Dow Jones’ Watchlist Of 2.4 Million High-Risk Individuals Has Leaked*:
- A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password.
- Bob Diachenko, an independent security researcher, found the Amazon Web Services-hosted Elasticsearch database exposing more than 2.4 million records of individuals or business entities.
- The data, since secured, is the financial giant’s Watchlist database, which companies use as part of their risk and compliance efforts.
- Other financial companies, like Thomson Reuters, have their own databases of high-risk clients, politically exposed persons and terrorists — but have also been exposed over the years through separate security lapses.
- A 2010-dated brochure billed the Dow Jones Watchlist as allowing customers to “easily and accurately identify high-risk clients with detailed, up-to-date profiles” on any individual or company in the database.
- At the time, the database had 650,000 entries, the brochure said.
- That includes current and former politicians, individuals or companies under sanctions or convicted of high-profile financial crimes such as fraud, or anyone with links to terrorism.
- Many of those on the list include “special interest persons,” according to the records in the exposed database seen by TechCrunch.
- The data is all collected from public sources, such as news articles and government filings.
- Many of the individual records were sourced from Dow Jones’ Factiva news archive, which ingests data from many news sources — including the Dow Jones-owned The Wall Street Journal.
- But the very inclusion of a person or company’s name, or the reason why a name exists in the database, is proprietary and closely guarded.
- Many financial institutions and government agencies use the database to approve or deny financing, or even in the shuttering of bank accounts, the BBC previously reported.
- Others have reported that it can take little or weak evidence to land someone on the watchlists.
- The records we saw vary wildly, but can include names, addresses, cities and their location, whether they are deceased or not and, in some cases, photographs.
- Diachenko also found dates of birth and genders. Each profile had extensive notes collected from Factiva and other sources.
- One name found at random was Badruddin Haqqani, a commander in the Haqqani guerrilla insurgent network in Afghanistan affiliated with the Taliban.
- In 2012, the U.S. Treasury imposed sanctions on Haqqani and others for their involvement in financing terrorism.
- He was killed in a U.S. drone strike in Pakistan months later.
*Source: Tech Crunch, March 01, 2019
Businesses Warned Of Malware Spread via LinkedIn Job Offers*:
- Security researchers at Proofpoint report that potential victims at US businesses are receiving messages via LinkedIn’s direct messaging system that pretend to come from a company with an offer of employment.
- To appear more convincing, the attackers have created fraudulent LinkedIn profiles for themselves, backed up with bogus websites posing as a legitimate recruitment agency.
- Initially the attacker sends a harmless-looking “please add me to your professional network” connection request to their targeted victim, with mention that they are recruiting for a similar (but better paid) position at a nearby firm.
- According to the researchers, within a week the attacker sends personalised email directly to their intended victim’s business email address following up on the LinkedIn conversation.
- To appear more convincing, the email will refer to the target’s current job title in the subject line and message body when describing the new opportunity.
- In other cases the email may not be accompanied by a link, but a boobytrapped file attachment containing malicious URLs.
- The end result is the same, however. If the targeted individual visits the dangerous URL they visit the bogus recruitment site, and a Microsoft Word file containing malicious macros is downloaded.
- The intended victim is told to click on “Enable Content” button to view the document’s content, ignoring the security warning built into Microsoft Word.
- Of course, a person who is curious about a new job opportunity paying a higher salary is more likely to click on links and allow macros to run in the Word document than a user who has not been duped into believing that they are talking to a genuine recruiter.
- What gets installed onto victims’ computers is a version of the More_eggs backdoor trojan, which can be used to download further malware onto a computer or open a backdoor for a hacker to gain remote access to the business’s network.
- Although technology can help defend against attacks like this reaching your staff, it’s always a better defence to raise awareness amongst your workforce and train them in how to use their business computers more safely.
*Source: Business Insights, February 28, 2019
Turkish Group Using Phishing Emails To Hijack Popular Instagram Profiles*:
- A group of Turkish-speaking hackers is hijacking popular Instagram profiles, including those belonging to actors and singers, and, in some cases, promising to turn back control to the victims in exchange for a ransom or nude photos and videos.
- Researchers from Trend Micro say they have recently observed several incidents where the group has been using a phishing scam to take over the Instagram profiles of people with between 15,000 and 70,000 followers.
- They have subsequently changed the primary contact information associated with the breached accounts to lock the original owners out.
- The victims have ranged from famous personalities to owners of small businesses like photo equipment rental stores, the security vendor said in a report released Thursday.
- Owners of the stolen accounts have typically not been able to recover control using Instagram's account-retrieval processes or even after they have complied with the ransom demand.
- Trend Micro's report does not identify any victims by name nor does it revealed how many Instagram users might have been impacted by the current campaign.
- This is not the first report about Instagram accounts being hijacked by cybercriminals.
- Last August Mashable reported a campaign in which attackers believed to be operating out of Russia gained access to hundreds of Instagram accounts and subsequently locked the owners out by changing the primary email and password associated with the accounts.
- In many cases, key information, such as user handles and profile pictures, were changed as well, though the original posts from victim accounts were typically left untouched.
- Then, as now, victims were typically unable to regain control of their stolen accounts.
- Many reported being frustrated by their inability to get Instagram to resolve the situation for them.
- the Turkish-speaking group behind the latest campaign is using phishing emails to try and get targeted victims to share their Instagram account log-in details.
- The attackers first search for and identify high-profile or popular Instagram accounts.
- Then they have been using previously hacked accounts to "follow" the targeted victims and get their email addresses using Instagram's "send email" function.
- Users who click on the link are redirected to a phishing page that asks for the user's date of birth, email address, and password.
- The hackers have been using that information to change the primary email and password information so the original user can no longer log in or recover the account.
- The Turkish group's motives in hijacking the Instagram accounts appear somewhat unclear.
- The attackers interacting directly with the Instagram victims are likely motivated by the possibility of gaining notoriety within the hacker community.
- Attackers that are doing the actual coding and establishing infrastructure for the attacks may be motivated by the possibility of spreading the same scam or spreading other scams through the compromised Instagram accounts.
*Source: Dark Reading, February 28, 2019
Study Finds, Majority of IT Hacks Occur Due To Poor Access Management*:
- From Target to Equifax, major public-facing companies have fallen victim to unauthorized individuals gaining access to sensitive data.
- Although news of data breaches conjures images of cunning hackers surreptitiously gaining access to secure data, a recent survey from privileged access management (PAM) company Centrify suggests that most breaches stem from poorly secured accounts.
- According to the survey conducted by FINN Partners, which polled 1,000 information technology professionals, 74 percent of respondents whose companies had been breached admitted those incidents involved access to a privileged account.
- The survey's respondents were evenly split between the United States and the United Kingdom.
- Centrify CEO Tim Steinkopf said the study "was empirical research" that backed up other data provided by Forrester Research, which estimated that "80 percent of security breaches involve privileged access abuse, and 66 percent of companies have been breached an average of five or more times."
- While the survey shows that companies are aware of previous breaches and know they could still fall victim to more incidents, officials said the data also suggests that most companies are "still extremely immature" in their PAM efforts and were "granting too much trust and privilege."
- The survey revealed that 52 percent of respondents did not use a password vault.
- It also revealed that 65 percent of respondents were "still sharing root or privileged access to systems and data at least somewhat often" and that 63 percent take more than 24 hours to shut off privileged access for employees who leave the company.
- Even though companies can implement password vaults and multifactor authentication, Centrify's data found that respondents were more interested in digital transformation (40 percent) and endpoint security projects (37 percent) than privileged access management (28 percent).
- Furthermore, the survey reported that respondents in the U.K. are not as up to date with PAM as their American colleagues.
- Approximately 44 percent of U.K. survey respondents were unsure what privileged access management was, and 60 percent did not have a password vault.
- Conversely, 26 percent of American respondents were unsure what PAM was, and 45 percent did not have a password vault set up.
- The survey also suggested only 36 percent of U.K. respondents were "very confident" in their company's cybersecurity efforts, compared to 65 percent of U.S. respondents.
- When it comes to controlling access to a company's cloud workloads, big data projects and network devices, the survey suggests that respondents in both countries were not doing enough to address modern security concerns.
- According to the study, 45 percent of respondents are not securing public and private workloads, 58 percent are not securing big data projects, 68 percent are not securing networking devices, and 72 percent were not securing containers.
*Source: Business News Daily, February 27, 2019