Category: America

According to a recent study by Kiteworks, a security and compliance firm, Colorado has emerged as the most vulnerable state in North America to Business Email Compromise (BEC) attacks. The study assessed various factors including financial losses, the number of victims, organizational size, reputational damage, and the types of cyber-attacks experienced.

The findings reveal that Colorado is particularly susceptible to cybercrime, followed by Missouri, Florida, Virginia, Nevada, California, and New York. These states have been experiencing a gradual increase in cyber-attacks, with Nevada and New York seeing a troubling rise in AI-driven automated threats.

Another security firm, eSentire, supports Kiteworks’ assessment, attributing Colorado’s high vulnerability partly to its aging population. However, eSentire also notes that a lack of awareness about the evolving cyber threat landscape is a significant factor contributing to the state’s susceptibility.

A study by SecureWorks highlights the severe financial impact of BEC attacks, estimating that they caused $1.7 billion in losses to the US economy in 2020. This period coincided with the peak of the COVID-19 pandemic, which led to widespread remote work and, consequently, an increase in cyber-attacks.

Data breaches continue to be a major concern for American executives, often attributed to human error and misconfigurations in cloud environments that result in accidental data leaks or unauthorized access.

To mitigate these risks, it is crucial for businesses to prioritize staff training, enforce strict security policies, and allocate more resources to bolster their cybersecurity defenses. Investing in endpoint detection tools and other automated threat-response technologies can help organizations manage and contain cyber threats more effectively.

The post List of vulnerable states in America that are vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.

Nexperia, a leading manufacturer of silicon-based processors, recently fell victim to a ransomware attack, potentially exposing sensitive information to cybercriminals. The Netherlands-based company, which receives official funding from China, experienced a file-encrypting malware assault on April 12, 2024, impacting its production servers.

The attack, attributed to a newly emerged ransomware group called Dunghill Group, purportedly compromised Nexperia’s servers, exfiltrating over 1TB of data. Among the stolen information are chip designs, research and development data, employee personal details, and customer information, including data from prominent clients such as Huawei, SpaceX, and Apple Inc.

In response, Nexperia has initiated a data recovery process, leveraging an effective in-house business continuity plan. The company has also notified law enforcement authorities to investigate the incident of data theft.

Meanwhile, security researcher Allison Nixon of Unit 221B has uncovered concerning trends regarding ransomware attacks targeting American businesses. Nixon asserts that many of these attacks are orchestrated by a youthful criminal collective known as Scattered Spider, responsible for infiltrating the servers of major entities like Microsoft, Nvidia, and Electronic Arts.

According to Nixon, Scattered Spider operates within a larger community of cybercriminals, predominantly young hackers from America, collectively self-identified as “The Com.” Allegedly, this group is affiliated with Russian intelligence or the Kremlin.

The Com purportedly comprises hundreds of English-speaking individuals, recruited and trained by various hacking syndicates specializing in ransomware and malware dissemination.

This intricate network poses a formidable challenge for law enforcement agencies, as its members possess intimate knowledge of American culture, governance, and societal norms. Operating stealthily, they adapt their strategies to evade detection, making apprehension increasingly difficult.

The post Nexperia Ransomware attack and some details about American hackers spreading ransomware appeared first on Cybersecurity Insiders.

Third-party cyber-attacks remain one of the most significant threats facing organisations across the globe. Most recently, Bank of America, a multinational investment banking and financial services corporation, began notifying customers that a November 2023 hack against one of its service vendors resulted in the exposure of personally identifiable information (PII). 

The breach occurred following a security incident against Infosys McCamish Systems (IMS), a subsidiary of Infosys that provides deferred compensation plan services to Bank of America. According to the IMS notification letter filed with the Maine Attorney General, “On or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications.” 

The notice revealed that while only 57,028 of Bank of America’s millions of customers were directly impacted in the breach, the PII exposed included Social Security Numbers, credit card and account numbers, as well as names, and addresses. An incendiary mix of data—one that could be easily leveraged by threat actors to launch social engineering attacks against any and all of the impacted individuals. 

Then, on November 4th, IMS notified Bank of America that data relating to their customers may have been exposed. The infamous ransomware gang, LockBit, on the same day claimed responsibility for encrypting over 2,000 IMS systems in the attack.  

“Vendor risk is continuing to become more of a concern,” commented Erich Kron, Security Awareness Advocate at KnowBe4. “Bad actors are finding that attacking the large organizations with significant budgets for cybersecurity and data protection can often be less effective than attacking those that process the same information but may not have the same budget to protect it.” 

 

While Kron explained that using third-party vendors isn’t a bad thing on its own, he also pointed out how “it’s critical to ensure that policies and procedures exist related to the protection of any data being shared. Making sure that contracts define what information is being processed and how long it’s been retained is a very important part of this data management with third parties. In addition, information should be limited as much as possible and anonymized whenever it’s an option.” 

 

Interestingly, this is not the first time Bank of America has been impacted by a third-party cyber-attack. In May 2023, Ernst & Young, an accounting firm providing services to the bank, was hacked by the Cl0p ransomware gang by way of the MOVEit file transfer zero-day exploit. In this incident, personal data like SSNs and financial information of Bank of America customers were also exposed.  

The fallout from the MOVEit hack was explosive, impacting mainly third-party vendors and, as a result, their many, varied customers.  

Indeed, Ray Kelly, fellow at the Synopsys Software Integrity Group, said, “[The MOVEit] issue caused massive amounts of stolen data from large organisations and even the US Government. Ensuring the trust chain between organisations, while not a simple task, is essential to protecting consumers’ private information.” 

Hackers have certainly cottoned on to the weakness of third-party, supply-chain vendors. Where big enterprises like Bank of America most likely have mature cybersecurity protocols, vendors like ISM might not prioritise cyber posture like they ought to. But really—they ought to. The malicious moxie of cybercriminals and cybergangs continues to evolve daily. Vendors can no longer neglect cybersecurity experts.  

As Tom Kellermann, SVP of Cyber Strategy at Contrast Security, commented, “By targeting these less secure vendors [cybercriminals] can successfully compromise major banks. The regulators must mandate higher standards of cybersecurity for shared service providers.” 

 

And yet, this doesn’t dissolve organisations like Bank of America from responsibility either. Sure, ISM (and previously, Ernst & Young) were the actual hacked parties, but it was Bank of America customers that were impacted. Did the bank do its due diligence to ensure that data was being handled by vendors in a sophisticated manner? In the wake of these events, the answer is probably no. The question then becomes: how much longer will banks, enterprises, and even government organisations accept lacklustre cybersecurity standards from their vendors? 

 

Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, commented, “Financial institutions, particularly banks, have long been prime targets for cybercriminals due to the vast amount of sensitive information they hold. This breach underscores the need for financial institutions to adopt a proactive approach to cybersecurity, embracing continuous monitoring and threat intelligence capabilities to detect and respond to threats in real-time.”  

 

Al Lakhani, CEO of IDEE, added, “Protecting the supply chain is critical. Especially when they can cause these kinds of attacks. Therefore, relying on first generation MFA that requires two devices and lacks the capability to prevent credential phishing attacks is a non-starter.  

“To fortify supply chains effectively, they must be protected using next-generation MFA solutions, which protect against credential, phishing and password-based attacks, including adversary-in-the-middle attacks by using same device MFA.” 

Darren James, a Senior Product Manager at Specops Software, an Outpost24 company, commented,When outsourcing services to 3rd parties that handle personally identifiable or sensitive information, both for employees and customer, appropriate risk assessments should always be made.”  

 

In fact, James suggested asking the following questions when it comes to risk assessing third parties:  

  

  • Do they regularly scan for breached passwords? 
  • Do they have strong MFA controls in place especially with access to customer data? 
  • Do they scan the internal and external attack surface of their IT systems? Can you see a summary of recent results? 
  • Where is the data held, under what countries jurisdiction, is your data always encrypted in transit and at rest? 
  • What security, backup, disaster recovery policies and procedures do they have in place? 
  • Do they comply with regulatory requirements for your industry? 
  • What guarantees and insurance do they offer if their systems are compromised? 
  • Do they outsource your data to any other parties? 

 

Sean McNee, VP of Research and Data at DomainTools, concluded, “The deeply interconnected nature of running business online generates tremendous value for consumers and business owners alike, but it also fundamentally changes the threat landscape businesses must defend themselves against. Supply chain attacks such as this highlight the unique challenges operating today. Unfortunately, customers end up suffering long term effects from these events.” 

 

“Stay frosty out there,” McNee warned. The best thing consumers can do is to stay vigilant, alert, and proactive. And—if you are one of the impacted — make sure to take advantage of that free credit monitoring service. 

 

 

The post Cyber gaps in the supply chain — Bank of America breached in another vendor cyberattack first appeared on IT Security Guru.

The post Cyber gaps in the supply chain — Bank of America breached in another vendor cyberattack appeared first on IT Security Guru.

The Biden Administration, responding to requests from various think tanks, has implemented a ban on the utilization of resources from U.S. Cloud Companies by China for AI training purposes. This mirrors a similar move made by China under the leadership of Xi Jinping since October 2023.

Commerce Secretary Gina Raimondo issued a formal statement, underscoring that U.S.-developed chips will no longer cater to Chinese requests for training their machine learning tools. This decision is rooted in concerns that such collaborations could expose potential vulnerabilities for exploitation by foreign nations and their malicious actors.

To achieve these objectives, the Joe Biden-led government proposed a “Know Your Customer” (KYC) initiative. This requires cloud users to disclose more information about their usage statistics and applications intending to utilize the resources. As part of this scrutiny, all computing power requests linked to China will undergo a review, and suspicious ones will be denied.

Interestingly, the Republican-led government has also imposed a ban on processing chip shipments to countries like Russia, China, and North Korea, citing national security concerns. This move could have far-reaching implications for North America’s diplomatic relations with its international counterparts in the long run.

In response to these restrictions, Russia, under Vladimir Putin’s leadership, has officially declared its intention to develop technology without relying on overseas assistance or technological intervention. This includes using Artificial Intelligence in special military operations, such as those undertaken in Ukraine.

Shifting gears, the start of 2024 brings unsettling news for the job industry, as companies initiate layoffs of in-house workers in the AI tech and talent sector. According to a CNBC report, over 20,000 employees were laid off in the first two weeks of January 2024, particularly in the tech industry. Industry analysts predict that this trend of mass layoffs will intensify in May and October of this year, as major firms seek to innovate in the AI sector. For example, Sundar Pichai-led Google has laid off numerous employees in its Assistant segment, especially in the FitBit section. The company aims to enhance efficiency in certain business areas by replacing manual labor with technology.

The post Data Security concerns make US Cloud Companies impose ban on China AI Training appeared first on Cybersecurity Insiders.

Data breaches in the healthcare sector in the United States have become increasingly common, with one in four individuals falling victim to cyberattacks this year, according to a survey. Atlas VPN, an internet security firm, published these alarming statistics in a recent report, revealing that approximately 45 million patients’ data was compromised in the third quarter of 2023 alone, compared to 37 million affected last year.

The US Department of Health and Human Services has also been alerted to this concerning trend, with the study indicating that nearly 43 out of 50 states have been targeted by hackers. California and New York hold the unenviable first and second positions, followed by Texas, Massachusetts, and Pennsylvania.

Remarkably, Vermont remains the sole state untouched by healthcare data breaches, an anomaly in the current landscape of cyber threats.

For those curious about why hackers are increasingly targeting health data, here’s a brief overview: healthcare information holds substantial value on the dark web, making it a prime target for cybercriminals. According to a 2021 survey conducted by IBM, a set of 1,000 patient records, encompassing medical history, contact information, and phone numbers, can fetch as much as $120. Bulk data sets can command up to $5,000. Moreover, data enriched with details such as dates of birth and Social Security numbers are in particularly high demand.

In 2023, a staggering 480 breaches were reported in the first three quarters, an increase from the 373 recorded in the previous year. The breach at HCA Healthcare, which saw data from 11 million patients compromised, topped the list of incidents. It was followed by the breach at Managed Care of North America, where the data of approximately 8.9 million dental patients was stolen earlier in the year.

So, how can healthcare information be safeguarded from falling into the wrong hands?

Conducting Threat Assessments: Employ advanced security controls and conduct regular threat assessments to mitigate the risk of data breaches.

Staff Awareness: Educate your staff about the evolving cyber threats to prevent human configuration errors.

Encryption: Implement robust encryption for data in transit and at rest to thwart hackers from accessing or siphoning sensitive information.

Data Backup: Regularly back up data to the cloud and one or two offsite servers to prevent downtime in case of an incident.

BYOD Vigilance: Exercise caution with Bring Your Own Device (BYOD) policies to mitigate the risks associated with connected devices.

Strong Passwords and Multi-Factor Authentication: Utilize strong passwords, preferably 15 characters long with a mix of uppercase and lowercase letters and special characters. Enabling multi-factor authentication provides an additional layer of protection against cyber threats for devices and applications.

The post A quarter of American populace have had their health data compromised appeared first on Cybersecurity Insiders.