The target: Frost & Sullivan, a US based business consulting firm.
The take: 6,000 customer records containing: client name, email address, the company contact. 6146 employee records containing: first and last names, login names, email addresses, and hashed passwords.
The attack vector: Due to a misconfigured, public-facing sever, the data was stolen from an unsecured backup folder which contained readable databases and company documents. The information was then put up for sale on a known hacking forum.
This breach highlights the importance of a firm’s security posture for publicly accessible file containers. Since sensitive information such passwords were included in the leak, credential stuffing attacks could easily be carried out to great effect.
BNN Bloomberg: More than 10,000 people have joined the suit since it was filed last month, according to law firm PGMBM. Victims are entitled to as much as 2,000 pounds ($2,500) in compensation, meaning the case could be worth as much as 18 billion pounds. EasyJet said last month that the email addresses and travel data of about 9 million
Cover: L&G uses financial services support company MorganAsh to collect information to support the quote application process for medically underwritten lifetime annuities and its Lifetime Care Plan product.
ZDNet: An organized hacker group believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges, cyber-security firm ClearSky said in a report shared with ZDNet.
BNN Bloomberg: European Union data protection watchdogs, armed with the right to levy massive fines for two years, still haven’t made full use of their powers, according to an EU report.
Nasdaq: Cybersecurity has been a hot theme this year, suddenly taking new importance in an economy that’s had workers everywhere working from home, logging into systems outside of offices, many for the first time.
Cision: The UK's vulnerability to cyber security attacks has again come under the spotlight, with only half of business leaders ready and prepared to counter digital threats they're currently facing – or are likely to confront in the future. This is despite the fact that over half (52%) link strong cyber security capabilities to increased profitability.
TECHERATI: One in six firms met the demands of hackers last year by paying out ransoms, according to the “chilling” findings of a report on cyber crime. The annual Hiscox Cyber Readiness Report revealed that 6 percent of the 5,569 firms polled – and one in six of those attacked – had surrendered by paying a ransom following a cyber attack.
The target: Postbank, the banking division of South Africa’s Post Office.
The take: $3.2 million USD
The attack vector: Rogue employees printed the bank’s ‘master key’, a 36 digit code which allows its users to decrypt the bank’s operations and modify security protocols, on a piece of paper from an old data center. Using this credential they were able to access customer accounts and execute more than 25,000 fraudulent transactions, stealing $3.2 million. In addition to the cash, the master key also gave the attackers access to ATM pins, home banking access codes, customer data and credit card information which could then be used for sophisticated phishing attacks.
This breach highlights the importance of privileged credential management and the cascading negative effects that can happen when a high level protocol is compromised.
Nikkei Asian Review: It’s every CEO’s worst nightmare: Invisible invaders rummaging through internal documents, collecting private emails, salaries and even trade secrets.
ZDNet: The 106 extensions are part of a batch of 111 Chrome extensions that have been identified as malicious in a report published today by cyber-security firm Awake Security.
HedgeWeek: Panel sessions on evolving operational challenges and cybersecurity heard how the current remote working environment is shining a light on operational risk challenges, with the ongoing coronavirus pandemic described as “the largest continuity test ever” for emerging hedge fund managers.
Institutional Investor: Private equity firms are increasingly targeting publicly traded technology companies for buyouts, including Thomas Bravo’s deal in early March to buy cybersecurity firm Sophos. As a result, some tech firms may be staying public for a far shorter period of time, according to a new report from data provider PitchBook.
The Register: Falling for an impostor’s email is easier than you might think. The recent attack which saw Norway’s state-owned investment fund, Norfund, lose an eye-watering USD 10 million (approx. 100 million NOK) was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address.
IT World Canada: Half a year after suffering arguably the worst data breach in Canadian history, LifeLabs provided its customers with an update on what it’s doing to make sure history isn’t repeated.
Coin Telegraph: An Israel-based company reportedly paid $250,000 in Bitcoin for a ransom payment demanded by hackers that threatened to shut down its systems after a ransomware attack.
The target: Genworth Financial, a fortune 500 Insurance holding company for mortgages and long term care.
The take: Personally Identifiable data of 1600 clients including: name, address, age, gender, date of birth, financial information, social security number, and signature.
The attack vector: The attackers gained unauthorized access through compromised login credentials belonging to some of Genworth’s third party insurance agents. These agents use an online access portal run by Genworth to manage their client’s policies. By exploiting the hacked logins, the threat actors were able to gather a trove of data which is very valuable for phishing attacks, identity theft and more.
This attack highlights the critical need for robust credential management amongst not only a firm’s employee, but also amongst third parties, and wherever access to a firm’s data is concerned.
The Canberra Times: The almost instant move to working and socialising from home due to coronavirus has left Australian businesses and homes vulnerable to cyber attacks as communication and data has moved to insecure online platforms.
Money Management: The new fund, which would target sophisticated investors, in particular high net worth individuals (HNWI) and family offices, would aim to provide 12% per annum returns. It would invest in three to four companies over the next 12 to 24 months, made up of cyber security and other national security related small and medium enterprises (SMEs).
CRN: Thoma Bravo plans to cut up to 16 per cent of Sophos workforce, according to reports. The private equity giant completed its acquisition of the UK-based cybersecurity firm in early March, and has now moved quickly to cut costs.
Yahoo Finance: U.S. authorities are investigating a vast hacking-for-hire operation that involves attempts to pilfer confidential communications from investigative journalists, short sellers and advocacy groups fighting climate change, according to law enforcement officials, court documents and cybersecurity officials who have tracked the scheme for years.
Reuters: A little-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.
ZDNet: Honda, the Japanese car manufacturer, has confirmed it has been hit with a cyberattack that has impacted some of its operations, including production systems outside of Japan.
Bloomberg Law: Advent International Corp. countersued Forescout Technologies Inc. in Delaware Monday, six weeks before a YouTube trial over the breakdown of their $1.9 billion take-private buyout, saying the deal’s collapse can’t be blamed on the coronavirus alone.
The target: San Francisco Employees’ Retirement System, the city’s firm which provides pension, retirement plans, and other benefits to city workers.
The take: Personal information for 74,000 members, including names, home addresses, dates of birth, beneficiary information, username/password combinations, and potentially tax information and bank routing numbers.
The attack vector: A breach notification was filed advising that ‘an unauthorized individual’ gained access to a database hosted in a test environment by one of the SFRS’s vendors.
This case again underlines the importance of validation of service providers and ensuring that third party organizations with access to sensitive data put appropriate controls in place. Furthermore, test and pre-stage environments should, as a best practise, use ‘dummy’ or heavily redacted data, especially in cases where security controls are not as rigid as those protecting production systems.
Cision: In the new guide from IT solutions and services provider, Softcat, in-house cyber security experts explain what it takes to enhance cyber security in collaboration with suppliers, customers and everyone in between, to ensure safety along the supply chain.
Government Technology: The pension system’s vendor, 10up Inc., said an outside party accessed a test data server with members’ information on Feb. 24. The server was closed and 10up Inc. said there was no evidence information was removed, but could not confirm whether the data was viewed or copied.
Yahoo Finance: A cyberattack on the Chartered Professional Accountants of Canada website has affected the personal information of more than 329,000 members and stakeholders, the organization said.
ZDNet: CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs on lockdown.
Cryptopolitan: From January to March, Kaspersky said it was able to block at least 11,700 cryptojacking attacks launched on computer systems in Singapore for illegal crypto mining. The total number of blocked attacks represents a threefold increment when compared to the cryptojacking attacks it blocked last year.
CTech: Israeli cybersecurity startup foundry Team8 announced it is establishing a new venture capital arm. Veteran investor Sarit Firon will serve as co-managing partner of Team8 Capital, alongside Team8 co-founder Liran Grinberg.
Bloomberg Law: Advent International Corp. is arguing in Delaware court that it can walk away from its planned $1.9 billion take-private buyout of Forescout Technologies Inc. over the cybersecurity company’s precipitous revenue decline, whether it was caused by the Covid-19 pandemic or not.