The Week In Review 18/01-22/01

The Week In Review 18/01 – 22/01

Ransomware continues to dominate cyber headlines as we move further into 2021. Last year numerous multi-national companies fell victim to the cyber attack where the criminals attempt to sell companies back their own data that was stolen and encrypted during the attacks. However, it is not just large conglomerates that are lucrative targets for these cyber criminals. A recently released report by Digital Shadows outlines how Asset and Wealth Management firms (including hedge funds) are among the top targets for these attacks. With total assets under management (AUM) by these firms expected to hit $147 trillion by 2025, there is clearly financial incentive for would be ransomware criminals. Along with staff and client data these firms often have valuable intellectual property along with proprietary trading algorithms. AWM companies are often smaller than traditional financial institutions with security budgets and teams a fraction of their larger counterparts. With this in mind, it is concerning that a UK based and published report found that 28% of organisations do not offer employees any form of cyber security training at all. It is predicted that less than 1 in 10 receive regular cyber security training. As cyber attacks have sharply increased since the start of the pandemic, this gap in cyber security training and awareness leaves businesses more susceptible to attacks that will be successful. This is certainly true with the notorious rise in Business Email Compromise (BEC) attacks that are commonly used in ransomware attacks.

With the recent media frenzy surrounding WhatsApp’s change in privacy policy resulting in outrage from a number of its userbase, alternative more privacy focused messenger apps such as Telegram and Signal have seen an influx of new users. These apps focus on privacy and security of their users, promising that their data is secure, encrypted and will never be used for purposes such as marketing, as Facebook have done across their Messenger and now WhatsApp apps. This increased publicity has in turn increased the scrutiny across these messaging apps, with people asking how secure are they really? In now patched bugs, Signal and other apps were shown to have critical flaws that enabled attackers to listen to their victims surroundings through the call functions of the apps, with no interaction from the user. Other questions have been raised about these apps, and it is always suggested that you do your due diligence before using apps to communicate information, sensitive or otherwise. 

Another topic that hasn’t left headlines since October/November last year is, of course, Bitcoin. The cryptocurrency has seen numerous All Time Highs (ATH) in recent months sparking frenzy amongst investors both institutional and individual. It is therefore probably no surprise that cyber crime surrounding cryptocurrency has also picked up the pace. Security firm Avira stated that they detected a 53% increase in crypto mining malware quarter-on-quarter in the final three months of 2020. 

Assess your organisation’s specific vulnerabilies to Ransomware attacks with Dionach’s Ransomware Readiness Review

Read about all of this and more below:

Quarter of orgs don’t offer cyber security training
(infosecurity-magazine.com)

Ransomware victims with backups are paying ransoms
(zdnet.com)

AWM firms are vulnerable to ransomware
(techrepublic.com)

Israeli cyber security firms raise record $2.9bn during pandemic
(timesofisrael.com)

Bugs in messaging apps let attackers spy on users
(bleepingcomputer.com)

Coin-mining malware correlated to crypto price rises
(infosecurity-magazine.com)

Rethinking active directory security
(helpnetsecurity.com)

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Posts

cyber-security

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
abstract-data

Why an Internal Penetration Test Delivers Results

Why an Internal Penetration Test Delivers Results The CISO of a large  organisation with multiple regional offices approached Dionach requesting an internal penetration test. The organisation used a hybrid IT infrastructure with systems located across two data centres and Azure. The test was conducted from the context of an unauthenticated user with physical access to […]
The difference between Penetration Testing and Red Teaming engagements

Penetration Testing vs. Red Teaming engagements: Key Distinction

Finding the right security service to assess your organisation is a critical aspect of any security program. Each security service has its benefits and fits a specific purpose, and it is important to therefore understand the differences between these services to maximise the results of a security engagement. Two of the most popular security services […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call