learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Magellan Health

The target: Magellan Health, a for-profit managed health care and insurance firm

The take: Names, addresses, employee ID numbers, W-2 or 1099 details, social security and Taxpayer ID numbers, and in some cases, usernames and passwords for an undisclosed number of ‘current employees’.

The attack vector: After an initial round of phishing e-mails, attackers obtained user credentials and accessed internal systems, deploying software to capture login credentials for some staff, and exfiltrating personal employee information before deploying a ransomware attack on Magellan’s system some days later.

This example illustrates the cumulative and progressive nature of a breach, once initiated – no cyber-attack exists in isolation. Once an attacker has gained access to privileged accounts and systems, they can execute multiple attack vectors – exfiltrating sensitive data, and triggering a ransomware attack on internal systems, either to distract from their earlier activities or for purely financial gain. Security controls must be many and layered to ensure that a compromise of one can still be mitigated and contained.

Read more...

Alleged COVID-19 Scams Lead to Takedowns of More Than 1,000 Websites in Canada

2020-05-28

CTV: Canada’s top cybersecurity agency has initiated the takedown of more than 1,000 “malicious imitation” websites attempting to scam or misinform people about the government’s COVID-19 financial aid programs. It has also observed phishing attempts preying on people’s anxiety around the pandemic—some by state-sponsored actors— masquerading as messages from public health officials.

Read more...

CXOs Are the Weakest Link in Mobile Device Security and Most Likely to Suffer Cyber Attacks

2020-05-28

ZDNet: New research released today from Mountain View, CA-based security platform MobileIron has revealed that the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols, despite this group also being highly targeted by malicious cyber attacks. 

Read more...

Exchanges Are Taking Steps to Reduce Risk of Cyber-attacks, Says Industry Body

2020-05-28

Institutional Asset Manager: Cybersecurity is consistently in the top quartile of exchange and CCP focus, according to the WFE’s regular surveys of membership priorities. Across the membership, market infrastructures have dedicated time and resources to contingency planning and the associated cybersecurity requirements. These efforts are typically subject to regulatory and supervisory scrutiny, as well as in-house or external auditor stress testing. 

Read more...

Half of Employees Admit They Are Cutting Corners When Working from Home

2020-05-28

ZDNet: The coronavirus pandemic has forced both employers and employees to quickly adjust to remote working – and, often without the watchful eyes of IT and information security teams, workers are taking more risks online and with data than they would at the office.

Read more...

Bank of America Reveals Data Breach in PPP Application Process

2020-05-26

Charlotte Business Journal: The breach occurred on April 22, as BofA uploaded PPP applications onto the U.S. Small Business Administration's test platform, according to a filing with the California Attorney General's Office. The limited-access platform allowed lenders to test PPP submissions before the second round began.

Read more...

EasyJet Faces £18 Billion Class-action Lawsuit Over Data Breach

2020-05-26

ZDNet: Made public on May 19, easyJet said that information belonging to nine million customers may have been exposed in a cyberattack, including over 2,200 credit card records. 

Read more...

There is No Cybersecurity Silver Bullet

2020-05-21

BCW: Businesses of all sizes still harbour the belief that simply having a cybersecurity strategy and implementing the right policies is the complete answer to defending against cybercrime. However, the reality is that much more is needed to achieve strong defences in today’s heightened threat landscape. In fact, according to the recent UK government Cyber Security Breaches Survey 2020, almost half of UK businesses (46%) reported a cybersecurity breach or attack in the last 12 months.

Read more...

Know Your Breach: Covve

The target: Covve, an ‘intelligent contact management solution’.

The take: a 90GB database containing names, e-mail addresses, phone numbers, business names & titles, social networking links and personalized notes affecting more than 23 million individuals.

The attack vector: While this incident was, at its core, another all too familiar instance of an unsecured database left publicly exposed, the notable factor in this breach is that the personally identifiable information leaked wasn’t that of the service’s users. Since Covve is a contact management app, the names, contact details, notes and social networking handles that were publicly leaked all belong to individuals who do not and probably never have used the service.

From an individual standpoint, this breach highlights just how challenging it can be to maintain control over personal information – 23 million people, through no action of their own, saw their personal information exposed in this breach. From an organizational standpoint, again – a firm must be acutely aware of the kind of data they are storing and processing, and be able to ensure that it is being handled and protected in a manner commensurate to the sensitivity of that data.

Read more...

Forescout Commences Litigation Against Advent International

2020-05-20

GlobeNewswire: Forescout Technologies, Inc. (Nasdaq: FSCT), the leader in device visibility and control, filed a complaint with the Delaware Court of Chancery asserting that affiliates of Advent International Corporation (“Advent”) have violated the terms of their merger agreement with Forescout. Forescout is asking the Court to compel Advent to honor its commitments and immediately complete the pending acquisition of Forescout.

Read more...

Allianz Unit Names New Global Cyber Head

2020-05-20

Insurance Business America: Allianz Group has announced the appointment of Dr. Catharina Richter as global head of its Cyber Center of Competence (CoC). The appointment will take effect June 01.

Read more...

Virtual Cybersecurity School Teaches Kids to Fix Security Flaws and Hunt Down Hackers

2020-05-20

CNN Business: What started as a school-based program to teach kids a new skill is extending into a virtual cyber school. It's filled with lessons and games to teach users how to fix security flaws on webpages, uncover trails left by cybercriminals and decrypt codes used by hackers.

Read more...

Coronavirus Cyber Attackers Going After Hospitals

2020-05-20

The Sydney Morning Herald: Cyber attackers, including foreign governments, are taking advantage of the coronavirus pandemic to try to hack the computer systems of hospitals and medical services, the Australian government has warned.

Read more...

EasyJet Admits Data of Nine Million Hacked

2020-05-19

BBC: EasyJet has admitted that a "highly sophisticated cyber-attack" has affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit and debit card details "accessed".

Read more...

Charlesbank Invests $70 Million in Elbit Systems Subsidiary Cyberbit

2020-05-19

Reuters: Israeli defence firm Elbit Systems (ESLT.TA) said on Tuesday the Charlesbank Technology Opportunities Fund invested $70 million in Elbit’s commercial cybersecurity subsidiary Cyberbit.

Read more...

Cyber Attacks Are Increasingly All About Financial Gain

2020-05-19

CNN Business: A desire to steal money continues to be the leading motivator behind cyber attacks, according to Verizon's annual Data Breach Investigations Report.

Read more...

Know Your Breach: Norfund

The target: Norfund, a Norwegian state-owned Private Equity company.

The take: $10 million USD, diverted from a microfinance institution in Cambodia to a Mexican bank account.

The attack vector: Attackers gained access to Norfund’s e-mail system, likely via a phishing attack, and studied communication between Norfund and their partners. This allowed them to identify those responsible for money transfers, and create a false Norfund e-mail address to impersonate the individual authorized to wire large sums of money via their bank. The attackers diverted the payment intended for the Cambodian institute to a Mexican bank account, fraudulently created in the same name. The attackers delayed discovery of the fraud by over a month by continuing communication in both directions with both Norfund employees and the Cambodian institute, thereby ensuring that the banks would be unable to reverse the fraudulent transfer.

This is, unfortunately, yet another example of a sophisticated business e-mail compromise attack, wherein a very capable group of attackers used access to an internal system to learn the patterns, habits, and procedures of an organization and then proceeded to exploit them. Addressing complex threats like this one require complex and multi-levelled controls – user phishing training and two-factor authentication for e-mail accounts, monitoring of access to e-mail systems, and robust and layered controls around cash transfers that require multiple channels of verifiable communication.

Read more...

Cybersecurity ETF Sees 500% Inflow Surge as Pandemic Shoves More Work Online

2020-05-14

Financial News: The Covid-19 crisis has been a major headache for the asset management sector — most investment houses have bled heavy outflows and seen revenues plunge as investors wait out the turmoil.

Read more...

Merkel Warns Russia After Cyberattack on Her Email Account

2020-05-13

Bloomberg: German Chancellor Angela Merkel accused Russia of mounting what she called an “outrageous” cyberattack on her email account and floated the possibility of further sanctions against Moscow.

Read more...

Bam Construct and Interserve Hit by Cyber Attacks

2020-05-13

Construction News: A Bam spokesman said the business had “stood up well” after hackers gained access to parts of the company’s IT systems. He added it remained “business as usual” for its operations. The contractor has responded by taking a number of its systems offline, including its website, to neutralise the attack while also adding extra defences to guard against future hacks. Bam Construct has been assisted by its Dutch-based parent Royal Bam and external IT experts in responding to the incident.

Read more...

US Officially Warns China is Launching Cyberattacks to Steal Coronavirus Research

2020-05-13

CNN: The US Department of Homeland Security and the FBI issued a "public service announcement" Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical companies, calling it a "significant threat."

Read more...

Your Home Office Is a Hacker’s Paradise. Here’s Why.

2020-05-11

Institutional Investor: Just as the reality of the Covid-19 pandemic was setting in for many Americans, the Treasury Department’s Financial Crimes Enforcement Network issued an admonition advising “financial institutions to remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters.” 

Read more...

Deloitte Partners with Palo Alto Networks to Extend its Cyber Security Services

2020-05-11

ITPro: The aim of the freshly minted partnership includes expanding Deloitte’s managed security services portfolio for customers worldwide. This partnership will also include the integration of Cortex XDR, Cortex XSOAR (formerly Demisto) and Prisma Cloud solutions into Deloitte’s EMEA Cybersphere Center security catalog. 

Read more...

How to Protect Your Crypto from Cyber Attacks During COVID-19

2020-05-09

Coindesk: Unscrupulous hackers are socially engineering their way into financial systems and financial accounts. Well intentioned efforts to promote public safety are fostering prospective abrogation of personal data privacy.  At the same time, there are new areas of business opportunity for distributed ledger companies emerging from the crisis.

Read more...

Know Your Breach: SBA

The target: Small Business Administration (SBA), a US government agency that supports entrepreneurs and small businesses.

The take: Up to 8,000 applications for Economic Injury Disaster Loans may have been improperly exposed to other applicants, including such sensitive data as social security numbers, addresses, phone numbers, dates of birth, income and financial/insurance information.

The attack vector: A flaw in the caching configuration of the online loan application portal, implemented to accommodate increased demand, meant that when one applicant pressed the ‘back’ button in their web browser during the application process, they may have been served a page containing the application data belonging to another business.

Scalability of critical infrastructure is an essential component of web applications and electronic tools – sudden increases in demand for certain services are a reality in the face of the evolving COVID-19 pandemic. It is equally critical, however, that while considering system capacity, security controls are not weakened.

Read more...

150 People Lose Up to $10,000 of Super in Fraud

Federal Police Commissioner Reece Kershaw said a cybercrime team was investigating the fraud, which came to light on April 30.

Read more...

91% of People Know Password Reuse is Insecure, Yet 75% do it Anyway

2020-05-06

Security Magazine: LastPass by LogMeIn released findings of its third Psychology of Passwords global report, revealing that people aren’t protecting themselves from cybersecurity risks even though they know they should. Year after year there is heightened global awareness of hacking and data breaches, yet consumer password behaviors remain largely unchanged, says the report.

Read more...

Research: Women Are Better at Cybersecurity Than Men

2020-05-06

Dark Reading: Women are better at cybersecurity and protecting themselves online, new research by NordPass suggests. The survey revealed that women are more concerned about the potential harm of their personal online accounts being hacked. They also tend to use unique passwords more often than men.

Read more...

State-Backed Hackers Behind Wave of Cyberattacks Targeting Coronavirus Response, US and UK Warn

2020-05-05

CNN: The United States and United Kingdom issued a new advisory Tuesday warning of ongoing cyberattacks against organizations involved in the coronavirus response, including health care bodies, pharmaceutical companies, academics, medical research organizations and local government.

Read more...

SteelEye Offers Financial Firms Free Communications Surveillance Software to Monitor Remote Workers

2020-05-05

Institutional Asset Manager: As firms reopen their offices, reduced density rules are likely to prevail for some time, meaning a workforce that is spread between the office and home. Monitoring communications by staff working in multiple locations will require changes in compliance processes, which may prove challenging if access to on-premise technology is needed. 

Read more...

US Financial Industry Regulator Warns of Widespread Phishing Campaign

2020-05-04

ZDNet: The US Financial Industry Regulatory Authority (FINRA) has issued a rare cyber-security alert today warning member organizations of "a widespread, ongoing phishing campaign."

Read more...

UK’s Coronavirus Tracing App Strategy Faces Fresh Questions Over Transparency and Interoperability

2020-05-04

Tech Crunch: The UK’s data protection watchdog confirmed today the government still hasn’t given it sight of a key legal document attached to the coronavirus contacts tracing app which is being developed by the NHSX, the digital transformation branch of the country’s National Health Service.

Read more...

Know Your Breach: Sheffield City Council

The target: Council of the City of Sheffield in South Yorkshire, England

The take: 8.6 million records of vehicle movements, labelled with license plate numbers and millions of photographs from the county’s 100 surveillance cameras.

The attack vector: The city’s Automatic Number Plate Recognition (ANPR) system was left exposed and publicly available to anyone with an internet connection – furthermore, the internal dashboard on this exposed system employed absolutely no password protection or other method of authentication. Anyone with the public IP address of the system could immediately access and search the system by license plate number, potentially allowing bad actors to recreate the travel patterns and movements of individual citizens, minute by minute.

As we have previously emphasized, security controls must be commensurate with the level of sensitivity of data being stored, and must travel with that data throughout its lifecycle. When personally identifiable information is being collected and processed, best practise would prescribe multiple compensatory layers of protection, as consequences for breaches of such data can include falling afoul of the GDPR and privacy legislation in other jurisdictions.

Read more...

Spear-phishing Campaign Compromises Executives at 150+ Companies

2020-04-30

ZDNet: A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today.

Read more...

Cofense Announces Additional Investment by BlackRock and Appointment of Tom McDonough to Board of Directors

2020-04-29

Ai Thority: Cofense, the global leader in intelligent phishing defense solutions, announced the appointment of Tom McDonough to its Board of Directors as well as an additional investment from funds managed by BlackRock Private Equity Partners to support Cofense’s growth strategies. Initially inked in 2018 and expanded in 2019, Cofense’s continued partnership with BlackRock provides additional growth capital to advance research and development as well as further the company’s global expansion.

Read more...

Cybersecurity Staff are Being Transferred to IT Support. That's Adding to the Risk of Data Breaches

2020-04-29

ZDNet: The coronavirus pandemic has brought big changes to the cybersecurity industry, with the vast majority of security professionals now working from home – and almost half being reassigned to general IT support as organisations adapt to the challenges of remote working.

Read more...

86% of Companies Report Network Disruption Amid Remote Work Shift

2020-04-29

DARKReading: The global shift to remote work has caused a level of network disruption in 86% of companies, a new study shows. Of the organizations surveyed, 41% said they experienced moderate disruptions to network security practices, 23% saw major disruptions, and 22% said disruptions were minimal.

Read more...

IA Teams Up with US Firm to Tackle Cyber Crime

2020-04-27

Funds Europe: The UK’s Investment Association has set up a platform to help investment managers protect their firms against cyber security threats.

Read more...

Financial Sector is Seeing More Credential Stuffing than DDoS Attacks

2020-04-27

ZDNet: The financial sector has seen more brute-force attacks and credential stuffing incidents than DDoS attacks in the past three years, F5's cyber-security unit said in a report published.

Read more...

Why Cyber-security and Governance Should Go Hand in Hand

2020-04-23

The Asset ESG Forum: Ongoing worldwide lockdown measures have made working from home the norm, thus increasing the chances of being exposed to cyber-attacks and practices such as phishing - fraudulent messages that resemble e-mails from trusted sources.

Read more...