Cyber security update. July

SoftwareOne believes there is a need for additional information when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareOne’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest security breaches

Uber has admitted to the US Department of Justice that it covered up a massive data breach in 2016 that exposed around 57 million users and 600,000 drivers' licence numbers.

The California Department of Justice accidentally exposed the personal details of hundreds of thousands of gun owners who applied for a license to carry a concealed weapon when it mistakenly published a confidential spreadsheet.

The personal details of 69 million members of Neopets, are on sale after hackers stole the site’s source code and a database.

In what could be one of the biggest data thefts ever, hackers claim to have stolen 24TB of data containing information on one billion people from a Chinese police database.

Cyber security awareness

An average corporate data breach now costs the exposed company around USD 4.35 million, which is an all time high, according to IBM Security.

Almost half of all companies have faced a major security breach in the past five years, according to a new poll, with one third of the incidents blamed on internal theft.

T-Mobile has agreed to pay USD 350 million in settlements to compensate victims of a security breach last year. Of the 76.6 million people affected, 10 million will receive $25 each. In addition, it will pay USD 150 million to upgrade its data security.

Cyber security intelligence

The FBI, CISA and FinCEN have issued a CyberSecurity Advisory (CSA) on the MedusaLocker ransomware attack, which they warn is operating a ransomware-as-a-service business.

North Korea is responsible for Maui Ransomware attacks on the public healthcare sector, according to a Cyber security Advisory from the FBI, CISA and the US Treasury.

The FBI is warning US investors about fraudulent cryptocurrency investment schemes. According to a recent Cyber security Advisory, 244 victims in the US have been identified who have lost a total of USD 42 million.

Hot topic of the month: Cyber criminals take aim at SMBs

Cyber criminals are increasingly targeting smaller businesses instead of focusing mainly on enterprises and financial institutions. SMBs account for the largest percentage of the economy but do not have the security products or awareness found in large companies, making them an easier target.

Off-the-shelf cyber weapons are being used to launch an increasing number of phishing, malware and ransomware attacks on SMBs. Criminals are exploiting the fact that smaller businesses don’t believe that they are at risk and so take fewer security precautions. A lack of awareness when it comes to social engineering techniques, combined with weak security and passwords, leave many small businesses vulnerable. SMBs can better protect themselves by taking security more seriously:

• Adopt multi-factor authentication – strong passwords alone are not enough. Adding an extra layer of protection, such as biometrics, could block the vast majority of attacks.
• Keep abreast of the latest attacks and share information with the global cybersecurity community. Subscribe to security alerts from organizations such as the World Economic Forum Centre for Cybersecurity, Interpol, CISA and the UK National Cyber Security Centre.
• Implement security policies such as requiring dual authorization for all payments and restricting access to resources that are unnecessary to the employees’ job function.
• Implement cloud-based solutions such as secure storage, back-up services and secure email services. If possible, subscribe to a managed security solutions provider (MSSP).