This monthly news round-up has been collated by our cyber security partners CY-Q. We bring some hard-hitting articles that demonstrate the risk of ransomware, employee education, risk of remote working and insight to two CY-Q services, penetration testing & vulnerability scanning.
KP Snacks Hit By Ransomware
The popular snacks giant, KP Snacks was hit by ransomware at the start of this month which caused huge disruption for KP’s supply chain. It is believed that the ransomware incident was the work of the Ransomware-as-a-Service (RaaS) group ‘Conti’, which is known for other high profile ransomware attacks on targets such as Ireland’s Department of Health, and more recently, the central bank of the Republic of Indonesia.
Read the full story here: https://www.bleepingcomputer.com/news/security/kp-snacks-giant-hit-by-conti-ransomware-deliveries-disrupted/
The Rise Of MFA Fatigue
MFA Fatigue refers to the overload of notifications or prompts via MFA applications. A common method that is actively being used by malicious hackers, and penetration testers. Once a user’s account credentials have been compromised, the hacker will attempt to use those credentials on common cloud services such as Office 365, AWS etc.
If those credentials are correct, then the hacker may be able to spam push notifications to the victim to approve the sign-in request. Daniel Woolgar, the Managing Director of CY-Q said “we have used this method to gain entry on multiple penetration tests. Whilst you could have the best technical measures in place, ultimately, it is your team who are your first and last line of defence.”
Read the full story here: https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications
Homeworking Drives 44% Surge In Insider Threats
Did you know, that insider threats cost organisations an average of $15m to remediate last year? Proofpoint’s recent report of ‘2022 Cost of Insider Threats Global Report’ said that stolen credentials are a growing risk. The report also highlighted that malicious intent is also a major cause of insider threats which accounted for 26% of incidents at an average cost of $648,000 to remediate.
Robert Stokes, CTO at CY-Q said “The adoption of home working has created new challenges for businesses as access to data and internal systems have become more widely available. Companies must be actively reviewing their access control policies to assist in minimising the scope of potential risks. ”
Read the full story here: https://www.infosecurity-magazine.com/news/home-working-drives-44-surge-in/
Penetration Testing and Vulnerability Scanning – What is the difference?
Have you ever wondered what the differences between Penetration Testing and Vulnerability scanning are? Recently, CY-Q published a blog on the subject. It covers the differences between the two methods, as well as their uses and benefits.
Read the full article here: https://cy-q.co.uk/penetration-testing-and-vulnerability-scanning-whats-the-difference/
Conclusion
From anti-malware, anti-phishing, SEO poisoning, and 2FA to SASE and cloud-based air-gap immutable backup storage, Securus has a security solution to suit your requirement and budget. If you would like to discuss your network security requirements in more detail with one of our cyber security professionals, please don’t hesitate to get in touch.