Zoho ManageEngine Desktop Central is an endpoint management solution offered by Zoho. A server running this software can push updates to managed systems, remotely control and lock them, apply access controls and more. In March 2020, a remote code execution (RCE) vulnerability was identified (tracked as CVE-2020-10189) in the ManageEngine software due to the deserialization of untrusted, user-controlled input in the getChartImage function of the FileStorage class within the application.

Having closed brick-and-mortar operations on March 16, 2020 for safety reasons, the nearly overnight shift to a purely e-commerce revenue model brought uncertainty. However, a rapid uptick in online sales provided a sense of relief, albeit short-lived. Our client became concerned when a closer look at the online transactions revealed an unusually large volume of electronic gift card purchases made using their private label credit card.

A new year typically brings a renewed sense of optimism; however, 2021 brings with it promises of unparalleled challenges for board members as their role in cyber risk oversight and increasing organizational resilience has never been more important. Over the course of 2020, as organizations shifted already overburdened staff to build capacity to support remote working, threat actors aggressively exploited weaknesses exposed in the transition.

Credit card attacks typically target point of sale (PoS) terminals at retail locations such as stores, restaurants and hotels. In the early stages of the COVID-19 pandemic, in-person retail activity greatly diminished, forcing criminals to seek other targets and to virtualize their operations.

Historically, one difference between a company victimized by ransomware and those hit with a hacking intrusion that resulted in stolen data was that in a ransomware attack, the data wasn’t actually stolen, but was encrypted so that the victim would have to pay a ransom to regain access. Unlike traditional data thefts, ransomware—the theory went—didn’t really steal data. It encrypted it so that the authorized users couldn’t get to it unless a ransom was paid.

It’s the time of year when many of us will be taking a well-deserved break, but unfortunately for consumers and organisations, cyber criminals don’t take holidays. A year of unprecedented alarm and uncertainty, coupled with the growing sophistication of cybercriminals, has nurtured the perfect breeding ground for online scams, which according to the Australian Competition and Consumer Commission (ACCC) have jumped a staggering 42% this year—with nearly AU$7 million lost.1