Author: Javvad Malik

Comment on Experts Insight On Holiday Inn Hack by Javvad Malik

This is not the first time a hotel chain has been attacked. From a criminal business perspective, it makes a good target. Hotels will typically have invested less in security compared to other industries such as finance, yet hold extremely sensitive personal information of its customers which includes travel information, passport numbers, credit card details, among others. While details are limited at the moment as to the exact nature of the attack and whether any data was compromised, it’s a reminder for the travel and hospitality industry to remain vigilant against cyber attacks and to have relevant controls in place to protect, detect, and respond to attacks.

Comment on Password Manager With 25 Million Users Confirms Breach, Expert Weighs In by Javvad Malik

As password managers have grown in popularity and use, they have become more attractive targets to criminals. LastPass did well to spot the intrusion into their dev environment, where most organisations probably would have missed it and it is commendable that they communicated the incident clearly to its customers. Maintaining clear communication and setting expectations is of key importance because it is what trust is built on, and password manager providers, like many security products, are built on trust. If people lose confidence in the security of the product, or the organisation’s lack of transparency, that in itself can be more damaging than any actual breach.

Comment on Lloyds Of London Ends Insurance Coverage For State Cyber Attacks, Expert Weighs In by Javvad Malik

The cyber insurance market is still in the early stages and there will likely continue to be many changes in how cyber insurance is offered. The biggest challenge with the latest guidance by Lloyds is one of attribution. It is almost impossible to attribute attacks with certainty to a nation state. There may be indicators to point to a certain nation state group but proving the fact will be tricky without extensive investigations. Last week, a Minnesota computer store was unable to get cyber insurance paid out for losses it suffered as a result of a social engineering attack. <a href=”” target=”_blank” rel=”noopener nofollow ugc”></a> 

With these and other factors that come into play, it won’t be long before one has to ask the question, what exactly <is> covered by cyber insurance and whether it is worth the cost.

Comment on Twilio Suffers Phishing Attack, Compromising Customer Data – Expert Commentary by Javvad Malik

In recent times we’ve seen a large uptick in SMS phishing (Smishing) scams. One of the reasons for their popularity is because corporate controls such as email gateways or other perimeter controls don’t filter out SMS messages. Also, people are less likely to inspect links on their phone and can easily follow links while distracted. Therefore, it’s vitally important that people are told of the threats that can occur via SMS and encourage employees to report any suspicious messages they may receive so that the security team can investigate appropriately.

Comment on LockBit Ransomware Gang Claims It Ransacked Italy’s Tax Agency by Javvad Malik

“This is an example of the ever-increasing move from traditional ransomware to double and triple extortion, whereby criminals will steal data from the victim organisation and leverage the stolen data for additional payments. 

What often gets overlooked in these stories are the fundamental questions of how criminals got into organisations, how were they able to move around undetected and exfiltrate large quantities of data, often over a long period of time?

When we examine the root causes, we frequently find that criminals will take advantage of unpatched software, weak credentials, or social engineer their way into victims’ environments. After that, the lack of monitoring and threat detection controls allows criminals to move around the network at will. 

While the huge impact such acts have is undeniable, if organisations took a few fundamental steps by training staff, implementing strong credentials (MFA), patched vulnerable systems, and had some monitoring controls in place they could greatly reduce the overall risk.”

Comment on Neopets Data Breach Exposes Personal Data Of 69 Million Members by Javvad Malik

“All organisations, regardless of size or industry can be targeted by cyber criminals. We’ve seen toy manufacturers and game developers hit in the past due to the vast amount of personal data they collect.

Such organisations should be mindful of the information they gather and the purpose of it. Holding excessive data means greater liability should a breach occur.

Similarly, we see criminals aggressively targeting NFTs, cryptocurrencies or other components of web 3.0. This is why it’s important for organisations to take into consideration all security requirements before embarking on the journey to implement new technologies.

Any users impacted by the breach should ensure the password they used for Neopets isn’t used elsewhere and if so, change them immediately.”

Comment on Cyberattack Blocks Albania’s Public Online Services by Javvad Malik

“Details are limited at the moment, so it is unclear as to what the attack is. However, as we’ve seen in the past, many sophisticated attacks turn out to not be so sophisticated and can be boiled down to a few key issues such as misconfigurations, poor passwords being exploited which give attackers access to internal systems, a social engineering attack, unpatched software being exploited, or a malicious or non-malicious insider making unauthorised changes.

Whatever the root cause, it looks like the Albanian response is not taking any chances by shutting down all government services.

While this is one response. Organisations and nations need to weigh up the risks of taking down online services. For many citizens, many services are only accessible online, and taking down of services can leave them out in the dark.”

Comment on While There Be More Cyber Attacks Due To Ukraine Conflict? by Javvad Malik

Test – This new advice from BaFin showcases how intertwined cyberwarfare has become with traditional war. At this time, all organisations, not just those in the financial sector need to ensure their cybersecurity controls are effective and their organisation is resilient against attacks and outages.

Good incident response plans are those which are drawn up in advance so that organisations know what alternative services or utilities will need to be used.

While technical security controls are worth investing in, organisations should not ignore the impact a strong security culture can have on reducing risk.