learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Gunnebo

The target: Gunnebo, a Swedish-based security firm.

The take: 38,000 sensitive company documents including: schematics of client bank vaults and surveillance systems, blueprints for monitoring and alarm equipment, and security function of Automatic Teller machines.

The attack vector: Compromised credentials to an employee’s Remote Desktop Protocol account which had a password of ‘password01’. While the confirmation of this particular RDP account’s role in the attack is unverified, security researchers highlight the extremely poor password hygiene here and infer this practice is likely widespread within the firm.

The breach highlights the critical important of robust password polices. Length, complexity, and aging standards for every company account are invaluable to preventing credential compromise.

Read more...

FBI Warns of "Imminent" Ransomware Attacks On Hospital Systems

2020-10-29

CBS News: Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

Read more...

6 Ways Passwords Fail Basic Security Tests

2020-10-28

Dark Reading: Humans are good at some things, like eating too many potato chips or getting annoying songs stuck in their heads. They're not so good at choosing edible wild mushrooms by appearance, for example, nor are they good at choosing strong, safe passwords. Unfortunately, that last item has some serious repercussions in the cybersecurity world.

Read more...

Cybersecurity Market Continues Meteoric Ascent

2020-10-28

IT-Online: According to the World Economic Forum, cybercrime damages are projected to reach $6-trillion in 2021, which would equal the GDP of the world’s third largest economy. Spending by enterprises on cybersecurity is continuing to grow, defying the pandemic-driven economic downturn impacting global IT spending.

Read More...

Half of Workers Admit to Opening Emails They Considered Suspicious

2020-10-27

GlobeNewswire: Mimecast Limited (NASDAQ: MIME), a leading email security and cyber resilience company, today released new research which highlights the risky behavior of employees using company-issued devices. More than 1,000 respondents in countries throughout the globe were asked about their use of work devices for personal activities and how aware they are of today’s cyber risks. The results highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained.

Read more...

Cyberattack Strikes Media-monitoring Company Used By Australian Government

2020-10-27

The Guardian: Isentia, which boasts it has “most government departments and large corporations” as clients in Australia, told the Australian Stock Exchange on Tuesday it is “urgently investigating a cybersecurity incident” that was “disrupting services” involving its media portal – a service customers use to see media reporting on them, or issues of interest to them, and find journalists.

Read more...

Francisco Partners Acquires Forcepoint from Raytheon

2020-10-26

MSSP Alert: Private equity firm Francisco Partners is acquiring cybersecurity company Forcepoint from defense contractor Raytheon Technologies. Financial terms of the deal were not disclosed. This is M&A deal 436 that MSSP Alert and sister site ChannelE2E have covered so far in 2020. See the full M&A deal list here.

Read more...

Applying Behavioral Economics To Investment In Cybersecurity

2020-10-26

Forbes: Data has often been called the most valuable commodity of the digital world or the most valuable resource (paywall) in the world. In modern economics, it has perhaps surpassed the traditional worth of gold. Some have even gone on to suggest that it is as real an asset as land is, and perhaps even a more profitable factor for production in terms of revenue potential.

Read more...

Know Your Breach: MAXEX

The target: MAXEX, an Atlanta-based residential mortgage trading company.

The take: 9GB of internal company and client data including: confidential banking information, login credentials, emails, penetration test reports, and full mortgage documentation for 23 individuals.

The attack vector: The breach took place due to an unsecured, publicly exposed Jenkins server. A server of this type is used in a variety of highly sensitive activities in the operation and development of software applications. Notably in this breach, MAXEX had stored login credentials in plain text with enough permissions to compromise many of its other systems.

This breach highlights the importance of properly securing data. Furthermore, it underscores the critical importance of credential management as a compromise in one system can easily lead to a pivot to other systems, which can have a cascading negative impact upon company and client data.

Read more...

New York Financial Watchdog Calls for Social Media Cybersecurity Regulator After Twitter Hack of Biden and Obama Accounts

2020-10-22

TechRepublic: The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense.

Read more...

McAfee Corp Shares Fall 7% In Nasdaq Debut

2020-10-22

Reuters: The stock opened at $18.60 per share, compared with its IPO price of $20 per share. At the debut price, the company was valued around $8 billion. McAfee priced its IPO towards the lower end of its targeted range between $19 and $22 per share.

Read more...

Middle Management is the Next Target for Phishing Attacks

2020-10-22

KnowBe4: Mid-level managers need to be particularly wary of targeted phishing attacks, according to Jenn Gast at INKY. Gast explains that criminals can easily conduct open-source research on a company’s organizational structure and craft spear phishing messages to trick its employees.

Read more...

Feds Say Russia and Iran Have Interfered with the Presidential Election

2020-10-21

CNN: Director of National Intelligence John Ratcliffe said Wednesday both Iran and Russia have obtained US voter registration information in an effort to interfere in the election, including Iran posing as the far-right group Proud Boys to send intimidating emails to voters.

Read more...

Nearly Two-thirds of Canadian Companies Failed to Report Cyber Breaches During COVID-19

2020-10-21

Yahoo Finance: Sixty-four per cent of organizations failed to report cyber breaches this year, over fears of reputational damage at a time when more customers are seeking service online, a cybersecurity expert explains.

Read more...

Using Chip Technology to Make Data Sharing Safer In Financial Services

2020-10-21

Security Magazine: Financial services institutions and banks around the globe face monumental challenges as they look to streamline service delivery for customer transactions, manage multi-party loan processes, collaborate on industry benchmarks and indices, and eliminate fraud and cybercrime. 

Read more...

New TAG Cyber Research Report Finds Rogue Devices Extremely Threatening to Financial Services Industry

2020-10-20

Cision: Sepio Systems, the leader in Hardware Access Control (HAC), today announced the availability of a new research note conducted with TAG Cyber, LLC, the leader in democratizing world-class cyber security research and advisory services, and co-authored by Sepio Systems, that claims rogue devices are posing severe threats to the financial services industry.

Read more...

Know Your Breach: Broadvoice

The target: Broadvoice, a Voice-over-IP service provider.

The take: 350 million total customer records of personally identifiable information including: full names, date of birth, phone number, and voice-mail transcripts with highly sensitive details such as medical records, loan applications, and mortgage information.

The attack vector: A misconfigured Elasticsearch database housing 10 separate clusters of data. There was no authentication or security in place meaning anyone with an internet connection could have full access to the data. These storage servers are easily discoverable with scanning tools available to administrators and malicious attackers alike.

The type of data exposed in this breach poses enormous risk for Broadvoice’s customers as the intricate details leaked, in voice calls and prescription records for example, would give phishing and fraud attacks a high chance of success. This breach demonstrates the extreme importance of securing access to a firm’s data. Proper authentication, monitoring, and credential management are some of the critical tools which can be implemented to prevent these occurrences.

Read more...

Cyber Security Cloud Releases Research Report on Personal Data Breach Incidents due to Unauthorized Access from October 2019 to September 2020

2020-10-16

Cision: The research covered 50 medium-sized personal data breach cases with a damage scale of more than 1,000 cases and less than 1 million cases caused by unauthorized access and categorized the personal data breach cases into eight industries: manufacturers, retail, services and infrastructure, software and telecommunications, trading companies, financial services, advertising/publishing/media, and government/public offices/organizations, based on the information of the companies that announced the breach.

Read more...

Cybercrime Money-launders Busted By European Police, FBI

2020-10-15

Yahoo Finance: European and American officials said Thursday that they have arrested 20 people in several countries for allegedly belonging to an international ring that laundered millions of euros stolen by cybercriminals through malware schemes.

Read more...

Parliament Beefs Up Cyber Security After Two Major Attacks in 2019

2020-10-15

The Sydney Morning Herald: Politicians and their staff face stricter rules around use of personal phones on parliamentary networks as it emerged a state actor was the likely culprit behind a second major cyber attack in 2019.

Read more...

Hackers Look to Buy Brokerage Log-ins On the Dark Web with Robinhood Fetching Highest Prices

2020-10-14

CNBC: For just a few dollars, criminals are selling credentials for customers of E*Trade, Charles Schwab, TD Ameritrade, Robinhood and others, according to New York-based security firm Intsights. The demand has only increased during the pandemic, according to the firm’s chief security officer Etay Maor.

Read more...

Livingbridge-backed Cybersecurity Business Adarma Reports Record Revenues of GBP41m

2020-10-13

Private Equity Wire: This is the seventh year of consecutive double digit growth for the Edinburgh and London-based business, and follows a 24 per cent rise to GBP32 million in 2018. It is the first year-end since mid-market private equity house Livingbridge supported an MBO in May 2019, and represents significant progress following the initial investment.

Read more...

McAfee Looks to Raise Up to $814 Mln in U.S. IPO

2020-10-13

O Canada: The company, which was carved out of Intel Corp four years ago, will sell nearly 31 million shares, while the selling stockholders will offer about 6 million shares in the IPO, according to a regulatory filing https://www.sec.gov/Archives/edgar/data/1783317/000119312520268184/d89887ds1a.htm.

Read more...

Security Firms & Financial Group Team Up to Take Down Trickbot

2020-10-12

DARKReading: Technology and security companies teamed up with the financial services and telecommunications industries to disrupt the command-and-control (C2) infrastructure used to manage the well-known Trickbot ransomware to infect more than a million computing devices, the firms behind the takedown.

Read more...

Know Your Breach: Snewpit

The target: Snewpit, an Australian-based news sharing platform. 

The take: 80,000 user records of personally identifiable information including: usernames, full names, email addresses, profile pictures, and log data detailing the amount time users spent on the app and other behaviour metrics.

The attack vector: The information was exposed on an improperly secured, and publicly accessible, Amazon Web Services server. Bad actors can locate these unsecured storage buckets very easily and the complete lack of security on the database means the records were open to anyone with an internet connection.

The combination of data exposed in this incident could lead to very targeted and successful scams by fraudsters. Personally Identifiable information helps these attackers build a complete profile of their victims, and in this case, the log data which outlined the actions taken by users on Snewpit’s app greatly increases the credibility of their scams, vastly increasing the chance they are successful. Data and credential management are critical for ensuring sensitive information is stored safely and securely.

Read more...

PwC Australia Creates Central Cyber Security, Digital Trust Team

2020-10-08

IT News: PwC Australia has created a new business unit bringing together cyber, digital trust and digital law teams from across the firm to bolster the services it offers clients navigating the cyber security and regulatory landscape.

Read more...

Drawbridge Sees Strong Growth in 2020

2020-10-06

Hedge Week: Drawbridge has continued to invest in its people, technology and customers throughout the year, working closely with clients to help them ensure security, continuity and safety during the unprecedented times that have resulted from Covid-19.

Read more...

New Research Finds Bugs in Every Anti-Malware Product Tested

2020-10-06

DarkReading: CyberArk tested products from multiple major security vendors, including Kaspersky, Symantec, Trend Micro, McAfee, and Check Point Software Technologies, and says it found vulnerabilities in every single one.

Read more...

New Research Shows Companies With Strong Cybersecurity Outperform the Market By Up To 7%

2020-10-06

Cision: BitSight, the Standard in Security Ratings, and Solactive, a German index engineering firm, today released new research demonstrating that a company's cybersecurity performance is an indicator of business performance.  Analysis shows that indices composed of well-performing BitSight-rated companies outperform their respective benchmarks by 1% to 2% annually.  For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7% per year. The findings are an endorsement for today's introduction of the Solactive BitSight Cyber Risk Index, a financial index that will enable investors to invest in companies who are top cybersecurity performers as measured by BitSight.

Read more...

SBAI Publishes a Toolbox Memo on Cash Handling & Cyber Security

2020-10-06

Institutional Asset Manager: Cyber-enabled fraud attempts are escalating and evolving, and the current remote working environment has created additional vulnerabilities that firms need to address. The memo, produced by the SBAI’s Governance Working Group, provides guidance on key controls that help protect managers’ payment processes. It also can be used as a tool for investors to evaluate these controls during due diligence.

Read more...

Six Cybersecurity Threats the Financial Services Sector Faces

2020-10-05

Security Magazine: Security teams in the financial services sector are experiencing even more exacting demands as they defend their organizations in a world under a new and unexpected threat — a global pandemic, says a new Accenture report, "2020 Future Cyber Threats: The latest extreme but plausible threat scenarios in financial services."

Read more...

Bottomline and Dow Jones Partner to Combat Financial Crime

2020-10-05

Institutional Asset Manager: Dow Jones’s risk data, including politically exposed persons (PEPs), sanctions lists and adverse media entities for the UK, Europe and the Asia Pacific, will flow through Bottomline’s cyber fraud and risk management platform. The additional intelligence will help identify internal and external threats and protect against criminal activity. The data inclusion can also help banks and corporates avoid incurring regulatory fines and reputational damage that often accompany fraud incidents by enabling them to identify suspicious transactions and stop payments fast.

Read more...

Know Your Breach: BrandBQ

The target: BrandBQ, a European fashion retailer. 

The take: 7 million customer records of personally identifiable information including: full names, email addresses, home addresses, date of birth, phone number, and payment records.

The attack vector: The data was exposed on an unencrypted and unsecured Elasticsearch server meaning anyone with an internet connection could have found the information and downloaded a copy. Along with customer information, an additional 50,000 records of relating to contractors who worked with BrandBQ were also stored on the server, exposing their purchase information and correspondence. Further mixed in were API logs relating to their mobile app, greatly increasing the range of possible exposure to over 500,000 affected users. 

Credential management and proper security around storage of data is critical for every business. In this case, the mixing of data all kept in one place compounded the severity of the breach as not only were BrandBQ’s customers made into vulnerable phishing targets, but their contractors are now also extremely susceptible to Business Email Compromise scams.

Read more...

Companies May Be Punished for Paying Ransoms to Sanctioned Hackers - U.S. Treasury

2020-10-01

Reuters: Facilitating ransomware payments to sanctioned hackers may be illegal, the U.S. Treasury said on Thursday, signaling a crackdown on the fast-growing market for consultants who help organizations pay off cybercriminals.

Read more...

To Hunt Hackers, FBI Works More Closely with Spy Agencies

2020-10-01

National Post: America’s top law enforcement agents and spies are teaming up under one roof as part of a new federal strategy to fight foreign hackers, senior FBI officials said in an interview.

Read more...

Anthem to Pay Nearly $40 Mln to Settle Data Breach Probe by U.S. States

2020-09-30

Financial Post: Anthem Inc said it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015.

Read more...

NZX Chief Information Officer Resigns Following Slew of Cyber Attacks

2020-09-30

Newshub: The chief information officer of the New Zealand stock exchange (NZX) has resigned and will leave the company at the end of 2020. David Godfrey's resignation follows a series of distributed-denial-of-service attacks (DDoS) which caused multiple crashes of the trading website.

Read more...

Ransomware Hits US-Based Arthur J. Gallagher Insurance Giant

2020-09-29

Bleeping Computer: US-based Arthur J. Gallagher (AJG) global insurance brokerage and risk management firm confirmed a ransomware attack that hit its systems. AJG is one of the largest insurance brokers in the world with more than 33,300 employees and operations in 49 countries.

Read more...

Tackling Cybersecurity Asset Management Challenges in the Public Sector

2020-09-29

Meri Talk: Given the Federal government’s rapid shift to telework since the onset of the COVID-19 pandemic and the larger attack surface that working from home creates, there is a significantly greater need for government to take a fresh look at addressing the most fundamental cybersecurity challenges.

Read more...

CyberSaint Launches Updates Supporting Financial Services Sector Cybersecurity Compliance and Risk Management Initiatives

2020-09-29

Business Wire: CyberSaint, the developer of the leading platform for automated, intelligent cybersecurity program management, today announced the availability of new features supporting the Financial Services Sector Cybersecurity Profile within the CyberStrong platform, including automated mappings between those standards and the NIST Cybersecurity Framework, FFIEC, and others.

Read more...