The Target: Entrust, a digital cybersecurity firm focused on identity management.
The Take: Sensitive corporate internal data from Entrust’s own IT systems.
The Vector: The attacker used previously compromised Entrust employee credentials to access their internal systems, posing as an authenticated user.
This breach is a critical reminder of the importance of credential authentication and password hygiene. Enforced multi-factor authentication could have prevented the Entrust breach, and enforcing this multi-factor authentication, along with reasonably regular forced password resets, password length and complexity rules, are effective strategies to mitigate these kinds of breaches.
Forbes: Private equity (PE) and venture capital (VC) firms have become prime targets for cyberattacks. Perhaps unsurprisingly, cybercriminals tend to gravitate toward money, and there’s a lot of it in private equity. The numbers are mind-boggling: The average midmarket fund encounters more than 10,000 cyberattacks daily.
CNet: The average cost of a data breach rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020.
Bleeping Computer: Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate).
BNN Bloomberg: Cybersecurity provider Acronis raised $250 million in new funding from institutional investors earlier this year to expand its business, including through acquisitions and hiring.
Coin Telegraph: New research shows that despite falling digital asset prices, cryptojacking has reached record levels in the first half of 2022.
Bleeping Computer: System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
CNN: T-Mobile has agreed to pay $350 million to settle multiple class-action suits stemming from a data breach disclosed last year affecting tens of millions of people.
The Target: Morgan Hunt, a British recruitment agency.
The Take: Exposure of Personally Identifiable Information including: names, contact details, identity documents, proof address documents (bank or building statements, national insurance number, and date of birth.
The Vector: The attackers breached a third-party software developer of Morgan Hunts who were storing access credentials to their database with no authentication or access controls.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture. Furthermore, all steps should be taken by a firm to ensure any third-party vendor who can access their data is employing the requisite methods. Enforcing multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Tech Radar: As the number of different digital touchpoints grows exponentially as hybrid working(opens in new tab) cements itself, so too have the number of attack surfaces available for cybercriminals to exploit. In a world where cybercrime is evolving at a rapid pace and the threat landscape remains unpredictable and constantly shifting, one thing is clear: data increasingly underpins future security.
CNN: China’s cyberspace regulator fined Didi Global just over 8 billion yuan ($1.2 billion) for violating cybersecurity and data laws, putting an end to a yearlong investigation into the ride-hailing giant.
Portfolio Adviser: Hackers have infiltrated a London-based fund administrator and custodian’s IT system, potentially putting customers’ personal data at risk. Mainspring notified clients earlier this week it had suffered a data breach, following a targeted ransomware attack on the morning of 12 July.
IT News: Australia’s competition watchdog has partnered with the corporate regulator to trial automated takedowns of websites hosting phishing and other scams.
Private Equity Wire: Atlantic Street Capital (ASC), a private equity firm that invests in lower middle market companies, has acquired assets from CyberGuard Compliance, a licensed CPA firm with exclusive specialisation in IT compliance and cybersecurity audit and assessment services, and Elite Consulting Solutions, a provider of IT compliance and cybersecurity consulting and remediation services, collectively known as “CyberGuard”.
Coin Telegraph: The United States Federal Bureau of Investigation (FBI) has issued a public warning about fraudulent cryptocurrency applications, which have swindled U.S. investors out of an estimated $42.7 million so far.
CNN: The Biden administration is pushing to fill hundreds of thousands of cybersecurity jobs in the United States as part of a bid to close a talent shortage US officials describe as both a national security challenge and an economic opportunity.
The Target: Axie Infinity, a Decentralized Finance company that runs a “play to earn” game video game.
The Take: $625 million worth of crypto currency.
The Vector: The hackers used social engineering and phishing to craft a highly targeted fake job offer email and embedded a malicious program instead a PDF attachment. The Axie Infinity employee believed this was legitimate and opened the PDF attachment, and during the fake recruiting process, also gave away critical personal information which was then used to gain access to the firm’s systems to steal the funds.
This breach highlights the ongoing and ever-present need for employee training to protect a firm against social engineering attacks. By using the exposed credentials, the attackers were able to act with all the same permissions as the affected employee and pivot into other systems. The human component of cybersecurity is a very real and important piece of the overall picture of cybersecurity posture.
Bank of Canada: Financial markets face the constant threat of cyber attacks. We develop a principal-agent model of cyber-attacking with fee-paying clients who delegate security decisions to financial platforms. We derive testable implications about clients’ vulnerability to cyber attacks and about the fees charged. We characterize which cyber attacks actors choose.
The Hill: The analysis states that a security engineer from the Alibaba Cloud Security team in China first reported the vulnerability to the Apache Software Foundation, a nonprofit organization that provides support for Log4j, the software.
Bleeping Computer: Uniswap, a popular decentralized cryptocurrency exchange, lost close to $8 million worth of Ethereum in a sophisticated phishing attack. While the protocol hasn't been compromised by exploiting a vulnerability as initially suspected, the cyberattack has impacted many investors in digital assets.
Dark Reading: Cynet, the world’s first provider of an autonomous, end-to-end, fully automated extended detection and response (XDR) platform, today announced the results of its second annual “CISO Survey of Small Cyber Security Teams."
U.S. News: Unidentified hackers attempted to trick European Central Bank President Christine Lagarde into letting them open a messaging app account in her name by posing as former German chancellor Angela Merkel, a German source said.
Security Week: In a letter addressed to UK lawyers dated July 7, 2022, the UK’s National Cyber Security Center (NCSC) and the Information Commissioner’s Office (ICO), have reiterated – with teeth – the official stance on not paying a ransom.
ZDNet: Brazen cyber criminals are now posing as cybersecurity companies in phishing messages that claim the recipient has been hit by a cyberattack and that they should urgently respond in order to protect their network.
The Target: Kaiser Permanente, a U.S based health plan and health-care provider.
The Take: Personally Identifiable health Information on 69,000 individuals, including: first and last name, medical record number, dates of service, laboratory test results.
The Vector: A threat actor gained access to compromised employee email account and acting with all the same permissions as the breached credentials, downloaded and stole the information.
This breach is a stark reminder of the importance of robust employee credential authentication and password hygiene. Performing regular monitoring on account behaviour is critical to ensure access is kept within the firm. Additionally, locking down appropriate permissions, admin access, and ensuring users only need the tools they need to do their jobs, and no more, will reduce the risk of these attacks.
Security Week: A SecurityWeek study showed that more than 430 cybersecurity mergers and acquisitions were announced in 2021. SecurityWeek will soon also publish an M&A analysis for the first half of 2022.
BNN Bloomberg: China’s cabinet stressed the need to bolster information security, following a huge leak of personal data that could be the largest cyber-attack in the country’s history.
Tech Crunch: Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data, including guests’ credit card information.
The Middletown Press: Officials with a Foxborough, Mass.-based cybersecurity firm announced their company has acquired Edge Technology Group of Greenwich, which is an information technology company serving financial firms.
Dark Reading: The recent upheaval in the supply chain is unprecedented, thanks to ongoing disruptions tied to the pandemic, financial and trade sanctions stemming from Russia's war in Ukraine, cyberattacks targeting the supply chain, and other factors.
Tech Radar: The Chief Digital and Artificial Intelligence Office (CDAO), the Directorate for Digital Services and the Department of Defense Cyber Crime Center (DC3) jointly launched “Hack US”, a bounty-hunting program aimed at identifying high-severity flaws in government systems.
Forbes: When a private equity firm had acquired a midsized manufacturer late last year, little did they know that someone else had set on the same target as well. Just two months after it was purchased, a cybercriminal organization launched a crippling ransomware attack that locked up the manufacturer’s systems.