Australian business owner Paul Fuller lost $1.2 million when a scammer posing as a National Australia Bank representative exploited insider knowledge to deceive his company's accounts manager. This phone-based social engineering attack drained the business's bank account in a matter of minutes. While the bank managed to recover $84,000, the majority of the stolen funds remain irretrievable. Hackers employ artificial intelligence-based tools to target multiple businesses simultaneously, amplifying their capacity to launch attacks. (abc.net.au)
My thoughts: Social engineering, is based on hackers gathering various information from different data sources (website, employees and sometimes 3rd parties unknowingly sharing sensitive information) and using that to trick individuals into doing things they normally wouldn’t do. The story underscores the critical need for individuals and businesses to second guess anyone asking information about them and of course never volunteer information unless you are 100% certain you can trust the other party. With an aging population, we are seeing more phone-based social engineering attacks.
A major cyber-attack targeting financial services payment systems could result in a staggering global loss of $3.5 trillion, according to Lloyd's of London. The United States would bear the largest brunt, with an estimated $1.1 trillion in losses over a five-year period, significantly disrupting businesses worldwide. Additionally, China would face losses of $470 billion, while Japan would incur $200 billion in losses during the same period. (www.reuters.com)
My thoughts: In the world of cybersecurity, the revelations about a potential $3.5 trillion loss resulting from a significant cyber-attack on financial systems are truly alarming. While the cyber insurance industry is growing, individuals and organizations must exercise caution and diligence when considering their coverage. As our digital landscape continues to evolve, we must recognize that cybersecurity is a shared responsibility, one that affects us all and demands our collective vigilance.
New York state's casino operation and two hospitals, HealthAlliance Hospital and Margaretville Hospital, were hit by cyberattacks. The state Gaming Commission confirmed that a cybersecurity attack impacted its central operating system, leading to the temporary closure of Jake 58 casino. HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center experienced cyber incidents, resulting in patient diversions. Fortunately, the hospitals remained open for walk-in patients, and ambulance services were restored. The New York Gaming Commission believes personal identifiable information was not compromised and is actively monitoring the situation. (nypost.com)
My thoughts: Incidents like these serve as a stark reminder that cyber threats can disrupt not just our digital systems but essential services like healthcare and entertainment. Cybersecurity is not just an IT issue; it's a fundamental aspect of safeguarding public safety and critical infrastructure.
Over 40,000 Cisco switches and routers have been compromised by unknown attackers. These devices are vulnerable when running Cisco iOS XE software, and currently, no patch is available. The attack began in late September, with the attacker deploying an implant in October. The attacks are of great concern as they target "edge devices," which provide hackers with a discreet entry point into networks. The attackers can potentially monitor network traffic, pivot into protected networks, and execute various cyberattacks. The vulnerability affects devices with specific features enabled and exposed to the internet or untrusted networks. Disabling these features is an effective mitigation. Cisco is actively working on a software fix, and users are urged to follow the security advisory. (washingtonpost.com)
My thoughts: Over 40,000 compromised Cisco devices show a large weakness in network defenses. It's a wake-up call for organizations to prioritize cybersecurity solutions or face the devastating consequences of cyberattacks on critical infrastructure. Be sure to stay up to date with patches and updates to be sure the most recent bugs and or vulnerabilities are resolved.
****A Cisco spokesperson told The Hacker News that a fix that covers both vulnerabilities has been identified and will be made available to customers starting October 22, 2023. In the interim, it's recommended to disable the HTTP server feature
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.