Spyware successfully broke into journalists’ iPhones by sending iMessages that didn’t even need to be read

iPhone 12
Amnesty International found evidence of iPhones being hacked with “zero-click” attacks.

  • An Amnesty report says NSO Group sold spyware then used to target journalists and activists.
  • The spyware successfully infected victims’ iPhones by exploit flaws in iMessage.
  • Amnesty said its findings suggest all iPhones and iOS updates are vulnerable to attack.
  • See more stories on Insider’s business page.

A forensic analysis by Amnesty International found a type of military-grade spyware was used to successfully break into journalists’ iPhones, apparently by sending iMessages that didn’t even need to be clicked.

The spyware is made by Israeli company NSO Group, a private firm that sells advanced hacking tools to clients including governments.

A group of 17 media outlets and Amnesty International published a report Sunday claiming NSO Group’s Pegasus software was used by its clients to hack the phones of at least 37 journalists, activists, politicians, and business executives around the world.

NSO Group strongly denied the report, claiming it contained factual inaccuracies and lacked evidence.

Amnesty International published a forensic methodology report of how it analyzed targets’ phones to discover whether they had been compromised by Pegasus.

The organization found evidence of “zero-click” iMessage attacks being targeted at journalists going back to 2018, with alarming implications for iPhone security. Zero-click attacks don’t require any interaction from the victim to break into a phone.

Amnesty said it analyzed a fully updated iPhone 12 belonging to an Indian journalist which showed signs of “successful compromise” following a zero-click attack as recently as June 16, 2021.

“These most recent discoveries indicate NSO Group’s customers are currently able to remotely compromise all recent iPhone models and versions of iOS,” the report warns.

Read more: Phone-hacking spyware startup NSO Group claimed US and French security experts would advise on human rights. All three advisors left the company within a year.

Bill Marczak, a research fellow at the University of Toronto’s digital surveillance specialists Citizen Lab, said on Twitter the lab likewise found evidence of zero-click message attacks being used to break into the latest iPhones.

Marczak said some of the zero-click attacks exploited Apple’s ImageIO, which allows Apple devices to read and display images.

Amnesty also found evidence of a zero-click attack targeted at an Azerbaijani journalist in 2020 involving Apple Music. Amnesty said its analysis couldn’t ascertain whether Apple Music was used to infect the phone, or if the exploit began with a different app.

Amnesty said it reported its findings to Apple, which said it would investigate the matter.

The organization said NSO Group clients had previously relied on attacks that would send a malicious link to a victim, whose device would become infected once they click on it.

Apple said in a statement that the iPhone remains one of the safest consumer devices.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” Apple security engineering chief Ivan Krstić said in a statement, adding that Apple prioritized security updates and that the majority of users were not at risk.

NSO Group said its software is used to fight terrorism and crime. It also said once it sells its products to customers, it does not operate them and has no insight into how they’re deployed. It was not immediately available for comment when contacted by Insider.

NSO Group has been accused previously of facilitating hacks on journalists.

Facebook sued NSO Group in October 2019, saying the company’s tools were used to hack WhatsApp accounts for journalists, politicians, human rights activists, and more. The alleged attack only required hackers to call victims on WhatsApp to infiltrate their phones.

Read the original article on Business Insider

A major cruise line says its customers’ private information may have been accessed during a data breach

carnival cruise
Carnival Cruise Line’s Carnival Ecstasy cruise ship in March 2020.

Carnival Corp says its guests’ and employees’ personal data may have been impacted in a data breach first discovered on March 19, a company spokesperson told Insider in an email statement on Friday.

In response to the breach, Carnival “shut down the event,” informed regulators, and called on a cybersecurity company to look into the attack. The investigation later found that information on guests, crew members, and employees with Carnival Corp and several of its brands – Carnival, Holland America, Princess, and “medical operations” – were impacted by the “third party access to limited portions of its information technology systems,” according to the spokesperson.

Personal information like Social Security and passport numbers, addresses, and health data may have been accessed during the breach, the Associated Press reported.

However, “there is evidence indicating a low likelihood of the data being misused,” the spokesperson told Insider. Carnival has since contacted the people who may have been affected by the data breach, and has created a call center to field any questions.

“As part of its ongoing operations, the company is continuing to review security and privacy policies and procedures and has been implementing changes as needed to enhance our information security and privacy program and controls,” the spokesperson said.

Carnival saw two ransomware attacks in August and December of 2020, the company reported in April.

Read the original article on Business Insider

The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal

SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • SolarWinds was the subject of a massive cybersecurity attack that spread to the company’s clients.
  • Major firms like Microsoft and top government agencies were attacked, and sensitive data was exposed.
  • Here’s a simple explanation of what happened and why it’s important.

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported in December. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department.

On Thursday, it was reported that the US government was ready to impose sanctions on about a dozen Russian intelligence officials over their alleged role in interfering with the 2020 presidential election as well as the Solarwinds attack.

Here’s a simple explanation of how the massive breach happened, and why it matters.

An unusual hack

In early 2020, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents.

Most software providers regularly send out updates to their systems, whether it’s fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March of 2020, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.

The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.

Read more: How hackers breached IT company SolarWinds and staged an unprecedented attack that left US government agencies vulnerable for 9 months

The victims

SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. Microsoft president Brad Smith said in a February congressional hearing that more than 80% of the victims targeted were nongovernment organizations.

Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role

US agencies – including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury – were attacked. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported.

And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported.

At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, “home to the department’s highest-ranking officials,” Sen. Ron Wyden said. The IRS hasn’t found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.

Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking ‘scope’ of the SolarWinds hack

Who did it?

Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

Russia has denied any involvement with the breach and former President Donald Trump had suggested, without evidence, that Chinese hackers may be the culprits. But the Biden White House has said it may respond to the cyberattack in the coming weeks, which could include actions against the Russian government.

Microsoft’s Smith said during the February hearing that he believes Russia is behind the attack, and FireEye CEO Kevin Mandia said based on his company’s forensic analysis, the evidence is “most consistent with espionage and behaviors we’ve seen out of Russia.” However, the execs noted that the full extent of the attack is still unfolding.

Read more: 5 takeaways from the Tuesday Senate hearing over the SolarWinds cyberattack

Why it matters

Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems. Tom Bossert, President Trump’s former homeland security officer, said that it could be years before the networks are secure again. With access to government networks, hackers could, “destroy or alter data, and impersonate legitimate people,” Bossert wrote in an Op-Ed for the New York Times.

Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was “blindsided” by the attack, the New York Times reported. Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked.

FireEye CEO Kevin Mandia testified in February after the US Senate summoned SolarWinds as well as Microsoft, CrowdStrike to a series of hearings over the sweeping breach.

The hack could accelerate broad changes in the cybersecurity industry. Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found, Business Insider previously reported. And the US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency, the Associated Press reported.

The attack may also lead to a strengthened relationship between the US government and the cybersecurity industry, with the private sector helping federal officials fight off nation-state attacks and foreign bad actors in the future, as Insider reported.

Read the original article on Business Insider

Atlantic Media says hackers may have obtained employees’ financial data

GettyImages 450912604
Atlantic Media says “unauthorized actors” had potentially gained access to sensitive financial data on current and former employees.

  • Atlantic Media said Wednesday an “unauthorized actor” may have obtained employees’ financial data.
  • The company, which publishes The Atlantic, said hackers potentially had access to tax forms.
  • It did not name any suspects.
  • See more stories on Insider’s business page.

Hackers may have obtained sensitive tax information on employees at Atlantic Media, the company said Wednesday.

Saying it became aware of a breach last month, the publisher – whose affiliated companies include The Atlantic and National Journal – announced an internal investigation had found “no evidence that any subscribers’, customers’, or clients’ financial or sensitive information was involved.”

Current and former employees were not so lucky. They were informed this week that “unauthorized actors” had gained access to a server with their tax forms, “which contain names and Social Security numbers.”

There is no evidence that the information has been exploited or publicly disclosed, the company said.

The statement did not identify any suspects. A company spokesperson, Anna Bross, told Insider that the statement reflects the “most complete information that we are making available.”

Have a news tip? Email this reporter: cdavis@insider.com

Read the original article on Business Insider

After data from half a billion Facebook users was leaked, the company isn’t planning to tell people if they were impacted

facebook mark zuckerberg
Facebook CEO Mark Zuckerberg.

In the wake of news that personal information from over 533 million Facebook users leaked online, the company said it won’t inform impacted users.

The social media giant isn’t informing users because it isn’t sure which users were impacted, a Facebook spokesperson told Reuters. Moreover, since users are unable to fix the issue and the data is already public, Facebook is choosing not to identify and inform users.

The data leak included phone numbers, full names, locations, email addresses, and biographical information of over 533 million Facebook users from 106 countries. US users made up the majority with over 32 million users impacted, with users in the UK and India representing the second- and third-most impacted regions.

The breach wasn’t disclosed by Facebook, and the company didn’t address it until Insider reported on the data trove’s appearance on a hacking forum last week.

Read more: Leaked Amazon documents detail a controversial system that insiders say forces managers to give bad reviews to good employees

In a blog post on Tuesday, Facebook product management director Mike Clark said it didn’t disclose the breach because of the way that the leaked data was obtained. Rather than a hack, Facebook said the data was obtained, “by scraping it from our platform prior to September 2019.”

In short: Hackers didn’t break into Facebook’s servers and steal a bunch of user data. Instead, the data was pulled from publicly available Facebook pages.

That may also be key to why Facebook isn’t able to determine which users were impacted. Clark said that the data is suspected to have been scraped using Facebook’s contact importer tool, which was available to all users.

Without Facebook telling its impacted users about the data breach, third-party services like “Have I been pwned” have filled the void – here’s how to see if you were impacted in the breach.

Got a tip? Contact Insider senior correspondent Ben Gilbert via email (bgilbert@insider.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.

Read the original article on Business Insider

People are reporting thousands of dollars worth of crypto art was stolen on an NFT marketplace

A NFT of Trevor Jones' Bitcoin Angel was one of the pieces that was reported stolen.
A NFT of Trevor Jones’ Bitcoin Angel was one of the pieces that was reported stolen.

  • Multiple people took to Twitter to report the theft of digital artwork on Nifty Gateway.
  • One user said over $150,000 in digital assets has already been reported stolen on the marketplace.
  • A Nifty Gateway spokesperson said there is no indication the trading platform has been compromised.
  • See more stories on Insider’s business page.

Multiple people reported their accounts on Nifty Gateway had been compromised on Sunday, leading to the loss of their crypto art and unauthorized purchases using their credit cards.

A Nifty Gateway spokesperson declined to say how much art had been reported stolen, but confirmed to Insider that a “small group of users” had been impacted.

One Twitter user, @keyboardmoney3, who has been keeping a tally of the reports of stolen artwork, claimed that over $150,000 worth of NFTs on Nifty Gateway has been stolen.

Several pieces were from artists that have generated significant momentum in crypto-art sales, including Trevor Jones, according to the Twitter user.

Michael J. Miraflor was one of the first people to report an issue with his account on Twitter. He said someone purchased over $10,000 worth of digital art on Nifty Gateway using his credit card.

The same person also transferred Miraflor’s digital art pieces to a new account and sold them via Discord, according to a Tweet from Miraflor.

Read more: Here are 4 NFT startups transforming the way we buy art and sports memorabilia

Miraflor said on Twitter he has been in contact with Nifty Gateway co-founder Griffin Cock Foster, but that the co-founder said Nifty Gateway could not transfer the digital tokens back to Miraflor after they had already been resold to unsuspecting buyers.

Now, Miraflor said he’s is in the process of filing a police report.

A Nifty Gateway spokesperson told Insider it had not seen any evidence that the platform was hacked and that the impacted accounts were accessed using valid account credentials.

“We have seen no indication of compromise of the Nifty Gateway platform,” the spokesperson told Insider. “The Nifty Gateway team is communicating with a small number of users who appear to have been impacted by an account takeover.”

That means the alleged thefts could be the result of users who reused passwords between other accounts or did not have two-factor authentication – an optional security measure on the site – enabled.

“We have seen some reports that NFTs involved in these account takeovers were sold in transactions negotiated over Discord or Twitter,” the spokesperson told Insider. “We strongly encourage all Nifty Gateway customers to purchase their NFTs on the official Nifty Gateway marketplace.”

The crypto world has always posed a risk of theft and potential fraud. Since blockchain transactions are anonymous and irreversible, a compromised password poses a significant risk for people who have invested thousands in digital assets.

As Non-fungible tokens (NFTs) take the spotlight as a new hot type of crypto asset, they also bring with them the same risks.

On Thursday, NFTs captured public attention when a piece by digital artist Beeple sold for nearly $70 million on Christie’s.

Nifty Gateway has also become a popular site for buying and selling NFTs. The site hosted an auction for Grimes last month that brought in over $5.8 million in under 20 minutes.

Nifty Gateway is one of the only platforms that allows users to buy directly from the site using their credit card, while most other sites like SuperRare and Foundations require users to have a digital wallet to purchase pieces using Ether.

Miraflor said on Twitter he had already contacted his credit card provider to prevent future purchases.

Nifty Gateway co-founders Griffin and Duncan Cock Foster told Insider last week the platform is focused on making NFTs as user friendly and accessible as possible.

Read the original article on Business Insider

At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs

Microsoft's CEO Satya Nadella
Microsoft’s CEO Satya Nadella

At least 30,0000 organizations across the US have been hacked over the last few days through flaws in Microsoft’s Exchange server email software, sources familiar with the matter told KrebsOnSecurity.

The “unusually aggressive Chinese cyber espionage unit” that Microsoft calls “Hafnium” is focusing on stealing emails from a range of victims, including companies, small businesses, and local governments, Krebs said. 

The group exploited four flaws in Microsoft’s Exchange servers. The bugs gave attackers full remote control over the affected systems.

With each hacking incident, the group left behind a hacking tool called “web shell” that is protected by an easy password and could be accessed from any internet browser, the cybersecurity blog said. This tool allowed hackers to have administrative access to computer servers.

Microsoft released a security update this week to patch Exchange versions from 2013 to 2019. Microsoft recommended users immediately install updates to the Exchange product, which is primarily used by business customers. The company also said that it informed appropriate US government agencies about the breach.

Microsoft said the email system is used by organizations including companies, infectious disease researchers, defense contractors, law firms, NGOs, and universities. 

The purported Chinese hacking group is responsible for seizing control over hundreds of thousands of Microsoft Exchange servers worldwide, two anonymous cybersecurity experts told KrebsOnSecurity.

Chinese Foreign Ministry spokesman Wang Wenbin responded to Microsoft’s accusations in a Wednesday press briefing, saying there was not enough evidence to draw a conclusion on the Exchange hack’s origins, according to Bloomberg.

This is the eighth time in the last 12 months that Microsoft has publicly reported state-sponsored hacks.

White House Press Secretary Jen Psaki said in a press briefing on Friday that the weaknesses found in Microsoft’s Exchange Servers were “significant.” 

“We’re concerned that there are a large number of victims,” she added.

The Prague municipality and the Czech Ministry for Labor and Social Affairs were impacted by the Hafnium server breach, according to Reuters who cited a European cyber official briefed on the issue.

Read the original article on Business Insider

Is Dropbox secure? Here’s how Dropbox has improved its security measures, and what you can do to protect yourself

Dropbox app
Dropbox is a cloud storage and file hosting system that has previously received backlash over security concerns.

  • Dropbox is secure thanks in part to its 256-bit AES encryption, but the service has been hacked in the past.
  • Because Dropbox is relatively secure, the largest vulnerabilities are often the end users and their security hygiene. 
  • To be safe, you should enable two-factor authentication, be wary of public folder sharing, and consider using file-level encryption.
  • Visit Insider’s Tech Reference library for more stories.

Dropbox is one of the most popular cloud storage solutions in the world, supporting more than 14 million paying customers as of December 2019. Like most online services that have a long history dating back to the early days of the web, Dropbox’s past includes hacks and data breaches. 

The most infamous incident included the theft of more than 68 million account credentials in 2012 (hackers tried to sell this data in 2016), and the hack led to the company resetting passwords for millions of accounts in 2016. 

How Dropbox has increased its security level

In the years since, Dropbox has shored up its security substantially. Today the service’s 256-bit AES encryption and support for additional security tools like two-factor authentication is competitive.

Is Dropbox secure 1
Dropbox’s security is bolstered by 256-bit AES encryption.

The service authenticates all user connections to the server, whether it’s via a web browser or mobile app, and Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data as it moves between Dropbox’s users and the servers.

Moreover, Dropbox routinely tests its own hardware, software and processes for security vulnerabilities, and makes sure to alert users if Dropbox detects an attempted login from a new device or location. There have been no known large-scale hacks on Dropbox since 2012.  

How Dropbox may be vulnerable

“Their current encryption standards make the odds of a hack less likely, but no cloud-based solution is completely safe from new and emerging threats,” said Kristen Bolig, founder of SecurityNerd. 

Aside from the risk of an attack on Dropbox itself, one of the most dangerous vulnerabilities is on the user end of the Dropbox experience. Users – especially corporate customers – routinely face phishing attacks and social engineering attacks designed to trick people into giving up credentials and access to accounts. 

And not all security concerns originate with hackers and criminals. Dropbox’s user base crosses international boundaries, and Dropbox may opt to share user data with government agencies and law enforcement from time to time – the service has formal guidelines that dictate its behavior based on official requests. 

How to protect yourself as a Dropbox user

All that means your risk of a data breach with Dropbox is low, but not zero, and there are steps you can take to ensure your own security. 

Chris Hauk, consumer privacy advocate with Pixel Privacy, recommended enabling Dropbox’s two-factor authentication. “This ensures that if a third-party attempts to log into your Dropbox account, you will be notified via email or text message.” 

Is Dropbox secure 2
Two-factor authentication is an easy step you can take to ensure Dropbox remains secure.

Simple human error is also a risk – Dropbox allows users to store files in easily exposed public folders, for example, so it’s important to be careful about where files are placed. 

And for the ultimate in security, both from accidental public folder disclosures as well as hacks, security experts like Security.org’s Chief Editor Gabe Turner suggest using file-level encryption on important files stored on Dropbox. You can encrypt and password-protect documents created in Microsoft Office, for example, or with a third-party app. 

This eliminates the risk of Dropbox itself accessing your files with the company’s own encryption key or handing your information to government authorities. 

‘What is Dropbox?’: How to use the cloud-based file-storage service for collaborationHow to upload files to your Dropbox account from a computer or mobile deviceHow to create a folder in Dropbox to keep your files organized on a computer or mobile deviceHow to uninstall Dropbox on a Mac computer in 4 easy steps

Read the original article on Business Insider

The US Senate is grilling Microsoft and SolarWinds over last year’s historic cyberattack

SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • US Senators are questioning the tech firms involved in last year’s sweeping cyberattack.
  • SolarWinds, Microsoft, FireEye, and CrowdStrike are all testifying in the Tuesday hearing, which you can livestream below.
  • Hackers installed malware into SolarWinds’ software, which was then distributed to the firm’s clients.
  • Visit the Business section of Insider for more stories.

The US Senate is questioning the chief exeutives of SolarWinds and other tech firms in a hearing Tuesday after unknown attackers, with suspected links to Russia, infiltrated the company’s software last year, compromising thousands of organizations including major federal agencies.

SolarWinds is joined in the hearing by FireEye, the cybersecurity firm that first discovered the malware in December, as well as Microsoft, whose president, Brad Smith, is present at the proceedings. CrowdStrike CEO George Kurtz will also testify; his cybersecurity firm was apparently able to stave off the hackers.

The cyberattack began in March of last year and went undetected for months. SolarWinds told the SEC that about 18,000 of its 300,000 clients were targeted in the attack. High-level government data was left exposed – the Trump administration confirmed in December that hackers had indeed infiltrated key networks, including the US Treasury and the Commerce Department. 

Read more: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is ‘gargantuan’ and could hurt thousands of companies, according to cybersecurity experts

Fortune 500 companies – including Microsoft, AT&T, and McDonald’s – were among SolarWinds’ vulnerable customer base. Microsoft has said its products, including its Office 365 suite and Azure cloud, were not used in the hack, but they were targeted, with the attackers making off with some of its source code. And FireEye researchers say the hackers appear to be able to send emails and access calendars on Microsoft’s 365 suite.

Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role

The White House has said it may respond to the SolarWinds hacks in a matter of weeks, which could include sanctions against the Russian government.

As Insider reported, Tuesday’s hearing will be a pivotal moment in the relationship between the US government and the cybersecurity world, namely how the industry can help federal officials stave off nation-state attacks in the future.

You can watch the live stream below. Follow along here for live updates from the hearing.

Chairman Mark Warner said the committee invited Amazon to attend the hearing but the company declined

Sen. Warner kicked off the hearing and noted that Amazon declined the Senate’s invitation to testify in Tuesday’s hearing. Sen. Marco Rubio also touched on the company’s lack of participation and said, “it would be most helpful in the future if they actually attended these hearings.” Amazon did not immediately respond to Insider’s request for comment.

Microsoft president Brad Smith said the attack’s full scope is still unfolding

In his opening statement, Smith said there’s much that we still don’t know regarding the extent of the cyberattack and that there must be reform to the relationship between Silicon Valley’s cybersecurity arm and the federal government. He also said he believes that Russia is behind the attack.

FireEye CEO Kevin Mandia used his opening statement to declare the attack as behind “exceptionally hard to detect” and also later said that this was a planned hack. “The question is where’s the next one? And where are we going to find it?” Mandia said.  

Microsoft’s Smith believes all the evidence points to Russia

Smith said earlier that “at this stage we’ve seen substantial evidence that points to the Russian foreign embassy and we’ve seen no evidence that points to anyone else.”

Mandia and CrowdStrike CEO George Kurtz agreed that the attacker was a nation-state actor. However, neither confirmed who they thought was exactly behind it. Mandia did say that his company analyzed forensics and found that it’s “most consistent with espionage and behaviors we’ve seen out of Russia.”

Read the original article on Business Insider

Kroger says some HR data and pharmacy records were possibly compromised in data breach

GettyImages 1220598162
  • The data breach was caused by a vulnerability in the Accellion file-sharing system that Kroger used.
  • Kroger discontinued using Accellion and reported the incident to federal law enforcement.
  • Certain HR data, money service records, and pharmacy records were affected.
  • Visit the Business section of Insider for more stories.

Kroger was among the companies affected by a data breach caused by a weakness in a product offered by Accellion, a third-party company that the retailer used for secure file transfer services, according to a company press release.

The breach didn’t affect Kroger’s IT system, the store systems, debit or credit card information, and no customer data was misused, the retailer said, but it did impact certain HR data, money service records, and pharmacy records.

“At this time, based on the information provided by Accellion and its own investigation, Kroger believes that less than 1% of its customers, specifically customers of Kroger Health and Money Services, have been impacted,” the company said in Friday’s press release. 

The supermarket chain, which has nearly 3,000 stores accross the country, discontinued using the product and reported the data breach to federal law enforcement after being informed of the incident on January 23, Kroger said Friday. 

Accellion informed Kroger that an unauthorized person gained access to Kroger files through a weakness in Accellion’s file transfer service, Kroger said.

Kroger also initiated its own investigation to determine the impact of the incident. The company is in the process of contacting potentially harmed customers and offering free credit monitoring. 

Accellion did not immediately respond to a request for comment. 

Accellion’s customers have been using the company’s product called File Transfer Appliance (FTA) which offers secure file-sharing services for sensitive files that are too large for email attachments. The product was used by law firms, including Jones Day, Insider previously reported.

Earlier this month, Accellion announced that it is retiring its FTA systems and encouraged its customers to upgrade from the 20-year-old system to its newer product Kiteworks that “never reported” an external vulnerability in the four years it has been in the marketplace.

The company will not allow renewals to its FTA product after April 30, according to its website.

In January, Accellion said that it released a patch within 72 hours to less than 50 of its customers who have been impacted by the breach. The string of data breaches affected large organizations and companies around the world.

Among those affected was New Zealand’s Reserve Bank that became aware of the data breach in January. “Following this malicious attack, the software application was secured and closed,” the bank said in its statement on February 15.

The data breach that the bank experienced on December 25 impacted some files that contained personal email addresses, birthdates, credit information, the bank said. The bank also added that it is working directly with stakeholders to determine the number of individuals affected.

Singtel, Singapore’s telecommunications company, also experienced a data breach of its FTA Accellion system and said on Wednesday that it is working with the Cyber Security Agency of Singapore about the incident.

The company completed its investigation and concluded that 23 enterprises were affected and Singtel’s data logs, test data, reports, and emails were leaked, according to its statement. Exfiltrated data also included personal information such as birthdates and names of 129,000 customers and bank account details of 28 former Singtel employees, the company added.

Read the original article on Business Insider