Category Archives: Cybersecurity & Digital Privacy

Arbonne breach to test the California Consumer Privacy Act 

Arbonne breach to test the California Consumer Privacy Act 

According to reports, an April 23 breach into the databases of multi-level marketing company Arbonne International exposed personally identifiable information for some 3,500 California residents.  While such occurrences are sadly not all that shocking these days, this breach will likely be one of the first tests for the California Consumer Privacy Act (CCPA), which protects “consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.”

One aspect that will likely garner close attention will be the size of the penalties issued under the CCPA and what they could mean for Arbonne’s future. Intentional violations of the California Consumer Privacy Act can bring civil penalties of up to $7500 for each violation in a lawsuit brought by the California Attorney General on behalf of the people of the State of California. The maximum fine for other violations is $2500 per violation.

Almost half of a four-page information sheet from Arbonne describing the hack makes multiple references to the California statute, and how the company is adhering to the requirements of Cal. Civ. Code 1798.82 (h)(2).

Arbonne disclosed that on April 23 it discovered a “data table containing limited personal information may have been accessible to [an] unauthorized actor.” The company provided preliminary notification to the impacted 3,527 California individuals, among others not mentioned in the announcement. By May 22, the California residents received additional written details about what happened and how their passwords may have been compromised. Other compromised information included user name and address.

California consumers whose information had been exposed are being offer free credit monitoring and protections against identity theft, both as required by the statute. Arbonne reported the incident to the FBI and relevant regulators, and is continuing the investigation.

Israeli cyber chief warns of ‘new era’ in cyber warfare 

Israeli cyber chief warns of ‘new era’ in cyber warfare 

There is little question the velocity of cyberattacks has increased during the COVID-19 pandemic, but according to Israel’s National Cyber Directorate chief Yigal Unna,  discussed Iran’s attempted attack on Israel’s water systems a month ago. What caught our attention was Unna’s view that the rules have changed and he sees the nature of these attacks escalating to the point at which they will be aimed at harming civilians. To us that reminds us of former Defense Secretary Leon E. Panetta’s warning  of a “cyberPearl Harbor.

If Unna is right, and there is reason to think he is, it means bad actors will increase the scope of their attacks thereby driving incremental demand for cybersecurity and data privacy solutions.

“The word ‘speed’ is not enough to describe the hectic pace at which things are happening in cyberspace,” he explained. “We will remember last month as a turning point in the history of modern cyber wars. The attempt to attack Israel was coordinated and organized with the aim of damaging our humanitarian water system.”

“If the attack had been successful, in the midst of the corona crisis we would have had to deal with a certain damage to the civilian population and even temporary water shortages, or a mix of chlorine or other chemicals at the wrong dosages that could have caused damage and disaster.”

“There seem to be new rules of cyber warfare – it can be cyber against cyber, or kinetic against cyber – and everything will build up to warfare aimed at harming civilians. Countries need to consider what is considered critical infrastructure and what the diamonds in the crown of the cyber realm of every country, for which they will deal with cyber defense, are, and manage the risks with the important systems that are not defined are critical, ” Unna concluded.

Source: Israeli cyber chief warns of ‘new era’ in cyber warfare – Defense/Security – Israel National News

Microsoft warns of huge COVID-19 related email phishing scam

Microsoft warns of huge COVID-19 related email phishing scam

It seems that almost a day doesn’t go by that we don’t learn of a new COVID-19 related cyber attack. One of the latest ones comes from Microsoft’s Security Intelligence team concerning a new widespread Covid-19 themed phishing campaign. Once again, the attackers are impersonating a trusted entity to lure unsuspecting users into harms way to steal their passwords and other data.  While some may become desensitized to the growing number of phishing schemes and other attacks, we see it all adding credence and conviction to our Cybersecurity & Data Privacy investing theme.

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center. This email claims to provide victims with an update on the number of coronavirus-related deaths in the US. However, attached to the email is an Excel file that displays a chart showing the number of deaths in the US.

The threat installs the NetSupport Manager remote administration tool to completely take over a user’s system and even execute commands on it remotely.

The Microsoft Security Intelligence team provided further details on this ongoing campaign in a series of tweets in which it said that cybercriminals are using malicious Excel attachments to infect user’s devices with a remote access trojan (RAT).

When a user opens the Excel file, it then prompts them to ‘Enable Content’ and doing this executes the file’s malicious macros which download and install the NetSupport Manager client from a remote site.

Source: Microsoft warns of huge email phishing scam – here’s how to stay protected | TechRadar

The World Economic Forum: Global Risks report names Cybersecurity to its top 10 Covid-19 global fallout list 

The World Economic Forum: Global Risks report names Cybersecurity to its top 10 Covid-19 global fallout list 

The World Economic Forum recently debuted its latest Global Risks report, which included cybersecurity as one of its “Top 10 Fallout” issues from COVID-19. This comes as little surprise following the fivefold increase in cyber attacks reported by the World Health Organization. What does stand out is the WEF’s Global Risk report tends to focus on global macro issues, and we see the inclusion of cybersecurity in the report as confirmation of its status as a pervasive, global threat with significant growth prospects ahead.

Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.

“The constant flow of information on the virus, accompanied by fear, confusion and even the boredom of confinement, have multiplied opportunities for cybercriminals to deliver malware, ransomware and phishing scams,” said Algirde Pipikaite, the WEF’s project lead in its Center for Cybersecurity.

Pipikaite added that the corporate digital infrastructure that normally protects most organizations with multiple layers of security has become much tougher to manage while the majority of employees work from home

Source: Cybersecurity makes World Economic Forum’s top 10 Covid-19 global fallout list | SC Media

COVID-19: Why The Largest Cyberattack In History Will Happen in the Coming Months

COVID-19: Why The Largest Cyberattack In History Will Happen in the Coming Months

During the pandemic there has been a growing sense as well as no shortage of data showcasing the growing by cyber attackers and other malicious folks looking to compromise corporate, personal and other data through an evolving set of digital schemes. As this article highlights, if hackers can break into the networks of America’s largest defense contractor, Lockheed Martin, by targeting remote workers there is little question that remote workers with little security are easy targets.

Practically every employee in every firm in America is working from a makeshift desk on their kitchen table. Firms only had days to cobble together remote work plans. So you can bet most didn’t set up secure systems, like the one my friend is using. In fact, the vast majority of employees probably don’t even have dedicated work laptops.

So hundreds of millions of folks are using personal laptops–on unsecured home internet connections–to access work files. Many of which likely contain confidential information and personal data.

This is a dream come true for cyber criminals. Hackers only need to gain access through one entry point to seize control of a whole network. Once they’re in they can steal data, secrets, and even lock you out of the network.

 

Source: Why The Largest Cyberattack In History Will Happen Within Six Months

Researchers Prompt Google to Take Action

Researchers Prompt Google to Take Action

Malware, Ransomware, Spyware, Creepware? New York University and Cornell Tech researchers in coordination with NortonLifeLock (NLOK:NASDAQ) unveil a new frontier in cybersecurity & data privacy.

The applications were discovered with a new algorithm called CreepRank, developed by a team of academics.

Source: Google removed 813 creepware apps from the Android Play Store | ZDNet

WHO – Hackers Attack Using Spearfishing Approach

WHO – Hackers Attack Using Spearfishing Approach

In the same way hackers look to dupe victims with targeted scenarios, it is reported that hackers used this same approach with the World Health Organization recently.

 

The messages began arriving in World Health Organization employees’ inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers.

Source: Hackers Target WHO by Posing as Think Tank, Broadcaster – Bloomberg