learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: ICRC

      The Target: International Committee of the Red Cross

      The Take: Exposure of 515,000 records of personal data and backdoor access to the firm’s IT systems.

      The Vector: The threat actors used a known software vulnerability in a third-party platform named Zoho that ICRC was employing to execute their malicious code remotely. As Zoho had not patched the vulnerability, the attackers took advantage and penetrated the system, letting them pivot to ICRC’s data. 

      This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-part systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

      Read more...

      Cybersecurity Stocks Are a Bright Spot as Russia-Ukraine Conflict Prompts Cyberattack Fears

      2022-02-24

      CNBC: The conflict has prompted concerns of cyberattacks, especially against critical infrastructure companies. Since last week, Ukraine has already experienced two such attacks that affected government websites. The U.S. attributed the first attack to Russia, which the country denied, and said the second one was consistent with what it would expect from Russia.

      Read more...

      US Braces for Russian Cyberattacks as Ukraine Conflict Escalates. Here's How That Might Play Out

      2022-02-24

      CNN Business: The standoff between the United States and Russia over the conflict in Ukraine has so far mainly played out on diplomatic and economic fronts.

      Read more...

      Cyble Raises $10 Million to Help Companies Identify Dark Web Data Leaks

      2022-02-24

      Help net Security: Cyble announced that it has raised a US $10M Series A financing round led by Blackbird, with continued participation from Spider Capital, January Capital, Cendana Capital, and VentureSouq.

      Read more...

      Astrix Security Emerges from Stealth with $15M Seed Round

      2022-02-23

      Dark Reading: Astrix Security, the first app-integration access management solution, launched from stealth today to modernize how enterprises monitor and control their ever-expanding web of interconnected third-party applications. 

      Read more...

      Hidden Costs of a Data Breach

      2022-02-22

      Dark Reading: If you knew that putting a lock on your front door would lessen the likelihood of your valuables being stolen, would you install a deadbolt? The logical and simple answer would be: yes.

      Read more...

      Global Cybersecurity Leader eSentire Raises US$325M and Achieves Unicorn Status

      2022-02-22

      Financial Post: eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced it has achieved a valuation greater than US$1 billion, as it raised US$325 million in funding through a binding agreement with Georgian and Caisse de dépot et placement du Québec (CDPQ).

      Read more...

      Credit Suisse Faces Fresh Scrutiny Over Culture After Client Data Leaks

      2022-02-22

      CNBC: Credit Suisse is facing fresh scrutiny from Swiss regulators and the European Parliament after leaked data purported to show the bank had served human rights abusers, corrupt politicians and businessmen under sanctions for decades.

      Read more...

      Know Your Breach: Internet Society

      The Target: The Internet Society or ISOC, a non-profit organization whose mission is to keep the internet open source and secure.

      The Take: Exposure of Personally Identifiable Information of 80,000 records including: full names, email addresses, physical mailing addresses, and login information.

      The Vector: A third-party vendor misconfigured a database server, leaving it open and accessible by anyone with an internet connection.

      It is important to employ all-encompassing credential management, user authentication and validation, as much possible, on third-party vendors which have access to a firm’s data. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.

      Read more...

      Record Levels of Investment for UK's £10.1 Billion Cyber Security Sector

      2022-02-17

      Business Telegraph: Britain’s tech sector continues to break records as new government data shows more than 1,800 cyber security firms generated a total of £10.1 billion in revenue in the most recent financial year, a 14 per cent increase from the previous financial year.

      Read more...

      Justice Department Announces First Director of National Cryptocurrency Enforcement Team

      2022-02-17

      The United States Department of Justice: The Justice Department today announced the selection and appointment of Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET).

      Read more...

      Hackers to Face 25 Years in Jail for Cyber Attacks on Australia's National Infrastructure

      2022-02-17

      IT Pro: Hackers could face up to 25 years in jail if found guilty of cyber offences against Australia’s critical infrastructure, under proposed changes introduced by the government.

      Read more...

      The Worldwide Cybersecurity Industry is Expected to Reach $346 Billion by 2028

      2022-02-16

      Yahoo Finance: The global Cybersecurity market was valued at USD 149.7 Billion in 2020 and is projected to reach USD 346.0 Billion by the year 2027. The market is expected to register a CAGR of 13.4% during the forecast period.

      Read more...

      Cyber Security Company Securonix Raises $1 Bln in Vista-led Round

      2022-02-15

      Financial Post: Cloud-based security solutions provider Securonix has raised more than $1 billion in a private fundraising round led by private equity firm Vista Equity Partners, the company said.

      Read more...

      Hackers Snagged $36 Million in Crypto in Breach of IRA Financial

      2022-02-15

      Wealth Management: A hack at IRA Financial Trust, which offers self-directed retirement accounts, resulted in the theft of $36 million in cryptocurrency, according to a person familiar with the investigation. 

      Read more...

      Cybersecurity M&A Volume Reaches $77.5 Billion in 2021

      2022-02-14

      ZDNet: In a report on 2021, the firm said 83 cybersecurity company capital raises surpassed $100 million. There were fourteen $1 billion mergers and acquisitions, including deals involving McAfee, Augh0, Mimecast, Thycotic, Proofpoint, and Avast. 

      Read more...

      Know Your Breach: Wormhole

      The Target: Wormhole, a cryptocurrency online trading platform.

      The Take: $322 million ETH currency.

      The Vector: A website vulnerability allowed the attacker to fool the exchange software to release far greater number of the ETH currency than was specified through a temporary token. By altering the conversion, the hacker was able to withdraw far more than the number the entered.

      This breach highlights the importance of locking input forms in a firm’s website, be it a name field, email field, or account field, anywhere the user is sending information to the database is a prime target for threat actors. Regular testing for software vulnerabilities is a key component of upholding robust cybersecurity posture.

      Read more...

      Hackers Nabbed $1.3 Billion in Ransom Over 2 Years, a New Report Says

      2022-02-10

      BNN Bloomberg: Criminals netted $1.3 billion in ransom payments from hacking victims in the past two years, reflecting a massive surge in cybercrime that has prompted a global effort to stop it, according to a new report from Chainalysis Inc. 

      Read more...

      Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021

      2022-02-10

      Security Week: Over the past several years, ransomware has become the most prevalent threat to organizations in private and public sectors alike, including financial services, food and agriculture, government, healthcare, and other critical infrastructure industries.

      Read more...

      SEC Proposes Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds

      2022-02-09

      SEC: The Securities and Exchange Commission today voted to propose rules related to cybersecurity risk management for registered investment advisers, and registered investment companies and business development companies (funds), as well as amendments to certain rules that govern investment adviser and fund disclosures.

      Read more...

      European, U.S. Regulators Tell Banks to Prepare for Russian Cyberattack Threat

      2022-02-08

      U.S. News: The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict.

      Read more...

      US Seizes $3.6 Billion Stolen in 2016 Bitfinex Cryptoexchange Hack

      2022-02-08

      Bleeping Computer: The US Department of Justice announced that law enforcement seized billions worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack.

      Read more...

      UK Foreign Ministry Suffered Serious Cyber Attack Earlier This Year - Documents

      2022-02-08

      U.S. News: Britain's foreign ministry was the target of a serious cyber security incident earlier this year, according to tender documents posted on the government's website.

      Read more...

      UN Experts: North Korea Stealing Millions in Cyber Attacks

      2022-02-06

      U.S. News: North Korea is continuing to steal hundreds of millions of dollars from financial institutions and cryptocurrency firms and exchanges, illicit money that is an important source of funding for its nuclear and missile programs, U.N. experts said in a report quoting cyber specialists.

      Read more...

      Know Your Breach: Civicom

      The Target: A New York based tech company that provides audio, web conferencing, and market research services.

      The Take: Exposure of up to 100,000 records of Personally Identifiable Information including: thousands of hours of audio and video meetings, written transcripts between the firm and their clients, employee’s full names and photos.

      The Vector: An unsecured Amazon S3 storage server was left open with no credential management, meaning anyone with an internet connection could access the device and retrieve the data. 

      This breach highlights the critical nature of employing robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data security. The detailed personal information contained in the audio and video files expose users to highly targeted phishing attacks and fraud.

      Read more...

      Homeland Security Establishes the Cyber Safety Review Board to Learn the Mistakes from Past Cyber Incidents

      2022-02-03

      Tech Crunch: The U.S. Department of Homeland Security has assembled a review board that will be tasked with investigating major national cybersecurity incidents in an effort to “meaningfully improve” the nation’s cyber resilience.

      Read more...

      White House Cybersecurity Official in Europe Warning of Russian Hacks

      2022-02-02

      U.S. News: Russia could use cyberattacks as part of its efforts to destabilise and further invade Ukraine, a White House cyber official visiting her European counterparts said.

      Read more...

      More Than $320 Million Stolen in Latest Apparent Crypto Hack

      2022-02-02

      CNBC: One of the most popular bridges linking the ethereum and solana blockchains lost more than $320 million Wednesday afternoon in an apparent hack.

      Read more...

      KKR Explores Sale or IPO of Cybersecurity Consultant Optiv

      2022-02-01

      Financial Post: Buyout firm KKR & Co Inc is exploring a sale or an initial public offering for Optiv Security Inc, a U.S. cybersecurity solutions distributor and consultant it controls at a valuation of more than $3 billion, including debt, according to people familiar with the matter.

      Read more...

      Hackers Move $3.55B Worth of Bitcoin from 2016 Bitfinex Hack

      2022-02-01

      Coin Desk: "So far this morning, 94,643.29 bitcoins ($3.55 billion) have been moved in 23 transactions, from a wallet associated with a theft from Bitfinex in 2016, to a new address," blockchain analytics firm Elliptic said. These originate from a theft suffered by Bitfinex in 2016, the firm added.

      Read more...

      SEC Chair Gensler Warns of a New Era of Cyber-Securities Laws

      2022-01-31

      Akin Gump: Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022, at the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute.

      Read more...

      What the Cybersecurity World Can Learn from Pandemic Response

      2022-01-31

      Tech Radar: COVID-19 has presented a visceral, public, and clear lesson in risk management and response. This got me thinking about how our responses to the pandemic can inform our responses to cyber risk. What can we learn from our successes and mistakes to reduce the likelihood of a breach?

      Read more...