Global Cyber News Digest

Events

Cyber Insider Podcast

Press Room

Daily News Digest

Stay current on the global cyber threat landscape and industry developments with CCOE’s daily digest and library of cybersecurity news and articles.

  • Two Romanians Arrested for Running Malware Encryption Services

    • Allegedly the operators of the CyberSeal and Dataprotector crypting services, as well as of the Cyberscan service, the duo is said to have provided aid to more than 1,560 criminals.
    • The services, Europol says, were used for crypting a variety of malware types, including information stealers, Remote Access Trojans (RATs), and ransomware families.
    • The illegal services were being offered on underground portals, at prices ranging between $40 and $300, depending on license conditions. The two provided constant updates and support to their customers.
    - Ionut Arghire | November 23, 2020
    hak-iq.us20.list-manage.comNovember 23, 2020

  • It’s not just spies who want your data

    • Australia’s domestic intelligence agency, the Australian Security Intelligence Organisation, released a rare public statement last week aimed at raising awareness about the use of social media and professional networking services for espionage purposes.
    • ‘Think before you link’ focuses on foreign intelligence threats and rightly cautions Australians to be careful about revealing personal information on networking services.
    • Even though ASIO’s warning focuses on Australians being recruited or duped by professional spies, online targeting and the creation of fake profiles and inauthentic networks are not just the realm of highly resourced state-sponsored cyber operatives. The tools and techniques used are cheap, simple and widely accessible. It’s not difficult, or expensive, to create an online presence with a unique artificial intelligence-generated profile picture.
    • Data itself can be difficult to monetise, but deep insights into individuals derived from data are highly valuable. Data broking is believed to be a US$200 billion industry.
    - Jocelinn Kang | November 23, 2020
    hak-iq.us20.list-manage.comNovember 23, 2020

  • Manchester United forced to take systems offline following cyberattack

    • U.K. soccer club Manchester United has been forced to take some systems offline following a cyberattack.
    • Manchester United didn’t release details on what the attack involved, but The Sun today quoted an expert as saying the attack bears “hallmarks of Russian or Chinese hackers.” The fact that the attack came before a game is also claimed by the expert to suggest that “the intention was to cause chaos for the club.”
    • Without any details on the attack, suggesting it was Russian or Chinese hackers is pure speculation. It could have been North Korean or Iranians hackers as well. The four countries dominate the list of advanced persistent threat groups.
    • “These are a fast-growing trend in 2020 and organizations such as football clubs are a prime target as their systems hold the details of hundreds of thousands of people including fans, employees, players as well as sensitive business and payment data."
    - Duncan Riley | November 22, 2020
    hak-iq.us20.list-manage.comNovember 22, 2020

  • World’s Dumbest Passwords Revealed: 200 Reasons To Use A Password Manager

    • More than half of the top 200 most common, and therefore dumbest, passwords were the same ones that appeared in the 2019 listing.
    • How dumb, you may be wondering? Well, 123456 remains the most commonly used password of 2020, yes really, appearing 2,543,285 times in the database analysis. (275,699,516 were analyzed)
    • Number four is the dumb 'password,' and 'senha' was just as bad, bringing up the rear of the top ten.
      • Five characters do not a smart password make. Nor does using the Portuguese word for a password, because that's what it means. Number 33 in the list of dumb passwords was unknown. No, literally, it was 'unknown.'
    • "Password managers, which can hold all our passwords securely, are the answer to this problem. Although many people think that putting all their passwords in one place on the cloud could make them vulnerable to attack, the opposite is in fact true. The clever use of two-factor authentication (2FA) and robust encryption is a far stronger mix than having to remember 100s of accounts, each with three random words."
    - Davey Winder | November 22, 2020
    hak-iq.us20.list-manage.comNovember 22, 2020

  • Cybersecurity: Dos and Don’ts and Legal Issues You Need to Understand

    • Data security breaches cause a lot of harm to an organization. Some of these harms may include:
      • Loss of trust of your consumers. When consumers stop trusting their competency and reliability, it will result in low sales.
      • The costs incurred as a result of cybersecurity will affect the overall cost of the business. The price will lead to regulatory fines, compensation payments, and business disruption costs, which will lead to the organization’s losses. 
    • To be safe from cyber-attacks, ensure you follow the above dos and don’ts. It is also advisable you understand the legal issues associated with cybersecurity and know how to avoid them.
    - Daniel Witman | November 19, 2020
    hak-iq.us20.list-manage.comNovember 19, 2020

  • Ransomware Attack Cripples Systems of Inland Port in Washington State

    • The Port of Kennewick, Washington reports that it is the latest target to suffer a crippling cyber-attack. The small port region far up the Columbia River and more than 180 miles southeast of the Port of Seattle demonstrates the indiscriminate nature of cybercrime.
    • The cyber-criminals placed an encryption lock on the port’s server and demanded $200,000 in ransom to restore access to the port’s servers and files.
    • The port, following the direction of the FBI and its technology professionals, has determined not to pay a ransom. “It would be using public funds and there is no guarantee an encryption key would be received after payment,” the port said in its statement.
    • They are rebuilding the port’s digital files from offline backups and working to restore the port’s email server, which is currently offline.
    | November 19, 2020
    hak-iq.us20.list-manage.comNovember 19, 2020

  • Data breaches bring more bad news for the travel and leisure industry

    • Leading online brands Expedia, Booking.com and Hotels.com have reportedly been the subject of a third party cyberattacks, which has led to potential breaches of booking information – including names, email addresses, telephone numbers and payment data.
    • Payment card data is likely to be considered the ultimate prize for hackers and it is imperative that businesses consider any areas of potential vulnerability in systems and processes to prevent these types of incidences from occurring.
    • Being able to prove that technology and strict protocols are in place also provides assurances to customers that organisations are taking the security of their personal data seriously, and will hopefully give consumers’ confidence on where they decide to take their spend.
    - Geoff Forsythe | November 19, 2020
    hak-iq.us20.list-manage.comNovember 19, 2020

  • Verizon Releases First Cyber-Espionage Report

    • The 2020 "Cyber Espionage Report" (CER) draws from seven years of Verizon "Data Breach Investigations Report" (DBIR) content and more than 14 years of the company's Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise.
    • Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2% of actors.
    • The top compromised asset varieties in cyber-espionage breaches were desktop or laptop (88%), cell phone (14%), and web application (10%). For all breaches, the top asset varieties were web application (43%), desktop or laptop (31%), and email (21%).
    • "Because cyber-espionage is a difficult incident pattern to detect, the numbers may be much higher. The kinds of data stolen in Cyber-Espionage breaches (e.g., secrets, internal or classified) may not fall under the data types that trigger reporting requirements under many laws or regulatory requirements."
    - Sarah Coble | November 17, 2020
    hak-iq.us20.list-manage.comNovember 17, 2020

  • TicketMaster Slapped With $1.65 Million Fine Over 2018 Data Breach

    • In June 2018, Ticketmaster disclosed a data breach that apparently affected only 5% of customers. However, it was a serious breach since it affected both UK customers as well as international users.
    • As the investigations progressed, it became clear that Ticketmaster would have to face a fine according to the EU GDPR. This now looks true since the UK ICO has imposed a fine of £ £1.25million ($1.65 million). According to the details, the breach affected 9.4 million customers across Europe, with 1.5 million belonging to the UK only.
    - Abeerah Hashim | November 17, 2020
    hak-iq.us20.list-manage.comNovember 17, 2020

  • Check, Please! Adding up the Costs of a Financial Data Breach

    • The fact that roughly 206.4 billion emails are sent and received each day means we’re all very familiar with that dreaded feeling of sending an email with typos, with the wrong attachment, or to the wrong contact. But this can be more than just an embarrassing mistake – the ramifications could, in fact, be catastrophic.
    • The consequences of this information falling into the wrong hands could mean the loss of significant sums of money. Emails of this nature are the Holy Grail for cybercriminals.
    • Costs will be wide-ranging depending on the scale of each breach, but at a minimum, there will be financial penalties, costs for audits to understand why the incident happened and what additional protocols and solutions need to be implemented to prevent it from happening in the future. There could also be huge costs involved for reimbursing customers who may have been affected by the breach in turn.
    | November 16, 2020
    hak-iq.us20.list-manage.comNovember 16, 2020

451 A Street, Suite 500
San Diego, CA 92101

[email protected]

CONNECT WITH US

Linkedin Twitter

Cyber Center of Excellence is a San Diego-based nonprofit dedicated to growing the regional cyber economy and creating a more secure digital community for all.

JOIN US
Linkedin Twitter
Cyber Center of Excellence | Privacy Policy  |  Terms & Conditions
Linkedin Twitter
Privacy Policy  |  Terms & Conditions
© 2024 Cyber Center of Excellence