.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Zoom, a popular videoconferencing service
The take: More than 500,000 username/password combinations, along with personal meeting URLs and HostKeys for active Zoom accounts were found currently for sale on the dark web.
The attack vector: Security researchers suspect that the list was not stolen from Zoom directly, but was rather compiled through ‘password stuffing’ attacks – where e-mail/password combinations from past breaches are tried against different sites and services. Attackers take previously breached username/password combinations and cycle through login attempts using the breached credentials – the successful combinations are compiled and sold.
This incident highlights a few key issues – namely, for individuals, the risks inherent in password re-use: this incident confirms that at least 500,000 active Zoom users are still re-using known compromised passwords, which attackers can use to gain control of their other accounts.
Institutionally, it highlights reputational issues – while this particular list of credentials was not exposed directly by Zoom, attackers are using the service’s popularity to market the list, and it gives the appearance of being yet another in a string of recent security incidents the videoconferencing service has had to answer for.
Reuters: U.S. government officials warned on April 15, 2020 about the threat of North Korean hackers, calling particular attention to banking and other financial services.
Dark Reading: As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.
Tech Crunch: As companies get to grips with a wider (and, lately, more enforced) model of remote working, a startup that provides a platform to help track and manage all the devices that are accessing networked services — an essential component of cybersecurity policy — has raised a large round of growth funding.
ZDNet: Almost half of businesses have experienced a cyberattack or data breach in the past year – and almost all of the organisations that know they've been on the receiving end of attacks have reported being targeted by phishing and other fraudulent emails as the volume of these attacks continues to rise.
ZDNet: Automation is something businesses in almost every sector are familiar with, as part of their efforts to make systems more efficient. It's something that the cybersecurity industry is increasingly using, with automated data collection and processing playing an ever-growing role in protecting against data breaches and cyberattacks.
JDSUPRA: COVID-19 has created many new concerns for private fund managers; however, managers should be particularly mindful of heightened cybersecurity and fraud risks. With increased numbers of employees teleworking, there are increased vulnerabilities for cybercriminal intrusions creating privacy-related risks for fund portfolio information, LP confidential data, and other sensitive electronically-stored materials.
Reuters: Elite hackers tried to break into the World Health Organization earlier this month, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks.
Cision: According to the report, cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
Katten: In the wake of the coronavirus (COVID-19) pandemic, government officials have urged companies to allow more employees to work from home in an effort to halt the spread of the disease. As businesses shuffle to operationalize remote work policies, bad actors continue to exploit the vulnerabilities associated with remote work and target employees working from home.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Prague
V Parku 8, 148 00 Praha 11,
Czech Republic
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy