Cyber Security March 2022 Update

March 2022

Cyber Security Update

Cyber Security Update March 2022

SoftwareONE believes there is a need for additional information when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest Security Breaches

Credit bureau TransUnion (South Africa) confirmed that at least three million consumers are affected by a data breach. Access was gained to a server through the misuse of an authorised client’s credentials.

A hotel and an online retailer in Hong Kong have recently suffered a data breach of their IT systems, which affected information they held on over 1.2 million customers.

Samsung confirmed a security breach after hackers leaked almost 200 gigabytes of confidential data, including source code for various technologies and algorithms for biometric unlock operations.

A data breach at US chipmaker giant Nvidia exposed credentials of over 71,000 employees.

Conti Group suffers massive data breach. The leaks cover over a year’s worth of internal communications from January 2021 until February 2022.

UK ferry operator Wightlink flags potential data breach after ‘highly sophisticated’ cyber-attack. The attack affected certain back-office IT systems, but not its ferry services, booking system, or website.

Hacker group Anonymous leaked data, emails and passwords of food giant Nestlé’s customers and warned other companies that continued doing business in Russia that they would be next.

Alacrity Solutions Group, LLC confirmed a data breach stemming from unauthorized activity on its computer network. Personal and sensitive information of certain consumers was compromised.

Cybersecurity Awareness

IT Security Management: 7 Pressing Cybersecurity Questions Boards Need to Ask.

Closing the cybersecurity skills gap – Microsoft expands efforts to 23 countries. These countries have an elevated cyber threat risk, coupled with a significant gap in their cybersecurity workforces.

A data breach has rippled through the crypto industry: About 30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG.

Cybersecurity remains one of Malaysia’s top concerns following a drastic rise in online crimes reported in the country.

3 Information Security Policies to help create a strong Anti-phishing Foundation.

The Western Australian government allocates AU$25.5m to expand cybersecurity services.

Why companies are moving to a ‘zero trust’ model of cyber security.

Cybersecurity Intelligence

Joint Cybersecurity Advisory: Tactics, techniques and procedures of indicted state-sponsored Russian cyber actors targeting the Energy sector.

Google issues emergency security update for 3.2 billion Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability.

FBI publishes RagnarLocker ransomware indicators of compromise. Actors work as part of a ransomware family, frequently changing obfuscation techniques to avoid detection and prevention.

Warning: Russian State-sponsored cyber actors gain network access by exploiting default Multifactor Authentication Protocols and “PrintNightmare” vulnerability.

TRITON malware remains threat to global critical infrastructure Industrial Control Systems (ICS). TRITON was malware designed to cause physical safety systems to cease operating or to operate in an unsafe manner.

Watch out: Indicators of compromise associated with AvosLocker Ransomware. AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group targeting victims across multiple critical infrastructure sectors.

Hot Topic of the Month: 10 Surprising Security Risks Inside Your Office

While organizations are becoming increasingly aware of online security threats, physical security is an often-ignored challenge for many businesses – especially since employees have returned to work in the office. Since many businesses are constantly warned of threats caused by poor device and network security, protecting their actual office has fallen to the wayside.

Malicious actors, or people who want to steal valuable company assets, will exploit any method to gain access to valuable information – whether it’s taking advantage of social norms, office security, or IoT devices, they will always try to find a way. Here are ten security risks to be aware of to help you guard against the most common risks in your office:

  1. Tail Gaiting

  2. Document Theft

  3. Unattended Devices

  4. Old Devices

  5. Unaccounted Visitors
  1. Stolen IDs

  2. Mysterious USBs

  3. Known USB Devices

  4. Unauthorized Installations

  5. Keylogging

As you can see, your organization needs to be acutely aware of threats that commonly occur within the four walls of your office. Often, it requires extensive, regular employee training as well as a vigilant IT team. However, it all begins by taking inventory of both online and offline security measures. If your business takes both physical and virtual security seriously, they will be protected against a range of dangerous threats.

Useful Tips to Increase Your Office Security

Security threats lurk in every organization – is yours prepared?

Find out
  • Managed Security, Cybersecurity, Cyber Threat Bulletin, Cybersecurity User Awareness
  • News, Updates

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

Automation: Cybersecurity’s Friend and Enemy

Automation: Cybersecurity’s Friend and Enemy

Have you integrated automation into your security strategy? Keep reading as we take a closer look at the pros and cons of an automated cybersecurity defense.

Cyber Security Update May 2022
  • 23 June 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Data Security, Security, Ransomware

Cyber Security Update May 2022

Scammers are using more ruthless and sophisticated phishing techniques to acquire confidential data. Don’t let the criminals fool you.

DDoS Threats Are Back
  • 02 June 2022
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness
  • Cyber Threats

DDoS Threats Are Back

By understanding how DDoS attacks work and how they can impact business operations, organizations can more effectively mitigate risk. Learn more.