Investment scams that involve grooming a target to invest in fraudulent endeavors took off like a rocket in 2022 and led all cyber crime, racking up $3.3 billion in losses on the year.
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
SpaceX Third Party Vendor Hit by LockBit Ransomware, Gang Claims That It Stole Engineering Schematics
The LockBit ransomware group claims that it was able to penetrate SpaceX via a third party vendor, and is holding some 3,000 engineering design documents that it is threatening to sell.
Many data-centric cybersecurity frameworks are pushing the industry towards full proactive prioritization and risk ranking gap analysis to enable an accurate measure of system risk while reducing the resources and time required for compliance with privacy regulations.
The ransomware gang ALPHV has claimed to have breached Amazon's Ring on the underground site it uses to extort victims, though it has yet to provide any evidence.
Cloud and mobility, including the blurred lines between personal and corporate devices has increased the complexity of identity and access management. Likewise, the surge in the sheer volume and variety of data has contributed to a more dynamic and multifaceted authorization process for enterprises.
Telecoms giant AT&T confirmed a third-party data breach involving a marketing vendor exposing 9 million customer accounts to unauthorized access.
Taiwanese PC maker Acer confirmed a data breach after a hacker listed the stolen data on a hacking forum, including technical product specifications and infrastructure details.
Cybercriminals aren’t just hacking for activism or for fun. They’re running their attacks like a business, targeting organisations to extort money – and they’re getting smarter at it. Don’t get complacent, don’t cut corners and shore yourself up against the people lurking in the cyber-shadows.
A health data breach appears to have exposed the sensitive personal information of members of Congress and their employees. DC Health Link is used by many (but not all) members and their assorted staff.
The U.S. aviation sector is looking at new cybersecurity requirements in four fundamental areas: network segmentation and redundancy, access control, monitoring and detection of threats, and timely patching.