Cyber Security Resources
"Even the best cyber security defences can easily be breached
by 'Trusted' staff, client and supplier emails"
Early Dark Web detection of compromised credentials is the new prevention.
CRINS the double barrel approach to cyber security...
a double-check to support existing protection.
Cyber Security Report - Short Video with John Bellamy - case studies
CRINS Head of Channel Development, John Bellamy has put together a short video providing some recent case studies and 'plain speak' information to help bolster your existing cyber security defenses... Secured link here
Complimentary Intelligence Scan
CRINS White Knight service -
SPECIAL OFFER: Complimentary Dark Web Scan and Report - Please use this secure link for details and informational video to allow CRINS to run a dark web scan and report back to you on any exposed credentials that may be currently on the dark web relating to your business, that we can find - No charge. Our shout.
You can be assured of CRINS absolute discretion and confidentiality will be observed at all times.... Secured link here
Latest trends by Ransomware Gangs
In just the past week, for starters, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil - aka Sodinokibi - operators not leaking stolen data for free when victims don't pay, but instead auctioning it off to the highest bidder.
See more PDF here
Ransomware Gang Demands $42 Million From Celebrity Law Firm
Ransomware is morphing into Extortionware - The operators of the REvil ransomware strain are attempting to ratchet up the pressure on a high-profile New York law firm to pay a $42 million ransom before releasing more data on the firm's roster of celebrity clients, according to multiple reports and security experts.
In this case, the operators of the REvil ransomware are focusing their pressure campaign on the law firm of Grubman Shire Meiselas and Sacks, which represents some of the most recognizable celebrities in the world, including Lady Gaga, Madonna, Mariah Carey, U2, Bruce Springsteen, Mary J. Blige and many others. See more - PDF here
To Pay or Not Pay a Ransom
For anyone seeking to put a number to the problem, a recent survey asked IT professionals: "What was the approximate cost to your organization to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, etc.)?"
Ransomware victims that that did not pay a ransom reported, on average, $730,000 in recovery costs. But organizations that did pay a ransom reported an average total cost - including the ransom amount - of $1.4 million.
Those numbers are based on a survey conducted by market researcher Vanson Bourne in January and February for Sophos, which gathered comments from 5,000 IT professionals across 26 countries, including the U.S., Canada, France, U.K., Netherlands, Czech Republic, Australia, India, China and more. Those IT pros work at companies with 100 to 5,000 employees. See more - PDF here
Sodinokibi – Next-Gen - RaaS
HUBS At risk: MSPs - Associations - Accountants
CRINS Ransomware Update
GandCrab ransomware affiliates required more automation to allow and manage multiple points of attack and handle volume of ransoms paid daily from multiple sources.
The holy grail for affiliates was a version of RaaS (Ransomware as a Service), with scalable management tools, which enabled them to attack hubs of potential such as MSPs, Associations and Accountants.
The Affiliate’s targets needed to be able to pay the ransom easily and receive the decrypt key automatically with no further involvement by the affiliate. They now have it - it is called Sodinokibi.
Take Down Message
This is what the bad guys saw when they entered their Dark Web site after a take down... see here
Australia to update National Cyber Security Strategy
The Australian government is looking to update its national cybersecurity strategy by 2020. In preparation, it's released a discussion paper that seeks input from citizens, the business community, academics and other stakeholders.
"Despite making strong progress against the goals set in 2016, the threat environment has changed significantly, and we need to adapt our approach to improve the security of business and the community," Dutton notes.
Since Australia introduced its first cybersecurity strategy in 2016, Dutton notes, the government over the last three years had invested $230 million Australian ($158 million U.S.) in various improvements and updates to the country's infrastructure and security strategies, which includes 33 projects. But the paper notes that cyber incidents are costing Australian businesses some $29 billion each year and affecting nearly one in three Australian citizens... See PDF Discussion Paper here.
Forrester Research - Guide to Paying a Ransom
Conventional wisdom says that when your company suffers a ransomware attack, you should never pay the ransom. But hard-line conversations about whether to negotiate with cyber criminals takes a backseat to the reality that we're all beholden to the business and its key stakeholders.
Attackers Are Targeting Your Recovery Capabilities - Ransomware attacks are up 500% from this time last year, and more organizations than ever are finding themselves having to pay the ransom as attackers become more sophisticated and specifically go after your backups.
See Forrester Report as a PDF here
Allianz Risk Barometer 2018: Major Risks in Focus - Cyber Incidents
The 2018 Allianz risk barometer report from 1,911 risk experts across 80 countries indicates that business interruption and cyber incidents rank as the number 1 & 2 major threats to companies through 2018 and in the future. Cyber incidents continues an upward trajectory to 2nd most important business risk (40%). Five years ago it ranked 15th.
New threats such as “cyber hurricanes”, increasing reputational risk and tougher data rules mean businesses and risk experts are more concerned than ever. Risk Analytics. Just like a natural disaster, a single cyberattack can potentially impact hundreds of companies, leading to severe business interruption and loss of customers and reputation..... PDF here
ACCC Scamwatch statistics on reported scams -
Forbes Technical Council
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. This excellent article "The Growing Issue Of Compromised Credentials" is written by Steve Tout.... PDF here
Data Breach Legislation
This is an extract of the new Australian Data Breach Legislation now in place as from February 2018. - PDF here
OAIC - The OAIC administer the Notifiable Data Breaches (NDB) scheme
NOTE: The Australian NDB scheme applies to agencies and organisations that the Privacy Act requires to take steps to secure certain categories of personal information. This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.... website link