Shane Chambers No Comments

Many SolarWinds Customers Still Exposed Online, Despite Well-Publicised Breach

IT management software giant Solarwinds were the victims of what is believed to be one of the largest cyber attacks yet late last year, sending shivers down the spine of much of the tech world. The attack breached SolarWinds monitoring tool Orion, which allowed the hackers to deliver malicious updates to unsuspecting users of the tool for several months.

Now, two months after the breach was discovered, an alarming number of SolarWinds customers still have vulnerable Orion servers exposed to the internet.

SolarWinds, a behemoth IT management solutions provider with over 300,000 customers, was revealed to be the target of a major cyber attack in December 2020.
Read more
Shane Chambers No Comments

Cyber Attacks Rarely Change Tactics, According to NSA

According to Dave Hogue, the technical director of the NSA’s Cybersecurity Threat Operations Center, the technology used to implement cyber attacks evolves over time but the tactics used to carry them out rarely changes. Hogue told the crowd at the CyberUK conference in Manchester, “Every day we’re battling a new cyber-threat, but the more that things change the more that they stay the same.”

Dave Hogue is the technical director of the NSA CTOC, and claims that they have not responded to any ‘zero-day’ cyber attacks in two years.

Read more

Shane Chambers No Comments

HSE, Dublin County Council, Department of Argiculture and More Hit by Crypto-Mining Cyber Attack

Ireland is claimed to be wide open to attacks from cyber criminals and rogue states, following an incident in which over 4000 websites around the world were hacked and used to mine crypto-currency. First reported by The Register, the breach affected the Department of Argicultures, Dublin City Council and Fingal, Cork, Wexford and Offaly county councils, and it is suspected to have also affected the websites of the Oireachtas, the Broadcasting Authority of Ireland, Women’s Aid and the Central Remedial Clinic. The crypto-mining attack was not limited to Irish websites, however, as the Information Commisioner’s Office in the UK, the United States courts and many more sites belonging to governments and organisations were also hit.

Over 4000 websites around the world were affected in the crypto-mining attack, many of which belonged to government organisations

Read more

Shane Chambers No Comments

Reports Show Cyber Crime Cost Consumers €150bn in 2017

Norton has just released their annual Cyber Security Insights Report, which analyses the effects of cyber crime around the world. One of the key findings of this report is that when it comes to cyber security, “consumers are overconfident in their security prowess, leaving them vulnerable and enabling cyber criminals to up the ante this year, which has resulted in record attacks”. Over the course of 2017, the report estimates that over 978 million adults in 20 countries around the world experienced cyber crime. These attacks cost consumers an estimated €150 billion.

While most people stated that cyber security was important to them, one third of people stored their passwords insecurely and one fifth admitted to using the same password across all sites they use. Over half of the respondents reported either they or someone they knew had been a victim of cyber crime, with the average cyber crime victim spending almost three full working days recovering from the attack.

“When it comes to cyber security, consumers are overconfident in their security prowess, leaving them vulnerable and enabling cyber criminals to up the ante this year, which has resulted in record attacks.”

Read more

Shane Chambers No Comments

Ransomware attacks may breach new EU GDPR data protection regulations.

With the introduction of the new EU general data protection regulation (GDPR) this time next year (25 May 2018 to be exact) – businesses all over the globe could find themselves in breach of the regulation and facing hefty fines should they fail to prevent a ransomware attack, phishing attack or similar. The message is finally getting out there – something needs to be done about ransomware and fast.

GDPR Data Breach From Ransomware

How Ransomware could cause a breach of GDPR?

As noted in this RTE article by @AengusCox – data protection and governance expert @DaraghOBrien, Managing Director of Castlebridge Associates, confirms GDPR is all about accountability. Not only do organisations have to comply with the regulation, they also have to demonstrate compliance through evidential proof (documentation, etc) of the controls, processes, technology, etc. that they have in place to protect the sensitive and personal data they hold on EU citizens (to include their staff, customers, vendors and third parties).

Daragh confirms that ransomware could indeed be seen as a breach of GDPR by the data protection commissioner, as ransomware typically can affect both the availability and access of personal data and can also affect the recovery of the personal data. Indeed, some viruses are known to upload personal data to hackers – a clear data breach and major breach of the GDPR.

As the GDPR comes more and more into focus through the year and into next year – security experts predict that hackers/scammers will begin to steal data with advanced ransomware and then blackmail the victims by threatening to report them to data protection commissioner.

What can be done?

In the RTE video interview, Daragh notes that security awareness training for staff is crucial now. Businesses urgently need to train their staff how to recognise and avoid clicking on links in phishing emails.

Many may not realise yet, but Article 39 1(b) of the GDPR regulation places a mandatory onus on organisations to undertake security awareness training for staff that deal with sensitive personal data. Read more