You can’t go a week without seeing a story about a data breach or ransomware hitting organizations. These breaches can be very costly, but they still continue to show up. Are the good guys not winning the cybersecurity war? Organizations invest millions of dollars in security products and services, but they keep getting breached.
October is national cybersecurity awareness month, and with the recent hacks at Door Dash, the discovery of a large-scale iOS hacking campaign, and a database containing 419 million phone numbers associated with Facebook accounts, we’re all likely feeling a little dirty. So, I decided to share my perspectives on cyber hygiene.
As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be.
Diligent taxpayers are being increasingly targeted by con artists who are well-versed in manipulating the revenue system. The crooks usually impersonate IRS (U.S. Internal Revenue Service) officials, sending fake emails or messages on social media in an attempt to defraud the targeted individuals of their money. Unfortunately, lots of people fall for these scams, and the malefactors are raking in significant profits. Below is a list of the prevalent tax swindles doing the rounds nowadays.
The time at ML:0 can be eye-opening form many organizations. There are generally a lot of assets discovered that are new or had been forgotten about. Almost every organization discovers their own Methuselah; this is the system that has been around forever and performs some important tasks but has not been updated in years. The system admins are scared to touch it for fear of breaking something.
In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms and conditions when creating an account or downloading software.
Normally it works like this. Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience. And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after his QNAP NAS drive was hit by the Muhstik ransomware.
Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the efforts of bad actors to target Airbus by infiltrating its suppliers’ networks.
Phishing attacks don’t show any sign of slowing down. Per its 2019 Phishing Trends and Intelligence Report, PhishLabs found that total phishing volume rose 40.9 percent over the course of 2018. These attacks targeted a range of organizations, especially financial service companies, email and online service providers and cloud/file hosting firms.
If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key products such as antivirus, DLP, firewalls, etc. But in a world with IaaS, PaaS and SaaS, maintaining a comprehensive approach becomes far more difficult.
