Expert(s):
VP EMEA feature_status*/ ?>
Securonix

Comments Dotted : 28
June 04, 2020

REvil Ransomware Creates eBay-like Auction Site For Stolen Data – Experts Comments
The fact that this cybercriminal gang has set up a site to auction exfiltrated data.
REvil ransomware is the same strain that was used when the A-list law firm Grubman Shire Meiselas & Sacks was breached last month. The fact that this cybercriminal gang has set up a site to auction exfiltrated data just proves how valuable information in today’s digital society is. From personal information (in this instance Madonna and other celebrities) to corporate data, such as a US food distributor, information in all forms has significant resale value on the dark web. Unfortunately,.....Read More
REvil ransomware is the same strain that was used when the A-list law firm Grubman Shire Meiselas & Sacks was breached last month. The fact that this cybercriminal gang has set up a site to auction exfiltrated data just proves how valuable information in today’s digital society is. From personal information (in this instance Madonna and other celebrities) to corporate data, such as a US food distributor, information in all forms has significant resale value on the dark web. Unfortunately, once private information leaves corporate perimeters after a data breach, there is very little that can be done. Instead, organisations must take proactive steps to secure their systems before data can be breached and ensure regularly that the steps are meeting compliance regulations, like GDPR. It will be some time before the law firm Grubman Shire Meiselas & Sacks can build back their reputation. This just proves how important it is to have adequate cybersecurity hygiene.  Read Less
June 01, 2020

Expert Insight: Joomla Data Breach
This includes backup files! Even if the majority of the information is in the public domain.
Unfortunately it seems as though businesses are not learning their lessons, and yet again leaky AWS S3 bucket security is the cause of a data breach. Enterprises must remember that their security is only as strong as their weakest link, and time and time again we are seeing AWS S3 bucket security appearing as that weakest link. It is important to remember that AWS S3 buckets have varying levels of security and it is simply not good enough to trust default settings. When it comes to processing.....Read More
Unfortunately it seems as though businesses are not learning their lessons, and yet again leaky AWS S3 bucket security is the cause of a data breach. Enterprises must remember that their security is only as strong as their weakest link, and time and time again we are seeing AWS S3 bucket security appearing as that weakest link. It is important to remember that AWS S3 buckets have varying levels of security and it is simply not good enough to trust default settings. When it comes to processing and storing PII, businesses must ensure that information is secured at all stages of its lifetime. This includes backup files! Even if the majority of the information is in the public domain, businesses must ensure total security for any data they hold. Unfortunately, an event like this will cast a very negative light on Joomla for some time, not to mention the regulatory connotations. While there is some uncertainty as to who may have exfiltrated this information – if anyone has at all – any professional that used the Joomla Resources Directory should be sure to change any passwords that may be associated with the site, especially if passwords are reused or repurposed across different platforms.  Read Less
June 01, 2020

Expert Advise On Cybercriminals Are Impersonating UK Supermarkets In New Scams
Cybercriminals are opportunists.
Cybercriminals are opportunists. They will leverage any given opportunity to use underhanded tricks to separate consumers from their hard-earned money or valuable personal information. When it comes to online shopping it can be even more dangerous because you surrender not only your personal information and payment details, but also your home address for delivery. This not only creates risk for identity theft, but also compromises the physical security of your home. We have seen a rise in.....Read More
Cybercriminals are opportunists. They will leverage any given opportunity to use underhanded tricks to separate consumers from their hard-earned money or valuable personal information. When it comes to online shopping it can be even more dangerous because you surrender not only your personal information and payment details, but also your home address for delivery. This not only creates risk for identity theft, but also compromises the physical security of your home. We have seen a rise in typo-squatting due to the COVID-19 pandemic. This means that the domain names will be very similar to the established site, but with slight variation. This can manifest in several forms, for example, the site may substitute a letter for a similar number or (such as Waitr0se), or slightly misspelled names (such as Saisnburys or Sainsburrys), or even use characters from different alphabets that will lull users into a false sense of security (such as Tesço). Examining the domain before you undertake any further actions is a good way to protect yourself from cybercriminals in disguise, protecting your livelihood and personal space, and as always, only give personal information on a need-to-know basis if you are absolutely sure that the site is reputable.  Read Less
May 29, 2020

Expert Insight: ZLoader Malware Returns As A Coronavirus Phishing Scam
Once the public has adequately protected themselves from “Wave 2” tactics, cybercriminals will certainly pivot their attack vectors.
In the last couple of weeks, we have observed a surge in the number of new domains registered that are themed around corona/COVID-19 stimulus or financial recovery, that are being used to maliciously target people. Of these targeted emails, we have seen three clear trends in COVID-19 related phishing attempts:
  • Wave 1: Focused on coronavirus, the symptoms, and how to self-diagnose.
  • Wave 2: Tailored towards the cure/vaccine, disease progress tracking, and tips to engage kids at home.
  • Wave 3:
.....Read More
In the last couple of weeks, we have observed a surge in the number of new domains registered that are themed around corona/COVID-19 stimulus or financial recovery, that are being used to maliciously target people. Of these targeted emails, we have seen three clear trends in COVID-19 related phishing attempts:
  • Wave 1: Focused on coronavirus, the symptoms, and how to self-diagnose.
  • Wave 2: Tailored towards the cure/vaccine, disease progress tracking, and tips to engage kids at home.
  • Wave 3: Focused on stimulus checks and impersonation emails with subjects focused on reduction in force, layoff forecasts, and end of work from home/reopen.
This specific instance can be categorised as “Wave 2” because the fraudulent emails were using coronavirus-related prevention tips, testing and invoices to fool users to distribute ZLoader banking malware. Users should all be aware of these tactics and adjust their security habits accordingly. It is important to be aware of “Wave 3” and the implications that it will bring. Once the public has adequately protected themselves from “Wave 2” tactics, cybercriminals will certainly pivot their attack vectors. The best way to reduce the likelihood of a phishing campaign wreaking havoc on corporate devices is to educate the workforce about the increase in phishing activity. Some simple preventative tips include: ul>
  • Check the legitimacy of the email sender and email domain before responding.
  • Do not click on links or attachments from unverified senders.
  • Pay close attention to spellings and errors, especially for unusual emails that seem to be coming from executives.
  • Report any suspicious emails to IT immediately.
    •   Read Less
    May 28, 2020

    Experts Reaction On 26 Million LiveJournal Credentials Leaked Online
    Despite LiveJournal’s efforts to encrypt personally identifiable information (PII), the MD5 hashed passwords were easily converted to plain text.
    Yet again we are seeing private consumer information surfacing on hacking forums. This emphasises the importance of password security, both for businesses and individuals. This manifests on two separate, but crucial, levels. Despite LiveJournal’s efforts to encrypt personally identifiable information (PII), the MD5 hashed passwords were easily converted to plain text. This means that businesses that use and process any instance of PII should spare no expense when it comes to customer.....Read More
    Yet again we are seeing private consumer information surfacing on hacking forums. This emphasises the importance of password security, both for businesses and individuals. This manifests on two separate, but crucial, levels. Despite LiveJournal’s efforts to encrypt personally identifiable information (PII), the MD5 hashed passwords were easily converted to plain text. This means that businesses that use and process any instance of PII should spare no expense when it comes to customer security. It is much cheaper in the long run to invest in more comprehensive security solutions than it is to recover financially and reputationally from a high profile breach like this. On the other hand, consumers should be sure to use strong passwords, and never reuse login credentials. If you had an account with LiveJournal then you should be sure to change your password immediately, both on this platform and any associated accounts.  Read Less
    May 20, 2020

    UK airline easyJet data breach impacts 9M customers – expert commentary
    We will most likely see a series of phishing attacks targeting EasyJet customers in the near future.
    Passengers have to trust that airlines are securing their Personal Identifiable Information when they book with them, but a breach of this magnitude breaks that trust. In many cases, we are still seeing misconfigurations/human errors commonly used by attackers to exploit victims with misuse of encryption often compounding the effects of human error in each type of breach. Allowing the information of about 9 million customers to be breached is a huge error, especially considering that the credit .....Read More
    Passengers have to trust that airlines are securing their Personal Identifiable Information when they book with them, but a breach of this magnitude breaks that trust. In many cases, we are still seeing misconfigurations/human errors commonly used by attackers to exploit victims with misuse of encryption often compounding the effects of human error in each type of breach. Allowing the information of about 9 million customers to be breached is a huge error, especially considering that the credit card details of more than 2,000 customers were also compromised. Our research has seen a rise in COVID-19 themed malware targeting users. EasyJet customers should be especially vigilant of any correspondence that requires action. This breach could have catastrophic consequences such as identity theft, ransomware being downloaded to personal devices that are being used for corporate purposes. We will most likely see a series of phishing attacks targeting EasyJet customers in the near future, so all customers should be on the alert for suspicious activity.  Read Less
    May 15, 2020

    Expert Reaction On News: Members of the public are using a bogus version of the UK contact-tracing app
    Cybercriminals are using virus-themed terminology to mislead users into downloading malicious material.
    As more people are abiding by lockdown and working from home, we are seeing cybercriminals leveraging fear to seduce users into clicking malicious links. In fact, our COVID-19 Cyber Threat Update revealed that the number of malicious domains using the words “corona” or “covid19” have increased exponentially. Therefore, it is no surprise that cybercriminals are exploiting the NHS COVID-19 application, due to the increase of pandemic-themed social engineering techniques. Indeed, if you.....Read More
    As more people are abiding by lockdown and working from home, we are seeing cybercriminals leveraging fear to seduce users into clicking malicious links. In fact, our COVID-19 Cyber Threat Update revealed that the number of malicious domains using the words “corona” or “covid19” have increased exponentially. Therefore, it is no surprise that cybercriminals are exploiting the NHS COVID-19 application, due to the increase of pandemic-themed social engineering techniques. Indeed, if you are expecting an update from the NHS app then you may be more likely to open an email or text message containing the keywords: “Coronavirus” or “COVID-19”. This is concerning as our threat research team proved that more cybercriminals are using virus-themed terminology to mislead users into downloading malicious material, and in this case, harvest PII. Therefore, users with the mobile tracing app must be extremely vigilant as they may be more likely to fall victim to medically disguised harmful content.  Read Less
    May 13, 2020

    Expert Insight On Magellan Health Inc Breach
    We are again seeing the detrimental impact that ransomware can have on the healthcare industry.
    We are again seeing the detrimental impact that ransomware can have on the healthcare industry. Hospitals and healthcare providers are amongst the most frequently targeted organisations because of the highly valuable information that they process. For example, the personal health information (PHI) of military and government agencies, labour unions and employers will certainly fetch a pretty penny on the dark market. This means that the agencies that are most at risk of data exfiltration should.....Read More
    We are again seeing the detrimental impact that ransomware can have on the healthcare industry. Hospitals and healthcare providers are amongst the most frequently targeted organisations because of the highly valuable information that they process. For example, the personal health information (PHI) of military and government agencies, labour unions and employers will certainly fetch a pretty penny on the dark market. This means that the agencies that are most at risk of data exfiltration should take extra care when it comes to training their employees and securing all instances of personal information. The fact that this particular breach can be attributed to phishing and social engineering techniques suggests that there is substantial room for improvement when it comes to security-conscious decision making. Other enterprises within the healthcare vertical should certainly take note and introduce additional security parameters before it is too late. I know this may be easier said than done, especially considering the additional strain on healthcare providers, but security is not a corner that should be cut.  Read Less
    May 12, 2020

    Expert Insight On ChatBooks Discloses Data Breach After Data Sold On Dark Web
    This just proves that no one is immune to cyberattack, and you never know where the next target will be.
    Unfortunately we are again seeing the results of a data breach ending up on the dark web. While there isn’t much that can be done about having your PII breached, users should look to observe World Password Day a few days late and change their passwords immediately. This is especially true if users have the same, or similar passwords across multiple accounts. While the passwords were encrypted, this does not mean that they are indecipherable and there is a chance that hackers can obtain.....Read More
    Unfortunately we are again seeing the results of a data breach ending up on the dark web. While there isn’t much that can be done about having your PII breached, users should look to observe World Password Day a few days late and change their passwords immediately. This is especially true if users have the same, or similar passwords across multiple accounts. While the passwords were encrypted, this does not mean that they are indecipherable and there is a chance that hackers can obtain passwords, or segments of passwords leading to compromised accounts. As with any instance of PII being breached, consumers and users should be extra vigilant. This just proves that no one is immune to cyberattack, and you never know where the next target will be.  Read Less
    May 08, 2020

    Cybersecurity Expert On Cisco Webex Phishing Uses Fake Cert Errors To Steal Credentials
    This challenge becomes even more complicated when considering cloned sites of trusted vendors such as Cisco Webex.
    Our research has seen a rise in convincing phishing attacks targeting people working from home. Cybercriminals are increasingly using typo-squat variants of domains relating to COVID-19 as organisations have not been able to proactively monitor or block these harmful social engineering techniques for fear of not communicating vital and valid information about the pandemic. This challenge becomes even more complicated when considering cloned sites of trusted vendors such as Cisco Webex. We.....Read More
    Our research has seen a rise in convincing phishing attacks targeting people working from home. Cybercriminals are increasingly using typo-squat variants of domains relating to COVID-19 as organisations have not been able to proactively monitor or block these harmful social engineering techniques for fear of not communicating vital and valid information about the pandemic. This challenge becomes even more complicated when considering cloned sites of trusted vendors such as Cisco Webex. We recommend that organisations enable use cases that track increased activity to newly registered domains or rare in order to identify early indicators of suspicious activity. This technique would help protect against this particular threat as the domain was recently registered in the Czech Republic. By flagging potentially malicious links from suspicious locations you can greatly reduce the chance of falling victim to social engineering techniques such as phishing. As more people work from home we will most likely see this become a sinister trend and security teams should stay a step ahead in order to reduce the impact of this activity.  Read Less