Search This Blog

Showing posts with label Email Account Compromise. Show all posts

EU Banking Regulator Suffers Cyberattack in a Microsoft Email Breach

A significant EU financial regulator, the EU Banking Authority said that it suffered a cyberattack where its Microsoft email systems were hacked. The US company is putting the blame on a Chinese threat actor. Recently, Microsoft said that a Chinese state-sponsored hacking group was exploiting earlier unknown security vulnerabilities in Microsoft's exchange email services to hijack government and user data. The list of victims counts to as many as tens of thousands. Microsoft earlier this week said that "Hafnium attacks were in no way connected to the separate SolarWinds-related attacks." 

Threat actor "Hafnium" is highly skilled and sophisticated, says Microsoft. Hafnium has earlier attacked companies based in the US that include cybersecurity firms, law firms, defense contractors, think tanks, defense agencies, NGOs, and universities. The EBA (EU Banking Authority) said in a statement that the inquiries have not revealed any data theft as of now. Presently, the EBA e-mail infrastructure is safe and the investigation concludes that there has been no data breach, says the statement. 

There's no evidence to suggest that the breach affected anything more than email servers.  The company says that the investigation is still in process and security measures have been set up to restore the functionality of e-mails. EBA in a statement issued on Sunday said that it had shut down its systems as a preventive measure, observing that hackers may have got access to personal data in the emails. The company has issued updates to fix the security issues. It is very much likely that the hackers may want to take the advantage of the unpatched systems, says Tom Burt, Microsoft executive. 

In this regard, Security Week reported, "Beijing typically rejects US hacking charges out of hand and last year berated Washington following allegations that Chinese hackers were attempting to steal coronavirus research. In January, the US said Russia was probably behind the massive SolarWinds hack that hit large swathes of the government and private sectors, and which experts say may constitute an ongoing threat."  

Remote Working Susceptible to Data Risks, 83% of Organizations at Suffer Email Breaches


As per the report by Egress, 95% of cybersecurity experts believe company and client data in e-mails is at risk. Besides this, a massive 83% of firms have been targets of data breaches through these attacks in the last twelve months. Human error is the primary cause of almost a quarter of these incidents, around 24% caused by an empty who shared data by mistake. For instance, forwarding an email that consists of important information to the wrong recipient or sending a wrong attachment. The report enquired 500 IT leaders and 3000 work from home employees in the US and UK across various vertical sectors consisting financial sector, legal, and healthcare. 

The downside of remote working 

Work from home culture has left employees highly dependent on working with emails, especially using them for sharing sensitive data. Since the start of the Covid-19 pandemic, 85% workforce has confirmed sending more emails. It has exposed the user to more risks and attacks involving outbound email data breaches. The report also revealed that around 60% of team members work in an environment that is usually buzzing with distractions and noise. These generally include communal spaces and shared home offices. 

Besides the problems related to confidentiality, these distractions that employees face in the work environment often lead to more risks of a data breach. The risk is intensified more by work stress and fatigue, report shows around 73% of employees said that they feel low due to the pandemic. The blend of home and work life resulted in many employees working for long hours in an overwhelming environment, while both of these factors increasing the chances of a data breach. 

Tony Pepper, CEO, Egress said "it's clear to see that legacy DLP tools are no longer fit for purpose; they’re difficult to use and because they can’t take people’s behavior into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches in this new world of remote working. He further said, "employees continue to work in challenging environments, and the lines between work and home life have been blurred. All of this contributes to the likelihood that a costly mistake might be made."

Yandex Suffers Data Breach, Exposes Email Accounts

 

Russian internet and search organization Yandex declared on Friday that one of its system administrators had enabled unapproved access to a huge number of client mailboxes. The organization found the breach internally, during a standard check of its security team. The investigation uncovered that the employee’s activities prompted the compromise of almost 5,000 Yandex email inboxes. This employee was one of three system administrators, who had the access privileges to offer technical support for mailboxes, said Yandex.

“A thorough internal investigation of the incident is under way, and Yandex will be making changes to administrative access procedures,” said Yandex’s Friday security advisory. “This will help minimize the potential for individuals to compromise the security of user data in future. The company has also contacted law enforcement.” 

As indicated by Verizon's 2020 Data Breach Investigations Report (DBIR), internal actors were behind 30% of breaches (with the dominant part, or 70%, coming from external actors). An insider threat could leave organizations spiraling from financial or brand damage – but additionally an absence of ensuing trust from clients. In a recent January case, for example, a former ADT employee was found adding his own email address to the accounts of attractive women, so he could have around-the-clock access to their most private moments. In December, a former Cisco Systems employee was condemned to two years in prison, subsequent to hacking into the networking company’s cloud infrastructure and deleting 16,000 Webex Teams accounts in 2018. Furthermore, in October, Amazon fired an employee who shared clients' names and email addresses with a third party. 

“Yandex’s security team has already blocked unauthorized access to the compromised mailboxes,” the organization says, adding that the proprietors have been cautioned of the breach and that they need to change their account passwords. Because of the occurrence, Yandex will make changes to the administrative access procedure to expand the security of client information. As indicated by the organization, payment details have not been affected. While this information breach deserves serious scrutiny, Yandex confronted a graver threat in the past, when Western intelligence agencies compromised their systems with Regin malware. 

The assault occurred between October and November 2018, and it targeted technical information regarding user account authentication, Reuters learned at that point. Yandex recognized the assault and said that it was detected and neutralized before it brought on any harm.

Aeronautical agency’s email account hacked

The official email account of the Aeronautical Development Agency (ADA) was recently hacked and data manipulated, allegedly by a private aerospace engineering company.

The hackers breached into the TAN login and even changed a mobile number linked the certain account and unauthorised online corrections were made to manipulate tax returns of a private aerospace engineering company in Bengaluru.

Rangarajan S (58), a senior executive with the ADA, filed a complaint with the cybercrime police of the Criminal Investigation Department (CID) seeking legal action against unknown hackers on June 4. Based on the complaint, the police registered a case under various sections of the Information Technology Act and are probing.

In his complaint, Rangarajan said the hackers not only accessed details of financial transactions, but also made changes in the TDS for 2017-18. In addition to this, the hackers also allegedly changed the password, email ID and mobile IDs, and updated the PAN details of the company they belonged to. The police said the fraud might have occurred between March and May this year and come to light recently during the verification of official accounts.

“On March 31, an amount of Re 1 has been remitted to ADA’s TAN number. Also, some unknown person has filed 27EQ return of 4th quarter FY 2018-19 offline on May 7 (possibly at TIN-FC centre). ADA’s TDS Reconciliation and Correction Enabling Systems user ID and login password have been accessed unauthorisedly on May 14.”

Confirming the account’s hacking, senior ADA officials said that though there has been a breach in the account, there is no security concern. “This is not a serious issue as the account was in the open domain. No data pertaining to the agency has been compromised,” an officer said.

The cybercrime police are trying to ascertain the motive behind the hacking.

Hacker stole $1.75 million from church





The hackers have successfully stolen $1.75 million from the church Saint Ambrose Catholic Parish  using a successful BEC(Business Email Compromise) in which hackers trick email users to send the money in wrong banks. The attack was discovered on April 17 after contractor  of Vision 2020 project inquired church for not receiving monthly installment .

BEC which is also known as Email Account Compromise (EAC)  are very common among hackers where not much technical skills are required, it just rely on tricking people into wiring money to trusted bank while bank accounts are usually controlled by the hackers.

The Parish’s website posted, “With 16,000 members made up of 5,00 families, Saint Ambrose is the second largest church in the Diocese of Cleveland and the largest church in Brunswick, Ohio."

Pastor Father Bob Stec sent a letter to the Parish saying “On Wednesday, Marous Brothers called inquiring as to why we had not paid our monthly payment on the project for the past two months totaling approximately $1,750,000. This was shocking news to us, as we have been very prompt on our payments every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed/confirmed.”

After  an FBI investigation of the cyber attack  incident, it was found that the hackers hacked the  the parish's email system through phishing attack and were able to trick the staff   convincing them that the contractor had changed their bank account and making them transfer money to the fraudulent bank  account.

According to the investigation only email system of the Parish was hacked while the database that is "stored in a secure cloud-based system. This allows for many layers of security/protection of our parish database information."

According to the reports of  cleveland.com, Father Stec's letter also states “We are now working closely with the Diocese, legal counsel, the insurance program, and the FBI to investigate the situation further and file the appropriate insurance claims. At the same time, we brought in information technology consultants to review the security and stability of our system, change all passwords, and verify the integrity of our databases and other pertinent information. They have determined the breach was limited to only two email accounts. “.

The parish has  submitted an insurance claim to pay to the contractor in timely manner for the project 2020.