learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Crypto.com

      The Target: Crypto.com, a Singapore based cryptocurrency exchange app.

      The Take: Theft of $31 million USD from customer’s online wallets.

      The Vector: Through a credential stuffing attack, where previously exposed passwords are reused by users across multiple platforms, the threat actors executed unauthorized withdrawals from user accounts.

      This breach highlights the high-risk practice of poor password hygiene like reused passwords, and more importantly, the critical nature of proper credential management through multi-factor authentication. Employing multi-factor authentication is a key part of maintaining a robust cybersecurity posture and ensuring company and customer data Is only accessed by authorized parties.

      Read more...

      65% of Organizations Continue to Rely on Shared Logins

      2022-01-27

      Help Net Security: As organizations look to embrace modern approaches to security in 2022, a strongDM survey has revealed that access management is one of the most crucial factors to achieving this goal.

      Read more...

      Cybercriminals Laundered $8.6bn Worth of Crypto in 2021

      2022-01-26

      Yahoo News: Cybercriminals laundered $8.6bn (£6.4bn) worth of cryptocurrency last year, a 30% increase compared to the previous year, new data has shown.

      Read more...

      SEC Proposes Amendments to Include Significant Treasury Markets Platforms Within Regulation ATS

      2022-01-26

      SEC: The Securities and Exchange Commission today proposed rules to better protect investors and enhance cybersecurity by bringing more Alternative Trading Systems (ATS) that trade Treasuries and other government securities under the regulatory umbrella.

      Read more...

      White House Attempts to Strengthen Federal Cybersecurity After Major Hacks

      2022-01-26

      CNN: The White House plans to release an ambitious strategy Wednesday to make federal agencies tighten their cybersecurity controls after a series of high-profile hacks against government and private infrastructure in the last two years, according to a copy shared with CNN.

      Read more...

      'We're Losing Control of Our Data' As Breaches Reach an All-time High

      2022-01-25

      ZDNet: According to the 2021 Annual Data Breach Report published by the Identity Theft Resource Center (ITRC) on Monday, the overall number of data compromises (1,862) is up more than 68% compared to 2020  (1,108). Out of the 1,862 compromises, 1,600 of those were cyberattacks.

      Read more...

      Canada's Foreign Affairs Ministry Hacked, Some Services Down

      2022-01-25

      Bleeping Computer: The Canadian government department for foreign and consular relations, Global Affairs Canada was hit by a cyberattack last week. While critical services remain accessible, some online services remain unavailable, as government systems continue to recover from the attack.

      Read more...

      U.S. SEC Chair Gensler Maps Out Potential Overhaul to Agency's Cyber Rules

      2022-01-24

      O Canada: The U.S. securities regulator is considering extending cyber risk management rules to third-party service providers, and beefing up public company disclosures when they experience a breach, the head of the Securities and Exchange Commission (SEC) said.

      Read more...

      Know Your Breach: Transcredit

      The Target: Transcredit, a Florida based credit reporting company.

      The Take: Exposure of 822, 789 records of Personally Identifiable Information including: first and last names, emails, bank information, notes of payment history, internal User ID’s and passwords, full data schema detailing where and how data stored.

      The Vector: An unsecured, non-password protected database was found open and accessible by anyone with an internet connection.

      It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, the access credentials which were exposed could lead to pivot attacks by breaching other IT systems belonging to the firm.

      Read more...

      Among the Most Mature for Cybersecurity, the Financial System Still Has A Long Way to Go

      2022-01-20

      Finextra: Based on data from eight years of working to assess cyber risk at hundreds of companies across many sectors in dozens of countries, it is clear that the financial sector is one of the best prepared for an attack, reflecting years of improvements and investment. But, although it only lagged behind the industrial, cyber and manufacturing sectors, the financial sector still has a lot of work to do, we found in our soon-to-published research.

      Read more...

      Crypto.com Shares Details on Security Breach: 483 Accounts Compromised

      2022-01-20

      Coin Telegraph: The Crypto.com security breach saga gets clarity with an official statement from the Singapore-based crypto exchange following a halt on withdrawals after detecting “suspicious activities” in user accounts.

      Read more...

      Indonesia's Central Bank Confirms Ransomware Attack, Conti Leaks Data

      2022-01-20

      Bleeping Computer: Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank's operations are not disrupted after the incident.

      Read more...

      Australia, UK to Jointly Target State-based Actors and Ransomware Groups

      2022-01-20

      IT News: Australia and the United Kingdom have signed a pact to crack down on state-based actors, ransomware groups and other "malign actors" that use cyber attacks to "undermine freedom and democracy".

      Read more...

      McAfee Enterprise and FireEye Are Now Called Trellix

      2022-01-18

      ZDNet: During 2021, Symphony Technology Group (STG) picked up McAfee Enterprise for $4 billion in March, and followed it up in June with a $1.2 billion purchase of FireEye. With the merger of the two cybersecurity firms completed in October, the companies have been given a new name.

      Read more...

      Ongoing Demand for Cybersecurity Will Boost Megatrend in 2022

      2022-01-18

      Funds Europe: The cybersecurity megatrend is set to continue in 2022 as demand for cybersecurity solutions remain “relatively constant” after some “major hacks” in 2021, according to Christopher Gannatti, global head of research at WisdomTree.

      Read more...

      FBI, US Agencies Look Beyond Indictments in Cybercrime Fight

      2022-01-18

      U.S. News: The FBI and other federal agencies are increasingly looking to counter cyber threats through tools other than criminal indictments, the head of the bureau's cyber division said in an interview with The Associated Press.

      Read more....

      Know Your Breach: FCI

      The Target: Fertility Center of Illinois

      The Take: Exposure of Personally Identifiable Information including: full names, social security numbers, financial information, medical data, and health insurance policy numbers, employee numbers, and passport numbers.

      The Vector: The threat actors were able to access a third-party server where FCI’s data was stored, and as the firm did not employ proper authentication tools, the attackers were able to freely view and download the sensitive information. 

      This breach highlights the critical nature of employing robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. Furthermore, firms must be aware of where their data is stored, be that on their own sites or a third-party, and take steps to ensure it is secure.

      Read more...

      The Impact of Cybersecurity Regulations on the Financial Services Industry in 2022

      2022-01-13

      JDSUPRA: Following the SolarWinds and the Colonial Pipeline cyberattacks, the Biden Administration emphasized a shift toward mandatory cybersecurity requirements.

      Read more...

      Apple, Amazon Executives to Meet with White House to Discuss Software Security

      2022-01-13

      The Hill: Executives from Apple, Amazon and other top tech firms are meeting at the White House to discuss software security with the administration after major cyberattacks last year. 

      Read more...

      Ransomware, Supply Chain, and Deepfakes: The Top Threats the Finance Industry Needs to Prepare for

      2022-01-12

      Help Net Security: The finance industry is constantly targeted by numerous threat actors, and they are always innovating and trying new techniques (such as deepfakes) to outsmart security teams and breach an organization’s network.

      Read more...

      FCC Proposes Stricter Requirements for Reporting Data Breaches

      2022-01-12

      Tech Crunch: The Federal Communications Commission is the next US regulator hoping to hold companies more accountable for data breaches. Chairwoman Jessica Rosenworcel has shared a rulemaking proposal that would introduce stricter requirements for data breach reporting.

      Read more...

      Last Year Was a Record Year for Attacks, and Log4j Made It Worse

      2022-01-11

      ZDNet: Cybersecurity firm Check Point Research has released new data from 2021 showing that among their customers, there was a significant increase in overall cyberattacks per week on corporate networks compared to 2020.

      Read more...

      Israeli Security Startup Pentera Raises $150 Mln in Funding Round, Eyes IPO

      2022-01-11

      Financial Post: Israeli cybersecurity firm Pentera has raised $150 million in its latest funding round, taking the company’s value to $1 billion, the company told Reuters, adding it was eyeing an initial public offering in the United States.

      Read more...

      Cyber Risks Add to Climate Threat, World Economic Forum Warns

      2022-01-11

      NPR: Cybersecurity and space are emerging risks to the global economy, adding to existing challenges posed by climate change and the coronavirus pandemic, the World Economic Forum said in a report.

      Read more...

      Know Your Breach: US Cellular

      The Target: United States Cellular Corporation, a wireless carrier. 

      The Take: Personally Identifiable information including: names, addresses, PIN codes, phone numbers, information on wireless usage and billing statements.

      The Vector: The threat actors contacted employees of U.S Cellular and tricked them into downloading and installing malicious software and as the employees were logged on with legitimate credentials, the dangerous software was able to be installed. This malware let the attackers further access customer accounts remotely to port the victim’s phone numbers to a different carrier.

      This breach highlights the ongoing and ever-present threat that social engineering poses to firms. Regular training and policy review can help firms ensure their employees are employing a slow and measured approach whenever access, or installation of software, is made – especially when the request is initiated from outside the firm.

      Read more...

      Crypto Scammers Took A Record $14 Billion In 2021

      2022-01-06

      CNBC: Scammers took home a record $14 billion in cryptocurrency in 2021, thanks in large part to the rise of decentralized finance (DeFi) platforms, according to new data from blockchain analytics firm Chainalysis.

      Read more...

      Cybersecurity Training Isn't Working. And Hacking Attacks Are Only Getting Worse

      2022-01-06

      ZDNet: The threat of cyberattacks is growing and much more needs to be done to educate businesses and users about risks in order to prevent widespread damage and disruption as a result of cyber incidents.  

      Read more...

      Livingbridge Invests In Cyber Security Services Provider Quorum Cyber

      2022-01-05

      Private Equity Wire: Livingbridge’s investment includes growth capital to enable Quorum Cyber to capitalise on strong macro tailwinds in the cyber security sector and execute its ambitious growth plans through increased investment in its solutions as well as sales and marketing functions.

      Read more...

      NY AG Notifies 17 Companies of Breaches, Says 1.1 Million Accounts Compromised In Attacks

      2022-01-05

      ZDNet: Seventeen companies have been informed of cyberattacks that compromised user information by New York Attorney General Letitia James following an investigation into credential stuffing. More than 1 million customer accounts were compromised due to the attacks, which James said were previously undetected. 

      Read more...

      China exempts Hong Kong listings from finalised cybersecurity review rules for offshore IPOs, analysts say

      2022-01-04

      South China Morning Post: China’s regulators will exempt Hong Kong from the rigid cybersecurity review process for all initial public offerings (IPOs) in foreign markets by companies with the personal data of at least 1 million customers, according to analysts’ reading of the finalised regulations published.

      Read more...

      Morgan Stanley Files $60 Million Proposed Settlement of Data Breach Claims

      2022-01-03

      Insurance Journal: Morgan Stanley has filed for court approval of a $60 million settlement of a class action stemming from two data breaches in July 2020 that the complaint alleges compromised the information of 15 million of the investment bank’s customers.

      Read more...

      Bridging the “Front and Back of the House”: A lesson in risk management

      2022-01-06

      Help Net Security: Between cloud proliferation, new tech infrastructure and tools and an increasingly distributed workforce, organizations are struggling to implement proper risk management practices

      Read more...