The Jim Bakker Show

Equifax reveals hack that likely exposed data of 143 million customers

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski/File Photo

By Yashaswini Swamynathan

(Reuters) – Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application vulnerability to gain access to certain files that included names, Social Security numbers and driver’s license numbers.

In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.

The Federal Bureau of Investigation is tracking the situation, a spokeswoman for the agency said.

U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (http://reut.rs/2f8ES9k)

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”

LIKELIHOOD FOR PHISHING SEEN HIGH

Cybersecurity experts said the breach was very serious.

“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Ryan Kalember, senior vice president of cyber security firm Proofpoint, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber attack.

“The information is very personal – the likelihood that it could be used for phishing is very high,” said Matt Tait, a former analyst at the British intelligence service GCHQ and a cyber security researcher.

Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.

Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said in a statement that she would reintroduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose off stock worth about $17.8 million, regulatory filings show. It was not clear whether these transactions were part of a pre-arranged sales plan.

Equifax said in a statement that the executives were not aware that an intrusion had occurred when they sold their shares.

(Reporting by Yashaswini Swamynathan in Bengaluru; Additional reporting by Laharee Chatterjee in Bengaluru and Siddharth Cavale and Dustin Volz in Washington; Editing by Leslie Adler)

Cyber alert: EU ministers test responses in first computer war game

By Robin Emmott

TALLINN (Reuters) – European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc’s military missions abroad.

In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests.

Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation.

German Defence Minister Ursula von der Leyen said the “extremely exciting” war game showed the need for EU governments to be more aware of the impact of cyber attacks on critical infrastructure in the EU.

“The adversary is very, very difficult to identify, the attack is silent, invisible,” Von der Leyen told reporters. “The adversary does not need an army, but only a computer with internet connection”.

After a series of global cyber attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.

“We needed to raise awareness at the political level,” Jorge Domecq, the chief executive of the European Defence Agency that helped organize the exercise with Estonia, told Reuters.

Especially concerned about Russia since it seized Crimea from Ukraine in 2014, Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise.

Estonia was hit by cyber attacks on private and government Internet sites in 2007. One of the world’s most Internet-savvy countries, with 95 percent of government services online, Estonia has a separate cyber command in its armed forces. But it is not without its vulnerabilities.

International researchers have found a security risk with the chips embedded in Estonian identity cards that could allow hackers to steal people’s identities, although officials said there was no evidence of a hack.

INCIDENT, THREAT OR ATTACK?

NATO last year recognized cyberspace as a domain of warfare and said it justified activating the alliance’s collective defense clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defense plan.

The EU exercise made ministers consider how to work more closely with NATO, whose Secretary-General Jens Stoltenberg was there as an observer, diplomats present said.

“Over the last year, we saw a 60 percent increase in the number of cyber attacks against NATO networks,” Stoltenberg told reporters. “A timely exchange of information (with the EU) is key to responding to any cyber attacks.”

EU cyber exercises are not new, but officials said the idea of Thursday’s exercise was to put the onus on defense ministers to act by simulating a temporary loss of military operational command, even if they would have more support in a real-life situation.

Using tablet computers, ministers answered multiple-choice questions as they reacted to the situation, including some on whether they would make public statements or keep the situation secret.

“Do you announce to the whole country that you are under a cyber attack. Is it an incident, a threat or an attack? These are the questions that ministers were forced to consider, probably for the first time,” Estonian Defence Minister Juri Luik told Reuters.

(Reporting by Robin Emmott; Editing by Hugh Lawson)

Hackers gain entry into U.S., European energy sector, Symantec warns

By Dustin Volz

WASHINGTON (Reuters) – Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday.

The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview.

The research adds to concerns that industrial firms, including power providers and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict.

In June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials in order to gain access to targeted networks.

Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.

He said dozens of companies had been targeted and that a handful of them, including in the United States, had been compromised on the operational level. That level of access meant that motivation was “the only step left” preventing “sabotage of the power grid,” Chien said.

However, other researchers cast some doubt on the findings.

While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.

Lee called the connection to Dragonfly “loose.”

Dragonfly was previously active from around to 2011 to 2014, when it appeared to go dormant after several cyber firms published research exposing its attacks. The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.

Symantec did not name Russia in its report but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.

(Reporting by Dustin Volz; Editing by Leslie Adler)

More than four million Time Warner Cable records exposed in leak

(Reuters) – More than four million records of users of Time Warner Cable’s MyTWC app were found unsecured on an Amazon server last month, digital security research center Kromtech Security Center said in a blog post on Friday.

The files — more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers — were discovered on Aug. 24 without a password by researchers of Kromtech.

“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter Communications Inc <CHTR.O>, Time Warner Cable’s parent, said in an email.

The information was removed immediately after the discovery and the incident is being investigated, Charter said.

The breach was eventually linked to BroadSoft Inc <BSFT.O>, a communications company, whose unit developed the MyTWC app.

Broadsoft did not immediately respond to a request for comment.

(Reporting by Laharee Chatterjee and Arjun Panchadar in Bengaluru; Editing by Shounak Dasgupta and Sriraj Kalluvila)

Abbott releases new round of cyber updates for St. Jude pacemakers

The ticker and trading information for St. Jude Medical is displayed where the stock is traded on the floor of the New York Stock Exchange (NYSE) in New York City, U.S., April 28, 2016. REUTERS/Brendan McDermid/File Photo

By Michael Erman

NEW YORK (Reuters) – Abbott Laboratories said on Tuesday it would issue updates to reduce the risk of its St. Jude heart implants being hacked and to warn patients that the devices’ batteries may run down earlier than expected.

It was the second round of updates for the heart implants that Abbott has announced since buying medical device maker St. Jude Medical earlier this year.

The U.S. government launched a probe last year of claims the devices were vulnerable to potentially life-threatening hacks that could cause implanted devices to pace at potentially dangerous rates or cause them to fail by draining their batteries.

The company also identified a separate problem with lithium batteries in its heart devices last year. St. Jude recalled some of its 400,000 implanted heart devices last October due to risk of premature battery depletion, which was linked to two deaths in Europe.

The U.S. Food and Drug Administration said then that hospitals should return unused devices and warned patients with an already implanted device to seek immediate medical attention if they get a low-battery alert.

“Abbott is resolving all old St. Jude Medical issues,” Abbott spokeswoman Candace Steele Flippin said.

The new update will provide doctors with an earlier warning when the batteries in Abbott’s implantable cardioverter defibrillators are at risk of early depletion.

Abbott said it would also update the software embedded in pacemakers to reduce the risk of hacking. The company said there have been no reports of unauthorized access to any patient’s implanted device and that compromising the security of the devices would require a complex set of circumstances.

The FDA said it approved the update to ensure that it addresses the cyber security vulnerabilities, and reduces the risk of patient harm.

The FDA and the Department of Homeland Security confirmed in January that St. Jude devices were vulnerable to hacking. But they said they knew of no cyber attacks on patients with the company’s cardiac implants.

The FDA said the benefits of continuing treatment outweighed cyber risks, and DHS said only an attacker “with high skill” could exploit the vulnerability.

They launched the probe in August after short-selling firm Muddy Waters and cyber security firm MedSec Holdings said the devices were riddled with security flaws that made them vulnerable to potentially life-threatening hacks.

When Muddy Waters went public with the claims, it also disclosed it was shorting shares of St. Jude Medical, which was preparing to sell itself to Abbott. The short-selling firm said it believed that disclosure of the vulnerabilities could cause the $25 billion deal to fall apart, but Abbot completed the deal in January.

(Reporting by Michael Erman; Editing by Dan Grebler and Richard Chang)

Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

FILE PHOTO: A Symantec security app is seen on a phone in this illustration photo taken May 23, 2017. REUTERS/Thomas White/Illustration/File Photo

By Rahul Bhatia

MUMBAI (Reuters) – Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region.

India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

CLICKBAIT

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.

Another FireEye official said the attack reported by Symantec was not surprising.

“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.

The Symantec report said the ‘Ehdoor’ backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.

(Reporting by Rahul Bhatia. Additional reporting by Jeremy Wagstaff in Singapore.; Editing by Euan Rocha and Philip McClellan)

Ukraine cyber security firm warns of possible new attacks

KIEV (Reuters) – Ukrainian cyber security firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine could face cyber attacks similar to those which knocked out global systems in June.

The June 27 attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

ISPP said that, as with NotPetya, the new malware seemed to originate in accounting software and could be intended to take down networks when Ukraine celebrates its Independence Day on Aug. 24.

“This could be an indicator of a massive cyber attack preparation before National Holidays in Ukraine,” it said in a statement.

In a statement, the state cyber police said they also had detected new malicious software.

The incident is “in no way connected with global cyber attacks like those that took place on June 27 of this year and is now fully under control,” it said.

The state cyber police and the Security and Defence Council have said Ukraine could be targeted with a NotPetya-style attack aimed at destabilizing the country as it marks its 1991 independence from the Soviet Union.

Last Friday, the central bank said it had warned state-owned and private lenders of the appearance of new malware, spread by opening email attachments of word documents.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.

(Reporting by Natalia Zinets; Additional reporting by Pavel Polityuk; Writing by Alessandra Prentice; editing by Mark Heinrich and Richard Balmforth)

Trump lifts Cyber Command status to boost cyber defense

WASHINGTON (Reuters) – President Donald Trump said on Friday he was elevating the status of the Pentagon’s U.S. Cyber Command to help spur development of cyber weapons to deter attacks and punish intruders.

In a statement, Trump said the unit would be ranked at the level of Unified Combatant Command focused on cyberspace operations.

Cyber Command’s elevation reflects a push to strengthen U.S. capabilities to interfere with the military programs of adversaries such as North Korea’s nuclear and missile development and Islamic State’s ability to recruit, inspire and direct attacks, three U.S. intelligence officials said this month, speaking on the condition of anonymity.

Cyber Command had been subordinate to the U.S. Strategic Command, which is also responsible for military space operations, nuclear weapons and missile defense.

Once elevated, Cyber Command would have the same status as U.S. Strategic Command and eight other unified commands that control U.s. military forces and are composed of personnel from multiple branches of the armed services.

The Pentagon did not specify how long the elevation process would take.

Current and former officials said a leading candidate to head U.S. Cyber Command was Army Lt. Gen. William Mayville, currently director of the Pentagon’s Joint Staff.

Trump also said the defense secretary was also considering separating the U.S. Cyber Command from the National Security Agency (NSA). Cyber Command’s mission is to shut down and, when ordered, counter cyber attacks. The NSA’s role is to gather intelligence and generally favors monitoring enemies’ cyber activities.

Republican Senators John McCain and Lindsey Graham, both strong voices on security matters, praised the move and said it would boost the command’s abilities.

Still, McCain, chairman of the Senate Armed Services Committee, said more steps were needed to meet the nation’s cyber security challenges.

“We must develop a clear policy and strategy for deterring and responding to cyber threats. We must also develop an integrated, whole-of-government approach to protect and defend the United States from cyberattacks,” he said in a statement.

The new combatant command will improve U.S. capabilities to punish foreign cyberattacks and discourage attempts to disrupt critical U.S. infrastructure such as financial networks, electric grids, and medical systems. It will establish a cyber version of the nuclear doctrine of “mutual assured destruction” between the United States and the former Soviet Union, the three U.S. officials said

The U.S. is more vulnerable to cyber intrusions than its most capable adversaries, including China, Russia, and North Korea, because its economy is more dependent on the internet, two of the officials said. As other nations improve their communications networks, their vulnerability will grow, they added.

(Reporting by Makini Brice and Susan Heavey. Additional reporting by Idrees Ali, John Walcott and Warren Strobel.; Editing by Franklin Paul and Andrew Hay)

Ukraine central bank warns of new cyber-attack risk

By Natalia Zinets

KIEV (Reuters) – The Ukrainian central bank said on Friday it had warned state-owned and private lenders of the appearance of new malware as security services said Ukraine faced cyber attacks like those that knocked out global systems in June.

Kiev’s central bank has since been working with the government-backed Computer Emergency Response Team (CERT) and police to boost the defenses of the Ukrainian banking sector by quickly sharing information.

“Therefore on Aug. 11…, the central bank promptly informed banks about the appearance of new malicious code, its features, compromise indicators and the need to implement precautionary measures to prevent infection,” the central bank told Reuters in emailed comments.

According to its letter to banks, seen by Reuters, the new malware is spread by opening email attachments of word documents.

“The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyber-attack on the corporate networks of Ukrainian businesses,” the letter said.

The state cyber police and Security and Defence Council have said Ukraine could be targeted on Aug. 24 with a NotPetya-style attack aimed at destabilizing the country as it celebrates its 1991 independence from the Soviet Union.

(Writing by Alessandra Prentice; editing by Mark Heinrich)

Greater China cyber insurance demand set to soar after WannaCry attack: AIG

FILE PHOTO: A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su/File Photo

By Julie Zhu

HONG KONG (Reuters) – Demand for cyber insurance from firms in Greater China and elsewhere in Asia is poised to soar, based on enquiries received after the “WannaCry ransomware” attack earlier this year, executives at American International Group Inc said.

The American insurer saw an 87 percent jump in enquiries for cyber insurance policies in May compared to April for Greater China including Hong Kong as a direct result of the WannaCry attack, while the global increase was 38 percent, they said.

“The big increase means the organizations are aware they really need protection,” Cynthia Sze, head of an AIG business in Greater China that provides solutions to companies dealing with cyber breaches, told reporters. AIG executives declined to give details on numbers or say how many of the enquiries actually resulted in policy sales.

The self-replicating WannaCry malware in May infected over 200,000 computers in 150 countries.

A typical cyber insurance policy can protect companies against extortion like ransomware attacks. It could also cover the investigation costs and pay the ransom.

In Hong Kong, which is dominated by small and medium sized enterprises, the impact of a cyber attack could be severe as cyber threats are not a priority given the limited resources of SMEs, said Sze.

Citing Hong Kong police statistics, Sze said computer security incident reports have grown to about 6,000 last year from 1,500 in 2009. Financial losses resulting from such incidents jumped from HK$45 million ($5.76 million) to HK$2.3 billion over the same period, she said.

Hong Kong police did not immediately respond to a request for comment to confirm the numbers.

“WannaCry has really changed the dynamics. We used to tap large multinational companies that understood where the exposure was. Now we are really talking about mid-market and SMEs,” said Jason Kelly, AIG’s head of liabilities and financial lines for Greater China, Australasia and South Korea.

The global market for cyber insurance is worth $2 billion, with 30 percent of middle to large firms purchasing cyber insurance protection, according to AIG. The insurer has also seen an average annual growth rate of 20 to 25 percent in cyber insurance policies over the past three years worldwide, said Kelly.

Insurance companies have been cautiously entering the cyber insurance market as they look for growth amid stiff competition and potential exposure to cyber breaches.

According to Kelly, the annual damage from hackers to the global economy reached about $400 billion in 2015.

(Reporting by Julie Zhu; Editing by Muralikumar Anantharaman)

Sign up for Jim Bakker Show