Skip to content
  • Computer & Technology
  • SEO
  • Technology
  • About Us
    • Contact Us
    • Advertise Here
    • Disclosure Policy
    • Sitemap
  • Computer Network

Fraudsters use ‘fake emergency data requests’ to steal info • The Register

April 3, 2022
evan
0 Comments

Table of Contents

  • Hive ransomware reportedly hits healthcare group
  • Shutterfly admits employee data stolen
  • Law enforcement’s ransomware response lacking
  • Orgs aren’t ready for cyber reporting rules


In Brief Cybercriminals have used fake emergency data requests (EDRs) to steal sensitive customer data from service providers and social media firms. At least one report suggests Apple, and Facebook’s parent company Meta, were victims of this fraud.

Both Apple and Meta handed over users’ addresses, phone numbers, and IP addresses in mid-2021 after being duped by these emergency requests, according to Bloomberg.

Related Posts:

  • 36 Tips Every Evernote User Must Know

EDRs, as the name suggests, are used by law enforcement agencies to obtain information from phone companies and technology service providers about particular customers, without needing a warrant or subpoena. But they are only to be used in very serious, life-or-death situations. 

As infosec journalist Brian Krebs first reported, some miscreants are using stolen police email accounts to send fake EDR requests to companies to obtain netizens’ info. There’s really no quick way for the service provider to know if the EDR request is legitimate, and once they receive an EDR they are under the gun to turn over the requested customer info. 

“In this scenario, the receiving company finds itself caught between two unsavory outcomes: Failing to immediately comply with an EDR — and potentially having someone’s blood on their hands — or possibly leaking a customer record to the wrong person,” Krebs wrote.

Large internet and other service providers have entire departments that review these requests and do what they can to get the police emergency data requested as quickly as possible, Mark Rasch, a former prosecutor with the US Department of Justice, told Krebs. 

“But there’s no real mechanism defined by most internet service providers or tech companies to test the validity of a search warrant or subpoena” Rasch said. “And so as long as it looks right, they’ll comply.”

Days after Krebs and Bloomberg published the articles, Sen Ron Wyden (D-OR) told Krebs he would ask tech companies and federal agencies for more information about these schemes. 

“No one wants tech companies to refuse legitimate emergency requests when someone’s safety is at stake, but the current system has clear weaknesses that need to be addressed,” Wyden said. “Fraudulent government requests are a significant concern, which is why I’ve already authored legislation to stamp out forged warrants and subpoenas.”

Hive ransomware reportedly hits healthcare group

The Hive ransomware gang claimed it stole 850,000 personally identifiable information (PII) records from the nonprofit health-care group Partnership HealthPlan of California.

Brett Callow, a threat analyst at anti-malware company Emsisoft, alerted Santa Rosa newspaper The Press Democrat that the ransomware gang posted what was said to be details about the intrusion on its Tor-hidden blog. Hive claimed it stole 400GB of data including patients’ names, social security numbers, addresses, and other sensitive information.

Partnership HealthPlan of California did not respond to The Register‘s inquiries about the alleged ransomware attack. But a notice on its website acknowledged “anomalous activity on certain computer systems within its network.”

The healthcare group said it had a team of third-party forensic specialists investigating the incident and was working to restore its systems. “Should our investigation determine that any information was potentially accessible, we will notify affected parties according to regulatory guidelines,” it added. 

Hive, which the FBI and security researchers started paying attention to in June 2021, is known for double-extortion ransomware attacks against healthcare organizations. Still, attacking a nonprofit is a “new low,” even for these cybercriminals, said IoT security firm Armis cyber risk officer Andy Norton. 

“It also raises some tough questions,” Norton wrote in an email to The Register. “I think we assume that charities and not for profits don’t have the big cyber budgets their commercial cousins have, and yet they hold the same sensitivity of data. What constitutes appropriate and proportionate security during times of heightened risk?”

Shutterfly admits employee data stolen

Shutterfly disclosed cybercriminals stole employees data during a December 2021 ransomware attack.

In documents filed with the California Attorney General’s office, the firm revealed that “an unauthorized third party gained access to our network” in a ransomware attack on or around December 3. The online photo company said it discovered the security breach on December 13.

While Shutterfly didn’t name the third-party in its filing, it was widely reported that the notorious Conti ransomware gang was behind the intrusion. Data stolen included employees’ names, salary information, family leave, and workers’ compensation claims, according to Shutterfly.  

The company said it “quickly took steps” to restore the systems, notified law enforcement, and brought in third-party cybersecurity experts to investigate the breach. It also offered employees two years of free credit monitoring from Equifax, and “strongly encouraged” them to take advantage of this offer.

It also noted that employees “may wish” to change account passwords and security questions.

Law enforcement’s ransomware response lacking

Law enforcement agencies face a barrage of difficulties responding to ransomware attacks, and chief among them is simply not being made aware of intrusions and infections by victims.

According to an analysis by threat intelligence firm Recorded Future of ransomware enforcement operations in 2020 and 2021, law enforcement agencies around the globe aren’t equipped to respond to ransomware outbreaks. In addition to simply not knowing about the attacks, they also lack the cybersecurity skills, technology, and data such as threat intel to respond. 

Recorded Future, citing several other surveys, says law enforcement doesn’t know about the vast majority of cyberattacks, and have to learn about them from the media.

In parts of the UK alone, just 1.7 percent of all fraud and cybercrime was reported to the authorities between September 2019 and September 2020, Recorded Future claimed, citing data from the UK Office for National Statistics from its crime survey for England and Wales. 

It also cited a Europol IOCTA report from 2020, which found ransomware remains an under-reported crime. While the Europol report doesn’t provide any numbers to illustrate how under-reported ransomware is, it noted “several law enforcement authorities mentioned identifying ransomware cases through (local) media and approaching victims to assist them by potentially starting a criminal investigation.”

Unless organizations do a better job reporting ransomware attacks, law enforcement can’t get an accurate picture of the threat landscape, Recorded Future noted. “Without reliable and valid data on the number and types of cyber attacks (that is, attack vectors), it is difficult for law enforcement agencies to accurately evaluate threats and react appropriately, resulting in threats not being given the resources or priority they deserve.”

While this analysis doesn’t provide any US-specific reporting stats, it’s worth noting that a newly signed federal law will require US critical infrastructure owners and operators to report a “substantial” cybersecurity incident to Uncle Sam’s Cybersecurity and Infrastructure Security Agency within 72 hours and within 24 hours of making a ransomware payment. 

Supporters of the new law, including CISA director Jen Easterly, have said it will give federal agencies and law enforcement better data and visibility to help it protect critical infrastructure.

Orgs aren’t ready for cyber reporting rules

Despite the US cybersecurity incident reporting law, along with a related US Securities and Exchange Commission proposal that would force public companies to disclose cyberattacks within four days, organizations really aren’t prepared for these new disclosure rules, according to Bitsight.

The cyber risk ratings firm published research this week that found, among other things, it takes the average organization 105 days to discover and disclose an incident from the date it occurred.

Additionally, it takes twice as long for organizations to disclose higher-severity incidents compared with lower severity incidents. This, on average, means it takes more than 70 days to disclose a moderate-, medium- or high-severity incident once it has been discovered, and 34 days for low-security events.

For this research, Bitsight analyzed more than 12,000 publicly disclosed cyber incidents globally between 2019 and 2022. This included type of incident, date of incident, date of discovery, and date of disclosure.

BitSight used its classification methodology (a 0 to 3 scale) to analyze the severity of the security incidents. Events received a higher-severity score due to a combination of more serious incidents, such as ransomware and human error, and higher record counts.

The security firm also segmented the disclosing organizations by employee count: extra large (more than 10,000 employees), large (1,000 to 10,000 employees), medium (500 to 1,000 employees) and small (less than 500 employees).

Perhaps unsurprisingly, the extra-large organizations are 30 percent faster at discovering and disclosing incidents than the rest. Still, it takes these companies an average of 39 days to discover and 41 days to disclose an incident, BitSight found, noting that this is still way longer than the timeframes proposed in the new rules. ®



Source link

2021 Acura Rdx Technology Package 2021 Acura Tlx Technology Package 2022 Acura Mdx Technology Package Align Technology Stock Applied Racing Technology Artificial Intelligence Technology Solutions Inc Assisted Reproductive Technology Battery Technology Stocks Benjamin Franklin Institute Of Technology Chief Technology Officer Color Star Technology Craft Design Technology Definition Of Technology Definitive Technology Speakers Element Materials Technology Health Information Technology Salary Ice Mortgage Technology Information Technology Definition Information Technology Degree Information Technology Salary Interactive Response Technology International Game Technology La Crosse Technology Weather Station Lacrosse Technology Atomic Clock Luokung Technology Stock Marvell Technology Stock Price Maytag Commercial Technology Washer Microchip Technology Stock Micron Technology Stock Price Mrna Technology History Mrna Vaccine Technology Nyc College Of Technology Penn College Of Technology Recombinant Dna Technology Rlx Technology Stock Robert Half Technology Science And Technology Sharif University Of Technology Smart Home Technology Stevens Institute Of Technology Ranking Symphony Technology Group Technology In The Classroom Technology Readiness Level Technology Stores Near Me Thaddeus Stevens College Of Technology University Of Advancing Technology Vanguard Information Technology Etf Vanguard Technology Etf What Is 5g Technology Women In Technology

« Get Genuine Lifetime License For Only $19, Windows 10 For Just $13, Microsoft Office For As Low As $27 And More
Bring in the old-fashioned gadgets, please »
Sidebar

Recent Posts

  • Mesh Wi-Fi Systems 101: The Best Tips
  • League City DNA tool helping to solve cold cases
  • ROG Rapture GT-AX6000 Router review – Is a non-mesh router worth $799.00?
  • 6 Tech Stocks for Bargain-Hunting Investors
  • Comparison of database architectures: data warehouse, data lake and data lakehouse
Intellifluence Trusted Blogger

Archives

Categories

May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Apr    

BL

LP

TL

Visit Now

business rules engine
pixliv Digitally first class

Theme by The WP Club . Proudly powered by WordPress

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT