The Week In Review 18/01 – 22/01
Ransomware continues to dominate cyber headlines as we move further into 2021. Last year numerous multi-national companies fell victim to the cyber attack where the criminals attempt to sell companies back their own data that was stolen and encrypted during the attacks. However, it is not just large conglomerates that are lucrative targets for these cyber criminals. A recently released report by Digital Shadows outlines how Asset and Wealth Management firms (including hedge funds) are among the top targets for these attacks. With total assets under management (AUM) by these firms expected to hit $147 trillion by 2025, there is clearly financial incentive for would be ransomware criminals. Along with staff and client data these firms often have valuable intellectual property along with proprietary trading algorithms. AWM companies are often smaller than traditional financial institutions with security budgets and teams a fraction of their larger counterparts. With this in mind, it is concerning that a UK based and published report found that 28% of organisations do not offer employees any form of cyber security training at all. It is predicted that less than 1 in 10 receive regular cyber security training. As cyber attacks have sharply increased since the start of the pandemic, this gap in cyber security training and awareness leaves businesses more susceptible to attacks that will be successful. This is certainly true with the notorious rise in Business Email Compromise (BEC) attacks that are commonly used in ransomware attacks.
With the recent media frenzy surrounding WhatsApp’s change in privacy policy resulting in outrage from a number of its userbase, alternative more privacy focused messenger apps such as Telegram and Signal have seen an influx of new users. These apps focus on privacy and security of their users, promising that their data is secure, encrypted and will never be used for purposes such as marketing, as Facebook have done across their Messenger and now WhatsApp apps. This increased publicity has in turn increased the scrutiny across these messaging apps, with people asking how secure are they really? In now patched bugs, Signal and other apps were shown to have critical flaws that enabled attackers to listen to their victims surroundings through the call functions of the apps, with no interaction from the user. Other questions have been raised about these apps, and it is always suggested that you do your due diligence before using apps to communicate information, sensitive or otherwise.
Another topic that hasn’t left headlines since October/November last year is, of course, Bitcoin. The cryptocurrency has seen numerous All Time Highs (ATH) in recent months sparking frenzy amongst investors both institutional and individual. It is therefore probably no surprise that cyber crime surrounding cryptocurrency has also picked up the pace. Security firm Avira stated that they detected a 53% increase in crypto mining malware quarter-on-quarter in the final three months of 2020.
Assess your organisation’s specific vulnerabilies to Ransomware attacks with Dionach’s Ransomware Readiness Review.
Read about all of this and more below:
Quarter of orgs don’t offer cyber security training
(infosecurity-magazine.com)
Ransomware victims with backups are paying ransoms
(zdnet.com)
AWM firms are vulnerable to ransomware
(techrepublic.com)
Israeli cyber security firms raise record $2.9bn during pandemic
(timesofisrael.com)
Bugs in messaging apps let attackers spy on users
(bleepingcomputer.com)
Coin-mining malware correlated to crypto price rises
(infosecurity-magazine.com)
Rethinking active directory security
(helpnetsecurity.com)