"We made it this far, what are the chances" - every business that's about to get hacked

We have now reached 19,287 subscribers. Thanks for your support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network! Reach out to me personally if you have questions about your cyber security --> Luigi Tiano.

‍

1. Outdated Law Firm Exposes Data of Over 42,000 Individuals

‍

The Law Foundation of Silicon Valley, a California law firm providing free services to those in need, disclosed that a ransomware attack in February resulted in the exposure of personal information for more than 42,000 individuals. The breach affected both clients and staff members, leaking Social Security numbers and other sensitive data. With approximately 90 attorneys, social workers, staff, and volunteers, the law firm assists around 10,000 people annually. The firm established almost 50 years ago, acknowledged being the victim of a sophisticated ransomware attack in a statement on its website. (therecordmedia)

‍

My thoughts: I have an observation / assumption that you may not agree with. For some specific industries, especially those who are “paper heavy”; The older the company, the less likely they are to consider security as a priority. Their mentality is “we made it this far, what are the chances?” What are your thoughts?

‍

2. More you need to know about malvertising

‍

A new ransomware strain called 'Big Head' has emerged, spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. Security researchers have analyzed the malware and found that it installs three AES-encrypted files on the target system, including one for propagating the malware and another for Telegram bot communication. Big Head also displays a fake Windows update alert to deceive victims. The ransomware encrypts files, appends a ".poop" extension to their filenames, and deletes shadow copies to prevent system restoration. Trend Micro discovered two additional variants of Big Head, one of which includes data-stealing capabilities. The third variant incorporates a file infector called "Neshta" to evade signature-based detection. (bleepingcomputer)

‍

My thoughts: We started talking about malvertising last week. Hackers are clearly taking advantage of this type of attack while people are still unaware of it. Volume Shadow Copy Service (VSS) is a built in Windows function which provides the ability to roll back your operating system to a point in time (in best case, to a “pre-infection” point). Being able to circumvent VSS is troublesome. Solutions like SentinelOne provide a rollback mechanism leveraging VSS. Here is a video describing it. SentinelOne is becoming an essential part of the cyber security toolbox.

‍

3. Cloudy day for Sun Life

‍

Sun Life, a prominent Canadian insurance provider, has disclosed that the personal data of some of its U.S. customers were compromised in a global cyber attack that targeted one of its vendors in June. While Sun Life U.S. itself does not use the affected file transfer software, one of its vendors, Pension Benefit Information (PBI), reported that unauthorized access to members' personal information occurred during the incident. No financial information or medical claims were exposed. They have advised customers to monitor their accounts and credit history for any signs of unauthorized activity. (ctvnews)

‍

My thoughts: The incident involved a third-party vendor of Sun Life which shows weakness in their cyber security posture. Strategies involving risk management and regular checking with its third-party vendor are needed.

‍

4. Third-party problems with Apple products

‍

Apple's chipmaker partner, TSMC, has experienced a data breach through one of its third-party suppliers, Kinmax Technology. The ransomware group LockBit claimed responsibility for the violation and is demanding a $70 million ransom to prevent the release of the stolen data. TSMC has clarified that the breach only affected information related to server setup and configuration and did not compromise any customer data or impact business operations. TSMC has terminated data exchange with the supplier in accordance with security protocols. Apple has not provided a comment on the incident, but TSMC is confident that its customers' data remains unaffected. (9to5mac)

‍

My thoughts: This story proves that vendor management is an ongoing activity. Imagine those who don’t EVER vet their vendors!? Scary.

‍

5. Have you heard?

Check out our new partners at Abnormal Security. The reason why Assurance IT decided to make this strategic investment with Abnormal is due to their platform's effectiveness at significantly mitigating losses related to business / vendor email compromise by leveraging advanced user behavior profiling and behavioral data science.

‍

Abnormal offers a free non-invasive, minimal-overhead, Email Risk Assessment which highlights the residual risk that is bypassing an organization's existing email security controls. Check out our new partners Abnormal Security.

‍