Page 32
https://www.crn.in/digital-issue/july-2018-digital-magazine/
Weekly blog that sums up the interesting Cyber Security developments of the past week.
1)
Cyber
security, AI top technologies for healthcare firms - Cyber security
(77 per cent), Big Data analytics (72 per cent) and AI (59 per cent) are the
three digital technologies most utilized by healthcare firms currently,"
Infosys said in its report titled "Digital Outlook for Healthcare and
Life Sciences Industry. According to the report, nearly 76 per cent of the
life sciences firms that were surveyed considered investing in cyber security
over the next three years for protecting patient data.
2)
Powerful APT Malware
“Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router
- Slingshot is one of the powerful cyber threat actor that mainly targeting
individuals and organization and the major victims belong to Africa and the
Middle East. Slingshot attacked 100 of victims who is located in
Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia
and Tanzania
3)
Endpoint
and Mobile Top Security Spending at 57% of Businesses - Businesses
say data-at-rest security tools are most effective at preventing breaches,
but spend most of their budgets securing endpoint and mobile devices. There
is a disconnect between businesses' ideal security practices and their actual
strategies. Some 77% of companies cite data-at-rest security tools as the
most effective for preventing breaches but fall toward the bottom (40%) of
security spending priorities, new data shows.
4)
Frost
Bank Says Data Breach Exposed Check Images - According to the
company, it discovered last week that a third-party lockbox software program
had been compromised, resulting in unauthorized users being able to view and
copy images of checks stored electronically in the image archive. Frost Bank
systems weren’t impacted in the incident, Frost says. The information that
was accessed as part of the incident could be used to forge checks, the
company says.
5)
Walmart
Jewelry Partner Exposes Millions in Latest Cloud Storage Misconfig -
The Chicago, Illnois-based jewelry company, which operated under the name
Limogés Jewelry, left names, addresses, ZIP codes, phone numbers, email
addresses, IP addresses and passwords publicly available in an AWS S3 bucket
– data that can be used to carry out targeted fraud or phishing attempts.
6)
Dragonfly
Compromises Core Router to Attack Critical Infrastructure -
Dragonfly, the threat actor that was recently called out by the United States
as an arm of the Russian government, has been observed using a compromised
core router as one of its primary tools in attacks against government
agencies and critical infrastructure in Western Europe. “This is a
discovery whose significance far outweighs its size, given that core router
compromises are considerably harder to detect, analyze, patch, and remediate
than compromises of PCs,” Cylance researchers said.
7)
Cybersecurity
Incident Response Still Major Issue - Over 75% of respondents across
the globe admitted that they do not have a formal cybersecurity incident
response plan in place across their organization. However, nearly
three-quarters (72%) of organizations report feeling more cyber-resilient
today than last year and feel confident about their skilled personnel. This
confidence may be misplaced, with the analysis revealing that 57% of
respondents said the time to resolve an incident has increased, while 65%
reported the severity of the attacks has increased.
8)
Chinese
APT Takes Aim at Pharma - A Chinese advanced persistent threat (APT)
actor has been spotted using the infamous PlugX malware to target
pharmaceutical organizations in Vietnam, aimed at stealing drug formulas
and business information. A remote access Traojan (RAT), allows attackers
to perform various malicious operations on a system without the user’s
permission or authorization, including copying and modifying files, logging
keystrokes, stealing passwords and capturing screenshots of user activity.
9)
Twitter
Users Bilked out of Big Money by Elon Musk Clones - Twitter users are
collectively being conned out of tens of thousands of dollars per day via
fraud schemes involving accounts impersonating celebrities, including Elon
Musk and Vitalik Buterin, the man behind the Ethereum cryptocurrency. The
scam tweets ask for a small sum to be sent to an account, promising victims
that they will receive much larger amounts back in a classic chain-letter
gambit. An analysis of the Ethereum blockchain showed that the tactic is
working, with thousands of dollars being sent to the bad actors. The fake
accounts have struck hundreds of times over the last two months, with the
most successful taking away over $70,000 per day.
10)
Nearly
90% of Firms Will Use Biometrics by 2020 - The vast majority of
organizations will use biometric authentication technology by 2020, but
concerns over vendor transparency persist. 62% use it already in some
form, while an additional 24% will do so in the next two years. However,
although most believe it to be a more secure alternative to static passwords,
PINs and personal security questions, just 10% claimed biometrics are secure
enough to be used as the only form of authentication.
|