Equifax …The Anatomy of a Data Breach

Data Breach

Equifax , one of the largest US credit reporting agencies last week suffered a massive data breach, early indications are that it has affected as many as 143 mllion US customers whilst also impacting on individuals in the UK and Canada. This attack has been further compounded by a subsequent attack in Argentina which again targeted the US.

http://cyberbrokers.co.uk/cyber-news-2/

The Facts

The incident occurred between May and July this year involving the compromise of social security numbers , birth dates , addresses and driving licence details. In addition to this it is understood that the hackers managed to access 209,000 credit card numbers and other documents disclosing personal identifiable information relating to a further 182,000 customers of Equifax.

The credit reporting agency looks after the data of 44 million British customers for British Gas , BT and Capital One and it is understood that up to 400,000  may have had their details compromised during the breach.

https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/

The Breach Response 

Forensic Investigation

Cyber security consultants have been appointed in order to carry out a forensic investigation to try and ascertain the scope of the hackers intrusion into their systems and exactly what data has been compromised. Action Fraud in the UK have also posted guidance on their website in the event of possible fraudulent activity on UK citizens accounts following this data breach.

Credit Monitoring

All customers affected have been offered credit monitoring and identity theft protection free of charge.

Data Notification

In the US the average per person cost of a data breach is believed to be $225 , with possibly 143 million individuals affected the financial implications of this are extremely high

Cyber Insurance

It is understood that Equifax did take out cyber insurance and this will go some way to mitigate the financial costs associated with such as breach. Other insurance policies may also be able to respond in relation to this loss.

Notification to Regulatory Bodies

This cyber attack has also been reported to the relevant US law enforcement agencies, in addition to this the ICO in the UK has been alerted to assess the implications for UK citizens.

The Consequences of the Breach

Impact on Share Price

It is too early to assess the ramifications of the data breach on Equifax , however the shares of Equifax dropped nearly 9% equivalent to $3.50 billion of their share value.

Executives depart

A few days after the incident it has been announced that the Chief Information Officer and Chief Security Officer would be departing from the business.

What went wrong ?

It is unclear how the initial breach was caused but it is believed that the hackers exploited a vulnerability in a piece of software that could be used with Apache web server program. A patch had been issued to update the software but it appears that this may not have been updated. The more recent incident is believed, according to various reports to have resulted from an online employee tool that enabled “admin” to be utilized for both login and password which then made it possible to gain access to customers data.

The Equifax Factor

The Equifax data breach should be a warning to UK businesses that that need to have the appropriate procedures in order to manage the data that they hold ahead of the implementation of the GDPR on  25th May 2018 . Should such a data breach occur once the GDPR is in force UK citizens would be able to avail themselves of protection under this forthcoming piece of legislation.

 

How is Cyber Crime Policed ?

cyber crime

How is Cyber Crime policed ?

The emergence of cyber crime in the UK with 53% of all crime relating to this form of criminal activity, the need for this to be addressed has called for the adoption of specialist crime units.

Throughout the UK there now exists Regional Cyber Crime Units (RCCU) which have been set up by the National Crime Agency to help combat and manage the effects of cyber crime.

With cyber criminals becoming increasingly sophisticated the RCCU’s have a very important role to play in our society and the business environment.

What is the role of a RCCU?

They normally consist of two main teams :-

Cybercrime Investigation Team  

This team is involved with investigating all forms of cyber related crime that occur within their designated region

Cyber Protect Team 

Advice on to protect individuals and businesses is provided by this team . This is carried out with input and presentations on cyber crime and cyber security.

Within these teams the following is also provided :-

  • The provision  of law enforcement set up and response
  • Advice on current trends and threats that the RCCU is experiencing

Cyber Briefings

Cyber Briefings are published on a monthly basis and distributed to businesses that provide details of current threats, advise and news.

http://www.zephyrswrocu.org.uk/userfiles/Regional%20Cyber%20Briefing%205th%20June%202017.pdf2.pdf

These areas of activity provide invaluable support to those affected by cyber crime and its prevention.

The RCCU look to work with other ancillary cyber related businesses whether they be cyber security firms, risk managers within the insurance industry and their counterparts in other parts of the world. The exchange of data is invaluable in assessing future cyber risks and offering preventative advice and updated guidelines on cyber threats.

The RCCU’s also work closely with a number of bodies that already are helping raise the awareness of cyber risks and share knowledge of emerging threat vectors such as the following:-

Get Safe Online

https://www.getsafeonline.org/

Cyber Aware

https://www.cyberaware.gov.uk/

Cyber Information Sharing Partnership ( CiSP)

https://www.ncsc.gov.uk/cisp

The challenge that these cyber crime police units face far out weigh the resources that each region has and this represents a stiff challenge with the cyber landscape constantly changing on a daily basis.

Ransomware : The Modern Day “Stand and Deliver”

Ransomware

Ransomware : It you didn’t know what ransomware was a few weeks ago….. it is almost certain that you do now in the wake of the WannaCry cyber attack that occurred earlier this month.

What is Ransomware? 

This is a form of malicious software that is designed to block access to a computer system until a sum of money is paid. It is not possible to use the data and in some cases the hackers threatens to publish the data until a ransom is paid, there is of course no guarantee that once the ransom has been paid that the encryption code will be provided or if the hacker will still delete the data. If the ransom is paid it is possible that the hacker will return to carry out a further attack.

This form of malware effectively employs scare tactics not unlike that which have been seen in the days of a highway man in Victorian times who would hold a coach of unsuspecting passengers at gunpoint until they had handed over a ransom representing their wealth. Ransomware can be compared to the modern day “stand and deliver” threats that a highwayman posed.

The Impact of a Ransomware Attack 

Ransomware attacks have increased four fold over the past two years with the UK being one of main targets for ransomware attacks as we are perceived to be a destination that will readily pay the ransom.

One report has collected data which reveals that 54% of UK businesses have been targeted with a ransomware attack where revenue has been lost and in extreme circumstances the businesses have had to close. The impact of a ramsomware attack can also cause reputational issues to a business that they may never recover from.

With the General Data Protection Regulations (GDPR) coming into force on the 25th May next year the emphasis of protecting personal data is increasing. If a ransomware attack encrypts personal data and the business is unable to restore the data it is conceivable that the ICO would consider that the business has not taken appropriate measures to keep the data safe and as a result in breach of the Data Protection Act.

The WannaCry Attack

The ransomware attack affected approximately 200,000 computers in 150 countries on 12th May . The most high profile organisation hit by this attack in the UK was the NHS . Outside of this, Renault, Nissan, FedEx and Telefonica were also hit by this indiscriminate cyber attack that appear to target legacy software that had not been updated. Organizations that still utilized Windows XP were particularly hard hit as this contained certain software vulnerabilities.

Managing the Ransomware Cyber Risk

Businesses should consider the following:-

  • Adequate Back Up and Recovery of computer systems
  • Patch Management of all systems with particular attention to older systems
  • Staff Training to raise awareness of what to look for in a ransomware attack
  • Regular Firewall Management
  • The Purchase of Cyber Insurance

The National Cyber Security Centre offer some excellence guidance on their website entitled “Protecting your organization from ransomware” at the attached link :-

https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

How Cyber Insurance Can Help 

Cyber Insurance is a modular policy and it is possible to purchase specific areas of coverage tailored to a businesses requirements.

Cyber Extortion Coverage

This includes the negotiations with hackers and payment of the actual ransom

Forensic Investigation

This determines what data was compromised and how the systems were accessed

Data Restoration

This covers costs associated with trying to unencrypt data and to assist with the back up of data.

Business Interruption

This module provides coverage for costs associated with costs incurred with increased costs of working and possible loss of profits.

There are now many strains of ransomware which are becoming increasing harder to manage , presenting a constant challenge for businesses to manage. Business do need to constantly review their cyber security risk management processes and procedures which will go some way in alleviating this evolving threat that this poses.

A Defining Year for Cyber Risk

Cyber Security Threats

2016 has been a defining year for cyber risk….

There have been many events that have contributed towards shaping cyber risk this year however there are a number of stand out “Influencers” that have impacted on businesses during the year and will continue to do so in the future.

This has raised the awareness of cyber risk in the UK and within the business community as a whole.

Such “Influencers” that have had a bearing on cyber risk are the following :-

1.The Threats

Ransomware 

Ransomware is a form of malicious software that a hacker uses to encrypt the hardware of a computer, the hacker then extorts money normally in the form of bitcoins in exchange for the decryption code.

This form of cyber attack is now the most common in the UK with 54% of SME’s experiencing a ransomware attack. Surprisingly this is higher than in the US which is at 47%.

The impact is loss of income as a result of paying the ransom, loss of files, time spent by the business on remediation, downtime and the possible loss of life.

There is no sign of abatement of this form of cyber attack.

Phishing

Phishing is recognized as a method utilized by hackers to gain access to personal or business details in order too commit a crime. This is normally an act of fraud or used to cause disruption to a computer system. It can involve the sending of a bogus invoice sent by e-mail requesting the payment of money to hackers bank account.

The UK is one of the most targeted countries for phishing scams.

https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Internet of Things     

The Internet of Things is the internet working of “connected devices”, “smart devices” including buildings via embedded electronics, software or sensors. These then enables these objects to collect and exchange data.

When these devices are infiltrated by a hacker the potential to cause disruption is enormous. The treats are two fold which can result in  denial of service attacks or the compromising of security leading to a breach of privacy.

This year saw a cyber attack on Dyn through the malware strain Mirai which targets vulnerable Internet of Things devices. The botnet used in this attack was possible via a compromised digital video recorder.

These forms of attacks are only likely to increase in the future as “connected devices” do not have adequate security protection in place to prevent such attacks.

2.The Breaches

Yahoo

Yahoo announced in the space of a couple of months two major breaches of their user accounts . One occurred in 2014 and consisted of the theft of half a billion of their user accounts , the other in 2013 thought to believed to be nearer a billion. Both attacks are believed to be state sponsored.

These are two of the largest ever recorded compromises of personal information. It demonstrates that attacks of this nature are getting larger and that high profile companies are still a principal target for hackers.

Banks

Banks were hit hard by a number of cyber attacks this year ……. the list is a long one…..Bangladesh Central Bank where USD850M was stolen, Swift attacks on  banks in the Phillipines and Vietnam and the Banco del Austro, attacks also took place in the Ukraine and a number of US and Canadian banks.

In the UK , Tesco bank , HSBC and NatWest were all subject to cyber attacks but with limited losses to the banks.

Cyber attacks on financial institutions have increased dramatically over the past twelve months and good cyber risk management should be a key consideration for this sector.

SME’s and Public Sector are now a focus for Hackers

This year saw SME’s being the subject of increased cyber attacks and demonstrating that they too have a real cyber risk which cannot be ignored. Ransomware attacks were seen at businesses such as hairdressing salons to florists.

Local authorities and hospital were also targeted, the unluckiest county was probably Lincolnshire…… with the county council being hit by a ransomware attack and various hospitals in Grimsby, Scunthorpe and Goole where their computer network was compromised.

3.The Regulation

The Information Commissioners Office (ICO)

The ICO showed it’s teeth and fined TalkTalk GBP400,000 for various security failings following the cyber attack that took place last year.

It is likely that we will see the ICO exercise these powers more and more in the run up to the General Data Protection Regulations when they come into effect in 2018.

General Data Protection Regulations

These were finally adopted in April this year and will come into force on 25th May 2018

The clock is “ticking” and all business will need to assess what data they have, where it is stored and how they mange it, irrespective as to whether they are a data processor or data controller.

The fines for a breach are 4% of gross annual turnover so non-compliance is not an option.

Privacy Shield

The Privacy Shield is now “live” coming into force on the 1st August replacing the Safe Harbour. There have already been some challenges to this notably by Germany and its current framework maybe subject to change in the coming year.

What Else ….. ?

The Panama Papers, Brexit, Trump, the development of cyber insurance….. the list is endless.

This year has without doubt been a defining year for cyber risk….. 2017 will further shape the exposures and the vulnerabilities that businesses face from cyber risk.

 

Image : Shutterstock

The Cyber Highway…Supply Chain Essential

Are you on road to the Cyber Highway?

It is unlikely that your supply chain is travelling in this direction yet as this initiative was only launched last month in London by Lord David Blunkett, the chairman of Cyber Essentials Direct Limited.

The concept behind this is to help improve a businesses cyber security posture and to provide reassurances in their supply chain which traditionally can present a significant cyber security threat…… an area which businesses often overlook and who have little or no control over.

What is the Cyber Highway?

It is a user friendly on-line portal certification process aimed at large businesses who rely on their supply chains. Cyber Essentials is the certification process that will be utilized. which is a UK Government Scheme that was launched in 2014 to help businesses protect themselves against mainstream cyber attacks. During this process it will also be possible for businesses to monitor the progress of their suppliers in attaining Cyber Essentials accreditation.

https://www.thecyberhighway.com/welcome

https://www.gov.uk/government/publications/cyber-essentials-scheme-overview

Certain Government departments already require their suppliers bidding for contracts to be Cyber Essentials certified. This requirement is likely to become more widespread in other industries in the future as cyber security becomes an increasing focus in the commercial world.

The Benefits

  • It is designed for all business sizes
  • It is a series of clear self-assessment statements
  • The provision of a comprehensive quality assurance frame -work
  • A user friendly on-line platform
  • A fully integrated and comprehensive cyber security self auditing system
  • Provision of a complete range of accessible tools and solutions

Helping the Cyber Landscape

It assists in securing the supply chain of business

It protects the infrastructure of businesses with whom larger companies trade

Post BritExit it is important that British businesses hold a recognized cyber security certification and this will further highlight.

Cyber Claims in the Supply Chain 

One of the highest profile cyber claims is that of the Target Corporation which took place in 2013 where cyber criminals infiltrated a third party supplier in order to gain access to Target’s data network. This breach costs Target $61M and had a impact on their profits which fell 46% that year.

Stuxnet is a malicious computer worm that is normally introduced to the supply network via an infected USB flash drive and targets automated process that control machinery on factory lines. There have been a number of reported incidents involving Stuxnet.

On-line retailers is another business sector that can be susceptible to compromises due emanating from a supply chain vulnerability. Home Depot suffered a credit data breach in 2014 which was due to stolen credentials from a third party vendor.

Implications for Cyber Insurance

Cyber insurers are likely to favor the instigation of the Cyber Highway as this represents improved risk management to the supply chain of businesses which currently offers concern to them being an avenue for claims that it presents to hackers and the ability to compromise their computer systems that may lead to a data breach or resulting in cyber crime.

Rio 2016 – The Cyber Threats

Rio 2016

Rio 2016 is here …..expectations are high for another GB medal haul,  but this major sporting event is inevitably going to be a target for cyber attacks

Some facts that will make Rio 2016 a draw for hackers  …

  • Brazil is already recognized as hub for cybercrime ranking 10th in the Symantec 2015 Internet Security Threat Report
  • London 2012 experienced 165 million attempts to breach cyber security , at Rio 2016 it is anticipated that this could be 4 times this….
  • 5th August to 21st August presents a significant window for hackers to exploit
  • 37 Venues
  • 306 Events
  • 10,500 Athletes
  • 206 Countries participating
  • 7.50M Tickets available for the events
  • 500,000 overseas travelers expected in Rio de Janeiro

Why The Olympics?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official Rio 2016 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers, altering the data such as falsifying the results and interfering with medal tables.

Defacement of the website by a hacktivist.

Spectators and visitors will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Event Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big events with no ticket actually being produced.

3.The Venues

Technology will be pivotal in all aspects of the running of the 37 venues being used in Rio 2016. Entry to the venues, ticketing processing, management of lighting and associated infrastructure would all be impacted in the event of a cyber attack.

4. Competitors Data 

The event will involve a huge amount of data ranging from credit card data of spectators, athletes confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. Brazil does have an established reputation for on-line banking fraud.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain athletes and officials personal information that could be disseminated over the internet. The endless sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime. For example a video re-run of the 200 m final could be disrupted by a ransomware attack.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the numerous events taking place. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official Olympics app. Smartphones area also at risk if stolen and personal data is sourced.

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting the running of Rio 2016.

There may be political motivation from countries that want to disrupt the Olympics. This could be to make a political stand on an issue or perhaps a country that failed to win an event or perhaps a competitor that was disqualified and the country that was represented takes retaliation.

The threat of remotely controlled drones by cyber terrorist entering an event causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

The International Olympic Committee will no doubt have in place a comprehensive cyber risk management program to manage the programs of events which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks associated with sporting events by providing the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Rio 2016 is global event that is reliant on technology which does make it especially vulnerable to cyber security threats, it is therefore important that these are recognized and measures are put in place to mitigate the potentially severe consequences that could impact on the games.

Image Credit: rvlsoft / Shutterstock.com