.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
ZDNet: A threat group has been emailing victims with threats to carry out distributed denial of service (DDoS) attacks unless the organizations pay hefty ransom fees in the Monero (XMR) cryptocurrency.
The target: Crown Bank, a New Jersey based financial institution.
The take: $2 million USD
The attack vector: Cyber criminals impersonated the wife of the CEO using a fake email address and tricked the bank’s employees to transfer funds multiple times. Using fraudulently created signatures of the CEO’s wife attached to PDF files, the attackers convinced bank staff that the requests, and their urgency, were legitimate.
Failure to implement and follow internal validation procedures can have serious consequences, and where an attacker discovers and exploits a weakness, they are likely to attack again until they are discovered. Furthermore, failure to enforce a firm’s security and cash transfer control procedures can invalidate an attempt to recoup damages via an insurance claim.
City Wire: Financial firms and their employees could be doing much more to protect their assets and those of their clients as cybercrime will become one of the biggest risks they face over the next decade, according to cybersecurity expert and former FBI agent Scott Augenbaum.
*Note full article may require free sign-up registration.
Reuters: Britain and the United States joined Georgia on Thursday in blaming Russia for a large-scale cyber attack last year that knocked thousands of Georgian websites offline and disrupted national television broadcasts.
BBC: The data exposed included names, address, and passport numbers for former guests. MGM said it was "confident" no financial information had been exposed. The resort chain said it was unable to say exactly how many people were impacted because information that was exposed might be duplicated.
Plan Adviser: Retirement plan advisers not only have rigorous cybersecurity responsibilities of their own—they also need to proactively help their plan sponsor clients establish airtight cybersecurity firewalls and procedures, industry experts say.
Silicon Angle: The venture capital firm has been a prolific investor in cybersecurity startups. Investments included access control startup Remediant Inc. in August, app security startup NowSecure in June and IoT security provider Mocana Corp. in March. Fund II focus areas include cyber intelligence, privacy, security services and infrastructure protection.
Tech Crunch: Dell Technologies announced that it was selling legacy security firm RSA for $2.075 billion to a consortium of investors led by Symphony Technology Group. Other investors include Ontario Teachers’ Pension Plan Board and AlpInvest Partners.
CityWireSelector: An ETF specialist boutique launched by four former Legal & General Investment Management (LGIM) employees has unveiled two thematic ETFs as it seeks to capitalise on future trends.
The target: The United Nations
The take: 400GB of data including: internal documents and emails, human resource records, database access, commercial information, and Active Directory access.
The attack vector: The threat actors used compromised 42 servers in total when they were able to exploit a known remote code vulnerability in Microsoft Sharepoint. This let the attackers move freely within all of the IT systems. A patch was released a few months prior to the breach, but the U.N’s IT department failed to deploy the patch when it was released, leaving a significant timeframe in which their systems were vulnerable.
This breach highlights the critical importance of maintaining an inventory of internal systems and software, and ensuring those systems are kept up-to-date. Security vulnerabilities can be exploited as soon as they’re identified, underlining the importance of adhering to a regular and frequent patching schedule.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy