Reposted from The Globe and Mail

In 2018, hackers stole 10 gigabytes of data from a Las Vegas casino by compromising a smart thermometer in a fish tank. More than just a source of “phishing” puns, the aquarium breach shows the increasing ingenuity of cyber criminals – and serves as a warning to small- and medium-sized enterprises (SMEs) that might think cybersecurity is only something the big firms need to worry about.

“Your small business can really be a target,” says Paul Furtado, an Ontario-based senior analyst with Gartner Inc., an information-technology research-and-advisory company. He says the more connected our technology becomes, the greater the risk that a humble downstream supplier could find itself in the middle of a serious cyberheist.

“If I’m an agenda-driven hacker or a hacktivist or a nation state, I’m not going to go after the Department of Defence, for example, because chances are they’ve got a very robust cybersecurity program in place,” Mr. Furtado says. “But if Bob and Mary’s Nut and Bolt Shop is a trusted supplier to a company that assembles the frames for military vehicles that they sell to the Department of Defense, I’m going to see how deep I can go through their system to connect ultimately into the Department of Defence.”

SMEs are increasingly becoming targets of cybercrime. Daniel Tobok, a cybersecurity expert who advises corporations globally, says the past 15 months have seen “an explosion” of occurrences of two particular criminal tactics that offer a huge return on investment for criminals. The first is ransomware – malicious software that blocks companies from accessing their own systems until a ransom is paid. A 2018 report by IT company Datto found that Canadian companies face both the highest average ransom cost ($8,764) and the highest cost of downtime per ransomware attack ($65,724). The second type of attack, business e-mail compromise (BEC), uses a company’s own e-mail accounts to defraud employees or customers. In 2018, the Canadian Anti-Fraud Centre received BEC-related reports totalling more than $17-million in losses.

“It’s a real epidemic,” Mr. Tobok says. “Twenty years ago, the big criminals were really only interested in government and bankers and banking associations, because they held a lot of meaty things that they could monetize quickly. But as those enterprises grew more educated and more secure, SMEs are one of the biggest attack vectors for cybercriminals and state-sponsored attacks, because smaller enterprises are not as mature when it comes to their security. Everybody understands they need a roof and a door, but not everybody knows you have to have an alarm and a hungry German shepherd protecting their property.”

Corinne Pohlmann, senior vice-president of National Affairs and Partnerships for the Canadian Federation of Independent Business (CFIB), says many SMEs don’t have adequate cyberprotection in place, simply because they don’t know they need it.

“That’s the biggest challenge,” she says. “Many small and medium enterprises just don’t realize how vulnerable they may be.”

Ms. Pohlmann recommends that SMEs conduct a risk-exposure survey. In addition to identifying their role in supply-chain security, businesses should also look at what data they’re collecting and educate themselves about its street value.

Large data breaches of big companies make headlines – but an unprotected small customer database is equally worth a hacker’s time. According to Symantec’s Internet Security Threat report, just a name or birthday can be worth up to $1.50 on the black market. A scanned passport or driver’s license can command up to $35, and a full ID package (name, address, social insurance number, e-mail address and bank account number) can go for up to $100.

“Any small business that collects electronic customer data, even if it’s Joe Smith’s hardware store, could have hundreds and thousands of names in there,” says Gartner’s Mr. Furtado. “And that makes them a really good target.”

Once an SME knows what it needs to protect, Mr. Furtado recommends engaging the services of a managed security-service provider or a managed detection-and-response provider to help identify their gaps.

“It’s not that SMEs face special threats,” he says. “The challenge is that they usually don’t have the resources in place [to] know how to protect themselves. They need somebody to identify where the gaps are and what resources they need to bring in to fill those gaps.”

In addition to keeping security technology current, CFIB’s Ms. Pohlmann urges business owners to stay educated about the latest scams – and to train their employees to recognize and take protective action against ransomware, BECs and other risks. The CFIB recommends resources such as the Competition Bureau of Canada’s Little Black Book of Scams, which details current cyberfraud tactics.

Fifteen or 20 years ago, says Mr. Tobok, most cyber attacks were “brute force” attempts to compromise IT infrastructure. He now estimates that around 80 per cent of cybercrimes rely on human error, such as tricking someone into sharing sensitive information.

“Bad guys today are attacking people more than attacking infrastructure, because IT and digital security have evolved a lot faster than people’s education and maturity level,” he says. “After a company is breached, we often hear, for example, that it was Suzy in administration who clicked the phishing link that took the whole company down. I always ask the question ‘Did anybody actually train Suzy [on best cybersecurity practices] before pointing the finger at her?’

“We always train our kids to not talk to strangers,” Mr. Tobok says. “Now we’ve got to do the same thing in the workplace, because people don’t understand the danger.”

See Original Post

Reposted from BBC

The email came in like any other, from the company chief executive to his finance officer.

"Hey, the deal is done. Please wire $8m to this account to finalise the acquisition ASAP. Needs to be done before the end of the day. Thanks."

The employee thought nothing of it and sent the funds over, ticking it off his list of jobs before heading home.

But alarm bells started to ring when the company that was being acquired called to ask why it had not received the money.

An investigation began - $8m was most definitely sent, but where to?

We will never know.

Some of the money was clawed back by the banks, but most was lost to hackers who may have cashed out using an elaborate money-laundering network or simply moved on to the next victim.

Meanwhile, the finance officer is left feeling terrible and the company is left scratching its head.

After all, the email had come ostensibly from the boss's address and his account had not been hacked.

It was left to cyber-security experts to break the bad news to the firm: emails are not to be trusted.

CEO Fraud

This is a real-life example of a cyber-attack known as Business Email Compromise, or CEO Fraud.

The attacks are relatively low-tech and rely more on social engineering and trickery than traditional hacking.

Cyber-criminals simply spoof the email address of a company executive and send a convincing request to an unsuspecting employee.

The message looks just as though it has come from the boss - but it has been sent by an imposter.

There is usually a sense of urgency to the order, and the employee simply does as they are told - maybe sending vast amounts of money to criminals by mistake.

These scams are on the rise and according to the FBI in the US, they have resulted in worldwide losses of at least $26bn (£21bn) since 2016.

Earlier this month, 281 suspected hackers were arrested in 10 different countries as part of a massive takedown operation of global cyber-crime networks based on the scams.

Ryan Kalember, executive vice-president of cyber-security strategy at Proofpoint, said: "Business Email Compromise (BEC) is the most expensive problem in all of cyber-security. There is not a single other form of cyber-crime that has the same degree of scope in terms of money lost."

Proofpoint was appointed to deal with the CEO Fraud incident described in this article.

Mr Kalember and his team have seen the tactics evolve during the past year and have some interesting observations and warnings for potential victims.

Non-executive targets

The traditional targets for BEC attack are the "C-suite" figures of major companies, such as chief executive officers or chief finance officers.

But recently, criminals have been going for lower-hanging fruit.

"The 'very attacked people' we now see are actually rarely VIPs. Victims tend to have readily searchable emails or easily guessable shared addresses.

"VIPs, as a rule, tend to be less exposed as organisations are generally doing a fairly good job of protecting VIP email addresses now," Mr Kalember added.

The trend has also been noticed by cyber-security company Cofense.

In some cases, employees' emails are spoofed and the attacker asks the human-resources departments to send a victim's wages to a new bank account.

"A smaller but much wider reward system will be a deliberate attempt to fly below the radar to target financial processes that are likely to have weaker controls, yet still produce attractive returns," said Dave Mount, from Cofense.

Monday warning

Another method being seen more regularly is scam emails sent on Monday morning.

According to Proofpoint, more than 30% of BEC emails are delivered on Mondays as hackers try to capitalise on weekend backlogs.

They hope "social jetlag" will mean employees are more easily fooled by fake emails and other social-engineering tricks.

"Attackers know how people and offices work. They depend on people making mistakes and have a lot of experience with what works. This is not a technical vulnerability, it's about human error," said Mr Kalember.

Fake Forward

Fake email threads are part of another technique that has evolved.

Attackers start the subject lines of their emails with "Re:" or "Fwd:" to make it look like their message is part of a previous conversation.

In some cases, they even include a bogus email history to establish apparent legitimacy.

According to researchers, fraud attempts that use this technique have increased by more than 50% year-over-year.

Mr Kalember says all these trends follow a predictable pattern based on our own behaviour.

"One of the reasons why this is a particularly difficult problem to stamp out is that it relies on the systemic risk of all of us trusting email as a means of communication," he said.

Unfortunately for businesses and unwitting employees, BEC is unlikely to go away.

Email spoofing is technically very simple, and free-to-use online services offer a low barrier to entry.

But there are lots of things companies and employees can do - including being vigilant and aware of the attacks.

Companies could insist on so-called two-factor verification before a payment is sent.

All of this, of course, relies on people taking a step back from what is often strived for in the workplace - speed and efficiency.

See Original Post

Reposted from CNN Business

The shooter was a man: bald, wearing pants and a button-down shirt, standing in front of me in an office break room, firing a gun.

Shots rang in my ears. A heartbeat thump-thumped around me. A high-pitched noise made it hard for me to think. Seconds later, I heard rapid breathing sounds.

I had to find a way out. I made my way to a tall glass window and decided to smash it. Then I yanked off my virtual-reality headset and took a deep breath.

It was a virtual experience — not even that high-tech, as far as VR goes, and only about 15 minutes long — but it felt distressingly real.

Created by two Seattle-based companies — VR video platform and training startup Pixvana along with tactical training company Alexo — the experience was announced this month with the goal of helping companies prepare their employees for an active-shooter scenario. 

According to Pixvana, the first company to try it out was Vulcan, the investment firm of deceased Microsoft (MSFT) co-founder Paul Allen. Vulcan, which is based in Seattle, declined to comment about the training. Pixvana is currently talking to a hospital system that wants it to build specific hospital scenes for its active-shooter training.

If this VR experience sounds jarring enough that it could leave a lasting dent in your memory, that's kind of the point.

"What we're trying to do is a long-term memory effect they can call upon should they find themselves in a violent situation," Alexo founder Drew Hancock, who's also a Seattle police officer and SWAT leader, told CNN Business. But he believes the experience stops short of being traumatic. Instead, Hancock said it is trying to create "somewhat of a stimulus" among viewers, without featuring anything graphic.

The active shooter response training experience is the latest example of companies using VR to train workers for all kinds of on-the-job situations — a hot application for technology that has otherwise seen slow adoption. Walmart (WMT) is using it to prep its employees for Black Friday. Numerous sports teams, especially in the NFL, use VR for realistic off-the-field training. And Seabourn, a cruise line, uses Pixvana to train new waiters on table locations in their restaurant.

Yet while using VR could help people feel more prepared for a violent encounter, some experts who study shootings cautioned that increasingly realistic scenarios may trigger certain people.

"You've got to realize when you reach out to the public that they're all across the board in what they're prepared to deal with," said Pete Blair, a criminal justice professor at Texas State University and executive director of the school's Advanced Law Enforcement Rapid Response Training Center.

Finding the right amount of fear

While the solution may be a matter of some debate, the problem is strikingly clear. There were 337 mass shootings — defined as at least four people shot or killed on the same occasion, excluding the shooter — in the US in 2018, according to the nonprofit Gun Violence Archive. That number has already topped 300 this year, as of late September.

Many experts in tactical training, including the FBI, believe training for shootings in particular can be helpful. An FBI study of active shooters from 2000 to 2013 noted that even when police were able to get to the scene of the crime in minutes, "civilians often had to make life and death decisions, and, therefore, should be engaged in training and discussions on decisions they may face."

Training for such situations in VR does force people to pay more attention than they would to, say, a lecture and a PowerPoint presentation, if only because you can't check your phone while you've got a headset on your face. And Pixvana isn't the only one suggesting VR training for dealing with gun violence. The US Department of Homeland Security offers a free, video-game-like program called the Enhanced Dynamic Geo-Social Environment (also known as EDGE) for training first responders and school staffers.

By using 360-degree video, Pixvana's approach is more realistic looking. It starts with Hancock instructing you, in VR, on how to deal with a shooter and then drops you into violent scenarios. To make you feel somewhat like you're in the midst of a real active-shooter scenario, the training uses sounds and scenes such as the office and an outdoor plaza.

To tone it down a bit, the lone male shooter is a static figure, rendered in red with a white outline. Brightly colored indicators peppered around the office help give you ideas about what items might work as weapons (a toaster or a bottle, for instance), and what may be your best paths for escape.

"You don't want people so scared that they're not remembering what they're learning," said Rachel Lanham, Pixvana's chief operating officer. "That's not the point."

A $3 billion industry

Pixvana is tapping into what Jillian Peterson, a psychologist and an assistant professor at Hamline University who studies the psychology of criminology, estimates is about a $3 billion industry at the moment. Companies are now coming up with all kinds of technologies and techniques to train people to respond to shootings.

But while there may be a large market for such services, Peterson is concerned that they're not just helping innocent bystanders learn how to cope with a shooting at work or at school: they're also training the very people who could be perpetrators. She said research indicates that about 90% of school or workplace shootings are committed by former students or employees. 

It also makes Peterson nervous to put people through simulations in virtual reality in case it triggers a fascination or interest in shootings that wasn't there previously. "If you're suicidal, and you're in crisis, and you have a trauma background, and you have access to weapons, this sort of rehearsal could be problematic," she said.

Pixvana didn't consult with mental health professionals such as psychologists before creating the training, Lanham said.

Hancock does think that if someone previously had a traumatic life experience it could trigger them. He also feels the training should be voluntary and limited to adults, though he can envision it being used by high schoolers.

See Original Post

Reposted from ABCNews

The Department of Homeland Security has announced a "compelling and urgent" framework to combat violent white supremacy.

DHS said the agency hopes to provide an annual state of the Homeland Threat Assessment, which "evaluates the strategic threat environment within the Homeland related to terrorism and targeted violence," according to the report. 

"We continue to see violent attacks based on hateful ideology," acting Secretary Kevin McAleenan said on Friday in announcing the new strategy, the first of its kind. "The continuing menace of racially based violent extremism, particularly white supremacist extremism, is an abhorrent affront to our nation, the struggle and unity of its diverse population, and the core values of both our society and our department."

The department is looking for a "balanced" approach to combating domestic and foreign actors, and McAleenan said, according to the report, the agency will be deploying some of the same tactics against both groups.

The report specifically outlines domestic terrorism, which DHS defines as "a phrase typically used to denote terrorists who are not directed or inspired by" foreign terror organizations. Domestic terrorists, at least recently, have killed more Americans than foreign terrorists.

The report also noted that, similar to radical Islamists, violent white supremacist extremists "connect with like-minded individuals online."

John Cohen, a former DHS undersecretary and an ABC News contributor, said the department's strategy understands that many violent attacks in the U.S. "are being conducted primarily by native-born individuals."

But Cohen also said the administration needs to acknowledge its own role in the problem, including the fact that words "used by the president and the administration are the same words used by white supremacist thought leaders."

"Law enforcement officers believe his words incite violent acts by white supremacists," said Cohen, referring to President Donald Trump.

Vice President Joe Biden said while on the campaign trail that the President has "fanned the flames" of white supremacy. Trump disagrees.

In a speech just after the El Paso,Texas, shooting that left 22 dead, the president condemned white supremacists and defended himself against such accusations.

"In one voice, our nation must condemn racism, bigotry and white supremacy," Trump said. "These sinister ideologies must be defeated. Hate has no place in America."

See Original Post

Reposted from ZDNet

Nearly all successful email-based cyberattacks require the target to open files, click on links, or carry out some other action.

While a tiny fraction of attacks rely on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.

The finding comes from Proofpoint's Annual Human Factor Report, a paper based on 18 months of data collected from the cybersecurity company's customers.

Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It's often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.

This social engineering is the key element in conducting campaigns: the report even states that attackers are mimicking the routines of businesses to ensure the best chance of success. 

For example, a user might be suspicious of an email claiming to come from a colleague that arrived in the middle of the night, but one which arrives in the middle of the working day is more likely to be treated as a legitimate email, with the potential for the victim to accidentally set the ball rolling for an attack.

Phishing is one of the cheapest, easiest cyberattacks for criminals to deploy – but the reason it remains a cornerstone of hacking campaigns is because, put simply, phishing works.

"Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure," said Kevin Epstein, vice president of threat operations for Proofpoint. 

"More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users," he added.

While many phishing attacks are designed to look highly legitimate, there are ways to identify what could potentially be a malicious attack.

For example, unexpected emails that are based around a sense of urgency could be viewed as suspicious. If a user is in doubt, they could contact the supposed sender of the message to see if it is a legitimate message.

It's also worth noting that cloud service providers like Microsoft and Google won't ask users to click through unexpected links to enter login credentials and other information. If a user is suspicious of a supposed login URL, they can bypass the link by going direct to the provider itself and entering their details there.

Organisations should also ensure that software updates and security patches are regularly applied, so in the case of someone accidentally clicking a link, malware that relies on known vulnerabilities can't operate.

See Original Post

Reposted from NewsHub

If a disease like the Spanish flu emerged today it could kill 80 million people, experts say.

A report from the World Health Organization's (WHO) new Global Preparedness Monitoring Board (GPMB) puts the blame on governments that "quickly forget", climate change and "misinformation" spread by social media - such as hysteria over vaccines - eroding trust in medical professionals and scientists. 

"The world is not prepared for a fast-moving, virulent respiratory pathogen pandemic," the report, published this week, reads.

In 1918, Spanish flu infected a third of the world's population and killed about 50 million people - and that was before people were able to fly anywhere on the planet in under 36 hours.

The report's authors looked at how authorities responded to the 2009 H1N1 influenza pandemic and the 2014-2016 Ebola outbreak, and concluded that despite improvements in treatment since 1918, a similar outbreak now could kill even more, the report says. 

"While disease has always been part of the human experience, a combination of global trends, including insecurity and extreme weather, has heightened the risk," said GPMB co-chairs Gro Harlem Brundtland (former WHO director-general) and Elhadj As Sy, the secretary-general of the International Federation of Red Cross and Red Crescent Societies.

"Disease thrives in disorder and has taken advantage - outbreaks have been on the rise for the past several decades and the spectre of a global health emergency looms large."

A Spanish flu-style outbreak would also have the potential to knock 5 percent off the global economy, but the damage won't be spread out - instead concentrated on poorer countries.

"Outbreaks hit lower-resourced communities much harder given their lack of access to basic health services, clean water and sanitation; this will aggravate the spread of any infectious pathogen," said Dr Brundtland and Sy.

"Disease amplifiers, including population growth and resulting strains on the environment, climate change, dense urbanisation, exponential increases in international travel and migration, both forced and voluntary, increase the risk for everyone, everywhere."

A virus would be even deadlier if it was deliberately released, the report says. Anthrax bio-terrorism is noted as a "deliberately emerging" risk in the US.

"In addition to the need to decide how to counter the pathogen, security measures would come into play limiting information-sharing and fomenting social divisions."

Measles outbreaks have increased in recent years, and the WHO recently declared anti-vaxxers - people opposed to vaccines for unscientific or fraudulent reasons - as one of the top 10 threats to global health. 

"Trust in institutions is eroding," the report says. "Governments, scientists, the media, public health, health systems and health workers in many countries are facing a breakdown in public trust that is threatening their ability to function effectively. The situation is exacerbated by misinformation that can hinder disease control communicated quickly and widely via social media."

New Zealand is noted in the report as being unlikely to suffer too much economically in the event of an outbreak, along with the US, Canada, Europe, Saudi Arabia, Oman, Japan, Chile and Uruguay. 

The Spanish flu was so deadly because it turned the body's immune system against its host. This resulted in massive death tolls among young adults - those with the strongest immune systems - unlike most diseases, which typically hit children and the elderly hardest. 

No one knows where it originated - it got the name 'Spanish flu' because reports of its spread across most of Europe and the US were censored to keep wartime morale up. Papers were free to report on its spread in neutral Spain, however.

The closest example given in the new report of a newly emerging disease in our part of the world is Australia's Hendra virus, which mainly infects fruit bats and horses, but can make the leap to humans. 

"For too long, we have allowed a cycle of panic and neglect when it comes to pandemics: we ramp up efforts when there is a serious threat, then quickly forget about them when the threat subsides," said Dr Brundtland and Sy.

"It is well past time to act."

See Original Post

Reposted from Campus Security & Life Safety

A series of new measures to make students feel safer at night are being implemented by Syracuse University.

One of those measures include the hiring of five trained and licensed guards to escort students from 10:30 p.m. to 3:30 a.m. from Thursday to Saturday, according to a SU News release.

Students who are walking alone can call to get an escort to walk with them at night. When they are not escorting students, they will be stationed along Euclid Avenue, Marshall Street and Walnut Park.

The Daily Orange reported after an assault on students of color late one night in February, students came together to propose safety measures the university could implement.

The attack occurred off campus on Ackerman Avenue.

Additionally, the university will now offer two additional shuttle vans for students on or near campus during the hours of 9 p.m. to 7 a.m.

The vans are free of charge if students have a university ID.

The vans do not coincide with the Centro buses’ hours of operations.

The university announced Wednesday it is also working to add new security cameras in places that are near campus. At this time, the locations have not been announced, according to The Daily Orange.

See Original Post

Reposted from ICE.gov

U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) New York, with the assistance of HSI’s attaché office in London and London’s Metropolitan Police Service, kicked off the first meeting of the Virtual Global Cultural Property Task Force (VGCPTF).  This taskforce is composed of arts and antiquities investigators from more than a dozen nations, with a nexus to HSI New York’s area of responsibility, who will meet regularly, both virtually and in person, to conduct joint training exercises to develop and enhance antiquities investigations.  The VGCPTF initiative will also promote and support cross-training programs to expose foreign law enforcement to U.S. investigative and prosecutorial procedures and vice versa, increasing detection, seizures and repatriations of looted and trafficked antiquities to their rightful owners.  HSI New York will work closely in this effort with U.S. Customs and Border Protection (CBP) at the airports and seaports, and through CBP’s National Targeting Center in Washington D.C.

“U.S. Customs and Border Protection (CBP) is extremely proud to play an important role in the Virtual Global Cultural Property Task Force (VGCPTF),” said Troy Miller, director of New York field operations.  “CBP will work with Homeland Security Investigations and our international partners to demonstrate its law-enforcement resolve in addressing the illegal trafficking of stolen artifacts.” 

“The Metropolitan Police’s Art and Antiques Unit is committed to tackling cultural heritage crime in London - Europe’s largest market - and values the opportunity to strengthen ties with international law enforcement agencies. Investigating and repatriating stolen and trafficked antiquities to their rightful owners is a complex matter and can only be achieved successfully through close collaboration with partners across the globe,” said Detective Chief Inspector Tim Wright, Metropolitan Police’s Central Specialist Crime Command.

With the task force, HSI New York’s Cultural Property, Arts and Antiquities Unit, dedicated to cultural property investigations in the New York area, is now able to establish real-time information sharing on global, multi-jurisdictional criminal investigations and build upon existing relationships with domestic and international partners. Through these efforts the VGCPTF will be able to develop evidence in each respective nation to identify and prosecute the network of looters/thieves, brokers, shippers, dealers, and end purchasers of illicit art and antiquities.  The enhanced operational abilities of this initiative will support the efforts of HSI’s Cultural Property, Art and Antiquities (CPAA) program, a member of the congressionally mandated Cultural Antiquities Task Force. HSI CPAA takes an expanded approach to collaborating with cultural property professionals in local governments, museums, and auction houses; to protect, recover, and restore cultural antiquities and worldwide sites as part of a whole-of-government approach to combatting cultural property trafficking.

HSI is the investigative arm for the U.S. Department of Homeland Security and plays a leading role in criminal investigations that involve the illicit distribution of cultural property, as well as the illegal trafficking of artwork, specializing in recovering works that have been reported lost or stolen. HSI’s International Operations, through its 77 offices in 51 countries, works closely with foreign governments to conduct joint investigations.

Despite increasingly aggressive enforcement efforts to prevent the theft of cultural heritage and other antiquities, the illicit movement of such items across international borders continues to challenge global law enforcement efforts to reduce the trafficking of such property.  Trafficking in antiquities is estimated to be a multi-billion dollar transnational criminal enterprise. 

HSI is committed to pursuing a strategy to combat transnational organized crime related to the illicit trafficking of cultural artifacts by targeting high priority organizations and strengthening international law enforcement partnerships.  Future meetings and implementing steps identified at the London meeting will include law enforcement in the broader cultural property community.

The public, government and private institutions often aid HSI in identifying, investigating and prosecuting illicitly trafficked cultural property. If you have information about the illicit trade of cultural property or art, call the HSI Tip Line, 1-866-DHS-2-ICE or report tips online.  For information specific to the New York area, email HSINYTRADE@ice.dhs.gov.

See Original Post

Reposted from Security Management

​It was not an ideal scenario. Over the course of 12 days in March, cyber actors launched an attack against the City of Atlanta and succeeded in infecting its systems with ransomware.

Iranians Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri allegedly coordinated to carry out a SamSam ransomware campaign on the city. Their efforts caused roughly 3,789 computers to be infected with ransomware—encrypting the data they stored, disrupting systems they operated, and demanding payment to have the data and services returned to normal.

The malicious actors also gave Atlanta options to decrypt their data—0.8 Bitcoin per computer or 6 Bitcoin to decrypt all affected computers, roughly $50,000.

“The ransom note directed the City of Atlanta to a particular Bitcoin address to pay the ransom and supplied a Web domain that was only accessible using a TOR browser; the note suggested that the City of Atlanta could download the decryption key from that website,” according to the U.S. Department of Justice (DOJ). “In the days following the attack, the webpage that purportedly contained the decryption key became inaccessible, and the City of Atlanta did not pay the ransom.”

Instead, the city worked with local law enforcement, the FBI, and the U.S. Secret Service to respond to the incident and restore its systems—an effort that cost roughly $2.6 million, according to a WIRED analysis.

“The bulk of the expenditures relate to incident response and digital forensics, extra staffing, and Microsoft Cloud infrastructure expertise, presumably all related to clawing back the systems that the hackers had frozen,” WIRED found through the Atlanta Department of Procurement.

The DOJ later charged Savandi and Mansouri with intentional damage to protected computers, one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer, and two substantive counts of transmitting a demand in relation to damaging a protected computer. They remain at large and their motive remains unclear.

Just over a year later, on 7 May 2019, the City of Baltimore was also hit with a ransomware attack that crippled the city’s roughly 7,000 users. The ransomware, known as “Robbinhood,” demanded 13 Bitcoin—approximately $100,000—to decrypt the data it held hostage.

Baltimore, like Atlanta, did not pay the ransom. In a fact sheet, the city explained that the FBI and Secret Service had advised it against paying the ransom. The city also added that, if it paid the ransom, there was no guarantee that it would get its data back, know for sure who the payment would go to, and uncover if there was other malware on its systems that could be used against Baltimore in the future.

Instead, under the direction of newly sworn-in Mayor Bernard C. “Jack” Young, Baltimore began the painstaking process of restoring its systems and working with law enforcement to investigate the attack. This effort has cost nearly $18.2 million so far, according to The Baltimore Sun.

“As part of our containment strategy, we deployed enhanced monitoring tools throughout our network to gain additional visibility,” Young said in a statement. “As you can imagine, with approximately 7,000 users, this takes time. Some of the restoration efforts also require that we rebuild certain systems to make sure that when we restore business functions, we are doing so in a secure manner.”

This is critical because municipalities seem to increasingly be targets for ransomware. Previously, malicious actors targeted healthcare institutions—which are particularly vulnerable to ransomware due to the value of the data they keep on record and the need to make that data readily available for life-saving measures.

For the second straight year, the 2019 Data Breach Investigations Report by Verizon found that “70 percent of all malware outbreaks” in the healthcare vertical were ransomware incidents. U.S. regulatory requirements mandate that healthcare organizations must treat ransomware like a confirmed data breach, so they are required to disclose them.

Now that Atlanta, Baltimore, and, as of Security Management’s press time, three cities in Florida have been hit by ransomware, it appears that attackers are pivoting towards municipalities for payouts based on their success in targeting the healthcare industry.

In a column for The Washington Post, Tyler Moore, associate professor of cybersecurity at Tandy School of Computer Science at the University of Tulsa, wrote that “system downtime” for hospitals is expensive and can have catastrophic consequences.

“Municipal governments are also expected to provide reliable services without downtime,” he explained. “IT budgets in government, at all levels, are usually tight. Governments operate on procurement cycles that are often out of step with the pace of IT innovation. In the marketplace battle for talent, governments struggle to offer competitive pay for IT professionals. Consequently, municipal-government computer systems tend to be old, and basic cyber hygiene is often neglected.”

When municipalities are hit with ransomware, they’re faced with a tough choice—pay the ransom or spend vast sums of resources to restore their systems. And if cities decide to pay the ransom, they could be funding future iterations of ransomware that are more damaging, says Craig Williams, Cisco’s director of Talos Outreach.

“Ransomware has been around since 1987 but did not see explosive growth until the invention of cryptocurrency and networks like TOR,” Williams explains. “These innovations made the ability to decrypt machines and accept payment relatively safe. Since that time, we have only continued to see things evolve like ransomware worms and wiper malware.”

In addition to funding future developments of ransomware, payments could also wind up in the hands of nation-states or terrorists—who could use them for malicious purposes.

“The source of the Baltimore attack isn’t known yet, but others’ perpetrators are known—for instance, U.S. intelligence agencies have identified North Korea as the source of some attacks,” Moore explained.

For example, the DOJ charged and sanctioned Park Jin Hyok, part of the North Korean Lazarus Group of hackers, for the WannaCry ransomware attack. Hyok was also charged for his alleged involvement in the 2014 cyberattack on Sony Corp.

Organizations also need to be cautious if they hire a data recovery firm in the wake of a ransomware attack. A recent ProPublica analysis found that two U.S. data recovery firms—Proven Data and MonsterCloud—paid ransoms to recover data and charged victims for it, without disclosing it to their clients. Other data recovery firms openly admitted that they paid ransoms to recover client data.

“The payments underscore the lack of other options for individuals and businesses devastated by ransomware, the failure of law enforcement to catch or deter the hackers, and the moral quandary of whether paying ransoms encourages extortion,” ProPublica wrote. “Since some victims are public agencies or receive government funding, taxpayer money may end up in the hands of cyber criminals in countries hostile to the U.S., such as Russia and Iran.”

To protect themselves from a similar situation, Williams says he recommends organizations consider data recovery firms with extensive experience recovering ransomed data for similar organizations.

But he cautions that “there is no one-size-fits-all solution for recovery from ransomware. Organizations must balance their priorities and make the best decision in their particular case.”

And because municipalities are likely to be targeted in the future, Williams says those that haven’t been hit yet should design their network defenses with multiple layers to protect their crown jewels.

“If you can’t patch, for example, make sure things are as segmented as possible,” he explains. “Make sure endpoint protection is deployed and active, and make sure best practices—like two-factor authentication—are being followed.”

See Original Post

Reposted from The Local France

An attacker wielding a utility knife has badly damaged a work by the celebrated French conceptual artist Daniel Buren at the Pompidou Centre in central Paris, the museum said on Friday.

The work, "Peinture [Manifestation 3]", suffered "serious deliberate damage" in Thursday afternoon's attack by the man, the museum said in a statement.

It said that a museum attendant alerted security, and video cameras allowed the rapid finding of the suspect. "He made no claim (over the attack) and was handed over to the police," it said.

An investigation has been opened by the judicial authorities after the museum filed a complaint to police.

The artist, 81, has been informed of the incident and the work itself transferred to the stores of the Pompidou Centre to estimate the damage and restoration needed.

It will be replaced on public display by another work from the artist.

The Pompidou Centre said it understood the suspect was no longer in detention and had been transferred to a psychiatric unit.

"Peinture [Manifestation 3]" was created by Buren in 1967 and shows red and white stripes. It was purchased for the museum's collection in 1986.

Buren is perhaps best known for the succession of black-and-white columns he inlaid into the inner courtyard of the Palais Royal complex in central Paris in a hugely controversial installation that opened in 1986.

The damage to the work comes just over a week after a stencilled work by the elusive British street artist Banksy was stolen from outside the Pompidou Centre.

The Pompidou, which houses Europe's biggest collection of contemporary art but does not own the Banksy work, filed a police complaint for destruction of property.

See Original Post