Tag: cyberattack

MFA Adoption: Benefits and Risks

MFA Adoption: Benefits and Risks

Information Security, IT Support
MFA Adoption: Benefits and Risks The global pandemic which forces many organizations to adopt the work from home model has led to the dramatic adoption of multi-factor authentication (MFA) as a cybersecurity measure. While MFA has its benefits, it also presents some risks. What Is MFA? MFA, short for multi-factor authentication, is another route to account security. Traditionally, accounts are protected by single-factor authentication composed mainly of the username and password combination. Single-factor authentication has shown to be easily compromised, for instance, through brute force attack – guessing the correct username and password combination through automated means. MFA promises to secure an account by requiring multiple forms of verification to prove one’s identity when signing into an application. There are many forms of MFA. One form is through the use…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Software Updates: Gateway for Supply Chain Attacks

Software Updates: Gateway for Supply Chain Attacks

Information Security, IT Support, Security
Software Updates: Gateway for Supply Chain Attacks The confirmation by Taiwan-based tech giant ASUS that its software update was hijacked by cybercriminals to install malicious software (malware) on its customers’ notebook computers highlights the threat of supply chain attacks via software updates. A supply chain attack attempts to exploit the security vulnerability in a third-party service or software to compromise a final target. Hijacked software update is one of the most common forms of supply chain attack. Last March 26, ASUS, ranked by Gartner as the world's 5th-largest PC vendor in the 3rd quarter of 2018, asked its notebook computer customers to install the latest software update (version 3.6.8) after acknowledging that ASUS Live Update, a pre-installed software in ASUS notebook computers to ensure that the system always benefits from…
Read More
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Information Security, IT Support
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks The newly released Microsoft Security Intelligence Report revealed that over the past few years, the increased number of supply chain attacks had become a primary source of concern in many IT departments. The Microsoft Security Intelligence Report Volume 24found that several cyberattacks were detected using compromised software supply chains in 2018. These supply chain attacks, Microsoft said, have affected a wide range of software and targeted organizations in different geographic locations and sectors. The Microsoft report compiled 6.5 trillion threat signals and was based on research and real-world experiences from thousands of security researchers and responders worldwide for the period of January 2018 to December 2018. What Is Supply Chain Attack?  In a supply chain attack, an attacker maliciously makes…
Read More
Canadian University Shuts Down IT Network After Cryptojacking Attack

Canadian University Shuts Down IT Network After Cryptojacking Attack

Information Security
Canadian University Shuts Down IT Network After Cryptojacking Attack St. Francis Xavier University, one of Canada’s oldest universities, was forced to temporarily disable all its network systems in response to a cryptojacking attack. The university, in a statement, said that a malicious software (malware) infected its network which then attempted to utilize the university’s collective computing power in order to mine the cryptocurrency Bitcoin. The university added that it's bringing its IT systems back online in a staggering process to minimize potential risk. This cyber incident at St. Francis Xavier Universityhighlights the dangers of a cryptojacking attack. What Is Cryptojacking? Cryptojacking happens when a cyberattacker uses without consent the computing power of another for the purpose of mining a cryptocurrency such as Bitcoin. Mining a cryptocurrency like Bitcoin is similar…
Read More
Fax-Based Cyberattack Puts Organization’s Networks at Risk

Fax-Based Cyberattack Puts Organization’s Networks at Risk

Information Security, Security
Fax-Based Cyberattack Puts Organization’s Networks at Risk Standalone fax machine, fax-to-mail service and all-in-one printer fax machine are cybersecurity threats to your organization’s internal network, this according to the recent disclosure made by security researchers at Check Point. Millions of fax machines are still being used in offices worldwide. Healthcare organizations, law firms, banking and finance companies, in particular, still rely on fax machines in sending and receiving sensitive documents. Some organizations use fax machines in sending and receiving critical documents in compliance with government regulations, while others use it for legacy reasons.According to Check Point researchers, they’ve discovered a security vulnerability in modern-day fax machines, including fax-to-mail services and all-in-one printer fax machines, which allows cyber attackers to hack these once considered secured machines through a process called “remote…
Read More
Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool

Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool

Information Security
Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool Cryptojacking cyberattack is now the new favorite money-making tool by cybercriminals and computers of organizations lagging behind in cybersecurity are at risk of this type of cyberattack. A recent report from McAfee Labsshowed that in the 1stquarter of 2018, cryptocurrency mining malware grew to more than 2.9 million or 629% from nearly 400,000 in the 4thquarter of 2017. What is Cryptojacking? Cryptojacking is the act of illicitly installing a cryptomining software on the victim’s computer. A cryptocurrency mining software, on its own, isn’t illegal. This software harnesses the power of a computer as a means to release a new digital coin and as a means to verify transactions. In principle, owners of the computers used for cryptocurrency mining have to be compensated. In cryptojacking,…
Read More
How to Stop Cyberattackers from Turning Your Organization’s Computers Into Botnet

How to Stop Cyberattackers from Turning Your Organization’s Computers Into Botnet

Information Security, Security
How to Stop Cyberattackers from Turning Your Organization's Computers Into Botnet Security researchers at Deep Instinct have recently discovered a new malicious software (malware) campaign that turns Windows-based computers into a botnet. Researchers dubbed this sophisticated, never-before-seen in the wild botnet as “Mylobot”, named after one of the researcher's dog. What is a Botnet? A botnet is a group of computers that are infected by a malware and controlled by an attacker using command and control servers without the computer owners' knowledge. When computers are turned as part of a botnet, an attacker takes full control of the computers, using them according to his whim. An attacker can download additional malware from the command and control servers, turning the controlled computers as botnet army for distributed denial of service (DDoS)…
Read More
Effects of a Cyberattack: City of Atlanta Experience

Effects of a Cyberattack: City of Atlanta Experience

Information Security
Learning from the City of Atlanta Cyberattack It has been over 2 months since the City of Atlanta suffered a cyberattack, but a city official said at a public meeting that the effects of the cyberattack seem “to be growing every day”. On March 22, 2018, the City of Atlantaexperienced a ransomware cyberattack that affected the city’s multiple software applications and computers. A ransomware is a malicious software (malware) that locks files on infected computers and asks for ransom payment to unlock files. The City of Atlanta, in a statement, said that as a result of the attack, "some City data is encrypted and customers are not able to access City applications". Atlanta Information Management head Daphne Rackley told the Atlanta City Council that more than a third of the…
Read More

Tag: cyberattack

MFA Adoption: Benefits and Risks

MFA Adoption: Benefits and Risks

Information Security, IT Support
MFA Adoption: Benefits and Risks The global pandemic which forces many organizations to adopt the work from home model has led to the dramatic adoption of multi-factor authentication (MFA) as a cybersecurity measure. While MFA has its benefits, it also presents some risks. What Is MFA? MFA, short for multi-factor authentication, is another route to account security. Traditionally, accounts are protected by single-factor authentication composed mainly of the username and password combination. Single-factor authentication has shown to be easily compromised, for instance, through brute force attack – guessing the correct username and password combination through automated means. MFA promises to secure an account by requiring multiple forms of verification to prove one’s identity when signing into an application. There are many forms of MFA. One form is through the use…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Software Updates: Gateway for Supply Chain Attacks

Software Updates: Gateway for Supply Chain Attacks

Information Security, IT Support, Security
Software Updates: Gateway for Supply Chain Attacks The confirmation by Taiwan-based tech giant ASUS that its software update was hijacked by cybercriminals to install malicious software (malware) on its customers’ notebook computers highlights the threat of supply chain attacks via software updates. A supply chain attack attempts to exploit the security vulnerability in a third-party service or software to compromise a final target. Hijacked software update is one of the most common forms of supply chain attack. Last March 26, ASUS, ranked by Gartner as the world's 5th-largest PC vendor in the 3rd quarter of 2018, asked its notebook computer customers to install the latest software update (version 3.6.8) after acknowledging that ASUS Live Update, a pre-installed software in ASUS notebook computers to ensure that the system always benefits from…
Read More
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks

Information Security, IT Support
Microsoft Annual Security Report Highlights Surge in Supply Chain Attacks The newly released Microsoft Security Intelligence Report revealed that over the past few years, the increased number of supply chain attacks had become a primary source of concern in many IT departments. The Microsoft Security Intelligence Report Volume 24found that several cyberattacks were detected using compromised software supply chains in 2018. These supply chain attacks, Microsoft said, have affected a wide range of software and targeted organizations in different geographic locations and sectors. The Microsoft report compiled 6.5 trillion threat signals and was based on research and real-world experiences from thousands of security researchers and responders worldwide for the period of January 2018 to December 2018. What Is Supply Chain Attack?  In a supply chain attack, an attacker maliciously makes…
Read More
Canadian University Shuts Down IT Network After Cryptojacking Attack

Canadian University Shuts Down IT Network After Cryptojacking Attack

Information Security
Canadian University Shuts Down IT Network After Cryptojacking Attack St. Francis Xavier University, one of Canada’s oldest universities, was forced to temporarily disable all its network systems in response to a cryptojacking attack. The university, in a statement, said that a malicious software (malware) infected its network which then attempted to utilize the university’s collective computing power in order to mine the cryptocurrency Bitcoin. The university added that it's bringing its IT systems back online in a staggering process to minimize potential risk. This cyber incident at St. Francis Xavier Universityhighlights the dangers of a cryptojacking attack. What Is Cryptojacking? Cryptojacking happens when a cyberattacker uses without consent the computing power of another for the purpose of mining a cryptocurrency such as Bitcoin. Mining a cryptocurrency like Bitcoin is similar…
Read More
Fax-Based Cyberattack Puts Organization’s Networks at Risk

Fax-Based Cyberattack Puts Organization’s Networks at Risk

Information Security, Security
Fax-Based Cyberattack Puts Organization’s Networks at Risk Standalone fax machine, fax-to-mail service and all-in-one printer fax machine are cybersecurity threats to your organization’s internal network, this according to the recent disclosure made by security researchers at Check Point. Millions of fax machines are still being used in offices worldwide. Healthcare organizations, law firms, banking and finance companies, in particular, still rely on fax machines in sending and receiving sensitive documents. Some organizations use fax machines in sending and receiving critical documents in compliance with government regulations, while others use it for legacy reasons.According to Check Point researchers, they’ve discovered a security vulnerability in modern-day fax machines, including fax-to-mail services and all-in-one printer fax machines, which allows cyber attackers to hack these once considered secured machines through a process called “remote…
Read More
Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool

Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool

Information Security
Cryptojacking: Cyberattackers’ New Favorite Money-Making Tool Cryptojacking cyberattack is now the new favorite money-making tool by cybercriminals and computers of organizations lagging behind in cybersecurity are at risk of this type of cyberattack. A recent report from McAfee Labsshowed that in the 1stquarter of 2018, cryptocurrency mining malware grew to more than 2.9 million or 629% from nearly 400,000 in the 4thquarter of 2017. What is Cryptojacking? Cryptojacking is the act of illicitly installing a cryptomining software on the victim’s computer. A cryptocurrency mining software, on its own, isn’t illegal. This software harnesses the power of a computer as a means to release a new digital coin and as a means to verify transactions. In principle, owners of the computers used for cryptocurrency mining have to be compensated. In cryptojacking,…
Read More
How to Stop Cyberattackers from Turning Your Organization’s Computers Into Botnet

How to Stop Cyberattackers from Turning Your Organization’s Computers Into Botnet

Information Security, Security
How to Stop Cyberattackers from Turning Your Organization's Computers Into Botnet Security researchers at Deep Instinct have recently discovered a new malicious software (malware) campaign that turns Windows-based computers into a botnet. Researchers dubbed this sophisticated, never-before-seen in the wild botnet as “Mylobot”, named after one of the researcher's dog. What is a Botnet? A botnet is a group of computers that are infected by a malware and controlled by an attacker using command and control servers without the computer owners' knowledge. When computers are turned as part of a botnet, an attacker takes full control of the computers, using them according to his whim. An attacker can download additional malware from the command and control servers, turning the controlled computers as botnet army for distributed denial of service (DDoS)…
Read More
Effects of a Cyberattack: City of Atlanta Experience

Effects of a Cyberattack: City of Atlanta Experience

Information Security
Learning from the City of Atlanta Cyberattack It has been over 2 months since the City of Atlanta suffered a cyberattack, but a city official said at a public meeting that the effects of the cyberattack seem “to be growing every day”. On March 22, 2018, the City of Atlantaexperienced a ransomware cyberattack that affected the city’s multiple software applications and computers. A ransomware is a malicious software (malware) that locks files on infected computers and asks for ransom payment to unlock files. The City of Atlanta, in a statement, said that as a result of the attack, "some City data is encrypted and customers are not able to access City applications". Atlanta Information Management head Daphne Rackley told the Atlanta City Council that more than a third of the…
Read More