now browsing by tag


#comptia | #ransomware | Indian corporate sector sees rising ransomware attacks

Source: National Cyber Security – Produced By Gregory Evans

As per Kaspersky, three groups of ransomware are most active in India.


New Delhi: Ransomware attacks have increased manifold during the last year and according to global cyber security group Kaspersky’s data, ransomware attacks across the globe has seen an increase of 60% in 2019 compared to 2018.

Municipalities have been the biggest targets for ransomware attacks in 2019, and Kaspersky data reveals that around 174 municipal institutions along with 3,000 of its subset organisations have been targeted by ransomware in 2019.

The ransomware demands from the attacked institutions or corporates range from $5,300,000 and $1,032,460 on average and researchers say that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.

One of the major ransomware attacks which was faced in 2019 was in Baltimore in the United States where officials encountered a ransomware called RobbinHood that encrypted a number of municipal computers, and completely paralysed some city services. The malware had disabled about 10,000 devices and extortionists demanded 13 bitcoins which cost about $114,000 to decrypt the computers.

India has not been far behind and during 2019, the Indian corporate sector faced a number of ransomware attacks. According to Kaspersky’s research group, three groups of ransomware—Ryuk, Purga and Stop—have been the most active and notorious ransomware active in India.

Among these three ransomware active in India, the Stop ransomware had caused about 10.10% of the total ransomware attacks in India, followed by Ryuk which was responsible for about 5.84% attacks and Purga was responsible for 0.80% ransomware attacks.

The mechanism behind how these ransomware operate is quite simple—they turn the files on victims’ computers into encrypted data and demand a ransom for the decryption keys. These keys are created by threat actors to decipher the files and transform them back into the original data. Without a key, it is impossible to operate the infected device. The malware may be distributed by the creators of the threat, sold to other actors or to the creators’ partner networks, “outsourced” distributors that share the profit from successful ransomware attacks with the technology holders.

However, according to Kaspersky researchers to avoid malware infestation and ransomware attacks It is essential to install all security updates as soon as they appear.

Most cyber attacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack. They also advice to protect remote access to corporate networks by VPN and use secure passwords for domain accounts and to have fresh back-up copies of all files so that one can replace them in case they are lost.

Source link

The post #comptia | #ransomware | Indian corporate sector sees rising ransomware attacks appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Firms to combat cyberattacks and fraud in UAE banking sector

Source: National Cyber Security – Produced By Gregory Evans

The event in progress in Abu Dhabi on Monday.

Business Bureau, Gulf Today

In a collective effort to promote a secure and stable financial landscape in the UAE, UAE Banks Federation (UBF), in partnership with SWIFT, the leading provider of secure financial messaging services, on Monday hosted the ‘SWIFT Customer Security Programme (CSP)’ conference. The CSP conference, which took place in Abu Dhabi, witnessed industry experts coming together to discuss how the widespread implementation of SWIFT CSP can support banks in combating all types of threat of cyberattacks by equipping them with necessary information and tools to mitigate electronic financial frauds.

SWIFT CSP is an initiative aimed at reinforcing the overall security of the global banking system by improving information sharing throughout the community, enhancing SWIFT-related tools for customers, sharing best practices for fraud detection and enhancing support by third party providers. Through the programme, SWIFT has also recently launched the Customer Security Control Framework (CSCF), which outlines a series of compulsory and advisory security controls for customers, which can help them strengthen and improve cyber security standards across the UAE.

Commenting on the occasion,  AbdulAziz Ghurair, Chairman of UBF, said: “On the back of accelerated technological innovation, the threat of cybercrime has significantly increased over the years, and the localised instances of payment fraud have reiterated the necessity for greater and more extensive partnerships to solve these issues. In line with our commitment to foster a safer and more protected banking environment across the UAE, we are delighted to collaborate with SWIFT to encourage the industry-wide adoption of the SWIFT CSP. Cybercriminals are becoming quickly smarter, and we are developing more sophisticated technologies that are becoming fundamental for banks to implement innovative platforms that promote improved transaction processes and provide relief and security for customers.”

Onur Ozan, Head of the Middle East, North Africa & Turkey, SWIFT, said: “With the Customer Security Programme, SWIFT is reinforcing the security of the entire global banking system. Worldwide, financial institutions are adopting SWIFT’s CSP as attackers prove increasingly determined and cunning. The CSP is delivering tangible results, supporting institutions in stepping up to this growing threat.”

The conference included several discussions focusing on SWIFT CSP and CSCF initiatives and the profound impact that such could have on finance and banking environment, emphasising the evolution of the payment landscape as a primary reason to adopt safer security measures.

Meanwhile, a meeting between members of the CEOs Advisory Council of the UAE Banks Federation (UBF) was held in Dubai to discuss recent developments, issues and advancements in the finance and banking sector in the UAE, with a particular focus on Emiratisation.

Directed by AbdulAziz Al Ghurair, Chairman of UBF, the meeting focused on a wide range of topics, including progress on existing UBF programs and initiatives, advances on Emiratisation efforts, findings and results from UBF’s latest Trust Index Survey, and the upcoming Middle East Banking Forum (MEBF) in November 2019.

Speaking on the occasion, AbdulAziz Al Ghurair said: “The astounding amount of change and transformation in the UAE banking industry means it is increasingly necessary for us to regularly hold these meetings, so that we may analyse key strengths, opportunities, and challenges in the sector. For this specific meeting we identified our priorities based on the current happenings in the financial and banking industry, as well as the overall larger economy. The recent announcement of the creation of more than 20,000 jobs for Emiratis in top-tier sectors, including banking, has driven us to focus on Emiratisation efforts within banks, and evaluate ways of working together to enhance the skills and expertise of UAE nationals. Additionally, we are confident that the banking sector will continue progressing and evolving in lieu of the highly positive results from the recently announce Trust Index Survey 2018.”

Distinctively positioned at the centre of the banking industry, which underpins the economy, UBF has a responsibility to support the UAE’s progressive vision to empower society at all levels. Whether it’s addressing the ever-changing challenges in the market, or developing the skills of UAE nationals to increase their recruitment to vital positions in the industry, UBF is continuously working towards a sustainable and diversified economy.

Current plans and initiatives in the banking sector focus on innovation and digitisation, and aim to provide easy access to multiple government and non-government services. From next month, banks will start adopting UAE Pass, a new mobile app which acts as a digital identity and digital signature solution, enabling individuals to conduct financial transactions, upload documents, validate documents and share data. The Emirates Digital Wallet, a tool aimed at promoting financial inclusion and driving a cashless society, is also being developed and will be launched soon.

Source link

The post #cyberfraud | #cybercriminals | Firms to combat cyberattacks and fraud in UAE banking sector appeared first on National Cyber Security.

View full post on National Cyber Security

How one #investor is #navigating the #cybersecurity #sector

From managing healthcare records and finances to how we do our shopping, innovative technologies have made our lives easier by giving us the freedom to access almost anything at the touch of a button. But this on-demand convenience often comes with increased security risk.

With so much of our personal information being transmitted daily, we have become more susceptible to cyberattacks. In fact, cyberattacks have become the fastest growing crime in the U.S. with cybersecurity spending expected to exceed $1 trillion through 2021, according to a report by Cybersecurity Ventures.

When the National Association of Corporate Directors asked board members to identify trends most affecting their companies over the next 12 months, “cybersecurity threats” were cited more frequently than even “political uncertainty in the United States” or “technology disruption” — a revealing statistic, given the state of current events.

As a result, the mounting need for cybersecurity solutions has opened the door for thousands of new companies touting the “best” and “most effective” security platforms.

As growth-equity investors, how do we determine the best opportunity within this crowded market?

In the cybersecurity sector, a handful of well-established megacompanies make up the tip of the iceberg. We at NewSpring, however, see greater opportunity just beneath the surface.

We pursue growth-oriented cybersecurity companies that are multifaceted, have revenue- and service-expansion potential, and will be able to deliver attractive exit multiples.

Beyond these criteria, we believe it’s crucial to identify companies with innovative, differentiated product offerings that provide effective solutions to the problems facing their target customers, whether in enterprise or mid-market sectors.

A little more than a year ago, I attended the RSA Conference in San Francisco, where it’s easy to become overwhelmed by the myriad cybersecurity solutions on the market.

The majority of these companies are single-niche companies, focused on one specific area, such as endpoint protection, network security, cloud security or threat intelligence.

If you are a company looking to protect yourself against cyberattacks, you would need to bundle several of these companies to get a full suite of services.

And with cyberattacks appearing in a variety of shapes and sizes, you need a wide range of security solutions. This presents an opportunity for those who can fill this void.

For example, a few years ago we invested in LookingGlass Cyber Solutions, which provides intelligence-driven security by delivering unified threat protection to global enterprises and government agencies.

LookingGlass’s end-to-end portfolio, backed by a global team of security analysts, addresses a full spectrum of cybersecurity risks by rapidly analyzing structured and unstructured data gathered from its customers’ infrastructures and correlating this information in real-time with security trends the company monitors across the wider internet.

This view of threats offers earlier recognition and mitigation of cyberrisks present in business operations, supply chains and other third parties.

LookingGlass provides not only the technology required to combat sophisticated cyberattacks, but also information-security, brand-security or physical-security monitoring as a service to its customers and partners.

When we were evaluating the company’s offering, it had recently acquired two companies and was negotiating a third. LookingGlass’s commitment to a rollup strategy enabled it to offer multidimensional cybersecurity solutions, which played an important role in our decision to invest.

As technology advances and consumers’ appetites for customization and convenience continue to grow, the need for cybersecurity will become even more prevalent.

While healthcare and fintech will continue to garner most of the headlines, other industries such as automotive, logistics and smart home technology will also spur new opportunities.

The cybersecurity industry has only just begun to scratch the surface and we are optimistic about the exciting new investment opportunities this sector will have to offer.


The post How one #investor is #navigating the #cybersecurity #sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Public #sector executive #pay should be #linked to #cybersecurity

Source: National Cyber Security News

Cybersecurity is constantly in the headlines for all the wrong reasons.

Earlier this month, we heard that all 200 UK NHS Trusts that have been assessed so far failed to meet the standards of the government-backed Cyber Essentials Plus scheme. Some of them even failed on patching, which was the vulnerability that led to the WannaCry ransomware attack. They clearly haven’t learned the lessons from an event which caused massive disruption across the health service, with operations postponed and appointments cancelled.

You would think that, if public sector organisations can’t even manage basic security hygiene such as patching, there would be consequences for those running them. However, while the forthcoming GDPR is bringing in new requirements for the protection of personal data, the large fines (€20m or 4% of global revenue) for a privacy breach will apply to the organisations concerned and will not affect their leaders.

After the TalkTalk cyberattack, its then chief executive Dido Harding may have had her cash bonus halved, from £432,000 to £220,000, but she was still paid a total of £2.81M in 2015, despite the personal and financial details of tens of thousands of customers disappearing into the ether.

Read More….


View full post on National Cyber Security Ventures

Why #Cybersecurity in the #Travel and #Hospitality #Sector is So #Critical?

Source: National Cyber Security – Produced By Gregory Evans

For many years now, cybersecurity has been a primary concern of government organisations and the banking sector, but the hospitality and travel industry is beginning to acknowledge the importance of online security in its day-to-day operations.

Each travel operator, hotel or transport company handles all kinds of sensitive data on their customers, as well as their own staff and suppliers. The consequences of organisations experiencing online data breaches are now higher than ever before. For instance, if a travel operator is hacked, leaking thousands of personal addresses of customers, they face significant financial, legal and reputational ramifications. The loss of customer confidence in the operator and the legal costs of any resulting identity theft would hit any travel operator big or small right where it hurts – the profit and loss sheet.

As businesses within the travel and hospitality sector grow, so too does their global footprint of sensitive data. There is an increasing need for these brands to maintain the privacy, integrity and security of all personal information that is in their care. A sure-fire data security 101 tip is to implement a robust user rights management hierarchy. This can help to control the level of sensitive data an individual can access in line with their seniority within the organisation as well as their job description. It requires travel companies – particularly those with global workforces – to keep a tight reign on their user rights systems to remove dormant users that may have left the company; mitigating the possibility of any revenge attacks. Organisations should also closely monitor and audit their employees’ data usage to pinpoint any signs of access abuse, which is not always malicious but can still have ramifications for the company when it’s not.

The major elephant in the room for travel and hospitality brands operating in and out of Europe is the new impending European regulations designed to safeguard customer data. The new General Data Protection Regulation (GDPR) has been devised by the European Union (EU) and will come into force next year. Although GDPR is aimed at giving the average consumer or holidaymaker greater control over how their personal data is used and stored, it also gives travel and hospitality organisations greater clarity about data protection law, creating one legislation across the entire single market.

Under the GDPR rules, travel and hospitality firms that fail to comply in time for 25th May 2018 could experience hugely damaging financial penalties which could plunge brands into difficult times; perhaps even closure. The upper limit penalty for non-compliance will be €20m or 4% of an organisation’s annual global turnover; whichever is greater. GDPR will affect all kinds of departments of travel firms; from legal and compliance teams to IT and marketing divisions. Those within the travel and hospitality industry must therefore take the protection of customer and employee data as seriously as their revenue.

Regular security audits, increased encryption of data and watertight password control are no longer something that can be ignored. So too are lawful marketing campaigns and privacy policies, while teams should be educated and briefed on how to handle a data breach if – and when – the time comes. Travel professionals handle more data than you realise and meeting those new obligations will not only keep brands on the right side of the law, it will increase consumer confidence and strengthen brand reputation overall.

The post Why #Cybersecurity in the #Travel and #Hospitality #Sector is So #Critical? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector

Source: National Cyber Security – Produced By Gregory Evans

Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector

One of the technology industry’s most humdrum sectors found itself some drama in the past few weeks amid a cyber attack and lost production.

NAND flash is important stuff — your holiday snaps and favorite apps depend on it. But amid the rush to sharper displays and high-resolution cameras, few stop to think about the chips inside the iPhone that store all that important (and useless) data.

These are the chips that attracted a bevy of international suitors to the door of Toshiba Corp. earlier this year. Western Digital Corp. and Apple Inc. rely on them, and Bain Capital Private Equity and Foxconn Technology Group wanted more control over them. Bain, teaming up with Apple, won the $18 billion battle for Toshiba’s chip business.

Then came the alleged hack attacks. Digitimes, a Taipei-based tech news site, reported Monday that ransomware forced Toshiba to halt production for a few weeks, cutting output by 100,000 wafers. That’s a big number, equal to around 20 percent of Toshiba’s monthly capacity, according to researcher TrendForce Corp.

In an email reply to Gadfly, Toshiba denied that it suspended production at Yokkaichi,  the site of its NAND factory, and said it wasn’t approached by Digitimes for comment.

Still, a person familiar with the matter told Gadfly that the company was struck by a virus — not ransomware —  in early September that affected some production facilities and prompted Toshiba to advise clients of minor delays in delivery. Since the virus remained within the company, it decided not to disclose which facilities were affected or the exact scale.

Even before the Digitimes report, TrendForce senior research manager Alan Chen had heard the rumors and jumped on the phone to check with his sources: yes, there was some incident at Toshiba; yes, production was affected; no, the scale wasn’t as vast as 100,000 wafers. It was less than half of that, he told Gadfly.

Such a blip highlights the importance of the sector and its lack of transparency. Toshiba is the second-largest supplier of NAND flash with a 17.5 percent share, behind Samsung Electronics Co. on 35.6 percent, TrendForce estimates. What’s more, supply this year is already forecast to fall 2.9 percent short of demand as growth outstrips capacity expansion. Heavy new investment, including 330 billion yen ($2.9 billion) from Toshiba, is expected to bring the industry back into balance next year.

That makes any potential supply constraint a big deal, especially amid concern that the iPhone X is facing production shortages and with numerous other smartphones being introduced from brands including Huawei, Google, Xiaomi and Samsung.
The drama also adds to the opacity of the flash market. Manufacturers have been shutting or slowing lines in order to convert their facilities to better equipment, while some are adding entirely new factories. This process crimps output in the short term, but once the upgrades are complete their capacity jumps, and it’s the scale and timing of these changes that’s made the global supply-demand picture unclear.

As industry stakeholders — including investors and global electronics brands — try to keep tabs, there’s every chance that more rumors and incidents will make the dullest of tech sectors just that little bit more interesting.

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.
Tim Culpan is a technology columnist for Bloomberg Gadfly. He previously covered technology for Bloomberg News.


The post Toshiba #Hacking Drama #Enlivens Tech’s Most #Boring Sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector

Source: National Cyber Security – Produced By Gregory Evans

Last week, the media was abuzz with apocalyptic headlines about how Russian hackers were launching cyber-attacks on the US energy and nuclear sector. All the hoopla started when news broke about a joint alert sent by the Department of Homeland Security and the Federal Bureau of Investigation, which warned companies…

The post The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How the Govt plans to power up Australia’s cyber security sector

Source: National Cyber Security – Produced By Gregory Evans

How the Govt plans to power up Australia’s cyber security sector

Here are some of the government’s key strategies in its plan to boost the country’s cyber security sector The Federal Government launched its Cyber Security Sector Competitiveness Plan on 20 …

The post How the Govt plans to power up Australia’s cyber security sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Private sector urged to focus on cyber security defense

Source: National Cyber Security – Produced By Gregory Evans

The private sector will come under increased focus to serve as the first line of defense for cyber security, a former general counsel for the U.S. National Security Agency said Wednesday. Rajesh De, now a partner at Mayer Brown’s Washington …

The post Private sector urged to focus on cyber security defense appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New Cybersecurity Professional Scheme to groom public sector experts

Source: National Cyber Security – Produced By Gregory Evans

A new Cybersecurity Professional Scheme for the public sector was on Monday (Mar 6) revealed by the Communications and Information Minister Yaacob Ibrahim. Speaking during his ministry’s Committee of Supply (COS) debates in Parliament, Dr Yaacob, who is also Minister-in-charge …

The post New Cybersecurity Professional Scheme to groom public sector experts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures