Expert(s):
Senior Threat Research Analystfeature_status*/ ?>
Webroot

Comments Dotted : 10
January 28, 2021

Emotet Takedown – What’s Next
To protect against future botnet threats, organisations should ensure they have strong, reputable cybersecurity software.

Botnets have been one of the most common malware deployment methods over the past decade, and Emotet, in particular, has been instrumental in spreading ransomware as a secondary payload, so we welcome the action taken by law enforcement agencies to knock it offline.

 

However, given the distributed nature of Emotet and the legal impunity that its masters have operated with for years, it is doubtful that this operation will end it entirely. However, it will make this huge criminal enterprise

.....Read More

Botnets have been one of the most common malware deployment methods over the past decade, and Emotet, in particular, has been instrumental in spreading ransomware as a secondary payload, so we welcome the action taken by law enforcement agencies to knock it offline.

 

However, given the distributed nature of Emotet and the legal impunity that its masters have operated with for years, it is doubtful that this operation will end it entirely. However, it will make this huge criminal enterprise more complicated and expensive to run and help strengthen the cross-border co-operation desperately needed in the fight against cybercrime.

 

The evolution and volume of attack types emitting from botnets have been significant over recent years, and it's likely we'll continue to see others emerge in the future due to the scale of infection they can achieve and the financial rewards gained from them. The UK's National Crime Agency reported seeing over $10.5M moved by the group behind Emotet over a two-year period on just one Virtual Currency platform. Investigators were able to identify that almost $500,000 had been spent by the group over the same period to maintain its criminal infrastructure, highlighting the size and scale of the operation.

 

To protect against future botnet threats, organisations should ensure they have strong, reputable cybersecurity software in place that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple types of attacks at different stages of the attack cycle. They should also run regular security awareness and phishing simulations to ensure end-users know how to spot suspicious messages and threats.

  Read Less
November 19, 2020

A New Data Reveals Phishing Related To Amazon Is Up 106% Vs. Last Year – Expert Reaction
Cybercriminals are smart, and frequently change their tactics in line with the news agenda.
We often see a rise in online scams targeting consumers and retailers in the last two months of the year, but this seems to be heightened this year amid the increase in online shopping as a result of the pandemic. Cybercriminals are smart, and frequently change their tactics in line with the news agenda. By using a household name such as Amazon, they can target a large volume of individuals in one go. Besides Amazon, we’ve also caught a number of phishing pages selling the iPhone Pro 11......Read More
We often see a rise in online scams targeting consumers and retailers in the last two months of the year, but this seems to be heightened this year amid the increase in online shopping as a result of the pandemic. Cybercriminals are smart, and frequently change their tactics in line with the news agenda. By using a household name such as Amazon, they can target a large volume of individuals in one go. Besides Amazon, we’ve also caught a number of phishing pages selling the iPhone Pro 11. Phishing criminals often try to hijack the hype around a new product launch, and these pages are likely to try and appeal to an audience who are looking for price drops on the 11 model, now that the latest one has come out. Our message to online deal-hunters is that they should remain vigilant in scrutinising the types of emails they receive, and links they click on, as they look for deals related to Black Friday and Christmas. This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies. Businesses should ensure they are backing up data and that backup can be restored, in case a phishing attack on an employee leads to a ransomware infection on the company network. They should also focus on implementing security awareness training for all staff and real-time phishing detection, which are the frontline defenses against these kinds of attacks. We’ve seen that cyber attackers are refusing to show any mercy during this pandemic, and they will continue to exploit it in every possible way.  Read Less
September 22, 2020

Former Australian PM Tony Abbott’s passport details and phone number obtained by hacker
Users need to be aware of where valuable data might lie.
With the increased use of social tools to 'post' about personal life and business communications, social media security is more important than ever. Everyone needs to be cautious about how much personal information they share, and this is an example of there being more information in a photo than might meet the eye. In this case, what was posted was used to access personal details and accounts though the booking reference that was in the image. In order to limit the impact of these types of.....Read More
With the increased use of social tools to 'post' about personal life and business communications, social media security is more important than ever. Everyone needs to be cautious about how much personal information they share, and this is an example of there being more information in a photo than might meet the eye. In this case, what was posted was used to access personal details and accounts though the booking reference that was in the image. In order to limit the impact of these types of activities, users need to be aware of where valuable data might lie. As more people and businesses use social media, cybercriminals are finding more creative attack methods. Beyond this, there are two parties at fault here. Firstly you should never post tickets or identification documents online. There are simply too many ways in which a hacker can use basic OSINT or more complicated techniques to find further information. Secondly, there was clearly an issue with website security here as personal details such as phone or passport numbers should never be available through HTML in this way. In this case, it looks like the hacker in question alerted all parties in a responsible way, and the airline has been able to protect future customers as a result of this breach.  Read Less
July 23, 2020

Experts Reaction On University of York Hit by Serious Data Breach
Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising.
Educational organisations continue to be targeted for cyberattacks. Unfortunately, the sprawling nature of a university – with all their separate faculties and facilities – and the inevitable movement of data between departments makes IT administration and security challenging to implement and maintain. Additionally, universities contain a wealth of valuable intellectual property which can be valuable to hackers, especially those acting on behalf of governments. To mitigate future attacks, .....Read More
Educational organisations continue to be targeted for cyberattacks. Unfortunately, the sprawling nature of a university – with all their separate faculties and facilities – and the inevitable movement of data between departments makes IT administration and security challenging to implement and maintain. Additionally, universities contain a wealth of valuable intellectual property which can be valuable to hackers, especially those acting on behalf of governments. To mitigate future attacks, IT teams must properly audit all machines connected to their networks and the data they hold. Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and sensible password policies. A tricky issue is that precious data is on individual students’ laptops/desktops as well as university servers, and the monitoring of access and the massive benefit of stolen credentials pose real difficulties for the IT departments – a highly tied-down environment doesn’t match with the knowledge sharing culture of universities.  Read Less
July 21, 2020

Comment: England’s COVID-19 Test and Trace Programme ‘breaks GDPR data law’
With apps such as these, uptake will be based on trust.
Given the urgency in rolling out the test and trace programme, it is clearly challenging to balance the importance of public data privacy with the need to track the epidemic accurately to keep people medically safe. This was always going to be difficult given the timeframe, but privacy and security still need to be front of mind when dealing with any personal data. This is especially important with healthcare data, which is at particular risk of cyber-attacks and data breaches as information.....Read More
Given the urgency in rolling out the test and trace programme, it is clearly challenging to balance the importance of public data privacy with the need to track the epidemic accurately to keep people medically safe. This was always going to be difficult given the timeframe, but privacy and security still need to be front of mind when dealing with any personal data. This is especially important with healthcare data, which is at particular risk of cyber-attacks and data breaches as information such as health records is very valuable to criminals. There, therefore, needs to be stringent security controls and processes in place to ensure that individual data is treated extremely sensitively and remains secure. With apps such as these, uptake will be based on trust. The technical details aren't going to be understandable to most UK citizens, but the level of trust they have for their government will be based on the history of their government and all of its intelligence agencies, law enforcement bodies and partners. With several high-profile data breaches have taken place in the healthcare industry recently, the government is particularly under the spotlight with compliance efforts being more carefully scrutinised and recorded than ever before  Read Less
June 12, 2020

Babylon Online GP Service Suffers Data Breach
Companies who hold private information should also ensure they have clearly defined security policies.
Anyone who develops an app that handles sensitive customer data should ask themselves two important questions – is it secure and is it really necessary? We’re seeing that breaches such as these are all too common and anyone looking to save time and money by moving to a digital system should take risks such as these into consideration. Companies who hold private information should also ensure they have clearly defined security policies and procedures to avoid the leak of information. This.....Read More
Anyone who develops an app that handles sensitive customer data should ask themselves two important questions – is it secure and is it really necessary? We’re seeing that breaches such as these are all too common and anyone looking to save time and money by moving to a digital system should take risks such as these into consideration. Companies who hold private information should also ensure they have clearly defined security policies and procedures to avoid the leak of information. This starts with employee education, which underscores all effective cybersecurity and data protection strategies and comprehensive best practice guides are critical to protecting information, especially when holding sensitive data on customers. This is especially important in the healthcare industry which is at particular risk of cyber-attacks and data breaches, as information such as health records is very valuable to criminals. It will always command high prices on the darkweb as it can be used for criminal activities such as fraud, extortion and in the drug trade.  Read Less
May 14, 2020

Interserve Database Hacked: Expert Insight
The biggest concern here is the use of stolen data as a means to enable further attacks.
Unfortunately, health and education sectors are common targets for cybercriminals throughout Covid-19. The inherent weakness in their cybersecurity is one factor, but the value in their data is another. In this case, hospital data can be used in insurance fraud, drug prescription forgery, extortion or as a means to enable future attacks on the service or the individual victims. The sheer size and scope of the healthcare industry and the fact that the public sector uses many contractors and.....Read More
Unfortunately, health and education sectors are common targets for cybercriminals throughout Covid-19. The inherent weakness in their cybersecurity is one factor, but the value in their data is another. In this case, hospital data can be used in insurance fraud, drug prescription forgery, extortion or as a means to enable future attacks on the service or the individual victims. The sheer size and scope of the healthcare industry and the fact that the public sector uses many contractors and outside parties makes it a difficult task to admin and secure. Likewise, in education, we have seen valuable research being a constant target in recent years. Both sectors are particularly vulnerable to ransomware, but the biggest concern here is the use of stolen data as a means to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them and their colleagues. Hence, to mitigate future attacks and build cyber resilience, organisations and individuals need to ensure that adequate defences are in place. Secondly, data must always be backed up, so systems can be restored if needed. As well as good practices, these sectors need a cultural and institutional change with regard to cybersecurity to stop them suffering disproportionately to other organisations.  Read Less
May 13, 2020

Pitney Bowes Has Been Hit By Ransomware For The Second Time In Six Months – Experts Reaction
The move by attackers to try and steal data is one of the surging trends in ransomware.
The move by attackers to try and steal data is one of the surging trends in ransomware. It can be done automatically by malware, or by hackers who have specifically targeted a network through several different means. Sadly, this has become the criminal norm and targeted hacks, often aimed at SMBs, governments, healthcare, transport and industry networks, are common. Criminals running campaigns using Maze ransomware, often attempt to steal data before deploying malicious encryption gives them.....Read More
The move by attackers to try and steal data is one of the surging trends in ransomware. It can be done automatically by malware, or by hackers who have specifically targeted a network through several different means. Sadly, this has become the criminal norm and targeted hacks, often aimed at SMBs, governments, healthcare, transport and industry networks, are common. Criminals running campaigns using Maze ransomware, often attempt to steal data before deploying malicious encryption gives them two ways to blackmail an organisation. While it might seem easy for an organisation to replace and fix one of their compromised machines, recovering from a companywide attack, especially without backup, can be impossible to come back from. The order of events is essential here. If data is encrypted before data-stealing components of attacks are carried out, then the data stolen would be mostly useless to the attackers running these malware campaigns – so companies should put suitable cyber resilience plans in place to ensure IT infrastructure and data is secure.  Read Less
May 07, 2020

Fresenius Hit By Ransomware – Expert Insight
COVID-19 will not stop hackers, but now is a good time for all organisations to review their incident plans and to update them as needed.
An increase in attacks targeting healthcare organisations suggests that hospitals are definitely one of the top targets for cyber-attacks at the moment. Clearly, COVID-19 is allowing cybercriminals to gain a higher rate of return by targeting healthcare providers because they firmly believe that organisations will pay their way out of an attack when under high-pressure factors. As the services that medical facilities provide are essential and often cannot be disrupted without severe risk to.....Read More
An increase in attacks targeting healthcare organisations suggests that hospitals are definitely one of the top targets for cyber-attacks at the moment. Clearly, COVID-19 is allowing cybercriminals to gain a higher rate of return by targeting healthcare providers because they firmly believe that organisations will pay their way out of an attack when under high-pressure factors. As the services that medical facilities provide are essential and often cannot be disrupted without severe risk to patients, ransomware is a weapon of choice. While healthcare companies may be prepared for such attacks, it is essential for hospitals to exercise best IT practice during a crisis because staff will be under pressure, potentially outside of their standard working spaces (remote, off-site, travelling) and likely to be dealing with a high volume of inbound messages concerning the outbreak. All healthcare practices must have antivirus and other cybersecurity solutions in place as well as access to security teams who can investigate any breaches to identify and address vulnerabilities. COVID-19 will not stop hackers, but now is a good time for all organisations to review their incident plans and to update them as needed.  Read Less
April 17, 2020

RagnarLocker Ransomware Hits EDP Energy Giant, Asks For €10M – Experts Comments
Senior leaders within EDP will currently be working out the the potential impact of the release of their confidential data.
This tactic of holding the confidentiality of the corporate data itself to ransom is still relatively new, and the energy sector has been a particular target of “big game” ransomware cybercriminals in the last year. Ransomware criminals look for the most essential services to lock-up as paying a ransom might be considered the safer option than facing the consequences of lost power for millions of people for an indefinite period. These gangs are highly organized and they select their.....Read More
This tactic of holding the confidentiality of the corporate data itself to ransom is still relatively new, and the energy sector has been a particular target of “big game” ransomware cybercriminals in the last year. Ransomware criminals look for the most essential services to lock-up as paying a ransom might be considered the safer option than facing the consequences of lost power for millions of people for an indefinite period. These gangs are highly organized and they select their targets wisely. Once they have breached an organization they look to encrypt as many of the operating systems as possible and consequently they charge extremely high ransoms, easily running into the millions. Senior leaders within EDP will currently be working out the the potential impact of the release of their confidential data to the business, including the potential loss of credibility, loss of business, intellectual property loss, GDPR fines, and weighing that up against the cost of paying the ransom.  Read Less