.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
DARKReading: The global shift to remote work has caused a level of network disruption in 86% of companies, a new study shows. Of the organizations surveyed, 41% said they experienced moderate disruptions to network security practices, 23% saw major disruptions, and 22% said disruptions were minimal.
The Asset ESG Forum: Ongoing worldwide lockdown measures have made working from home the norm, thus increasing the chances of being exposed to cyber-attacks and practices such as phishing - fraudulent messages that resemble e-mails from trusted sources.
Reuters: Zoom video conferencing app’s user base grew by another 50% to 300 million in the last three weeks, as the company fought to quell a backlash around security and safety that has seen a number of governments and firms ban its applications.
ETFExpress: The virus has debilitated regions, and decimated sectors with an unparalleled level of speed and ferocity. Its impact on companies and business models has been indiscriminate, hurting particularly those companies with weaker or under-developed digital underpinnings. Stronger players have had to shock themselves into emergency measures designed to prevent discontinuity. Companies have had to learn how to operate remotely, and virtually. And billions of people are now working from home and adjusting to virtual workplaces thanks to teleconferencing services like Zoom and Microsoft Teams.
The target: Zoom, a popular videoconferencing service
The take: More than 500,000 username/password combinations, along with personal meeting URLs and HostKeys for active Zoom accounts were found currently for sale on the dark web.
The attack vector: Security researchers suspect that the list was not stolen from Zoom directly, but was rather compiled through ‘password stuffing’ attacks – where e-mail/password combinations from past breaches are tried against different sites and services. Attackers take previously breached username/password combinations and cycle through login attempts using the breached credentials – the successful combinations are compiled and sold.
This incident highlights a few key issues – namely, for individuals, the risks inherent in password re-use: this incident confirms that at least 500,000 active Zoom users are still re-using known compromised passwords, which attackers can use to gain control of their other accounts.
Institutionally, it highlights reputational issues – while this particular list of credentials was not exposed directly by Zoom, attackers are using the service’s popularity to market the list, and it gives the appearance of being yet another in a string of recent security incidents the videoconferencing service has had to answer for.
Reuters: U.S. government officials warned on April 15, 2020 about the threat of North Korean hackers, calling particular attention to banking and other financial services.
Dark Reading: As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
Tech Crunch: As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of growth funding.
ZDNet: Almost half of businesses have experienced a cyberattack or data breach in the past year – and almost all of the organisations that know they've been on the receiving end of attacks have reported being targeted by phishing and other fraudulent emails as the volume of these attacks continues to rise.
ZDNet: Automation is something businesses in almost every sector are familiar with, as part of their efforts to make systems more efficient. It's something that the cybersecurity industry is increasingly using, with automated data collection and processing playing an ever-growing role in protecting against data breaches and cyberattacks.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
84 Chain Lake Drive, Suite 501
Halifax, NS
Canada, B3S 1A2
+1-902-429-8880
Manila
Ground Floor, Three E-com Center
Mall of Asia Complex
Pasay City, Metro Manila
Philippines 1300
Sydney
Level 36 Governor Phillip Tower
1 Farrer Place Sydney 2000
Australia
+61 (2) 8823 3370
Abu Dhabi
Floor No.15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy