Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label America. Show all posts

Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish

 

Fidelity Investments Life Insurance Company (FILI) faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish (IMS), heightens worries over data security in today's digital landscape. 

Approximately 28,268 individuals have been notified by Fidelity regarding the breach. Although IMS could not pinpoint the exact data accessed, it is suspected to include sensitive information like names, Social Security numbers, states of residence, bank account and routing numbers, and dates of birth. 

This unfortunate incident marks the second instance this year alone where Fidelity has had to inform customers of data compromise due to a third-party breach involving IMS. Last month, Bank of America faced a similar ordeal following a ransomware attack on IMS, affecting over 57,000 customers. 

Remarkably, the data accessed in both breaches appears to be of a similar nature, prompting concerns over the underlying vulnerability in IMS's systems. As investigations into the breach continue, questions loom over whether IMS's woes are linked to the same cyber incident. 

What exactly is a third-party data breach? 

Essentially, it occurs when a vendor or supplier's system is compromised, resulting in the theft of data belonging to you or your organization. This means that even though you may have entrusted your data to a third party for various services or goods, their system becomes a target for cybercriminals. 

But who exactly are these third parties? 

They are organizations with which your company has established a business relationship to provide goods, access, or services for your use. These critical third parties often require access to sensitive data to fulfil their services, thereby increasing your company's attack surface. 

Why is this a cause for concern? 

Well, when a critical third party experiences a breach, it can have severe repercussions for your organization. Not only does it compromise the security of your data, but it also exposes you to significant risks. This underscores the importance of thoroughly vetting and monitoring third-party vendors to mitigate potential security threats. 

In essence, understanding third-party data breaches is crucial for safeguarding your organization's data and reputation. By implementing robust security measures and carefully managing your business relationships, you can better protect yourself against the risks posed by third-party breaches. 

Now Little Information Regarding Fidelity Company 

Fidelity Investments, headquartered in Boston, Massachusetts, has been a powerhouse in the financial services sector since its founding in 1946. Boasting $4.3 trillion in assets under management and $10.3 trillion under administration as of December 2022, Fidelity is globally recognized as one of the largest asset managers. Offering a comprehensive suite of financial solutions, including brokerage services, mutual funds management, investment advice, retirement planning, wealth management, and life insurance, Fidelity caters to a wide range of clients, from individual investors to institutional entities. 

Despite its robust security measures, the company has encountered cybersecurity challenges in the form of occasional breaches, impacting its operations and raising concerns about the security of customer data.

AI Revolutionizes Job Searching, Promotions, and Workplace Success in America

 

The impact of artificial intelligence on our careers is becoming more apparent, even if we are not fully aware of it. Various factors, such as advancements in human capital management systems, the adoption of data-driven practices in human resource and talent management, and a growing focus on addressing bias, are reshaping the way individuals are recruited, trained, promoted, and terminated. 

The current market for artificial intelligence and related systems is already substantial, generating a revenue of over US$38 billion in 2021. Undoubtedly, AI-powered software holds significant potential to rapidly progress and revolutionize how organizations approach strategic decision-making concerning their workforce.

Consider a scenario where you apply for a job in the near future. As you submit your well-crafted résumé through the company's website, you can't help but notice the striking resemblance between the platform and others you've used in the past for job applications. After saving your résumé, you are then required to provide demographic information and fill in numerous fields with the same data from your résumé. Finally, you hit the "submit" button, hoping for a follow-up email from a human.

At this point, your data becomes part of the company's human capital management system. Nowadays, only a handful of companies actually examine résumés; instead, they focus on the information you enter into those small boxes to compare you with dozens or even hundreds of other candidates against the job requirements. Even if your résumé clearly demonstrates that you are the most qualified applicant, it's unlikely to catch the attention of the recruiter since their focus lies elsewhere.

Let's say you receive a call, ace the interview, and secure the job. Your information now enters a new stage within the company's database or HCM: active employee. Your performance ratings and other employment-related data will now be linked to your profile, providing more information for the HCM and human resources to monitor and evaluate.

Advancements in AI, technology, and HCMs enable HR to delve deeper into employee data. The insights gained help identify talented employees who could assume key leadership positions when others leave and guide decisions regarding promotions. This data can also reveal favoritism and bias in hiring and promotion processes.

As you continue in your role, your performance is continuously tracked and analyzed. This includes factors such as your performance ratings, feedback from your supervisor, and your participation in professional development activities. Accumulating a substantial amount of data about you and others over time allows HR to consider how employees can better contribute to the organization's growth.

For instance, HR may employ data to determine the likelihood of specific employees leaving and assess the impact of such losses.

Popular platforms used on a daily basis already aggregate productivity data from sign-in to sign-off. Common Microsoft tools like Teams, Outlook, and SharePoint offer managers insights through workplace analytics. The Microsoft productivity score monitors overall platform usage.

Even the metrics and behaviors that define "good" or "bad" performance may undergo changes, relying less on subjective manager assessments. With the expansion of data, even professionals such as consultants, doctors, and marketers will be evaluated quantitatively and objectively. An investigation conducted by The New York Times in 2022 revealed that these systems, intended to enhance productivity and accountability, had the unintended consequence of damaging morale and instilling fear.

It is evident that American employees need to contemplate how their data is utilized, the narrative it portrays, and how it may shape their futures.

Not all companies have a Human Capital Management (HCM) system or possess advanced capabilities in utilizing talent data for decision-making. However, there is a growing number of companies that are becoming more knowledgeable in this area, and some have reached a remarkable level of advancement.  

While some researchers argue that AI could enhance fairness by eliminating implicit biases in hiring and promotions, many others see a potential danger in human-built AI merely repackaging existing issues. Amazon learned this lesson the hard way in 2018 when it had to abandon an AI system for sorting résumés, as it exhibited a bias in favor of male candidates for programming roles.

Furthermore, the increased collection and analysis of data can leave employees uncertain about their standing within the organization, while the organization itself may possess a clear view. It is crucial to comprehend how AI is reshaping the workplace and to demand transparency from your employer. These are some key points that employees should consider inquiring about during their next performance review:
  • Do you perceive me as a high-potential employee?
  • How does my performance compare to that of others?
  • Do you see me as a potential successor to your role or the roles of others?
Similar to the need to master traditional aspects of workplace culture, politics, and relationships, it is essential to learn how to navigate these platforms, understand the evaluation criteria being used, and take ownership of your career in a new, more data-driven manner.

Email Phishing Attack Revealed by American Airlines

Several passengers of American Airlines are being warned that their personal information might have been compromised as a result of threat actors getting access to employee email accounts. 

The airline said that a phishing attempt led to hackers gaining access to the mailboxes of a limited number of employees. The stolen email accounts held some consumers' personal data. The airline noted in notice letters distributed on Friday, September 16th, that there is no proof that the disclosed data was misused.

The hack was detected on July 5th by American Airlines, which then swiftly protected the affected email accounts and recruited a cybersecurity forensics company to look into the security incident.

American Airlines had hired a cybersecurity forensics company to look into the incident. The inquiry revealed that unauthorized actors had obtained the personal information of both customers and workers. Although they did not say how many consumers were impacted, they did say that names, dates of birth, addresses, emails, phone numbers, passport numbers, and even certain medical information could have been exposed.

American Airlines issued the following statement to BleepingComputer by the Manager for Corporate Communications. "American Airlines is aware of a phishing campaign that resulted in a small number of team members' mailboxes being improperly accessed."

A very small amount of customers' and workers' personal information was found in those email accounts, according to American Airlines, which also provided a two-year membership to Experian's IdentityWorks.

With regard to the incident, the company stated "data security is of the utmost importance and we provided customers and team members with precautionary support. We also are actively developing additional technical safeguards to avoid a similar incident from happening in the future, even though we have no proof that any personal information has been misused."

In March 2021, the Passenger Service System (PSS), which is used by many airlines worldwide, including American Airlines, was infiltrated. SITA, a leading provider of air information technology, revealed that hackers broke into its systems.

To help employees recognize targeted phishing attacks, firms must ensure that staff receives adequate security training. Organizations' IT and security departments should explain to staff how communications will be handled. It is crucial to always inform people about how to recognize phishing emails. 












The Russian Hacker Group Killnet Took Down the Anonymous Website

 

The Russian hacker group Killnet said that they took down the Anonymous website "anonymoushackers[.]net" and called on Russians not to believe the Internet fakes and to stay calm. Killnet's appeal was published on one of its Telegram channels on Tuesday, March 1. 

According to the hacker group, "the Internet is full of fake information about hacking Russian banks, attacks on the servers of Russian media and much more. All this has no danger to people. This "information bomb" carries only text. And no more harm. Don't give in to fake information on the Internet. Do not doubt your country". 

Hackers blamed the events in Ukraine on the country's President, Vladimir Zelensky, as well as American leader Joe Biden. The leaders of the EU countries, as they say in the appeal, are following the lead of the United States. 

 According to independent verification done by CySecurity News, there is no official website for Anonymous Group. 

Russian hackers said that they had already disabled the website of the Anonymous group, along with the website of the Right Sector banned in the Russian Federation. The Anonymous hacker group declared a cyberwar on Russia and claimed responsibility for a hacker attack, for example, on the RT website. 

On February 28, the websites of Izvestia, TASS, Kommersant, Forbes, Fontanka, Mela, E1, Buro 24/7, RBC, Znak.Com and other Russian media were hacked. On the same day, massive DDoS attacks were launched against websites of the Crimean government and authorities. Hackers used a botnet with IP addresses mostly located in North and South America, Taiwan, and a number of other countries. 

On February 26, the Ministry of Information reported that users of the public services portal may face difficulties when working with the services of the site due to cyberattacks. At the same time, the department clarified that the personal data and information of citizens are reliably protected. On the same day, the administration of the President of the Russian Federation reported regular cyberattacks on the Kremlin's website. Moreover, Russian Railways reported that the company's website is subject to regular serious DDoS attacks. 

Earlier, Information security expert Nenakhov told what danger Anonymous hackers pose to Russia. According to him, DDoS attacks are the easiest thing that can happen. Government websites, government online services such as Gosuslugi, email, social media accounts of politicians, websites, and the IT infrastructure of state banks and defense companies are relatively more vulnerable to attacks.


The United States and the West are Afraid of Possible Cyber Attacks by Russian Hackers

 

According to CNN, the FBI has warned American businessmen about the growth of possible cyberattacks using ransomware by Russian hackers against the background of sanctions that US President Joe Biden imposed against Russia in connection with the situation around Ukraine. 

Earlier, Jen Easterly, head of the U.S. Agency for Cybersecurity and Infrastructure Protection, said that Russia might consider taking measures that could affect critical U.S. infrastructure in response to U.S. sanctions. She urged all organizations to familiarize themselves with the steps the agency has developed to mitigate cybersecurity risks. In addition, David Ring, head of cybersecurity at the FBI, said that Russia is allegedly a favorable environment for cybercriminals, which will not become less against the background of the confrontation between Russia and the West over the situation around Ukraine. According to CNN, briefings on such topics have been held by the FBI and the Department of Homeland Security for the past two months. 

It is important to note that Polish Prime Minister Mateusz Morawiecki decided to introduce a special high-level security regime for telecommunications and information technology in the country. 

On February 21, he signed a decree introducing the third level of the Charlie– CRP warning throughout the country. This level is introduced if there is an event confirming the probable purpose of a terrorist attack in cyberspace or if there is reliable information about a planned event. 

The Polish Law on Anti-terrorist actions provides that in the event of a terrorist attack or its threat, the head of government may introduce one of four threat levels: Alfa, Bravo, Charlie, and Delta. The highest level, Delta, can be announced if a terrorist attack occurs or incoming information indicates its high probability in Poland. 

Similar levels marked with CRP relate to threats in cyberspace. They are introduced to strengthen the control of the security level of information systems in order to monitor the possible occurrence of violations in their work. 

The Russian Federation has repeatedly rejected the accusations of Western countries in cyberattacks, calling them unfounded, and also stated that it is ready to cooperate on cybersecurity. 

Earlier, CySecurity News reported that CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine.

The USA will Continue to Support Ukraine in Ensuring Cybersecurity

 

The U.S. authorities will continue to support Ukraine aimed at improving its cybersecurity. U.S. Undersecretary of Homeland Security Robert Silvers said Thursday. 

He claimed at an online cybersecurity conference that they have been warning publicly and privately for months that cyberattacks could be part of a large-scale Russian effort to destabilize and invade Ukraine. “Of course, we offer support to Ukraine to help Ukraine strengthen its cyber defenses. We will continue to do so in the days ahead." 

According to Silvers, the American side also works closely with other international partners and strengthens its own security. "At the moment, there are no specific and credible threats [from the Russian Federation] to the United States [in cyberspace], however, we, of course, are attentive to the fact that Russia may consider [options] for escalation in ways that may have an impact on other [countries] outside Ukraine. So we are actively working here in the US with industry representatives, with owners and operators of critical infrastructure to strengthen protection," he added. 

The Washington Post newspaper in its article reported on hackers associated with Russia, who, if necessary, will bring down many networks of Ukraine. At the same time, the publication refers to American intelligence data. "We don't know if they intend to do this. But we are working with Ukraine to strengthen their cyber defense," the unnamed official's words are quoted in the article. 

On Tuesday, the Information Security Center of Ukraine announced a DDoS attack on the websites of the Ministry of Defense, the Armed Forces, state Privatbank and Oschadbank. White House Press Secretary Jen Psaki noted at a briefing on Wednesday that Washington is not yet ready to say who the US authorities consider responsible for these cyberattacks. The press secretary of the President of the Russian Federation Dmitry Peskov said earlier that Russia has nothing to do with cyberattacks in Ukraine. 

CNN Learned About the Preparation of the US Authorities to Repel Cyber Attacks from Russia

 

CNN reported citing US administration sources that representatives of the White House, US intelligence, the US Department of Homeland Security (DHS), and other agencies have discussed preparations to repel cyber attacks that could be carried out in the United States and Ukraine. 

According to the interlocutors of the TV channel, the meeting at the interdepartmental level took place on Friday, February 11, in the format of a videoconference. It discussed the measures that the U.S. leadership in cooperation with private companies could take in various areas of the economy in case of "a potential attack by cybercriminals or government-linked" hackers. 

In addition, there was a discussion of the "possible increase in ransomware attacks on U.S. companies" that "Russian-speaking hackers" allegedly might carry out. The issue of providing cybersecurity support to Ukraine was also raised, where, according to sources, there is a "concrete, credible threat" of attacks on infrastructure facilities. No such threat currently exists in the United States. A CNN source stressed that the administration was working on steps in case the situation changed for the worse. 

In mid-January, unknown hackers attacked at least 70 state websites of Ukraine, including portals of the Cabinet of Ministers, the Ministry of Education, the Ministry of Foreign Affairs, the Ministry of Sports, and other departments An appeal in Ukrainian, Russian and Polish appeared on them, the authors of which urged Ukrainian citizens "to fear and wait for the worst. In Ukraine, they believe that Russia is involved in the incident. The US said that the attack was carried out "according to the Russian scheme." On January 16, Russian presidential spokesman Dmitry Peskov said that Moscow had nothing to do with the incidents. He noted that no evidence of Moscow's culpability has been provided. 

White House Press Secretary Jen Psaki noted that the United States is in contact with Ukraine regarding the incident, and also offered its assistance in the investigation. According to her, Washington, their allies, and partners are "concerned about this cyberattack." 

Western media and officials have been speculating about an impending Russian invasion of Ukraine since the fall of 2021. Washington and Brussels threaten Moscow with new sanctions in case of an invasion. On February 9, Politico newspaper reported that U.S. senators suggested adding to the bill on sanctions against Russia the possibility of imposing restrictions "for cyberattacks" on Ukraine.

Scam Spotter Warns the American Public of a Gift Card Scam

 

A cyber-security platform has come up with a humorous approach to alert Americans about gift card scams ahead of the Christmas season. With its new awareness campaign geared at thwarting scammers' complicated con efforts, Scam Spotter, a platform established by Cybercrime Support Network (CSN) with support from Google, is sounding the warning to consumers ahead of the busy shopping season. 

A grandma steals a helicopter and breaks into a jail in a foreign country to set her granddaughter free using gift cards as a bail payment in one Hollywood blockbuster-style dramatization. In another, a man narrowly avoids an armed police raid on his home after paying his tax debt with gift cards over the phone. "Your computer has been hacked," "you've been pre-approved for a loan," and "it's your boss – I need you to buy gift cards ASAP" are among the fraud tactics used in other commercials. 

A spokesperson for the Scam Spotter platform said: “This comprehensive campaign highlights the most common gift card scam scenarios in a series of absurd and hyperbolic videos to show that if the stories scammers use sound unbelievable, it’s because they are.” 

Scams are more common than many people know, and they've progressed far beyond the unlikely "Nigerian Prince" call, with the fraud industry being worth more than $3.3 billion every year. Scammers feed on people's fears and catch them off guard by using more personal methods of communication, such as a direct message on social media. They accomplish by creating "urgent" situations and instilling terror in their victims, making them feel compelled to act immediately without a chance to think. People are typically overwhelmed with embarrassment after being cheated, and they don't report or talk about it, leaving others vulnerable to fall for the same fraud. 

Gift cards have topped the list of reported fraud payment methods every year since 2018, according to the Federal Trade Commission. People reported losing roughly $245 million during that time, with a median individual loss of $840. 

Scams involving gift cards target people of all ages. “While baby boomers tend to lose more money per scam on average, younger generations are far from safe, with millennials reporting losses of around $300m in 2020,” said a Scam Spotter spokesperson. In its 2021 Holiday Shopping Forecast, global branded payments provider Blackhawk Network anticipated that gift card spending will rise by 27% this year.

NSA’s Cyber Chief Warned About the Increasing Cyber Threat

 

On Wednesday the 29th of September, the chief of the cyber branch of the National Security Agency cautioned about the growing number of digital dangers and threats that these cybercriminals pose. 

Rob Joyce, Director of the NSA Cybersecurity Directorate, stated during the ASPEN Cyber Summit in Colorado that nearly every single government in the world today has a cyber exploitation program. 

Joyce has been a special assistant of the president and cyber security coordinator of the National Security Council in 2018, with many other responsibilities in the nation's leading e-spy agency. 

“The vast majority of those are used for espionage and intelligence purposes, but… there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” stated Joyce. 

There are some “high-end, sophisticated small actors, but they’re confined to whatever that national interest is that they’re aimed at so we see less of them.” 

Joyce also gave his evaluated statements on the so-called "Big Four" and the latest internet business of the foreign states who were historically the digital opponents of America — Russia, China, Iran, and North Korea. 

Starting with Russia he said that, it's the distressing force. Often they attempt not to boost their activities but to pull others down. They are still extremely active in intelligence-gathering efforts targeting vital infrastructure and countries. The problem is that they employ disruptive effects all around the world aggressively. The organization saw indications of U.S. vital infrastructure pre-positioning. For this everyone must strive against every item that can't be permitted. 

Further, talking about China he noted that, Chinese is off the charts, considering the scale and scope. The number of cyber actors from China is growing all over the world. NSA respected them less than that from four or five years ago to the present day, the changes as perceived. They have always been wide, loud, and boisterous, and what the organization discovers, the elite in that group is the elite if one has such a vast resource base. 

“The high end of the Chinese sophistication is really good. We’ve got to continue to understand, disrupt and then find ways across the whole of that technology to kind of push back… Yes, defense is really important, but you also have to work to disrupt so that’s the continuous engagement strategy out of the [Defense Department] and the idea that we got to put sand and friction in their operations, so they don’t get just free shots on goal,” he added. 

Later he made statements about Iran saying that Iran is still operational in cyber activities. Certainly, they were the first and foremost nation when everyone spoke of a bank distributed denial of service operations and the Shamoon Wiper malware. However what NSA observed is that they often concentrate very much on regional matters, at present. Their attention was not as broad on the impact. But they are capable, especially because their decision is less judgmental, and most crucially because it is a realistic measure. Iran sometimes does not appreciate how much it has done to, or has gone far as to arouse the wrath and concern of the larger community. 

Lastly, he told that North Korea remains extremely focused on the regime's income creation, as North Korea can not be affected even with several sanctions. They, therefore, had to develop ways to create cash, trade and realized that it is simpler to steal Bitcoin than to steal from Bangladesh Bank. They didn't attack the largest banks as hard, since in the crypto realm they made their required money. 

“The commercial firms were dealing with a lot of North Korean issues back when the [Covid-19] vaccine was an issue; they were going after the intellectual property of vaccine makers. So, still active, still a threat, very capable but mostly focused on crypto exchanges and creating money.” He added. 

AmeriGas: US Largest Propane Supplier Suffered a '8-second' Data Breach

 

America's largest propane supplier, AmeriGas, has revealed a data breach that lasted ‘8-second’ but affected 123 employees and one US resident. It serves more than 2 million customers in all 50 US states and has more than 2,500 distribution locations. 

Threat actors exploited networks of J. J. Keller – a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas. On May 10th, J.J. Keller detected anomalous activity on their systems associated with a company email account. The vendor quickly began investigating its network to discover that a J.J. Keller employee had been the victim of a phishing email, causing his account to be compromised.

After resetting the employee’s account credentials, J.J. Keller quickly began its forensic activities to determine the full scope of this breach. It revealed that the eight-second data breach leaked sensitive records of 123 AmeriGas employees.

"According to J.J. Keller, during the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees' information, including Lab IDs, social security numbers, driver's license numbers, and dates of birth. To date, we are unaware of any actual or attempted misuse of this personal data as a result of this incident," revealed AmeriGas in a sample data breach notification letter dated June 04, 2021.

Apart from 123 AmeriGas employees, the personal details of New Hampshire resident were also exposed, who has since been alerted of the data breach and been provided with free credit monitoring services. Fortunately, there are no indications that any employee information was copied or misused. 

A second data breach involving AmeriGas this year

This latest data breach comes after AmeriGas suffered a data breach in March 2021, when a company customer service agent was fired for potentially misusing customer credit card information. 

According to AmeriGas, some customers who called AmeriGas customer service had verbally revealed their banking details to this representative who may have misused this information to make unauthorized purchases. 

“We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents. We do not know whether your credit card information was shared but are writing in an abundance of caution. We investigated the issue as a precaution to further secure your information. The agent involved has been terminated and we have already implemented additional safeguards,” the company had revealed at the time.

APT: China-Based Threat Group Attacks Pulse Secure VPNs

 

Several hacker groups that are supposed to support Chinese long-term economic goals continue in the defense, high-tech, public, transportation, and financial services industry networks in the US and Europe. 

Many breaches have taken place wherein attacks by Chinese threat actors penetrated Pulse Secure VPN devices to break into an organization's network and steal confidential material. 

Whereas in several other incidents the attackers took full advantage of the Pulse Connect Secure (PCS) (CVE-2021-22893) authentication bypass vulnerability to enter into the victim's network. The intruders also gained control of the combination of previously known vulnerabilities. Meanwhile, last month, a failure in the bypass authentication was detected and rectified. 

Mandiant issued a warning this week – on China's advanced persistent threat (APT) activity for U.S. and European organizations. In the alert, Mandiant had focused on a battery of malware tools used to address vulnerabilities in Pulse Secure VPN devices on two Chinese-based organizations: UNC2630 and UNC2717. Mandiant said that UNC2630 had targeted US military industry groups and UNC2717 had attacked an EU entity. 

"The exploitation activity we have observed is a mix of targeting unpatched systems with CVEs from 2019 and 2020, as well as a previously unpatched 2021 CVE (CVE-2021-22893)," says Stephen Eckels, a reverse engineer at Mandiant. "Since our original report, Pulse Secure and Mandiant have worked together, and the zero-day has since been patched." 

"At this time, Pulse Secure has patched all known vulnerabilities," Eckels added. 

In certain cases, the attackers had set up their local admin accounts on critical Windows servers to operate freely on the target network. Instead of depending on internal endpoints of the security vulnerabilities, they used exclusivity of Pulse Secure web-shells and malware. 

The UNC2630 and UNC2717, according to Mandiant, are just two of the various groups which threaten Pulse Secure VPNs that seem to work for the interest of the Chinese administration. Many of the groups use the same number of instruments, but their strategies and tactics are different. 

There has been no confirmation so far that the threat actors had acquired American data that would provide economic advantages for Chinese enterprises. In particular, a 2012 agreement between President Barack Obama and a Chinese counterpart Xi prohibits cyber espionage of such data. 

"Right now we're not able to say that they haven't, just that we don't have direct evidence that they have violated [the agreement]," Mandiant says. "Some of the affected entities are private companies that would have commercial intellectual property, the theft of which would violate the agreement. We just have not seen direct evidence of that type of data being staged or exfiltrated." 

Mandiant's assessment of the Chinese ferocious ATP activities is coinciding with this week's alert from Microsoft for Nobellum, the Russian menace actor behind the SolarWinds attack and an extensive e-mail campaign. In both cases, cyber espionage seems to be the major motif in support of national strategic objectives.

Credit Scores of Americans were Exposed Through Experian API

 

According to a researcher, almost every American's credit score was leaked due to an API platform used by the Experian credit bureau that was left accessible on a lender's website without even basic security safeguards. Experian, for its part, dismissed security experts' fears that the problem could be structural. 

The Experian Connect API is a platform that helps lenders to simplify FICO-score queries. According to a published article, Bill Demirkapi, a sophomore at Rochester Institute of Technology, was looking for student loans when he came across a lender who would verify his eligibility with only his name, address, and date of birth. Demirkapi was taken aback and wanted to look into the code, which revealed that the tool was driven by an Experian API, he said.

“No one should be able to perform an Experian credit check with only publicly available information,” Demirkapi told Krebs On Security, which was the first to break the story of the leak. “Experian should mandate non-public information for promotional inquiries, otherwise an attacker who found a single vulnerability in a vendor could easily abuse Experian’s system.” 

Demirkapi said he was able to create a command-line tool called "Bill's Cool Credit Score Lookup Utility" that allowed him to automate lookups even after entering all zeros in the fields for date of birth. Krebs said he was able to use the API link to get “risk factors” from Experian that clarified possible vulnerabilities in a person's credit background, in addition to raw credit scores. He ran a credit check for his buddy "Bill," who had “Too many consumer-finance company accounts,” according to his mid-700s credit score.

Demirkapi refused to reveal the identity of the lender or the website where the API was revealed to Experian. He declined because he believes there are hundreds, if not thousands, of firms using the same API, and that all of those lenders are leaking Experian's customer data in the same way. “If we let them know about the specific endpoint, they can just ban/work with the loan vendor to block these requests on this one case, which doesn’t fix the systemic problem,” he explained. 

“We have been able to confirm a single instance of where this situation has occurred and have taken steps to alert our partner and resolve the matter,” Experian said in a written statement. “While the situation did not implicate or compromise any of Experian’s systems, we take this matter very seriously. Data security has always been, and always will be, our highest priority.”

Concerns Raised as Postal Service of America Monitors Social Media Accounts of the Natives

 

A program that monitors and collects the Social Media posts of the American public even on issues related to planned protest, has secretly been carried out by the U.S. Postal Service law enforcement. 

According to a government report issued by Yahoo News on 16th March, the surveillance technique, classified as the Internet Covert Operations Program (ICOP), tracks social networking operations. Though details of the monitoring effort, known as the ICOP, have not been published before. The work includes making analysts trawl through social media pages to search for the details that the paper identifies as "inflammatory" postings. The software forms part of the activities of USPS, the U.S. Postal Inspection Service (USPIS). 

The USPIS tracked social media profiles of expected demonstrations domestically and internationally on 20 March, although, as per the bulletin, it was the same date which was expected to hold the World Rally for Freedom and Democracy. The Department of Homeland Security circulated information about protests against lock-up measures. Facebook and other sites used by right-wing terrorist organizations, such as Parler and Telegram, were obtained by the agency. 

“ICOP analysts are currently monitoring these social media channels for any potential threats stemming from the scheduled protests and will disseminate intelligence updates as needed,” reads the bulletin. 

Also, the agency told that ICOP, “assesses threats to Postal Service employees and its infrastructure by monitoring publicly available open-source information.” 

This practice has been discussed by users of social media as a matter of concern. The Kentucky Rep. Thomas Massie voiced his concern about the transfer of the USPS via Twitter and said that for several years the USPS had been losing money... But where do they find the money for this monitoring service to run? 

According to their website, The Postal Inspection Service also examines details about illicit drugs, mail theft, identification theft, e-mail fraud, suspicious mail, disaster response, laundering of money, cyber criminality, and abuse of children, though it is not just the Postal Service that extends its social media tracking. 

DHS officials last month discussed its role in tracking social media for threats to domestic terrorism in a background appeal by journalists. “We know that this threat is fuelled mainly by false narratives, conspiracy theories and extremist rhetoric read through social media and other online platforms,” one of the officials said. 

The controversy over government surveillance of Americans' social media pages has been sparked following the Capitol Insurrection. As per a 2017 survey of the International Association of Chief of Police, over 70 percent of participating police forces use social media to collect information and track public opinion. The transparency report on Facebook mentions that somewhere between January and June 2019, the organization obtained more than 60 thousand government data requests.

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.

Hackers Now Allowed to Find Flaws in US Fighter Jets and Security System


The Trusted Aircraft Information Download Station could have been shut down entirely due to a host of flaws discovered by hackers who were challenged to detect vulnerabilities in a system of a U.S military fighter jet known as F-15.

It was unprecedented in the history of the tech world that outside researchers were given physical access to such critical machinery, and were asked to detect vulnerabilities. It was a matter of two days for a group of 7 hackers to come up with a number of exploits which included bugs that were identified by the Air Force itself but they couldn't fix it, according to the Washington Post.

Hackers put the system through numerous attacks which included subjecting it to malware and testing with objects like screwdrivers and pliers, reported the DEF CON 27.

In the context of the vulnerabilities exploited by the hackers, Roper Technologies attributed, “decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.”

Usually, outsiders were not allowed such access to military equipment which is highly sensitive in nature and their operation; it came as a massive change in how the military and technological world works in synchronization, the gravity of which can be gauged by the fact that hackers physically approached the machine with tools.

As per Roper, American Air Force is of the belief that if it doesn't allow America's best hackers to find every single vulnerability present in their weapons, machinery and fighter jets, then they are at the risk of being exploited by other adversaries like Iran, Russia and North Korea.