News:

A high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month.

New Zealand

‘Unruly’ Tourist Breaches NZ Customs eGate

A group of unruly British tourists caused a storm over the Summer holiday period with reports of alleged crime up and down the country.

According to media reports dated 26 February 2019, the New Zealand Police and Interpol are now attempting to track down one of the unruly tourists who failed to appear in court facing allegations of fraud, assault with a weapon and reckless driving.

According to Customs, he left the country on 26 January 2019 using a valid passport that wasn’t his own. He was rejected by an eGate, which uses biometric data to match and confirm the identity of passengers. The eGate identified that further checks were required on the passport. The image was automatically sent to a Customs officer, who incorrectly identified him as the passport owner, resulting in a case of human error.

Cryptopia – Update

On 27 February 2019, Cryptopia tweeted:

“We are continuing to work on assessing the impact incurred as a result of the hack in January. Currently, we have calculated that worst case 9.4% of our total holdings was stolen”.

World

617 Million Accounts Stolen from 16 Hacked Websites for Sale on the Dark Web

In mid-February 2019, reports started circulating that around 617 million online account details, which had been stolen from 16 hacked websites, were for sale on the dark web for less than $20,000 in Bitcoin.

According to one report, the details include account holder names, email addresses and passwords. However, the passwords were hashed which would firstly require decrypting before they can be used.

A spokesperson for one of the websites claimed that they were not aware of a breach at the time and that their legal, forensic and security teams were looking into options to ensure they have the best security stance moving forward.

Israeli Cyber-Hotline Offers Help for The Hacked

Israel has launched a cyber hotline to enable businesses and private individuals to report suspected hacking and receive real-time solutions.

The centre has around 20 responder terminals which face a bank of screens, one of which shows a world map with live cyber-attacks on Israel.

Since its launch, the hotline has received around 100 calls per day. Most of the callers are either victims of cyber-crime or “white hat hackers”, who are well intentioned technologists who have discovered a security vulnerability which requires urgent fixing.

2023 Digital Forensics Market Segmented by Key Players

According to a recent research report, the Digital Forensics market was worth USD 3.14 billion in 2017 and is projected to reach USD 5.37 billion by 2023. The following are several key developments which are included in the report:

  • In 2018, AccessData introduced next-generation competences for directing digital investigations. This is likely to boost the company’s financial position and expand their product portfolio
  • In 2017, Guidance Software was acquired by OpenText, a leader in Enterprise Information Management. This acquisition is expected to bring more customers and expand its regional presence.

A sample of other vendors reviewed in the report include FireEye, LogRhythm, Oxygen Forensics, Paraben Corporation, Cellebrite and Magnet Forensics, amongst others.

Our Views:

A selection of issues relevant to Forensic and Cyber Security matters during the last month. This month’s theme is “Free Training Tools”.

Privacy Education

As the quantity of customer data being collected increases, so too must the degree of vigilance being paid to prevent a Privacy Breach. We recommend that all staff who are in any way connected with the collection and storage of personal information, undertake training so they are familiar with their obligations under the current Privacy Act.

The Office of the Privacy Commissioner offers a suite of online Privacy learning modules including Privacy 101, Health Information, Employment and Privacy, Credit Reporting, Privacy Impact Assessments and Information Sharing Agreements.

There are also several accompanying guides to the modules which can be downloaded. We encourage you to sign up and start obtaining your own certificate(s) here.

OWASP New Zealand Day 2019

The recent introduction of the General Data Protection Regulation (GDPR), and the requirement for Privacy by Design, requires organisations to consider “data protection through technology design”.

To keep abreast of security design requirements, training is available globally, online and locally. One local example was the tenth OWASP (Open Web Application Security Project) New Zealand Day conference which was held at the University of Auckland on 22 February 2019. OWASP New Zealand Day is a one-day conference dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Presentations from the event can be viewed here on YouTube.

Cybersecurity Toolkit for Small to Medium-Sized Businesses

As reported in countless surveys and whitepapers, organisations generally accept that Cyber is now a key risk. So, what should you do next to mitigate this risk? First you should select a suitable set of security controls, then you need a programme of work with suitable resources.

If you are not sure where to start, a good example is the Global Cyber Alliance (GCA) which has built a toolkit for small to medium-sized businesses. The GCA has aligned to the Center for Internet Security Controls (CIS Controls).  Select the controls most relevant to your critical assets and start making improvements using the free tools, practical tips and guides located here.

About the Bulletin:

The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.

To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.

This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.