The target: California State Controller’s Office
The take: Financial and personally identifiable information and documents, such as Social Insurance Numbers, on several thousand employees.
The attack vector: An employee, the target of a spear phishing attack, clicked on a suspicious link and entered their account ID/email address and password. This gave the attacker full access to SCO’s systems with the same level of access the employee had, including any files shared with the affected account. From here, the attacker further launched phishing attempts against over 9000 employees, using the hacked account to increase the believability of the scam.
Phishing attacks against individual employees remain one of the greatest security threats to the entire organization. Regular social engineering and awareness testing and training, along with tone-from-the-top messaging to emphasize the importance of critical thinking and caution are crucial to protecting sensitive information assets.
Yahoo Finance: Researcher John Kindervag published a paper about a decade ago that argued administrators of sensitive computer networks shouldn’t trust anyone on their networks, regardless of their title.
Yahoo Finance: The U.S. Cyber Command conducted more than two dozen operations aimed at preventing interference in last November's presidential election, the general who leads the Pentagon's cyber force said.
Evening Standard: The average cost to companies that have been hit in the last 12 months is estimated to be £8,460, according to the annual Cyber Security Breaches Survey.
Lexology: The Investment Industry Regulatory Organization of Canada (“IIROC”) has published a Cybersecurity Notice on Ransomware (the “Notice”), which flags a recent uptick in ransomware attacks on IIROC firms and provides guidance on how IIROC firms should prevent, detect, respond to and recover from ransomware attacks.
ZDNet: Cyber criminals are sending over three billion emails a day as part of phishing attacks designed to look like they come from trusted senders.
IPE: The manager of Norway’s sovereign wealth fund has put forward the idea that the main stock exchanges around the world should be required to have emergency facilities where trading can continue if they suffer a major technological failure or cyberattack.
ZDNet: UK CEOs have revealed their top concerns after a year that saw remote work become the norm, with accelerated digital transformation and highly visible cyberattacks.
The target: SendGrid, a Colorado-based email marketing company.
The take: 400,000 unique login credentials of: email address, password, IP address, and physical location.
The attack vector: The attacker used a combination of previously hacked accounts on the SendGrid platform to send fake Zoom invites. As SendGrid was known as a trusted SMTP provider, the fake messages had a much higher chance of reaching their targets, passing through some email protection.
This incident highlights the importance of critical thinking as a component of social awareness training for staff. In the event that a trusted account is compromised, analysis of the context of these requests becomes the critical – is a meeting invite expected, does the timeline and subject matter line up with expectations? While messages originating from fraudulent e-mail addresses are easier to spot, they are not the only vector for phishing attacks – each item in the inbox must be approached with the same level of caution.
Yahoo Finance: Canada's main cybersecurity watchdog said Wednesday that it's likely too late to prevent criminals from using a vulnerability in Microsoft Exchange email servers, unless system administrators have already installed software patches that were issued in early March.
Journal of Accountancy: CPAs have a new opportunity to act as third-party assessors of the cybersecurity maturity of U.S. defense contractors as they work to comply with new regulations that have been created to combat cyberthreats.
Zawya: HP Inc. released its new Quarterly Threat Insights Report, providing analysis of real-world attacks against customers worldwide. The report found that 29% of malware captured was previously unknown* – due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. 88% of malware was delivered by email into users’ inboxes, in many cases having bypassed gateway filters.
IT Web: It goes without saying that the COVID-19 pandemic has been the driver of a massive increase in remote working. This can, in many ways, be viewed as a win-win situation for companies and staff. After all, employees save commuting time while enjoying added flexibility and greater productivity. Meanwhile, organisations reduce both costs and turnover rates.
Investment Executive: In a notice to the industry, the self-regulatory organization said that it has seen an increase in cyber attacks targeting IIROC firms with malware that infects and encrypts devices and demands a ransom for the return of the locked data.
Funds Europe: Last year’s Sunburst cyber-attack against public and private organisations worldwide acted as a reminder of the growing sophistication of cybercrime and the need for solid cybersecurity.
Computer Weekly: The government is to set out a new “full spectrum” approach to the UK’s national cyber security capabilities in this week’s Integrated Review of Security, Defence, Development and Foreign Policy, which is set to be published.
The target: Microsoft’s email server software, Microsoft Exchange.
The take: The networks of over 30,000 organizations, consisting of hundreds of thousand of on-premises servers. Threat actors have moved aggressively to exfiltrate personally identifiable information, highly sensitive company and client data, banking details, financial data, and more.
The attack vector: Four security holes in Exchange Server versions 2013 to 2019 were exploited in tandem to grant attackers full access to an array of email severs. More critically, in every instance where the breach was discovered, the intruders had installed a backdoor, which continues to allow remote access to affected servers even after the set of four vulnerabilities have been patched.
While zero-day exploits will unavoidably cause challenges for vendors and their clients, we underscore the critical nature of threat monitoring, timely patching, enacting defense-in-depth measures to mitigate the failure of any single layer of security controls. Approaching security incidents and overall cybersecurity with a “when not if” mindset can materially reduce the impact of incidents such as these.
Insurance Business: Boards and managers will soon be held responsible for protecting their organisations, shareholders, and customers from cyber risks as cyber attackers continue to take advantage of the work-from-home environment – potentially increasing directors and officers (D&O) liability insurance premiums.
Silicon: The wide ranging impact from the Microsoft Exchange zero-day flaws continue to be felt with a fresh warning from security researchers.
BNN Bloomberg: A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.
BNN Bloomberg: Cybersecurity platform Snyk Ltd. said it has closed a $300 million funding round that gives it a valuation of $4.7 billion, quadrupling its value since the start of 2020.
Private Equity Wire: Drawbridge will use the funds to accelerate product innovation, expand sales and marketing activities across North America and EMEA, and continue investing in its people, platform, and client services. The investment follows a period of dramatic growth for Drawbridge. Over 300 funds in the alternative investment industry – including hedge funds and private equity funds – with more than USD800 billion in Assets Under Management work with Drawbridge to build and maintain their cybersecurity programs.
Cision: Infosys, a global leader in next-generation digital services and consulting, and Interbrand, a global brand consultancy firm, today revealed that the potential risk in brand value of a data breach to the world's 100 most valuable brands could amount to as much as $223b, according to a joint cybersecurity and brand value impact report launched.
Financial Post: The European Banking Authority on Monday said it had been targeted by hackers, although no data had been obtained and it was redoubling efforts to shield itself amid a global cyber attack exploiting flaws in Microsoft’s mail server software.
The target: Star Alliance airlines, Air New Zealand, Malaysia Airlines, Finnair and others
The take: Frequent flyer information for at least a million passengers, including name, date of birth, gender, contact information, ID number and frequent flyer status.
The attack vector: The breach was traced to SITA, an IT service provider that claims to serve 90% of the global aviation industry, and acts as the intermediary to store and share frequent flyer information between airlines.
Supply chain attacks continue to pose a material threat, as bad actors identify high-value targets which can enable them to capture information for multiple organizations at once. When entrusting service providers with sensitive information, firms are still ultimately responsible for their data and must ensure that commensurate controls travel with it throughout its lifecycle.
We Live Security: Companies operating in the financial services industry aren’t by any means strangers to being targeted by various forms of financial crimes and fraud. However, over time, the playing field has changed and threat actors have adapted their tactics to better suit the digital world. Cybercriminals now use different flavors of fraud and extortion as well as directly breach companies to line their pockets.
Beta News: The poor state of diversity in the cybersecurity industry is shown by a new report in which 57 percent of women working in the industry believe it will take at least a decade for them to be treated as equals to men, with 20 percent believing it will never happen.
Cision: Information Shield - a leading provider of cyber security compliance software – today announced support for the new Cyber Insurance Risk Framework. Using the ComplianceShield ™ platform and Cyber Risk Score ™ methodology, insurance providers can gain measurable insight into the cyber posture and inherent risk of their insured base. The new framework was created by the New York Department of Financial Service (NYDFS) to help reduce systematic cyber risk across the insurance industry.
KnowBe4: 57% of phishing emails in 2020 were designed for stealing credentials, according to Cofense’s most recent Annual State of Phishing Report. Meanwhile, just 12% of phishing attacks last year were used for delivering malware. Cofense believes this is because credential phishing emails are better at bypassing email security filters than emails with malicious attachments or download links. Likewise, conversational phishing attacks, like business email compromise (BEC), have grown more popular.
Institutional Asset Manager: Data from the CrowdStrike Intelligence team reveals a surge in ransomware attacks during the pandemic, with data extortion becoming the most used attack method for all sectors – with 1,430 incidents reported globally in 2020.
The Straits Times: Extensive remote working arrangements open up financial institutions to multiple risks - some of them related to daily operations and information security and technology, and others to fraud and staff misconduct.
IT Pro Portal: The zero trust approach, which operates under the assumption that the network has already been breached and that every device and app needs authorization, is said to be the most efficient way to tackle advanced cybersecurity threats.