learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Lyons Companies Insurance Broker

The target: Lyons Companies Insurance Broker

The take: Personal customer information including names, date of birth, contact information, driver license numbers and financial records. Medical information such as patient identification numbers, diagnosis and treatment information, Medicare/Medicaid ID numbers, health insurance and claims information were also compromised, along with a small number of Social Security Numbers.

The attack vector: Attackers gained access to two Lyons employee email accounts between February and March of 2019, and used these credentials to access the above information and offload the sensitive data.

Stringent and robust employee password protocols and the implementation of two-factor authentication are paramount in providing a strong bulwark against account compromises.

Read more...

Stakeholders Seek Action Against Cyber Attack on Financial Institutions

 

2019-08-29

The Guardian: Internal Auditors and other stakeholders have emphasised the need for financial institutions to establish stiffer measures and proper monitoring to check incessant attacks on the cyberspace.For them, the organisations, particularly, financial institutions need to invest more in implementing additional security infrastructure and training of its personnel in cyber security.
 

OTP's Bulgarian Unit Fined for Data Breach Affecting Over 33,000 Clients

2019-08-28

Reuters: The personal data watchdog said the full names, addresses, copies of ID cards as well as bank account numbers and property deed data of 33,492 people who have taken loans from the bank had been improperly disclosed and accessed by third parties.

Read more...

French 'Cybercops' Dismantle Pirate Computer Network

2019-08-28

BBC: A team of French police dubbed "cybergendarmes" has destroyed a virus that infected more than 850,000 computers worldwide, authorities say.

Read more...

Serious Cyber Attack Could Trigger Full NATO Response, Says Jens Stoltenberg

2019-08-28

Sky News: A cyber attack such as the strike that brought down NHS hospitals in 2017 could prompt a response from all NATO countries, the alliance's general secretary has said.

Read more...

Banks Told to Tighten Data Security

2019-08-27

Financial Review: New Payments Platform Australia, the real-time system owned by the big four banks and 11 other financial institutions, is under pressure to explain how almost 100,000 customers' personal details were accessed as part of its second data breach in three months.

Read more...

Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024

2019-08-26

Business Wire: A new report from Juniper Research found that the cost of data breaches will rise from $3 trillion each year to over $5 trillion in 2024, an average annual growth of 11%. This will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm.

Read more...

CrowdStrike Launches $20 Million Falcon Fund to Invest in Cybersecurity Startups

2019-08-26

Tech Startups: CrowdStrike, a cybersecurity company that provides cloud-based endpoint protection, has launched a $20m early stage investment fund. Started in partnership with Accel, Falcon Fund will focus on seed and Series A investments in security startups that are building applications on the CrowdStrike Falcon platform.

Read more...

Know Your Breach: Hy-Vee

The target: Hy-Vee, a supermarket chain.

The take: 5.3 million cardholder accounts belonging to people from thirty-five mid-western U.S states. This led to the collection of a massive database which then went for sale on an underground website which sells credit and debit card data stolen from hacked merchants. This information can then be used to create counterfeit copies of the credit-debit cards, allowing the attackers to make profitable transactions.

The attack vector: Remotely installed card-skimming malware was used to compromise point-of-sale targets at Hy-Vee’s operated gas pumps, coffee shops and restaurants. The malicious software copied the data stored on credit or debit card’s magnetic stripe when they’re swiped at infected payment stations.

Read more...

Chinese Hackers Steal 6.8 Million Patient Records from an Indian Healthcare portal

2019-08-22

Business Insider: In a startling revelation, US-based cyber security firm FireEye said on Thursday that China-based hackers broke into a leading Indian healthcare website, stealing 68 lakh records containing key patient and doctor information and credentials.

Read more...

Banks Do Not Report Most Cybercrimes, Says Top Cop

2019-08-21

The Times of India: Banks tend to not report most cybersecurity-related incidents faced by them to law enforcement agencies, nor do they share information about breach attempts. As a result, investigators haven’t been able to fully equip themselves to handle and mitigate such cases. 

Read more...

BlackRock Unit Gets Approval to Take Russia-Linked Firm's Stake in Cybersecurity Company

2019-08-21

The Wall Street Journal: A national-security panel that oversees foreign investment in U.S. businesses approved the transfer of a stake in cybersecurity company Cofense Inc. from a Russia-linked private-equity firm to funds managed by BlackRock Inc.

People familiar with the matter said the Committee on Foreign Investment in the U.S., known as Cfius, gave its approval to the deal on Monday.

Read more....

Over $4bn Stolen from Cryptocurrency Exchanges in H1

2019-08-20

Funds Europe: Cryptocurrency thefts and scams have surged throughout 2019 so far, with criminals and fraudsters netting billions from users and exchanges as cybercrime techniques continue to evolve with the times.

Read more...

RBS Hides Natwest Data Breach from Customers

2019-08-19

The Times: Highly sensitive personal data, including banking details of more than 1,600 Natwest customers, has been left in a former employee’s home for more than a decade because the bank has been unable to reach an agreement on the safe return of the information.

Read more...

JVP, New York City Reveal $1M. Cybersecurity Challenge Finalists

2019-08-19

The Jerusalem Post: The cybersecurity competition, in partnership with the Mayor’s Office of the Chief Technology Officer (MOCTO) and the New York City Economic Development Corporation (NYCEDC), attracted over 160 cybersecurity start-ups from 18 countries, all presenting solutions to help small businesses protect themselves against cyberattacks.

Read more...

Temasek Ramping Up Focus on Cybersecurity Assets

2019-08-15

Asian Investor: The Singaporean state investor remains on the lookout for promising cybersecurity assets to complement its existing platform and provide more than just healthy investment returns.

Read more...

Know Your Breach: Suprema

The target: Suprema, a South Korean biometrics company.

The take: Unencrypted fingerprint data, facial recognition information and images, which are used to secure sensitive physical locations, user permissions and activity logs. Further to this, an additional 27.8 million records of data which included: client dashboards, usernames, passwords, ID’s, staff security levels and clearances, home addresses and emails; business hierarchies; mobile devices and operating system information.

The attack vector: An unsecured server accessed via web browser. This weakness let attackers manipulate the URL to expose huge amounts of unprotected data. Access to this information would allow: unauthorized changes to existing security settings within organization, lock out staff from their own systems, gain access to physical facilities, set up sophisticated phishing campaigns targeting senior personnel, and alter activity logs.

Read more...

ECB Shuts Down One of its Websites After Hacker Attack

2019-08-15

Reuters: The European Central Bank (ECB) shut down one of its websites on Thursday after it was hacked and infected with malicious software.

The ECB said no market-sensitive data had been compromised during the attack on its Banks’ Integrated Reporting Dictionary (BIRD), which it uses to provide bankers with information on how to produce statistical and supervisory reports.

Read more...

Most UK Financial Firms Hit by Cyber Attack in the Past Year

2019-08-15

Computer Weekly: The majority of UK financial companies are failing to prevent cyber security incidents, mainly because of employees failing to follow security policies and a lack of security budget, a survey reveals...

Read more...

Report: SEC Looking into First American Financial Corp.'s Leaky Website

2019-08-14

SC Media: First American Financial Corp. is reportedly the subject of a US Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public.

Read more...

Elizabeth Warren Calls for Investigation into FTC for ‘Misleading’ Equifax Data Breach Victims Over Compensation

2019-08-14

CNBC: Presidential contender Sen. Elizabeth Warren wants the Federal Trade Commission’s inspector general to open an investigation into the agency after it announced that victims of the Equifax data breach will get “nowhere near” the $125 compensation package originally advertised.

Read more...

Desjardins Spends C$70 Million Related to Data Breach

2019-08-12

Reuters: Canadian lender Desjardins Group said on Monday it spent C$70 million ($53 million) in the second quarter related to a data privacy breach earlier this year that exposed personal information of 2.9 million members.

The company offered the affected accounts a credit monitoring plan and identity theft insurance for five years, without any additional costs to those customers, Desjardins said.

Read more...

Russia's New Cyber Laws Will Fuel Online Crime, Claims Report

Computing: The report, entitled "The Dark Side of Russia: How New Internet Laws & Nationalism Fuel Russian Cybercrime", claims that Russia's new internet laws, which will come into effect on 1st November, will make it difficult for companies operating in Russia to protect both their communications and the privacy of their customers.

Read more...

Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone

2019-08-08

Forbes: Apple has massively increased the amount it’s offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. It’s by far the highest bug bounty on offer from any major tech company.

That’s up from $200,000, and in the fall the program will be open to all researchers. Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.

Read more...

Know Your Breach: Sark Technologies

The target: Sark Technologies

The take: Personal information of over 43,000 customers including: names, addresses, phone numbers, email address, encrypted card numbers and cardholder data.

The attack vector: A vulnerability within an image upload function of Sark Technologies’s reservation and management software, SuperINN. This allowed attackers to insert malicious scripts to export customer data to their own pockets. In addition, the hackers also identified another pathway of attack through a vulnerability in a SQL injection, using this to further extract sensitive cardholder data.

Read more...

The Government of Canada Advances Cyber Security Innovation and Cooperation

2019-08-07

The Government of Canada: the Government is announcing two initiatives to help advance Canada’s National Cyber Security Strategy: the release of a National Cyber Security Action Plan, and the re-launching of the Cyber Security Cooperation Program with $10.3 million available over five years to support initiatives in the area of cyber security in Canada.

Read more...

Cybersecurity Pros Name Their Price as Data Hacking Attacks Swell

2019-08-07

The LA Times: It took a $650,000 salary for Matt Comyns to entice a seasoned cybersecurity expert to join one of America’s largest companies as chief information security officer in 2012. At the time, it was among the most lucrative offers out there.

Read more...

MAS Issues New Rules to Strengthen Cyber Resilience of Financial Industry

2019-08-06

MAS: The Monetary Authority of Singapore (MAS) today issued a set of legally binding requirements to raise the cyber security standards and strengthen cyber resilience of the financial sector. The Notice on Cyber Hygiene sets out the measures that financial institutions must take to mitigate the growing risk of cyber threats.

Read more...

North Korean Cryptocurrency Heists Net Estimated $2 Billion: UN Report

2019-08-06

CNN: North Korea earned as much as $2 billion dollars through large-scale cyber attacks to help fund its weapons programs, a United Nations panel alleges in a new report.

The findings emerged as Pyongyang fired what are believed to be two short-range ballistic missiles early Tuesday, the fourth missile launch in less than two weeks.
 

Security Start-up Cybereason Raises $200 Million from Japan’s SoftBank

2019-08-06

CNBC: That brings the total amount of funds the start-up raised to $400 million since it was founded in 2012. Other backers include Lockheed Martin, CRV and Spark Capital. Cybereason did not disclose its valuation.

Read more...

Would You Trust a Criminal with Your Cyber Security?

2019-08-02

Computer Weekly: The UK cyber security services market is one of the most mature in the world. It has benefited from the development of a higher education system that generates significant numbers of cyber security professionals, a mature training market that allows people to cross-train, and well-structured career pathways to promote professional practices, underpinned by codes of conduct and ethics that are both meaningful and enforceable.

Read more...

Robert A. Cohen, Cyber Unit Chief, to Leave SEC After 15 Years of Service

2019-07-29

SEC: Mr. Cohen is the first Chief of the Cyber Unit, created in 2017. The unit focuses on violations involving digital assets and cryptocurrency, cyber-related trading violations such as hacking to obtain material nonpublic information, and cybersecurity disclosures and procedures at public companies and financial institutions. Previously, Mr. Cohen was Co-Chief of the Market Abuse Unit.

Read more...

Know Your Breach: Capital One Bank

The target: Capital One Bank

The take: Highly sensitive information of 106 million customers including: 140,000 Social Security numbers, 1 million Social Insurance Numbers for Canadian credit card customers, bank account numbers, credit card application data including scores, balances, limits and payment history, and some of transaction data.

The attack vector: A misconfigured firewall in Capital One’s AWS infrastructure allowed the attacker to clone data housed in cloud storage instances. The attacker employed VPN and anonymized browsing to execute the attack surreptitiously – but was ultimately found out when they bragged about the heist in public Slack channels. Capital One was notified of the breach via an e-mail tip with directions to a public Github repository where the attacker had archived some of the exfiltrated data. 

Read more...

BlackRock, Pamplona Talks Over Cybersecurity Firm Cofense Break Down

2019-07-31

The Wall Street Journal: BlackRock Inc. is no longer in talks with Pamplona Capital Management to take over the private-equity firm’s stake in cybersecurity company Cofense Inc.

Read more...

Capital One Breach Shows a Bank Hacker Needs Just One Gap to Wreak Havoc

2019-07-30

The New York Times: A single weak spot is all savvy hackers need. And they often find them. Already this year, there have been 3,494 successful cyberattacks against financial institutions, according to reports filed with the Treasury Department’s Financial Crimes Enforcement Network.

Read more...

Cyber Security Company Owner Arrested for Recent Personal Data Breach

2019-07-30

BTA: The owner of a cyber security company was arrested Tuesday morning for a recent personal data breach in the National Revenue Agency (NRA), sources of the prosecution office told BTA. He was remanded at Sofia Airport as he arrived from Istanbul. 

Read more...

Hacker Steals Data for More Than 100 Million Capital One Users, Then Brags About it and Gets Arrested

2019-07-30

BGR: Just as Equifax is settling an FTC case on the massive data breach from a couple of summers ago, Capital One had to come forward and admit that it suffered a massive breach of its own, affecting more than 100 million customers in America and Canada. The person responsible is already in custody, however, with the FBI saying she practically admitted everything online.

Read more...

HSCM-backed Insurtech Corvus Develops Silent Cyber Offering for Cargo

2019-07-26

Reinsurance News: Corvus Insurance, an AI-driven insurtech MGA backed by ILS and reinsurance investment manager Hudson Structured Capital Management (HSCM), has expanded its product line with an offering that focuses on silent cyber risks posed by cargo insurance policies.

Read more...

This Year, Phishing Causes Losses of $17,700 per minute And Ransomware Attacks Will Cost $22,184 Per Minute

2019-07-25

KnowBe4: Global losses to cybercrime total $1.5 trillion per year, which amounts to $2.9 million per minute, a new report by RiskIQ shows. Some of the largest companies are losing $25 each minute due to security breaches. Phishing campaigns accounts for losses of $17,700 per minute and ransomware attacks are expected to cost the world $22,184 per minute this year. 

Read more...

Cybersecurity Researchers Introduce New Model for Fighting Cybercrime in MIT Sloan Management Review Article

2019-07-15

Cision: As criminal innovation outpaces defensive efforts, cyberattacks are becoming more ubiquitous and sophisticated, and businesses, governments, and individuals are more vulnerable than ever. In a perspective-shifting new article, "Casting the Dark Web in a New Light" (MIT Sloan Management Review), cybersecurity researchers and scientists Keman HuangMichael Siegel, Keri Pearlson, and Stuart Madnick offer a new lens through which to consider cybercrime.

Read more...