While it is time to celebrate the progress that is being made in raising awareness among both organizations and individuals in their private lives about the importance of staying safe, we know that not everything is rosy.
That is why we want to review the current situation, the cyber incidents that have occurred most recently and, of course, talk about recommendations to avoid being victims of cybercrime.
AirEuropa, in the spotlight
Without a doubt, the most famous case has been that of the famous airline. More than 100,000 customers have had their credit card data leaked, including the CVV code and expiration date, necessary to make online purchases.
With this information, the possibility of committing fraud comes on a silver platter, which is why AirEuropa has contacted those affected with the recommendation to immediately inform their bank and cancel the card.
After analyzing what happened, and taking into account that the company complies with PCI-DSS regulations (which, among other issues, guarantees that they do not store CVV codes), everything points to a web skimming attack. This attack consists of entering the company’s servers and modifying the source code so that, instead of simply using this data without storing it, it is sent to the cybercriminals’ servers.
While the investigation is underway to definitively clarify what happened, clients must act according to what is in their power to protect their accounts. To do this, following the recommendations provided by the airline is essential, as well as reviewing the movements in your bank accounts in recent months in search of suspicious charges.
Geacam, a new blow for the public administration
The public company Environmental Management of Castilla-La Mancha, in charge of managing fires in the area, has been the victim of a ransomware attack that has encrypted and rendered a large part of its computers useless. The cybercriminals ask for a ransom of $75,000 for its recovery, which the organization has flatly refused.
This has caused an impact not only on the organization’s activity, but also on its payrolls, since only collaborators in the province of Guadalajara saw theirs intact. As for the rest, further adjustments were necessary in order to collect the correct amount.
Ransomware attacks are among the most common today, with numerous cybercriminal groups that use this type of malicious programs to achieve their objectives. Although it is true that it is possible to implement it in the organization’s systems through the exploitation of technical vulnerabilities, in many cases they do so through human ones. They just need to send an email with an infected file to employees and wait for someone to decide to click, or look for their weak or leaked passwords to use to impersonate them. However, they not only use email, but also use tools such as SMS or WhatsApp. Other techniques involve vishing or fraudulent phone calls in which they offer the collaborator a program to supposedly help them; or abandoning infected removable devices to spread malware as soon as they are connected to the computer (baiting).
The health sector, one of the most attacked
It is clear that any organization is exposed to cyberattacks, regardless of whether it is large, medium or small, nor the type of activity it carries out. However, some sectors are resisting even more, such as healthcare.
In fact, according to a report by S21Sec, in the last semester there has been an increase of almost 55% in cyberattacks in this sector.
An incident in a health institution is especially sensitive, since we are not only talking about the personal data of citizens, but also data relevant to the investigations that are being carried out in the sector and which costs so much effort to collect and process, and even the operation of the different electronic devices used in hospitals.
Furthermore, according to the International Development Bank’s (IDB) cybersecurity guide in the health sector, it takes almost a year on average to realize that an incident has occurred, which is worrying.
On many occasions, these incidents occur through third parties. Cybercriminals put the healthcare institution at the center of the target, and to reach it they attack suppliers and other companies with which they have a relationship.
This highlights the need to reinforce security in the institutions of this sector, both at a technical and human level, with tools that allow for robust defense systems and awareness that trains collaborators on how to act in this matter.
Google is not immune from cybercriminals either
The American giant has also recently suffered a cyberattack, although in this case it was a denial of service attack. For those who are not familiar with this type of attack, it involves massively launching millions of requests in order to collapse the system. This causes legitimate users to be unable to use the services offered by this company.
However, they were able to contain it thanks to their large infrastructure, something that another smaller organization or one that allocates fewer resources to security could not have supported.
D-Link and the unfortunate email
This company, dedicated to the manufacturing of network equipment, has also seen certain data exposed after being victims of a phishing attack. These types of attacks consist of malicious emails that include infected files and/or links that redirect to fraudulent pages. Their goal is to infect the device in question or capture the data entered on these deceptive web pages.
The cyber attackers claimed to have obtained not only part of the source code of the D-View software, developed by this company, but also personal data of numerous Taiwanese officials.
Although D-Link assures that the stolen information is old and that the data at the time of login has been manipulated to make it appear recent, we cannot stop talking about a security incident. In principle, according to the entity’s words, it is unlikely that its current clients have been affected, but it still reflects a hole in the organization’s defenses.
Recommendations
October is cybersecurity month, but it is not the only time of year when we must remain alert and strengthen our posture. To maintain the security of our organizations we must do the work of identifying those areas to strengthen, and for this we bring a series of recommendations from Kymatio.
- The most basic of all: having security software, such as antivirus and antimalware, to detect and prevent threats. Of course, all these solutions and programs must be updated, as well as our operating system, so that they apply the latest security patches.
- The software is not the only important thing. Implementing firewalls and network security solutions to detect and block malware is also essential to stop threats before they reach our devices. Network monitoring will be what allows us to respond quickly to them.
- Make backup copies frequently. This is essential, since in the event of an incident (such as the aforementioned ransomware) it will be what favors a prompt recovery of the information. These copies must be saved on different servers and at least one of them offline.
- Implement strong access and authentication policies to prevent unauthorized access. Especially if we are talking about sensitive information, two-factor authentication should be an essential measure.
- And, last but not least, we have employee awareness. Most incidents involve human error, as reflected in the D-Link case: clicks on suspicious links or files, accidental disclosure of sensitive information to unauthorized people, exposed or too weak credentials… The causes can be very varied. , but these risks could be mitigated with a sufficiently robust awareness program.
How does Kymatio® help organizations?
Kymatio® is a human cyber risk management SaaS that offers companies everything necessary to mitigate security risks associated with people.
For employees, a personalized awareness program based on their needs, respecting their time without sacrificing effectiveness.
For the organization, visibility on the evolution of risk in the organization through metrics, different tools in one (automatic employee awareness with original content, simulations of social engineering attacks, monitoring of exposed credentials) and optimization of time spent by the Security team.
If you want to know how we do it and how we can help your organization, contact us.