Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label new technologies. Show all posts

Genetic Tester 23andMe’s Stolen Data of Jewish Users Sold Online

 


Ashkenazi Jews have been targeted in a Cyberattack, according to the reports malicious actors are advertising the sale of data sets containing names, addresses, and ethnic backgrounds of potentially millions of customers from the genetic testing firm 23andMe. They initially highlighted a batch that specifically includes information about individuals with Jewish heritage. 

On hacker forums, a snippet of the breached data was shared, particularly on a website where the perpetrators asserted that the sample encompassed 1 million data entries pertaining to Ashkenazi Jewish individuals. 

Additionally, as per Wired's report, on Wednesday, the malicious group put up data profiles for sale, pricing them between $1 and $10 per account. The sample allegedly contains entries for prominent tech figures such as Mark Zuckerberg and Elon Musk. 

However, the authenticity of these entries remains uncertain. While an inquiry into the data's authenticity is underway, the disclosed information aligns with an internal company scenario. This situation involved certain accounts being compromised, which in turn facilitated unauthorized access to additional data via 23andMe's DNA Relatives feature. 

The customer profile details were obtained by gaining entry into individual accounts, but it's important to note that the company's overall security was not compromised. The compromised data does not seem to encompass the raw genetic data that the company processes. Instead, it comprises particulars such as gender, birth year, genetic lineage findings, and geographical ancestry information. 

“We do not have any indication at this time that there has been a data security incident within our systems, rather, the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials,” a spokesperson from 23andMe reported to Forbes. 

DNA testing companies like 23andMe have come under scrutiny from privacy advocates and regulators due to concerns about handling sensitive genetic data. A privacy specialist from Stanford University pointed out in 2021 that a critical question revolves around where genetic data is being sent and why various companies and investors have a financial interest in it. 

23andMe, having gone public via a Richard Branson SPAC two years ago, provides consumers with both ancestral information and health advice. This includes personalized dietary recommendations and insights into potential genetic predispositions to diseases or conditions. The company consistently emphasizes that user data is only shared externally through opt-in agreements and, when shared, is meticulously anonymized for privacy protection. 

What could be the future cybersecurity risks associated with sharing sensitive genetic data: 

1. Cybersecurity Breaches: Despite robust security measures, there is an ongoing risk of cyber-attacks that could compromise the confidentiality and integrity of genetic data. 

2. Data Exploitation for Identity Theft: Stolen genetic data could potentially be used in sophisticated identity theft schemes, undermining personal security measures. 

3. Targeted Cyber Threats: Individuals with identifiable genetic markers may become targets for cyber threats, including phishing attempts or social engineering attacks. 

4. Ransomware and Extortion: Cybercriminals may use sensitive genetic data as leverage for extortion, demanding payments or other concessions in exchange for not disclosing or misusing the information. 

5. Biometric Authentication Risks: As genetic data plays a role in biometric authentication, unauthorized access to this information poses a direct threat to security measures relying on biometric factors. 

6. Healthcare Data Integration Risks: The integration of genetic data with electronic health records introduces new attack vectors, potentially leading to unauthorized access or manipulation of health-related information. 

7. Distributed Denial-of-Service (DDoS) Attacks: Genetic testing companies and associated platforms may become targets of DDoS attacks, disrupting services and compromising data availability. 

8. Third-party Vendor Vulnerabilities: If genetic data is shared with third-party vendors, their cybersecurity practices and vulnerabilities could directly impact the security of the data. 

9. Pharming Attacks: Cybercriminals might create fake websites or services claiming to offer genetic testing, leading individuals to unknowingly disclose sensitive information. 

10. Social Engineering Exploits: Cybercriminals may use information from genetic data to craft convincing social engineering attacks, aiming to deceive individuals into revealing further personal or financial details. 

It is imperative for individuals to exercise caution and seek services from reputable, well-secured platforms when dealing with genetic data. Additionally, organizations handling genetic information should prioritize robust cybersecurity measures to protect against these potential risks.

U.S. Intelligence Reports: Spies and Hackers are Targeting US Space Industry


U.S. intelligence agencies have recently issued a warning against foreign spies who are targeting the American space industry and executing cyberattacks against the country’s satellite infrastructure.

The U.S. Office of the Director of National Intelligence's National Counterintelligence and Security Center (NCSC) issued a bulletin on August 18, alerting the public that foreign intelligence agencies may use cyberattacks, front companies, or traditional espionage to gather sensitive data about American space capabilities or cutting-edge technologies. The threat also mentions the employment of counter space technologies, such as hacking or jamming of satellites, to interfere with or harm American satellite systems.

As noted by the NCSC bulletin, foreign intelligence agencies "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets." 

A set of guidelines is provided in the statement to assist private enterprises in minimizing any potential harm that these espionage attempts may create. The warning comes as funding for the U.S. space sector is rising rapidly with America’s satellite infrastructure expanding at an unparalleled rate.

NCSC further mentions a number of ways that foreign intelligence can seek to gain access to space agencies, to get hold of their insights and new technologies. Some of these methods appeared innocent enough, such as approaching space industry professionals at conferences or getting in touch with them through online forums to get information.

Other methods were more linked to ‘business dealings,’ through which foreign intel agencies frequently try to obtain access to sensitive information by investing in space companies through joint ventures or shell companies, or by buying their way into the supply chain that American aerospace companies rely on for the sourcing of parts and materials.

Some of the other methods mentioned were more explicit in nature, like carrying out cyberattacks or breaching private networks to steal intellectual property.

Moreover, the NCSC's bulletin warned the private space sector and stated that foreign intelligence agencies can compromise American national security by "collecting sensitive data related to satellite payloads, disrupting and degrading U.S. satellite communications, remote sensing and imaging capabilities," and targeting American commercial space infrastructure during interstate hostilities.  

'Inception' Attack: Enhanced Due Diligence Measures Essential

In March, 3CX disclosed a supply chain attack that surprised researchers investigating it. They discovered that the attack had an unusual and alarming origin: another company's supply chain attack. This revelation in the "Inception" attack has caused concern among information security professionals. 
 
It has highlighted the unsettling reality that the security of their software may be far beyond their control, even when they follow best practices. In a world with extensive interdependencies, the implications of such attacks are troubling. They can spread like a virus, starting from one point and infecting connected communities. This raises concerns about the hidden presence of malicious actors deeply embedded in one's environment. 

Why such attacks are concerning? 

What made this attack particularly concerning was its origin, which was traced back to another company's supply chain attack. It signifies that even when organizations take all the necessary precautions and follow security best practices, their software's security may still be compromised due to factors beyond their control. 

Such an attack has significant consequences, revealing the complex connections within the digital world. Software and systems depend on various parts from different vendors and suppliers. If any of these parts are compromised, it can have a domino effect throughout the entire supply chain. 

This puts many organizations and their customers in danger of security breaches. In simpler terms, an attack on one component can harm the entire system, affecting multiple businesses and their customers. This incident underscores the challenges faced by information security professionals in maintaining the integrity and security of their systems. 

It reveals that no matter how diligent an organization is in implementing security measures, the actions of external entities can still pose a significant threat. It also raises concerns about the presence of malicious actors operating covertly within interconnected environments, highlighting the need for heightened vigilance and robust security measures at all levels of the supply chain. 

Expanding Threats have Outpaced the Development of Cybersecurity Talent 

A study conducted by (ISC) in January 2022 highlighted a global shortage of 3.4 million cybersecurity professionals. Another survey found that more than four out of five companies have less than five in-house security analysts, which is insufficient to run their security operations center. 

Due to this shortage, organizations have turned to external vendors to fulfill their cybersecurity needs. The attack on 3CX software highlights how vulnerabilities can emerge in an enterprise's software supply chain. 

According to a survey by the Neustar International Security Council, about 73% of information security professionals believe they or their customers are somewhat or significantly at risk due to increased reliance on third-party providers. 

 What is a Supply Chain Ecosystem? 

A supply chain ecosystem is like a big interconnected network that includes all the different parts involved in getting a product from where it is made to the person who uses it. It's made up of businesses, vendors, suppliers, partners, people, processes, data, and resources that all come together to make the supply chain work. 

Third-party Providers Increase the Exposure to Risks 

In simpler terms, there are not enough cybersecurity experts to keep up with the growing digital threats. Many companies have very few in-house security analysts, so they rely on external vendors for cybersecurity services. 

The attack on 3CX software shows that weaknesses can occur in the software supply chain. A significant number of security professionals feel that integrating with third-party providers increases their exposure to risks. 

To Minimize Risks in the Supply Chain Ecosystem, Enterprises Can Take Several Steps: 

 1. Assess security controls: Ask potential partners about their security practices through standardized questionnaires to understand their level of security. 

 2. Seek third-party evaluations: Engage third-party evaluation services during due diligence to gain additional insights into the security capabilities of potential partners. 

 3. Hold suppliers accountable: Include regular audits, at least annually, in contractual agreements to ensure suppliers meet defined security standards. 

 4. Maintain ecosystem awareness: Continuously monitor and understand the partner ecosystem to stay aware of potential risks and vulnerabilities. 

 5. Implement preventive measures: Enforce security standards that align with or exceed the organization's own practices, ensuring partners adhere to them. 

 6. Develop a strong response strategy: Establish a comprehensive plan for detecting, mitigating, and responding to compromised systems, including those introduced by supply chain partners. 

 7. Employ layered security solutions: Utilize advanced security solutions for endpoints, networks, and protective DNS to actively monitor and block suspicious activities or communications from compromised systems. 

Reducing supply chain risk requires cooperation and shared responsibility among stakeholders. Traditionally, the burden has been placed on individual enterprises to protect themselves, rather than on the parties responsible for releasing insecure software. New strategies should aim to shift the burden onto software vendors, promote secure development practices, and encourage collaboration between vendors and clients to enhance cybersecurity.