By:
On:
In: *Connecting the Dots Blog*

On December 23, 2015 parts of Ukraine were without power and the blackout was due to black hat hackers using the sophisticated BlackEnergy trojan horse malware. (click here for full story) The BlackEnergy trojan was able to disable parts of Ukraine’s power grid leaving organizations and neighborhoods in the dark…are you, your organization and your local power grid utility paying attention? The BlackEnergy trojan also delivered a version of KillDisk that overwrites data and documents with random data and can make the Operating System unbootable…are you paying attention? And AGAIN…the way the black hat hackers are getting BlackEnergy into the power grid organization is usingRead More →

By:
On:
In: *Connecting the Dots Blog*, Financial, Human Resources, Information Privacy, Information Security, Regulatory Compliance, Risk Management

  Recent attacks continue to show that spear phishing is quickly emerging as one of the society’s greatest threats.  Technology alone is NOT going to solve this problem.  It is critical for consumers to be more vigilant and aware of what they are clicking on, sites they are visiting, e-mails they are responding to, etc. Lessons Learned:  Financial insitutions should make consumer education a higher priority.  Awareness training, handouts, seminars, etc. can be a great way for organizations to connect with their customers, improve trust, enhance reputations and help prevent potential incidents, breaches, lawsuits, etc. down the road.  Security awareness training and education can become aRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Privacy, Information Security

  A targeted phishing e-mail with the subject line “2011 Recruitment Plan” tricked an RSA employee to open a document attached to an e-mail.  The document contained a virus that led to a sophisticated attack on RSA’s information systems. Lessons Learned:  Are your employees aware of changing and more sophisticated risks?  Does your organization update employees with situational awareness as more and more attacks target your employees?  All employees must understand their individual roles and responsibilities for protecting sensitive information.  Organizations need to implement comprehensive and ongoing awareness programs to ensure all individuals understand changing risks, threats, best practices, etc.Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Privacy, Information Security, Risk Management

  In a recent Dark Reading article, new research from Trusteer revealed that mobile users are the most likely to fall victim to fake e-mail messages and visit phishing sites. Once they arrive at the fraudulent site they are also three times more likely than users on PCs to provide sensitive login information. Why are mobile users more vulnerable? Availability – smartphones are with their users 24/7 so e-mails are checked more frequently. Phishing attacks generally get their victims during their initial launch, as after a certain time frame sites are taken down, blocked or shut down. Size – the smaller screens of mobile devicesRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

According to news reports, a spear-phishing experiment conducted over the past few days has revealed some disturbing new risks for organizations using enterprise e-mail products and services:  Most major enterprise e-mail products and services were unable to detect a fake LinkedIn invitation that looked like it was from Bill Gates inviting people to join his professional network.  Once the ‘victim’ clicked on the ‘invite’ link, they were sent to the phishing site where information about the ‘victim’ was captured. The article in Dark Reading detailed comments from CEO of PacketFocus including: “I tested the spoofed e-mail on six different enterprise networks using the latest e-mailRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Received e-mail below this week…Wouldn’t it be great if all phishing attempts were this obvious? How are you doing and your family? I shall require from you , your  full names, address and phone numbers to start the process of claim in this regard. Do send me these details to barwonglee@******.com.hk for prompt and needed action Again I guarantee that all is under control and you have nothing to worry about, Just grant to me your full cooperation and keep this transaction close at heart. Regards, Wong Lee. Of course many phishing attempts are more sophisticated and more professional looking and unfortunately more successful atRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Legal

In 2007 the Swedish Bank, Nordea was stung for $1.1 million, in the “biggest ever” online bank heist.  250 bank customers were affected by the fraud after falling victim to phishing e-mails.  The e-mail contained a trojan horse that redirected customers to a false home page where they entered important login information.  Most of the customers affected had not been running antivirus applications on their computers. The bank covered the attacks and refunded all the affected customers. In 2009 Credit Union Customers received text messages notifying them that their debit cards had been inactivated.  The message gave a number to call to reactivate the cardRead More →