Industry News: ESG5

The target: Cabarrus County, a district of North Carolina in the United States

The take: $1.7 million dollars

The attack vector: A BEC, or Business Email Compromise. The attackers posed as one of the county’s contractors and requested their bank account be updated in time for the next payment. They spoofed legitimate documents including an electronic funds transfer form (EFT) and signed bank documentation. After receiving the bogus documents, Cabarrus County staff changed the vendor’s account to this new, fake one and continued with their scheduled payments.

This attack highlights the importance of security awareness campaigns that test and train employee’s abilities to spot and report suspicious emails. Additionally, controls should be in place wherever payments are processed to ensure that any requests to change payment instructions are reviewed and validated outside of an e-mail correspondence string.

Read more...

2020-01-09

Yahoo Finance: International crime fighting agency Interpol has taken action to stem a plague of cryptocurrency mining malware afflicting computer routers across Asia.

Read more...

2020-01-08

Mirror: Some of the UK's biggest high street banks have been hit by a cyber attack on Travelex - with Royal Bank of Scotland, HSBC and Barclays among those left with no online travel money services.

Read more...

2020-01-06

Law.com: The question gets asked quite frequently in regulatory circles: “Will the New York State Department of Financial Services bring an enforcement action under its cybersecurity regulation, and if so, when?” The probable answers are “yes” and “soon.”

Read more...

2020-01-06

Reuters: Insight Partners in April participated in a $65 million funding round for Armis that brought the company’s total funding to $112 million. That round was led by Sequoia Capital.

Read more

2020-01-06

City A.M.: A British intelligence agency contacted the London Stock Exchange (LSE) in the past two months to request additional information about the outage on 16 August, the Wall Street Journal reported.

Read more...

2020-01-06

Computer Weekly: Ciaran Martin, CEO of the UK’s National Cyber Security Centre (NCSC), is to step down later in 2020 after nearly seven years in charge of the government’s cyber security efforts.

Read more...

2020-01-04

Department of Financial Services: There is currently a heightened risk of cyber attacks from hackers affiliated with the Iranian government. The Iranian government has vowed to retaliate against the United States for the death of Qassem Soleimani.  Given Iranian capabilities and history, U.S. entities should prepare for the possibility of cyber attacks. 

Read more...

The target: Wyze, a Seattle-based smart home device maker.

The take: Email addresses, IP addresses, WiFi SSID’s and device information of 2.4 million customers.

The attack vector: During the deployment of a new database, a mistake by an employee removed all of the security protocols governing the system, thus exposing the information. In total, two exposed Elasticsearch databases and one MySQL production database were freely accessible and the attackers were then able to access and download the leaked information.

Deployment of new technology is a potentially critical point of vulnerability. Any changes intended for the production environment should be tested in a private staging environment and audited/tested wherever possible to avoid introducing gaps into a firm’s security posture.

Read more...

2020-01-03

Bitcoin.com: An investigation launched on the request of a French startup has led to the indictment of a 37-year-old entrepreneur accused of stealing 182 BTC from the company he cofounded. Embezzlement of money is one the charges brought against him by the public prosecutor’s office in Paris.

Read more...