Attribution Unknown in Tribune Publishing Attack

Infosecurity Magazine | January 02, 2019

Attribution Unknown in Tribune Publishing Attack
The malware attack that disrupted the printing operations of the Chicago Tribune and other Tribune Publishing newspapers, including the Los Angeles Times, remains under investigation with no clear evidence that points to a source responsible for the attack, according to the Chicago Tribune. “Sunday print editions were delivered in its markets across the U.S. but did not contain classified ads and some paid death notices, which share a common system disrupted by the malware," the Chicago-based company said. The attack, which was reported to the FBI on December 28, 2018, disrupted newspaper delivery to Los Angeles Times subscribers, for which the company apologized in a note to readers. As is often the case with high-profile attacks, people want to know what happened, yet the investigation remains ongoing despite some reports attributing the attack to the Lazarus Group, an advanced persistent threat (APT) group linked to North Korea. Some have been inclined to point to North Korea because an unidentified source familiar with the investigation reportedly said the malware had been identified as Ryuk ransomware, which has previously been linked to the Lazarus Group.

Spotlight

The M-ternds report by Mandiant, provides a brief overview of the how attackers’ motives and tactics changed in 2014. It also shows various trends in Cyber Threat Landscape and what are the startegies you organization can deploy to stay ahead of cyber attacks.

Related News

NCG Extends Support to DoD Vendors with Crucial Tool for Cybersecurity Maturity Model Certification

NCG | July 07, 2020

Northcross Group (NCG) announced its latest innovative tool, a questionnaire to support the Cybersecurity Maturity Model Certification (CMMC)— a new U.S. Department of Defense (DoD) process going into effect later this year. DoD will use CMMC to ensure a base level cybersecurity capability across the full Defense Industrial Base supply chain. Certification under CMMC will be required for all DoD vendors to renew or win new contracts starting later this year.NCG, a leader in cybersecurity services that support companies navigating through vast and complex business challenges while maintaining a business edge, has developed a free online questionnaire as a first step for DoD vendors to determine how they currently measure up to the CMMC model.The questionnaire helps an organization know where they stand and understand what is needed to achieve their targeted CMMC Maturity Level. "As a DoD vendor ourselves, we understand the challenges of maintaining compliance and seek to provide a way for companies to get a good starting point," said Chris Bender, President of NCG. "We have helped organizations in healthcare, transportation, and banking build cybersecurity programs to meet similar requirements, and know having a good read on their current state is important," added Mr. Bender.

Read More

Cyber Security Market to Benefit from Increasing Application of AI and IoT Technologies

globenewswire | August 24, 2020

The global cyber security market value is expected to reach USD 281.74 billion by 2027, from its current standing at USD 112.01 billion. According to the report by Fortune Business Insights, titled “Cyber Security Market Size, Share & Industry Analysis, By Solution (Network Security, Cloud Application Security, End-point Security, Secure Web Gateway, Internet Security and Others), By Deployment Type (Cloud and On Premise), By Enterprise Size (Small & Medium Enterprise and Large Enterprise), By End-Use (BFSI, IT and Telecommunications, Retail, Healthcare, Government, Manufacturing, Travel and Transportation, Energy and Utilities and Others) and Region Forecast, 2020-2027” The report also contains an in-depth analysis of the various factors and dynamics that will shape the market during the forecast period.

Read More

PLATFORM SECURITY

Credence Security Signs Partnership Agreement with Infosec Ventures to Deliver Human-Centric Security Solutions to the Middle East

Credence Security | August 25, 2021

Credence Security, a leading regional specialized value-added distributor for cybersecurity, forensics, governance, risk and compliance solutions, today announced that it has signed a partnership agreement with Infosec Ventures' HumanFirewall, a leader in human cyber risk mitigation and management. Under the agreement, Credence Security will be responsible for promoting and delivering Infosec Ventures' HumanFirewall® platform across its robust channel network in the Middle East. Infosec Ventures' offerings are available entirely on-premises or in a local cloud, in line with compliance and data sovereignty regulations, specifically for mission critical organizations in the government as well as large enterprises. Hackers are increasingly preying on the human element of cybersecurity, as a primary attack vector. According to the Verizon 2021 Data Breach & Incident Report (DBIR), over 85% of data breaches involved human error. In the Middle East, a 2020 study by the Ponemon Institute and IBM Security, revealed that the average cost of a data breach per company in the region is $6.53 million, which is higher than the global average of $3.86 million per incident. The report also identified human error among the most common root causes of data breaches in the UAE and Saudi Arabia. Additionally, similar industry studies have indicated that more than 90% of successful cyber-attacks begin with an email. These figures highlight a significant need for solutions that will not only safeguard business-critical systems but will also transform employees into an organization's best cybersecurity asset. HumanFirewall® transforms employees from an organization's weakest link into their strongest line of defence. It is a world-first security awareness and training platform that also works when real attacks strike. It augments with technology what humans lack in attention. It gamifies the learning experience via phishing simulations, builds individual risk-profiles, rewards real-time reporting, remediates incidents instantly, orchestrates auto-blacklisting enterprise wide via easy to deploy one-click integration with Microsoft 365 (O365), Google Workspace (formerly GSuite) and Exchange. The solution is trusted by top corporations in 142 countries. "We selected Credence Security as our regional value-added distributor based on our shared ethos of being a channel-centric business. Besides their proven market expertise and extensive channel network, Credence Security has a strong understanding of our needs and vision as a leading vendor in the region. Also, like us, they are passionate about cybersecurity. We are confident that by partnering with a premier distributor such as Credence Security, we can further accelerate our already strong local presence and fast-track our growth." Garreth Scott, Managing Director, Credence Security, said, "People's desire to quickly process information with minimal effort has created a unique vulnerability in the digital age, making them the weak links in the cyber chain. We firmly believe that HumanFirewall's innovative cybersecurity tools, backed by its exceptional team of industry experts, address a compelling demand for a modern approach to securing the human element. We are looking forward to bringing their ground-breaking solutions to our partners and customers across the Middle East region." ABOUT CREDENCE SECURITY: Established in 1999, Credence Security, a PAN-EMEA speciality Value-added Distributor, is a leader in Cybersecurity, Forensics, Governance, Risk and Compliance. With headquarters in Dubai and regional offices in Johannesburg, London, Nairobi, and Hyderabad. We are a pure-play provider of security and forensics solutions, to both public and private sector enterprises across Europe, Middle East, Africa and India, through a select network of specialist resellers. ABOUT HUMANFIREWALL HumanFirewall transforms employees from an organisation's weakest link into their strongest line of defence. It is a world-first security awareness and training platform that also works when real attacks strike. It augments with technology what humans lack in attention. It gamifies the learning experience via phishing simulations, builds individual risk profiles, rewards real-time reporting, remediates incidents instantly, orchestrates auto-blacklisting enterprise-wide via easy to deploy one-click integration with O365, GSuite and Exchange. Trusted by top corporations in 142 countries.

Read More

Spotlight

The M-ternds report by Mandiant, provides a brief overview of the how attackers’ motives and tactics changed in 2014. It also shows various trends in Cyber Threat Landscape and what are the startegies you organization can deploy to stay ahead of cyber attacks.