01 Mar Security Breach – 1 Mar 2024
Cyber threats are evolving and growing faster than ever before. That means defenders need every advantage they can get to stay one step ahead of the bad guys. Network penetration testing, or pen testing, is an IT professional’s secret weapon for preventing cyber trouble. Pen testing, sometimes referred to as ethical hacking, is a systematic process of evaluating the security of a computer system, network or web application by simulating real-world attacks. In a pen test, authorised security professionals, known as penetration testers, attempt to locate and exploit vulnerabilities in an organization’s infrastructure, just as a malicious attacker would. The goal is to identify weaknesses before they can be exploited by cybercriminals – and you’ll be surprised at some of things a pen test turns up.
Some companies may think that because they already do vulnerability scanning, they don’t need to do pen testing. But that’s not the case. Pen testing and vulnerability scanning are not the same thing. Vulnerability scanning is an automated process that scans systems and networks for known vulnerabilities, providing a broad overview of security weaknesses. But it doesn’t assess the exploitability or impact of these findings in a real-world context. In contrast, pen testing is an in-depth, hands-on approach that simulates real-world attacks to identify and exploit security vulnerabilities in systems, applications and networks, aiming to understand the potential impact of an attack on an organisation’s resources.
Recent Breaches
Germany – PSI Software – Logistics Software Company
Exploit: Ransomware
Risk to Business: Extreme: German critical infrastructure software and logistics platforms vendor PSI Software has been knocked out by a ransomware attack. The company, providers of software used to provision critical infrastructure, was forced to shut down all external connections and systems last week. The problem was first revealed unusual activity was spotted on PSI’s network on February 15. PSI said that it doesn’t see evidence that customer sites were hacked, and bad actors did not gain access to remote connections for the maintenance of customer systems.
United States –Change Healthcare – Healthcare Technology Provider
Exploit: Hacking
Risk to Business: Severe: Change Healthcare is admitting that it has experienced a successful cyberattack that has caused widespread disruptions to healthcare services and prescription processing across the U.S. The healthcare technology company is part of Optum and owned by UnitedHealth Group. The trouble began on February 21, when bad actors were able to exploit the ConnectWise vulnerability. More than 100 Change Healthcare applications across pharmacy, medical record, clinical, dental, patient engagement, and payment services are affected. Some reports are pointing to a state-sponsored threat actor as the culprit.
Talk to a TCT team member today about implementing cyber security plan for your business.
Robert Brown
01/03/2024
Related Articles:
Are Your Smart Devices Spying On You?
AI Trends Sweeping Cybersecurity