.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Dark Reading: More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020.
The target: Accellion, a U.S based cloud service vendor providing secure file transfer applications for enterprise use.
The take: A variety of datasets including personally identifying information and proprietary data for an estimated 300 clients, including The Australian Securities and Investments Commission, The Reserve Bank of New Zealand, Harvard Business School, Singtel (a Singapore-based telcom conglomerate), and the QIMR Berghofer Medical Research Institute.
The attack vector: Hackers breached the firm’s legacy File Transfer Application software by taking advantage of a zero-day vulnerability in a legacy software product – a point of weakness identified and exploited by a threat actor before the developer was made aware of it and was able to produce a patch.
This supply-chain attack against a platform which was near retirement highlights the danger of relying on end-of-life, legacy software products. Firms should be proactive in moving to current-generation software solutions - Accellion have reportedly “encouraged all FTA customers to migrate to Kiteworks [their current generation offering] for the last three years”.
Professional Pensions: The levels of cyber security are not consistent among UK pension schemes, according to research by Aon. The firm's Cyber Threats to Corporate Pension Schemes survey revealed a mixed state of cyber security, finding three in five schemes have a cyber strategy.
Help Net Security: Thanks to cyberattacks making regular headlines in the news, it’s no secret that massive data breaches are a significant threat to organizations. However, a report from F-Secure highlights the rarely-discussed impact these attacks can have on people and families using online services.
Reuters: Israeli cybersecurity company CYE said on Wednesday it had raised $100 million from Swedish private equity firm EQT and London-based venture capital firm 83North as it looks to expand in European and North American markets.
WSJ: Late last year, more than 100 financial-services companies across the world received threats from a group of hackers who claimed destructive attacks would follow unless large payments were made.
BNN Bloomberg: The U.K. government’s antitrust regulator was hit by 150 personal data breaches in the last two years, as hackers targeted its trove of sensitive business information.
Businesswire: Newtown Lane Marketing, Incorporated and Appgate (the “Company”), an industry leading secure access company, today announced that they have entered into a definitive merger agreement. Upon consummation of the transaction, Appgate will become a public company with significant financial resources to accelerate growth, scale, and go-to-market strategies.
BNN Bloomberg: More than 100 banks, exchanges, insurers and other financial firms worldwide were targets of the same type of cyberattack that crippled the New Zealand Stock Exchange in August, though they didn’t suffer the same extent of damage.
The target: UScelluar, the fourth largest mobile network operator in the United States.
The take: Customer records of personally identifiable information including: names, addresses, account names and PIN codes, telephone numbers, information on their phone service plans, and the ability to alter the phone number on accounts which receive two-factor authentication texts.
The attack vector: The attackers tricked retail employees into downloading malicious software which contained a RAT (remote access tool), allowing the threat actors to access the computer systems remotely. As the employees were already logged into the CRM (customer retail management) software, the hackers were able to move freely within the systems using an employee’s credentials.
Social engineering is a widely used tactic by attackers to exploit our innate desire to be helpful in a quick manner without thinking through the consequences. The employee’s mistake, innocent or not, of clicking on an unverified link granted the attacker the ability to install a Remote Access Tool and navigate through the company’s systems under legitimate credentials. Continuous employee education around suspicious links, and the social engineering tactics they’re paired with, are critical components of a firm’s robust cybersecurity posture.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy