IT Security Hacking News IT Security Hacking News

  • Slides: 11
Download presentation
IT Security: Hacking News

IT Security: Hacking News

IT Security: Hacking News 6/1/16: Hackers infected, at least, 3 regional power authorities in

IT Security: Hacking News 6/1/16: Hackers infected, at least, 3 regional power authorities in Ukraine, causing blackouts across the Ivano-Frankivsk region.

IT Security: Hacking News 5/1/16: Hackers place the malicious file inside emails masquerading as

IT Security: Hacking News 5/1/16: Hackers place the malicious file inside emails masquerading as delivery notifications, unpaid invoices, and such. Once the file is launched, encrypts the victim’s hard-disk, displays ransom note where victims are supposed to pay to recover their files.

IT Security: Hacking News 24/12/15: Hyatt Hotels Corporation notified its customers that credit card

IT Security: Hacking News 24/12/15: Hyatt Hotels Corporation notified its customers that credit card numbers & other sensitive info may have been stolen after it found malware on the computers that process customer payments.

IT Security: Hacking News 17/12/15: downloaded 1. 6 m passengers info, used it to

IT Security: Hacking News 17/12/15: downloaded 1. 6 m passengers info, used it to defraud hundreds of customers by convincing them that there was some issue with their booking flights, and they had to pay extra fees

IT Security: Hacking News 30/11/15: the personal details of about 4. 8 m parents

IT Security: Hacking News 30/11/15: the personal details of about 4. 8 m parents and photos of more than 200, 000 children were leaked.

Verizon’s 2015 Data Breach Investigations Report (70 organisations from 61 countries) 1) 700 million

Verizon’s 2015 Data Breach Investigations Report (70 organisations from 61 countries) 1) 700 million compromised records. 2) Phishing is a major and growing problem. Accounts for 20% of recorded incidents. According to Verizon, “a campaign of 10 emails yields a greater than 90% chance that at least one person will become the criminal’s prey” 3) Almost 85% of the breaches were attributed to external hacking. 4) 99. 9% of vulnerability exploits happen more than a year after the vulnerability was disclosed. 5) Insider incidents usually involve privilege abuse. Verizon reported that 55% of insider incidents involved abuse of privileges.

2015 UK Information Security Breaches Survey by Pw. C. Total 664 respondents 1) 73.

2015 UK Information Security Breaches Survey by Pw. C. Total 664 respondents 1) 73. 5% of the organisations suffered an infection by malware. This was an increase in the equivalent 2014 figures of at least 15%. 2) 2015 security breaches increased in the equivalent 2014 figures of 10. 1% Privacy Rights Clearinghouse 2015 – security breaches in US 1) The number of records compromised are on the rise. 2015 almost doubled the 2014 tally of breached records. 2) External hacking is far and away the leading source of breaches, and the percentage is growing. Of the total records that were compromised In 2013, external hacking accounted for 83. 77% In 2014, 98. 73% In 2015, 99. 99%

Recommendation Risks Mitigation Timeline Regular systems / software patches External Hacking, Ongoing Malwares, Vulnerability

Recommendation Risks Mitigation Timeline Regular systems / software patches External Hacking, Ongoing Malwares, Vulnerability Exploits Employee Awareness Phishing, Malwares Staff Induction FTP MMM (Quarterly) Baseline Phishing, Malwares Done using Dec 2015. Susceptibility Conduct Random Phishing, Malwares (groups) – Random (schedules) Phishing Attacks Last done in Dec 2015. Quarterly.

Recommendation Risks Mitigation Timeline Encryption of data in External Hacking, Q 1 2016 servers

Recommendation Risks Mitigation Timeline Encryption of data in External Hacking, Q 1 2016 servers Malwares, Vulnerability Exploits 2 FA External Hacking Q 1 2016 Vulnerability Scans External Hacking, Vulnerability Exploits Penetration Test by External Hacking, Certified Information Vulnerability Exploits Systems Security Professional (CISSP) Last done for finexis advisory portal, nexus, finexis website in Jan 2016. Twice a year Q 1 2016 Once a year

Recommendation Risks Mitigation Daily monitoring of any changes to web application files External Hacking,

Recommendation Risks Mitigation Daily monitoring of any changes to web application files External Hacking, Feb 2016 Malwares, Vulnerability Exploits Web Application Firewall External Hacking, Q 2 2016 Malwares, Vulnerability Exploits Insider Incidents Q 2 2016 Tools to prevent system/database administrator to read the data External hosting of External Hacking and finexis website, portal, segregates from client vepo data Timeline Q 2 2016