.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: MIDC, Maharashtra Industrial Development Corporation
The Take: $68,000.00
The Vector: A threat actor gained access to the firm’s CEO’s email account. With the compromised credentials, the attacker sent requests for fund transfers to an external account, to which the employees followed through.
This breach is a stark reminder of not only the importance of credential hygiene and authentication, as well as reminders about access and how attackers will be able to act with all the powers the breached accounts give them, but also for social engineering. These types of attacks exploit our innate desire to do tasks quickly without stopping to consider the nature of the request. At all times, requests for information or monetary payments should be approached with caution and deliberate, thoughtful action.
Business Wire: Enterprises in Singapore and Malaysia have grown so concerned about the dangers of cyberattacks that they are changing the way they make security-related decisions and procure cybersecurity services, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a leading global technology research and advisory firm.
Security Magazine: Uncertainty has become a business standard in 2022, with enterprise leaders feeling cautiously optimistic about their ability to navigate future economic, social and geopolitical uncertainty.
Info Security: A new security framework for the UK’s telecommunications industry is set to come into effect in October, making the UK’s telecoms security regulations among the strongest in the world.
JDSupra: On August 29, 2022, Ellington Management Group, LLC reported a data breach with the Montana Attorney General after the company learned that an unauthorized party had gained access to two employee email accounts.
Commercial Observer: We’ve all done it. You leave your computer with a stranger’s promise to “keep an eye on it” in a café. Your kid messes around on your laptop in your home office. You scroll through Facebook during a tedious Zoom meeting. What’s the harm?
Bleeping Computer: China-based threat actors have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake impersonating an Australian news media outlet.
Forbes: Most forward-thinking corporations understand the benefits of taking a proactive approach to cybersecurity. If investments haven’t been made from the desire to protect customer and client data, it is seemingly being invested in by organizations that do understand the potential negative impacts on brand and reputation should they not take it seriously.
The Target: Workforce Safety & Insurance, North Dakota’s division of workplace safety and worker compensation.
The Take: Exposure of 182 records of Personally Identifiable Information including: emails between claimants and WSI, voice-mails containing information about said claims, and emails between WSI and their business partners.
The Vector: The attacker penetrated Klaviyo’s internal systems by tricking an employee to give up their company credentials through a phishing attack, allowing the threat actor to access systems with all the privileges of the stolen login.
This breach highlights critical need for employee training to protect a firm against phishing attacks. By using the exposed credentials, the attackers were able to act with all the same permissions as the affected employee. The human component of cybersecurity is a very real and important piece of the overall picture of cybersecurity posture. Furthermore, the sensitive information breached can lead to highly targeted spear-phishing attacks as it lends credence.
Business Live: Mid-market private equity firm LDC has sold its minority stake in Nottingham-based managed IT and cyber services provider Littlefish to Bowmark Capital following a three-year partnership.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy