.jpg?width=200&height=78&name=CH%20Diligence%20(thicker%20line).jpg "CH Diligence (thicker line)")
The target: The National Bank of Blacksburg
The take: $2.4 million
The attack vector: The attack began with a phishing email which let the hackers install malware on the compromised computer. This move let them disable and alter anti-theft and anti-fraud measures such as PIN’s, withdrawal limits, daily debit card usage limits and fraud score protections. Through their now unrestricted access to the bank’s internal account manager software, Navigator, the attackers modified or removed critical security controls. They then accessed hundreds of customer accounts to steal funds over a period of two days.
This incident highlights the profound impact one compromised system can have in the context of an organization’s overall security posture, and underscores the old adage – ‘a chain is only as strong as its weakest link’. While network and server-level protections are essential, firm must ensure that endpoint controls and user training are up to snuff.
Cision: Mr. Dronamraju will oversee the bank's global strategy for cyber security. Reporting to both Larry Zelvin, Head Financial Crimes, and Ken Librot, U.S. Chief Technology and Operations Officer, Mr. Dronamraju will have offices in Toronto and Chicago, with teams located in North America, Asia and Europe.
Coin Telegraph: A 19-year old man has been indicted for identity theft as part of an alleged $1+ million cryptocurrency heist affecting at least 75 victims in the United States.
Reuters: Russia will carry out tests on Monday on the reliability of its domestic internet infrastructure in the event that the country is disconnected from the worldwide web, the communications ministry said.
CTV: Hackers may have obtained the personal data of 15 million LifeLabs customers after a systems breach, and this includes addresses, passwords, birthdays, health card numbers and even lab results.
ZDNet: Awareness and management of cybersecurity risk is improving in Australia's financial market, said the Australian Securities and Investments Commission (ASIC), but there is still room for improvement across the entire sector.
Cyberscoop: LogMeIn, the Boston-based software company that owns password manager LastPass, said it will sell itself to two private equity companies as part of a cash deal valuing LogMeIn at roughly $4.3 billion.
The Guardian: Russian agents have been accused of worldwide hacking operations, but someone at the Kremlin has apparently forgotten to inform Vladimir Putin of the importance of cyber-security.
The target: A Chinese Venture Capital firm.
The take: $1 million.
The attack vector: The “man-in-the-middle” attack occurred when the Venture Capital firm transferred funds to an Israeli start-up company. The breach began with the threat actor creating two lookalike domains, both mirroring the VC firm and the Startup firm, but with an extra “s” at the end of the address. They then sent two emails, both posing as the VC firm’s CEO and as the start-up’s CEO, tricking both parties into sending sensitive banking information which the attacker then modified to hijack the money.
This coordinated attack highlights the critical need for human vigilance and the implementation of robust controls. Scrupulous validation of transactions where assets – funds or sensitive information - are being transferred is central to effective protection.
ZDNet: A mysterious new phishing campaign is targeting government departments and related business services around the world in cyber attacks which aim to steal the login credentials from the victims.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montréal
1080 Côte du Beaver Hall, Suite 904
Montréal, QC
Canada, H2Z 1S8
+1-450-465-8880
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy