AuthorTAFA Archives
April 2024
Categories
All
|
Back to Blog
In today's digital age, the rise of phishing attacks has become a concerning trend that threatens individuals, businesses, and organizations alike. Phishing, a malicious technique used by cybercriminals to deceive unsuspecting victims and steal sensitive information, has evolved into a sophisticated and widespread threat. Phishing is one of the most prevalent and damaging forms of attack, particularly within organizations. According to Zscaler, globally phishing campaigns rose nearly 50% in 2022 as compared to 2021. This was partly due to availability of phishing kits and new AI tools to cyber criminals. A Summary
What is Phishing? Phishing is a malicious technique whereby cybercriminals send spam messages containing malicious links that are designed to get targets to download malware or follow links to spoof websites. These messages were traditionally emails, but now they can be employed through phone calls, texts and social media. Phishing is a form of social engineering, which means that cybercriminals use psychology to convince their victims to take an action they may not normally take. The Escalation of Phishing Attacks: 1. The Sophistication of Phishing Phishing attacks have become highly sophisticated and personalized, adapting to bypass traditional security measures. Attackers meticulously craft convincing emails, fake websites, or social media messages that closely resemble legitimate communication from trusted sources, making it increasingly challenging for employees to differentiate between the real and the fake. 2. The Proliferation of Phishing Attacks Phishing attacks have reached epidemic proportions, targeting individuals, businesses, and organizations across the globe. The widespread adoption of digital platforms, increased connectivity, and the reliance on online services have provided ample opportunities for cybercriminals to exploit unsuspecting users. 3. Targeting Vulnerabilities In particular, organizations possess a treasure trove of valuable data, making them attractive targets for cybercriminals. Phishing attacks capitalize on human vulnerabilities, exploiting employees' trust and luring them into unwittingly divulging confidential information or granting unauthorized access. 4. Spear Phishing and Whaling Cybercriminals have advanced their tactics to target specific individuals within organizations.Cybercriminals do so by conducting extensive reconnaissance on their potential targets. They utilize information from company websites, Linkedin, publicly disclosed financial information etc. to craft spear-phishing messages. This information makes convincing emails that look like it came from your boss. These personalized attacks often exploit internal information to appear authentic and increase the chances of success. These messages also usually convey a sense of urgency, usually to make the victim transfer funds quickly. A Real Life Example From Abnormal Security: cybercriminals impersonated the office manager of a small safety management business and emailed the facilities manager of a food distribution company to notify about outstanding invoices and that payment details have changed. To make the email look legitimate:
The targeted victim was tricked and replied to the email with the requested information. The cybercriminal followed up with the “new” bank information and asked that payments be made to this account. When the victim did not respond, the scammer sent a succession of emails to pressure them that a reply is of utmost urgency (common technique used in phishing). Luckily, cybersecurity analysts managed to step in just in time to ensure no transfer of payments were made. This incident showed how persuasive and persistent phishing scammers can be, and businesses need to be prepared to meet this threat. What are the consequences of phishing attacks? 1. Data Breaches and Financial Loss: Successful phishing attacks can lead to severe consequences for organizations. They may result in data breaches, financial losses, and compromised customer information. The aftermath of a phishing attack can be costly, both in terms of financial resources and the damage to an organization's reputation. 2. Disruptions of Operations: Phishing attacks can disrupt normal business operations, causing downtime and impacting productivity. In severe cases, organizations may experience system outages, loss of critical data, or compromised network infrastructure, leading to significant disruptions and financial implications. Best Practices Against Phishing Attacks 1. Employee Education and Awareness: Organizations must prioritize cybersecurity education and create a culture of awareness among employees. Regular training sessions, simulated phishing exercises, and clear communication about the latest phishing techniques help employees identify and report suspicious activities. 2. Robust Security Measures: Implement multi-layered security solutions, including advanced threat detection systems, spam filters, secure email gateways, and endpoint security solutions such as Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR). Endpoint security solutions are especially essential as traditional security measures like firewalls and antivirus software are no longer sufficient to protect against these advanced threats. Regularly updating security software and conducting vulnerability assessments and penetration testing (VAPT) can also help prevent and mitigate potential cyber threats.VAPT are particularly important as they help provide you with details on any security vulnerabilities in your environment. 3. Two-Factor Authentication (2FA): Enforce the use of two-factor authentication across all accounts and systems. This additional layer of security reduces the risk of unauthorized access, even if credentials are compromised. 4. Incident Response and Reporting: Establish an incident response plan to promptly address and mitigate phishing attacks. Encourage employees to report suspicious emails or incidents to the appropriate security teams to facilitate quick action and prevent further damage. 5. Continuous Monitoring and Testing As elaborated above, it is essential to conduct vulnerability assessments, and perform penetration testing to identify potential weaknesses in the security infrastructure. It is also important to regularly monitor network activities. This proactive approach helps identify and address vulnerabilities before they can be exploited by cybercriminals. Takeaway As the threat landscape continues to evolve, organizations must remain vigilant in the face of the rising tide of phishing attacks. By understanding the motives behind these attacks, educating employees, implementing robust security measures, and establishing proactive incident response strategies, organizations can fortify their defenses and reduce the risk of falling victim to phishing scams. Combining technological safeguards with a security-conscious workforce is essential in navigating the complex world of cybersecurity and ensuring the protection of valuable organizational assets. Stay alert, stay informed, and stay ahead in the battle against phishing attacks. Cyber Security For Organizations with TAFA With the current cyber environment, organizations are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats and help ensure regulatory compliance. With our prevention first and zero-trust approach to security using machine learning (ML) and artificial intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics Why do businesses need to be cyber secure? Is it as important as emphasized everywhere? 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You and Your Company What is Incident Response & Disaster Recovery? Definition and Best Practices
Back to Blog
Last week, there were data breaches and cyber attacks from a range of industries and countries. With many being held for ransom or found their data being sold online on the Dark Web.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. 101,134 hacked ChatGPT accounts up for sale. Researchers from Group IB found that the login credentials (usernames and passwords) for 101,134 hacked ChatGPT accounts are for sale on the dark web. These compromised credentials were found within the logs of info-stealing malware traded on the dark web. The number of available logs containing compromised ChatGPT accounts peaked in May 2023, with 26,802 accounts. According to Group-IB, the Asia-Pacific region experienced the highest concentration of ChatGPT credentials being offered for sale over the past year. Furthermore, the logs indicated that most of the breached ChatGPT credentials were stolen by the Raccoon information-stealing malware. UPS disclosed data breach: exposed customer information used in SMS phishing. UPS alerts Canadian customers that some of their personal information might have been compromised and are used in phishing attacks. Their email notification about the data breach states that they have been receiving reports of SMS phishing messages that contain the recipients’ names and address information. This was when they found that some of their customers have been receiving text messages demanding payment before a package can be delivered. After investigation, they found the attackers were using their package look-up tools to gain delivery information which includes the recipients’ personal contact information. UPS stated this data breach may have affected a small group of shippers and their customers from 1 February 2022 to 24 April 2023. Globally, UPS customers are also affected by these phishing attacks. This was shown from online reports about these attackers utilising their names, phone numbers, postal codes and information on recent orders. Threat actors seem to be impersonating Lego and Apple shipments. Reddit ransomware attackers threaten to leak 80GB of Data. Reddit ransomware attackers have threatened to leak 80GB of data stolen from Reddit in a data breach that occurred this February if Reddit does not pay the ransom of $4.5 million to delete the data. Interestingly, the hackers have also demanded Reddit to reverse the controversial changes to their API that would effectively kill 3rd party apps by the end of June. According to Dominic Alveieri, a cybersecurity researcher, the ransomware group BlackCat has claimed responsibility for the attack on Reddit. iOttie disclosed a data breach after their site was hacked to steal credit cards. iOttie, a car mount and mobile accessory maker, have disclosed that their site has been compromised for almost 2 months. Attackers have been stealing online shoppers’ personal information and credit cards. They discovered last week that their online store was compromised between 12 April 2023 to 2 June 2023 with malicious scripts. iOttie did note during a WordPress plugin update, the malicious code has been removed. Stolen information included customers’ names, personal information and payment information, which encompass financial account numbers, credit and debit card numbers, security codes, access codes, passwords and PINs. It is highly recommended that all iOttie customers who have purchased a product between 12 April 2023 to 2 June 2023 should monitor their credit card statements and bank accounts for fraudulent activity. PwC and EY impacted by MOVEit cyber attack. PwC and EY, multinational accounting firms, are added to the growing list of victims linked to the MOVEit cyber attack by the Clop ransomware gang. PwC spokesperson stated that they are aware of the cybersecurity incident on MOVEit, and believe that the breach will have a “limited impact” and that their company’s network had not been affected by the data breach. Similarly, EY stated they had halted all use of MOVEit software once the critical vulnerability was revealed. EY have also launched their own internal investigation, and said they have taken steps to secure and protect data that may have been accessed during the cyber attack. They also stated that most of their systems which use MOVEit are “secure and not compromised”, and they will contact all those affected, as well as relevant authorities. Major law firm in Australia data breached: Australia’s government, banks & businesses might be affected. HWL Ebsworth, a major law firm in Australia that has governments and large corporations as clients, has acknowledged that the BlackCat ransomware group has accessed and stolen some of their information from a part of the firm’s system. The attackers have also later published some of the stolen data on the dark web. Reportedly, the investigation revealed that over 1.4 terabytes of information was leaked. Information stolen included local and remote company credentials, credit card information and loans data, customer documentation including insurance agreements, identification details and internal company data. The state government of Tasmania has acknowledged that they are a client, and may therefore be exposed. The big 4 banks in Australia, Westpac, NAB, Commonwealth Bank, and ANZ are also caught up in this attack. In addition to banks, numerous ASX-listed companies and government agencies, such as the ACCC, the Department of Human Services, the Office of the Australian Information Commissioner (OAIC) and the Australian Federal police have lost data. The Australian government announced the appointment of Australia’s first coordinator of cybersecurity. Medibank’s staff details stolen after data breach. Medibank Private, Australia’s largest private health insurer, stated that a file containing staffs’ names, email addresses and phone numbers had been compromised after their property manager faced a data breach from the MOVEit transfer attack. However, Medibank did state that their systems are not impacted by MOVEit cyberattack. Fullerton Health and its vendor fined $68k after stolen data found for sale on the Dark Web. Fullerton Health Group and its vendor, both in Singapore, have been fined a total of $68,000 after the vendor’s server was hacked, which led to customers’ data being put up for sale on the dark web in 2021. More than 150,000 patients and employees were impacted by the breach. Compromised data included identity numbers, telephone numbers, financial details such as bank account numbers and codes, and health information. Fullerton Health was fined $58,000, while Agape Connecting People Holdings (the vendor that helped to make appointments for Fullerton Health’s patients) was fined $10,000. PDPC also stated that the healthcare provider was “ultimately responsible for exercising due diligence and reasonable supervision over Agape.” BlackCat ransomware gang threatens to leak stolen plastic surgery patients’ photos. BlackCat ransomware gang claims that they have stolen “lots” of highly sensitive medical records, and will leak patients’ photos if Beverly Hills Plastic Surgery does not pay up. The threat actors have claimed that they have stolen patient’s personal information and healthcare records which included pictures of patients. Beverly Hills Plastic Surgery have not responded to inquiries about this supposed attack as of this writing. UK cyberspy arm warns of ransomware groups targeting law firms. The National Cyber Security Centre (NCSC) has warned British law practices of “all sizes and types” that their adoption of hybrid working and their handling of large sums of money, has made them a target for ransomware groups. They also warned that the connections the law firms have with the “supply chain” of enemy states is another attributing factor of them being a target. NCSC also reported that they do see increasing hackers-for-hire who carry out malicious cyber activities for 3rd party clients. The report also adds that smaller practices do face particular risks due to their reliance on external IT contractors which makes it difficult to assess whether the controls are appropriate to the risk faced.
Back to Blog
In the realm of cybersecurity, Distributed Denial of Service (DDoS) attacks have emerged as a significant threat to businesses and online services. In 2022, the number of DDoS attacks grew 150% globally compared to the previous year. These attacks can disrupt websites, overwhelm networks, and cause significant financial losses.
In this blog post, we will delve into the world of DDoS attacks, explore their impact, and discuss best practices to mitigate their effects. Understanding DDoS Attacks: A DDoS attack occurs when a malicious actor orchestrates a flood of traffic from multiple sources to overwhelm a target system or network. By inundating the target with an excessive volume of requests (thousands or even millions of requests), the attacker renders the service inaccessible to legitimate users. DDoS attacks can be launched using various techniques, such as botnets, amplification attacks, or application-layer attacks. Impact of DDoS Attacks:
DDoS Mitigation Best Practices: 1. Implement DDoS Protection Solutions: Invest in robust DDoS protection solutions that can detect and mitigate attacks in real time. These solutions typically involve network traffic monitoring, rate limiting, and the ability to absorb or divert excessive traffic away from critical infrastructure. 2. Incident Response Planning: Develop a comprehensive incident response plan that outlines the steps to be taken during a DDoS attack to minimize the impact of cyber attacks. This plan should include predefined roles, communication channels, and processes for effectively mitigating the attack, containment procedures, and recovery strategies. 3. Regular Security Audits and Testing: Perform regular security audits and vulnerability assessment and penetration testing (VAPT) to identify vulnerabilities in your network infrastructure. This proactive approach allows for timely patching and strengthening of defenses to minimize the risk of successful DDoS attacks. This allows remediation before threat actors can exploit them. 4. Traffic Monitoring and Anomaly Detection: Implement network traffic monitoring tools to detect abnormal patterns or sudden surges in traffic. By proactively monitoring and analysing network traffic, you can identify potential DDoS attacks and take swift action to mitigate their effects. 5. Redundancy and Scalability: Design your network infrastructure with redundancy and scalability in mind. Distributing resources across multiple servers and data centers can help absorb and distribute the impact of a DDoS attack, ensuring service continuity. 6. Load Balancing: Implement load balancing mechanisms to distribute incoming traffic across multiple servers. This helps prevent a single point of failure and improves the ability to handle sudden traffic spikes during DDoS attacks. 7. Collaborate with ISPs and Cloud Service Providers: Establish partnerships with Internet Service Providers (ISPs) and Cloud Service Providers (CSPs) to leverage their DDoS protection services. These providers often have the infrastructure and expertise to detect and mitigate large-scale attacks. Takeaway DDoS attacks pose a significant threat to businesses, online services, and network infrastructure. By understanding the nature of these attacks and implementing best practices, organizations can better protect themselves against DDoS threats. Implementing robust DDoS protection solutions, maintaining redundancy and scalability, and having a well-defined incident response plan are key steps in mitigating the impact of these attacks. By taking proactive measures and staying informed about emerging DDoS attack techniques, organizations can safeguard their online presence, maintain service continuity, and protect their reputation in an increasingly interconnected digital landscape. Related Topics 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company Why do businesses need to be cyber secure? Is it as important as emphasised everywhere?
Back to Blog
In today's digital age, businesses rely heavily on social media platforms like Facebook to connect with customers, promote their products or services, and build brand awareness. However, the recent incident where hackers seized control of a business's Facebook account serves as a wake-up call for organizations. This article examines the story of Benjamin Black Goldsmiths, a jewelry business on Facebook, that fell victim to hackers and explores the lessons learned from this unfortunate event. What Happened? Benjamin Black Goldsmiths’ director, Amy Cunningham, found that they were locked out of Benjamin Black Goldsmiths’ Facebook page account after hackers managed to gain unauthorized access. Cunningham discovered that hackers had reactivated some of their old advertisements and are trying to run a $24,000 advertising campaign through her account. Although they canceled the credit cards, the ads are still running, which left them in debt to Facebook. Cunningham tried reporting the page, attempted to recover the account, and even went to the government cybersecurity body CERT. Despite reaching out to Facebook for help, the business was met with frustration and a lack of effective support - Meta has not responded to their requests for help. This hacking occurred even though they implemented multi-factor authentication and all the necessary security measures Facebook has asked them to do. Sadly, this has not been a lone occurrence. Other businesses have spoken out about similar hacking incidents that happened to their accounts. It was even reported that Meta has been slow to act, and even found it tough to contact someone in Meta for help to get their accounts back. Lessons Learned From This Incident: 1. Strengthen Authentication Measures The incident emphasizes the importance of robust authentication practices. Not only should businesses need to enable 2-factor authentication, but also you need to implement strong, unique passwords, and regularly update login credentials. These measures will help add an extra layer of security and reduce the risk of unauthorized access. 2. Establish Recovery Account Procedures “It is better to be proactive, than to be reactive.” In the event of an account takeover, it is crucial that you have established account recovery procedures in place. Businesses should proactively set up account recovery options, such as secondary email addresses or phone numbers, and ensure they are regularly updated and easily accessible. This enables swift recovery and minimizes potential downtime.
3. Monitor Account Activity Regularly monitoring account activity can help detect suspicious behavior early on. Businesses should stay vigilant by regularly reviewing login history, monitoring posts and messages, and promptly addressing any unauthorized or suspicious activity. Implementing account activity alerts can provide real-time notifications of potential security breaches. 4. Implement Endpoint Security Physically regularly monitoring account activity is not plausible all the time. This is made more difficult with the increasing sophistication and complexity of cyber threats. Hence, traditional security measures like firewalls and antivirus software are no longer sufficient to protect against these advanced threats. . To protect against advanced cyber threats, implementation of endpoint security solutions, such as Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR), are essential as they are designed to provide a more comprehensive and proactive approach to security by detecting and preventing breaches at the device level. It is highly recommended to use both EPP and EDR, as they are complementary solutions. 5. Educate Yourself And Employees on Security Practices You and your employees must be educated about cybersecurity best practices, particularly when it comes to social media account management. Training programs should cover topics such as identifying phishing attempts, recognizing suspicious links or attachments, and reporting unusual account behavior. By fostering a culture of cybersecurity awareness, businesses can empower their employees to be the first line of defense against cyber threats. 6. Establish Communication Channels with Social Media Platforms Maintaining open lines of communication with social media platforms is crucial for timely support and resolution in the event of an incident.This is important even if sites such as Meta, is slow to take action or has a lack of support. Businesses should still familiarize themselves with the platform's support options, including dedicated security contacts or reporting mechanisms. Being proactive in establishing these connections can expedite the response process and minimize the impact of an attack. Also it allows you to understand the capability of each platform, and take the appropriate security measures. Takeaway The unfortunate experiences of businesses that fell victim to hackers seizing their Facebook account serves as a valuable lesson for organizations of all sizes. By implementing strong authentication measures, establishing account recovery procedures, monitoring account activity, implementing endpoint security solutions, educating employees, and maintaining communication channels with social media platforms, businesses can enhance their cybersecurity posture and better protect their online presence. In an ever-evolving digital landscape, businesses must remain vigilant and proactive in defending against cyber threats. By prioritizing cybersecurity practices, businesses can safeguard their digital assets, preserve their reputation, and continue to leverage the benefits of social media platforms for growth and success. Securing Your Business With TAFA With today’s cyber environment, cybersecurity solutions that prevent zero-day and advanced cyber threats are essential to your cybersecurity strategy. There are many cybersecurity solutions that exist in this space, therefore selecting the right cybersecurity protection solution is necessary to prevent and block cyber attacks and threats. With our prevention first and zero-trust approach to security using Machine Learning (ML) and Artificial Intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. With our comprehensive customized vulnerability assessment and penetration testing (VAPT) service, not only do we ensure the safety and security of your organization’s operation and data, but also we ensure that you will meet the required industrial and regulatory compliances. To learn more information about TAFA Shield and our VAPT service, and how we can help your company, do not hesitate to contact us for more information. Related Topics 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company Insider Threats: What Is It & Best Practices Why do businesses need to be cyber secure? Is it as important as emphasised everywhere?
Back to Blog
Last week has once again been dominated by MOVEit data-theft attacks - the list of victims is growing and it includes the U.S. government, universities, private companies and hospitals. Not only that, impersonation campaigns are rampant, from impersonating brands to cybersecurity researchers that publish fake POC to push malware to impersonating popular web portals. Additionally, Capita has been sent their 1st letter of claim, Chilean Army’s documents leaked and a joint advisory from 7 nations were issued warning about LockBit, the world’s top ransomware threat.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Clop ransomware gang has started to exploit MOVEit data-theft victims. The Clop ransomware gang has listed 13 companies on a data leak site but it was not stated if they were related to the MOVEit transfer attacks or were ransomware encryption attacks. 5 of the listed companies, Shell, United Healthcare Student Resources (UHSR), Landal Greenparks, Heidelberger Druck the University of Georgia (UGA) and University System of Georgia (USG) have confirmed that they were impacted by the MOVEit attacks. Shell stated only a small number of employees and customers were impacted, and Landal stated that approximately 12,000 guests’ names and contact information were accessed. UGA, USG and UHSR stated they are still investigating the attack, and will disclose any discovered breaches. Heidelberger Druck, a German printing company, stated their analysis indicated no data breach had occurred. Putnam Investments, also listed on the data leak site, stated they were still looking into the matter. Other companies that had already disclosed MOVEit Transfer breaches include, Zellis (which impacted BBC, Aer Lingus, Boots and Ireland’s HSE), the University of Rochester, the government of Nova Scotia, the U.S. state of Missouri, the U.S. state of Illinois, Ofcam, BORN Ontario, Extreme Networks and the American Board of Internal Medicine. However, the Clop ransomware gang has stated that any data from the military, children’s hospitals and the government has been erased. Millions of Oregon and Louisiana state IDs accessed in MOVEit breach. The Oregon Department of Transportation stated that threat actors have accessed about 3.5 million residents’ personal information. They have stated that this has impacted individuals who have an active Oregon ID or driver’s license. The Louisiana Office of Motor Vehicles have announced that they believe all residents with a Louisiana driver’s license, ID or car registration likely had their data exposed. They stated that personal information accessed includes the name, address, social security number, birth date, height, eye color, driver’s license number, vehicle registration information and handicap placard information. However, the agency did state that there is no indication that Clop used, sold, shared or released any of the stolen data, and must have deleted the stolen data as Clop ransomware gang promised in their earlier announcement to erase any stolen government data. The U.S. Energy Department got 2 ransom notices due to MOVEit data-theft attack. The U.S. Department of Energy has received ransom requests from the Clop ransomware gang at both their nuclear waste facility and scientific education facility. The DOE contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, which is the New Mexico-based facility for disposal of defense-related radioactive nuclear waste were hit in the MOVEit data-theft attack. The ransom requests to DOE were via emails, and were sent to each facility. However, the Clop ransomware gang has stated that any data from the military, children’s hospitals and the government has been erased. First legal Letter of Claim has been sent over Capita’s mega breach. Barings Law has stated they have sent a Letter of Claim to Capita last week which outlines their clients’ case and their list of worries. This was due to the high profile data-theft attack in late March that exposed some of their customers’ personal data such as, their passports, emails and home addresses, to threat actors. About 250 people, who suspect that they were victims of the data breach, have signed up the class action, and Barings stated they have been receiving up to 40 calls a day from concerned parties, including local councils. A Barings spokesman stated that Capita has 3 months to reply to the Letter of Claim, and no papers have been served with a court yet. Chilean Army’s documents leaked by Rhysida ransomware gang. Rhysida’s ransomware gang have leaked what they claim to be documents stolen from the network of the Chilean Army. The leak occurred after the Chilean Army confirmed on 29 May that their systems were impacted in a security incident during the weekend. The Rhysida ransomware gang has published 30% of the data (about 360,000 documents) they claimed to have stolen from the Chilean Army’s network. U.S LockBit victims alone paid over $90m in ransoms since 2020. In a joint security advisory issued by cybersecurity authorities in the U.S., Australia, Germany, France, the UK, Canada and New Zealand, have placed an alert on LockBit, a ransomware-as-a-service gang as well as protection tips. The nations also urged victims not to give into the ransomware gang’s demands. LockBit was globally the most used ransomware in 2022, and as of 2023 so far. It was found that LockBit has cost U.S. victims alone more than $90 million from around 1,700 attacks since 2020. Additionally, LockBit made up 18% of reported Australian ransomware incidents, 22% of Canada’s attributed ransomware incidents, 23% of New Zealand’s reported ransomware incidents, and 16% of the U.S. State, Local, Tribal and Tribunal government ransomware incidents. Massive impersonation campaign targets over 100 brands including Nike, Puma and Doc Martens. A massive brand impersonation campaign that targets over 100 popular apparel, clothing and footwear brands has begun since June 2022. It has tricked people into entering their account credentials and financial information on fake websites. Brands affected by this campaign include but not limited to Nike, Pima, Adidas, Casio, Crocs, New Balance, Tommy Hilfiger, Reebok, Doc Marten, and others. Peak phishing activity occurred between November 2022 - February 2023, but the campaign is still ongoing. Perpetrators registered thousands of domains to target unsuspecting customers, and trick them to make purchases on their websites. Victims either never received the promised products or are sent cheap quality knock-offs. Furthermore, the victim's personal information was also compromised. North Korean hackers mimic popular web portal. North Korean hackers have created a fake website that looks almost exactly like the popular South Korean web portal, Naver. The National Intelligence Service (NIS) issued a warning last week, urging people to refrain from accessing the website called “Naver Portal”' and are currently working with overseas organization to track down the activity of the group. NIS did not disclose how many people have fallen victim t Fake POC exploits for zero-day vulnerabilities published on GitHub that push Windows and Linux malware. Hackers are impersonating cybersecurity researchers on GitHub and Twitter to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware. These fake POC are published by “researchers” at a fake cybersecurity company called “High Sierra Cyber Security’ who promote the GitHub repositories on Twitter to target cybersecurity researchers and firms that do vulnerability research. These repositories look legitimate and they impersonate real security researchers from security firms such as Rapid7, even using their headshots. They maintain accounts on Twitter to help increase their legitimacy to their research and their GitHub repositories, and also to attract more victims via social media platforms. VulnCheck discovered this campaign, and reported that it has started at least since May 2023. They have promoted supposed exploits for zero-day flaws in Chrome, Whatsapp, Discord, Microsoft Exchange and Signal. All repositories host a Python script that acts as a malware downloader for Linux and Window systems. Success of this campaign is unclear, however VulnCheck stated that the threat actors appear persistent, whereby they will create new accounts and repositories when the existing ones get reported and removed. As for the time of writing, these Github repositories should be avoided:
Back to Blog
The Common Signs Of Being Cyberattacked16/6/2023 In today's digital age, the threat of cyber attacks looms large, and it's crucial for individuals and organizations to be aware of the common signs that indicate they may be under attack. Cybercriminals employ various tactics to infiltrate systems, steal sensitive information, or disrupt operations. By recognizing the red flags of a cyber attack, you can take prompt action to mitigate the damage and protect yourself from further harm. In this article we'll explore the common signs that indicate you might be under a cyber attack and provide insights on how to respond effectively. Common Signs of A Cyberattack These are the usual tell-tale signs that indicate that you or your organization have been cyberattacked.
Responding to a Cyberattack
Takeaway
Being aware of the common signs of a cyber attack is essential for individuals and organizations to protect themselves from potential harm. By recognizing the signs of unusual account activity, unexpected slowdowns, suspicious emails, unexpected pop-ups, and unexplained changes in system settings, you can take proactive steps to safeguard your digital security. Regularly updating and patching software, using strong and unique passwords, enabling multi-factor authentication, and educating yourself about common cyber threats are key practices to minimize the risk of falling victim to cyber attacks. As it is said “Prevention is Always Better Than A Cure”. Remember, staying vigilant and promptly responding to any suspicious signs can make a significant difference in preventing or mitigating the impact of a cyber attack. Related Topics Why do businesses need to be cyber secure? Is it as important as emphasised everywhere? 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company
Back to Blog
The healthcare sector needs to start taking cyber threats seriously. In recent years, the healthcare industry has faced an alarming rise in cyber threats, with healthcare organizations becoming the top targets for ransomware gangs. It has been found that in 2022, healthcare organizations experienced 1,426 attacks PER WEEK - this is a 60% increase from the previous year. This growing trend raises serious concerns about patient safety, data privacy, and the integrity of critical healthcare systems. The recent ASL 1 Abruzzo cyberattack shows the impact cyberattacks has shown that these significant concerns must be taken seriously. In this article, we will explore the importance of cybersecurity in healthcare, the common cyber threats healthcare organizations experience, and the urgent need for robust measures to protect this vital sector. Following this, we will expand on the best practices for healthcare organizations to follow. Why Healthcare Urgently Needs To To Take Cybersecurity Seriously 1. Healthcare as a Prime Target: Healthcare organizations possess a wealth of valuable data, including medical records, personal information, and financial data, making them lucrative targets for cybercriminals. Ransomware gangs, in particular, have increasingly focused their attention on healthcare due to the potentially life-threatening consequences of disrupting essential services. 2. Patient Safety at Stake: “It is time to view cyber attacks on hospitals as threat-to-life crimes, and not financial crimes” - John Riggins Cyber attacks on healthcare systems can have dire consequences for patient safety. Disruption or manipulation of medical devices, electronic health records, or medication delivery systems can result in delayed treatments, misdiagnoses, or even life-threatening situations. From the Ponemon Institute report of IT security professionals in the healthcare sector: 64% of respondents reported delays in procedures and tests; 24% of respondents reported an increase in mortality rates; 59% reported longer patient stays; 50% of respondents said there was an increase in patients transferred to other facilities. Protecting patient safety is a paramount concern that underscores the importance of cybersecurity in healthcare. 3. Data Privacy and Confidentiality: The healthcare sector handles sensitive patient information, including medical histories, test results, and personally identifiable information (PII). Breaches or unauthorized access to this data can lead to identity theft, fraud, and other devastating consequences for patients. Robust cybersecurity measures are crucial to safeguard patient privacy and maintain public trust in the healthcare system. 4. Disruption of Digital Care Systems: Healthcare providers heavily rely on digital systems and networks to deliver essential services. Any disruption or compromise of these systems can result in significant downtime, impacting patient care and causing financial losses. Implementing strong cybersecurity measures ensures the continuity of care and prevents interruptions that can jeopardize patient well-being. 5. Regulatory Compliance: Healthcare organizations are subject to strict regulations and compliance standards, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). These regulations mandate the protection of patient data and hold organizations accountable for security breaches. Failure to comply with these regulations can result in severe legal and financial consequences. Healthcare Industry Common Cyber Threats Healthcare organizations face a wide range of cyber threats. Some of the common cyber threats the healthcare organizations face include:
Best Practices For Healthcare Cybersecurity
Takeaway The healthcare sector plays a critical role in our lives, and ensuring its cybersecurity is of paramount importance. With healthcare organizations increasingly targeted by cyber attackers, the need for comprehensive cybersecurity measures cannot be overstated. By prioritizing patient safety, protecting sensitive data, and fostering collaboration, the healthcare industry can fortify its defenses and stay one step ahead of cyber threats, safeguarding both lives and critical healthcare systems. Cyber Security For Healthcare with TAFA Healthcare organizations are top targets for cyber threat actors, and they are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats and help ensure regulatory compliance. With our prevention first and zero-trust approach to security using machine learning (ML) and artificial intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics The Urgent Need for Cybersecurity in the Healthcare Industry: Lessons from the ASL 1 Abruzzo Cyber Attack. 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Ransomware - A Growing Problem & Best Practices For You And Your Company Insider Threats: What Is It & Best Practices Why do businesses need to be cyber secure? Is it as important as emphasised everywhere?
Back to Blog
Last week has been dominated by MOVEit data-theft attacks and their impacts on various organizations. Not only that, last week has been dominated by ransomware attacks and data theft in various countries and industries. Furthermore, vulnerabilities in various organization’s networks and systems that would be detrimental have been detected.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. Microsoft links Clop ransomware gang to MOVEit data-theft attacks. The Microsoft Threat Intelligence team announced that they have linked the Clop ransomware gang to recent cyber attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. The attacks are believed to have begun on 27th May, with BleepingComputer observing numerous organizations are having their data stolen during the attacks. Clop ransomware gang has also confirmed that they are behind the MOVEit Transfer data-theft attacks. Although Clop did not share how many organizations were breached, they did notify BleepingComputer that if the ransom were not paid, victims would be displayed on their site. They also confirmed that they have yet not to extort the victims. They also told BleepingComputer that any data from the military, children’s hospitals and governments were deleted. Another confirmed huge U.S medical data breached after Fortra cyber attack. Intellihartx, a Tennessee-based company that handles patient payment balance and collections has filed with the Maine attorney general’s office that 489,830 patients personal information were stolen during the Fortra mass cyberattack, which was their vendor. Personal information stolen were the patient's names, addresses, birth date and social security numbers. Other information stolen were the patient's medical billing, insurance information, diagnosis and medication. Clop ransomware group claimed responsibility for the mass ransomware attack on Fortra’s GoAnywhere file-transfer software. This mass attack has affected more than a hundred organizations, including Hatch Bank (digital financier), Rubrik (security giant) and the City of Toronto. To add on, millions of patient’s health information were also stolen during this mass attack with NationBenefits patient’s data stolen. Impact of Clop’s ransomware attack prompted the U.S Department of Health and Human Services to publish an alert to warn that Clop was targeting the healthcare industry. University of Manchester cyber attacked - data ‘likely’ stolen. University of Manchester have warned staff and students that they suffered cyberattack whereby it is likely that the hackers have likely stolen data from the University’s network. University of Manchester discovered the breach on 6th June, and had immediately launched an investigation. As of 11 June, staff and students are not required to reset their passwords, but they highly advised staff and students to be vigilant against any potential phishing attacks. The University of Manchester has also announced that this data breach is unrelated to the recent MOVEit transfer cyber attack or the associated data breach at Zellis. Cortina Watch’s data leaked by hacker - includes customer’s details and sales tactics. The cyberattacker that stole Cortina Watch’s data via illegally accessing one of their servers, has carried out the threat to release the information online which includes customers’ contacts and addresses. This was after Cortina Watch did not engage with the cyberattacker, and did not pay the ransom of US$50,000. It was found that more than 7GB of data, which includes details of customers, staff, vendors and the company’s operations, were uploaded on a file-sharing site on Thursday. Personal information leaked included customers’ contact information, addresses and birth dates. This exposed information included the names of at least 12 Malaysian datuks. Details exposed in the leak were also usernames and passwords for company and staff accounts, with many administrator accounts sharing the same password. Furthermore, the company’s watch inventory, sales tactics and orders were also uploaded. British Airways, the BBC, Boots and Aer Lingus breached due to MOVEit transfer vulnerability. British Airways, the BBC, Boots and Aer Lingus, has been data breached due to the MOVEit mass data-theft attacks, which has impacted Zellis, a UK-based payroll provider. Zellis confirmed that 8 of their clients were impacted, which included the 4 companies listed above. The total exposed employee data were over 100,000. Exposed data included all data employees provided for payroll purposes which included employees’ names, addresses, birth dates, UK National Insurance number, bank details and phone number. The BBC has confirmed that company ID and national insurance numbers were compromised but they did not believe that their employee’s bank details had been exposed. Current and former staff at Aer Lingus were also affected, although the airline stated that no phone numbers, and no financial or bank details were exposed in this incident. Eisai, a pharmaceutical company, discloses a ransomware attack. Eisai, a Japanese pharmaceutical company, was hit by a ransomware attack last Saturday night. After which, Eisai set up a company-wide task force, and are working with external experts and law enforcement officials. The company is currently investigating if there was a possibility of data leaks. As a response to the cyber attack, Eisai has taken some of their computer systems, both in and out of Japan, offline. Goldheart, a jewellery chain, data breached - almost 42,000 customers affected. Goldheart, a jewelry chain under Catalist-listed Aspial Lifestyle, announced on 5th June that they were data breached. This affected close to 42,000 of their customers that were logged prior to November 2022. Personal information exposed included customers’ names, addresses, emails, phone numbers and birth dates. Although luckily, no financial data such as credit card information or passwords has been compromised. Goldheart has stated that they had launched an investigation, and has also taken steps to mitigate any further illegal access. This included suspending their e-commerce website, securing their systems, and working with external experts and relevant authorities. Goldheart had also notified all affected customers of the incidents, as well as the Personal Data Protection Commissioner, and reported the incident to the police. Honda API flaws exposed customers’ data, internal documents and dealer panels. Honda’s e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. This would allow anyone to access unrestricted admin-level data access on the firm’s network. This flaw was discovered by Eaton Zveare, a security researcher, who had breached Toyota’s supplier portal a few months back by leveraging similar vulnerabilities. Information exposed included:
This was reported to Honda on 16 March 2023, and on 3rd April 2023, Honda has confirmed that all problems had been resolved. Microsoft’s Azure portal down following claims of DDoS attacks. The Microsoft Azure Portal is down as a cyber attacker claims to be targeting the site with a DDoS attack. Although the website portal is down (error notifications when customers tried to access the portal), the mobile app appears to be unaffected. The Microsoft Azure status page stated that they are aware of the incident and were attempting to mitigate the issue. As of 9th of June, the Azure portal appears to be live again and stable. Microsoft has not disclosed the underlying reason for the outrage, other than stating that they applied more load balancing processes to the service. This was not the only DDoS attack on Microsoft this week, whereby other Microsoft web portals for Outlook.com and OneDrive also suffered outrages at the same time.
Back to Blog
In today's interconnected digital landscape, external threat actors pose significant risks to organizations across various industries. Not only affecting their security but also their operations, reputations and consumer trust. A Summary
What are External Threat Actors? These threat actors are individuals or groups outside an organization who seek to exploit vulnerabilities for financial gain, disruption, or unauthorized access to sensitive information. This includes former employees, lone hackers, criminal groups, and government entities. In this article, we will delve into the world of external threat actors, understand their motivations, and explore effective strategies to mitigate their impact. Types of External Threat Actors
External Threat Actors’ Risks to Organizations
Mitigation Strategies
Takeaway External threat actors present an ongoing challenge to organizations of all sizes and sectors. Not only do they affect organizations’ security but also affect their operations, reputations, and customers' trust. By understanding their motivations and employing proactive mitigation strategies, organizations can enhance their security posture and protect against the ever-evolving threat landscape. A comprehensive approach involving technological defenses (e.g implementing strong cyber security, regular VAPT assessments, secure remote access), employee education, incident response planning, regular data backups, and continuous monitoring can significantly reduce the impact of external threats and safeguard sensitive data and critical systems. Securing Your Organization With TAFA With today’s cyber environment, cybersecurity solutions that prevent zero-day and advanced cyber threats are essential to your cybersecurity strategy. With our prevention first and zero-trust approach to security using Machine Learning (ML) and Artificial Intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. With our comprehensive customized vulnerability assessment and penetration testing (VAPT) service, not only do we ensure the safety and security of your organization’s operation and data, but also we ensure that you will meet the required industrial and regulatory compliances. To learn more information about TAFA Shield and our VAPT service, and how we can help your company, do not hesitate to contact us for more information. Related Topics Insider Threats: What Is It & Best Practices 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business Why do businesses need to be cyber secure? Is it as important as emphasized everywhere?
Back to Blog
ASL 1 Abruzzo, a local healthcare organization in the province of L'Aquila, has been hit by a cyber attack on 3rd May 2023 by a ransomware gang. According to ACN, the National Cybersecurity Agency, stated that this is one of the most serious cyber attacks in recent months. ASL 1 Abruzzo directly manages 4 hospitals distributed over 60 peripheral locations. The impacts of this cyber attack has been detrimental not only to data privacy but also operational continuity and patient safety. The ransomware gang has stolen over 50GB of data from the Abruzzo healthcare company. And has released an enormous amount of personal and sensitive data of patients assisted by the health facilities of ASL 1 Abruzzo on the dark web. Data published by the ransomware gangs includes:
Additionally, the healthcare company’s computer system as of 10 days after the attack, were still partially out of order. Causing disruption in booking visits, and in some hospital services and scheduled therapies. The recent ransomware attack on ASL 1 Abruzzo is a stark reminder of the urgent need for the healthcare sector to prioritize robust cybersecurity measures. This is especially the case with the escalation of cybersecurity threats and attacks occurring, particularly in the healthcare industry. More About Ransomware Ransomware is a malware that once installed on a computer system, makes it inaccessible. In practice, this malware is used to prevent the owner of the system from accessing their data, stealing it, and sometimes holding the stolen data for ransom. Ransomware attacks are common all around the world as cybercriminals do not need large economic resources or tools to carry out this attack. Also, the risk is small, as finding those responsible for the attack is not easy. Back to Healthcare Industry - Why So Vulnerable? The healthcare sector is among the most vulnerable to ransomware attacks as public employees are rarely asked to apply security measures and password management to protect themselves from these cyber threats. Also, there is little awareness of the risks and consequences of cyberattacks on their systems and operations in general. Furthermore, there are various access points to healthcare facilities’ information systems, and hiring technicians tends to be of lower priority - few technicians are hired to monitor safety. The healthcare sector are also ideal targets as they are more open to blackmail than companies – other companies can be temporarily stopped, but personal care cannot. “It is time to view cyber attacks on hospitals as threat-to-life crimes, and not financial crimes” - John Riggins Cyberattacks can have dire consequences for patient safety, data privacy and the integrity of critical healthcare systems. Below are a few best practices for healthcare organizations to ensure that they have robust cybersecurity, and to stay one step ahead of cyber threats. Best Practices For Healthcare Security 1. Implement Robust Security Measures: Healthcare institutions should deploy multi-layered security measures, including encryption, intrusion detection systems and endpoint security solutions such as Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR). These are essential as traditional security measures like firewalls and antivirus software are no longer sufficient to protect against these advanced threats. Regularly updating software and systems, patching vulnerabilities, and conducting vulnerability assessments can also help prevent and mitigate potential cyber threats. Vulnerability assessments are particularly important as they help provide you with details on any security vulnerabilities in your environment. 2. Educate and Train Staff: Healthcare personnel must be well-informed about cybersecurity best practices. Ongoing training programs should cover topics such as identifying phishing emails, creating strong passwords, and recognizing potential threats. Encouraging a culture of cybersecurity awareness among staff is vital for preventing human error-related breaches. This is particularly important with human error being one of the main cybersecurity risks for healthcare organizations. 3. Enhance Incident Response and Recovery Plans: Healthcare organizations should develop comprehensive incident response and recovery plans to minimize the impact of cyber attacks. These plans should outline clear steps to be taken during an incident, including communication protocols, containment procedures, and recovery strategies. 4. Collaborate and Share Information: Healthcare institutions should actively participate in information sharing and collaboration initiatives, such as ISACs (Information Sharing and Analysis Centers). Sharing knowledge about emerging threats and vulnerabilities enables the industry as a whole to stay one step ahead of cybercriminals. Takeaway The ransomware attack on ASL 1 Abruzzo serves as a sobering reminder that the healthcare industry must take cybersecurity seriously. Protecting patient safety, ensuring data privacy, and maintaining operational continuity are critical imperatives that require robust cybersecurity measures. By implementing best practices, fostering a culture of cybersecurity, and staying vigilant against evolving threats, the healthcare sector can better safeguard its digital infrastructure and provide safe and secure services to patients in an increasingly interconnected world. Cyber Security For Healthcare with TAFA Healthcare organizations are top targets for cyber threat actors, and they are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats and help ensure regulatory compliance. With our prevention first and zero-trust approach to security using machine learning (ML) and artificial intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. With our comprehensive customized vulnerability assessment and penetration testing (VAPT) service, not only do we ensure the safety and security of your organization’s operation and data, but also we ensure that you will meet the required industrial and regulatory compliances. To learn more information about TAFA Shield and how we can help your company, do not hesitate to contact us for more information. Related Topics Why do businesses need to be cyber secure? Is it as important as emphasized everywhere? 7 Types of Cybersecurity Measures SMEs Need to Protect Their Business |