The Week In Review 30/11-04/12

The Week In Review 30/11 – 04/12

As the year comes to an end Dionach’s Week In Review begins. Indifferent to previous weeks, the news has been dominated by COVID-19 headlines although with the addition of some positive news with regulators approving Pfizer’s vaccine for use in the UK. However, no sooner than the vaccination news was published major concerns were announced by IBM Security X-Force who discovered a global sophisticated phishing attack likely targeted at organisations associated with The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) Program. The adversary began the operation back in September 2020 initiated with a widespread spear phishing campaign looking to attain credentials of people working closely with the CCEOP in their efforts to distribute the vaccine around the world. Another blow was delivered to the developers of the GO SMS Pro app, widely adopted by android users, when it was revealed that despite previous concerns around data leaks, patches and updates implemented by developers had not sufficiently addressed the flaw. Users and privacy advocacy groups have called for the app’s removal from Google’s Play Store. 

Remember Magecart? The hacking group was responsible for large scale card-skimming attacks on companies such as Ticketmaster in 2018 resulting in hefty fines for all concerned under new GDPR regulations. 2020 sees the return of the group in a new, larger scale, card-skimming hack affecting up to 2000 online stores, including details of tens of thousands of customers from just one site. Additionally, as crypto enthusiasts celebrate bitcoin reaching all new highs the cryptocurrency’s publicity and emphasis on privacy remains conflicted. Compal, the worlds second largest laptop manufacturer, is the latest big name falling victim to ransomware attacks with the hackers demanding a sum of $17m worth of bitcoin paid to various wallet addresses. Other global brands suffering similar attacks this year include Canon and toy maker Mattel.

Find out how to protect your business from ransomware attacks with Dionach’s Ransomware Readiness Review.

Read about all of this and more below:

IBM uncovers global phishing campaign targeting COVID vaccine
(securityintelligence.com)

Magecart attack targets PayPal transactions at checkout
(threatpost.com)

Study reveals largest data theft target in the world
(cybersecurity-insiders.com)

Australia’s cyber security spend to hit $7.6bn by 2024
(itwire.com)

GO SMS Pro app still leaking data
(threatpost.com)

Compal falls victim to $17m ransomware attack
(computing.co.uk)

Spotify pop star hacks 
(threatpost.com)

Find out how we can help with your cyber challenge

Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at [email protected]

Related Posts

cyber-security

Dynamic Cybersecurity: Latest Trends and Updates

In today’s interconnected digital world, the field of cybersecurity is constantly evolving to keep up with emerging threats and vulnerabilities. Staying updated with the latest developments is crucial for individuals and organisations alike to protect their sensitive information from malicious actors. In this blog post, we will explore some of the most significant updates and […]
abstract-data

Why an Internal Penetration Test Delivers Results

Why an Internal Penetration Test Delivers Results The CISO of a large  organisation with multiple regional offices approached Dionach requesting an internal penetration test. The organisation used a hybrid IT infrastructure with systems located across two data centres and Azure. The test was conducted from the context of an unauthenticated user with physical access to […]
The difference between Penetration Testing and Red Teaming engagements

Penetration Testing vs. Red Teaming engagements: Key Distinction

Finding the right security service to assess your organisation is a critical aspect of any security program. Each security service has its benefits and fits a specific purpose, and it is important to therefore understand the differences between these services to maximise the results of a security engagement. Two of the most popular security services […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call