Context During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and…
Read More
On February 10, 2023, Phylum security researchers reported a resurgence in a previously seen campaign typosquatting legitimate Python PyPI packages with malicious packages to deliver a malware with cryptocurrency wallet clipboard replacing capabilities. Context In November 2022, Phylum reported a similar campaign “in which threat actors attempted to replace cryptocurrency addresses in developer clipboards with…
Read More
The term “cybersecurity” can oftentimes be ambiguous and difficult to define, no different than that of a single or multi-family office. But much like an Investment Policy Statement, identifying and defining risk down to the individual level is paramount in achieving both near-term and strategic objectives. In this blog post, we seek to shed light…
Read More
October is Cybersecurity Awareness Month, an opportunity for organizations to spend a little extra effort educating their non-security staff on security best practices. This training generally focuses on basics such as enabling MFA, strengthening passwords, and teaching the warning signs of phishing. While these actions can improve your security posture when successfully adopted, training is…
Read More
Since 2004, October has been recognized as Cybersecurity Awareness Month by organizations like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), which are dedicated to helping individuals better protect themselves against online threats. This year CISA and NCA are focusing on the human element of security, with the 2022 Cybersecurity…
Read More
Despite automation, machine learning, and all the rest of the state-of-the-art detection technology at our fingertips, attackers still slip through the cracks. You can utilize tools such as website application firewalls and endpoint discovery and response solutions, but one of the most important ways to reduce your risk of being the victim of a ransomware…
Read More
As the Russia/Ukraine crisis develops, RH-ISAC is working to provide guidance to the retail and hospitality community concerned with the situation’s impact on their operations. Historically, Russian cyber activities during regional conflict start with massive DDoS attacks against the target states’ communications and civil infrastructure organizations. Other opportunistic attacks such as ransomware and data breaches…
Read More
RH-ISAC held its first-ever Security Awareness Symposium in October. The event was designed to help professionals in the retail and hospitality industries hone their security skills and gain clarity on the biggest cybersecurity issues their companies face. The morning began with remarks from Suzie Squier, RH-ISAC president, and Ed Adams, president and CEO of Security…
Read More
