Tag:cyber attack

1
Equifax data breach: 143 million records exposed but senior executives not told immediately?
2
Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?
3
Gartner: Worldwide spending on information security to reach $93 billion in 2018
4
You are not alone! Rasomware attacks increase
5
Cyber-attacks: a problem in 2016, still a problem in 2017
6
UK telecoms company handed record fine for data breach
7
The White House issues response guide to a cyber attack
8
Malware attacks a Melbourne hospital’s outdated IT system
9
Complex ModPOS Malware Infects Point-of-Sale Terminals in Lead up to Christmas Spend Frenzy
10
Top Five Cybersecurity Insurance Tips

Equifax data breach: 143 million records exposed but senior executives not told immediately?

By Cameron Abbott and Olivia Coburn

Equifax has joined Yahoo on the podium for the award no one wants: suffering one of the largest data breaches in history.

Equifax, one of the three largest US credit reporting agencies, announced last week that it suffered a cybersecurity incident potentially impacting 143 million US consumers –  a figure comprising of roughly 55 per cent of Americans aged 18 years or older. Some UK and Canadian residents are also affected.

Read More

Security incidents high, confidence to manage them low. Really? We did see this coming – why aren’t we better prepared?

By Cameron Abbott and Olivia Coburn

RiskIQ, a US-based cyber security company, has reported that 40% of businesses surveyed in the US and the UK have experienced 5 or more significant security incidents in the past 12 months. Significant incidents include malware, targeted attacks, mobile exposures, rogue mobile apps, website or brand abuse, phishing and social impersonation.

RiskIQ, through IDG Connect, also surveyed the confidence of corporate decision-makers in their ability to handle and mitigate cyber threats. Their report, 2017 State of Enterprise Digital Defense Report, reveals that nearly two-thirds of respondents had no to modest confidence in their ability to manage digital threats.

Read More

Gartner: Worldwide spending on information security to reach $93 billion in 2018

By Cameron Abbott and Olivia Coburn

Global spending on information security products and services will reach $86.4 billion this year, according to US-based technology research and advisory firm Gartner, Inc.

This figure is an increase of 7 per cent over 2016, and is expected to grow to $93 billion in 2018.

Read More

You are not alone! Rasomware attacks increase

By Cameron Abbott and Giles Whittaker

While no one likes to admit that they have been caught out or victimised by cyber-attacks such as ransomware, what appears to be true is that a lot of organisations are. The lesson is that it is quite likely to happen so design your IT systems to give you a recovery option. No good having your back up encrypted as well!

A survey (reg. req.) of IT security decision makers by CyberEdge found that a whopping 61% of respondents’ organizations were victimized by ransomware in 2016. Among those hit by ransomware, 33% paid the ransom to recover their data, 54% refused to pay but recovered their data anyway, and 13% refused to pay and lost their data. In general, the report found the percentage of organizations being hit by successful cyber-attacks continues to rise, from 62% in 2014 to 70% in 2015, 76% in 2016, and 79% in 2017. Three in five respondents believe a successful cyber-attack is likely in the coming year.

 

Cyber-attacks: a problem in 2016, still a problem in 2017

By Cameron Abbott and Allison Wallace

A survey of nearly 600 organisations across a variety of industries globally has revealed 98% of these organisations experienced some form of cyber-attack in 2016. (We are left wondering if the other 2% just didn’t notice?)

The survey, conducted by cyber-security company Radware, also found that many organisations are still not prepared to face the threat landscape including that 40% of organisations do not have an incident response plan in place.

Respondents indicated that ransom was the top motivation behind cyber-attacks (41%), followed by insider threats (27%), political hacktivism (26%) and competition (26%).

Radware’s Vice President of Security Solutions, Carl Herberger, says that money is the top motivator in today’s threat landscape. He says “attackers employ an ever-increasing number of tactics to steal valuable information, from ransom attacks that can lock up a company’s data, to DDoS attacks that act as a smoke screen for information theft, to direct brute force or injection attacks that grant direct access to internal data”.

Radware predicts that in 2017, we will see an increase in the use of IoT botnets, cyber ransom, telephony DoS, permanent denial of service for data centre and IoT operations, and public transport being held hostage.

Not the most positive outlook for 2017, but it would be a brave person to suggest they are wrong with those predictions.

UK telecoms company handed record fine for data breach

By Cameron Abbott and Rebecca Murray

Major UK telecoms company, TalkTalk has been fined £400,000 for failing to adequately safeguard personal data when they were hacked in October 2015. The Information Commissioner’s Office’s (ICO) investigation revealed that hackers obtained the details of 156,959 customers, including names, addresses, birthdates, phone numbers and email addresses. In over 15,000 cases, hackers even gained access to bank account details and sort codes. The cyber-attack triggered the launch of a committee inquiry into protection of personal data online. You can read the inquiry report here.

After in depth investigation, the ICO found that TalkTalk’s failure to implement even the most basic cyber security measures allowed hackers to easily penetrate its systems causing substantial damage and distress to its customers. See how the investigation unfolded here and read the ICO’s penalty notice here. The ICO identified TalkTalk’s principal errors as failing to actively monitor its own activities and allowing vulnerabilities to go unnoticed, failing to update its database to protect from bugs, failing to respond to two previous attacks on the same webpages and failing to fix a bug in the software for which a fix was readily available.

It would seem regulators are losing patience with organizations that don’t take their security obligations seriously.

The White House issues response guide to a cyber attack

By Cameron Abbott and Simon Ly

Last week, the White House issued the US government’s response guide to cyber attacks titled “Presidential Policy Directive – United States Cyber Incident Coordination”.

Billed to combat “malicious activity, malfunction, human error and acts of nature”, the Directive aims to provide a guide to handle significant cyber incidents while fostering the advancement of technology and innovation. The Directive has a five-level grading system. It has been reported that no hack attack has reached level 5 yet, with this being reserved for a “threat to infrastructure, government stability or American lives”.

If it wasn’t apparent already, this guide emphasises the growing risks of cyber attacks both to governments and companies. It will be interesting to see the Directive in action as the response to the Directive has been mixed, with some saying it doesn’t go far enough and that it simply codifies existing practices. This criticism seems a little unfair because you would hope that existing practices were relatively well thought through and thus not a bad standard to entrench.

For more information, you can access the White House’s press release here.

Malware attacks a Melbourne hospital’s outdated IT system

By Cameron Abbott and Meg Aitken

Don’t say we (and Microsoft) didn’t warn you, a prominent Melbourne hospital’s IT system that runs on an outdated and unsupported Windows operating system, Microsoft XP, was hacked last week.

Microsoft recently activated the end-of-life phase for Windows 8, 9 and 10 and encouraged users to transition to the company’s supported operating systems in order to prevent security incidents. The same process was undertaken for Microsoft XP in 2014; however the hospital continued to use the platform in some departments.

The pathology department was the primary victim of the attack and staff were reportedly forced to manually process blood tissue and urine samples while the electronic system was compromised. Fortunately, highly sensitive patient information is not believed to have been accessed by the hackers.

It has been reported that the hospital is now expediting plans to upgrade its IT systems.

Access the media release here.

Complex ModPOS Malware Infects Point-of-Sale Terminals in Lead up to Christmas Spend Frenzy

By Cameron Abbott and Meg Aitken

While the festive season approaches and retailers prepare for their busiest time of the year, a sophisticated form of point-of-sale malware, known as ‘ModPOS’, has reared its ugly head and is targeting payment terminals in the U.S.

It is estimated that the first ModPOS data hacks occurred in 2013 and that millions of credit and debit cards used at a broad variety of U.S. retailers have since been compromised. The unique complexity of the code, which experts say has never been seen before in malware, made it tricky to decipher.

Cyber security experts have warned that ModPOS has the ability to not only “scrape” credit and debit card numbers from the memory of point-of-sale terminals, but that the multifaceted code also records keystrokes of computer operators and transmits stolen data. If that isn’t enough, the malware is particularly difficult to detect and is reportedly capable of infiltrating despite security software and data controls.

More details about ModPOS malware can be found here.

Top Five Cybersecurity Insurance Tips

By Jim Bulling and Roberta Anderson

The increased risks posed by cybersecurity breaches has meant that many organisation are looking to insurance to address some of the exposure. But cybersecurity insurance is still new and there are things which companies wishing to purchase cybersecurity insurance should look out for. Here are five tips if you are considering obtaining or renewing a cybersecurity insurance policy.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.