Email Security Monthly Review – September 2021
EasyDMARC’s Email Security Monthly Review contains a summary of the key events, news and developments regarding email security that took place across the world in September 2021.
SEC sanctions eight firms over cybersecurity failures
Eight US financial service firms have been sanctioned by the US Securities and Exchange Commission (SEC) for cybersecurity failures. As a result of the firms’ shortcomings, the corporate email accounts and personal data of thousands of people were compromised.
Some of the firms involved include KMS Financial Services, and subsidiaries of Cetera Financial Group and Cambridge Investment Group. All eight companies were fined hundreds of thousands of dollars each.
A press release issued by the SEC states that all eight companies “agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty”.
Security researchers discover Apple’s hack by Israeli firm
Citizen Lab security researchers have uncovered an exploit believed to have been used by government clients of Israeli spyware company NSO Group. The researchers claim that the exploit has been used to hack into iPhones and other Apple devices since February this year.
Apple released a patch to fix the exploit soon after it was informed of the vulnerability. The security researchers have stated that Apple’s haste to fix the issue highlights how serious their findings are.
In a statement to The Guardian, head of Apple security engineering and architecture Ivan Krstić, said: “We’d like to commend Citizen Lab for successfully completing the very difficult work of obtaining a sample of this exploit so we could develop this fix quickly.”
EasyDMARC’s domain scanner helps SMBs assess their email security risks
For busy SMB owners and IT staff, checking and improving their email ecosystem can be hard at times, because of factors such as a lack of time or in-house competences to focus on these aspects. Yet, small and medium businesses are the targets of 56% of hacking incidents in the US. They are a prey of choice for hackers who can leverage their lack of preparation, as 42% of SMBs owners don’t have plans in place to respond to these attacks.
To help business owners understand quickly and easily how secure their email ecosystem is, EasyDMARC proposes a solution that anybody can use. In one click, EasyDMARC’s domain scanner delivers a report that audits their 4 principal email security protocols: DMARC, SPF, DKIM and BIMI, along with guidance on how to improve them.
This way, SMBs can start protecting themselves more actively from financial losses and data leakage. EasyDMARC’s services can help them secure their systems, especially against business email compromise (BEC), which is by far the costliest form of cyber attack impacting businesses.
New email security services launched by Cloudflare
Cloudflare has announced the addition of two new email security features to its services. The internet infrastructure firm aims to build email security and verification technology into its range of services.
The first new feature is the addition of layers of email security to a domain, which creates records for Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). The second feature allows for email addresses from corporate-branded inboxes to be routed to whatever email infrastructure a business uses.
Matthew Prince, the CEO of Cloudflare, commented: “Our goal is to take features that were either expensive or reserved for large businesses and make them easy to use and make them available for a much larger audience.”
Record-breaking number of zero-day exploits in 2021
Several databases, researchers and cybersecurity firms state that the record for the highest number of zero-day exploits a year was broken in 2021. Cybersecurity defenders have caught approximately 66 this year thus far, almost double the number of exploits that were caught last year.
The rapid increase in the number of hacking tools available has been cited as one of the major contributing factors to the rise in zero-day exploits.
Airbus CyberSecurity and Alstom join forces
Airbus CyberSecurity and Alstom have signed a worldwide cooperation agreement, focusing on rail transport cyber-security. Under the agreement, the companies will collaborate to provide leading cybersecurity solutions covering industrial information systems across rail transport.
Alstom’s expertise in rail transport, in addition to Airbus CyberSecurity’s services in ensuring the security of industrial information systems will allow the pair to best serve rail operators.
Nicolas Razy, Director of Airbus CyberSecurity France, commented: “As specialist in the cyber-security of industrial systems, particularly in the transport sector, we are keen to contribute to securing the information systems of the rail sector along with Alstom.”
South Africa’s cybersecurity is falling behind, survey says
According to research by SurfShark’s, South Africa’s cybersecurity efforts lags behind other countries in Africa as well as globally.
SurfShark’s 2021 Digital Quality of Life Index ranked South Africa 68 out of 110 countries overall. The country was placed 85th for electronic security and 95th for cybersecurity.
South Africa’s poor electronic and cybersecurity performance is evident in the increase of high profile cyber breaches over the last couple of months, targeting the likes of Transnet and the Department of Justice.
Major increase in vehicle cybersecurity hacks, says report
A report from Upstream Security shows that there were at least 150 automotive cybersecurity incidents in 2019. These figures represent a 94% year-on-year increase, as compared to figures from 2016.
The rise in these incidents is indicative of how common and dangerous vehicle hacks are, especially as a result of communication methods being built into new vehicles.
106 hackers linked to Italian mafia arrested for scams
Europol recently announced that 106 people suspected of online fraud linked to the Italian Mafia have been arrested. Those arrested are claimed to have scammed hundreds of victims through phishing, SIM swapping attacks and business email hacking.
It is believed that the hackers accessed and stole a total of $11.7m from their scams.
Several popstars file claims over phone hacking incidents
A group of popstars including Melanie Chisholm and Shane Lynch have recently filed claims against Rupert Murdoch’s News Group Newspapers for alleged phone hacking incidents.
The firm has spent millions of pounds fighting similar cases annually, and even has an ongoing case brought against it by Prince Harry for hacking his voicemails.
Man imprisoned for scamming $1.8m from hundreds of victims
The United States’ Department of Justice has revealed that Joseph Asan Jr., a US Army Reservist, was involved in a scheme to commit romance fraud and business email compromise. Asan has been sentenced to 46 months and ordered to pay approximately US$1.8 million in restitution for his involvement in the scams.
Hacker group BlackMatter targets Olympus
Olympus has fallen victim to hacker group BlackMatter. It has been confirmed that ransomware from BlackMatter affected the company’s IT systems in some of its EMEA areas.
Olympus has reassured all customers that its “daily business operations are working as normal, ensuring the uninterrupted supply of our services for patients”.
Hackers attack agriculture firms
Multiple companies in the agriculture and food industries have recently been the targets of hackers. Some of the latest victims include meatpacking giant JBS USA and New Cooperative.
The food and agriculture sectors are known to have vulnerabilities that are easily exploited by hackers, especially since they rely heavily on technology.