Reports: Cybercrimes Surge 400%, Teleworkers Need to Tighten Security

...in another new analysis, IBM warns that teleworkers are especially vulnerable to attack.

“There is a level of apathy and a lack of awareness when it comes to securing the home office environment....they’re seeing double the failure rates on their security tests than they saw pre-COVID,” warns Mathew Newfield, Chief Information Security Officer at Unisys...

“This unprecedented remote working explosion amounts to a dramatic game changer for corporate security officers and cyber attackers,” says Patrick Barry, Chief Information Officer at Rebyc Security.”

“Corporate cyber security strategies, policies, penetration testing procedures, and technologies need to be reconsidered and reevaluated and, in many cases, revamped.” more

Industrial Espionage Case: U.S. Company Awarded $3.36 Million

United Microelectronics Corp. (UMC), Taiwan's second largest pure wafer foundry operator, has been ordered to pay a fine of NT$100 million (US$3.36 million) by a district court in Taichung City which found the company and three of its employees guilty in a trade secret theft case brought by U.S.-based memory chipmaker Micron Technology Inc...

Prosecutors launched a probe into the alleged industrial espionage in February 2017 and decided to charge UMC and the three UMC employees in September, citing violation of Taiwan's Trade Secrets Act for sharing the information with Jinhua. more

Lawsuit Disputes Google's Private or Incognito Mode

Search engine behemoth Google found itself in the middle of a proposed class action lawsuit filed in California for invading the privacy of users even when they are browsing the web in what is called the private or incognito mode.

The $5 billion class action suit alleges that the tech giant collects user's data by tracking his activity on the web even in the private mode through Google Analytics, Google Ad Manager and website plug-ins, a Reuters report said.

Users normally login through the incognito mode assuming that it's safe as their search history isn't being tracked. The petitioners have alleged that Google collects the private data even as the users are under the impression that their data is safe and that amounts to misrepresentation. more

Frederick Barclay’s Nephews Thought Bugging Ritz was ‘Necessary and Reasonable’

Sir Frederick Barclay’s nephews bugged the conservatory of the Ritz hotel after becoming “seriously concerned” about the billionaire property magnate “posing a significant risk of harm” to the family business, according to documents lodged with the High Court.


The 85-year-old businessman is involved in a bitter High Court battle with three of his twin brother Sir David’s sons over 94 hours of secret recordings made over a number of months as part of what his lawyers have described as “commercial espionage on a vast scale”.

Sir Frederick and his daughter Amanda are suing Alistair, Aidan and Howard Barclay, Aidan’s son Andrew, and Philip Peters – a director of a number of companies in the Barclay Group – after the “elaborate system of covert recording” was discovered in January.

Last month, Sir Frederick released footage appearing to show his nephew Alistair handling a listening device which is said to have been used to capture more than 1,000 separate conversations. more

Data Breach Report: 28% Involved Small Businesses

Almost a third or 28% of data breaches involved small businesses. The data comes from one of the most acclaimed cybersecurity reports in the industry, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).

Currently, in its 13th year, the DBIR is an industry-standard when it comes to gauging the state of cybersecurity around the world...

Click to Enlarge

With small businesses making up 28% of the breaches, owners have to be more proactive in protecting their digital presence. Whether it is an eCommerce site, blog, V-log, podcast, or other digital assets, you have to protect your domain. This not only ensures your data is safe, but it is one more tool you can use to attract new customers; robust security. more

Alliance Trust Savings Censured After Whistleblower’s ‘Spying’ Concerns

A Dundee-based financial firm has been censured by the Information Commissioner over the use of a mobile app which allowed it to access an “excessive amount” of employees’ sensitive personal data...

Alex Forootan, 36, began investigating after receiving an unexpected text message from Microsoft saying someone had attempted to access his email account.

Mr Forootan worked as a database administrator at ATS’s Dundee headquarters between October 2017 and October last year and is set to take the company to an employment tribunal next month.

He recently rejected a £10,000 pay out from ATS over the issue, citing concerns about his ability to raise it to public attention should he accept. more

Regulator Ask for Credit Suisse Directors' Mobile Data in Spy Inquiry

Swiss regulators have requested electronic messaging data from the mobile phones of several Credit Suisse managers and supervisory board directors as part of a probe into spying at the bank, three people familiar with the matter said. more

ADT Employee Had Access to Hundreds of Home Security Camera Streams, Lawsuit Alleges

Hundreds of ADT customers are suing the home-security firm after it admitted that a former employee gained unauthorized access to their systems over the last several years—including the live video streams of their in-home cameras. 

Two federal class-action lawsuits have been filed on behalf of the customers, The Dallas Morning News reports.

The employee was able to add his email address to customers’ accounts during home-service visits, according to the company. With his email address added to the accounts, he was then able to use the company’s mobile app to snoop on in-home security cameras. 

“Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party,” the lawsuits state. “And worse, those moments could have been captured, shared with others, or even posted to the internet.”

ADT reportedly fired the employee after discovering the abuse, and said it brought in measures to prevent a similar incident from taking place in the future. more

Leaked Phone Call Uncovers Possibly Moldy Marijuana | Fact or Business Espionage Trick?

An audio recording of a detailed phone conversation between two people in the Alaska marijuana industry surfaced on YouTube this week, posted by an account that goes by the name of “Bobb Dogg.”

The conversation cannot be confirmed as legitimate, and could even be business espionage...

In the audio, a person who appears to be a manager of one of Anchorage’s largest marijuana stores admits that his company sold 100 pounds of possibly moldy marijuana, and that CBD oil that was supposed to have a low psychoactive level of THC was found to, in fact, contain high amounts...

The video can be viewed by searching for Bobb Dogg on YouTube. The audio is labeled “Weedileaks.” more

Assembling an Ikea Spy Case

Ikea and some of its former executives were ordered to face trial in France over accusations they conspired with police officers to spy on staff.

An Ikea unit in France was accused of collecting information on employees and people applying to work for the furniture giant, according to an indictment dated April 30.

In exchange for a fee, police officers provided confidential information to former Ikea executives on past convictions.

This was in turn used to dismiss staff or turn down applications.

Ikea France said it has “always firmly disapproved” of such practices. more

Eavesdropper Scams Financial Advisor | Prevention Tips

Early in April, a financial advisor and her team met with an insurance company wholesaler via the video conferencing platform Zoom.

Unbeknownst to them, another participant had joined the virtual meeting.

As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.

...It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.

After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker. more

———How to prevent Zoombombing in your video chats in 4 easy steps———

1. Don't use your Personal Meeting ID for the meeting. Instead, use a per-meeting ID, exclusive to a single meeting. Zoom's support page offers a video walk-through on how to generate a random meeting ID for extra security.

2. Enable the "Waiting Room" feature so that you can see who is attempting to join the meeting before allowing them access. Like many other privacy functions, a skillful disrupter can sometimes bypass this control, but it helps to put another hurdle in their route to chaos.

Zoom offers a support article here as well. To enable the Waiting Room feature, go to Account Management > Account Settings. Click on Meeting, then click Waiting Room to enable the setting.

3. Disable other options, including the ability for others to Join Before Host (it should be disabled by default, but check to be sure -- see below). Then disable screen-sharing for nonhosts, and also the remote control function. Finally, disable all file transferring, annotations and the autosave feature for chats...

4. Once the meeting begins and everyone is in, lock the meeting to outsiders ... and assign at least two meeting co-hosts. The co-hosts will be able to help control the situation in case anyone bypasses your efforts and gets into the meeting. more

'Zoom-bombed' | Salary Cuts Call Eavesdropped on by Rival Company

Staff at national news outlet The Independent were on a ‘confidential and sensitive video’ Zoom call to learn about salary cuts and furloughs when it was ‘zoom-bombed’ by an employee from a rival media organisation. more

Mark Di Stefano, a reporter with the Financial Times, allegedly entered meetings held over the video conferencing app by the Independent and the Evening Standard.

Stefano, according to the Independent, brazenly joined the meeting by using his work email address. This caused Stefano’s name to appear on the call, although his camera remained disabled.

The journalist reportedly joined for 16 seconds before logging out but returned soon after by logging in with his phone number.

Not long after the call, Stefano sent out a series of tweets describing topics that the Independent says were discussed during the staff meeting.

Stefano described information on everything from pay cuts to the outlet’s issues with falling ad revenue. more

Related News...
DHS Reportedly Concerned Zoom May be Vulnerable to Foreign Spies 
The feds are concerned that Zoom’s security flaws could make the popular videoconferencing platform vulnerable to foreign spies, a new report says.

An intelligence analysis from the Department of Homeland Security found that Zoom’s explosive growth and its well-known security problems make it a “target-rich environment” for government spy services and other hackers, ABC News reported Tuesday.

“Any organization currently using — or considering using — Zoom should evaluate the risk of its use,” the department warned in the analysis, which was reportedly distributed to law enforcement agencies around the US. more
...and much more.

7 Espionage Tricks to Avoid While Working From Home

Don't get tricked into giving away personal information. 
Why? Because this is what you use for your passwords.

1. Facebook Quizzes
   Quizzes are all over Facebook:  What does your eye color say about you? What kind of dog are you according to your zodiac sign? (Facebook says these were questions the criminals used.)


2. 10 Things About You
   As people try to connect during the stay-at-home order, they are answering cut-and-paste questionnaires from their friends. They usually start with something like “Tell me 10 things I don’t know about you” and go on to ask questions like: Who was your first love? ... Here's the problem: those are the exact same questions asked when you forget your password. So, be wary of posting the answers on social media.
   
   
3. Posting Information about Your Passwords
   People are posting all sorts of information about what’s going on at their homes with their children or with their pets. That’s fine, unless they use those same names as their passwords.


4. Photos of the Home Work Station
   At this point, people are pretty proud of their work from home stations. They have a new webcam, a makeshift desk, and maybe even a good microphone. But posting photos of that home work station might give criminals too much information. Can someone see the screen from a window? Are they giving away the brands and models of their IoT devices (which might or might not have exploitable vulnerabilities)?


5. Clicking Questionable Links
   There are a lot of questionable links on the internet. Users should be wary of sites they don’t recognize. While this is rudimentary advice, it’s a good reminder that the headline “New Pandemic Cure No One Is Talking About” likely leads to a malicious site.


6. Be Aware of What’s Public
   Savvy users have changed their Facebook and Instagram profile settings to make them more private. But as soon as you post to a group or comment on someone’s post without strong privacy settings, folks outside your friend's group can see what you’re doing. And, other sites like Twitter and Reddit are not generally private. more 

 Thanks to Jake Milstein, CI Security Inc. for compiling this list.

"The Warehouse" by Rob Hart (book)

"The Warehouse" by Rob Hart: A thrilling story of corporate espionage at the highest level ... and a powerful cautionary tale about technology, runaway capitalism, and the nightmare world we are making for ourselves” is how Blake Crouch, New York Times (NYT) bestselling author of Dark Matter describes this book. more

"A chilling and all-too-believable portrait of a not-so-far-off future where free will succumbs to big business."--Alafair Burke, New York Times bestselling author of The Better Sister





more

Office Printers: The Ticking IT Time Bomb

Unsecured printers are one of the items on our inspection checklist. Why? Because it is a very common problem. Normally buttoned-up networks put out a hacker welcome mat with just one unsecured printer. ~Kevin

Office printers don’t have to be security threats: with foresight and maintenance they’re very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention.

Hackers haven’t forgotten about printers – not by a long shot. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device, and then laddering up to exploit increasingly sensitive areas.

Furthermore, according to a recent report, foreign governments can also easily conduct industrial espionage by targeting this under-the-radar beachhead into the organizational networks...

Using third parties to continually help identify security risks is a smart course of action for enterprises that are truly serious about security measures. more

Managers: Don’t Rush to Workplace Spyware during Pandemic

A Rutgers organizational psychologist explains ramifications of putting spy software in place.

With millions of employees working remotely due to the coronavirus pandemic, managers—likely new to virtual management—are scrambling to find the best ways to oversee them online.

Computer performance monitoring may interest those looking for “an extra set of eyes,” but workplace surveillance is not that simple, according to John Aiello, an expert in organizational psychology at Rutgers School of Arts and Sciences.“While spy software may relieve the manager’s anxieties, organizations will see an increase in stress on employees and it could decrease productivity,” said Aiello, who has researched the electronic monitoring of workers over the last three decades.

Topics addressed...
How does monitoring software affect productivity?
How does implementing this surveillance affect managers?
Can electronic monitoring be used for “the greater good?”
If employers are thinking about implementing this surveillance, what might be done first? 
more

Gad Zoox - Tesla Settles Trade Secret Theft Law Suit

Zoox Inc. said on Tuesday it had settled a lawsuit with Tesla Inc. after admitting that some new hires from the electric carmaker were in possession of certain Tesla documents when they joined the U.S. self-driving car startup.

Tesla lawyers filed a lawsuit in March last year against four former employees and Zoox, alleging the employees stole proprietary information and trade secrets for developing warehousing, logistics and inventory control operations.

Zoox said the settlement required it to pay Tesla an undisclosed amount and undergo an audit to ensure that none of its employees had retained or are using Tesla's confidential information. more

Zeroing in on Zoom’s Threat to Financial Services

COVID-19 has induced a significant shift in the way we work. Remote is the new reality.

There may be, however, a tremendous cost to Zoom’s convenience... For many, Zoom has been the answer to staying connected in the workplace.

Simply put, the widespread adoption of Zoom amid a global pandemic might be the security vulnerability of the decade. 

In fact, any financial services organization using the service should immediately assume their user credentials are under malicious parties’ control.

In recent weeks, New York Attorney General Letitia James has probed Zoom’s data security strategy, and whether the company’s security protections can keep up with the spike in users. It is also our understanding the FBI, among other federal government agencies, has also prohibited the use of Zoom and WebEx due to security concerns. more
Suit Claims Facebook, LinkedIn Eavesdropped on Zoom Calls
More Zoom news.

Business Espionage - You Staying in Jail

U.S. District Judge Ronnie Greer Wednesday temporarily stayed – or postponed – the pretrial release of Xiorong “Shannon” You, a 56-year-old Chinese-born chemical engineer accused of stealing $17 million in trade secrets from Eastman Chemical Company and more than $100 million more while working for Coca-Cola in Atlanta, according to court documents. more

Corporate Privacy & Information Security Challenges from Covid-19

This is an excellent information security article written by a respected colleague. ~Kevin
via Charles Patterson - Exec Security
The CoVid-19 response has had serious and often devastating effects on individuals and businesses throughout the world... But there are a number of side-effects from this, many of which affect privacy and information security...

Company offices may be left mostly empty with a skeleton crew, and access being granted to maintenance staff or a few lone employees who may still be carrying out basic operations or some who may have just needed to return to pick up something from their desk to help them work better from home.  This means the employees, cleaners, and other staff will be largely unsupervised and may have easy access to areas not normally permitted...

When reviewing your security during this period, here are some very important points to consider:

• How secure was your facility during the down time?
  • Note what areas were weakened, where was less manpower deployed?
• Who continued to have access?
  • What types of staff were still given access? Were employees still allowed back in?
• Were any private or classified areas left open and unattended?
  • Pay particular attention to board rooms, conference areas, and C-suites. Look for any signs of unauthorized activity.
• What incidents may have occurred during the period? 
  • Review logs of any security incidents, look for any correlations that could indicate suspicious activity.
• Were there any areas accessed by unauthorized personnel? 
  • Investigate thoroughly any reports of employees found in unauthorized areas.
• Did any break-ins or vandalism occur?
  • Security breaches or other incidents could be used as a cover for actual espionage activity. If a break-in or theft was reported, pay attention to any nearby areas that may have been accessed as well.

After returning to your offices, pay close attention to anything that has been disturbed, anything that may have been tampered with. Any indication of unauthorized access to offices or secure areas should be investigated thoroughly. Electronic sweeps of critical offices and confidential areas should be scheduled. more