Expert(s):
Security Awareness Advocatefeature_status*/ ?>
KnowBe4

Comments Dotted : 181
March 19, 2021

RAT Targets US Taxpayers – Experts Insight
In 2017, the NotPetya attack was spread as a result of Ukrainian accounting software being infected. 

As tax season approaches, criminals know that it is a ripe opportunity to take advantage of organisations of all sizes looking to submit their tax filings. 

 

This is not a new avenue, but it is increasing in popularity. In 2017, the NotPetya attack was spread as a result of Ukrainian accounting software being infected. 

 

It's a good reminder that organisations need to invest in effective security measures to prevent these attacks from being successful. These include the likes of endpoint

.....Read More

As tax season approaches, criminals know that it is a ripe opportunity to take advantage of organisations of all sizes looking to submit their tax filings. 

 

This is not a new avenue, but it is increasing in popularity. In 2017, the NotPetya attack was spread as a result of Ukrainian accounting software being infected. 

 

It's a good reminder that organisations need to invest in effective security measures to prevent these attacks from being successful. These include the likes of endpoint protection, monitoring controls, good credential management including multi-factor authentication, as well as providing adequate security awareness and training to staff. This is particularly important with relation to staff that are responsible for accounts or any financial responsibilities to be vigilant against malware and social engineering attacks.

  Read Less
March 10, 2021

Experts On West Ham Utd Website Leaks Users’ Data
The leak at West Ham Utd is likely down to an internal error or misconfiguration, which is an easy enough error to make.

All organisations of all sizes and in all verticals need to foster a culture of cyber security so that all aspects of security and design are taken into account. The leak at West Ham Utd is likely down to an internal error or misconfiguration, which is an easy enough error to make. This is why it's important to have in place the proper security controls, particularly where customer data is concerned so that there can be assurance that the data is being handled correctly.

February 10, 2021

Expert Reaction On Cyberpunk 2077 Studio Falls Victim To Ransomware Attack
The fact that the ransom note was addressed to them shows it was a targeted attack.

We've seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim's organisation, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.


In many cases, these criminals go undetected in victim organisations for many months at a time.


So, it's important that organisations have the right controls in place to prevent these attacks from being successful in the first place and have

.....Read More

We've seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim's organisation, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.


In many cases, these criminals go undetected in victim organisations for many months at a time.


So, it's important that organisations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.

 

The ransom demands are interesting because the criminals know that the organisation can likely recover from backups. In this case, the ransomware itself isn't the issue - it's more of a statement to signal that they have breached the organisation. The fact that the ransom note was addressed to them shows it was a targeted attack.


While ransomware itself can cause issues and not everything may be backed up, the real demand for payment is in exchange for the criminals not leaking the information they've stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data.

  Read Less
February 05, 2021

Expert Response On News That Israeli Hackers Breach KKK-affiliated Website
We cannot overlook the fact that it was an unauthorised and illegal hack and therefore cannot condone it. 

While many people will applaud the takedown of fascist or extremist groups of any kind and exposing its members. We cannot overlook the fact that it was an unauthorised and illegal hack and therefore cannot condone it. 

 

Additionally, whenever anyone's personal information is leaked, it can lead to real-world consequences - and in the case of mistaken identity, could lead to innocent people being harassed or worse.

February 03, 2021

Experts Reaction On Hackers Steal Foxtons Customer Data
Criminals will often try to scam impacted users, adding further insult to injury.

Criminals are continually evolving their methods and ways in which they can extort victims or cause embarrassment. Anyone can publish details on the dark web claiming it comes from a breach, but people should be careful before jumping to conclusions. 

 

However, if someone suspects their details could have been exposed in any breach, they should ensure that any passwords that may have been compromised are changed, not only on the impacted service but also on any other sites which may have used

.....Read More

Criminals are continually evolving their methods and ways in which they can extort victims or cause embarrassment. Anyone can publish details on the dark web claiming it comes from a breach, but people should be careful before jumping to conclusions. 

 

However, if someone suspects their details could have been exposed in any breach, they should ensure that any passwords that may have been compromised are changed, not only on the impacted service but also on any other sites which may have used the same credentials. Similarly, people can set up credit monitoring, and be wary of any unsolicited emails or calls they may receive regarding the breach, or claiming to be from the company. Criminals will often try to scam impacted users, adding further insult to injury.

  Read Less
February 03, 2021

Expert Advice After SMS Bandits Leader Arrested For Large-Scale Phishing Scams
It's vital that people are made aware of these scams and remain vigilant about them. 

SMS phishing, or Smishing has been gaining popularity as a phishing channel to target unsuspecting victims. With the right software, it can be almost as easy to send mass smishing messages as it can be to send email phishes. 

 

People receiving links via SMS are often less suspicious when compared to links in emails, and have fewer tools available on their phone to easily validate the authenticity of a message. Therefore, it's vital that people are made aware of these scams and remain vigilant

.....Read More

SMS phishing, or Smishing has been gaining popularity as a phishing channel to target unsuspecting victims. With the right software, it can be almost as easy to send mass smishing messages as it can be to send email phishes. 

 

People receiving links via SMS are often less suspicious when compared to links in emails, and have fewer tools available on their phone to easily validate the authenticity of a message. Therefore, it's vital that people are made aware of these scams and remain vigilant about them. 

 

Organisations also need to be mindful of how they communicate with their customers and if they do use SMS, to not include links. Rather, invite people to navigate to their site directly. 

 

It's great to hear the suspect behind SMS Bandits has been apprehended, but Smishing is here to stay, and will only increase in frequency and sophistication over time.

  Read Less
February 01, 2021

UK Research And Innovation Suffers Ransomware Attack
Ensure the right controls are in place throughout the layers so that it is possible to quickly detect where any data may be exfiltrated.

We've seen an increase in attacks against government departments and local councils over the last year, with many cases of ransomware. In all these cases, the affected parties have only been aware of the incident once ransomware has been deployed and have been unable to confirm if any data was exfiltrated prior to ransomware. 

 

Ransomware attacks are not going to slow down any time soon, especially since the majority of attacks are successful through social engineering such as phishing

.....Read More

We've seen an increase in attacks against government departments and local councils over the last year, with many cases of ransomware. In all these cases, the affected parties have only been aware of the incident once ransomware has been deployed and have been unable to confirm if any data was exfiltrated prior to ransomware. 

 

Ransomware attacks are not going to slow down any time soon, especially since the majority of attacks are successful through social engineering such as phishing attacks. It is therefore imperative that the Government invests not just in cybersecurity controls, but cultivate a culture of cybersecurity. This way, not only can it reduce the likelihood of an attack being successful, but ensure the right controls are in place throughout the layers so that it is possible to quickly detect where any data may be exfiltrated or where criminals have accessed corporate resources.

  Read Less
January 29, 2021

Experts Insight On New Cybercrime Tool Can Build Phishing Pages In Real-Time
Organisations also need to have monitoring and threat detection controls in place.

This new attack shows how invested criminals are in phishing attacks. With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate. 

 

While technical controls can help to block some of these, they won't be successful all of the time. Which is why it's important to educate and train users to be able to identify and report any suspicious emails or websites. Organisations also need to have monitoring and threat detection controls

.....Read More

This new attack shows how invested criminals are in phishing attacks. With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate. 

 

While technical controls can help to block some of these, they won't be successful all of the time. Which is why it's important to educate and train users to be able to identify and report any suspicious emails or websites. Organisations also need to have monitoring and threat detection controls in place so that if an attack is successful, then it can be detected and responded to in a timely manner before it becomes a full-blown incident.

  Read Less
January 27, 2021

Experts Reaction On Hackers Can Access Your Phone Number From Facebook
It's also worth remembering that SMS is used by many online services to send an authentication code to log onto accounts.

We often hear of breaches and incidents where some information is stolen, but often the focus is on financial information. However, phone numbers are an increasingly important part of users' identities, not just as a way to link people to numbers, but also they create a new avenue of attack with SMS phishing (Smishing) attacks.

 

It's also worth remembering that SMS is used by many online services to send an authentication code to log onto accounts. If the number for an individual is known, it

.....Read More

We often hear of breaches and incidents where some information is stolen, but often the focus is on financial information. However, phone numbers are an increasingly important part of users' identities, not just as a way to link people to numbers, but also they create a new avenue of attack with SMS phishing (Smishing) attacks.

 

It's also worth remembering that SMS is used by many online services to send an authentication code to log onto accounts. If the number for an individual is known, it can open them up to attacks including SIM Swapping whereby the number can be taken over and messages intercepted.

  Read Less
January 27, 2021

Expert Commentary: Phishing Attack Impersonates UK NHS To Obtain Sensitive Consumer Data
The pandemic has provided ample opportunities for criminals.

Whenever there is a newsworthy incident or event, criminals are quick to jump on the bandwagon with phishing scams and attacks to try and obtain personal details, compromise organisations, or steal money.

 

The pandemic has provided ample opportunities for criminals who have been adapting their techniques over the last year with phishing attacks claiming to originate from health organisations like the WHO, or playing on peoples financial difficulties with emails which claim to be from HMRC.

 

Wi

.....Read More

Whenever there is a newsworthy incident or event, criminals are quick to jump on the bandwagon with phishing scams and attacks to try and obtain personal details, compromise organisations, or steal money.

 

The pandemic has provided ample opportunities for criminals who have been adapting their techniques over the last year with phishing attacks claiming to originate from health organisations like the WHO, or playing on peoples financial difficulties with emails which claim to be from HMRC.

 

With the vaccine rollout in progress, it's no surprise that the criminals have shifted to try and scam people through fake vaccine registration pages.

 

It's therefore important that people remain vigilant at these times as to which links they click on and where they share any personal information. When in doubt, they should contact their dr or healthcare provider through tried and trusted channels and not give any information to unknown websites, text messages, or phone calls.

  Read Less