Calls for standardized cybersecurity breach reporting 0 577

cybersecurity breach reporting

Internet security company ESET East Africa has added its voice to the call for legislation to compel organizations to share or release information to a supervisory authority, affected individuals or organizations in case of cybersecurity breaches.

According to Teddy Njoroge, ESET Country Manager in charge of Kenya, Uganda, Tanzania and Rwanda, this would help responsible branches of government, businesses as well as Cybersecurity services vendors to keep ahead of cyber-criminals.

“Due to the siloed and secretive manner in which breaches are reported in Kenya, another attack similar to ‘WannaCryptor’ ransomware could be devastating if directed to critical institutions such as health, government, and especially the financial services sector”, He said.

On Tuesday, May 17, Joe Mucheru, Cabinet Secretary in the Ministry of Information and Communication Technology (MoICT) challenged the financial services sector in Kenya to improve information sharing and reporting on Cyber-security breaches.

“Breach notification eliminates the clandestine attempts by hackers to attack systems and enables synergized efforts towards the prevention of the criminal activity as well as their prosecution”, he said.

Speaking at the Cyber-Security & Banking Forum organized by Citibank and the ICT Authority, the CS said standardized reporting would also help in quantifying the exposure and resilience of organizations both in public and private sector to cyber security incidents.

”A shared reporting system would be a welcome move in developing a unified preventive and counteractive measure to hamper the growth of malware such as ‘WannaCryptor’ and other forms of cybercrime in the country.”

The encrypting – type malware is also known as ‘WannaCry‘  or ‘Wcrypt’ that hit the world on Friday, May 14, 2017, spread rapidly around the globe by exploiting a vulnerability in computers running unpatched versions of Microsoft’s Windows Operating System.

Njoroge added that a standardized and shared reporting system would be a welcome move in developing a unified preventive or counteractive measure to hamper the growth of malware and other forms of cybercrime in the country.

“In the aftermath of ‘Wannacryptor’ ransomware attack we can see from statistics a trend that indicates potential under-reporting of both successful and unsuccessful attacks especially noting that over eighty percent of personal computers and servers in Kenya run on the Windows Operating System”, he explained.

ESET recorded eight ‘Wannacryptor attack attempts in Kenya during the period May 14th to 16th 2017. In Africa, worst hit was Egypt which recorded 1,592 attempts followed by South Africa at 386 and Nigeria at 42 attempts out of the 15 countries that registered attack attempts.

Around the globe, ESET recorded the highest number of attacks in Russia with 30,189 cases, followed by Ukraine – 7,955, Taiwan – 7736 and The Philippines at 1,973 cases and which was followed by Egypt.

“In this period 14,383 ESET clients reported 66,566 attack attempts which were all detected and stopped. 60,187 attacks were detected through file or memory detection while another 6,379 attack attempts were stopped through ESET’s Attack Network Protection module”, said Njoroge.

Previous ArticleNext Article

Time to change your Twitter password 0 623

Twitter Password

An internal bug exposed the passwords of an undisclosed number of the more than 330 million Twitter users.

Twitter CTO Parag Agrawal announced that it was a “bug that stored passwords unmasked in an internal log”. He went on to state “we have fixed the bug and our investigation shows no indication of breach or misuse”.

The Social Media platform are insisting that there is no sign of danger and that there is no reason to believe that the passwords were exposed outside of the organisation. However, they are still advising users to change their Twitter passwords and those of any other online service using the same password.

Some additional password tips from Twitter include enabling two-factor authentication and also using a password manager to create a strong and unique password for every individual online service.

Approximately US $150,000 worth of Ethereum-based cryptocurrency stolen 0 700

Online cryptocurrency website MyEtherWallet.com has confirmed that some visitors could have been temporarily redirected to a phishing site designed to steal users’ credentials and – ultimately – empty their cryptocurrency wallets.

According to reports, whoever was behind the attack may have successfully stolen approximately US $152,000 worth of Ethereum-based cryptocurrency.

However,  MyEtherWallet may not have been at fault, as the website explained in its statement:

“This is not due to a lack of security on the [MyEtherWallet] platform. It is due to hackers finding vulnerabilities in public facing DNS servers.”

British security researcher Kevin Beaumont confirms in a blog post that some of MyEtherWallet’s traffic had been redirected to a server based in Russia after traffic intended for Amazon’s DNS resolvers was pointed to a server hosted in Chicago by Equinix.

For the scheme to succeed, someone pulled off a hijack of a crucial component of the internet known as Border Gateway Protocol (BGP), to reroute traffic intended for Amazon’s Route 53 DNS service to the server in Chicago. As a consequence, for some users, entering myetherwallet.com into their browser did not take them to the genuine site but instead to a server at an IP address chosen by the hackers.

The only obvious clue that a typical user might have spotted was that when they visited the fake MyEtherWallet site they would have seen an error message telling them that the site was using an untrustworthy SSL certificate.

It seems that the attackers made a mistake in not obtaining a valid SSL certificate.

Despite the error with their SSL certificate, the hackers haven’t done badly for themselves – both in this attack and in the past. Fascinatingly, the bogus MyEtherWallet website set up by the criminals was moving stolen cryptocurrency into a wallet which already contained some US $27 million worth of assets. Inevitably that raises questions of its own – have the hackers already made a substantial fortune through other attacks, or might their activities be supported by a nation state?

In a statement Equinix confirmed that a customer’s equipment at its Chicago data center was used in the hackers’ hijacking of Amazon’s Route 53 DNS service:

“The server used in this incident was not an Equinix server but rather customer equipment deployed at one of our Chicago IBX data centers… We generally do not have visibility or control over what our customers – or customers of our customers – do with their equipment.”

Amazon however, do not find the blame to lie on themselves, communicating the following statement:

“Neither AWS nor Amazon Route 53 were hacked or compromised. An upstream Internet Service Provider (ISP) was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered. These peered networks, unaware of this issue, accepted these announcements and incorrectly directed a small percentage of traffic for a single customer’s domain to the malicious copy of that domain.”

Some advice from award winning security blogger, researcher and speaker, Graham Cluley – avoid putting your cryptocurrency wallet online, keep them off your smartphone or computer and perhaps instead invest in a hardware wallet.