Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Leaker Claims to Have Published 2TB of Data From Cayman National Bank

The biggest story this week affecting the offshore finance world is news that 2TB of data (equivalent to 620,000 photographs, and photos are normally much larger than Word documents, so conceivably millions of Word documents) from the Isle of Man branches of the Cayman National Bank and Cayman National Trust.

A pseudonymous Twitter account called Distributed Denial of Secrets--a play on the distributed-denial of service attacks that can bring down even the largest websites-- said that it was releasing "copies of the servers of Cayman National Bank and Trust." The account has also claimed to have released more information over the last few days and to have upgraded its servers to cope with traffic spikes.

https://www.tomshardware.com/news/cayman-islands-national-bank-hack-2tb

Whatsapp Users Urged To Update App Immediately Over Spying Fears

Users of WhatsApp, the popular cross-platform messaging app, have been urged this week to address fears that their devices could be used to spy on them thanks to a major security vulnerability:

https://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-update-latest-spying-security-spyware-india-cert-nso-a9210236.html

Social Engineering: The Insider Threat to Cybersecurity

SecurityBoulevard has an interesting piece this week with a useful explainer on Social Engineering and Social Engineering Prevention that is worth a read if this not an area you are familiar with.

https://securityboulevard.com/2019/11/social-engineering-the-insider-threat-to-cybersecurity/

These are the tricks hackers are using to hijack your email

TechRadar have a piece on Business Email Compromise (BEC) something that is a significant risk to all firms but especially to financial services firms and something that has affected firms in the offshore finance world with some firms locally having experienced losses running to hundreds of thousands.

Most BEC attacks take place on weekdays and during business hours to maximise effectiveness and normally only target small numbers of users.

Read the full article here: https://www.techradar.com/uk/news/these-are-the-tricks-hackers-are-using-to-hijack-your-email

Cyber security becoming top priority in the boardroom, say industry leaders

It looks like cyber is becoming more of a priority in Boardrooms according to a report from the London Business summit by PortSwigger.net. 

https://portswigger.net/daily-swig/cybersecurity-becoming-top-priority-in-the-boardroom-say-industry-leaders

In Guernsey cyber is getting a lot more focus with the recent Cyber Thematic review carried out by the GFSC and the findings presented to industry in the last couple of weeks, and new regulations coming into effect last year. The GFSC have made it clear to firms that this is Board level issue and Boards need to start being able to take an educated and informed approach to cyber and what their firms are doing to protect themselves against the risks the firm faces.

 Mystery surrounds leak of four billion user records

Threat researchers recently uncovered four billion user records on a wide-open Elasticsearch server, but who left them there is a mystery.

Different datasets contained, among other things, data on 1.5 billion unique individuals, a billion personal email addresses including work emails for millions of decision makers in Canada, the UK and the US, 420 million LinkedIn URLs, a billion Facebook URLs and IDs, over 400 million phone numbers and 200 million valid US mobile phone numbers. The second dataset contained scraped data from LinkedIn profiles, including information on recruiters.

The actual source of this data is shrouded in mystery but so much data on so many people means it is highly likely there will be records leaked relating to individuals and businesses in Guernsey and the other Channel Islands.

https://www.computerweekly.com/news/252474411/Mystery-surrounds-leak-of-four-billion-user-records

 110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Looking at healthcare but showing the impact ransomware can have on any and all sectors, a ransomware outbreak in the US has affected an IT company that provides cloud data hosting, security and access management to more than 100 nursing homes over there. The ongoing attack is preventing these care centres from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.

https://securityboulevard.com/2019/11/110-nursing-homes-cut-off-from-health-records-in-ransomware-attack/

Anyone in the Bailiwick who has recently purchased a device from OnePlus should be alert to anyone impersonating OnePlus in trying to obtain further information or trying to sell products or services.

https://www.trustedreviews.com/news/oneplus-data-breach-what-you-need-to-know-about-customer-hack-3957273

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our new regular ‘Cyber Tip Tuesday’ video blog, here and on our YouTube channel.

You can also follow us on Facebook and on Twitter