Tag Archive for: remain

Baker & Taylor’s Systems Remain Offline a Week After Ransomware Attack

/in


A server outage has impacted library services company Baker & Taylor’s systems and applications, said the firm on Twitter on August 23, 2022. A day later, the firm confirmed it engaged outside third-party experts to fix the issue.

Baker & Taylor’s systems remained offline the following week, and on Monday, the company made an announcement on its website, confirming it was hit by a ransomware attack.

“Our team has been working around the clock to return to normal operations,” reads a message on Baker & Taylor’s website. “Our priority has been remediating our systems and ensuring they are sanitized.”

The library services provider also said that, as soon as its systems are sanitized, it will proceed to restore them, bring them back online, and return to operations in a phased approach. 

“We expect disruptions to continue this week but are hopeful we can provide timelines for individual systems and applications as the week progresses.”

According to Justin Vaughan-Brown, VP of market insight at Deep Instinct, it has become more common to see ransomware attacks causing long-term disruption to businesses’ services and systems.

“Clearly, our current approach towards cybersecurity is not right,” Vaughan-Brown told Infosecurity Magazine.

“Downtime in services can be disastrous for a business, with it potentially affecting both customers and partners, which ultimately can lead to a loss of trust among users, and the enterprise taking a big financial hit. More worryingly, however, is the impact it can have on employees.”

Further, the executive said that in scenarios like this, security teams work relentlessly to get systems running again while also fearing the next potential ransomware attack.

“By shifting the mindset of security teams from mitigation to prevention, organizations can stop ransomware attacks before they breach the network and cause the downfall of systems and services,” Vaughan-Brown said.

“Libraries are a place of calmness and tranquillity; with a prevention-first approach, organizations can try and do the exact same with cybersecurity.”

The ransomware attack comes amidst a surge of similar threats targeting organizations…

Source…

FBI reports rise in cybercrimes against higher ed targets; employees must remain vigilant to protect WVU credentials | E-News

/in


A recent FBI report on an uptick in cybercrimes in the higher education sector is a reminder to all employees that protecting University systems and data is a shared responsibility, and everyone has a role to play. While WVU has taken many steps to secure networks, computers and data, the threats are constantly changing, and faculty and staff must remain vigilant.

Here are some ways you can help defend WVU’s data:

  • Never use your WVU Login username and/or password on non-WVU sites. When those credentials are stolen from Netflix or Facebook, cybercriminals can use them to open a door into WVU systems.

  • Secure your WVU Login password. Don’t share it with anyone or write it down for someone to find.

  • Use a strong password or phrase. Ten characters is good, 12 even better. Use these tips to create strong passwords.

  • Be skeptical. Receive a suspicious-looking email? Don’t reply or click any links. Use the Report Message button in Outlook email or forward it as an attachment to [email protected].

WVU has already implemented many of the FBI’s recommended security measures to secure networks, computers and data, including: implementing two-factor authentication systemwide; limiting remote access to WVU systems, devices and data; enabling remote, automatic security updates to all WVU-owned and -managed computers; training and conducting phishing simulations; restricting access for people with administrative privileges on databases and servers; and segmenting networks to prevent unauthorized access.

“Security-related changes to the way WVU works are just part of the modern reality,” says Interim Chief Information Officer Brice Knotts. “Research universities like ours are data-rich targets for bad guys, and the threats are relentless and constantly changing. We need to be proactive in addressing them.”

That’s why developing a comprehensive, long-range Information Security Strategy is one of the foundational projects in the WVU Modernization Program,” Knotts said.

According to the report from the FBI’s Internet Crime Complaint Center (IC3), Russian cybercriminals in January 2022 sold or shared public access to college and university networks across the…

Source…

Verizon downplays database hacked and held for ransom, security risk could remain

/in


A Verizon employee database was recently compromised with the hacker holding it for a $250,000 ransom. Verizon says it doesn’t believe it contains “any sensitive information” and stopped communication with the hacker. However, the list of details including employee email addresses, phone numbers, and more could present a risk for future attacks.

Reported by Motherboard (via The Verge) an anonymous hacker recently obtained a database containing Verizon employee information including full names, company ID numbers, email addresses, and phone numbers.

It’s uncertain how current the information is, but Motherboard called multiple people on the list and confirmed that four they got in touch with work at Verizon. “Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.”

The anonymous hacker told Motherboard they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer.”

That allowed the hacker to access Verizon’s internal systems and obtain the employee database. Then they told Verizon they wanted $250,000 to not leak the information.

Verizon officially responded to Motherboard about the incident:

“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further,” the spokesperson told Motherboard in an email. “As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”

As noted by Motherboard, even though the information may not be deemed sensitive, the list of Verizon employee phone numbers, email addresses, and company ID numbers could be used to impersonate employees to attempt social engineering and SIM swap attacks.

Recently, T-Mobile saw a security breach that came through compromised employee accounts.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news: