AuthorTAFA Archives
April 2024
Categories
All
|
Back to Blog
In today's digitally connected world, organizations face increasingly sophisticated cyber threats that can have severe consequences for their operations, reputation, and bottom line. As a result, cybersecurity has become a critical topic of discussion, and its importance has elevated to the boardroom level. The importance of cybersecurity is especially evident in the U.S Securities and Exchange Commission (SEC) proposed new regulations. The regulations will require companies to disclose information about a cybersecurity incident within 4 days and disclose who on their board is responsible for dealing with the incident. The regulations will also require businesses to disclose their policies and procedures to identify and manage cybersecurity risk, including the impact of cybersecurity risk on their business strategy; board of directors’ cybersecurity experience and expertise. This indicates the matter of fact that cybersecurity is now integral to the modern business operations, and can no longer be left out. In this article, we will explore an insightful article that emphasizes the significance of cybersecurity strategy and its integration into boardroom discussions. Christopher Hetner’s article on DarkReading sheds light on the evolving landscape of cybersecurity and the imperative need for organizations to adopt a proactive approach in protecting their digital assets. I will be delving into the key takeaways from this article, as well as adding important points for organizations to consider. Key Takeaways 1. The Changing Perception of Cybersecurity Traditionally, cybersecurity was perceived as a purely technical issue handled solely by IT departments. However, with the increasing frequency and impact of cyber attacks (66% of businesses were hit by ransomware attack), there is a growing recognition that cybersecurity is a strategic business concern that demands attention from top-level executives and board members. It is a critical business concern that demands attention and action from top-level executives and board members. With the evolving threat landscape, and new regulatory frameworks such as regulations by the SEC, cybersecurity can longer be an afterthought or seen as an extra feature, but rather cybersecurity must be at the core of business operations. 2. Cybersecurity as a Business Enabler Effective cybersecurity measures not only mitigate risks but also enable organizations to innovate, differentiate themselves, and gain a competitive edge. By incorporating cybersecurity into their strategic planning, organizations can leverage the trust and confidence of customers, partners, and stakeholders, fostering a secure digital environment for growth and success. By viewing cybersecurity as a business enabler, organizations can unlock new opportunities and fortify their resilience against evolving threats. 3. Active Involvement of Board Members Board members have a crucial responsibility in driving cybersecurity strategy. They must actively engage in discussions, ask pertinent questions, and ensure that cybersecurity receives adequate resources and attention. Board members need to have a firm understanding of their risk posture and vulnerability. This is especially the case with directors now being held responsible and accountable for their company’s cybersecurity infrastructure. By integrating cybersecurity into boardroom discussions, organizations demonstrate their commitment to protecting their assets and stakeholders. Additionally, by fostering a culture of cybersecurity awareness at the highest level, organizations can set the tone for the entire company. 4. Closing the Communication Gap Cybersecurity professionals (i.e. chief information and security officers) and the board of directors need to collaborate and communicate effectively to each other. Particularly cybersecurity professionals should articulate the potential impacts of cyber threats and vulnerabilities in a way that can be easily interpreted and understood, helping board members understand the risks and make informed decisions. (NO technical jargon!) 5. Cybersecurity Risk Assessment and Incident Response A robust cybersecurity strategy entails conducting regular risk assessments to identify vulnerabilities and potential threats. Additionally, organizations must have well-defined incident response plans that outline the steps to be taken in the event of a cyber attack. This proactive approach helps minimize the impact of security incidents and facilitates a swift recovery. A proactive approach to risk management strengthens the organization's overall security posture. 6. Cultivating a Cybersecurity Culture Cybersecurity is not solely the responsibility of IT teams. It requires collective engagement from employees at all levels. Organizations must invest in cybersecurity awareness programs and provide ongoing training to educate employees about emerging threats, phishing attacks, and safe online practices. By fostering a cybersecurity-conscious culture, organizations create a strong line of defense against potential breaches. This can enhance your overall security posture. 7. Collaboration and Information Sharing In the face of a rapidly evolving threat landscape, collaboration and information sharing are critical.Organizations should actively participate in industry forums, share threat intelligence, and collaborate with peers to collectively strengthen cybersecurity defenses, and hence stay ahead of cybercriminals. By working together, the industry can bolster collective defenses and respond more effectively to emerging threats. Takeaway The article emphasizes the transformation of cybersecurity from a technical concern to a strategic imperative that commands attention in the boardroom. This is especially the case with the evolving threat landscape, and new regulatory frameworks such as regulations by the SEC. By recognizing cybersecurity as a business enabler and integrating it into boardroom discussions, organizations can proactively address risks, protect their digital assets, and ensure the trust of their stakeholders. To aid these boardroom discussions, communication gap between cybersecurity professionals and board of directors must be closed, via communicating in a way that is easily interpreted and understood. Implementing a comprehensive cybersecurity strategy, conducting risk assessments, fostering a cybersecurity culture, and promoting collaboration are key steps towards building a resilient and secure business environment. Elevating cybersecurity to the boardroom table ensures that it becomes an integral part of the organization's DNA, safeguarding its reputation, data, and long-term success in an increasingly interconnected world. Related Topics: 7 Types of Cyber Security Measures SMEs Need to Protect Their Business Securing Digital Transformation: ASEAN SMEs Invest $173.6 Billion in Tech, Reinforcing the Need for Cybersecurity Why do businesses need to be cyber secure? Is it as important as emphasised everywhere? Ransomware - A Growing Problem & Best Practices For You and Your Company
Back to Blog
Last week, there were data breaches and cyber attacks, with governments worldwide and other industries such as manufacturing, airlines, and the news industries being impacted as well. Furthermore, updates on former IT security analyst impersonating a ransomware gang, Meta’s fines from the EU, new vulnerabilities and a once-legit but now malicious Android app have been found.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. IT security analyst admits impersonating ransomware gang to pocket ransom payments. Former IT security analyst, Ashley Liles, at Oxford Biomedica admitted that he attempted to hijack a cyber attack against the company to divert the ransom payments to him instead of the original external attacker. He was found to have accessed the private emails of a board member more than 300 times, altered the original blackmail email, and changed the payment address provided by the original attacker. After it was revealed that unauthorized access to private emails came from Liles’ home, SEROCU officers arrested him and conducted a search on his property. Liles initially denied involvement, until he pleaded guilty just last week during a Reading Crown Court hearing. Ashley Liles will return to court on 11 July 2023, to hear his sentence. Meta has been fined $1.3 billion over data privacy breaches. Ireland’s Data Protection Commission announced that Meta has been fined $1.3billion over their handling of users’ data. The EU has previously warned Meta for the transference of Facebook users’ data to the US servers, stating that the data were not sufficiently protected from American spy agencies. They have given Meta a 5 month grace period to stop transferring users’ data. Meta has stated they plan to appeal the ruling. Italy’s Industry Ministry hit by a cyberattack. The Italian Industry Ministry’s web applications and portal were hit by a cyberattack last Friday, causing them to be out of order. They put out a statement stating that technicals were working to “mitigate the consequences” and initial checks showed no data had been stolen. City of Augusta, Georgia cyber attacked by BlackByte ransomware gang. The city of Augusta, Georgia has confirmed that their IT system outage was caused by unauthorized access of their system. Currently, investigation is underway to determine whether any data has been stolen. A statement from the mayor, Garnett Johnson, clarified that recent media reports about the ransomware gang demanding $50 million from the city are false. Although BlackByte has claimed to have stolen 10GB of data after listing the city on their data leak site. Rheinmetall, automotive and arms manufacturer, confirms BlackBasta ransomware attack. Rheinmetall AG, a German automotive and arms manufacturer, confirmed that they have suffered a BlackBasta ransomware attack. This was after BlackBasta posted Rheinmetall on their extortion site along with samples of stolen data which they claimed to be from Rheinmetall. Samples of stolen data include passport scans, non-disclosure agreements, purchase orders and technical schematics. However, Rheinmetall clarified that the attack only impacted their civilian department, and not the military department. Scandinavian Airlines hit by cyberattack - Hackers demands $175, 000. Scandinavian Airlines (SAS) was hit by a cyberattack last Wednesday, resulting in their app and website being shut down for over 22 hours. Anonymous Sudan reportedly has demanded a ransom of $175,000. This is not the first time SAS has faced an IT breach - with SAS being breached by the same group which has leaked SAS’s customer data and wreaked havoc as passengers were logged into others’ accounts allowing them to access others’ personal data. Philadelphia Inquirer cyber attack led to operations disruption. Daily newspaper, the Philadelphia Inquirer has confirmed that they were hit by a cyberattack in their network, which has led to operations disruption - whereby newspaper circulation was halted, and publishing and updating stories were disrupted with intermittent delays. The Inquirer’s Johnathan Lai said that this incident “was the greatest publication disruption to Pensslyvania’s largest news organization since the blizzard of Jan.7-8, 1996”. As of now, they cannot provide information regarding the identity of the attacks and if employee’s and customers’ private information has been stolen. Currently, investigations are underway. Latitude cyberattack to cost the company up to AU$105 million. Latitude Group anticipates that their recent cybersecurity incident will cost up to AU$105 million. This includes a 5-week period of being forced to stop or severely restrict the opening of new accounts. Furthermore, as key systems were shut down, the company was unable to contact customers who had not paid their bills during this period. This expected cost does not include any potential costs the company could incur from “regulatory fines, class actions, future system enhancements or an assumption of insurance proceeds''. Latitude also stated that it would make less income and would take higher provisions for bad debts due to the shutdowns in its collection area worsening a trend towards rising bad debts. On Friday, Latitude Group released a statement that estimated that the total containment and remediation costs from the attack will add up to AU$7 million. On Friday, Latitude shares fell 4.2% to AU $1.24. Barracuda warns users of a zero-day flaw exploited that has breached their Email Security Gateway appliances. Barracuda, an email protection and network security services provider, warned users of a zero-day vulnerability that has been exploited to breach the company’s Email Security Gateway (ESG) appliances. Barracuda are used by more than 200,000 organizations globally, including companies such as Delta Airlines, Samsung, Kraft Heinz and Mitsubishi. After identification of the flaw, Barracuda deployed a patch across all ESG devices worldwide the next day. A second fix has also been released as part of their “containment strategy”. Barracuda did not disclose the scale of the attack but has stated that affected users have been directly contacted with a list of actions to take. It is highly recommended that their customers review their environments, just to ensure that their network has not been breached. CISA has also warned government agencies of this flaw, and federal agencies are required to fix the bugs and check their networks for intrusion. Legit android screen-and-recorder app turned into mic-snooping malware - and Google Play missed it. It has been found that Google Play has missed a once-legit Android screen-and-audio recorder app, iRecorder, that has been updated to include a malicious code that listened in on device microphones. Potentially tens of thousands of people have downloaded the software before ESET researchers found the hidden malware and alerted Google, which has since pulled the app from their store. Although it has been pulled, researchers note that the recording app remains available on some alternative and unofficial Android app markets.
Back to Blog
In today's digital age, the concept of Bring Your Own Device (BYOD) has gained significant popularity among organizations. It refers to the policy that allows employees to use their personal devices, such as smartphones, tablets, and laptops, for work-related tasks and accessing company resources. While BYOD offers numerous benefits in terms of flexibility and productivity, it also brings along certain security risks. We will explore what BYOD is and discuss some best practices to ensure its secure implementation. What is Bring Your Own Device (BYOD)? Bring Your Own Device (BYOD) is a policy that allows employees to use their personal devices for work purposes. Instead of relying solely on company-provided devices, employees can use their smartphones, tablets, or laptops to access corporate resources, email, documents, and applications. This policy has gained popularity due to its potential for increased productivity, employee satisfaction, and cost savings. Best Practices for BYOD Security:
Takeaway Implementing a BYOD policy can bring several advantages to organizations, but it also requires careful consideration of security risks. By establishing a clear policy, implementing appropriate security measures, educating employees, and regularly monitoring and updating devices, businesses can strike a balance between productivity and security in the BYOD environment. Securing BYOD With TAFA Shield With the current cyber environment, cybersecurity solutions that prevent zero-day and cyber threats are essential to your cybersecurity strategy. With our prevention first and zero-trust approach to security using Machine Learning (ML) and Artificial Intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics: 7 Types of Cyber Security Measures SMEs Need to Protect Their Business Securing Digital Transformation: ASEAN SMEs Invest $173.6 Billion in Tech, Reinforcing the Need for Cybersecurity Why do businesses need to be cyber secure? Is it as important as emphasised everywhere? Ransomware - A Growing Problem & Best Practices For You and Your Company
Back to Blog
Last week, there have been new data breaches, the emergence of new ransomware gangs and even a group that has returned after a long absence. Read on to receive a quick summary of what happened this week in the space of cybersecurity.
PyPI temporarily suspended new sign-ups and projects amid a high influx of malicious users and packages. PyPI, the official third-party registry of open source Python packages has temporarily suspended new users and projects due to high influx of malicious users and packages. PyPI admins posted that the volume is so large that it has “outpaced our ability to respond to it in a timely fashion”. This preventative measure is expected to fend off threat actors until a more permanent solution can be found. New malware campaign: Impersonating CapCut to push information stealing malware. Cyble has found new malware campaigns that impersonate CapCut, Bytedance’s official video editor and maker for TikTok, to push several malware strains. Threat actors create websites that distribute malware disguised as CapCut installers. Both campaigns utilize malwares that steals information such as credentials, credit cards, passwords and auto-complete data, stored in your web browsers, applications and files. One even targets data stored in messaging apps like Telegram and Discord, cryptocurrency wallet apps, and remote access software like UltraViewer and AnyDesk. To avoid malware, directly download software from official websites rather than sites shared in forums, direct messages or social media. Also ensure to avoid promoted results when searching software tools. Luxottica confirms data breach after 70 million customers’ information leaked online. Luxottica confirmed that a third-party contractor has suffered a data breach in 2021, that resulted in the exposure of 70 million customers’ personal information after a database was posted this month for free on hacking forums. Luxottica is the world’s largest eyewear company, and is owner of brands such as Ray-Ban, Burberry, Dolce and Gabbana, Versace, Chanel, Oakley, and Prada. Although investigations are still ongoing, Luxottica has confirmed that data exposed includes customers’ full names, email addresses, phone numbers, addresses and birth date. To check if your information has been exposed in this breach, do visit the HIBP website and search for your email address to determine if your email address has been exposed. 2 NPM packages found to conceal open-source infostealer RAT. ReversingLabs researchers found open-source infostealer TurkoRat hidden inside 2 legitimate looking NPM packages: nodejs-encrypt-agent and nodejs-cookie-proxy-agent for 2 months before being detected and removed. Both packages were collectively downloaded approximately 1,200 times in the past 2 months. Some of the key malicious behaviors identified but not limited to, were the ability to write and delete from Window systems directories, execute commands, and tamper with DNS settings. Furthermore, there were features designed to steal sensitive information such as user login credentials and crypto wallets and to fool or defeat sandbox environments and debuggers used to analyze malicious files. PharMerica data breach, could have resulted in more than 5.8 million patients’ data stolen. PharMerica, one of U.S largest pharmacy providers, has confirmed its IT systems were breached, and they fear that threat actors might have stolen more than 5.8 million patients; personal and healthcare data. Personal information plausibly stolen includes but not limited to names, birth dates, social security number, medication lists and health insurance information. It is unsure if the parent company, BrightSpring, patients’ data was also compromised in this breach. A ransomware gang, Money Message, has claimed responsibility for this breach, and added PharMerica and BrightSpring to its site. MalasLocker unusual exportation tactic: Victims demanded to donate to approved charity. New ransomware operation, MalasLocker, is hacking Zimbra servers to steal emails and encrypt files. Uniquely, they are claiming that in exchange for an encryptor and to prevent data leaking, victims are required to donate to charity. The MalasLocker site currently distributes the stolen data for 3 companies, and the Zimbra configuration for 169 victims. Notorious cybercriminal group, FIN7 resurfaced. Microsoft threat analyst reported FIN7, a financially-motivated hacking group, “has come out of a long period of inactivity”. They have linked them to attacks where the objective was to deploy Clop ransomware on victims’ networks. This has been their first ransomware campaign since late 2021. FIN7 has been linked to attacks that target banks and companies’ point-of-sale terminals from various industry sectors in Europe and the U.S. Although some FIN7 members have been arrested over the years, the hacking group is still active. New ransomware group, RA Group, customizing leaked Babuk source code. RA Group is ramping up their cyberattacks via leveraging the leaked Babuk ransomware source code by customizing its approach. Cisco Talos reported that RA Group began on April 22, and has been rapidly expanding their operations. Not only do RA Group threaten to leak exfiltrated data if the victims Edon't pay for the ransom in 3 days, but also they are “selling the victim’s exfiltrated data on their leak site by hosting the victims’ leaked data on a secured Tor site.” As of now, they target organizations in the U.S and South Korea in the pharmaceutical, manufacturing, insurance and wealth management industries. Hackers actively probing vulnerable Wordpress Elementor plugin after flaw was disclosed last month. Since the announcement of the flaw found in Wordpress Elementor plugin that impacted over a million websites (and has been fixed with the release of a new plugin version), hackers are actively probing the vulnerable plugin in an attempt to exploit the password reset flaw. The day after the disclosure, WordFence recorded 5 million probing scans that determine if a site is vulnerable. WordFence do believe that this data signifies attackers looking for vulnerable sites, as the majority of these requests come from just 2 IP addresses. It is highly recommended for people that use the ‘Essential Addons for Elementor’ plugin to install version 5.7.2 or later immediately. CISA: Samsung security flaws allows Android ASLR bypass. CISA has warned about a security flaw affecting Samsung devices, which has been used in attacks to bypass Android ASLR (address space layout randomization protection). ASLR helps protect against buffer-overflow attacks. The security vulnerability (CVE-20223-21492) impacts Samsung devices running Android 11, 12 and 13. This is due to the sensitive information inserted into log files. Attackers can use the exposed information to conduct an ASLR bypass, which allows them to exploit the memory management issues. U.S Federal Civilian Executive Branch Agencies have been ordered to secure their Samsung devices in 3 weeks.
Back to Blog
As Colin Tan from the Strait Times reported, the ASEAN region (Singapore, Indonesia, Thailand, Vietnam, and Malaysia) is poised for significant technological growth in the coming years, as small and medium-sized enterprises (SMEs) are expected to spend $173.6 billion on technology. While this presents exciting opportunities for businesses in the region to improve their efficiency, productivity, and competitiveness, it also highlights the importance of cybersecurity. With more and more businesses adopting digital technologies, the risk of cyberattacks increases. Hackers are constantly looking for vulnerabilities in software and networks, and SMEs can be particularly vulnerable due to limited resources and expertise in cybersecurity. A cyberattack can result in significant financial losses, damage to reputation, and even legal liabilities. For instance, the recent class-action lawsuit that more than 100,000 current and former customers lodged against Optus after a data breach. And when OrangeTee & Tie was fined SGD$37,000 by the Personal Data Protection Commission for a data breach that affected 250,000 customers and staff. Therefore, it is crucial that SMEs in the ASEAN region prioritize cybersecurity when investing in technology. This means not only investing in cybersecurity technology but also implementing best practices for cybersecurity, such as regularly updating software and training employees on how to identify and prevent cyber threats. In addition to protecting businesses from cyber threats, prioritizing cybersecurity can also have positive impacts on business operations. By building a strong cybersecurity culture, businesses can increase trust with customers and partners, and improve their reputation as a trustworthy and reliable organization. It can also help businesses comply with regulatory requirements related to data protection and privacy. Furthermore, cybersecurity can actually be a competitive advantage for SMEs in the ASEAN region. By demonstrating a commitment to cybersecurity, businesses can differentiate themselves from competitors and attract customers who value security and privacy. It can also help businesses expand into international markets, where cybersecurity is often a top concern. Takeaway The expected growth in technology spending by SMEs in the ASEAN region presents exciting opportunities for businesses, but also highlights the importance of cybersecurity. SMEs need to prioritize cybersecurity when investing in technology to protect themselves from cyber threats, build trust with customers and partners, comply with regulatory requirements, and gain a competitive advantage. By doing so, they can set themselves up for long-term success in a rapidly evolving digital landscape. Related Topics: 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Why do businesses need to be cyber secure? Is it as important as emphasised everywhere? Ransomware - A Growing Problem & Best Practices For You and Your Company
Back to Blog
In today's digital age, businesses are becoming increasingly dependent on technology to conduct their operations. From managing customer information to financial transactions, businesses rely heavily on computer systems and networks to run their day-to-day operations. However, with this reliance on technology, comes the risk of cyber threats that can compromise the sensitive information stored on these systems. As hackers are constantly looking for vulnerabilities in systems to exploit for their gain, businesses are a prime target. This is where cyber security comes in. Cybersecurity refers to the measures taken to protect computer systems and networks from unauthorized access, theft, damage or disruption. With the rise of cyber attacks and data breaches, it is imperative for businesses to take cyber security seriously. So we will be diving into why your business needs to be cyber secure, and the best practices for cybersecurity. Reasons Why Businesses Needs To Be Cyber Secure 1.Protect Sensitive Information: One of the most significant reasons businesses need to be cyber secure is to protect their sensitive information. Businesses collect and store a vast amount of sensitive information, such as customer data, financial information, and trade secrets. A cyber attack can result in the loss of this information, which can cause significant damage to a business's reputation and finances. 2.Legal and Regulatory Compliance Many businesses are required to comply with various laws and regulations related to data protection to operate legally. For example, the Payment Card Industry Data Security Standard (PCI-DSS) for businesses that handle credit card information , and the Personal Data Protection Act (PDPA) in Singapore. Failure to comply with these regulations can result in hefty fines and legal penalties. By implementing cyber security measures, businesses can ensure that they comply with these regulations and avoid legal troubles. 3.Business Continuity A cyber attack can disrupt business operations, resulting in lost revenue and decreased productivity. In some cases, businesses may even have to shut down completely. By implementing cyber security measures, businesses can ensure that their systems are protected and can continue to operate even in the event of a cyber attack. 4.Customer Trust Cyber security is becoming an increasingly important factor in building and maintaining customer trust. Customers want to know that their personal and financial information is safe when doing business with a company. By demonstrating a commitment to cyber security, businesses can build trust and loyalty with their customers. 5. Safeguard Reputation A cyber attack can significantly damage a business's reputation. A data breach can lead to the exposure of sensitive information, which can result in a loss of credibility. By implementing cyber security measures, businesses can safeguard their reputation. Best Practices for Cybersecurity
Takeaway In short, businesses need to be cyber secure to protect their sensitive information, comply with legal and regulatory requirements, ensure business continuity, and build customer trust. By implementing best practices for cyber security, businesses can mitigate the risk of cyber attacks and protect themselves and their customers. Related Topics 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company
Back to Blog
Weekly Cyber News Update: 8 May - 14 May15/5/2023 This week has been overrun by ransomware attacks, and data breaches globally, and in various sectors. From the government, to the education sector, to the food and automotive industries, to the technological sector.
237,000 US government employees data breached. The US Transportation Department (USDOT) disclosed the personal information of 237,000 current and former federal employees has been exposed in a data breach on their systems used to process TRANServe transit benefits. It is unclear if any of the information exposed had been used for criminal purposes. USDOT stated that the breach did not affect any transportation safety systems. As of now, USDOT is investigating the breach, and has frozen access until the transit benefit system has been secured and restored. Britain’s largest private pension scheme, USS, reveals data on 470,000 members may have been accessed. Universities Superannuation Scheme (USS) revealed that Capita's most recent breach by Black Basta, may have resulted in access of 470,000 of their members' data. The data possibly accessed includes title, names, birth dates, National Insurance number and US member number. It dates from early 2021, and potentially covers 470,000 active, deferred and retired members. 2 million of Toyota customers’ location data exposed for 10 years. Toyota revealed a data breach on their cloud resulted in the exposure of car-location information of 2,150,000 customers for 10 years. Data breach resulted from a database misconfiguration that allowed anyone to access the contents without a password. Information exposed included in-vehicle GPS navigation terminal ID number, chassis number, and vehicle location with time data. Also possibly, video recordings taken outside the vehicle have been exposed. Whizcomm, a broadband service provider, data breach led to 50% of their customers’ data stolen. About 24,000 of their customers (50% of their customer base) had their personal information stolen by the attackers during the data breach. Information stolen were scanned images of customers’ NRIC, work permits, visa approval documents and tenancy agreements. Whizcomm had notified affected customers last Wednesday about the breach. FBI & CISA: Bloody ransomware gang actively exploiting education organizations in PaperCut attacks The FBI and CISA issued a joint advisory warning that the Bloody Ransomware gang is actively exploiting a PaperCut vulnerability to gain access to networks. They have gained access to networks across the Education Facilities Subsector, which has led to data exfiltration and encryption of their system in some operations. CISA reported that the Education Facilities is responsible for about 68% of the internet-exposed PaperCut servers. Sysco, food distribution giant, confirms data breach after cyber attack. Sysco confirmed that their network was breached earlier this year by threat actors who stole sensitive data which includes business, customer and employee data. In an internal memo, Sysco revealed that customer and supplier data in the US and Canada, and personal information of US employees may have been compromised. According to the 10-Q SEC filing, this data breach has not impacted their business operations and customer service. Attempted extortion attack on Dragos, a cybersecurity firm. Dragos announced that a ransomware group attempted to extort money in a cyber attack. Attackers gained access to SharePoint and Dragos contract management system via compromising the personal email address of a new sales employee, prior to the start date. Attackers used the stolen information to impersonate the employee and carry out initial steps in Dragos’ employee-onboarding process. After the failed attempt, the attackers attempted to “extort Dragos to avoid public disclosure” by threatening Dragos executives via direct messaging them. The attackers even made references to the family members and personal contacts of Dragos, and sent emails to senior Dragos employees’ personal accounts to provoke a response. ABB, a multinational tech company, suffered a Black Basta ransomware attack. ABB, a leading electrification and automation technology provider, has been hit by a Black Basta ransomware attack. It is reported that this attack has impacted their business operation, delayed projects and impacted factories. BleepingComputer learned from multiple employees that the ransomware attack has affected the company’s Windows Active Directory, impacting hundreds of devices. To prevent further spread of the ransomware, ABB terminated VPN connections with its customers. White Phoenix, new ransomware decryptor that recovers partially encrypted files. A new ‘White Phoenix' ransomware decryptor helps victims to recover intermittent encrypted files encrypted by ransomware strains. Intermittent encryption tactics have been gaining traction in the ransomware space, as reported by Sentinel Labs. However, this decryptor may not work for all files, only “some” data from critical files would be able to be recovered. White Phoenix is developed by CyberArk, and they have invited all security researchers to download and try the tool, and join efforts to improve and help extend its support to more file types and ransomware strains. New ransomware operation, Cactus, detected Cactus has been found to exploit vulnerabilities in VPN appliances to access large corporate networks. They use the usual tactics in ransomware attacks, but additionally they use encryption to protect the ransomware binary. Researchers said that this is to prevent the detection of ransomware encryptor, and hence security researchers, but to also prevent detection by antivirus software.
Back to Blog
In today's world, incidents involving cybersecurity threats are becoming more frequent, and organizations are finding it more important to have an effective incident response and disaster recovery plan. In this article, we will explore what incident response and disaster recovery are, and the best practices for implementing them. What is Incident Response? Incident response refers to a process that an organization follows when it discovers an incident or event that affects its security. These incidents can be anything from a data breach, malware attack, ransomware attack, or any other form of cyber attack. The goal of an incident response plan is to minimize the impact of the incident on the organization, reduce the downtime, and prevent the incident from happening again in the future. What is Disaster Recovery? Disaster recovery is a process that organizations follow to restore their IT infrastructure and operations after a catastrophic event, such as a natural disaster or cyber attack, that disrupts their normal business operations. The goal of disaster recovery is to minimize the impact of the disaster and to restore operations as quickly as possible. Disaster recovery plans typically include procedures for restoring IT infrastructure and data, as well as identifying critical business operations and prioritizing their recovery. Best Practices for Incident Response & Disaster Recovery Here are some best practices for implementing effective incident response and disaster recovery plans:
Takeaway Incident response and disaster recovery are critical components of any organization's cybersecurity strategy. By developing detailed plans and regularly testing them, organizations can minimize the impact of incidents and disasters, and ensure that critical business operations are restored as quickly as possible. The best practices outlined in this article can help organizations effectively respond to incidents and recover from disasters. Related Topics 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company Insider Threats: What Is It & Best Practices
Back to Blog
A quick summary of what happened this week in the space of cyber security:
This week has been dominated by ransomware attacks. City of Dallas suffered a ransomware attack that impacted their IT services The City of Dallas has confirmed they have been hit by a ransomware attack, causing them to shut down some of their IT systems and the City’s police communications to prevent the spread of the attack. This resulted in 911 dispatchers having to write down received reports for officers. Due to the attack, the Dallas County Police Department’s website had to be offline for a while, but has since been restored. Furthermore, all courts were closed on Wednesday and Thursday due to this attack. BleepingComputer has learned that the Royal Ransomware operation is behind the attack. Numerous sources stated that printers on the City of Dallas’ network started printing out ransom notes in the morning. Brightline data breach led to 783K paediatric mental health patients’ information stolen Brightline, a paediatric mental health provider, suffered a data breach which impacted 783,606 patients via vulnerabilities in its Fortra GoAnywhere MFT secure file-sharing platform. They have confirmed that protected health information has been stolen. Personal information stolen includes full names, physical address, birth dates, member identification numbers, health plan coverage date, and employer names. Clop ransomware gang conducted the attacks, and has listed them on Clop’s extortion portal. Update: Clop ransomware operations have deleted Brightline’s data from their store after finding out what this company does. T-Mobile suffers another data breach since January T-Mobile has suffered another data breach, which impacted 836 customers. Personal information breached includes but is not limited to customer’s names, driver’s licence, or identification card numbers, account PIN, social security number, birth date, balance due and phone plan. This follows a massive data breach in January which impacted 37 million post- and prepaid customers. This has prompted questions about T-Mobile’s cybersecurity track record. Samsung bans staffs from AI tools after ChatGPT data leak Samsung Electronics has banned employees from using AI tools on company-owned electronics and internal networks, after discovering staff uploaded sensitive code to ChatGPT. Earlier in April, Samsung engineers accidentally leaked internal source code via uploading it onto ChatGPT. Samsung is concerned about the security risk of AI generative services - as data transmitted to AI platforms is stored on external servers, making it tough to retrieve and delete, and data could be disclosed to other users. Bluefield University’s emergency broadcast system hacked by Avos. On 1st May, Avos ransomware gang hacked Bluefield University's emergency broadcast system to send staff and students SMS messages and email alerts that their data had been stolen and would be released. On 30th April, the University notified staff and students that a cyber attack had impacted the IT systems, causing postponement of all examinations. Constellation Software hit by ransomware attack Constellation Software, a Canadian diversified software company, confirmed on Thursday that some of their systems related to internal financial reporting and data storage by operating groups and businesses of Constellation, had been breached. Personal information and business data has been stolen. ALPHV ransomware gang has claimed for the attack, stating they had breached Constellation Software, and stole more than 1TB worth of files. They also threatened to leak the stolen data if the company did not respond to their ransom demand. Hong Kong’s OT&P Healthcare data breach exposes patients’ information Hong Kong’s OT&P Healthcare suffered a data breach, whereby a threat actor accessed their IT systems and stole patients’ data. CEO Robin Green stated on Friday that as of now, they are unsure of the kind of data breached, and how many of their clinics have been affected. After notification of irregularities in their system, patient data were taken offline. They have started an investigation into this incident with a third-party forensics firm. Akira - New ransomware operation that targets the enterprise Akira, launched in March 2023, has already claimed to have conducted attacks on 16 companies from various industries - education, consulting, manufacturing, finance and real estate. Akira will breach a corporate network and spread laterally to other devices. Before encrypting files, they will steal companies’ data to extort them for ransom. As of now, Akira has leaked data from 4 of their victims. This ransomware gang ransom ranges from $200,000 to millions. New Android Malware - Fleckpe downloaded 600k times on Google Play Kaspersky spotted a new Android subscription malware called Fleckpe that has been disguised as a legitimate app on Google Play. This malware has been downloaded over 620,000 times. This malware generates unauthorised charges via subscribing users to premium services. Most victims of this malware reside in Singapore, Malaysia, Indonesia,Thailand and Poland, but the rest can also be found across the globe. Kaspersky identified 11 Fleckpe apps that impersonate photo libraries, premium wallpapers, image editors and more on Google Play. All these apps have been removed from Google Play but there could be more undiscovered Fleckpe apps. It is highly recommended that Android users who have previously downloaded these apps remove them immediately and run an AV scan to root out any residue of the malicious code that could be hidden in the device. New Android malware - FluHorse steals passwords and 2FA codes CheckPoint Research discovered a new Android malware called FluHorse which targets users in Eastern Asia with malicious apps that emulate legitimate versions. This malware is distributed via email, and they steal the target's account credentials, credit card information, and 2FA codes. CheckPoint warns that this is an active threat for Android users, with new malicious apps and infrastructure appearing monthly.
Back to Blog
Insider threats refer to the risks posed to an organization's security by its own employees or insiders. These insiders could be employees, contractors, or anyone else who has access to the organization's sensitive data and information. While not all insiders have malicious intent, they can still inadvertently or deliberately cause damage to an organization's data and systems. These threats can take many forms, including theft of intellectual property, deliberate data breaches, sabotage, and unintentional data leaks. In fact, it has been found that insider threats account for more than 34% of all cybersecurity incidents, and that 74% of organisations are at least moderately vulnerable to insider threats. Insider threats are a complex and multifaceted problem, requiring a comprehensive approach to address them effectively. The best practices for mitigating insider threats involve a combination of technological and organizational measures. So, what are the best practices for preventing insider threats? Here are some strategies that organizations can use to protect themselves:
Takeaway In conclusion, insider threats are a growing concern for organizations, and it is important to take proactive measures to protect against them. As the risks they pose must not be ignored. By implementing the best practices outlined above, organizations can reduce their risk of insider threats and protect their sensitive data and systems. This is essential as organizations need to take a comprehensive approach to insider threat mitigation, and to continually adapt their strategies to address evolving threats. Related Topics Why do businesses need to be cyber secure? Is it as important as emphasized everywhere? 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You and Your Company |