Expert(s):
Principal Solutions Architect feature_status*/ ?>
Webroot

Comments Dotted : 13
January 26, 2021

Expert Reaction On Research That 250% Jump In Phishing Sites
It is important to keep your credentials safe, use strong passwords, and be aware of phishing attacks trying to fool you into providing your details.

Remember that your online gaming accounts are a hot target for hackers for several reasons. Cybercriminals are able to extract funds that you may have paid in, or sell items you have purchased in your games, but they can also use your account for theft via a stored credit card and also for money laundering – purchasing in-game currency using one stolen account and then transferring it to another compromised account to try and cover their tracks from law enforcement. For these reasons, it is

.....Read More

Remember that your online gaming accounts are a hot target for hackers for several reasons. Cybercriminals are able to extract funds that you may have paid in, or sell items you have purchased in your games, but they can also use your account for theft via a stored credit card and also for money laundering – purchasing in-game currency using one stolen account and then transferring it to another compromised account to try and cover their tracks from law enforcement. For these reasons, it is important to keep your credentials safe, use strong passwords, and be aware of phishing attacks trying to fool you into providing your details.

 

Might this data be useful for your reporting? I’m happy to set up a call with Webroot threat analysts or take any written questions you may have. Experts can also provide advice for combatting threats specific to gaming such as credential stuffing – utilizing username and password combinations purchased on the Dark Web to access gaming services.

  Read Less
October 01, 2020

Experts Comments On Kylie’s Cosmetics Security Incident
It is important to have the proper policies, access controls, monitoring, and response plans in place.
As Shopify has now learned the hard way, insider threats are real, and it is crucial that all organisations assess and mitigate the risk of internal agents going ‘rogue’. In this case, it should not have been possible for these support agents to extract such large volumes of data from the Shopify platform. It is important to have the proper policies, access controls, monitoring, and response plans in place to prevent and mitigate against this type of threat. Also, investing properly in.....Read More
As Shopify has now learned the hard way, insider threats are real, and it is crucial that all organisations assess and mitigate the risk of internal agents going ‘rogue’. In this case, it should not have been possible for these support agents to extract such large volumes of data from the Shopify platform. It is important to have the proper policies, access controls, monitoring, and response plans in place to prevent and mitigate against this type of threat. Also, investing properly in your team, including delivering security awareness training and other personal development, should help to reduce the chances of them going ‘rogue’.  Read Less
September 17, 2020

NCSC warns of ransomware attacks against UK universities – experts reaction
Educational institutions need to ensure they are not the low hanging fruit that makes easy pickings for cybercriminals.
It’s unsurprising that education institutions continue to be targets for cybercriminals, especially considering they can be large sprawling organisations that are hard to administer and secure. Balancing resources between their mission of educating their students and the need for cybersecurity is an ongoing challenge. For cybercriminals, now is the perfect time to cause disruption as students start the term. In order to limit the impact of these attacks, the NCSC has done the right thing by .....Read More
It’s unsurprising that education institutions continue to be targets for cybercriminals, especially considering they can be large sprawling organisations that are hard to administer and secure. Balancing resources between their mission of educating their students and the need for cybersecurity is an ongoing challenge. For cybercriminals, now is the perfect time to cause disruption as students start the term. In order to limit the impact of these attacks, the NCSC has done the right thing by sending out a warning to these organisations and encouraging them to take action. As the education sector is a huge pool of sensitive data, we recommend all institutions plan for cyber resilience to protect their IT infrastructure and data regardless of the recent increase in risk. Often, precious data is sat on individual students’ laptops/desktops as well as institutional servers, so monitoring of access related to personal devices and the massive challenge of stolen credentials can pose real difficulties for IT departments, along with the backing up of this data. Cloud-hosted solutions can help greatly here if deployed in a good time. Staff training is also essential to defend against phishing attacks and business email compromise. The training materials used need to be updated continuously to reflect the latest threat trends, and regular simulations should be run to ensure that the training has the desired effect. In summary, educational institutions need to ensure they are not the low hanging fruit that makes easy pickings for cybercriminals.  Read Less
September 04, 2020

Hacking of Indian PM Narendra Modi’s Twitter account — Expert Insight
This raises the question of whether platforms are doing enough to keep our information safe.
With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage. Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack.....Read More
With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage. Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack Obama, Jeff Bezos and Elon Musk. This raises the question of whether platforms are doing enough to keep our information safe. The previous Twitter attack was reportedly initiated by the hacker gaining access to the Twitter administrative tool likely through a compromised employee account, and, should this be the same, it again demonstrates how employees and contractors are a weak link with regards to security in an organisation. In order to limit the impact of these attacks, the key focus should be on a strong education programme to improve employee vigilance. From a risk mitigation perspective, as well as awareness training, companies should follow the principle of least privilege (reportedly 1000 twitter employees and contractors previously had ‘God Mode’ access) and they should be sure to invest in sophisticated cybersecurity solutions and services to bolster their cyber resilience.  Read Less
September 04, 2020

Hacking of Indian PM Narendra Modi’s Twitter account — Expert Insight
This raises the question of whether platforms are doing enough to keep our information safe.
With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage. Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack.....Read More
With the increased use of social tools for business communications, social media security is more important than ever. While the benefits of social are clear, there are risks to be wary of. Once hackers gain access to social media accounts, they can cause enormous brand reputation damage. Unfortunately, in this case, the apparent hack followed a larger hack in July, where attackers breached privileged ‘God Mode’ accounts and compromised the accounts of prominent people including Barack Obama, Jeff Bezos and Elon Musk. This raises the question of whether platforms are doing enough to keep our information safe. The previous Twitter attack was reportedly initiated by the hacker gaining access to the Twitter administrative tool likely through a compromised employee account, and, should this be the same, it again demonstrates how employees and contractors are a weak link with regards to security in an organisation. In order to limit the impact of these attacks, the key focus should be on a strong education programme to improve employee vigilance. From a risk mitigation perspective, as well as awareness training, companies should follow the principle of least privilege (reportedly 1000 twitter employees and contractors previously had ‘God Mode’ access) and they should be sure to invest in sophisticated cybersecurity solutions and services to bolster their cyber resilience.  Read Less
August 27, 2020

Expert Insight On New Zealand’s Stock Exchange Hit By Second Cyber Attack
it’s likely attackers facilitated the DDoS style attack through the use of botnets.
This latest attack again highlights the risks posed by threat actors, who can use cyberattacks to try to cripple important financial infrastructure at a national scale. In this case, it’s likely attackers facilitated the DDoS style attack through the use of botnets. The evolution of attack types emitting from botnets has been rapid over recent years and is unlikely to slow down. Financial services platforms are often robustly protected with an array of products and services attempting to.....Read More
This latest attack again highlights the risks posed by threat actors, who can use cyberattacks to try to cripple important financial infrastructure at a national scale. In this case, it’s likely attackers facilitated the DDoS style attack through the use of botnets. The evolution of attack types emitting from botnets has been rapid over recent years and is unlikely to slow down. Financial services platforms are often robustly protected with an array of products and services attempting to prevent attack, penetration and denial of service, but in some situations a massive distributed denial of service attack cannot be immediately prevented or circumvented. These types of attack are also notoriously difficult to trace, so confidently assigning the blame for this may prove difficult, unless there was an associated extortion attempt.  Read Less
August 27, 2020

Expert Insight On New Zealand’s Stock Exchange Hit By Second Cyber Attack
it’s likely attackers facilitated the DDoS style attack through the use of botnets.
This latest attack again highlights the risks posed by threat actors, who can use cyberattacks to try to cripple important financial infrastructure at a national scale. In this case, it’s likely attackers facilitated the DDoS style attack through the use of botnets. The evolution of attack types emitting from botnets has been rapid over recent years and is unlikely to slow down. Financial services platforms are often robustly protected with an array of products and services attempting to.....Read More
This latest attack again highlights the risks posed by threat actors, who can use cyberattacks to try to cripple important financial infrastructure at a national scale. In this case, it’s likely attackers facilitated the DDoS style attack through the use of botnets. The evolution of attack types emitting from botnets has been rapid over recent years and is unlikely to slow down. Financial services platforms are often robustly protected with an array of products and services attempting to prevent attack, penetration and denial of service, but in some situations a massive distributed denial of service attack cannot be immediately prevented or circumvented. These types of attack are also notoriously difficult to trace, so confidently assigning the blame for this may prove difficult, unless there was an associated extortion attempt.  Read Less
August 17, 2020

Cyber Expert On Amazon Alexa Security Flaw
The growing demand for these devices requires that manufacturers focus on their security and privacy.
Security in IoT devices such as the Amazon Echo and associated Alexa voice assistant service is an important issue. These devices often have security constraints in terms of their size, cost, limited user interfaces or “always-on” functionality – making them a really attractive target for hackers. Consumers purchasing many of these IoT devices for convenience or novelty are unlikely to be aware of basic security measures and how much of their private data is been consumed by the devices. .....Read More
Security in IoT devices such as the Amazon Echo and associated Alexa voice assistant service is an important issue. These devices often have security constraints in terms of their size, cost, limited user interfaces or “always-on” functionality – making them a really attractive target for hackers. Consumers purchasing many of these IoT devices for convenience or novelty are unlikely to be aware of basic security measures and how much of their private data is been consumed by the devices. By exploiting unpatched vulnerabilities in these devices, hackers can potentially achieve anything from data pilfering, to extortion. The growing demand for these devices requires that manufacturers focus on their security and privacy. IoT manufacturers need to work more closely with cybersecurity professionals to ensure that device security is considered and understood at the design stage – not implemented as an afterthought. There is a need to increase awareness around these issues, and to take a realistic approach to combine strong security with legislative restrictions if we want to ensure that these devices and our information are secured to the highest standards. In this case it is great to see responsible disclosure and vendor patching working together to improve security for millions of users of these devices.  Read Less
July 24, 2020

Experts Insight On Premier League Club Almost Loses £1m to Hackers
Sports companies need to ensure their defenses are watertight both on and off the field of play.
This hack highlights how cybercriminals are increasingly targeting high profile industries with email scams. In this case, it seems a legitimate corporate email account has been broken into and the hacker has impersonated the real owner and attempted to defraud a club or agent into sending money to the attacker. These email scams are becoming increasingly more sophisticated. We’ve witnessed new advanced variants even implementing features such as voice fraud, whereby an accurate deepfake.....Read More
This hack highlights how cybercriminals are increasingly targeting high profile industries with email scams. In this case, it seems a legitimate corporate email account has been broken into and the hacker has impersonated the real owner and attempted to defraud a club or agent into sending money to the attacker. These email scams are becoming increasingly more sophisticated. We’ve witnessed new advanced variants even implementing features such as voice fraud, whereby an accurate deepfake voice is created of a company’s CEO, for example, to try and convince other companies or employees to comply with an urgent financial request. Sports companies need to ensure their defenses are watertight both on and off the field of play. This should involve proper and regular cybersecurity training of all personnel within the company, to ensure that individuals are vigilant in scrutinising the types of emails they receive. It’s crucial that the same quality of training is provided to everyone from the intern to the CEO and members of the board, and this should be underpinned by technology such as email filtering, anti-virus protection, and strong password policies.  Read Less
June 22, 2020

Experts Reaction On Australia Targeted By ‘Sophisticated’ Cyber Attack – By ‘State-based’ Actor
The practice of stealing intellectual property in this way has been going on for a very long time.
The practice of stealing intellectual property in this way has been going on for a very long time. And this highly targeted phishing technique or ‘spear phishing’ is presenting itself as a huge risk to governments and companies across the board. Cybercriminals utilise information from social media profiles, even using advanced technology such as AI to improve the scale and fidelity of threats. This enables them to fine tune phishing emails to look more and more like the real thing, creating .....Read More
The practice of stealing intellectual property in this way has been going on for a very long time. And this highly targeted phishing technique or ‘spear phishing’ is presenting itself as a huge risk to governments and companies across the board. Cybercriminals utilise information from social media profiles, even using advanced technology such as AI to improve the scale and fidelity of threats. This enables them to fine tune phishing emails to look more and more like the real thing, creating targeted, personal emails to trick even the savviest recipient into believing the correspondence is genuine. In order to limit the impact of these attacks, the key focus should be on awareness. Employees need to understand the risks to business, why installing software updates, and clicking links within emails should be done with great care. However, this is not always possible, and enterprises will need to look beyond traditional solutions, investing in proven next generation threat intelligence offerings coupled with email filtering to help remove these lures from inboxes.  Read Less