shutterstock_490960141-1

Industry News: ESG5

      Know Your Breach: American Airlines

      The Target: American Airlines, U.S based air travel company.

      The Take: Exposure of Personally Identifiable Information including: employee and customer names, dates of birth, mailing addresses, phone numbers, email addresses, driver license numbers, passport numbers, and certain medical information.

      The Vector: Using a phishing attack, the threat actor compromised an employee’s Office365 account, and acting with all their permissions, exfiltrated the exposed data.

      This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      New Royal Ransomware Emerges In Multi-million Dollar Attacks

      2022-09-29

      Bleeping Computer: A ransomware operation named Royal is quickly ramping up, targeting corporations with ransom demands ranging from $250,000 to over $2 million. 

      Read more...

      Russian Hackers' Lack of Success Against Ukraine Shows That Strong Cyber Defences Work, Says Cybersecurity Chief

      2022-09-29

      ZDNet: Russia has engaged in a sustained, malicious cyber campaign against Ukraine and its allies since the February 24 invasion – but its lack of success shows that it's possible to defend against cyberattacks, even against some of the most sophisticated and persistent attackers, says the UK's cybersecurity chief.

      Read more...

      US Senators Aim to Amend Cybersecurity Bill to Include Crypto

      2022-09-28

      Tech Crunch: As regulators around the world try to provide frameworks for the digital asset industry, two U.S. senators have introduced a bill to help crypto companies report cybersecurity threats.

      Read more...

      More Than 60% of Hackers Can Exfiltrate Data In Less Than Five Hours, Finds Inaugural Hacking Report

      2022-09-28

      Global Newswire: Bishop Fox, the leading authority in offensive security, announced the results of a groundbreaking new survey that explores the minds and methodologies of modern attackers. 

      Read more...

      New European Union Cybersecurity Proposal Takes Aim at Cybercrime

      2022-09-28

      World Economic Forum: Lawmakers are seeking to strengthen cybersecurity requirements across the European Union, advancing new legislation to bolster security requirements for all digital hardware and software products. 

      Read more...

      Optus Hacker Apologizes and Allegedly Deletes All Stolen Data

      2022-09-27

      Bleeping Computer: The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.

      Read more...

      Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market

      2022-09-26

      Dark Reading: Though funding activity this year is somewhat slower than in 2021 and market valuations of cybersecurity firms have taken a hit, mergers and acquisitions activity has remained strong through the year, as has investor interest in the sector.

      Read more...

      Know Your Breach: 2K Games

      The Target: 2K Games, an American video game publisher.

      The Take: Customers were targeted with fake support tickets which contained malicious software in embedded links. 

      The Vector: An employee’s credentials were compromised, allow the attacker full access to the help desk panel, which they then used to contact customers and socially engineer them to click on dangerous URLs.

      This breach is a stark reminder of how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      Adams Street Appoints Chief Technology Officer to Executive Committee

      2022-09-22

      Private Equity Wire: Pando’s strategic technology leadership has helped drive the growth of Adams Street’s global private markets investment platform. She has overseen the build-out of front office investment and CRM systems, as well as back-office operations, reporting, and risk management systems. 

      Read more...

      Malwarebytes Lands a $100M Cash Injection Weeks After Laying Off 125 Employees

      2022-09-21

      TechCrunch: Cybersecurity giant Malwarebytes has announced it has received a $100 million cash injection from Vector Capital, a private equity firm that invests in established technology businesses.

      Read more...

      SentinelOne Launches $100M Fund to Invest in Enterprise Cybersecurity Startups

      2022-09-21

      Yahoo Finance: SentinelOne, an AI endpoint security firm that went public last June, has announced the launch of S Ventures, a $100 million fund to invest in the generation of enterprise cybersecurity startups.

      Read more...

      Crypto Trading Firm Wintermute Hit by $160 Million Hack

      2022-09-20

      Nasdaq: Hackers have stolen digital assets worth around $160 million from cryptocurrency trading firm Wintermute, its CEO tweeted the latest such heist to hit a sector long plagued by cybercrime.

      Read more...

      Cyberattack Costs for US Businesses Up By 80%

      2022-09-19

      Dark Reading: In seven out of eight countries, cyberattacks are now seen as the biggest risk to business — outranking COVID-19, economic turmoil, skills shortages, and other issues.

      Read more...

      Revolut Hack Exposes Data of 50,000 Users, fuels New Phishing Wave

      2022-09-19

      Bleeping Computer: Revolut has suffered a cyberattack that gave an unauthorized third party access to personal information of tens of thousands of clients.

      Read more...

      KnowBe4 Gets $4.22 Billion Go-Private Offer From Vista Equity Partners

      2022-09-19

      U.S. News: Cybersecurity firm KnowBe4 Inc said that Vista Equity Partners had offered to take it private for $4.22 billion in cash, the latest sign of private equity interest in a sector whose valuations have declined in this year's downturn.

      Read more...

      Know Your Breach: Uber

      The Target: Uber, the U.S based app ride service.

      The Take: Exposure of company internal systems and employee information.

      The Vector: A threat actor obtained access to an employee’s user account by convincing them they were part of Uber’s IT team. With the compromised credentials, the attacker accessed all the internal systems the credentials had permissions to view.

      This breach is a stark reminder of the very real threat of social engineering attacks which exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. Training, stop-and-think methodology, and a measured approach to requests of any kind, especially where credentials and access are concerned, can help mitigate the risk.

      Read more...

      Cybersecurity + ESG for the Global Capital Markets

      2022-09-15

      Harvard Law School Forum on Corporate Governance: This policy brief discusses cybersecurity from the corporate governance standpoint and illustrates how Nasdaq can implement cybersecurity into its ESG Reporting Guide, which is used by many public and private companies globally.

      Read more...

      Fidelis Cybersecurity Secures Significant Additional Growth Investment from Runway Growth Capital and Skyview Capital

      2022-09-15

      Private Equity Wire: The investment will provide working capital to enable Fidelis’ continued success in developing cyber solutions that help security teams from top commercial, enterprise, and government agencies worldwide find and stop threats faster and more effectively. 

      Read more...

      Biden Tells Foreign Investment Panel to Screen Deals for Data, Cyber Risks

      2022-09-15

      U.S. News: U.S. President Joe Biden directed the committee that reviews foreign investment for national security risks to sharpen its focus on threats to sensitive data, cyber security and areas such as microelectronics and artificial intelligence.

      Read more...

      EU Wants to Toughen Cybersecurity Rules for Smart Devices

      2022-09-15

      ABC News: The European Union's executive arm proposed new legislation that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards, making the 27-nation bloc less vulnerable to attacks.

      Read more...

      DDoS Attacks on Financial Sector Surge During War in Ukraine, New FCA Data Reveals

      2022-09-14

      Cision: Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, released cyber incident data obtained from the UK's Financial Conduct Authority (FCA). Through a Freedom of Information (FOI) request, Picus can reveal a steep rise in Distributed Denial-of-Service (DDoS) attacks reported to the regulator.

      Read more...

      Chief Financial Officers Ignoring Cyber Risk Worth Millions of Dollars According to Kroll Report

      2022-09-13

      Business Wire: Kroll, the leading independent provider of global risk and financial advisory solutions, announced its report Cyber Risk and CFOs: Over-Confidence is Costly which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.

      Read more...

      New Hedge Fund Managed IT Trends Report Shows Industry Shift in IT Outsourcing and AI-Driven Services

      2022-09-13

      Cision: Agio, a leading cybersecurity and managed IT provider for financial services firms, published its inaugural 2022 Hedge Fund Managed IT Trends Report.

      Read more...

      Know Your Breach: DoorDash

      The Target: DoorDash, a popular food delivery company.

      The Take: Exposure of Personally Identifiable Information belong to customers and employees including: names, customer delivery addresses, phone numbers, and some partial credit card information.

      The Vector: The attackers breached a third-party company that DoorDash works with through a phishing attack. By using the compromised credentials, they were able to move in the vendor’s network freely and then access some of DoorDash’s own internal tools.

      This breach is a stark reminder of the effective of social engineering attacks and how critical authentication controls are in an overall robust cybersecurity posture. Enforcing multi-factor authentication, reasonably paced password resets, and regular social engineering and phishing awareness training are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.

      Read more...

      Darktrace's Share Value Plummets as Thoma Bravo Buyout Falls Through

      2022-09-08

      Info Security: In a statement to the London Stock Exchange (LSE), Darktrace said "discussions with Thoma Bravo have terminated,” putting an end to the £6bn ($6.9m) deal that could have been one of the most significant M&A of 2022.

      Read more...

      EU Proposes Tougher Cybersecurity for 'Internet of Things' Products

      2022-09-07

      PYMNTS: A proposed European Union bill will fine makers of “internet of things” (IOT) products if they don’t meet stringent rules aimed at cutting down on cyberattacks, the Financial Times (FT) wrote.

      Read more...

      Drawbridge Secures Strategic Growth Investment from Francisco Partners

      2022-09-07

      Private Equity Wire: Drawbridge, a provider of cybersecurity software and solutions to the financial services industry, has secured a strategic growth investment from Francisco Partners, a global investment firm that specialises in partnering with technology businesses.

      Read more...

      A Hacker Says They Breached TikTok and Accessed Personal Data, Including PayPal Information, from More Than 1 Billion Users. TikTok Says a Breach Never Happened.

      2022-09-06

      Yahoo Finance: The hacker, who goes by the name AgainstTheWest, says they gained access to the personal information of more than 1 billion TikTok users, including users' PayPal information.

      Read more...

      World Heading Towards a ‘Perfect’ Cybercrime Storm, Cybersecurity Experts Warn

      2022-09-06

      City A.M: NCC chief executive Mike Maddison said the digitisation agenda on the back of the global pandemic has created new opportunities for hackers in opening up new ways to infiltrate and take advantage of companies.

      Read more...

      Lombard Odier Says ‘Shocking’ Cyber Risks Trigger ESG Rethink

      2022-09-06

      BNN Bloomberg: Lombard Odier Investment Managers said the “shocking” results of an analysis into cybersecurity risks lurking in portfolio companies have led it to apply ESG processes far more broadly to protect its funds from losses.

      Read more...

      This Overlooked Cybersecurity Risk Could Create an Ocean of Trouble for Us All

      2022-09-06

      ZDNet: One of the key components of global trade is also one of the most vulnerable to cybersecurity threats – and if such an attack was successful, it would cause huge disruption with knock-on effects for people around the world.

      Read more...

      Know Your Breach: MIDC

      The Target: MIDC, Maharashtra Industrial Development Corporation

      The Take: $68,000.00

      The Vector: A threat actor gained access to the firm’s CEO’s email account. With the compromised credentials, the attacker sent requests for fund transfers to an external account, to which the employees followed through.

      This breach is a stark reminder of not only the importance of credential hygiene and authentication, as well as reminders about access and how attackers will be able to act with all the powers the breached accounts give them, but also for social engineering. These types of attacks exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. At all times, requests for information or monetary payments should be approached with caution and deliberate, thoughtful action.

      Read more...

      Cybersecurity Worries Draw C-Level Attention in Asia

      2022-08-31

      Business Wire: Enterprises in Singapore and Malaysia have grown so concerned about the dangers of cyberattacks that they are changing the way they make security-related decisions and procure cybersecurity services, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm.

      Read more...

      Cybersecurity Ranked Most Serious Enterprise Risk in 2022

      2022-08-31

      Security Magazine: Uncertainty has become a business standard in 2022, with enterprise leaders feeling cautiously optimistic about their ability to navigate future economic, social and geopolitical uncertainty.

      Read more...

      UK Imposes Tough New Cybersecurity Rules for Telecom Providers

      2022-08-31

      Info Security: A new security framework for the UK’s telecommunications industry is set to come into effect in October, making the UK’s telecoms security regulations among the strongest in the world.

      Read more...

      Ellington Management Group, LLC Announces Data Breach Related to Compromised Employee Email Accounts

      2022-08-31

      JDSupra: On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts.

      Read more...

      Remote Work Drives Cybersecurity Changes at Nervous Companies

      2022-08-30

      Commercial Observer: We’ve all done it. You leave your computer with a stranger’s promise to “keep an eye on it” in a café. Your kid messes around on your laptop in your home office. You scroll through Facebook during a tedious Zoom meeting. What’s the harm?

      Read more...

      Chinese Hackers Target Australian Govt with ScanBox Malware

      2022-08-30

      Bleeping Computer: China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.

      Read more...

      How the Newly Imposed SEC Cybersecurity Rules Impact Private Funds and Investors

      2022-08-29

      Forbes: Most forward-thinking corporations understand the benefits of taking a proactive approach to cybersecurity. If investments haven’t been made from the desire to protect customer and client data, it is seemingly being invested in by organizations that do understand the potential negative impacts on brand and reputation should they not take it seriously.

      Read more...

      About Castle Hall Diligence

      Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →

      Subscribe to Cyber Updates