learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Dave.com

The target: Dave.com, a digital banking app

The take: 7.5 million records of customer information including: real names, phone numbers, birth days and home addresses.

The attack vector: The breach at Dave.com was due to another breach at one of Dave.com’s third party service providers, Waydev (an analytics platform used by engineers), which in turn exposed Dave.com’s user data. The attackers used a blind SQL injection (an insertion of malicious code) to gain access to Waydev’s database and stole authorization tokens which let them penetrate Waydev’s systems and pivot to steal access to data from other firms, such as Dave.com.

This highlights the cascading negative effects cybersecurity incidents can have on companies which rely on third-party vendors for operation. Holding third-party vendors to an organization’s security requirements is a very challenging prospect. Vigilant monitoring and applying advanced analytics to watch for malicious activities are some of the proactive strategies used to pinpoint suspicious activity before it turns into a breach.

Read more...

The Impact of the COVID-19 Pandemic on Cybersecurity

2020-07-30

Businesswire: The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for hackers and online scammers, and cybersecurity professionals saw a 63 percent increase in cyber-attacks related to the pandemic, according to a survey released by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG). As the global impact of COVID-19 manifested itself in the middle of March, ESG and ISSA conducted an in-depth survey in April 2020 as a point in time assessment of challenges posed by the pandemic.

Read more...

Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft

2020-07-29

Coindesk: In a note to clients, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party. The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.

Read more...

Kaspersky Finds Lazarus is Now Operating its Own Ransomware

2020-07-28

Kaspersky: Incident analysis by Kaspersky of two cases in Europe and Asia has uncovered that VHD ransomware – first discussed in public in spring 2020 – is owned and operated by Lazarus, a prominent APT group. The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups.

Read more...

Senior Tory Says Chinese Hackers Ran Email Impersonation Campaign to Discredit Him After Criticism of Beijing

2020-07-28

PoliticsHome: Tom Tugendhat, chair of the foreign affairs select committee, said professional contacts received bizarre fake press releases, while friends and family were sent untrue claims about his private life.

Read more...

Garmin Hack’s $10M Ransom Payment, $10M Tax Deduction

2020-07-27

Forbes: Yet again, there has been a major cyber attack, this time of Garmin, the navigation company. It was hit by a ransomware attack on Thursday, leaving customers to wonder whether Garmin will pay $10 Million in ransom. In the case of some hacks, people and companies pay, since the cost of being frozen out can just be too big.

Read more...

Tony Blair Calls on Government to Investigate Moscow’s Alleged Interference in Brexit

2020-07-26

Independent: Releasing a 50-page document earlier this week, the Intelligence and Security Committee (ISC) warned that Moscow’s influence in the UK was the “new normal” and accused successive governments of not wanting to address the issue surrounding the 2016 vote with a “10-foot pole”.

Read more...

Know Your Breach: Benefit Recovery Specialists Inc.

The target: Benefit Recovery Specialists Inc, a Houston-based billing and debt collection vendor.

The take: 275,000 records of Personally Identifiable Information such as: name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. For a small number of the records, Social Security numbers were also leaked.

The attack vector: The attackers accessed BRSI’s systems with stolen employee credentials, and used their access to deploy malware internally. While not confirmed by BRSI, experts believe the description of the attack match those of a successful phishing campaign. BRSI’s IT systems hosted the malware for 10 days before the malicious activity was discovered.

This breach highlights the importance of regular employee training and education around common social engineering attacks. The records exposed in this incident, and similar data held by other medically related vendors, underscores the severity of this type of data exposure as it can lead to sophisticated identify theft. It also is a critical reminder for companies using third party vendors that their overall security posture is dependent upon the robustness of all the firms which hold their data.

Read more...

Ransomware Attack Locked a Football Club's Turnstiles

2020-07-23

ZDNet: The UK's National Cyber Security Centre has detailed the cyber threats faced by the elite sports industry – and revealed that more than 70% of sports institutions have been the victim of some kind of attempted cyberattack or hacking incident over the past 12 months.

Read more...

U.S. Offers $2 Million Reward In Global Search For Ukrainians Accused Of Hacking SEC Database

2020-07-22

Radio Free Europe: Artem Radchenko, 28, and Oleksandr Ieremenko, 28, acquired inside information on publicly traded companies by stealing test versions of quarterly and annual reports filed with the SEC but not yet available to investors, the Secret Servicesaid in a statement on July 22.

Read more...

Are Insurtech Startups Undervalued?

2020-07-22

Tech Crunch: In the heels Hippo’s funding round and our exploration of how the private markets appear to be more conservative than public investors at the moment, we’re asking a new question: are a bunch of insurtech startups undervalued?

Read more...

Fraudsters Clone FCA Register and Website

2020-07-22

Financial Times: Fraudsters have cloned the Financial Conduct Authority's website, including a page which encourages firms to register for online invoicing and pay annual fees. 

Read more...

COVID-19 Crisis Shifts Cybersecurity Priorities and Budgets

2020-07-21

McKinsey: Few corporate functions shifted priorities so much and so quickly when the COVID-19 crisis struck as corporate cybersecurity operations and the technology providers that support them did. As legions of employees suddenly found themselves in a work-from-home model, chief information-security officers (CISOs) adjusted, pivoting from working on routine tasks and toward long-term goals to establishing secure connections for newly minted remote workforces.

Read more...

Australian Industry Panel Calls for ‘Clear Consequences’ of Cyber Attacks

2020-07-21

Computer weekly: An industry panel appointed by the Australian government to provide inputs on the country’s 2020 cyber security strategy has called for clear consequences for cyber attacks targeted at Australia, among other recommendations.

Read more...

U.S. Says China Backed Hackers Who Targeted COVID-19 Vaccine Research

2020-07-21

NBC News: In the latest attempt to "name and shame" China’s government-sponsored cyber theft, the Justice Department announced an indictment Tuesday charging two Chinese nationals — both in China — with hacking governments, dissidents, human rights activists and private companies, including those engaged in COVID-19 vaccine research.

Read more...

Know Your Breach: Cashaa

The target: Cashaa, a British-based cryptocurrency exchange.

The take: $3 million USD in Bitcoin

The attack vector: The attackers compromised Cashaa’s systems by installing malware onto a company computer used to make their transactions. Once this malicious software was active, the attackers received a notification which informed them when one of Cashaa’s employees logged into the computer to make transfers from another crypto exchange site’s wallet. The hackers used their backdoor to access this wallet to drain the funds, receiving all 336 Bitcoin instead of the intended party.

The point of entry for an attack can have cascading consequences and this incident shows why securing company computers with proper malware detection is absolutely critical to strong cybersecurity. The breach which led to the malicious software being installed and the further monitoring failure which allowed the malware to send out notifications to the attackers, facilitated the theft.

Read more...

Russian Group Targeted COVID-19 Vaccine Research in Canada, U.S. and U.K., Say Intelligence Agencies

2020-07-16

CBC: The Communications Security Establishment (CSE), responsible for Canada's foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.

Read more...

Twitter Blames 'Coordinated' Attack on Its Systems for Hack of Joe Biden, Barack Obama, Bill Gates and Others

2020-07-16

CNN Business: Twitter accounts belonging to Joe Biden, Bill Gates, Elon Musk and Apple, among other prominent handles, were compromised on Wednesday in what Twitter said it believes to be an attack on some of its employees with access to the company's internal tools.

Read more...

2020: The Year of Increased Attack Sophistication

2020-07-15

Help Net Security: There was an increase in both cyberattack volume and breaches during the past 12 months in the U.S. This has prompted increased investment in cyber defense, with U.S. businesses already using an average of more than nine different cybersecurity tools, a VMware survey found.

Read more...

Advent Acquisition Of Forescout Back On, Price Cut By $4 Per Share

2020-07-15

CRN: Advent International and Forescout have called off their dueling lawsuits and agreed to move forward with an acquisition for $4 per share less than the deal initially proposed in February.

Read more...

Microsoft Shuts Down CEO Fraud Scheme

2020-07-14

ACS: Microsoft has taken legal action to bring down a sophisticated cyber fraud scheme that targeted CEOs in more than 60 countries around the world.

Read more...

Hacker Breaches Security Firm in Act of Revenge

2020-07-13

ZDNet: A hacker claims to have breached the backend servers belonging to a US cyber-security firm and stolen information from the company's "data leak detection" service.

Read more...

Know Your Breach: Clubillion

The target: Clubillion, an online gambling and casino app.

The take: Over 200 million user records containing the following personally identifiable information: emails, private messages, winnings, IP addresses, and movements in the app itself.

The attack vector: An unsecured Elasticsearch database hosted on Amazon Web Services was left unsecured and publicly accessible. Unlike other recent cases, this database was not a single static backup/archive of information, but was a live, ‘production’ database, constantly updated with up to 200M new records per day.

In addition to the usual phishing attacks that could be launched with access to personal information, the inclusion of app movement and the fact the exposed data was continuously updated makes highly targeted spear-phishing campaigns extremely likely to succeed. While it is always disappointing to see lapses in security around database backups, it is absolutely crucial that production systems housing sensitive data are adequately protected.

Read more...

More Than Half of Canadians Polled Say They Have Experienced a Cyber Crime

2020-07-09

CTV: A report from the Cybersecure Policy Exchange at Ryerson University in Toronto found 57 per cent of respondents in an online survey in May had encountered at least one cybercrime.

Read more...

Thoma Bravo Completes Exostar Acquisition

2020-07-08

DarkReading: Thoma Bravo, a leading private equity investment firm focused on the software and technology-enabled services sector, today announced the completion of its acquisition of Exostar, LLC, a leader in trusted, secure business collaboration.

Read more...

Dubai Launches Cyber Index to Promote Online Safety Standards

2020-07-08

Saudi Gazette: Sheikh Hamdan Bin Mohammed Bin Rashid Al Maktoum, crown prince of Dubai and chairman of the executive council of Dubai, on Wednesday launched the Dubai Cyber Index, an initiative aimed at supporting the efforts of Dubai’s government entities to ensure the highest standards of cybersecurity. The first initiative of its kind in the world, the index seeks to establish Dubai as the city with the safest cyberspace in the world.

Read more...

Financial Services Firms Accelerating Technology Transformation to Navigate the Pandemic, New Broadridge Study Finds

2020-07-07

Cision: More than half of financial services companies plan to accelerate implementation of their next generation technology strategies, according to a new global survey of 500 financial services C-Suite executives and their direct reports released today by Broadridge Financial Solutions, Inc. (NYSE:BR), a global fintech leader.

Read more...

Microsoft Takes Down Domains Used in COVID-19-Related Cybercrime

2020-07-07

Bleeping Computer: Microsoft took control of domains used by cybercriminals as part of the infrastructure needed to launch phishing attacks designed to exploit vulnerabilities and public fear resulting from the COVID-19 pandemic.

Read more...

Data Breach Fines Could Skyrocket This Year

2020-07-06

ITProPortal: The company that sells services related to data management claims to have polled 1,000 workers, coming to the conclusion that more than a third (37 per cent) expect both the number and value of fines to rise by 2025. Furthermore, six per cent expect a “dramatic rise”, while just three per cent expect the figures to fall.

Read more...

UK Cybercrime 'Doubled' in Last Five Years

2020-07-06

ITProPortal: A report by Beaming says that a quarter of UK businesses fell victim to cybercriminals last year, most of which were large enterprises. That’s roughly 1.5 million businesses, up from 755,000 back in 2015.

Read more...

Know Your Breach: V Shred

The target: V Shred, a Las Vegas based fitness company which sells fitness plans, nutrition advice, and supplements.

The take: The combined Personally Identifiable Information of 99,000 of customers and potential clients including: names, home addresses, email addresses, dates of birth, usernames and passwords, age, gender, citizenship status, and user photos.

The attack vector: All of this information was hosted on a very common problem, an unsecured Amazon Web Services storage server accessible to the public online. However, in this case, anonymous users were also able to access the information without login credentials making the breach wider and deeper.

The exposed information could lead to highly sophisticated phishing attacks, and crucially, the user photos to identity theft. Credential management around publicly available company data is paramount to robust cybersecurity.

Read more...

NAB Subsidiary Medfin was Targeted in Cyber Attack on 14 June

2020-07-03

IT Wire: Medfin, a subsidiary of the National Australia Bank that works with healthcare professionals, was hit by an attempted cyber attack on 14 June, the company's chief executive Paul Freeman says.

Read more...

Inside a Ransomware Attack: From the First Breach to the Ransom Demand

2020-07-02

ZDNet: Security researchers have revealed the anatomy of a ransomware attack, showing how cyber criminals gained access to a network and deployed ransomware  -- all in the space of just two weeks.

Read more...

Did a Chinese Hack Kill Canada's Greatest Tech Company?

2020-07-01

BNN Bloomberg: The documents began arriving in China at 8:48 a.m. on a Saturday in April 2004. There were close to 800 of them: PowerPoint presentations from customer meetings, an analysis of a recent sales loss, design details for an American communications network. Others were technical, including source code that represented some of the most sensitive information owned by Nortel Networks Corp., then one of the world’s largest companies.

Read more...

The More Cybersecurity Tools an Enterprise Deploys, the Less Effective Their Defense Is

2020-06-30

ZDNet: IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.

Read more...

Bitcoin Scam Exposes Thousands to Data Breach

2020-06-30

Coin Telegraph: Fraudulent websites successfully have stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain and more. The attack was executed as a targeted multistage Bitcoin (BTC) scam propagated by a number of fraudulent websites.

Read more...

Cybersecurity Spending Gets $1.35 Billion Boost in Wake of Online Attacks Against Australia

2020-06-30

ABC News: The Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency as part of what it says is Australia's largest-ever investment in cybersecurity.

Read more...

The University of California Pays $1 Million Ransom Following Cyber Attack

2020-06-29

Forbes: The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million (£925,000) to the criminals behind a cyber-attack on its School of Medicine.

Read more...