NBA: Phishing doesn’t spare sports institutions

NBA: Phishing doesn’t spare sports institutions
Image source: mohamed_hassan via Pixabay

On last May 10th, in a press release, the Pacers Sports & Entertainment (PSE) organization, owner of the NBA’s basketball team the Indiana Pacers, revealed that they were the victim of a sophisticated phishing attack at the end of 2018.

For reminder, phishing is a technique used to obtain personal information in order to commit an identity theft.  This is a «social engineering» technique, i.e. consisting in exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seemingly coming from a trustworthy company, typically a bank or a business website.

Pacers Sports & Entertainment victim of a phishing attack

At the end of 2018, the company PSE has then been the target of a phishing emails campaign resulting in the unauthorized access to emails containing personal information related to a limited number of individuals.

This cyberattack affected a limited number of individuals but the amount of the stolen information is important: name, address, date of birth, passport number, driver’s license, state identification number, account number, credit/debit card number, digital signature, username and password and for some individuals, the Social Security number.

The American company has quickly implemented measures to secure the affected email accounts and investigate the incident with the assistance of forensic experts. This investigation then revealed that the hackers had access to the accounts of a limited number of persons between October 15th and December 4th, 2018. The press release doesn’t give any details regarding the identity of the targeted persons.

PSE individually notified each victim whose information has been stolen and assures that “to date, PSE has no evidence of actual or attempted misuse of any personal information”. The organization offered to the victims of the cyberattack an access to credit monitoring and identity protection services at no cost.

Some simple rules against phishing

Phishing attacks are increasing. Above all, they are becoming more and more sophisticated, and target all kinds of industries. Each and every one of us must be extra vigilant.

Lastly, for reminder, here are some simple rules to protect yourself against phishing attempts:

  • Do not reply when someone asks for your personal data by email;
  • Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
  • Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
  • Do not trust the name of the mail’s sender. If there is any doubt, contact the sender through another method.

Russia – Vladimir Putin signs the « Sovereign Internet » bill into law

Russia – Vladimir Putin signs the « Sovereign Internet » bill into law
Image source: essuera via Pixabay

In a previous article of Lucie Loos dated of the 21st of last February, the study by the Duma, the lower Chamber of the Russian Parliament, of a draft legislation with the aim to create a “sovereign Internet” in Russia was mentioned. With this law, the country would be able to function in total independence if Russia was cut from the major global servers, by creating Russia’s internal DNS system, which would ensure the link between web address and IP address of the corresponding web servers, without relying on the root servers of the global Internet.

On Wednesday, the 1st of May 2019, Vladimir Putin signed a bill to create Russia’s “Sovereign Internet” into law, its entry into force is planned for November 2019.

Sovereign Internet: IT security or control of Internet?

The bill thus plans to create an “infrastructure allowing to ensure the functioning of the Russian Internet resources in case of the impossibility for the Russian operators to connect to the foreign sources Internet servers”.

The Russian Internet service providers will have to implement technical means allowing a “centralized control of the traffic” on their networks in order to face potential cyberattacks from foreign powerful countries. A control that will be done by Roskomnadzor, the agency in charge of the monitoring of the Russian Telecom and Medias, which has been often accused of arbitrarily blocking web content, and by the Russian Federal Security Service (FSB).

Officially, the “sovereign Internet” was created for the purpose of IT security, but according to many experts, this might be an excuse. This bill is criticized and deemed by many militants as an attempt to control web contents and progressively isolate the Russian Internet in an environment of increasing pressure from the authorities regarding the freedom of expression on Internet.

Many rallies against this bill were organized in Moscow and gathered thousands of Russians last March. Several weeks later, in a joint statement, many international human rights and freedom of expression organizations, of which Reporters without borders and Human Rights Watch, had called on Vladimir Putin not to sign the bill that is “against Moscow’s international commitments in terms of respect for Human rights and particularly poses a threat to media freedom and the rights to freedom of information for people in Russia”. Despite this, the Russian president chose to ignore it and thus the bill was signed on the 1st of May 2019, and will enter into force starting this coming November.

ANSSI annual report – The 5 cyber threats observed in 2018

ANSSI annual report – The 5 cyber threats observed in 2018
Image source: TheDigitalArtist via Pixabay

On April 15, 2019, ANSSI (the National Cybersecurity Agency of France), unveiled its annual report during a press conference. The agency identified 1869 alerts, 391 incidents without counting critical importance operators, 16 major incidents and 14 cyber defence operations for 2018. ANSSI also identified 5 major trends in terms of cyber threats observed in France and in Europe in 2018.

Analysis of cyber threat in 2018 – The 5 major trends

1.Cyber-espionage

Major concern for ANSSI in 2018, according to the agency, cyber-espionage represents the highest risk for the organizations.

Extremely discrete, benefiting from important financial resources, the attackers plan for many years highly targeted and highly sophisticated attacks. In 2018, it was noted that the cyber attackers are increasingly interested in vital activity sectors and specific critical infrastructures like the defence, health or research sectors.

2.Indirect attacks

According to ANSSI, indirect attacks have known an important increase in 2018. Indeed, to avoid the security measures implemented by big companies, which are more and more aware of the cyber risk, the attackers aim intermediaries, like providers, who are more vulnerable, to reach their final targets.

Compromising one partner is enough to reach many companies. So it is essential to choose partners that place their information system’s security at the top of their concerns.

3.Destabilization and influence operations

Because of the nature of the targets and the claims, these attacks though technically moderate, have often an important symbolic impact. An increase has been observed in 2018.

4.Cryptojacking

For reminder, cryptojacking is a cyberattack that consists in using the computer’s power of its victim to mine cryptocurrency.

In 2018, many attacks of this kind were observed. The more and more organized attackers benefit from the security flaws to compromise their victims’ equipment by placing cryptocurrencies’ miners without them knowing it.

5.Online frauds

Online frauds represent as much of a constant cyber threat for the companies and the big organizations as for the individuals. ANSSI noted an important growth of online frauds last year. Big operators are becoming more concerned about cybersecurity, so the attackers turn towards targets less exposed but more vulnerable, like territorial authorities or actors in the health sector which thus were the targets of many phishing attacks in 2018.

Conclusion

The multiplicity and the magnitude of the attacks observed during 2018, prove that it is essential to implement security measures to prevent these cyber threats, within big organizations, big groups as well as small companies.

The conclusion is clear: 2018 proves once again that digital risk, far from being ethereal, must be at the heart of our concerns. Not only those of ANSSI! The cyberattacks affect all of society. That is why we must all seize the matter.” explains Guillaume Poupard, ANSSI’s General Director.

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018
Image source: janjf93 via Pixabay

In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.

According to the WIPO’s General Director, Francis Gurry: “Domain names involving fraud and phishing or counterfeit goods pose the most obvious threats, but all forms of cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing need for vigilance on the part of trademark owners around the world.

UDRP complaints filed with WIPO in 2018*

On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.

In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018
Source: WIPO Statistics Database

However these disputes concerned 5655 domain names, a decrease comparing to 2017 which counted 6371 names.

The main gTLDs in the cases filed with WIPO are unsurprisingly, the .COM (far ahead with 72.88%), the .NET (4.62%), the .ORG (3.50%) and the .INFO (2.23%).

Regarding the disputes on the domain names registered in the new extensions, they represent nearly 13% of the disputes, mostly in .ONLINE, .LIFE and .APP domains.

And lastly, nearly 500 complaints regarding names registered in ccTLDs have been filed, nearly 15% of all the disputes administered by the WIPO in 2018.

The 3 main sectors of complainant activity are the sectors of banking and finance, biotechnology and pharmaceuticals, and Internet and IT.

Geographically, France is placed second with 553 cases filed with the WIPO, just behind the United States (976 complaints) and is one the most reactive countries on this subject.

Note that on all the UDRP cases filed in 2018, Nameshield ranks second in the filing world complaints with 343 cases filed and 66 represented customers**.

Our teams are of course at your disposal to inform you on the possibilities of contentious domain names recovery actions.


*Source: WIPO Statistics Database

**Source: Nameshield’s report on UDRP procedures, 2018

Brexit and .EU domain names: EURid’s action plan on hold

Brexit and .EU domain names: EURid’s action plan on hold
Image source : Tumisu via Pixabay

On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.

In short, as a result of the Brexit, companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an eligible registrant (whose country code isn’t either GB/GI). All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

In case there is a withdrawal agreement, this plan of actions will be implemented as of January 1, 2021.

Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.

To be continued.

The .DEV available to all

The .DEV available to all
Image source: mohamed_hassan via Pixabay

After the launches of the .APP and .PAGE, Google launched .DEV on January 16, its new extension dedicated to developers and technology, following the calendar below:

  • Sunrise period: from 2019/01/16 to 2019/02/19
  • EAP (Early Access Program): from 2019/02/19 to 2019/02/28
  • General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already has more than 64 000 domain names’ registrations according to Domain Name Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension will allow you to present your projects. Don’t hesitate to contact a Nameshield’s consultant for any questions regarding the conditions for the registration of your .DEV.

Brexit’s consequences on .eu domain names : EURid’s action plan

Brexit’s consequences on .eu domain names : EURid’s action plan
Image source : Tumisu via Pixabay

In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019 

New registrations

  • From 30 March 2019: EURid will not allow the registration of any new domain name from registrant declaring an address in Great Britain (country code GB) or in Gibraltar (country code GI).

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

  • On 23 March 2019: EURid will notify by email both GB/GI registrants and their registrars about the forthcoming non-compliance of the data associated to their domain name within the .EU regulatory framework.
  • On 30 March 2019: EURid will again notify by email both GB/GI registrants and their registrars that their domain name is not in compliance with the .EU regulatory framework.
  • Before 30 May 2019: Registrants will be given the possibility to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

During this two months period, the domain names in question will remain active and the following actions are possible:

-Contact data changes including updates to existing contact details pertaining to phone number, email address, postal address and country code;

-Updating a contact or linking a new contact;

-Name server and DNSSEC changes;

-Transfer the domain name to a non GB/GI registrant.

During this two months period, the following actions are not possible:

-Transfer the domain name to a GB/GI registrant;

-Term extension, unless accompanied by a transfer request to an eligible registrant;

-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.

  • As of 30 May 2019: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.
  • On 30 March 2020, i.e. twelve months after the UK withdrawal: All the affected domain names will become available for general registration.
  • For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.

-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.

-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.

  • For .EU domain names that are in the SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case basis, moving forward if appropriate, with the withdrawal of the domain name.
  • For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:

-No transfer to GB/GI registrants from quarantine will be possible during the two months period.

-Transfer to a non-GB/GI registrant will be possible.

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

It will be the same actions but they will be implemented on different dates.

New registrations

  • From 1 January 2021: EURid will not allow the registration of any new domain name from registrant whose country code is either GB/GI.

 .EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

  • 23 December 2020: First email sent about the non-compliance of the data associated to the domain name.
  • 1 January 2021: Second email sent about the non-compliance.
  • Before 2 March 2021: Possibility for the registrants to demonstrate their compliance with the .EU regulatory framework by updating their contact data.
  • As of 2 March 2021: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.
  • On 1 January 2022: All the affected domain names will become available for general registration.

The actions planned in the first scenario regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE », will also be applied in the second scenario.

The Brexit’s consequences thus force the British to rethink their domain names strategy. Indeed, the loss of their .EU domain names will be an opportunity for cybersquatters who reside in the E.U. and meet the eligibility criteria, they would then have the rights to register these .EU domain names. Nameshield’s team is at your disposal to reply to all your questions and to propose you the best recommendations regarding your domain names’ portfolio management.

Cybersecurity overview – CESIN’s barometer

Cybersecurity overview
Image source: TheDigitalArtist via Pixabay

The CESIN (Club of Information and digital security experts) just published the fourth edition of its annual barometer realized with OpinionWay within its 174 members, 84% are CISO (Chief information security officer) of big French companies. This annual study allows to better define the perception and reality of cybersecurity and its issues within the companies which are members of CESIN.

The most common cyberattacks and their impacts

During these twelve last months, although the attacks number tends to stabilize, 80% of the interviewed companies have been the victims of at least one cyberattack, and the consequences on the business (stopping of the production, unavailable website, revenue loss…) are more important than in 2017.

Each year, companies face five kinds of cyberattack on average.

Among the attacks suffered, phishing is the most frequent with 73% of companies affected, followed by the “Fake President” fraud with 50% of the respondents affected, then in third position is the ransomware and the malware infection.

Regarding cyber risks, Shadow IT is the most frequently encountered risk, 64% of the interviewed CISO estimate that this is a threat to deal with. Indeed, the implementation and use of non-approved and often free applications can escape the control of the Information systems department.

Cloud and IoT: the impact of the digital transformation on the security of Information systems

For 98% of the companies, digital transformation has a real impact on the security of Information and data systems and increases the cyberattacks’ perimeter. Particularly through the important use of Cloud, used by 87% of the companies, of which 52% store their data in public Clouds.

This use of Cloud represents an important risk because of the lack of control from the hosting provider regarding the company’s data (through administrators or others), or regarding the subcontracting chain used by the hosting provider, or even regarding the data not deleted. For 89% of the CISO, these issues imply the use of complementary securing tools to the ones proposed by the service provider in order to secure the data stored in the Cloud.

Concerning IoT (Internet of Things), the race for innovation and the increasingly common use of connected things lead to the apparition of new cybersecurity threats, notably due to security flaws in these devices.

A cyber resilience to develop

To face these cyber risks, the CISO develop many technical solutions.

However, despite all these solutions, the CISO are less confident comparing to last year regarding the company’s capacity to face these cyber risks, and less than one out of two estimates that their company is prepared to manage a large scale cyberattack. And yet, only 12% have implemented a real cyber resilience program, it is in process for 33% and 34% are planning to implement one.

Three essentially human issues for the future of the cybersecurity

  • Awareness of the user

According to 61% of the interviewed CISO, the main issue for the future of the cybersecurity is the training and the awareness of the users to the cybersecurity issue. According to the respondents, “even if the employees are aware, they are still not involved enough and do not necessarily follow the recommendations. An important education work remains.”

  • Governance of the cybersecurity

For 60% of the respondents, the governance of the cybersecurity needs to be placed at the right level. Although the compliance to the GDPR allowed the companies to be aware of the data protection issues, the confidence in the ability of the executive committee to take into account the cybersecurity issues stays uneven depending on the activity sectors.

  • Human resources

The lack of Information system security profiles observed by 91% of the CISO, is a real challenge for the companies while 50% of these companies plan to increase the workforce allocated to cybersecurity.

Global risks 2019: Climate and cyber risks at the heart of concerns

Global risks 2019
Image source: PIRO4D via Pixabay

Upstream to the Annual Meeting in Davos that took place on January 22 to 25 in Switzerland, the World Economic Forum presented its Global Risks Report, a report which highlights the main global risks and issues, based on a survey of 1000 international decision-makers from the public sector, private sector, academia and civil society. So what are the main risks that the World is facing?

Cyber risks in the top 5

For the third year in a row, environment-related risks are at the top of the decision-makers’ concerns. They hold the top three of the risks likely to occur in 2019, followed by technology risks which are Data fraud or theft in 4th place, and cyberattacks in 5th.

Thus in 2019, 82% of the interviewed experts expect data and money theft, and 80% expect services and infrastructures disruptions resulting from cyberattacks.

The 5 risks most likely to occur according to experts

  1. Extreme weather events
  2. Failure of climate-change mitigation and adaptation
  3. Natural disasters
  4. Data fraud or theft
  5. Cyberattacks

The top 10 risks in terms of impact

  1. Weapons of mass destruction
  2. Failure of climate-change mitigation and adaptation
  3. Extreme weather events
  4. Water crisis
  5. Natural disasters
  6. Biodiversity loss and ecosystem collapse
  7. Cyberattacks
  8. Critical information infrastructure breakdown
  9. Man-made environmental disasters
  10. Spread of infectious diseases

Cyberattacks take the 7th place, and the critical information infrastructure breakdown the 8th place of the ranking, hence making it into the top 10.

Regarding technology, Børge Brende, the World Economic Forum’s President highlights that “Technology continues to play a profound role in shaping the global risks landscape. Concerns about data fraud and cyber-attacks were prominent again in the GRPS, which also highlighted a number of other technological vulnerabilities: around two-thirds of respondents expect the risks associated with fake news and identity theft to increase in 2019”. These concerns result from 2018 being traumatized by the increase of massive cyberattacks, breaches in IT security systems of States, massive data theft and the increase of artificial intelligence’s use for carrying out cyberattacks always more powerful.