
In 2017, Newark’s computer system was hijacked by a group of hackers from halfway across the world, shutting down municipal services. Officials were given just seven days to come up with $30,000 in Bitcoin or they could kiss the city’s encrypted computer files goodbye.
They paid the ransom.
Cybercrime continues to explode nationwide, according to the Federal Bureau of Investigation’s most recent internet crime report. Last year, federal authorities received more than 350,000 complaints involving internet-based fraud, an increase of 16.7 percent over the previous year. Victim losses across the country in 2018 related to cybercrime totaled $2.71 billion.
In New Jersey, more than 8,400 victims across the state — including businesses, individuals, and government agencies — reported overall cybercrime losses last year of $79.7 million, making the state ninth in the nation for such high-tech theft, the FBI reported.
While much of that involved scams against individuals, businesses and Fortune 500 companies, the masters of the dark web have also been targeting your local tax collector’s office. Dozens of municipal government agencies in New Jersey have been victimized by hackers over the past two years, but have been reluctant to make those attacks public, officials say.
John Cohen, a senior expert on global threats for the Argonne National Laboratory and a professor at the Georgetown University Security Studies Program, said local governments remain easy targets for cyber criminals.
“Their systems remain vulnerable due insufficient security and local governments continue to pay the criminals,” Cohen said. “Until localities change their practices in the regard, they will continue to be targeted.”
In New Jersey, the state’s Office of Homeland Security and Preparedness said it has been tracking the threat of ransomware since 2015 and officials said municipal governments have long been in the mix.
“Many cyber-threat actors are just looking for low-risk targets and something they can monetize,” said Jared Maples, who heads the state agency. “The availability of hacking tools and the increasing number of unsecured internet-connected devices reduces the need for extensive technical skills to carry out successful cyberattacks.”
Officials at the Municipal Excess Liability Joint Insurance Fund, which helps insure public entities across the state, said they have seen a 540% increase in cyber attacks on local government agencies since 2013. About 80 events have been reported over that time, but officials with the fund said they were aware of 50 others that were never formally reported.
“Nobody wants to acknowledge they’ve been victimized,” said Marc Pfeiffer, assistant director of the Bloustein Local Government Research Center at Rutgers University, of the radio silence. Nobody is going to call a press conference to announce someone made off with taxpayer funds, he said.
Maples, meanwhile, believes that what is happening is only going to get worse.
“Cyberspace is a complex, diverse, and fluid security environment with real, persistent, and evolving threats,” he said. “The impacts of cyberattacks will increase as we enter into an era of autonomous systems, artificial intelligence, smart cities, hyper-connectivity, and the convergence of cyber-physical systems and devices.”
While many of the high profile cybercrime cases that have come to light in recent years have involved ransomware, where malicious software delivered by a link that should never have been clicked is used to corrupt and encrypt computer files, that is only one of many weapons commonly employed. According to the FBI, the attack tactic most gaining favor these days is known as Business Email Compromise, or BEC, which targets those who use wire transfers.
The BEC scam works by compromising the email of corporate executives — and sometimes of municipal officials involved in finance — and seeks to redirect wire transfers meant for suppliers or financial institutions to fraudulent accounts both here and abroad.
Earlier this year, Lawrence Espaillat, 41, of Clifton pleaded guilty in connection with a BEC scheme to steal more than $1 million from corporate victims and individuals. Authorities said Espaillat and others incorporated sham businesses and created email addresses, which mimicked but differed slightly from legitimate email addresses of supervisory employees at various companies. Emails from those sham accounts were then used to send what appeared to be requests for payment of legitimate invoices or debts owed by the victims.
Last year in New Jersey, according to state municipal finance officials, at least one unnamed municipality was sent wiring instructions by such a compromised email to change its bond anticipation note payments from what appeared to be one reputable banking institution to another. They sent $40,000 to the other account, which was fraudulent.
In August 2018, the FBI said received a complaint filed on behalf of another New Jersey town that fell victim of another BEC scam, transferring more than $1 million into the fraudulent account. Michael Doyle, an FBI supervisory special agent in New Jersey, would not identify the town, but said the money was recovered through a “financial fraud kill chain” that moves to quickly freeze funds and recall a wire transfer if they are alerted without delay.
Noting the explosion in BEC complaints nationally, Doyle said the nature of cybercrime is changing. More than $1.2 billion in losses were attributed last year to just on compromised business email scams.
“It dwarfs everything else,” the FBI agent said — far more than the $362 million lost to victims in confidence or romance fraud.
Yet while ransomware complaints do not top the list of cybercrime complaints, Doyle suspects what happened in Newark may be happening more than is being reported to authorities. How the money is taken has also morphed, he added, with the use of “money mules” in the United States who act — sometimes unwittingly — as a go-between, so that suspicions are not raised by having money directly wired overseas.
“It used to be jumping out of the country immediately,” Doyle said. Now, potential victims might think it suspicious to be told to send money to an account in Hong Kong. These days, money may be wired through a series of destination points before in lands in somebody’s pocket.
Last November, two Iranian men were indicted in connection with an international wave of ransomware attacks that shut down Newark’s computer systems, and led to the city’s payment of $30,000 to regain control of the city’s electronic files. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri where charged with running what officials called “an extreme form of 21st century digital blackmail.”
Both men remain at large.
Doyle said cybercrime is still far more likely to target big companies than town hall. Usually municipalities don’t have that kind of money. There’s no revenue stream.
Still, the problem for local government is growing, officials here say.
David N. Grubb, executive director of the Municipal Excess Liability Joint Insurance Fund in Parsippany, said the impact is not insignificant.
“When a municipality gets hit by one of these things, can’t quantify the disruption that occurs. There are things that can’t happen when you are trying to get the system up and running. There is a reputational cost,” he said. It can get residents quite upset.“
A spokeswoman for Newark said the city has made numerous changes and improvements to defend against similar attacks, including improvements to infrastructure, training as well as following professional recommendations that identified security gaps.
“While no amount of preparation protects any organization 100%, the city is in a much better position to thwart similar events,” said the spokeswoman, Crystal Rosa.
At the same time, she said the city is constantly being being targeted.
“Measures put in place, actions following the prior ransomware event, have identified attempts and been successful to date from any in-depth intrusion,” she said.
With three dozen or more New Jersey municipalities the victims of successful hacker attacks in just the last two years, Pfeiffer said local officials are paying more attention, and like Newark, said that the electronic systems of every municipality in the state are under attack daily. Most municipalities now have cyber insurance, he added.
But technology requires management, and that requires time and money.
“There are two things you cannot be without in managing technology,” he said. “You have to have somebody you trust advising you on technology. And you have to have a sound backup plan.”
Ted Sherman may be reached at firstname.lastname@example.org. Follow him on Twitter @TedShermanSL. Facebook: @TedSherman.reporter. Find NJ.com on Facebook.
Have a tip? Tell us. nj.com/tips
Get the latest updates right in your inbox. Subscribe to NJ.com’s newsletters.
View full post on National Cyber Security
Source: National Cyber Security News
Where has the time gone? February is almost over, and already we’ve seen several major vulnerabilities and hacks this year! As we head further into what’s sure to be another busy year for cybersecurity, it’s important to take a step back and examine how we got here.
For nearly four decades, cyber criminals have been exploiting the latest and greatest technology for fun, profit and power. In that time, the word “hacker” has taken on many meanings. At first, it referred to mischievous young techies looking to build a reputation on the internet, but it has since become a worldwide title for data thieves, malicious online “entrepreneurs” and geopolitical operatives. The threats and tactics that hackers use have evolved, too – from small-time scams to dangerous worms and earth-shaking breaches.
As a result, the security industry has been in game of “cyber cat and mouse” for the better part of a half-century, looking to evolve security technology to thwart the constant evolution in malware and techniques used by sophisticated threat actors.
Let’s take a look back at the past four decades to assess the most notorious hacks in each era, why they mattered, and how the security industry responded.
View full post on National Cyber Security Ventures
Source: National Cyber Security News
The second day of Mobile World Congress kicked off with talks on three emerging technology areas: 5G, next-gen cybersecurity, and what it means to stay agile and innovative in a rapidly changing world
On stage here, McAfee CEO Christopher Young walked up to an Amazon Echo speaker to debut the McAfee Secure Home Platform Skill with a simple command: “Alexa, launch McAfee.”
The connected device ecosystem has surpassed the world’s population as hard-to-secure devices like smart refrigerators, televisions, and lightbulbs proliferate within the home, Young said. He ran down a greatest hits of recent exploits—from WannaCry and the Mirai botnet to Meltdown and Spectre—and argued that these threats will never truly go away.
“Attacks are increasing in complexity and scale. No attack ever goes away, instead it morphs and evolves over time. WannaCry looked like a ransomware attack, but it was also a worm taking advantage of a specific exploit that drove chaos across the public and private sectors and was eventually attributed to a nation-state,” said Young. “We’ve also already started to see connected devices weaponized out in the ecosystem. 2016 saw Mirai, the largest DDoS attack ever levied against [DNS provider] Dyn. That same botnet is alive and well today, and attacking a new device right now every six minutes, adding to its botnet armies.
View full post on National Cyber Security Ventures