Monthly Archives: May 2019

Home / 2019 / May

Hackers Compromise Outlook Accounts

Recently, Microsoft began notifying some users that a cybercriminal successfully hacked their email Outlook accounts. The hacker was able to get unauthorized access to some accounts by gaining the credentials of a support agent, and accessed the accounts earlier this year between January 1st and March 28th, 2019.

What kind of information did the attacker get from the Outlook accounts?

The hacker(s) may have accessed account email addresses, subject lines of emails, and folder names; however, the attachments of emails or the content of emails reportedly remained out of reach.

In an email to affected users, Microsoft said that its investigation indicates that the hacker could see account-related information, but not the content of any e-mails. It further noted that the company has no information on why the hacker accessed that particular data or how he or she may have used it.

The company emphasized that the hacker was not able to steal login details or any other sensitive data, like passwords of the affected users. Nevertheless, Microsoft advised affected users to reset their passwords.  It gave assurances that it was making great efforts to resolve the issue and prevent it from happening in the future.

Microsoft issues security alert after breach

Warning users of a possible cyber-attack, Microsoft said that because of the breach, affected users may see more spam emails or phishing, and they should be careful when opening emails. The company said that the users should not open suspicious emails, like emails with misleading domain names or those that request payment, private information, or unsolicited requests from unknown sources.


International Cyber Crime Scheme

A jury in Ohio convicted two Romanian cybercriminals in April of wire fraud and aggravated identity theft in an international cyber crime scheme. The cybercriminals from Bucharest were convicted for implementing an intricate malware scheme. The malware was used by the hackers to steal sensitive information like credit card information, according to an announcement from the US Department of Justice.

What did the cybercriminals do?

They sold the private data on the dark web; subsequently, it was used to mine cryptocurrency as well as to participate in online auction fraud.

The malware was used to send emails to victims claiming to be legitimate from entities like the IRS, Western Union, and Norton AntiVirus. The emails tricked the victims into clicking on links that installed malware on their computers. The group of hackers, called “the Bayrob Group,” also inserted fake pages into legitimate websites like eBay, Facebook, and PayPal, which misled unsuspecting users.

The hackers had placed more than a thousand fraudulent listings for motorcycles, automobiles and several other expensive goods on auction sites like eBay as part of the scheme. The cybercriminals laundered the stolen money using money transfer agents who first routed the money via shell companies and then to Money Gram or Western Union offices based in Romania. Then the cash was collected by money mules and delivered to the defendants.

Millions of dollars were stolen by the group at the time of conviction

The cyber criminals, who infected and controlled around 400 thousand computers, tricked people into making fraudulent purchases on auction sites. The conviction announcement described a well-organized enterprise that was using stolen credit card numbers to register domains, rent server space and pay for virtual private network service. According to prosecutors, the criminals infected computers, disabled antivirus software and blocked access to law enforcement websites.

According to the Department of Justice, the hackers sent approximately 11 million malicious emails in total and stole about $4 million.


Around 100 Firms Join the EU Blockchain Group

According to reports, a new blockchain group dubbed “the International Association of Trusted Blockchain Applications”, or “INATBA”, was launched on April 3 in Brussels. The new blockchain association, initiated by a European commission, aims to promote mainstream adoption of blockchain tech across several sectors.

Blockchain group brings together 105 companies

INATBA wants to develop best standards and practices for blockchain technology in Europe. The blockchain association has over 105 organizations and companies, including big industry names like SWIFT, IBM, Ripple, Guardtime, and German stock markets Boerse Stuttgart and Deutsche Boerse, SAP.

The blockchain group intends to develop a framework to motivate the private as well as the public sector to participate in discussions with regulators for ensuring transparency and integrity across the industry. INATBA also hopes to come up with specifications and guidelines for distributed ledger and blockhain-based apps in order to promote the technology.

It will be quite interesting to see how payment service providers like R3, Ripple and SWIFT, as well as how the banking sector, will work in the blockchain group.  Earlier, several experts – one of them being Christine Lagarde, the IMF Director – said that the banking sector would be cannibalized by the technology of blockchain payment providers.

Goals of the new blockchain group

INATBA may be facilitated by the European Commission, but it aims world-wide. Members include companies from the U.S., Japan, and Canada as well.

Nevertheless, Roberto Viola, who is the Director General of DG Connect at the European Commission, said in his blog post that the technology is best suited for Europe because of its decentralized setup.

He said that they have worked to develop a single digital market for the EU over the past few years and technology like the Internet of Things, artificial intelligence, higher performance computing and 5G connectivity were covered. He added that Distributed Ledger Technologies like blockchain are an essential area for the completion of their aim. In sum, for their single digital market dream, blockchain tech is required and is the next step.



UK Watchdog Reprimanded Huawei Over Vulnerable Security Practices

The HCSEC (Huawei Cyber Security Evaluation Centre), a UK government watchdog, has reprimanded Huawei for its vulnerable cybersecurity. The HCSEC is an organization that was started by the National Cyber Security Centre of the UK to discover cybersecurity risks posed by using Huawei products in national infrastructure. According to a report of the Financial Times, the UK security watchdog is quite disappointed with the company’s security practices.
Vulnerabilities found in previous equipment not secured
According to the HCSEC report, the China-based company has still not secured the vulnerabilities that were identified in previous versions of the products. The report did not find any clear evidence of spying backed by any state, but noted that the equipment was not secured fully and was vulnerable to cyber attacks.
Even earlier, the UK security watchdog found vulnerabilities in Huawei products. There were hundreds of issues and vulnerabilities reported by the HCSEC to operators to check for risk remediation and management. This is not a small matter, because people often save important information and sensitive data in their phones or other hardware. A cyber-attack on the equipment could lead to data theft and could even affect network operation.
If these vulnerabilities continue to exist, cyber criminals could be able to exploit the equipment and access reconfiguration of the network elements or affect user traffic, according to the report. The main fear of the UK government is that state-backed cyber-attacks can have a serious impact on the networks.
US to ban Huawei’s products
The United States will be prohibiting the use of products made by Huawei in the upcoming 5G networks, and is rumored to have been pushing other countries to do the same. New Zealand and Australia have blocked or prohibited the products, while Canada may do the same soon.
The US State Department warned last year that Huawei products are not reliable. Whether the UK will ban Huawei’s products like these other countries is not known.
Huawei, in its defense, said it took the report quite seriously. The company added that it would take over 3 to 5 years to resolve the issues and that it has pledged over $2 billion to improve its software engineering. Guo Ping, the deputy chairman of the Chinese company, noted in his comments that it will work alongside regulators to improve security.