Personal data for sale in China
In late August, Reuters published an article stating that "personal data has become widely available in China" for insurance companies, banks, and scammers alike. The report warns of the ease of acquiring such information through illegal means, stating that companies can purchase information illegally from the department of motor vehicles, car licensing authorities, car sellers, or even police stations.
Even though China issued in May 2018 more stringent data privacy laws, there still exists a large market for selling and buying personal information. According to local experts interviewed, there remains an imbalance between the economic benefits of the trade compared to the relatively low sanctions for violating relevant laws.Read the Reuters’ full report here
Lazarus cybercriminals targeted the MacOS platform
The North Korean cybercrime group, Lazarus, appeared lately with a new campaign, coined “AppleJeus” by the Kaspersky Lab, whose aim may have been to not only infiltrate a cryptocurrency exchange but also to inject malware into the MacOS platform. The Kaspersky Lab’s Global Research and Analysis Team discovered that the cybercrime group used a Trojanized cryptocurrency trading software to target the MacOS platform, among others. This is the first case in which Kaspersky Lab researchers have observed the Lazarus group distributing malware targeting the MacOS software and its users, and cautioned all users. The team's concern is that MacOS machines and users may be less prepared to deal with malware stating, “This should be a lesson to all of us and a wake-up call to businesses relying on third-party software. Do not automatically trust the code running on your systems. Neither good looking website[s], nor solid company profile nor the digital certificates guarantee the absence of backdoors.”Find the Kaspersky expert's related blogpost here
Facebook continues to struggle to protect customer data
Facebook is still striving to control the companies that use its data, even after the recent Cambridge Analytica scandal. The social media giant announced in late August that myPersonality, an app active primarily pre-2012, has been banned by Facebook for sharing data in a manner that inadequately protected users’ rights to privacy. Facebook stated that it would inform the roughly 4 million affected users that their data may have been misused. Since the beginning of its investigation in March 2018, Facebook has detected and suspended more than 400 apps for similar reasons.Find the Facebook announcement here
Rapid7’s second quarter 2018 cyber threat report identifies finance, professional and information sectors as primary target of cybercrime.
According to the latest cyber threat report from the security firm Rapid7, the finance, professional and information sectors are the most targeted by malicious activity in the second quarter of 2018. The report identifies remote access as the top method for stealing information and mining cryptocurrency, while the most common systems of access were through credential theft, credential dumping and brute force. There are also common breach tactics between the different sectors, such as credential threat campaigns, breached network access, account leaks and impersonation or suspicious link attempts. The report also expects incident growth in the coming months across all industries.Find out this and more information inside the Rapid 7 report here
CSA publishes the Malaysian Financial Sector Cloud Adoption Report, Malaysian Government
The Cloud Security Alliance (CSA), the world’s leading organisation helping to ensure a secure cloud computing environment, has released a new report on cloud adoption in the Malaysian financial sector. The report recognizes a positive trend in developing cloud strategy, with 65% of the Malaysian Financial Services (FSI) working on such a strategy and 17.6% already adopting one. However, 23.5% of respondents said they had not yet established data security and compliance regulations for their cloud systems, while only 11.7% answered in the affirmative to having data security and compliance systems in place. As a result, more than half of the respondents did not define a strategy for cloud service data security and compliance regulations. The CSA is now asking the Malaysian Government to help ease the adoption of secure cloud services by introducing guidelines that would support financial companies so they could enjoy the benefits while maintaining compliance with regulations.The study is available here
Find the CSA adoption study in China here
Find the CSA adoption study in India here