A new ransomware gang called Rhysida has claimed responsibility for a cyber-attack on the British Library, where stolen personal data is now being offered for sale online. Rhysida, believed to be from Russia or the Commonwealth of Independent States, employs a classic double extortion technique, threatening to release stolen data unless a payment is made. The group has targeted government institutions in Portugal, Chile, and Kuwait, as well as a US hospital group. Rhysida is associated with a criminal operation called Gold Victor, which rebrands to avoid attention. The gang primarily gains access through phishing attacks or exploiting virtual private networks. The ransom demands, often in cryptocurrency, are sent with the title "CriticalBreachDetected." Ransomware payments are on the rise, with average payments doubling to £1.2 million over the past year, according to cybersecurity firm Sophos. (theguardian.com)
My thoughts: The surge in ransomware attacks, represented by groups like Rhysida, exposes the inadequacy of current cybersecurity measures in place by enterprises. Phishing attacks involve compromising humans in your enterprise. The easiest way to prevent phishing is
1. Educate your users constantly and consistently. End user awareness training is inexpensive with a high return on investment.
2. Consider Business Email Compromise solutions to eliminate unwanted emails potentially designed to scam your employees.
Ask me about these easy to implement solutions.
Fortune 500 insurance company Fidelity National Financial (FNF) has reported a cybersecurity incident, leading to the shutdown of several systems affecting various services, including title insurance, escrow, and mortgage transaction services. FNF, recording over $11 billion in revenue in 2022, experienced an intrusion where certain systems were accessed, and credentials acquired. The incident, allegedly claimed by the ransomware group ALPHV/BlackCat, has disrupted operations, prompting ongoing investigations. Security experts speculate the entry point may be linked to the CitrixBleed vulnerability, affecting Citrix Netscaler devices. The impact on FNF's trade and operations is still under assessment. (theregister.com)
The cyberattack on Fidelity National Financial, possibly linked to the preventable CitrixBleed vulnerability, highlights the serious repercussions of not keeping your systems updated and patched. Make sure you regularly scan your IT assets and systems to get visibility into the software installed. Keeping firmware, OS and applications up to date could lower your risk of being attacked.
Need to scan and inventory what IT assets you own? Send me a message to find out how easily it can be done!
The recent ₹820-crore IMPS glitch at UCO Bank has prompted the Finance Ministry to call a crucial meeting on November 28, addressing the escalating cybercrimes in India's financial sector. This meeting gains significance amid the global rise of AI-powered cybercrime. Cyberlaw experts advocate for dedicated legislation on cybersecurity, emphasizing the need for accountability at the organizational and senior management levels. The meeting, chaired by DFS Secretary Vivek Joshi, will involve participation from regulatory bodies, cybersecurity presentations, and discussions on reinforcing legal frameworks to enhance cybersecurity preparedness in the financial and critical sectors. (thehindubusinessline.com)
My thoughts: In light of the recent UCO Bank incident, it's evident that India's financial sector faces continuous cyber threats. Accountability for cybersecurity shouldn't just reside at the board level; it's crucial to embed it within the DNA of organizations, ensuring proactive defense measures against State and non-State cyber actors. Enforcing stiffer penalties for companies who are negligent could encourage companies to invest more in their cyber security posture. Increased legislation is essential not only for financial institutions but also for critical sectors like healthcare. People naturally react quicker when financial penalties are involved.
In a recent cyberattack on Japanese componentry company Shimano, ransomware hackers from the LockBit group stole and leaked sensitive data. The breach, first reported in early November, resulted in the release of 4.5 terabytes of information, including employee details, financial documents, confidential reports, NDAs, and diagrams. Despite a ransom demand, it appears Shimano may not have paid, as the leaked data, containing payroll details, manufacturing data, and sales projections, is now public. The incident raises concerns about intellectual property exposure and the potential impact on the company's competitiveness. Shimano has yet to provide detailed comments on the situation. (cyclingweekly.com)
My thoughts: This attack lays bare the harsh reality of corporate vulnerability in the digital battleground. The disclosure of information, from employee details to financial documents, not only jeopardizes privacy but serves as a feast for competitors hungry for a strategic advantage. Shimano's decision not to pay the ransom highlights the risky defiance against cyber threats. The attackers warned of a repeat attack. Unfortunately, many incidents see attackers hit their victims again months later. Incident response teams are deployed after such attacks. Many clients feel a false sense of security after an attack thinking they have now “secured the kingdom”. This makes me question the feasibility of ramping up protection after an attack. Cyber resilience is an ongoing journey, not a destination.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.