A poorly configured Amazon cloud database resulted in the Capital One breach exposing information of 106 million U.S. and Canadian customers and applicants. What are the five steps that organizations can take to prevent such attacks?
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The New York Department of Financial Services (NYDFS) Cybersecurity Regulation blazed a trail in 2017, forming the basis for similar laws for other industries in other states. Currently, the regulation serves as a useful model for managing cybersecurity risks, regardless of industry.
About 90 major hotels and resorts worldwide had their security logs exposed in a third party data breach. Source of the breach is ironically from their management company's intrusion detection system.
Most ransomware attacks begin with some combination of phishing and social engineering. An enterprising ransomware gang in Nigeria appears to be skipping this messy step, simply making a direct pitch to employees to join in on the attack.
Because of the significant damage a DDoS attack can cause, many IT teams will put protecting against the threat high on their agenda. However, what many IT teams may be completely unaware of is that there are a wide variety of different types of DDoS attack vectors in a cybercriminals’ arsenal.
The Lazarus hackers are generally in pursuit of profit. But in this case, the main interest appears to be cyber espionage. A report indicates that the group is targeting the Log4j vulnerability in energy companies.
Report found that most organizations that suffered successful ransomware attacks since 2019 had perimeter defenses in place and had trained their employees on phishing.
419 million Facebook users are vulnerable to phishing attacks, SIM swaps and spam with their phone numbers exposed through a number of online databases found without password protection.
Hacker created a Telegram bot to sell information belonging to 533 million Facebook users. Buyers could search users' mobile numbers using account IDs or vice versa.
Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyber attacks exchanged between nation-states. This definition extends to operations that have "major detrimental impact on the functioning of a state."