learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: The National Bank of Blacksburg

The target: The National Bank of Blacksburg

The take: $2.4 million

The attack vector: The attack began with a phishing email which let the hackers install malware on the compromised computer. This move let them disable and alter anti-theft and anti-fraud measures such as PIN’s, withdrawal limits, daily debit card usage limits and fraud score protections. Through their now unrestricted access to the bank’s internal account manager software, Navigator, the attackers modified or removed critical security controls. They then accessed hundreds of customer accounts to steal funds over a period of two days.

This incident highlights the profound impact one compromised system can have in the context of an organization’s overall security posture, and underscores the old adage – ‘a chain is only as strong as its weakest link’. While network and server-level protections are essential, firm must ensure that endpoint controls and user training are up to snuff.

Read more...

BMO Appoints Sri Dronamraju as Chief Information Security Officer

2019-12-19

Cision: Mr. Dronamraju will oversee the bank's global strategy for cyber security. Reporting to both Larry Zelvin, Head Financial Crimes, and Ken Librot, U.S. Chief Technology and Operations Officer, Mr. Dronamraju will have offices in Toronto and Chicago, with teams located in North AmericaAsia and Europe.

Read more...

19-Year Old Suspect Charged With $1 Million Crypto Heist via SIM-Swaps

2019-12-19

Coin Telegraph: A 19-year old man has been indicted for identity theft as part of an alleged $1+ million cryptocurrency heist affecting at least 75 victims in the United States.

Read more...

Russia Plans 'Sovereign Internet' Tests to Combat External Threats

2019-12-19

Reuters: Russia will carry out tests on Monday on the reliability of its domestic internet infrastructure in the event that the country is disconnected from the worldwide web, the communications ministry said.

Read more...

'We're Sorry': 15M LifeLabs Customers May Have Had Data Breached in Cyberattack

2019-12-18

CTV: Hackers may have obtained the personal data of 15 million LifeLabs customers after a systems breach, and this includes addresses, passwords, birthdays, health card numbers and even lab results.

Read more...

ASIC says Cybersecurity Risk Management is Improving in Aussie Financial Market

2019-12-18

ZDNet: Awareness and management of cybersecurity risk is improving in Australia's financial market, said the Australian Securities and Investments Commission (ASIC), but there is still room for improvement across the entire sector.

Read more...

Private Equity Firms to Acquire LastPass Parent for $4.3 Billion

2019-12-18

Cyberscoop: LogMeIn, the Boston-based software company that owns password manager LastPass, said it will sell itself to two private equity companies as part of a cash deal valuing LogMeIn at roughly $4.3 billion.

Read more...

Vladimir Putin 'Still Uses Obsolete Windows XP' Despite Hacking Risk

2019-12-17

The Guardian: Russian agents have been accused of worldwide hacking operations, but someone at the Kremlin has apparently forgotten to inform Vladimir Putin of the importance of cyber-security.

Read more...

Know Your Breach: Venture Capital

The target: A Chinese Venture Capital firm.

The take: $1 million.

The attack vector: The “man-in-the-middle” attack occurred when the Venture Capital firm transferred funds to an Israeli start-up company. The breach began with the threat actor creating two lookalike domains, both mirroring the VC firm and the Startup firm, but with an extra “s” at the end of the address. They then sent two emails, both posing as the VC firm’s CEO and as the start-up’s CEO, tricking both parties into sending sensitive banking information which the attacker then modified to hijack the money.

This coordinated attack highlights the critical need for human vigilance and the implementation of robust controls. Scrupulous validation of transactions where assets – funds or sensitive information - are being transferred is central to effective protection.

Read more...

This Password-Stealing Hacking Campaign is Targeting Governments Around the World

2019-12-12

ZDNet: A mysterious new phishing campaign is targeting government departments and related business services around the world in cyber attacks which aim to steal the login credentials from the victims.

Read more...

Iranian Bank Cyber Attack Leaves 15 Million Customers' Details Online

2019-12-12

The Jerusalem Post: Just a few weeks since Iranian protesters torched hundreds of bank branches throughout the country, the Islamic republic’s financial authorities are dealing with another threat: A cyber attack caused the bank details of millions of Iranians to be published online, The New York Times reported.

Read more...

North Korean Hackers are Working with Eastern European Cybercriminals

2019-12-11

Reuters: North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals, a report here said, a finding that suggests digital gangsters and state-backed spies are finding common ground online.

Read more...

Desjardins Says Employee who Stole Personal Data Also Accessed Credit Card Info

2019-12-10

CTV: The Desjardins Group says the employee who stole the personal data of 4.2 million members of the financial co-operative also gained access to information for 1.8 million credit card holders.

Read more...

The Cybersecurity of Banking and Finance

2019-12-10

Business 2 Community: Up until the early eighties, transactions at financial institutions were handwritten, calculated long-hand, and done without the aid of a computer or calculator. Fast forward many years and not only can we make deposits and automate our bills to be paid online, but many employees of financial institutions are starting to work remotely as well.

Read more...

Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies

2019-12-10

Security Week: Insurance is a fundamental aspect of business risk management used to spread or mitigate financial risk by transferring it to a third party.

Read more...

Britain Investigating Whether Leaked Trade Papers Were Hacked: Sources

2019-12-08

Reuters: British cyber security officials are investigating whether classified UK-U.S. trade documents that were shared online ahead of Thursday’s election were acquired by hacking or were leaked, two sources told Reuters.

Read more...

Know Your Breach: Sprint

The target: Sprint, an American telecommunications company.

The take: 261,300 documents, including phone bills and bank statements containing: names, addresses, phone numbers, and in some cases, screenshots with subscribers’ online usernames and account PINs.

The attack vector: A misconfigured cloud storage bucket was publicly exposed and not protected by a password, allowing anyone with internet access to download the contents. The misconfiguration was traced a marketing agency contracted by Sprint.

Any subsidiary or contractor which handles sensitive data is a potential breach source. Internal security controls must be extended to third parties handling a firm’s sensitive data.

Read more...

How Hackers Stole $1mn Fund Meant for Israeli Start-up

2019-12-06

The Economic Times: Tel Aviv, Researchers from cybersecurity firm Check Point have revealed how hackers stole $1 million seed funding sent by a Chinese venture capital firm to an Israeli start-up.

Read more...

U.S. Cracks Down on Russian 'Evil Corp' Hackers After $100 Million Spree

2019-12-05

Reuters: U.S. authorities on Thursday took aim at a Russian cybercriminal group known as Evil Corp, indicting its Lamborghini-driving alleged leader and ordering asset freezes against 17 of his associates over a digital crime spree that has netted more than $100 million from companies across the world.

Read more...

University of Ottawa Partners with IBM on new Cybersecurity Hub

2019-12-04

Ottawa Business Journal: Students and researchers at the University of Ottawa will now have access to tools and expertise on the cybersecurity sector from IBM Canada.

Read more...

The U.N. Passed a Russia-backed Cybercrime Resolution. That’s Not Good News for Internet Freedom.

2019-12-04

Washington Post: On Nov. 18, a United Nations committee passed a Russia-backed cybercrime resolution by a vote of 88 to 58, with 34 countries abstaining. Russia, Belarus, Cambodia, China, Iran, Myanmar, Nicaragua, Syria and Venezuela sponsored the resolution, titled “Countering the use of information and communications technologies for criminal purposes.” The United States said it is “disappointed with the decision.”

Read more...

The West Failed to Prepare for Cyber Attacks, Security Chief Admits

2019-12-04

The Telegraph: The West was slow to respond to the threat of cyber attacks, the chief of the NATO Cooperative Cyber Defence Centre (CCDCOE) has admitted.  

**Article may require a subscription**

Read more...

Are We Waiting for Cyber Earthquake Before Getting Our Act Together, says NCSC

2019-12-02

Business Standard: Cyber Security Coordinator (NCSC) Lt Gen (retd) Rajesh Pant raised concern over the lack of cyber-infrastructure in the country and said are we waiting for a cyber earthquake before getting our act together.

Read more...

Top Israeli VC Talks Cyber-Security, Diversity and ‘No Go’ Investments

2019-12-02

Tech Crunch: Israel is a powerhouse in both offensive and defensive cyber operations, with cybersecurity giants CyberArk, Check Point, and Illusive Networks  all founded in the country in recent years.

Read more...