The Target: American Airlines, U.S based air travel company.
The Take: Exposure of Personally Identifiable Information including: employee and customer names, dates of birth, mailing addresses, phone numbers, email addresses, driver license numbers, passport numbers, and certain medical information.
The Vector: Using a phishing attack, the threat actor compromised an employee’s Office365 account, and acting with all their permissions, exfiltrated the exposed data.
This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Bleeping Computer: A ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million.
ZDNet: Russia has engaged in a sustained, malicious cyber campaign against Ukraine and its allies since the February 24 invasion – but its lack of success shows that it's possible to defend against cyberattacks, even against some of the most sophisticated and persistent attackers, says the UK's cybersecurity chief.
Tech Crunch: As regulators around the world try to provide frameworks for the digital asset industry, two U.S. senators have introduced a bill to help crypto companies report cybersecurity threats.
Global Newswire: Bishop Fox, the leading authority in offensive security, announced the results of a groundbreaking new survey that explores the minds and methodologies of modern attackers.
World Economic Forum: Lawmakers are seeking to strengthen cybersecurity requirements across the European Union, advancing new legislation to bolster security requirements for all digital hardware and software products.
Bleeping Computer: The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.
Dark Reading: Though funding activity this year is somewhat slower than in 2021 and market valuations of cybersecurity firms have taken a hit, mergers and acquisitions activity has remained strong through the year, as has investor interest in the sector.
The Target: 2K Games, an American video game publisher.
The Take: Customers were targeted with fake support tickets which contained malicious software in embedded links.
The Vector: An employee’s credentials were compromised, allow the attacker full access to the help desk panel, which they then used to contact customers and socially engineer them to click on dangerous URLs.
This breach is a stark reminder of how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Private Equity Wire: Pando’s strategic technology leadership has helped drive the growth of Adams Street’s global private markets investment platform. She has overseen the build-out of front office investment and CRM systems, as well as back-office operations, reporting, and risk management systems.
TechCrunch: Cybersecurity giant Malwarebytes has announced it has received a $100 million cash injection from Vector Capital, a private equity firm that invests in established technology businesses.
Yahoo Finance: SentinelOne, an AI endpoint security firm that went public last June, has announced the launch of S Ventures, a $100 million fund to invest in the generation of enterprise cybersecurity startups.
Nasdaq: Hackers have stolen digital assets worth around $160 million from cryptocurrency trading firm Wintermute, its CEO tweeted the latest such heist to hit a sector long plagued by cybercrime.
Dark Reading: In seven out of eight countries, cyberattacks are now seen as the biggest risk to business — outranking COVID-19, economic turmoil, skills shortages, and other issues.
Bleeping Computer: Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients.
U.S. News: Cybersecurity firm KnowBe4 Inc said that Vista Equity Partners had offered to take it private for $4.22 billion in cash, the latest sign of private equity interest in a sector whose valuations have declined in this year's downturn.
The Target: Uber, the U.S based app ride service.
The Take: Exposure of company internal systems and employee information.
The Vector: A threat actor obtained access to an employee’s user account by convincing them they were part of Uber’s IT team. With the compromised credentials, the attacker accessed all the internal systems the credentials had permissions to view.
This breach is a stark reminder of the very real threat of social engineering attacks which exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. Training, stop-and-think methodology, and a measured approach to requests of any kind, especially where credentials and access are concerned, can help mitigate the risk.
Harvard Law School Forum on Corporate Governance: This policy brief discusses cybersecurity from the corporate governance standpoint and illustrates how Nasdaq can implement cybersecurity into its ESG Reporting Guide, which is used by many public and private companies globally.
Private Equity Wire: The investment will provide working capital to enable Fidelis’ continued success in developing cyber solutions that help security teams from top commercial, enterprise, and government agencies worldwide find and stop threats faster and more effectively.
U.S. News: U.S. President Joe Biden directed the committee that reviews foreign investment for national security risks to sharpen its focus on threats to sensitive data, cyber security and areas such as microelectronics and artificial intelligence.
ABC News: The European Union's executive arm proposed new legislation that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.
Cision: Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, released cyber incident data obtained from the UK's Financial Conduct Authority (FCA). Through a Freedom of Information (FOI) request, Picus can reveal a steep rise in Distributed Denial-of-Service (DDoS) attacks reported to the regulator.
Business Wire: Kroll, the leading independent provider of global risk and financial advisory solutions, announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.
Cision: Agio, a leading cybersecurity and managed IT provider for financial services firms, published its inaugural 2022 Hedge Fund Managed IT Trends Report.
The Target: DoorDash, a popular food delivery company.
The Take: Exposure of Personally Identifiable Information belong to customers and employees including: names, customer delivery addresses, phone numbers, and some partial credit card information.
The Vector: The attackers breached a third-party company that DoorDash works with through a phishing attack. By using the compromised credentials, they were able to move in the vendor’s network freely and then access some of DoorDash’s own internal tools.
This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Info Security: In a statement to the London Stock Exchange (LSE), Darktrace said "discussions with Thoma Bravo have terminated,” putting an end to the £6bn ($6.9m) deal that could have been one of the most significant M&A of 2022.
PYMNTS: A proposed European Union bill will fine makers of “internet of things” (IOT) products if they don’t meet stringent rules aimed at cutting down on cyberattacks, the Financial Times (FT) wrote.
Private Equity Wire: Drawbridge, a provider of cybersecurity software and solutions to the financial services industry, has secured a strategic growth investment from Francisco Partners, a global investment firm that specialises in partnering with technology businesses.
Yahoo Finance: The hacker, who goes by the name AgainstTheWest, says they gained access to the personal information of more than 1 billion TikTok users, including users' PayPal information.
City A.M: NCC chief executive Mike Maddison said the digitisation agenda on the back of the global pandemic has created new opportunities for hackers in opening up new ways to infiltrate and take advantage of companies.
BNN Bloomberg: Lombard Odier Investment Managers said the “shocking” results of an analysis into cybersecurity risks lurking in portfolio companies have led it to apply ESG processes far more broadly to protect its funds from losses.
ZDNet: One of the key components of global trade is also one of the most vulnerable to cybersecurity threats – and if such an attack was successful, it would cause huge disruption with knock-on effects for people around the world.
The Target: MIDC, Maharashtra Industrial Development Corporation
The Take: $68,000.00
The Vector: A threat actor gained access to the firm’s CEO’s email account. With the compromised credentials, the attacker sent requests for fund transfers to an external account, to which the employees followed through.
This breach is a stark reminder of not only the importance of credential hygiene and authentication, as well as reminders about access and how attackers will be able to act with all the powers the breached accounts give them, but also for social engineering. These types of attacks exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. At all times, requests for information or monetary payments should be approached with caution and deliberate, thoughtful action.
Business Wire: Enterprises in Singapore and Malaysia have grown so concerned about the dangers of cyberattacks that they are changing the way they make security-related decisions and procure cybersecurity services, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm.
Security Magazine: Uncertainty has become a business standard in 2022, with enterprise leaders feeling cautiously optimistic about their ability to navigate future economic, social and geopolitical uncertainty.
Info Security: A new security framework for the UK’s telecommunications industry is set to come into effect in October, making the UK’s telecoms security regulations among the strongest in the world.
JDSupra: On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts.
Commercial Observer: We’ve all done it. You leave your computer with a stranger’s promise to “keep an eye on it” in a café. Your kid messes around on your laptop in your home office. You scroll through Facebook during a tedious Zoom meeting. What’s the harm?
Bleeping Computer: China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.
Forbes: Most forward-thinking corporations understand the benefits of taking a proactive approach to cybersecurity. If investments haven’t been made from the desire to protect customer and client data, it is seemingly being invested in by organizations that do understand the potential negative impacts on brand and reputation should they not take it seriously.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy