Business Continuity & Cyber Security Incident log w/e 7th April 2017

Business Continuity Incident

Cyber attack on Mindef’s I-Net system occurred weeks before detection

SINGAPORE — A cyber attack which resulted in the theft of the personal data of about 850 national servicemen and Ministry of Defence (Mindef) employees occurred weeks before it was detected on February 1, Second Defence Minister Ong Ye Kung told Parliament on Monday (April 3).

Responding to questions from Members of Parliament (MPs) on the breach of the I-net system, which provides Internet access to national servicemen as well as employees from Mindef and the Singapore Armed Forces, Mr Ong said investigations are still ongoing.

But findings will be “kept confidential for security reasons”, he added, noting that the hackers’ “modus operandi was consistent with a covert attack”.

Mindef had previously said that classified military information was not compromised, as that was stored on a separate and more secure system which is not connected to the World Wide Web. However, the personal data of I-net account holders comprising NRIC numbers, telephone numbers, and dates of births were stolen.

Asked whether the stolen data could be exploited for future cyber attacks, Mr Ong said those information were “basic” and could not be used to conduct further hacking attempts.

He also told the House that on a daily basis, Mindef and the SAF experienced “hundreds of thousands of cyber intrusion attempts ranging from simple probes to sophisticated cyber-espionage efforts”.

Mindef, the minister added, adopts a “multi-layered, risk-based approach to cyber defence which balances between connectivity and speed on one hand, and security on the other”, with systems that contain sensitive military information physically separated from the internet, and protected by access controls and encryption.

Going ahead, Mr Ong said that both Mindef and the SAF will enhance its defence against cyber attacks by developing “better assessment tools, data analytics and content scanning engines”. The storage of personal data on its Internet systems will also be reviewed to minimise risks of cyber theft, he added.


Clean up begins after Cyclone Debbie

A massive clean-up started on Monday as floodwaters receded across parts of Australia

At least two people were confirmed killed after cyclone-fuelled rain and winds hitswathes of Queensland and New South Wales. Tens of thousands of people  have been evacuated with hundreds of millions of dollars worth of damage caused.

Six people are reported missing, including three who were feared dead Monday after a car plunged into the Tweed River in northern New South Wales. One passenger, a young girl managed to escape but three others — believed to be a mother and her two children — had not yet been found.

As Cyclone Debbie moved offshore on Saturday, those affected now face the daunting task of dealing with thick mud and ruined property.In some places mud, chemicals and raw sewage have reached two to three metres above floor level

Wendy’s Restaurant to Face Class Action Lawsuit Following Data Breach

A class action lawsuit has been filed against Ohio-based Wendy’ by First Choice Federal Credit Union, alleging that the five-month long data breach could have been prevented had the company had acted faster.

From 22nd October 2015 through to 10th March 2016, hackers penetrated Wendy’ computer systems and stole what could be millions of consumer credit cards that had been used at certain Wendy’ locations.

“As a result of Wendy’ data breach, plaintiff and class members have been forced to cancel and reissue payment cards, change or close accounts, notify customers that their cards were compromised, investigate claims of fraudulent activity, refund fraudulent charges, increase fraudulent monitoring on potentially impacted accounts, and take other steps to protect themselves and their customers,” the lawsuit claims.

Specifically, the plaintiffs claim that Wendy’ holds on to credit card information longer than necessary and failed to meet the October 2015 deadline for EMV cards and terminals.

“Despite the growing threat of computer system intrusion, Wendy’ systematically failed to comply with industry standards and protect payment card and customer data” the lawsuit states, noting that as a consequence, financial institutions have borne the brunt of the data breach.

The complaint asserts that Wendy’ used outdated and easily hackable computer and credit card systems, and that the company failed to meet federal regulations and guidelines around computer and data security, stating that Wendy’ “refused to take steps to adequately protect its computer systems from intrusion.”

A Wendy’ spokesman has said that malware was discovered by third-party investigators, but the company has yet to confirm how many of its 6,000 stores had been hacked.

Fire leads to ‘severe roof damage and wall collapse’ in commercial building

A COMMERCIAL building in Newport, suffered structural damage following a fire this morning.

Fire crews from Duffryn, Malpas, Maindee and New Inn attended the incident in West Nash Road, in the Nash area, at 6.41am.

The building suffered sever damage to the roof, while a wall also collapsed.

A South Wales Fire and Rescue Service spokeswoman said: “The cause of the fire was unknown, but we do know it was accidental.

“The building was evacuated and a structural engineer is attending to assess the building’s stability.

“Everyone was accounted for and everyone is safe.”

The fire was put out at 8.40am.

IAAF hit by hacking group

International Association of Athletics Federations (IAAF) has apologised following what the world governing body has described as a “cyber attack” which it believes has compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF systems.

The IAAF said that unauthorised remote access to their network was noted in February, though the governing body does not know if the medical information was stolen.

Athletes who have applied for TUEs since 2012 have been contacted by the IAAF, the governing body added.

The TUE process allows athletes to gain approval to use a prescribed prohibited substance or method for the treatment of a legitimate medical condition.

“The presence of unauthorised remote access to the IAAF network by the attackers was noted on 21 February, where meta data on athlete TUEs was collected from a file server and stored in a newly created file. It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.

“Over the past month the IAAF has consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers’ access to the network. This was carried out and completed over the weekend.”

Chinese hackers Target UK Tech Companies

UK firms have been warned about “serious” cyber attacks originating in China that seek to steal trade secrets.

The gang behind the attacks has compromised technology service firms and plans to use them as a proxy for attacks, security firms have said.

The group, dubbed APT10, is using custom-made malware and spear phishing to gain access to target companies.

The National Cyber Security Centre and cyber units at PwC and BAE Systems collaborated to identify the group.

“Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks,” said Richard Horne, cyber security partner at PwC.

Known victims

A detailed report drawn up by the three organisations reveals that the group has been active since 2014 but ramped up its attacks in late 2016. In particular, said the report, it targeted firms who ran key IT functions on behalf of large UK companies

PwC and BAE said the group had mounted many different attacks as part of a campaign they called Operation Cloud Hopper.

By targeting the suppliers of IT outsourcing, the attackers were able to stealthily gain access to the networks and systems of their true targets.

Dr Adrian Nish, head of threat intelligence at BAE, said the attackers used these third parties as a “stepping stone” to get at the companies and organisations they were really interested in.

Infiltrating supply chains gave the attackers an easy route into many different targets.

“Organisations large and small rely on these providers for management of core systems and as such they can have deep access to sensitive data,” he said.

“It is impossible to say how many organisations might be impacted altogether at this point.”

The security organisations involved in exposing the APT10 campaign say they have seen firms in the UK, Europe and Japan being targeted by the group.

The National Cyber Security Centre and the two security firms have warned known victims that they have been compromised.

Spear phishing emails booby-trapped with custom-made malware were sent to key staff in IT services firms in the first stage of an attack. Once the hackers had won access they sought out intellectual property and other sensitive data.

The hacking group maintained a massive network of sites and domains online to serve their various attacks and as a conduit for data they stole, said Dr Nish.

Forensic analysis of the times when the attackers were most active as well as the tools and techniques they used led PwC and BAE to conclude that the group was based in China.

UK Charities Fined by Information Commissioners Office

Eleven charities have been fined by the UK’s data watchdog for misusing information about millions of past donors to seek further funds.

Those fined include Oxfam, Cancer Research UK, The Royal British Legion and Battersea Dogs’ and Cats’ Home.

The Information Commissioner’s Office said offences included secretly piecing together data from various sources and trading personal details to target new and lapsed donors.

It said charities must obey the law.

But it limited the individual fines to between £6,000 and £18,000 because donors could be unhappy at more punitive fines.

“[People] will be upset to learn the way their personal information has been analysed and shared by charities they trusted with their details and their donations,” said Information Commissioner Elizabeth Denham.

“No charity wants to alienate their donors.”

Wealth screening

The regulator said that some of the charities had hired companies to profile the wealth of their donors. It said this was done by investigating their incomes, lifestyles, property values and friendship circles among other means.

In some cases, the “wealth screening” process was also used to flag those most likely to be convinced to leave money in their wills.

Some charities are also accused of tracking down additional data about past supporters – for example using old telephone numbers to identify current ones. This ignores the fact people have the right to choose what information they share.

In addition, some of the charities shared data with each other without seeking permission.

“Supporters of animal charities could have their information shared with homeless, humanitarian or religious charities even though the supporters only expected their information to be shared with other animal charities,” the Information Commissioner’s Office said.

“Some charities don’t know if the information has been shared one or 100 times. This can result in lots of unwanted charity marketing.”

Follow-up fines

The Information Commissioner’s Office carried out the probe after reports that charity supporters were being pressured into follow-up donations.

Last December, the British Heart Foundation and The Royal Society for the Prevention of Cruelty to Animals were fined for similar activity.

The full list of charities affected by the latest penalties is:

  • The International Fund for Animal Welfare – £18,000
  • Cancer Support UK – £16,000
  • Cancer Research UK – £16,000
  • The Guide Dogs for the Blind Association – £15,000
  • Macmillan Cancer Support – £14,000
  • The Royal British Legion – £12,000
  • The National Society for the Prevention of Cruelty to Children – £12,000
  • Great Ormond Street Hospital Children’s Charity – £11,000
  • WWF-UK – £9,000
  • Battersea Dogs’ and Cats’ Home – £9,000
  • Oxfam – £6,000



Fire causes $5-million in damage at  aluminum factory

The fired started just after 3:30 a.m. at Anderton Castings after an employee dropped a bottle of nitrogen into the molten metal, causing an explosion.

The explosion threw hot metal onto the ceiling of the building which caught fire and quickly spread throughout the building.

The building is a total loss.  The damage is estimated at $5 million.

Six to eight people were in the building but no one was injured.  The man who caused the fire was wearing protective gear.

The local fire department are using heavy equipment to tear down the building so they can put out hot spots still burning inside the building.

The fire bappears to be an accident and no criminal charges are expected.

Nikki Ramirez, a human resources representative for the company, said all hourly employees were told to stay home until further notice.

According to the Anderton Castings website, the building was 142,000 square feet sitting on 30 acres of land. It was one of four Anderton facilities around the world, with other facilities in France, Mexico and Michigan.

The company markets itself as a leading supplier of aluminum chassis and powertrain components for the automotive, on- and off-highway and construction equipment.

Phishing Campaign Targets Airline Customers

A wave of email-based phishing campaigns is targeting airline consumers with messages that contain malware that infects systems or links to spoofed airline websites that are personalized to trick victims into handing over personal or business credentials.

“Over the past several weeks, we have seen a combination of attack techniques. One, where an attacker impersonates a travel agency or someone inside a company. Recipients are told an email contains an airline ticket or e-ticket,” said Asaf Cidon, vice president, content security services at Barracuda Networks. Attachments, he said, are documents

Cidon said other aviation-themed phishing attacks contain links to spoofed airline sites. In these types of attacks, adversaries go to great lengths to spoof the airline’s site. In addition, attackers personalize the landing page with the target’s personal information in hopes of coaxing them to log in with either their company or airline username and password.

“It’s clear there is some degree of advanced reconnaissance that takes place before targeting individuals within these companies,” Cidon said.

Recent phishing campaigns, he said, are targeting logistic, shipping and manufacturing industries.

Barracuda’s warning comes a week after the U.S. Computer Emergency Readiness Team issued an alert of similar attacks targeting airline consumers. It warned email-based phishing campaigns were attempting to obtain credentials as well.

“Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information,” according to the US-CERT warning.

The US-CERT warning was based on concerns Delta Air Lines had over a rash of fake websites designed to confuse consumers.

“Delta has received reports of attempts by parties not affiliated with us to fraudulently gather customer information in a number of ways including: fraudulent emails, social media sites, postcards, Gift Card promotional websites claiming to be from Delta Air Lines and letters or prize notifications promising free travel,” according to the Delta Air Lines warning.

Delta said some victims were sent emails that claimed to contain invoices or receipts inside attached documents. Attachments contained either dangerous viruses or links to websites that downloaded malware onto a victim’s computer.

When asked about the warning, Delta declined to comment.

Phishing Scam Targets HSBC Customers

An HSBC phishing scam continues to target victims using clever email and text messages. Fraudulent messages posing as the London-based bank notifies customers of issues with their accounts. If victims click on the scammer’s fake links, they’re taken to false sign-in pages that appear authentic.

Once a person enters his user name, social security number of password, his information is sent to a dishonest third party.

The messages look completely authentic, and HSBC warns customers to be skeptical of any virtual communication that claims to be from its customer service department.

“Be wary of unsolicited emails that appear to be from your bank and contain links to websites urging you to provide confidential, personal or financial information,” HSBC said on its site. “The emails may appear to come from a legitimate site and often warn that your account may be shut down unless you take some action. These emails are designed to steal your personal information and use it to access your accounts.”