Russian hackers appear to have shifted their cybercrime focus to BEC scams as new study shows that they have struck over 200 businesses in 46 countries since July 2019.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
MGM, one of the two largest casino-hotel chains on the Strip, has not yet confirmed the nature of the attack, calling it a 'cybersecurity issue.' The properties remain open, but operations such as front desk check-ins and payouts for casino games have had to shift to entirely manual operations.
The government is addressing software supply chain security with new requirements. The OMB has issued a new memorandum that sets a year-long framework for vendors to provide assurances of secure software development.
A ransomware attack on KFC, Pizza Hut, and Taco Bell parent company Yum! Brands shut down 300 restaurants in the United Kingdom and leaked the company's corporate data.
DDoS extortion gangs returned and made new ransom demands as Bitcoin price surged. Four out five Radware customers who received the threats experienced intense DDoS attacks.
A recent spate of crippling ransomware attacks against healthcare organizations signals that these assaults remain a major threat. Healthcare leaders should focus their efforts by moving beyond a prevention strategy and focusing on developing a proactive preparedness plan.
Report from UK security think tank RUSI finds that fraud has "reached epidemic levels" in the country and that the volume of attempts should be viewed as a national security threat.
A grave warning from FBI director Christopher Wray: Chinese hackers can be expected to continue to infiltrate critical infrastructure, and similar activity is likely proceeding successfully.
The FCC warned about increased robotext scams from automated smishing attacks stealing personal information by impersonating known companies such as credit card companies, parcel delivery services, and law enforcement agencies.
Zero Trust has reached buzzword status in the security industry. But, unfortunately, many vendors that claim to provide Zero Trust solutions fall short of addressing all critical components.