shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: Facebook

The target: Social media giant Facebook.

The take: Passwords for between 200 and 600 million user accounts.

The attack vector: Passwords were stored in plaintext on internal systems dating back to 2012 and were accessible to more than 20,000 Facebook employees. Access logs show that at least 2,000 engineers or developers made approximately 9 million internal queries for datasets that contained plain text user passwords.

Read more...

Nordic Metals Firm Hydro Restoring Systems After Cyber Attack

2019-03-17

BusinessInsider: A prominent Silicon Valley investor and Facebook board member has denied claims that he met with a Cambridge Analytica representative as early as 2016. The Observer reported that Marc Andreessen, a founding partner at VC firm Andreessen Horowitz and current Facebook board member, hosted a meeting with former Cambridge Analytica employee Chris Wylie over concerns about the way the political consultancy was manipulating people's data...

Read more...

A Facebook Board Member Denied Claims he Met the Cambridge Analytica Whistleblower 2 years Before the Scandal Exploded

2019-03-17

BusinessInsider: A prominent Silicon Valley investor and Facebook board member has denied claims that he met with a Cambridge Analytica representative as early as 2016. The Observer reported that Marc Andreessen, a founding partner at VC firm Andreessen Horowitz and current Facebook board member, hosted a meeting with former Cambridge Analytica employee Chris Wylie over concerns about the way the political consultancy was manipulating people's data...

Read more...

JPMorgan Hack Suspect is Helping the US; Here’s What He May Offer

2019-03-17

BusinessStandard: He’s the accused mastermind of one of the biggest hacks ever. He and his crew allegedly pilfered information from more than 80 million JPMorgan Chase & Co. clients and ran online gambling, stock manipulation and money laundering schemes around the world. Gery Shalon, charged with those crimes four years ago, has rarely appeared in court since he was extradited to the US. Now it’s clear why: Shalon is helping US authorities, according to people familiar with the matter...

Read more...

UK Cyber-Security Efforts Criticised by Audit Office

2019-03-15

BBC: The warning came in a National Audit Office (NAO) assessment of the UK's national cyber-defence plan. The government is increasingly worried that these essential sectors will be targeted by foreign states seeking to disrupt UK life. Modern life was now "totally dependent" on cyber-security, said one expert...

Read more...

How Criminals are Using the Low-interest Credit Card Scam to Steal your Identity

2019-03-19

CBC: It starts with what sounds like a promising phone call: For a one-time fee, you can lower the interest rate on your credit card. But the person on the other end of the line isn't with your bank or credit card company: They're a fraudster, looking to cash in on a common frustration.And what they're really after is your identity...

Read more...

How Ad Fraud Just Became a Lot More Scary for Advertisers

2019-03-19

FourthSource: Marketers have turned on the taps with unprecedented online spending. eMarketer reports that for the first time digital ad spending in the US will exceed traditional ad spending, while by 2023, digital will surpass two-thirds of total media spending. The big winners are being crowned — not least Google (responsible for 38% of digital online spending); Facebook (21%) and rising star Amazon (7%)...

Read more...

Bank Hackers Team up to Spread Financial Trojans Worldwide

2019-03-20

ZdNet: Banking Trojans are popular in cybercriminal schemes given the valuable data and financial service credentials they can steal in successful cyberattacks. Banks find themselves a constant target for relentless attacks against their apps and infrastructure. Their names, too, are abused by threat actors which use them in phishing campaigns and through copycat malicious domains designed to dupe customers into handing over their account credentials...

Read more...

Know Your Breach: Cathay Pacific

The target: Cathay Pacific Airlines, a Hong Kong airline.

The take: Personal information including names, dates of birth, addresses, and some passport numbers and e-mail address for 9.4 million clients.

The attack vector: It’s believed that vulnerabilities were discovered and exploited due to poor planning and a failure to adapt security practices and postures during a transition from legacy IT systems to cloud-based infrastructure.

Read more...

Police Bust Man for Allegedly Selling 1 Million Netflix, Spotify Passwords

2019-03-12

CNet: An Australian man has been arrested after allegedly raking in an estimated AU$300,000 ($211,000) selling stolen login details online. The man was allegedly behind the website WickedGen.com, which boasted that it had 120,000 users and sold Netflix, Spotify and Hulu logins stolen from almost 1 million accounts...

Read more...

Citrix Hacked by Password-Spraying Attackers, FBI Warns

2019-03-11

BankInfoSecurity: Citrix Systems says it's investigating an apparent penetration of its network and theft of business documents by hackers. The technology giant, which is based in Fort Lauderdale, Florida, says it was alerted to the suspected intrusion on Wednesday by the FBI and that it has launched a digital forensic investigation...

Read more...

Cyber Attacks Proliferate in Finance

2019-03-11

FinNews: The number of cyber attacks more than doubled last year. The attackers have also become much more aggressive in their approach and developed a strong will to persist with their campaigns. Cyber attacks on financial services firms that aimed to harm their infrastructure increased by 160 percent on a global scale over the past twelve months, according to Carbon Black and Optiv Security, two cyber security firms...

Read more...

EU to Pool and Network its Cybersecurity Expertise – Council Agrees its Position on Cybersecurity Centres

2019-03-13

EuropeanUnion: The EU is stepping up its capacity to protect Europe against ever-increasing cyber threats by creating a new structure to pool and network its expertise in cybersecurity research, technology and industrial development. Today, the Council's Permanent Representatives Committee granted the Romanian presidency a mandate to start talks with the European Parliament on establishing a top knowledge base for cybersecurity called the European Cybersecurity Industrial...

Read more...

HSBC Warned of BOV (Bank of Valletta) Hackers Last Year

2019-03-11

MaltaToday: A confidential IT security report seen by MaltaToday shows that HSBC Malta was targeted by the hacking group EmpireMonkey months in advance before their successful hacking of Bank of Valletta.The group carried out a €13 million heist from the bank on 13 February, which led BOV to temporarily take its services offline...

Read more...

Cyber Attacks Could Help Trigger a War, says Marise Payne (Australian Foreign Minister)

2019-03-11

SydneyMorningHerald: Foreign Minister Marise Payne has warned that the internet and cyber security are now so central to modern nations that serious hacking incidents could escalate into war. Senator Payne, during an address to the Lowy Institute in Sydney, noted that Australia had recently suffered its own serious assault on democratic institutions in the form of hack attacks on Parliament and the major political parties...

Read more...

Japan Spearheads Pan-Asia Alliance to Tackle Cybersecurity

2019-03-11

NikkeiAsianReview: Japan will work with dozens of other countries and organizations to create the Asia-Pacific's first alliance to fight cyberattacks, hoping to enhance the region's cybersecurity by enlisting Russia and China, Nikkei has learned. The move will involve members of the ASEAN Regional Forum, which includes Japan, the U.S., the E.U...

Read more...

Know Your Breach: Sonic

The target: Sonic Restaurants, an American fast-food chain.

The take: An estimated five million credit and debit payment card accounts were compromised as a result of the attack.

The attack vector: The success of the attack was attributed to the age of Sonic’s Point-of-Sale systems, which were no longer receiving security updates and which were inherently vulnerable to manipulation and data exfiltration.

Read more...

Ex-Equifax Exec Pleads Guilty To Insider Trading Post-Breach

2019-03-06

AJC: A former executive at Atlanta-based Equifax has pleaded guilty to insider trading in the wake of the company’s massive data breach in 2017. Jun Ying, 43, former chief information officer of an Equifax division known as U.S. Information Solutions, sold more than $950,000 in stock in the weeks after the company discovered the breach but before the incident was made public...

Read more...

Chinese Hackers Hit 27 Universities in US, Canada: Report

2019-03-06

BusinessStandard: Chinese hackers have targetted over two dozen universities in the US and Canada in an apparent bid to steal key maritime military research, The Wall Street Journal has reported. In all 27 universities -- including the University of Hawaii, the University of Washington, Penn State and Duke University and Massachusetts Institute of Technology -- were found to have been hit by the hackers, according to a report by cyber security firm iDefense which was accessed by The WSJ...

Read more...

KKR Invests in Cybersecurity Firm KnowBe4 at $800M Valuation

2019-03-01

Fortune: Cybersecurity startup KnowBe4 has secured a minority investment from private equity giant KKR that values the firm at more than $800 million. KKR is making an initial commitment of up to $50 million in KnowBe4, according to sources with knowledge of the transaction, with plans for an additional investment in the company already in the works...

Read more...

North Korea Conducted Cyberattacks on the U.S. During the Trump-Kim Summit, Report Says

2019-03-04

Time: Hackers linked to North Korea continued waging cyberattacks against U.S. companies and other targets while leaders from Washington and Pyongyang met for their second summit last week, the New York Times reports. Throughout the ongoing, 18-month operation, hackers from Lazarus group have persistently targeted key industries...

Read more...

The Marriott Breach Shows Just How Inadequate Cyber Risk Disclosures Are

2019-03-05

HarvardBusinessReview: Another year and another hack and what seems like a very long wait to learn that it happened. Recently, Marriott waited 11 weeks to reveal that 383 million customer records had been compromised, exposing at least 25 million passport numbers and 8 million payment cards. Can you imagine a company like Marriott waiting for 11 weeks to disclose its quarterly earnings numbers? That wouldn’t be acceptable...

Read more...

Bank of England to Test Banks' Resilience to Cyber Attacks

2019-03-05

Euronews: LONDON (Reuters) - Britain's banks will have to show they could recover from a cyber attack within hours to avoid customer payments being delayed to the next day, the Bank of England said on Tuesday. The BoE said it would hold a pilot cyber stress test of lenders mid-2019 but individual results won't be published...

Read more...

Cyberattack Planning is Still Depressingly Poor, Even in Big Businesses

2019-03-05

Zdnet: The top management at some of the UK's biggest companies still don't fully understand the potential risks of a cyberattack on their business, says a government report. While nearly every big company (96%) claims to have a cybersecurity strategy in place, less than half (46%) back that up with dedicated budget. And only one in eight (16%) say they have a comprehensive understanding of the impact of loss or disruption that comes with cyber threats...

Read more...

Know Your Breach: Target

The target: Target, an American retailer.

The take: PPayment card information, and/or names, phone numbers and e-mail addresses for up to 70 million customers.

The attack vector: Attackers accessed Target’s network via credentials stolen from a third-party HVAC vendor, installed malware and exfiltrated the data in what was one of the first major data breaches to make headlines.

Read more...

Cybercriminals Earning Over $3B Annually Exploiting Social Platforms

2019-02-20

GlobeNewswire: Since 2017 there has been a 400 to 600 percent increase in the amount of cryptomining malware being detected globally, the vast majority of which has been found on social media platforms. Of the top 20 global websites that host cryptomining software, 11 are social media platforms like Twitter and Facebook...

Read more...

Cost of Cyber Breach Recover Hits All-Time High of $5.8M

2019-02-25

CanadianSecurityMagazine: Cyber security incidents have become the new normal for Canadian companies, with 100 per cent of organizations experiencing attacks, according to the findings of a new study from Scalar Decisions Inc. of more than 400 Canadian IT and security workers...

Read more...

Ionic Security Closes $40 Million Growth Round Led By JPMorgan Chase & Co. with Participation from Google LLC

2019-02-27

PRNewswire: It was announced that Ionic Security Inc. closed a $40 million Series E round led by financial services leader JPMorgan Chase & Co., with participation by Google LLC as a new investor. Current venture investors Kleiner Perkins, GV, Icon Ventures, Meritech Capital, TechOperators and Ten Eleven Ventures participated, alongside other new and existing investors. JPMorgan joins Goldman Sachs and SunTrust Bank as the third major financial services firm to invest in Ionic Security...

Read more...

Tesco scam warning after customers caught out by fake email about grocery home orders

2019-02-26

Thescottishsun: TESCO customers are being warned about a new scam that could let fraudsters take control of your account. The supermarket said a number of its shoppers had received a phishing email about a grocery order they hadn't placed online. More than 400,000 phishing emails are reported to Action Fraud every year - and those are just the ones flagged by victims...

Read more...

Hospitals Are Cyber Criminals’ Newest, Biggest Target

2019-02-25

Insidesources: Cyber attacks on hospitals and healthcare providers have become a regular occurrence.  On Feb. 1, it was Easton Hospital in Easton, Pennsylvania. On Feb. 4, it was the Catawba Valley Medical Center in Hickory, North Carolina. On Feb. 20, it was the Calbrini Hospital in Melbourne, Australia...

Read more...

India ‘Millionaire’ Crypto Scam Tricks Victims Out Of $250K

2019-02-26

pymnts: A man in India tricked 12 people out of $250,000 with a scam involving a fake cryptocurrency named after the Indian version of the show “Who Wants To Be A Millionaire,” according to reports. Pritam Patil allegedly asked the victims to invest in the initial coin offering (ICO) of his “KBC Coin,” named after Kaun Banega Crorepati, a wildly popular Indian show...

Read more...

Data breaches reported to FCA have risen 480% from financial services firms

2019-02-25

InformationAge: The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018, to 145 up from just 25 in 2017*, shows research from RPC, the City-headquartered law firm. Data breaches are on the rise. And, the financial services sector is an especially lucrative target; along with the personal data bulging healthcare sector...

Read more...

About Castle Hall Diligence

Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

Subscribe to Cyber Updates