This past week was a major one for cybersecurity breaches and news in general.
1) A few weeks back we detailed how the DHS in the United States said businesses are not prepared for current cyberattacks. Sadly, the timing of this statement couldn’t have been any better.
2) Almost one-billion email and other records were stolen, meaning hackers potentially have access to a tremendous new archive they can rely on when crafting phishing and spear-phishing campaigns.
3) This week we reported Toyota was hacked and likely lost 3.1 million customer records to APT32. Sadly, it seems the hackers found a weak link in Toyota’s Japan network by targeting Australia.
4) LockerGoga is horrifying malware which infects industrial factories and facilities such as power plants. The attacker can cause explosions or worse. It appears to have both ransomware and wiper capabilities: While the malware leverages an encryption process that removes the victim’s ability to access files and other data on infected systems, various later versions of LockerGoga were also observed forcibly logging the victim off of the infected systems by changing their passwords, and removing their ability to even log back in to the system, according to Talos researchers.
5) New phishing attacks will actually place child porn on a person’s computer and then notify law enforcement to disrupt an organization.
6) The founder and CEO of NSO Group, the notorious Israeli hacking company with customers around the world said hacking journalists and lawyers is totally fine. The implications here are quite scary – especially as lawyers often hold many secrets for their clients.
7) Evaldas Rimasauskas, 50, pleaded guilty to wire fraud after helping to orchestrate a scheme that included setting up a fake business and sending phishing emails to employees of Facebook and Google. The scheme ultimately duped those multibillion-dollar companies out of more than $100 million in total between 2013 and 2015, according to the U.S. Attorney’s Office for the Southern District of New York.
8) IT security budgets are actually falling – at least in about 10 percent of organizations. Half of organizations say they lack the security talent needed to remain secure.
9) Microsoft sued to take control of domains involved in Iran hacking. The software and cloud giant applied to the court in order to take control of 99 websites used by the hacker group, known as Phosphorus or APT 35, in various hacking operations. The court granted the motion earlier this month but it was unsealed this week, said Microsoft’s consumer security chief Tom Burt in a blog post.
10) Beazley Breach Response Services, a unit of global insurance company Beazley, reports that nearly half of the more than 3,300 breaches it investigated last year traced to a hack attack or malware infection. And half of those hacking/malware attacks were tied to business email compromise schemes.
11) Canada is seeing skyrocketing increases in ransomware attacks, with the average ransom just under $9,000 CAD and average downtime worth about $66,000 CAD. Ransomware has also hit about 24% of cloud-based apps in the Great White North.
12) According to Kaspersky Lab (News - Alert)'s latest research, 51 percent of IT decision makers would find it difficult to estimate total losses after a cyberattack due to how widespread the impact would be and this includes reputational damage to their organization.
Every Business must take actions to protect itself. The U.S. Department of Homeland Security explicitly tells us that we are NOT prepared for today’s attacks.
Organizations can choose to be low-hanging fruit, making it easy for hackers to focus on them or do things properly to fend off attackers.
Prevention is crucial. Every company must take these steps:
- Cybersecurity training must be done regularly.
- Auditing and documentation must be performed regularly to ensure systems are secure.
- Anomaly detection should be running constantly to detect threats as they emerge.
- Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
- Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
- An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
- Use phishing simulation which tests employees by sending safe phishing emails. Employees who click are quickly trained on what to avoid.
Protect your organization – even if you have internal IT, hire an experienced MSP or MSSP.
If you do get infected, be sure to hire an MSP with forensic experience who can handle the problem and get you back and running as soon as possible.