Acronis researchers have concluded that ransomware continues to be the number one threat to large and medium-sized businesses, including government organizations.
This Help Net Security video highlights why organizations and businesses need a more holistic approach to cybersecurity.
Date: Thursday, October 06 at 11am PT / 2pm ET
Cybercriminals are out there, watching and waiting for the perfect opportunity. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.
But with a strategic approach to cyber defense you can hack the hacker before they strike! In this session, we’ll share insights into their strategies and their motivations. You’ll learn how to use that understanding, along with simple strategies to make your organization a hard target.
Join Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, for this new webinar as he exposes the mind of a hacker to help you see your cyber risks from the outside in.
In this session you’ll learn:
Get the details you need to know now to outsmart cybercriminals before you become their next victim.
Register now!
About the presenter:
Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4
Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 13 books and over 1,000 magazine articles on computer security. He now serves as the Data-Driven Defense Evangelist for KnowBe4. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He was the weekly security columnist for InfoWorld and CSO magazines from 2005-2019.
Date: 10/06/2022
Time: 11:00am PT
…
On August 10, 2022, NAF, Inc. reported a data breach with the various state attorney generals’ offices. While these filings do not indicate which type of information was compromised as a result of the incident, based on state data breach reporting requirements, it is likely that the incident affected one or more of the following: Social Security numbers, protected health information, or financial account information. After confirming the breach and identifying all affected parties, NAF began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the NAF data breach, please see our recent piece on the topic here.
The information about the NAF, Inc. data breach comes from an official filing with the office of the Vermont Attorney General. According to the most current information, on March 30, 2022, NAF detected unusual activity within its computer network. In response, the organization secured its systems and contacted outside cybersecurity professionals to assist with the company’s investigation.
The NAF investigation confirmed that an unauthorized party gained access to the company’s computer network on March 19, 2022, which lasted until the company discovered the breach on March 30, 2022. The investigation also revealed that the unauthorized party had access to files on the NAF system that potentially contained sensitive consumer information.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, NAF began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. In the organization’s most recent filings, it does not disclose the data elements that were compromised as a result of the breach. However, because organizations only need to report incidents that affect highly sensitive and personal information, there is a reasonable probability that the NAF data…
As if the financial and payments industries required further confirmation that bad actors are outpacing most business network security in their sophistication, a new report found that there has been a growing spike in malware using “shortcuts” to get past email gateways and into stored data.
HP Inc.’s most recent HP Wolf Security Threat Insights Report, released Wednesday, reviewed the increasing rise in the second quarter of this year in the spread of multiple malware families — including QakBot, IceID, Emotet, and RedLine Stealer — across several key sectors.
Not surprisingly, slick, experienced threat actors are shifting their focus more and more to using so-called “shortcut” or LNK files to deliver their malware more quickly, the report noted. Perhaps more troubling, the research identified an 11% jump in the number of enterprises’ archive files that contained malware, including LNK files placed there by attackers via compressed email attachments to help them evade email scanners.
Indeed, even in regulated industries known for protecting their internal security and privacy — like financial services — the report found that 14% of email-related malware discovered in companies’ systems had slipped past at least one email gateway security scan in the second quarter of 2022. Further, nearly 7 out of 10 (69%) malware payloads are delivered via email, compared with just 17% that originate from web downloads, according to HP’s findings.
Patrick Schläpfer, malware analyst at HP Inc., said that threat actors’ capabilities to sneak past ostensibly sophisticated endpoint security, like network email scanners, so frequently should definitely provide a wake-up call to many financial cyber experts.
“This indicates that malicious and stealthy email campaigns employees across the finance and payments industries are reaching user inboxes and putting organizations at risk of attack,” he pointed out.
The number of malware families that were discovered has only bumped up a little — with 593 different…