Tag Archive for: Questions

COLUMN: Wi-Fi scandal raises questions | Opinion

/in


SFA has upgraded their internet security to presumably prevent another cyberattack like last summer. However, they jumped the gun by blocking too much, leaving many students confused and annoyed.

As of this week, students have noticed poor connections and an inability to connect to online gaming parties. The upgraded system also recognizes VPNs as a threat, so students who care about their personal internet safety are unable to log into accounts that use the CAS login, like mySFA and D2L, and may be blocked from internet access.

It was later revealed that IT has identified the issue and is working toward unblocking it in the firewall. Despite this, students have seen little to no changes in their inability to leisurely hop online, and some speculate that this blocking was purposeful to stop students from using so much Wi-Fi.

Whatever the reason, SFA has disrupted the lives of students. One cannot help but think this has come at an inopportune time, as the semester ends and finals begin to rear their ugly heads. Students are already stressed, so adding more stress to their lives is a misstep—one that was easily avoidable.

Why make changes during the semester, after students have already had months to get used to the Wi-Fi system? The summer would have been a much better time to get this sorted out, with the majority of students being gone, but never mind logic and reason.

Not to be ignored is the fact that students pay a lot of money to live on campus. With this payment comes the understanding that they are afforded some level of leisure time, but that has now been taken away for the student who wants to unwind online. We take one step closer to an Orwellian future, day by day, as we allow ourselves to be manipulated.

Time will tell if SFA truly aims at fixing these issues. One can only hope they are able to tackle them with as much haste as they had when implementing them. As the students get tread on by changing policies throughout the semester, a question is raised: where do students fall on SFA’s hierarchy?

Source…

5 Questions about Dual Ransomware Attacks

/in


When the FBI issues a warning about a new cyberattack trend, it’s not just hype. Healthcare IT teams should pay attention and adjust tactics if appropriate. Last year, the federal law enforcement agency warned of bad actors using multiple attacks to target the same victims. Here’s what healthcare organizations need to know.

1. What Is Dual Ransomware?

Dual ransomware is the cybercriminal version of “attack in depth.” Rather than depend on a single ransomware toolkit, criminals are deploying multiple ransomware packages at the same time or within a day or two once they’ve gained a foothold in a network. The FBI also warns that cybercriminals are leaving behind dormant data wipers as yet another way to pressure victims into responding to payment demands.

Click the banner below to learn how to get the most out of your zero-trust initiative.

 

2. Why This Attack Method?

Malicious actors are finding it more difficult to break into enterprise networks. As IT managers and vendors get better at blocking attacks, cybercriminals must leverage a smaller number of successful break-ins to ensure that they can hold an organization for ransom. Breaking in is the hard part; the ransomware piece is now a commodity available from more than a half-dozen dark-web vendors. It’s therefore worth it to criminals to make sure that, once they’re in, they can take control, maintain it and maximize their chances of a high payoff. Combining multiple tools with both data encryption and exfiltration techniques, dual ransomware attacks are twice as hard to defeat.

READ MORE: What is a rapid maturity assessment and why is it useful in zero trust?

3. Why Is This a Big Deal for Healthcare IT?

Healthcare is one of the most vulnerable industries when it comes to ransomware. Either an encryption attack that locks up important patient data or an exfiltration attack that risks exposing patient health information can cause a lot of damage. Having both occur at the same time is a gut punch when a cybercriminal comes calling.

4. What Defense Tactics Should Be Used?

When healthcare IT teams respond to an attack, they must remember that multiple tools are likely being deployed: Once…

Source…

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley

/in


Fujitsu hack raises questions, after firm confirms customer data breachFujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcementFujitsu announcement
Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

  • Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
  • Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
  • Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
  • Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.

Source…

Microsoft hack: Five questions enterprises should ask their IT leaders

/in


Software giant Microsoft revealed in mid-January 2024 that its systems were successfully infiltrated at the end of 2023 by Russia-backed hacking group Midnight Blizzard, as part of a coordinated and targeted information-gathering exercise.

Microsoft confirmed the details of the attack in a statement published online on Friday 19 January 2024,  where it revealed the attack was first detected on 12 January 2024 and the immediate activation of its internal response processes meant it was able to immediately remove the hackers from its systems.

“To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI [artificial intelligence] systems,” said Microsoft in its statement.

“We will notify customers if any action is required. This attack does highlight the continued risk posed to all organisations from well-resourced nation-state threat actors like Midnight Blizzard.”

And while Microsoft made it clear in its statement that no customer data or services were put at risk during the attack, Microsoft did publish a broader warning in its Security Threat Intelligence Blog on 25 January 2024  that stated its investigation into the hack is still on-going and further details about the impact of the attack may still come to light.

As a result, here are five questions enterprise users of Microsoft’s cloud services should be asking of their CIO, CTO and CISO in the wake of this attack.

  1. Microsoft presents itself as being an intrinsically secure platform – is that still the case?

This is a key question because a company’s risk profile should be under continuous, ongoing re-assessment in any event, and the flurry of recent Microsoft hacks ought to be on their risk radar.

It is not clear how (or even if) Microsoft will be able to 100% guarantee its entire cloud environment is now clean and free from hackers, and they’ve reported being attacked successfully multiple times by Chinese and Russia-backed hacking groups.

  1. Are we relying on the same security controls as Microsoft do?

Microsoft disclosed the Midnight Blizzard hackers were inside its systems for up to 42 days before they were…

Source…