3 October 2023
2023
Cyber Security Today, Oct. 23, 2023 – Okta’s support system hacked, and examples to use for cyber awareness training
Howard Solomon
Excerpt:
“A threat actor has been able to capture the credentials of an unknown number of organizations using the Okta identity management system. The company said Friday that the hacker did it by accessing what’s called the HAR files that get uploaded to Okta support on request for troubleshooting browser problems. Security Week notes that a firm called Beyond Trust says it was the target of a cyber-attack that used this tactic IT departments that were affected have been notified by now. Okta recommends IT departments sanitize all credentials and tokens in an HAR file before they share it.”
CyberSecurity Malaysia report: Government sectors suffered most data breaches, while telcos spilled over 400GB of data in H1 2023
Angelin Yeoh
Excerpt:
“The national cybersecurity specialist agency under the Communications and Digital Ministry said that government ministries and agencies “are exposed to significant cyber risks, including vulnerable software, weak access controls, data exposure and other critical issues”. It recommended a comprehensive assessment across all government agencies, proposing that it cover web and hosting infrastructure, data centres, internal systems and the ministry's entire ecosystem.”
Financial institutions, then telcos in Singapore accountable to scam victims if found negligent under planned framework
Angela Tan
Excerpt:
“Telcos stand second in line as they are the infrastructure providers for SMS texts. Scammers have tried to impersonate financial institutions and other businesses using SMS that appear as legitimate ones sent by banks, for example.”
FBI warns of dual ransomware attacks, and other cybersecurity news to know this month
Akshay Joshi
Excerpt:
“The Federal Bureau of Investigation (FBI) is warning companies in the United States to be alert to the risk of dual ransomware attacks, in which the same organization is targeted more than once in quick succession.”
Cyber security trends 2023
https://commercial.allianz.com/news-and-insights/reports/cyber-security-trends-2023.html
Excerpt:
“Investments in cyber security are paying off but an evolving threat landscape will require much greater focus on early detection and response capabilities.
Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. 2023 has seen a worrying resurgence in ransomware and extortion claims, resulting in an uptick in costly incidents, demonstrating that although progress is being made, the threat posed by ransomware shows little sign of abating.
Reports note that the number of ransomware victims surged by as much as 143% globally during the first quarter of 2023 with January and February seeing the highest number of hack and leak cases in three years. Ransomware alone is projected to cost its victims approximately US$265bn annually by 2031.”
Cybersecurity Awareness Month 2023: Expert Perspectives To Defend the Digital Realm
Sumeet Wadhwani
Excerpt:
“For Cybersecurity Awareness Month 2023 this October, Spiceworks News & Insights brings you two cents from eight cybersecurity experts.
While social engineering, one of the earliest hacking techniques, is still relevant today, experts weigh in on the rise of artificial intelligence (AI), the importance of the right skills in tackling threats, the importance of rapid incident response, and more.
The theme chosen for Cybersecurity Awareness Month 2023 is ‘Secure Our World.’”
Bank Negara Clarifies Cyber Threat Alert After Warning On Pro-Israeli Hacker Targeting Malaysian Organisations Spreads
Shathana Kasinathan
Excerpt:
The warning was also shared on Malaysian social media platforms, including X, formerly called Twitter.
“BNM just released a memo asking all cybersecurity government or private sectors to strengthen the system. Malaysia may be attacked by Israel or outsiders because of DSAI's firmness on the Palestine issue. Keep fighting every tech guy in Malaysia!” one X user going by the name MirulHaziqRadzi posted.
North Korea’s State Hacking Program Is Varied, Fluid, And Nimble
Cynthia Brumfield
Excerpt:
“Experts say that the cyber program run by North Korea, or the Democratic People’s Republic of Korea (DPRK), is fluid and flexible, nimbly adapting to various activities, thanks partly to highly skilled, youthful hackers. Finally, some experts suggest that while North Korea has seemingly cooled its destructive actions since creating global havoc with the WannaCry worm in 2017, that’s because of a change in Pyongyang’s focus and not a diminution of capability.”
Malaysia lacks 12,000 cyber security experts
Bernama
https://www.dailyexpress.com.my/news/222150/malaysia-lacks-12-000-cyber-security-experts/
Excerpt:
“Malaysia still lacks around 12,000 cyber security experts of various fields to tackle cyber-attacks, which is one of the challenges faced by the Government in its national digitalisation agenda.”
MAS’ Cyber Security Advisory Panel Proposes Ways to Tackle Mobile Malware Scams and Generative AI Risks for the Financial Sector
Jaromir Horejsi
Excerpt:
“The Monetary Authority of Singapore’s (MAS) Cyber Security Advisory Panel (CSAP), comprising cybersecurity experts from around the world, convened its seventh annual meeting on 24 and 25 October 2023. The meeting discussed global cybersecurity trends and their impact on the financial sector, securing mobile banking and payments amidst the rise of online banking scams, as well as financial institutions’ (FIs) growing adoption of artificial intelligence (AI).”