31 May 2020

News round-up May 2020 — Ransomware formally registered as business risk and security report on cyber attackers

Helping your business stay abreast and make sense of the critical stories in digital risk, cyber security and privacy. Email news@elevenM.com.au to subscribe.

The round-up

In our latest round-up, we get a fresh angle on some familiar threats. The rise of ransomware over recent years has seen it elevated as a formally registered business risk, while new research seeks to explain why phishing continues to work so well. A new security report also gives us insight into what’s motivating cyber attackers, and into one of the fastest growing reasons that data breaches are occurring.

Key articles:

Cognizant expects to lose between $50m and $70m following ransomware attack

Summary: Global IT services provider Cognizant anticipates an April ransomware incident will significantly impact its bottom line.

Key risk takeaway: The operational disruption of ransomware – which locks files until a ransom is paid – is often highlighted but as this story reveals, the sustained financial impacts can be just as devastating. In addition to the quoted figures, Cognizant also anticipates ongoing legal, consulting, investigation and remediation costs relating to this incident. Undoubtedly it’s also expending energy re-assuring wary clients, many of whom suspended Cognizant’s system access in the wake of the incident. As more and more businesses get popped by ransomware – most recently logistics company Toll Group and money management company MyBudget, the business criticality of ransomware is becoming better known, not least demonstrated by the growing number of companies listing ransomware as a risk factor in company filings.

Tags: #ransomware

Citizen data compromised as Service NSW falls victim to phishing attack

Summary: A breach of the NSW Government agency resulted in customer information in emails being accessed by attackers. It was one of many phishing-related breaches and attempts in the last month.

Key risk takeaway: Though not the most exciting, phishing remains one of the most persistent cyber threats and is responsible for the majority of data breaches. Along with the breach at Service NSW in April, phishing attacks have recently targeted healthcare companies, consulting firms, and financial services entities and government officials, forming part of everything from financially-motivated cybercrime campaigns to high-stakes geopolitical manoeuvring. The success of phishing is at least partially derived from our individual inability to accurately recognise risks in our own behaviours, new research shows. This requires organisations to find novel ways to continuously engage and educate staff, which can be achieved through a combination of phishing simulation campaigns, an engaged communications program and immersive learning experiences.

Tags: #phishing #securityawareness

Money is still the main motivating factor for hackers, Verizon report finds

Summary: Eighty-six percent of data breaches in 2019 were motivated by money, according to Verizon’s annual Data Breach Investigation Report.

Key risk takeaway: This reminder of the primacy of financial motivations for most cyber attackers can help security leaders keep their security priorities focused on what matters most. While cyber-attacks by sophisticated nation-state actors grab more than a healthy slice of news headlines, this story emphasises that a vast majority of attackers are mainly in it for the pay day. The takeaway for businesses is that making life just a little more difficult increases the cost of doing business for cyber attackers, and is often enough to deter their focus towards easier, more cost-effective targets. This highlights the value of basic security hygiene measures such as educating staff and applying basic security controls like the Australian Government’s Essential Eight.

Tags: #securityhygiene #securityawareness #securityriskassessment

COVIDSafe may need privacy changes to use new Apple and Google tool

Summary: New technology from Apple and Google that could address technical issues with the Australian Government’s COVIDSafe app reportedly may require that the app address additional requirements around privacy and personal data before it can use that technology.

Key risk takeaway: As momentum builds around the world to use digital technology to help flatten the curve, public expectations around privacy continue to influence the conversation surrounding the Australian Government’s COVIDSafe app, arguably impacting potential community uptake. The Government has said it is considering integrating the Apple/Google technology into the app, however changes will be required to allow users to voluntarily enter contact detail (versus doing so mandatorily, as the app currently requires). The discussions between the Government and tech giants come amid continued conversation about the legislative framework surrounding the app, with a group of leading privacy experts in May laying out a series of suggestions to ensure the app preserves privacy and community trust.

Tags: #privacy #COVIDSafe

EasyJet admits data of nine million hacked

Summary: The UK budget airline admitted the cyber-attack affected approximately nine million customers, with more than 2000 customers also having had their credit and debit card details “accessed”.

Key risk takeaway: If coronavirus doesn’t get you, cyber-attacks will. At least that might be the current mantra at EasyJet who, already ravaged (like all airlines) by widespread travel bans, now also faces regulatory action due to a data breach and a possible hefty fine (remember British Airways’ copping a £183m fine for its 2017 breach). Further compounding the financial woes is a £18 billion damages suit filed against the airline on behalf of affected customers. EasyJet’s public response to the incident may hamper efforts to re-build trust, with disclosure coming four months after the incident was discovered (disclosure timeframes are now closely scrutinised) and using descriptors such as “highly sophisticated” (now openly derided by journalists) to characterise the attack.

Tags: #cybercrisisresponse #databreachresponseplan

Verizon’s data breach report highlights how unsecured cloud storage opens door to attacks

Summary: One of the rising reasons behind data breaches is misconfiguration errors by organisations that results in cloud storage being left unsecured and potentially accessible by attackers, a major report has found.

Key risk takeaway: This trend in Verizon’s data breach report reflects what we have seen unfold via our news roundups over the past two years – in which we have documented numerous instances of a business’s “leaky” cloud configuration leading to a large-scale data exposure. The report notes that the increased volume of these incidents being disclosed may be the result of heightened activity of security researchers, who actively seek out these exposed cloud “buckets”, rather than the result of more errors by organisations. Regardless, the salient point is that public exposure of customer data due to poor cloud configuration can severely impair trust. Organisations should ensure cloud folders or “buckets” are not publicly accessible, while also enforcing user account security measures such as strong passwords and multi-factor authentication. The Verizon report that these trends are drawn from is based on analysis of 157,000 security incidents affecting businesses in 16 different industries).

Tags: #cloudsecurity #securityawareness