Wipro Supply Chain attack (Update-3) - This is similar to Cognizant (last year)

 Maritz Holdings Inc., sued Cognizant saying a forensic investigation determined that hackers used Cognizant’s resources in an attack on Maritz’s loyalty program that netted the attackers more than $11 million in fraudulent eGift cards.

https://krebsonsecurity.com/2019/04/wipro-intruders-targeted-other-major-it-firms/

Wipro Supply Chain attack (Update) - Wipro's response is NOT SATISFACTORY

Wipro’s public response so far:

• Ignore reporter’s questions for days and then pick nits in his story during a public investor conference call.
• Question the stated timing of breach, but refuse to provide an alternative timeline.
• Downplay the severity of the incident and characterize it as handled, even when they’ve only just hired an outside forensics firm.
• Say the intruders deployed a “zero-day attack,” and then refuse to discuss details of said zero-day.
• Claim the IoCs you’re sharing with affected clients were discovered by you when they weren’t.

The source said a subsequent phishing campaign between March 16 and 19 netted 22 additional Wipro employees, and that the vendor investigating the incident has so far discovered more than 100 Wipro endpoints that were seeded with ScreenConnect, a legitimate remote access tool sold by Connectwise.com.

Additionally, investigators found at least one of the compromised endpoints was attacked with Mimikatz

The source also said the vendor is still discovering newly-hacked systems.

https://krebsonsecurity.com/2019/04/how-not-to-acknowledge-a-data-breach/

A chain is no stronger than its weakest link , What happens when the chain ,in this case the "supply chain" itself is weak? - "Supply Chain Attack"

Wipro Ltd. has confirmed that its network was hacked and used for mounting attacks on its customers.

“[Victims] traced malicious and suspicious network reconnaissance activity back to partner systems that were communicating directly with Wipro’s network,” according to the sources. 

The incident is emblematic of the new era of highly targeted supply-chain attacks that have begun to accelerate.

https://threatpost.com/wipro-confirms-hack/143826/

Watchout Instagram users - Don't fall far this Phising Attack

https://nakedsecurity.sophos.com/2019/04/16/watch-out-dont-fall-for-the-instagram-nasty-list-phishing-attack/

Everyone is preparing for AI but, how many of us are thinking about AI Malware?

• The baseline for defending against these attacks will lie in ensuring all parts of the organization are visible and continually monitored.  
• A couple promising areas for implementing defensive AI include threat intelligence mining and autonomous response.

https://www.securityweek.com/get-ready-first-wave-ai-malware

REMEMBER - When "Identity is the new perimeter" , MFA combined with Employee awareness can be a good Firewall. There are now upward of 1.5 billion credentials floating in the wild ready for use by malicious miscreants at an exposed service near your data. Akamai saw more than 115 million attempts to use stolen credentials per day, and three times during the year the attacks spiked to more than 250 million attempts per day.

In March, for example, the FBI warned management-software firm Citrix that attackers had breached the company's network using a low-volume credential-stuffing attack

"Nation states actors typically target MSP (managed service providers) and companies like Citrix due to their client base and intellectual property," he said. "Other than espionage or financial profit, MSPs can also be targeted and leveraged in supply chain attacks that are used as a staging point to distribute additional malware."


https://www.darkreading.com/threat-intelligence/credential-stuffing-attacks-behind-30-billion-login-attempts-in-2018/d/d-id/1334371

SCARY - A Malware can actually alter your CT/MRI Scan to show fake Tumor - A team from Israel developed the malicious software to show how easy it is to do that.

The program was able to convincingly add fake malignant growths to images of lungs taken by MRI and CT scanning machines.
How? -  Because the files were generally not digitally signed or encrypted. This means any changes would be hard to spot.

The images targeted were scans of lungs but the malware could be tuned to produce other fake conditions such as brain tumors, blood clots, fractures or spinal problems

While hospitals were careful about sharing sensitive data beyond their boundaries, they took much less care when handling data internally, said one of the researchers.

https://www.bbc.com/news/technology-47812475

Fact is stranger than fiction - Who do you think is the is the most common target. for "Phishing" attacks.

Top three targeted sectors - 

1. Pharma 
2. Construction
3. Real estate 

Welcome news - Finally one company (Kaspersky) has decided to flag stalkerware as malware. Thanks to Eva Galperin, the head of cybersecurity at the Electronic Frontier Foundation for persuading them. Motherboard. Galperin has studied stalkerware and helped domestic abuse victims and human rights activists for years.

She'll also ask Apple to take measures to protect iPhone users from stalkerware, given that the company doesn't allow antivirus apps into its App Store. 

Finally, and perhaps most drastically, she says she'll call on state and federal officials to use their prosecutorial powers to indict executives of stalkerware-selling companies on hacking charges.

https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/

Two apps that use Facebook data expose millions of Facebook users. Reminds me of "Show Me Your Friends and I’ll Show You Your Future" because, our business associate's risk is also our risk

Facebook apps essentially knit themselves into the Facebook ecosystem for free, almost instantly enjoying the imprimatur and reach of the world’s biggest social networking company.

These breaches happened through plain old carelessness – databases hosted in the cloud and apparently almost casually left open to the world.


That’s like running your own servers in your own server room, but leaving the server room door unlocked with a big sign on it saying, “Free admission. Please don’t be naughty.”

In fact, it’s like copying critical data from your own servers onto a whole boxful of unencrypted USB drives and walking round a Dark Web convention handing them out to all and sundry.

https://nakedsecurity.sophos.com/2019/04/04/facebook-apps-expose-millions-of-users-facebook-data/