Tag Archives: cyberattack

Immediate Vault Immediate Access

How Phishing Emails Can Threaten Your Company

Posted on by

Impostor emails, dubbed “business email compromise” by the FBI, are increasing and targeting companies of every size, in every part of the world. Unfortunately, victims often do not realize they have been had until it’s too late. There are no security tool alarms and there is no ransom note. But because systems appear to be running as normal, everything seems like business as usual. And that is the point, according to Proofpoint’s study, “The Imposter in the Machine.”
PP1

From New Zealand to Belgium, companies from every industry have suffered losses, the study found. Here is a small sampling of recent impostor attacks during the last year:

  • A Hong Kong subsidiary at Ubiquiti Networks Inc. discovered that it had made more than $45 million in payments over an extended period to attackers using impostor emails to pose as a supplier.
  • Crelan, a Belgian bank recently lost more than $70 million due to impostor emails, discovering the fraud only after the company conducted an internal audit.
  • In New Zealand, a higher education provider, TWoA, lost more than $100,000 when their CFO fell victim to an impostor email, believing the payment request came from the organization’s president.
  • Luminant Corp., an electric utility company in Dallas, Texas sent a little over $98,000 in response to an email request that they thought was coming from a company executive. Later it was learned that attackers sent an impostor email from a domain name with just two letters transposed.

PP2

Most often, company executives are targeted, with two common angles. In one case, the always-traveling executive is studied by attackers, who use every resource available to understand the target’s schedule, familiar language, peers and direct reports. Because the executive is frequently on the road, direct reports who routinely process payments can easily be victimized.

Another ploy involves suppliers and how they invoice.

online pharmacy vibramycin with best prices today in the USA

For example, the supplier’s language, forms and procedures are used to change bank account information for an upcoming payment. If the attackers are successful, a company may find that they have been making payments to them for months without knowing it.

online pharmacy augmentin with best prices today in the USA

PP3

For more about the risks of phishing, check out “The Devil in the Details” and “6 Tips to Reduce the Risk of Social Engineering Fraud” from Risk Management.

Prosecutors Reveal ‘Securities Fraud on Cyber Steroids’

Posted on by

The investigation into a huge cyberattack on JP Morgan Chase last year has exposed one of the largest computer hacking and fraud schemes to date.

online pharmacy periactin with best prices today in the USA

According to U.S. prosecutors, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, hacked a total of 12 companies to expose the personal information of more than 100 million people, netting hundreds of millions of dollars in profit. The men face 23 criminal counts, including wire fraud, computer hacking, illegal internet gambling and money laundering, with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including the Wall Street Journal. Investigators say their massive criminal empire used 75 shell companies that employed hundreds of people, and hacked seven major banks, ran an online casino, laundered money around the world and set up an illegal Bitcoin trading operation.

online pharmacy zestril with best prices today in the USA

“It is hacking in support of a diversified criminal conglomerate,” said Preet Bharara, U.S. attorney for the Southern District of New York. “In short, it is hacking as a business model.”

In addition to the hack of JP Morgan, which U.S. Attorney General Loretta Lynch called “the largest theft of customer data from a U.S. financial institution” and exposed the personal information of 83 million customers, the criminals also attacked E*Trade Financial Corp., TD Ameritrade, Scottrade Inc., Fidelity Investments and News Corp’s Dow Jones, which publishes the Wall Street Journal. The breaches date as far back as 2007.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” Bharara said. “This showcases a brave new world of hacking for profit.”

Breaking into these financial institutions gave the attackers information to target specific people, and gave them extra insight into the stock market. According to the indictment, they used the customer data to contact individuals and push them to buy stocks in order to manipulate their prices. In addition to the pump-and-dump scheme, sometimes the defendants reportedly engineered mergers with shell companies to create publicly traded stocks that could be manipulated.

online pharmacy symbicort with best prices today in the USA

Bharara called the scheme “securities fraud on cyber steroids.”

Beginning in 2012, in addition to disguising payments and constantly obtaining new bank accounts, the men further tried to evade detection by hacking into a company that assessed merchant risk for credit-card issuers. The breach allowed the defendants to read employees’ emails and figure out how to sidestep the company’s efforts to monitor illegal payments, according to the indictment.

The defendants are also accused of operating at least 12 illegal internet casinos, even launching cyberattacks against rival gambling businesses to review executives’ email and gain a competitive edge. Shalon hacked competitors’ customer databases and directed denial of service attacks to shut down their businesses.

Several compliance officers may soon feel the heat as well: the investigation found that, in operating the online casinos and illegal pharmaceutical payment processing enterprises, the co-conspirators deceived financial institutions into processing and authorizing payments between the casino companies and others. “They colluded with corrupt international bank officials who willfully ignored its criminal nature in order to profit from, as a co-conspirator described it to Shalon, their payment processing ‘casino/software/pharmaceutical cocktail’,” the indictment charges.

According to prosecutors, the case illustrates the growing power of criminals and their tools, and makes such crimes particularly difficult to solve. But it may also highlight one key resource to do so: self-reporting to law enforcement. Officials credited JP Morgan’s early cooperation for helping to uncover the network of criminal activity. The firm came forward early on to share information with the government, a move many forensic investigators encourage.
buy prednisone online https://galenapharm.com/pharmacy/prednisone.html no prescription

This case provides one of the clearest examples of why: hackers frequently use the same schemes to target a swath of companies in a given industry. While many companies worry about the reputational and regulatory risks of disclosing a breach to law enforcement, as hackers grow more sophisticated in their techniques and complex in their operations, it may prove an ever more critical step in the breach response and investigation process.

“Shalon, Aaron, and their co-conspirators allegedly robbed victim companies, often for months at a time, stealing the contact information of tens of millions of customers,” said FBI Assistant Director-in-Charge Diego Rodriguez. “They cloaked themselves in secrecy, but their methods rivaled those of the traditional masked robber. Today’s indictment sheds light on an increasingly complex threat. But just as criminals continue to develop relationships with one another in order to advance their objectives, the law enforcement community has developed a collaborative approach to fighting these types of crimes.”

Cost of Cyber Crime Up 19% For U.S. Businesses

Posted on by

In its annual Cost of Cyber Crime study, the Ponemon Institute found that the average annual cost of cyber crime per large company is now $15.4 million in the United States. That figure has increased 19% from last year’s .

buy naprosyn online www.delineation.ca/wp-content/uploads/2023/10/jpg/naprosyn.html no prescription pharmacy

7 million, and presents an 82% jump from the institute’s first such study six years ago. This year, losses ranged from $307,800 to $65,047,302.

Globally, the average annual cost of cybercrime is $7.7 million, an increase of 1.9% from last year. The U.S. sample had the highest total average cost, while the Russian sample reported the lowest, with an average cost of $2.5 million. Germany, Japan, Australia, and Russia experienced a slight decrease in the cost of cyber crime over the past year.

buy nolvadex online www.delineation.ca/wp-content/uploads/2023/10/jpg/nolvadex.html no prescription pharmacy

To try to benchmark the complete cost of cyber crime, the Ponemon Institute examines the total cost of responding to incidents, including detection, recovery, investigation and incident-response management. While it is virtually impossible to quantify all of the losses due to reputation damage or business interruption, the researchers did look at after-the-fact expenses intended to minimize the potential loss of business or customers.

buy propecia online www.delineation.ca/wp-content/uploads/2023/10/jpg/propecia.html no prescription pharmacy

Check out more of the study’s findings in the infographic below:

global cost of cyber crime ponemon institute

3 Strategies to Protect Your Organization from Political Risk

Posted on by

From the Middle East to Eurasia to Eastern Europe, events and potential events that translate into political risk fill the news.

Political risk is instability that damages or threatens to damage an existing or potential asset, or significantly disrupt a business operation. Examples include sustained political and labor unrest, terrorism and violent conflict. This risk is increasingly regional in nature, as the Arab Spring and sudden spread of Islamic State control demonstrate.

According to the new Clements Worldwide Risk Index, political unrest is the number one concern among top global managers at multinational corporations and global aid and development organizations.

Risk managers in these organizations responded in the Worldwide Risk Index survey that political risk and instability—including cyber attacks—are real and growing. Twenty-eight percent of top managers surveyed stated political unrest was their top concern, while 25% cited kidnapping, and nearly 10% cited terrorism.

When it comes to terrorism, the Worldwide Risk Index results align with the data. The U.S. State Department’s Annual Country Report on Terrorism released recently indicates that the number of terrorist attacks worldwide in 2014 increased 35%, while total fatalities from terrorism activities grew by 81%, compared to 2013.

But as violence and unrest have increased, readiness for it trails far behind. Twenty-one percent of respondents admitted being “not prepared at all” for a terrorist attack, while 11% considered themselves “very prepared;” 17% said they were “very prepared” for the ramifications of a disease outbreak, while 10% they were “not prepared at all” for that threat; and 21% said they were “not prepared at all” for a cyberattack.

Perhaps most troubling, these concerns and lack of preparedness are impacting business decisions. Twenty-one percent of Worldwide Risk Index respondents had delayed plans to expand into new countries due to rising international risks.

So what can executives do to bring their organizations’ preparedness in line with growing risks around the world?

First, they can invest more in risk management overall. This means emergency planning, training, security and other techniques to manage and reduce risk. An important element is also testing the plan, which typically highlights gaps. Forty-four percent of Worldwide Risk Index respondents increased spending on this activity. While not a majority, it is still a significant percentage of organizations investing more in basic risk management.

Next, corporate executives should consider retaining the services of the growing number of political risk, insurance and security consultancies that provide political intelligence. While the quality of these firms vary and they are not a substitute for direct experience, these companies provide useful insights into potential risks one might encounter, especially when starting operations in a new location. Risk managers can also personally monitor catalysts to political unrest, such as elections, which are often linked to demonstrations and disturbances in developing countries, particularly with the rise of social media. Elections and other catalysts have caused disruptions in surprising places around the globe, such as Thailand. Corporate executives, including risk managers, need to understand that no country is absolutely “safe” anymore.

Finally, organizations need to consider increasing their spending on international insurance. Fifty-seven percent of the respondents to the Worldwide Risk Index report doing just that. There are more options than ever before for political violence and risk, kidnap and ransom (K&R), evacuation and related policies. Organizations can work with individual carriers, or with brokers who can help tailor policies to specific risk profiles. The best organizations link their brokers or insurance carriers to their overall risk management strategy and ensure their plans include which broker to contact in case of which emergency, as it may differ for a medical versus a property event.

The global economy is more integrated than ever, with more markets opening every year. Yet global supply lines and other business operations and investments are more dependent on particular political factors than at any time in modern history. Political unrest, instability and even conflict are “normal” realities that drive business decisions in evermore areas of the world. This risk can be managed. To do it, executives need to get serious about bringing their risk management strategies into line with the new “facts on the ground.”