.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Service New South Wales, an Australian government agency.
The take: 3.8 million combined records from a total of 186,000 customers. Data stolen included: names, home addresses, scans of handwritten notes, applications forms, and records of transactions.
The attack vector: Attackers gained access to NSW’s systems through a targeted phishing attack against an employee. These credentials were compromised when the employee clicked on a suspicious link, leading to unauthorized access of 47 Service NSW staff member’s email accounts.
The highly sensitive information stolen presents a clear risk of identity theft and further scams against the affected customers. Training and teaching around phishing attacks are of critical importance for every firm. Knowing how to recognize an attack and what to do are key takeaways from this incident.
NBC: Warren County in North Carolina has only three full-time staff members, and none of them are computer specialists. That could matter in a year in which foreign governments are eyeing ways to disrupt the November election.
infosecurity: Yet another cryptocurrency exchange has been hit by a major cyber-attack, this time leading to the loss of over $5m from customers’ hot wallets. Slovakian firm ETERBASE, which describes itself as “Europe’s premier digital asset exchange,” revealed yesterday that around $5.4m was stolen.
Private Bank International: One in five investors globally has been a victim of financial fraud over the past three years, according to our 2020 Banking and Payments Survey. By contrast, the fraud rate is notably lower among non-investors at just over one in 10 (11%). At least to some extent, this can be attributed to lower financial product holdings and engagement and, as such, lower exposure to risk. At any rate, this suggests that wealth managers have to up their game.
Mergers & Acquisitions: The Covid-19 pandemic has spawned a perfect confluence of events that created an optimal striking ground for hackers. At Aon, a global professional services firm headquartered in London, in the U.K., we have seen cyberaattacks increase by 33% during lockdown. Hackers are preying on isolated work forces during a time when IT resources are stretched and many staff are furloughed.
ZDNet: Newcastle University has been hit by a cyberattack that it says will take weeks to fix – and while the institution hasn't confirmed the nature of the incident, a ransomware gang is threatening online to leak the personal data of students.
Financial Times: Advisers have been warned of a scam email purporting to be from the regulator, asking them to complete a survey on its conduct rules and the effect coronavirus is having on their business.
Schroders: New research suggests online fraudsters are boosting their attacks at an alarming pace, and it’s thought multimillion dollar ransoms could be at stake.
The target: View Media, an online marketing and research company.
The take: 39 million user records containing sensitive Personally Identifiable Information such as: first and last names, zip codes, emails, and phone numbers.
The attack vector: View Media failed to secure an Amazon S3 storage bucket with any kind of credential management or authorization. The database housing this information was publicly accessible by anyone with an internet connection.
The personal information stored here is a perfect platform for scammers to launch a wide variety of phishing attacks from multiple angles including: email attacks, SMS text attacks (also known as smishing), and robo-call attacks via a phone number. The data found here can be used by hackers to build a robust target profile for their scamming campaigns, further highlighting the critical need for rigorous data storage practices and credential implementation.
ABC: Foreign government cyber-attacks on Australia have increased further since June, when Prime Minister Scott Morrison revealed Australian organisations were under sustained digital assault.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy