UK consumers have grown increasingly wary of cybercrime, particularly online scams, since lockdown was introduced in March, according to ITProPortal. Results from a new report by Ipsos MORI show that almost a quarter of UK consumers are afraid of buying counterfeit goods online, while more than half fear account breaches and malware (58 and 57 percent, respectively). However, confidence in the government’s ability to protect its citizens from cybercrime is relatively high, with more than half of consumers trusting the public sector to handle their data.
ISBuzz Team
Carnival Corporation, largest cruise operator in the world with over 150,000 employees and 13 million guests annually, has been hit with a ransonware attack expsoing data of customers and employees. Cybersecurity experts reacted below. https://twitter.com/Reuters/status/1295535917361496064
A series of cyberattacks targeting the Canada Revenue Agency has led to a shutdown of services after thousands of accounts were breached. The attack follows two recent trends: Cybercriminals across the world are increasingly targeting government institutions to maximise disruption. Usernames and passwords continue to be an inefficient and failing defense mechanism for protecting accounts. With the proliferation of stolen PII (Personally identifiable information) for sale on the dark web, cybercriminals can fraudulently hack into accounts with relative ease and access government services.
Cybersecurity expert provide an insight below on IcedID banking trojan and why it is an interesting malware.
Among the wide range of reasons that cause cybersecurity incidents, inappropriate use of IT resources by employees remains a challenge for businesses. In 2019, half (52% enterprise, 50% SMBs) of companies faced a data breach because of this, as revealed in a Kaspersky survey of IT decision makers. Quite surprisingly, companies experienced this almost as often as their devices being infected with malicious software. This shows that businesses need to explain to their employees how to recognise ‘dangerous’ situations and ensure they know how to react appropriately. Security awareness training programs are designed to teach important cybersecurity hygiene. To make sure courses deliver…
Cybersecurity expert provide an insight on the the news that a flaw in Amazon’s Alexa smart home devices could have allowed hackers access personal information and conversation history. More Information on the News: https://www.bbc.co.uk/news/technology-53770778
The NCSC announcement that in just four months, it has removed over 300,000 URLs linking to investment scams with fake celebrity endorsements.
Scammers are tricking the world’s most famous hotels customer to give up their credit card details. Ritz London posted several tweets on the discovery of an apparent breach of its food and beverage reservation system that “may have compromised some of our clients’ personal data,” and are now investigating the matter. The cybersecurity experts commented below on the danger of scam and what are the best strategies to overcome such attacks. https://twitter.com/wandfmagazine/status/1295309432113582082
The Securonix Threat Research Team is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that has reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies. Here are the key details regarding the impact of the high-profile WastedLocker ransomware attacks/EviICorp malicious cyber threat actor(s)(MTA) involved: The WastedLocker ransomware is a relatively new malicious payload used by the high-profile EvilCorp MTA, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organisations and enterprises in Europe and the United States. This MTA currently focuses on targeted °big game hunting” (BGH) ransomware attacks with multiple industry victims in recent months, with Garmin as one of the latest high-profile victims attacked (officially confirmed by Garmin on July 27). The most recent ransom amount demanded was $10 million, and appears to be based on the victim’s financial data. Based on the available details, the ransom was likely paid. To date, this MTA appears to have been using a mono-extortion scheme (data encryption only, with no or minimal data leakage) vs. other MTAs who use the threat of leaking a victim’s data as part of a double-extortion scheme (e.g. Netwalker, Maze, and others). Following the initial compromise, one of the early steps commonly taken by the malicious operators observed is to perform internal discovery and disable security/AV vendor tools such as Cisco AMP and/or Windows Defender. Here are some of the Securonix recommendations to help prevent and/or mitigate the attack: Review your backup version retention policies and make sure that your backups are stored in a location that cannot be accessed/encrypted by operator placed targeted ransomware, (e.g. consider remote write-only backup locations). Implement an end user security training program, since end users are ransomware targets. It is important for them to be aware of the threat of ransomware and how it occurs. Patch operating systems, software, and firmware on your infrastructure. Consider leveraging a centralised patch management system. Maintain regular air-gapped backups of critical corporate/infrastructure data. Implement security monitoring, particularly for high-value targets (HVT) in your environments, to detect possible malicious ransomware operator placement activities earlier. For your Windows systems, consider enabling and auditing controlled folder access/turn on the protected folders feature.
Yesterday, Twitter launched its API v2, which makes it easier for businesses, academics, and third-party developers to build on its platform. For background, the company announced the new API last month, but as the news arrived the day after it was hit by one of the most devastating hacks in social media history, so Twitter decided to delay the launch. With v2, Twitter is presenting not only as a way to deliver new features faster, but also something of a reset in its long and fractious relationship with the app’s developer community. The API v2 is the first complete rebuild of Twitter’s API…