The target: First Horizon Bank, a U.S based financial services company.
The take: An amount up to $1 million USD, and 200 online customer accounts with personally identifiable information.
The attack vector: The attacker used illicitly gained login credentials and exploited a vulnerability in third party security software, letting them access customer accounts and siphon funds. In additional to the funds stolen, the detailed personally identifiable data exposed is highly valuable for further phishing and fraud attacks.
This breach emphasizes the importance of controls around the authentication process – requirements for strong, unique credentials, and implementation of multiple factors of authentication wherever possible to mitigate stolen or brute-forced passwords. Third party software components in an authentication process must also be implemented properly, with security patches tested and applied in a timely manner to maintain a secure posture.
Financial Post: Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks.
CTV: A new report released by cybersecurity company Emsisoft estimates that ransomware demands increased by more than 80 per cent globally in 2020, with hundreds of millions of dollars estimated to have been paid out in ransoms in Canada alone.
Private Equity Wire: Cybersecurity cannot be a onetime implementation exercise. It requires ongoing management, review and maintenance. And although there has been significant growth in private equity (PE) managers adopting cybersecurity software and solutions, there is still considerable progress to be made.
RBNZ: The guidance outlines the Reserve Bank’s expectations around cyber resilience, and draws heavily from leading international and national cybersecurity standards and guidelines. The guidance applies to all entities the Reserve Bank regulates, including registered banks, licensed non-bank deposit takers, licensed insurers and designated financial market infrastructures.
DarkReading: In the aftermath of a data breach, ransomware attack, or vulnerability disclosure, organizations may think about how the news will cause their stock price to dip. New research indicates that although security incidents do affect stock price, the size of this impact largely depends on the circumstances — and rarely lasts.
Globe Newswire: Proofpoint, Inc., a leading cybersecurity and compliance company, today announced that it has entered into a definitive agreement to be acquired by Thoma Bravo, a leading private equity investment firm focused on the software and technology-enabled services sector, in an all-cash transaction that values Proofpoint at approximately $12.3 billion.
Forbes: Apple Mac users are being urged to update their macOS software now, as they’re at “grave risk” of hackers exploiting what’s been described as one of the worst vulnerabilities to affect the tech giant’s computers in years.
The target: Codecov, a software company which provides code testing and code statistics.
The take: Security tokens and keys for 29,000 customers and employees, admin credentials, and application source code.
The attack vector: Attackers gained access to Codecov’s ‘Bash Uploader’ script, a method of uploading unencrypted data to Codecov’s servers used by clients and employees, through a previously unknown vulnerability which let them extract credentials with authority to modify the script. They then used these credentials to have all data sent to Codecov also be sent to their third-party server.
This breach highlights the importance of securing and testing applications and processes which interact with a firm’s data storage. Wherever information is uploaded, either by clients or employees, the method used should be highly scrutinized to ensure its security is in line with industry best practice and standards.
BNN Bloomberg: Other participating investors include Paul Tudor Jones’s Tudor Group, Neeraj Chandra’s Untitled Investments and 23andme co-founder Anne Wojcicki, Deep Instinct Chief Executive Officer Guy Caspi said in an interview. Existing investors Coatue Management, Millennium and Unbound also took part.
NBC News: China is behind a newly discovered series of hacks against key targets in the U.S. government, private companies and the country’s critical infrastructure, cybersecurity firm Mandiant said.
Investment Executive: An Ontario court has approved proposed class action settlements with Bank of Montreal (BMO) and CIBC over cybersecurity breaches involving thousands of clients.
Yahoo Finance: The Justice Department is taking new aim at ransomware after a year that officials say was the most costly on record for the crippling cyberattacks.
Private Equity Wire: In Q1 2021 USD3.7 billion was invested by VCs globally, an increase of +35 per cent. That looks set to shatter 2020’s record USD8.3 billion (+22 per cent).
Bleeping Computer: The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event.
Security Magazine: Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails.
The target: The Kentucky office of Unemployment Insurance.
The take: Unauthorized access to claimant accounts which had the ability to alter the destination bank accounts of the benefit payments, forwarding the funds to fraudsters.
The attack vector: Attackers leveraged the lack of robust password hygiene and modern credential management in Unemployment Office’s IT systems. It was reported that some 4000 users had created passwords such as “1-2-3-4” and 1500 used the phrase “2020”, both easily exploited with moderate computing power and password cracking applications.
Enforcing strong password management across all platforms is critical to protecting customer data. Industry standard practices of password length, complexity, two-factor authentication, and email verification will only be effective if these methods are enforced. Doing so will ensure users, and their data, are protected as much as possible.
ZDNet: Hackers working for the Russian foreign intelligence service are behind the SolarWinds attack, cyber-espionage campaigns targeting COVID-19 research facilities and more, according to the United States and the United Kingdom.
DFS: Superintendent of Financial Services Linda A. Lacewell announced today that National Securities Corporation (“National Securities”) will pay a $3 million penalty to New York State for violations of DFS’s Cybersecurity Regulation that caused the exposure of a substantial amount of sensitive, non-public, personal data belonging to its customers, including thousands of New York consumers.
Funds Europe: French asset managers have been warned that they could be nurturing a false sense of security over their management of cybersecurity risks.
Barron's: Over the past year, lockdowns complicated traditional crime groups’ ability to conduct conspiracies. As a result, many migrated to the dark web, a digital underground where cybercriminals can remain anonymous. This trend popularized a shadow industry of services that allow criminals to continue to partake in activities like extortion and money laundering.
Private Equity Wire: Fund I closed at USD1.3 billion, exceeding its target of USD1 billion and making it one of the largest first-time, technology-focused private equity funds ever raised. Managing Partners of the firm include Greg Clark, Ian Loring, Steve Luczo, Matt MacKenzie and Hugh Thompson.
Yahoo Finance: Chris Inglis, a former NSA deputy director, is being nominated as the government's first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
Reuters: Cybersecurity company KnowBe4 Inc, backed by private-equity firm KKR & Co and funds affiliated with Goldman Sachs, said it was aiming for a valuation of up to $3 billion in its initial public offering in the United States.
The target: Office Depot, a European online seller of office equipment
The take: 974,050 wide-ranging records of sensitive information including: monitoring logs, server IP addresses, secure remote login credentials, and customer’s personally identifiable information such as names, physical addresses, and order history.
The attack vector: A non-password protected, unencrypted Elasticsearch database was left online, allowing anyone to access the information by entering the URL.
Leaving databases exposed to the internet without any credential management impacts its confidentiality, integrity, and availability. Furthermore, collecting and storing sensitive data in plain text without encryption increases the risk to clients. In some cases, the database credentials needed to access the encrypted data is stored on the same server, rendering the encryption ineffective. Proper credential access, along with best encryption practices is essential in keeping data secure.
Cision: Darktrace, a leading autonomous cyber security AI company, today announced that a study conducted by MIT Technology Review finds that 96% of security leaders are now preparing for the emergence of AI-powered cyber-attacks, with many embracing AI defenses.
ZDNet: Phishing attacks remain a huge problem and crooks are spending a lot of time and effort to ensure that, for the potential victim, clicking on a bad link is the most intuitive and easiest thing to do.
Reuters: Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said.
Compliance Week: The report, “Trends in Cybersecurity Breach Disclosures,” was released and analyzes public company disclosures of cyber-breaches since 2011. According to the report, the 117 breaches that were disclosed in 2020 represents a 19 percent drop from 2019 (144). Still, it is the third highest figure in a single year, behind 2019 and 2018 (130). The number had gone up each year since a dip to 50 in 2015.
BNN Bloomberg: A spokesperson for the commission said that a number of EU bodies “experienced an IT security incident in their IT infrastructure.” The spokesperson said forensic analysis of the incident is still in its initial phase and that it’s too early to provide any conclusive information about the nature of the attack.
Dark Reading: Phishing attacks are targeting out-of-work users on LinkedIn, creating lures using job titles scraped from the targeted workers' profiles in an attempt to convince them to open and execute different malicious files or links, according to a new analysis from cybersecurity firm eSentire.
The target: Ubiquiti, a major vendor of cloud-enabled networking devices.
The take: Source code, customer data, and cryptographic secrets which would enable remote access to both professional and consumer-grade customer devices.
The attack vector: The attackers gained control of administrative credentials stored on an IT employee’s LastPass account. With these in hand, the threat actors gained high-level access to Ubiquiti Amazon Web Services accounts, including database storage servers, application logs, and user credentials. Multiple backdoor accounts were reportedly created. A whistleblower alleged that due to an absence of database access logging, Ubiquiti were unable to confirm which records had been accessed, by whom, and when.
While use of password vaults and privileged account management tools are absolutely a best practice, these tools can only be as secure as the authentication measures enforced upon them. Complex, unique passwords in addition to two-factor authentication should be in place wherever possible to protect privileged credentials and management consoles.
Additionally – comprehensive logging practices are critical to the reconstruction of events when investigating a breach, and the absence thereof can severely limit a firm’s the ability to determine the full scope of the attack.
Financial Standard: The asset manager said scammers are buying advertisements on search engines for terms relating to "bond or high yield investments". When a person clicks on the ad link, they are taken to a fake investment comparison website with a name like "Investment Compare".
Dark Reading: Firmware attacks targeting enterprises are up over the past two years. However, most victims are too preoccupied with patches and upgrades to invest resources into preventing them.
Financial Post: Department of Homeland Security (DHS) Secretary Alejandro Mayorkas said on Wednesday that dealing with ransomware will be a top priority, highlighting the growing threat of the data-scrambling software.
Institutional Asset Manager: The survey showed that just over a third of those responding to the survey have suffered a breach in the last twelve months, with almost half of such breaches reported to the Information Commissioners Office.