The incident has impacted numerous Change Healthcare applications, including pharmacy, medical records

Read More

SentinelLabs and ClearSky said the group leverage a substantial network of social media accounts

Read More

The OWASP Foundation provides new guidelines to deploy secure-by-design LLM use cases

Read More

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry.

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON, a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. But the leaked documents, which include candid employee chat conversations and images, show a less public side of i-SOON, one that frequently initiates and sustains cyberespionage campaigns commissioned by various Chinese government agencies.

The leaked documents suggest i-SOON employees were responsible for a raft of cyber intrusions over many years, infiltrating government systems in the United Kingdom and countries throughout Asia. Although the cache does not include raw data stolen from cyber espionage targets, it features numerous documents listing the level of access gained and the types of data exposed in each intrusion.

Security experts who reviewed the leaked data say they believe the information is legitimate, and that i-SOON works closely with China’s Ministry of State Security and the military. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

“The leak provides some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem,” said Dakota Cary, a China-focused consultant at the security firm SentinelOne. “It shows explicitly how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire.”

Mei Danowski is a former intelligence analyst and China expert who now writes about her research in a Substack publication called Natto Thoughts. Danowski said i-SOON has achieved the highest secrecy classification that a non-state-owned company can receive, which qualifies the company to conduct classified research and development related to state security.

i-SOON’s “business services” webpage states that the company’s offerings include public security, anti-fraud, blockchain forensics, enterprise security solutions, and training. Danowski said that in 2013, i-SOON established a department for research on developing new APT network penetration methods.

APT stands for Advanced Persistent Threat, a term that generally refers to state-sponsored hacking groups. Indeed, among the documents apparently leaked from i-SOON is a sales pitch slide boldly highlighting the hacking prowess of the company’s “APT research team” (see screenshot above).

The leaked documents included a lengthy chat conversation between the company’s founders, who repeatedly discuss flagging sales and the need to secure more employees and government contracts. Danowski said the CEO of i-SOON, Wu Haibo (“Shutdown” in the leaked chats) is a well-known first-generation red hacker or “Honker,” and an early member of Green Army — the very first Chinese hacktivist group founded in 1997. Mr. Haibo has not yet responded to a request for comment.

In October 2023, Danowski detailed how i-SOON became embroiled in a software development contract dispute when it was sued by a competing Chinese cybersecurity company called Chengdu 404. In September 2021, the U.S. Department of Justice unsealed indictments against multiple Chengdu 404 employees, charging that the company was a facade that hid more than a decade’s worth of cyber intrusions attributed to a threat actor group known as “APT 41.”

Danowski said the existence of this legal dispute suggests that Chengdu 404 and i-SOON have or at one time had a business relationship, and that one company likely served as a subcontractor to the other on specific cyber espionage campaigns.

“From what they chat about we can see this is a very competitive industry, where companies in this space are constantly poaching each others’ employees and tools,” Danowski said. “The infosec industry is always trying to distinguish [the work] of one APT group from another. But that’s getting harder to do.”

It remains unclear if i-SOON’s work has earned it a unique APT designation. But Will Thomas, a cyber threat intelligence researcher at Equinix, found an Internet address in the leaked data that corresponds to a domain flagged in a 2019 Citizen Lab report about one-click mobile phone exploits that were being used to target groups in Tibet. The 2019 report referred to the threat actor behind those attacks as an APT group called Poison Carp.

Several images and chat records in the data leak suggest i-SOON’s clients periodically gave the company a list of targets they wanted to infiltrate, but sometimes employees confused the instructions. One screenshot shows a conversation in which an employee tells his boss they’ve just hacked one of the universities on their latest list, only to be told that the victim in question was not actually listed as a desired target.

The leaked chats show i-SOON continuously tried to recruit new talent by hosting a series of hacking competitions across China. It also performed charity work, and sought to engage employees and sustain morale with various team-building events.

However, the chats include multiple conversations between employees commiserating over long hours and low pay. The overall tone of the discussions indicates employee morale was quite low and that the workplace environment was fairly toxic. In several of the conversations, i-SOON employees openly discuss with their bosses how much money they just lost gambling online with their mobile phones while at work.

Danowski believes the i-SOON data was probably leaked by one of those disgruntled employees.

“This was released the first working day after the Chinese New Year,” Danowski said. “Definitely whoever did this planned it, because you can’t get all this information all at once.”

SentinelOne’s Cary said he came to the same conclusion, noting that the Protonmail account tied to the GitHub profile that published the records was registered a month before the leak, on January 15, 2024.

China’s much vaunted Great Firewall not only lets the government control and limit what citizens can access online, but this distributed spying apparatus allows authorities to block data on Chinese citizens and companies from ever leaving the country.

As a result, China enjoys a remarkable information asymmetry vis-a-vis virtually all other industrialized nations. Which is why this apparent data leak from i-SOON is such a rare find for Western security researchers.

“I was so excited to see this,” Cary said. “Every day I hope for data leaks coming out of China.”

That information asymmetry is at the heart of the Chinese government’s cyberwarfare goals, according to a 2023 analysis by Margin Research performed on behalf of the Defense Advanced Research Projects Agency (DARPA).

“In the area of cyberwarfare, the western governments see cyberspace as a ‘fifth domain’ of warfare,” the Margin study observed. “The Chinese, however, look at cyberspace in the broader context of information space. The ultimate objective is, not ‘control’ of cyberspace, but control of information, a vision that dominates China’s cyber operations.”

The National Cybersecurity Strategy issued by the White House last year singles out China as the single biggest cyber threat to U.S. interests. While the United States government does contract certain aspects of its cyber operations to companies in the private sector, it does not follow China’s example in promoting the wholesale theft of state and corporate secrets for the commercial benefit of its own private industries.

Dave Aitel, a co-author of the Margin Research report and former computer scientist at the U.S. National Security Agency, said it’s nice to see that Chinese cybersecurity firms have to deal with all of the same contracting headaches facing U.S. companies seeking work with the federal government.

“This leak just shows there’s layers of contractors all the way down,” Aitel said. “It’s pretty fun to see the Chinese version of it.”

Read More

ISC2 found that 82% of cybersecurity professionals believe AI will improve the efficiency of their jobs

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In our digitized world, online banking has become an integral part of managing your finances, offering unparalleled convenience. However, with this convenience comes an increasing need for robust cybersecurity measures. As you embrace the ease of handling your financial affairs online, understanding the importance of cybersecurity becomes paramount. 

This article delves into the critical role of cybersecurity in safeguarding your financial assets and personal information from the evolving risks associated with online banking.

Risks associated with online banking

Engaging in online banking exposes you to various risks that demand your vigilance. Financial data breaches, where cybercriminals exploit vulnerabilities to gain unauthorized access to sensitive information, pose a significant threat. 

Phishing attacks, disguised as legitimate communications, aim to trick you into disclosing personal details. Additionally, identity theft, a direct consequence of these breaches, can lead to severe financial implications. Recognizing these risks is the first step in fortifying your online banking experience and ensuring the protection of your valuable information.

Beyond individual concerns, these risks reverberate through financial institutions, impacting their reputation. Financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks and reputational damage becomes a looming threat for financial institutions, highlighting the critical need for comprehensive cybersecurity measures.

Offshore banking risks

Offshore banking, while offering financial privacy and potential tax advantages, poses certain risks that individuals should be aware of. 

One significant concern is the potential for increased susceptibility to financial fraud and money laundering due to the less stringent regulations in some offshore jurisdictions. Additionally, the lack of transparency in offshore banking systems may create challenges in recovering funds in the event of disputes or legal issues.

It’s crucial for individuals engaging in offshore banking to carefully evaluate the regulatory environment, conduct thorough due diligence on financial institutions, and be aware of the potential risks associated with this financial strategy.

The impact of cyber-attacks on individuals and financial institutions

The fallout from cyber-attacks extends far beyond individual victims, leaving lasting effects on financial institutions. Instances of financial losses and unauthorized activities not only harm individuals but also erode the trust customers place in their banks.

The repercussions of cyber-attacks reverberate through the broader financial landscape, extending well beyond the immediate impact on individual victims. 

It is sobering to consider that when a financial institution falls victim to a cyber-attack, the consequences are felt on a systemic level. Instances of financial losses and unauthorized activities create a ripple effect, compromising the overall integrity of the affected institution. The fallout includes not only the immediate financial implications but also the erosion of trust that customers place in their banks.

Security measures implemented by online banking platforms

To counter these evolving threats, online banking platforms implement a range of security measures. Multi-factor authentication stands as a frontline defense, requiring more than just a password for access. This additional layer of verification ensures that even if your password is compromised, unauthorized access is thwarted. 

Encryption protocols play a crucial role in ensuring the secure transmission of your sensitive data over the internet. By encoding the information in a way that only authorized parties can decipher, encryption safeguards your financial details from potential breaches during online transactions. 

Complementing these measures, continuous monitoring and threat detection mechanisms add an extra layer of proactive defense. By identifying and mitigating potential risks before they escalate, online banking platforms maintain a robust security posture, contributing to a fortified digital infrastructure that ensures the confidentiality and integrity of your financial information.

As you navigate the world of online banking, understanding and appreciating these security measures is essential. They collectively contribute to creating a secure environment where your financial transactions can occur with confidence. Stay informed about these measures, follow best practices, and actively engage with the security features provided by your online banking platform to enhance the protection of your sensitive information.

Cybersecurity best practices for online banking users

While online banking platforms implement robust security measures, your active participation is crucial in maintaining a secure online environment. 

These include things like: 

Adopting strong password management practices, including the use of complex and unique passwords. These serve as a fundamental defence against unauthorized access.
Regularly updating software and security patches on your devices ensures that potential vulnerabilities are promptly addressed.
Cultivating awareness of social engineering techniques to ensure you recognize and thwart phishing attempts, enhancing your overall cybersecurity posture.

Regulatory framework and compliance in online banking security

Recognizing the critical role of cybersecurity, regulatory bodies have established frameworks and standards to guide financial institutions. These regulations aim to ensure the implementation of adequate security measures, emphasizing the protection of customer information and financial data. 

Compliance with these standards not only strengthens the overall security posture of financial institutions but also instills confidence among users in the online banking ecosystem. Future trends and innovations in online banking security As technology evolves, so do the strategies employed in online banking security. Advanced biometric authentication methods, such as fingerprint and facial recognition, are emerging as secure alternatives to traditional authentication measures. 

Artificial intelligence is increasingly utilized for threat detection, analyzing patterns to identify and respond to potential risks. Additionally, blockchain technology is gaining prominence for its potential to enhance the security and transparency of financial transactions.

Staying abreast of these innovations positions you to adapt to the evolving landscape of online banking security.

Educating users on cybersecurity awareness

Empowering users with cybersecurity awareness is a fundamental aspect of enhancing online banking security. Financial institutions play a pivotal role in providing resources and information to users, fostering a culture of informed decision-making and letting customers know what they are up against. 

Educational programs that cover topics such as recognizing phishing attempts, understanding the importance of strong passwords, and staying vigilant against emerging threats contribute to a more cyber-resilient user base.

Collaboration between financial institutions and cybersecurity experts

Recognizing the dynamic nature of cyber threats, collaboration between financial institutions and cybersecurity experts is crucial.  Strengthening partnerships for collective cyber defense involves active information sharing and the exchange of threat intelligence. By pooling resources and expertise, financial institutions can stay one step ahead of cybercriminals, ensuring a robust defense against evolving threats.

Conclusion

In conclusion, the importance of cybersecurity in online banking cannot be overstated. As you navigate the digital landscape of financial transactions, being aware of the risks and actively participating in securing your online presence becomes imperative. 

Whether through the implementation of advanced security measures by online banking platforms or your commitment to best practices, a collective effort is essential in ensuring a secure and trustworthy online banking environment. 

The paramount takeaway should be that: as technology evolves, staying informed and proactive in adapting to emerging trends will further strengthen the resilience of online banking security, safeguarding your financial well-being in the digital age.

Read More