Anti-Malware , Breach Preparedness , Data Breach

It's rare that any of us is offered an opportunity to hear a first-hand tale of a financial cybercrime takedown coordinated by law enforcement, from beginning to end, across various countries.

See Also: How to Identify and Mitigate Threats on Your Network by Using a CASB

But this week in London, at Information Security Media Group's Fraud & Breach Prevention Summit, attendees will be privy to just such a case.

Keynote presenter, Jason Tunn, who serves as the lead anti-fraud and cybercrime investigator for the Metropolitan Police Service in London, works within the Met's FALCON Cyber Crime division - the go-to department for cybercrime investigations in the U.K. During his address, Tunn will walk us through a high-profile cybercrime investigation that started after two British hackers with links to Russia began launching phishing attacks against leading U.K. banks in an effort to spread malware for the purpose of compromising bank accounts and financial transactions.

The investigation, known as Operation SAMBRE, resulted in the October 2015 arrest of three individuals, two of whom are now serving jail time, for the roles they played in attacking banks in the U.K. and other parts of the world with the notorious banking Trojan known as Dridex.

Tunn's keynote will offer a rare opportunity to hear from law enforcement about a cybercrime investigation that is now completely open-book and on-the-record.

At the end of the day, Tunn, along with cybersecurity attorney John Salmon, a partner at London-based law firm Hogan Lovells International LLP; Paul Simmonds, CEO of the Global Identity Foundation; and Peter Yapp, deputy director of incident management at the newly formed National Cyber Security Centre, will sit on a panel to discuss how organizations can work best with law enforcement before, after and during a cyberattack.

Building on highlights from his keynote, Tunn and the other panelists will review breach notification and legislative changes that are likely to soon impact U.K. and European businesses in the near future. The panel also will discuss recent events that are helping enhance threat intelligence sharing and collaboration among government, law enforcement and the financial-services sector in the U.K. through the formation of the National Cyber Security Centre, better known as the NCSC.

That panel will be one of the day's must sees.

But I'm also eager to see the afternoon session hosted by Jennifer Arcuri, co-founder of Hacker House, a Manchester-based training ground for ethical hacking. In addition to training, Hacker House also provides penetration testing, helping organizations identify security gaps not-so-ethical hackers could likely exploit.

Arcuri's session, "You Just Got Pwned!" will walk through commonly used social-engineering tactics hackers employ to compromise credentials and take over systems. During this demonstration, Arcuri will share her own experience with credential compromise and phishing - she was hit with a well-crafted socially engineered scheme that alleged she had family ties to the Ku Klux Klan and which ultimately resulted in the fraudulent transfer of funds from her PayPal account.

Lessons from SWIFT and Threat-Intel Across Sectors

Payments security and updates about cross-industry sharing between financial services and retail also will be key discussion points. Jeremy King, international director of the PCI Security Standards Council, and Ralph Smith, coordinator of the Financial Services Information Sharing and Analysis Center's CAPS Cyber Attack Program in the U.K. and Ireland, will review how the evolving threat landscape is impacting financial services and payments across the board.

During a mid-morning session titled "Preparing for the Payments Revolution, from Contactless to Beyond," King will explore how the emergence of new payments instruments, such as mobile devices and wearables, are opening doors for contactless payments and all of the new risks associated with them. Later in the afternoon, King, Smith and Ben Lindgreen, who heads up security delivery for Payments UK, an independent trade association that supports the payments system in Britain, will discuss how the $81 million SWIFT transaction cyber heist from the Bank of Bangladesh earlier this year helped to catapult change in interbank transaction and payment security.

The SWIFT attacks have reminded the financial world of a lot of things, such as the need for stronger user and transactional authentication, as well as more threat intelligence and information sharing.

From the retail side of the house, we have Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center, a U.S.-based cooperative between the FS-ISAC and the retail industry, who will share some of the new ground the retail industry is covering in cybersecurity and threat intelligence. As the R-CISC expands into Europe, this will be a worthwhile session for any attendee interested in learning more about emerging threats attacking payments worldwide.

If you're in London, or nearby, I hope you'll make an effort to attend. Join me and my colleagues Mat Schwartz, executive editor of DataBreachToday and our lead editor for Europe, and Tom Field, vice president of editorial for ISMG, for a day packed full of great information. You can learn more about how to register for this once-a-year event by visiting the London summit registration page.

Data Breach , Privacy

The websites of seven of India's embassies apparently were hacked and some data pertaining to Indian citizens leaked online by the attackers claiming responsibility. The hackers say they wanted to call attention to the sites' vulnerabilities.

See Also: Secure Access in a Hybrid IT World

Indian embassies in South Africa, Malawi, Switzerland, Libya, Mali, Romania and Italy apparently were breached, according to The Hacker News, the security research and media outlet that first reported the incidents after it was contacted by hackers going by the handles of Kapustkiy and Kasimierz.

Personal data on Indian citizens living abroad that was breached included names, home addresses, email, passport numbers and phone numbers, The Hacker News reports.

In an email to Information Security Media Group, individuals identifying themselves as the two hackers claim that they first tried to communicate with the website administrators to alert them to security holes, but upon receiving no response, they decided to post some of the data to pastebin.com to create awareness.

That data has since been removed, and all seven websites were functioning as of late Nov. 7 India time. However, a cached version could be found on Google. ISMG was unable to verify the authenticity of the data.

SQL Injection

An individual claiming to be the attacker Kapustkiy told ISMG via email that a simple SQL injection was used to gain access to the data.

The attackers claim to be teenage security researchers and say they were "shocked" that the websites for India's embassies contained vulnerabilities. The individual identifying himself as Kapustkiy told ISMG that the hackers posted the data so that the vulnerabilities would be investigated by the relevant authorities.

No Government Comment Yet

The director general of CERT-In declined to comment on the hacking incidents, saying that this was a matter for the Ministry of External Affairs to investigate. ISMG subsequently reached out to MEA's joint secretary level functionary in charge of technology and security, but did not immediately receive a response.

MEA spokesperson Vikas Swarup was quoted in news reports saying that the MEA was aware of the problem and it was being fixed.

The Hacker News founder and security researcher Mohit Kumar confirmed to ISMG that his research team was able to verify that SQL vulnerabilities existed on the embassy sites.

Security Shortcomings

"More than half of embassy domains are on shared hosting and there is no structured manner of ownership," says Dinesh Bareja, COO at OpenSecurity Alliance. Bareja is also founder of IndiaWatch, which has been researching the information security posture of Indian embassy websites since 2013. It found out through right-to-information requests that most embassy websites are being managed by contractors and security does not seem to be a priority, Bareja says.

"The domain names purchases are done in a piecemeal, commercial manner, and insecure practices in terms of defining ownership leave these sites vulnerable," he says. "The domain name pertaining to an Indian embassy should be considered sovereign property."

There is an ad hoc system in place to run these websites and the domain names are often owned by the contractor, he says. Because of shared hosting, it's easy to spoof the domains and email addresses, he claims.

APT Worries

Security expert and researcher, Balaji Venkateshwar believes that the bigger concern should be that Indian embassies could be vulnerable to advanced persistent threats.

"The APT menace should be the bigger concern and security at foreign offices needs to be heightened," he says. "While we are focusing on physical borders, no one is talking about these porous perimeters online."

The government must learn from the Wikileaks embassy cable leak incident and realize that every communication happening on electronic media is subject to surveillance, Venkateshwar says. "Extraordinary measures need to be put in place to protect embassies, and I am 100 percent confident that embassies don't have the right security posture for a national critical infrastructure," he says. "There is a huge potential here for embarrassing the nation."

Balaji believes one of the issues is the dependence on technology "point-in-time" solutions to solve security problems. "Unfortunately none of these solutions are indigenous and everything may have been compromised down to the hardware layer. Indigenous technology that will enable organizations to detect, respond and remediate such threats are the need of the hour," he says.

In Development

Receive Invite When Available

In Development

Receive Invite When Available