learn more
<https://castlehalldiligence.com>
shutterstock_490960141-1

Industry News: ESG5

Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft

2020-07-29

Coindesk: In a note to clients, CEO Pascal Gauthier said the French hardware wallet provider fell victim to a large-scale data breach from an unauthorized third party. The hacker, whose identity remains unknown, gained access to Ledger's e-commerce and marketing database.

Read more...

Kaspersky Finds Lazarus is Now Operating its Own Ransomware

2020-07-28

Kaspersky: Incident analysis by Kaspersky of two cases in Europe and Asia has uncovered that VHD ransomware – first discussed in public in spring 2020 – is owned and operated by Lazarus, a prominent APT group. The move by Lazarus to create and distribute ransomware signifies a change of strategy and indicates a willingness to engage in big game hunting in pursuit of financial gain, which is highly unusual among state-sponsored APT groups.

Read more...

Senior Tory Says Chinese Hackers Ran Email Impersonation Campaign to Discredit Him After Criticism of Beijing

2020-07-28

PoliticsHome: Tom Tugendhat, chair of the foreign affairs select committee, said professional contacts received bizarre fake press releases, while friends and family were sent untrue claims about his private life.

Read more...

Garmin Hack’s $10M Ransom Payment, $10M Tax Deduction

2020-07-27

Forbes: Yet again, there has been a major cyber attack, this time of Garmin, the navigation company. It was hit by a ransomware attack on Thursday, leaving customers to wonder whether Garmin will pay $10 Million in ransom. In the case of some hacks, people and companies pay, since the cost of being frozen out can just be too big.

Read more...

Tony Blair Calls on Government to Investigate Moscow’s Alleged Interference in Brexit

2020-07-26

Independent: Releasing a 50-page document earlier this week, the Intelligence and Security Committee (ISC) warned that Moscow’s influence in the UK was the “new normal” and accused successive governments of not wanting to address the issue surrounding the 2016 vote with a “10-foot pole”.

Read more...

Know Your Breach: Benefit Recovery Specialists Inc.

The target: Benefit Recovery Specialists Inc, a Houston-based billing and debt collection vendor.

The take: 275,000 records of Personally Identifiable Information such as: name, date of birth, date of service, provider name, policy identification number, procedure code, and/or diagnosis code. For a small number of the records, Social Security numbers were also leaked.

The attack vector: The attackers accessed BRSI’s systems with stolen employee credentials, and used their access to deploy malware internally. While not confirmed by BRSI, experts believe the description of the attack match those of a successful phishing campaign. BRSI’s IT systems hosted the malware for 10 days before the malicious activity was discovered.

This breach highlights the importance of regular employee training and education around common social engineering attacks. The records exposed in this incident, and similar data held by other medically related vendors, underscores the severity of this type of data exposure as it can lead to sophisticated identify theft. It also is a critical reminder for companies using third party vendors that their overall security posture is dependent upon the robustness of all the firms which hold their data.

Read more...

Ransomware Attack Locked a Football Club's Turnstiles

2020-07-23

ZDNet: The UK's National Cyber Security Centre has detailed the cyber threats faced by the elite sports industry – and revealed that more than 70% of sports institutions have been the victim of some kind of attempted cyberattack or hacking incident over the past 12 months.

Read more...

U.S. Offers $2 Million Reward In Global Search For Ukrainians Accused Of Hacking SEC Database

2020-07-22

Radio Free Europe: Artem Radchenko, 28, and Oleksandr Ieremenko, 28, acquired inside information on publicly traded companies by stealing test versions of quarterly and annual reports filed with the SEC but not yet available to investors, the Secret Servicesaid in a statement on July 22.

Read more...

Are Insurtech Startups Undervalued?

2020-07-22

Tech Crunch: In the heels Hippo’s funding round and our exploration of how the private markets appear to be more conservative than public investors at the moment, we’re asking a new question: are a bunch of insurtech startups undervalued?

Read more...

Fraudsters Clone FCA Register and Website

2020-07-22

Financial Times: Fraudsters have cloned the Financial Conduct Authority's website, including a page which encourages firms to register for online invoicing and pay annual fees. 

Read more...