We have now reached our 19,087 subscribers and we are continually expanding! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!
A ransomware gang called Cl0p has launched a supply chain cyber attack, exploiting a vulnerability in file transfer software used by numerous organizations. The financial services sector, including banks and credit unions, has been particularly impacted, with at least 10 U.S. banks falling victim.
The breach has resulted in the theft of sensitive data, including personal information like names, addresses, birthdates, and Social Security numbers.
While the full extent of the breach is still under investigation, experts warn of the potential for phishing and identity fraud. The cyber attack is not considered a systemic risk, according to the director of the Cybersecurity and Infrastructure Security Agency, but it highlights the ongoing threat of ransomware attacks. (americanbanker)
My thoughts: As we learn from the article, this is your reminder to patch your software and keep things up to date to ensure latest vulnerabilities do not creep into your enterprise.
Blizzard's Battle.net online service, including games like Diablo IV and World of Warcraft, experienced a Distributed Denial of Service (DDoS) attack on Sunday. The attack began in the early hours of the morning and caused latency issues and disconnections for players. Blizzard's customer support account acknowledged the attack and stated that they were actively working to resolve the issue.
The attack disrupted gameplay for several hours, prompting some players to call for the addition of an offline mode for Diablo IV. As of the afternoon, Blizzard reported that the DDoS attacks had ceased, and players were advised to follow troubleshooting advice if they were still experiencing connectivity problems. (endgadget)
My thoughts: Hacking the government isn’t getting hackers the attention they want. Maybe they’ll get more attention from hacking gamers…..
In a recent article on Fox News, Rebekah Koffler discusses a massive Russian cyberattack on multiple federal agencies, including the Department of Energy. The attack involved a destructive ransomware bug that compromised data belonging to millions of Americans and various organizations. Koffler suggests that the true intent behind this attack is to demonstrate Russia's capability and willingness to launch a more devastating cyberattack on the US homeland, potentially leading to a "Cyber Armageddon."
While the attack was attributed to a Russian ransomware group called Cl0P, Koffler argues that the distinction between state-sponsored hackers and hired cybercriminals is negligible, as the Russian government authorizes such attacks regardless of who carries them out. Koffler also points out the interconnectedness of nuclear and cyber warfare in Russian military doctrine, with cyber weapons being seen as advantageous due to their non-destructive nature.
The escalating tensions between Russia and the US, particularly regarding the situation in Ukraine, further fuel concerns of a potential catastrophic cyberstrike. Koffler warns that Russia has extensively studied vulnerabilities in US infrastructure and possesses a sophisticated cyber arsenal capable of inflicting significant damage. She posits that Putin may view unleashing a "Cyber Armageddon" as a last-ditch effort to protect Russia's interests if he believes US intervention in Ukraine is imminent. (foxnews)
Thoughts: This is terrifying, however a definite possibility. If they are discussing this possibility, I’m keen to think they are preparing for it, hopefully. Nonetheless, terrifying. What would a nation do with no internet for extended periods?
Australia's Prime Minister, Anthony Albanese, has recommended that residents turn off their iPhones for five minutes every night as a cybersecurity measure. This advice aims to prevent any potential spyware running in the background of the device. While it has been a persistent myth that force-quitting apps improves iPhone performance, rebooting the phone can offer some level of privacy protection against spyware by closing background processes.
Tech experts and the US National Security Agency (NSA) endorse this advice, with the NSA suggesting hard-rebooting smartphones at least once a week for cybersecurity purposes. (9to5mac)
My thoughts: I would argue everyone with a smart phone should do this daily. iPhone or not.
Check out our new partners at Abnormal Security. The reason why Assurance IT decided to make this strategic investment with Abnormal was due to their platform's effectiveness at significantly mitigating losses related to business / vendor email compromise by leveraging advanced user behavior profiling and behavioral data science.
Abnormal offers a free non-invasive, minimal-overhead, Email Risk Assessment which highlights the residual risk that is bypassing an organization's existing email security controls. If you'd like to learn more about Abnormal and their free Risk Assessment, please write ABNORMAL in the comments below. We can discuss in further detail. Check out our new partners at Abnormal Security.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.