It has been about a week since China implemented its new controversial cybersecurity law, and it is already being put to the test. Yesterday, Chinese authorities stated that they'd uncovered a huge underground operation run by Apple employees stealing and selling user computer and phone personal data.
According to Fox Business, police have detained 22 people, including 20 from Apple "direct sales outlets" in China and companies that Apple outsources services to. The detainees had apparently used Apple's internal system to illegally obtain and sell sensitive iPhone information such as phone numbers and names and Apple IDs.
The selling of private data and personal information is rampant in China, hence the new cybersecurity law, which of course is aimed at protecting that very thing. The investigation over this theft is kind of a big deal, as it is a test of how well Apple Inc. and other foreign companies protect Chinese citizens' personal data.
iPhone users' information is a pretty big ticket item on the black market. Obtaining such data (Apple ID's, for example) could help hackers hold iPhones hostage - remotely locking them and then demanding payment from the user to unlock it. And if a hacker were to gain access to a user's cloud storage... game over.
Before China's "new and improved" cybersecurity law, companies have largely gotten off scot-free when employees used their access to internal computer systems to steal users' personal data, according to Liu Chunquan, an intellectual property lawyer with Shanghai-based Duan & Duan Law Firm. According to Chunquan, those days are over with the implementation of the new law. Companies now potentially face heavy fines and other kinds of punishment if their systems aren't up to snuff. Essentially, if a company's systems are found to blame for a leak, it's straight to the doghouse.
Based on police reports, government authorities could potentially have grounds to investigate potential holes in Apple's internal data management in China, said You Yunting, a partner with Shanghai-based DeBund Law Offices.
Our second story takes a look at new evidence in the never-ending "did they or didn't they - the Russian U.S. election hacking" saga. VR Systems Inc., a Florida IT services firm that provides voting software and other technology services, appears to have been an unwitting portal by which Russian military hackers tunneled their way into several local government networks in an effort to influence the 2016 U.S. Presidential election. (As reported by MSPmentor).
This upsetting new realization was revealed in a report published by The Intercept, a British news website, which got its information from on a top-secret memo (allegedly) stolen by a National Security Agency (NSA) contractor and sent anonymously to the journalists.
The report, which came out last month, outlines how Kremlin hackers in August of 2016 used phishing scams aimed at least seven employees at the Florida firm in order to gain access to the workers’ login credentials. The hackers set up an ‘operational’ Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation ‘targeting U.S. local government organizations.
According to the report, the emails contained a Microsoft Word document that had been ‘trojanized’ so that when it was opened, it would send out a "beacon" to the ‘malicious infrastructure’ set up by the hackers. Even with this new discovery, it has not been proven that the spear-phishing deployment was successful, or that it indeed compromised the intended victims. It has also not be ascertained what potential data could have been accessed by the attackers.
Unfortunately, hackers see IT and managed services providers as targets - easy entry point for accessing client networks. With cyber criminals specifically targeting MSPs, there needs to be even more caution and focus built around protecting sensitive data and intellectual property.
Our last story this week examines new data from Nexusguard regarding Distributed denial of service (DDoS) attacks. According to Nexusguard’s recent “Q1 2017 Threat Report,” attack frequency exploded by 380 percent in the first quarter of 2017 compared to the same time last year. For example, HTTP Flood attacks increased by 147 percent this quarter, targeting the application layer and overtaking TCP, DNS and other popular volumetric attacks in popularity.
It's no secret that attacks and their severity/damaging effects have gotten out of control, but this report shows the true impact of the bombardment. Enterprises and organizations can't upgrade their defense mechanisms fast enough. The increased spread of the Internet of Things (IoT) has also provided a bevy of opportunities for hackers, with a smorgasbord of insecure devices to hack.
According to the press release, Nexusguard has set about gathering the DDoS attack data through botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets that is unbiased by any single set of customers or industries. Nexusguard cites lengthier attacks at erratic intervals as becoming the norm, and recommends that organizations use multi-layered mitigation to prevent systems from being overwhelmed with multiple DDoS vectors.
“IoT botnets are only the beginning for this new reign of cyberattacks," said Juniman Kasman, chief technology officer for Nexusguard. "Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects." Kasman goes on to say that this early data for 2017 makes it very clear that MSPs and enterprises need to employ multi-layered defenses that use nimble resources, including large, redundant scrubbing networks and around-the-clock security operations "if they hope to keep from drowning in the deluge of new attacks.”
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.