learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: Doctors Me

      The Target: Doctors Me, a private self-assessment health service company located in Japan.

      The Take: Exposure of 300,000 records of nearly 12,000 customers. The exposed information was a collection of symptom photos, in many cases, exposing the customer’s faces.

      The Vector: A misconfigured Amazon S3 storage server was left open online, meaning anyone with internet access could have viewed and downloaded the data. 

      While the photos were uploaded anonymously, attackers can cross reference these pictures with other social media sties and craft extremely effective spear-phishing campaigns, as well engage in fraud and blackmail. This breach is another critical reminder of the importance of airtight credential management at all points of access for firms. Ensuring two-factor and comprehensive user authentication is paramount for a robust cybersecurity posture.

      Read more...

      Biden’s Russia Cyber Warning Befuddles Ill-Prepared Businesses

      2022-03-24

      Yahoo Finance: A day after U.S. President Joe Biden issued a stark warning that a Russian cyberattack “is coming,” members of his administration hosted a three-hour call with about 13,000 people representing businesses, public agencies and other organizations to discuss the potential threat.

      Read more...

      London Cops Nab Seven Teens in Connection with Lapsus$ Hacks

      2022-03-24

      PYMNTS: Seven teenagers were arrested by London police on Thursday (March 24) in connection with the recent hacking spree by the Lapsus$ cyber-crime gang that infiltrated Microsoft and Okta this week and recently, Samsung, Ubisoft and Nvidia. 

      Read more...

      One in Five Businesses Have Paid or Would Pay a Ransom for Their Data, Finds Thales

      2022-03-23

      Business Wire: New research from Thales has found that malware, ransomware and phishing continues to plague global organisations. In fact, one in five (21%) have experienced a ransomware attack in the last year; with 43% of those experiencing a significant impact on operations.

      Read more...

      Financial Sector and Cloud Security Providers Complete Initiative to Enhance Cybersecurity

      2022-03-23

      Business Wire: The Cyber Risk Institute (CRI), the Cloud Security Alliance (CSA), and the Bank Policy Institute-BITS announced today the release of a cloud extension for the CRI Profile version 1.2. The “Cloud Profile” represents the collaboration of over 50 financial institutions and major cloud service providers (CSPs) to extend the CRI Profile, which is a widely accepted cybersecurity compliance framework for the financial sector.

      Read more... 

      How to Reassure Clients About Cybersecurity

      2022-03-22

      Investment Executive: According to Edelman’s 2021 Trust Barometer, two thirds of Canadians said they were worried about cyberattacks — more than those who were worried about contracting Covid-19. With the Canadian government now warning businesses about Russian cyberattacks, those concerns can only increase.

      Read more...

      EU proposes Cybersecurity Rules for EU Bodies Amid Cyberattack Worries

      2022-03-22

      Yahoo News: EU countries should put in place a framework to manage cybersecurity risks at EU institutions, the European Commission said on Tuesday, amid concerns about rising cyberattacks that could disrupt key activities and steal sensitive information.

      Read more...

      Know Your Breach: Melijoe

      The Target: Melijoe.com a high-end e-commerce fashion retailer of luxury children’s clothing.

      The Take: Exposure of 2 million records totalling 200GB of Personally Identifiable Information including: email addresses, names, gender, dates of birth, marketing and preferences data. 

      The Vector: A misconfigured Amazon S3 storage bucket was left open and unsecured, meaning anyone with an internet connection could have accessed and viewed the data.

      This breach highlights the critical importance of employing robust practices of credential management, user authentication and validation. An unprotected point of entry on a key piece of equipment like a storage server can lead to a breach with a cascading effect on data security. The detailed personal information contained exposes users to targeted phishing attacks and fraud.

      Read more...

      Founder Of Cyberfraud Prevention Company Pleads Guilty To Defrauding Investors Of Over $100 Million

      2022-03-16

      United States Department of Justice: Damian Williams, the United States Attorney for the Southern District of New York, announced that ADAM ROGAS, the co-founder and former CEO, CFO, and member of the board of directors of Las Vegas-based cyberfraud prevention company NS8, Inc. (“NS8”), pled guilty in Manhattan federal court to securities fraud. 

      Read more...

      What the Newly Signed US Cyber-Incident Law Means for Security

      2022-03-16

      Dark Reading: When President Biden signed the omnibus spending bill Tuesday, he also put the bipartisan Cyber Incident Reporting Act into effect, which requires critical infrastructure companies in the 16 industry sectors identified by the federal government to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they are experiencing a cyberattack and within 24 hours of making a ransomware payment.

      Read more...

      US Has 'Significant' Cyber Vulnerabilities, But a Sweeping Russian Cyberattack is Unlikely

      2022-03-16

      CNN: In the winter of 2015, computer hackers working for the Russian government attacked Ukraine's power grid and switched off the lights and heat to more than 200,000 consumers.

      Read more...

      CMA: NortonLifeLock's Avast Takeover Could Lead to Worse Deal for UK Customers

      2022-03-16

      Yahoo Finance: The Competition and Markets Authority (CMA) has said that NortonLifeLock’s (NLOK) £6bn ($7.8bn) takeover of cybersecurity rival Avast (AVST.L) raises competition concerns and could lead to a worse deal for UK customers.

      Read more...

      German Government Advises Against Using Kaspersky Antivirus

      2022-03-15

      Bleeping Computer: Germany's Federal Office for Information Security, BSI, is warning companies against using Kaspersky antivirus products due to threats made by Russia against the EU, NATO, and Germany.

      Read more...

      Australia's Big Four Banks Tackling Cybersecurity with a Team Sport Mentality

      2022-03-15

      ZDNet: The chief security officers of Australia's big four banks have likened combating cybersecurity attacks to playing a team sport.

      Read more...

      How Data Governance Can Minimise Cybersecurity Risks for Private Equity Firms

      2022-03

      Global Banking and Finance Review: From early 2020 until April 2021, financial sector cyber attacks increased an estimated 238%, and the costs of data breaches have also soared, with the average total cost of a data breach now estimated to be $4.2 million, according to IBM.

      Read more...

      Know Your Breach: Adafruit

      The Target: Adafruit Industries is an open-source hardware company who designs, manufactures, and sells electronic products, components tools and accessories.

      The Take: Exposure of Personally Identifiable Information including: names, email addresses, shipping/billing addresses, order details, and PayPal payment status.

      The Vector: The information was exposed through a publicly accessible GitHub repository belonging to an ex-employee, meaning anyone with an internet connection could access and view the data.

      This breach highlights the importantance of data management and confidentiality. Knowing where and how an employee stores company data, and if it’s secure or not, are key principles of maintaining a robust cybersecurity posture. Firms should consider every method to catalogue and track where their data lives to ensure access is tightly controlled, a practice paramount to a secure data environment.

      Read more...

      Financial Firms Brace for More Cyber Threats After Trying 2021

      2022-03-10

      Yahoo Finance: After an unrelenting year of fighting off cyber threats, the financial services sector should expect more of the same or even worse, as nation-state hacking campaigns are expected to mirror geopolitical tensions and ransomware gangs retool to dodge increased scrutiny, according to an industry group report.

      Read more...

      BNP Paribas Bars Russia-Based Staff From Computer Systems as Cyber Attack Fears Grow

      2022-03-09

      U.S. News: France's largest bank BNP Paribas has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters.

      Read more...

      Statement on Proposal for Mandatory Cybersecurity Disclosures

      2022-03-09

      SEC: The Commission is considering a proposal to mandate cybersecurity disclosures by public companies. I am pleased to support this proposal because, if adopted, it would strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.

      Read more...

      Axonius Closes $200 Million Series E at $2.6 Billion Valuation

      2022-03-08

      Business Wire: Axonius, the leader in cybersecurity asset management and SaaS management, today announced that it closed $200 million in Series E funding, led by Accel, with participation from new investors Silver Lake Waterman, Alta Park Capital, and Owl Rock, a division of Blue Owl, and existing investors Bessemer Venture Partners, Lightspeed Venture Partners, Alkeon, Stripes, ICONIQ, and DTCP. This investment follows a 2021 round of $100 million, increasing total funding to $395 million, with a valuation of $2.6 billion.

      Read more...

      Cybersecurity Firm Says Chinese Hackers Breached Six US State Agencies

      2022-03-08

      CNN: A Chinese government-backed hacking group has breached local government agencies in at least six US states in the last 10 months as part of a persistent information-gathering operation, investigators at cybersecurity firm Mandiant said.

      Read more...

      Google to acquire cybersecurity firm Mandiant for $5.4 billion

      2022-03-08

      CNBC: Google announced that it plans to buy cybersecurity firm Mandiant for around $5.4 billion as part of an effort to better protect its cloud customers.

      Read more...

      Goldman Analyst Warns Cyberwarfare Could Inflict Economic Costs

      2022-03-07

      BNN Bloomberg: A Goldman Sachs Group Inc. analyst warned an escalation of Russia’s conflict with Ukraine could spark “malicious cyber activity” with the potential to inflict significant economic and social costs.

      Read more...

      Know Your Breach: Mon Health

      The Target: Mon Health, a healthcare services provider.

      The Take: Exposure of Personally Identifiable Information including: names, addresses, birth dates, social security numbers, medical record numbers, treatment data, and insurance claim numbers.

      The Vector:  The firm suffered a BEC (business email compromise), in which the attacker impersonated a high-level member of the company to request payment, or in this case, get access to sensitive data.

      This breach highlights the importance of regular IT threat awareness training to employ a measured approach to all requests for access or payment, no matter what the source. BEC attacks exploit employee’s willingness to get things done fast, and by using a robust cyber security posture, these attacks can be greatly mitigated.

      Read more...

      U.S. Treasury Warns Crypto Firms on Russia Cybersecurity Threat

      2022-03-03

      U.S. News: The U.S. Treasury Department has reached out to cryptocurrency companies about their cybersecurity controls amid concerns that Russia could wage retaliatory cyber attacks in response to Western sanctions, according to a person familiar with the situation.

      Read more...

      Ukraine Invasion: Russia is a Cyber Power - Does That Mean a Cyber War is Coming?

      2022-03-03

      Sky News: Now we have a war, started by what is widely recognised as one of the most advanced cyber powers in the world, yet so far cyber has played little part in the fighting.

      Read more...

      Cybersecurity is Top TMT M&A Investment Opportunity and Challenge for UK CEOs and Dealmakers, Says Datasite Survey

      2022-03-01

      Private Equity Wire: Cybersecurity is expected to be the biggest challenge and opportunity facing technology, media and telecommunication (TMT) mergers and acquisitions professionals (M&A) in 2022, according to new research by Datasite.

      Read more...

      US Warns of Potential Russian Cyberattacks on Wealth Managers

      2022-03-01

      Investment News: U.S. officials have already blamed Russia for at least two rounds of attacks on Ukrainian websites in February — the largest in the country’s history — and have alerted American financial institutions to be on the lookout for increased cyber activity.

      Read more...

      Tougher Telecoms Security Rules to Defend UK from Cyber Attacks

      2022-03-01

      Gov.UK: The Telecommunications (Security) Act became law in November last year and puts much stronger legal duties on public telecoms providers to defend their networks from cyber threats which could cause network failure or the theft of sensitive data.

      Read more...

      Investcorp Acquires Italian Cybersecurity Company HWG

      2022-03-01

      Private Equity Wire: HWG co-founder and CEO, Enrico Orlandi, and the other co-founders, Claudia Rangogni, Andrea Boni and Andrea Pomari, will continue to lead the company, having retained their ownership in HWG alongside Investcorp.

      Read more...

      Investor Group Led by Advent International and Permira Completes Acquisition of McAfee

      2022-03-01

      Business Wire: McAfee Corp., a global leader in online protection, today announced the completion of its acquisition by an investor group led by Advent International Corporation (“Advent”) and funds advised by Permira, Crosspoint Capital Partners L.P. (“Crosspoint”), Canada Pension Plan Investment Board (“CPP Investments”), GIC Private Limited (“GIC”), and a wholly-owned subsidiary of the Abu Dhabi Investment Authority (“ADIA”) (collectively, “the Investor Group”).

      Read more...