Cyber Security Update, October 2022

October 2022

Cyber Security Update

Cyber Security Update, October 2022

SoftwareONE believes there is a need for additional information when it comes to cyber security, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them to stay on top of malware and ransomware threats.

Latest Security Breaches

A breach targeting Microsoft customer data, dubbed BlueBleed Part 1, exposed data from 111 countries, was discovered by Threat Intelligence firm SOCRadar who confirmed. At least 2.4 terabytes of data from at least 65,000 organizations were exposed in the data leak.

UK-headquartered global ticketing company See Tickets disclosed a breach of customer information, including both personal and financial data and lasting over two-and-a-half years. The breach exposed the payment card data of over 90,000 customers in Texas alone, with investigations pointing toward the potential use of “skimmer” malware.

The company that formerly owned fast fashion brands SHEIN and ROMWE, Zoetop, was hit with a USD 1.9 million fine for attempting to cover up a breach that it failed to detect in June 2018. When it was notified of the breach by a credit card company and a bank, it lied about the damage. Over 39 million user account records were stolen and released on the dark web.

The email addresses and customer management numbers of over 296,000 Toyota customers were released by a hacker who obtained credentials for a server after the Japanese automaker mistakenly published part of its source code on its public Github account.

Cyber Security Awareness

Q322 saw a 70% increase in the number of data breaches globally compared to the previous quarter, with a total of 108.9 million accounts affected, says cyber security company Surfshark. Experiencing over 22.3 million breaches, Russia holds the record for the most cases of breached data in the period.

After a major breach targeting mobile operator Optus, Australia is proposing new consumer privacy rules to enable the sharing of identification documents between telcos and banks for enhanced monitoring.

Following the announcement of the data breach impacting Uber in September, Security Boulevard is sharing step-by-step instructions on how to delete your Uber account, encouraging users to at least enable multi-factor authentication if they don’t delete.

T-Mobile customers can find out if they are eligible to receive compensation following the company’s USD 350 million settlement after a 2021 data breach.

Cyber Security Intelligence

A joint cyber security advisory co-authored by the FBI, the CISA and the Department of Health and Human Services warns of the activity of cybercrime group “Daixin Team,” which is targeting healthcare businesses in the US to extort them using ransomware.

Another cyber security advisory released by the FBI provides information about the current hack-and-leak activity of the Iranian criminal group Emennet Pasargrad. The group primarily targets Israeli entities.

A joint cyber security advisory by the NSA, the CISA and the FBI details the top Common Vulnerabilities and Exposures (CVEs) in use by People’s Republic of China state-sponsored attackers targeting US and allied networks.

Hot Topic of the Month

October month was Cybersecurity Awareness Month, but cyber threats need a year-round focus – not just a dedicated four weeks. Here are six areas to consider to make sure your security posture stands strong in the face of the booming number of threats:

  1. The evolution of the threat landscape – Cyber criminals are constantly developing their techniques and tactics to stay one step ahead of organizations’ security teams. Ransomware-as-a-Service is an example of the evolution of their methods.
  2. Phishing – Social engineering and phishing remain at the forefront of threat vectors. Companies need to invest in rigorous awareness training to ensure that employees act safely.
  3. Internet of Things (IoT) devices – IoT devices pose numerous risks to cyber security: just one breached device can allow a cyber-criminal access to a business’s entire network.
  4. Security and developers – Organizations need to consider how to integrate security practices into their development workflows in the wake of security events – the Log4J vulnerability, for example – which showed the serious impacts that software vulnerabilities can have.
  5. Cloud security – As cloud adoption accelerates, so do cyber-attacks attempting to extract data from the cloud. Threat identification capabilities are more vital than ever in cloud environments.
  6. Identity protection – Both businesses and consumers are vulnerable to the risk of identity theft and fraud. Electronic signatures and even, in some cases, biometrics are expected to become more prevalent.

Data breaches are skyrocketing and fines for mishandling them are increasing too. While Cyber Security Awareness Month has come to an end, that doesn’t mean it’s time to lose focus. Speak to an expert to help cover your security blind spots while you focus on building your business.

Speak to us about Your Security Needs

We help you find security solutions that work for your business and budget. Speak to one of our security specialists and protect your business and your employees.

Learn more
  • Managed Security, Cybersecurity User Awareness, Cybersecurity
  • Cyber Security, Cyber Threats, Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

IT Insights, October 2022 | SoftwareONE Blog

IT Insights, October 2022

The tech world is such a rapidly developing field that it can sometimes be hard to stay up to date. With our monthly IT insights, you’ll stay in the know. Read SoftwareONE’s October news, vendor insights and trending topics.

Cyber Security Update September 2022 | SoftwareONE Blog
  • 18 October 2022
  • Bala Sethunathan
  • Managed Security, Cybersecurity User Awareness, Cyber Threat Bulletin, Cybersecurity
  • Security, Azure, Data Breaches

Cyber Security Update, September 2022

Get the latest in Cyber Security news, breaches, trends and preventive measures from SoftwareONE’s September Cyber Security Update

Keeping Azure Secure – What You need to Know | SoftwareONE Blog
  • 13 October 2022
  • Bala Sethunathan
  • Security, Cloud Security, Cybersecurity User Awareness, Cybersecurity
  • Azure, Microsoft, Cloud

Keeping Azure Secure – What You Need to Know

Recently the Microsoft security team has been receiving signals indicating that some customers' Azure resources are being used for fraudulent activities ue to insecure or misconfigured subscriptions.