User Records Leaked on Telegram | Cyber Security Skills Gap Contributed to 80% of Breaches | United States Cybercrime Tracking Bill

May 16th

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group


User Records Leaked on Telegram

Cybercriminals have leaked millions of VPN users’ data for free on the messaging app Telegram. The data that has been leaked includes personal information like email addresses, names, passwords, and payment information.

Millions of users of GeckoVPN, SuperVPN, and ChatVPN were affected by the data breach that took place on May 7th when a group of anonymous attackers placed their personal information on Telegram for free. In total, the information of roughly 21 million users was placed on Telegram.

The exposed database contains 10GB of sensitive information. However, the information was first listed for purchase on the dark web in 2021, with the file being dated 2021-02-25 (February 25th, 2021).

Anyone who has a VPN account is being encouraged to double check that they have not been affected and to take steps to secure their accounts. It is advised they create new, stronger passwords while also ensuring they have enabled multifactor authentication.

Source - VPN User Records Leaked - Toolbox

Source - VPN User Records Leaked - VPN Mentor

Source - VPN User Records Leaked - Hack Read

Source - VPN User Records Leaked - Information Security Buzz

Cyber Security Skills Gap Contributed to 80% of Breaches

Fortinet has released their 2022 Cyber Security Skills Gap Report which highlights several key findings. The report examines the widespread global impact of the cyber security skills shortage, advancing cyber security skills through training and certifications, and Addressing recruitment and retention challenges with diversity commitments.

  • 80% organisations surveyed have suffered at least one breach they could attribute to a lack of cyber security skills or awareness
  • Globally 64% of organisations experienced breaches that resulted in loss of revenue, recovery costs and/or fines
  • 95% of leaders believe technology-focused certifications positively impact their role and their team, while 81% of leaders prefer to hire people with certifications
  • 91% of respondents shared they are willing to pay for an employee to achieve cyber certifications
  • 87% of organisations have implemented a training program to increase cyber awareness. However, 52% of leaders believe their employees still lack necessary knowledge, which raises question around how effective their current security awareness programs are
  • A significant challenge for organisations has been finding and retaining the right people to fill critical security roles. The report found that 60% of leaders admit their organisation struggles with recruitment and 52% struggle to retain talent
  • Among hiring challenges is the recruitment of women, new college graduates and minorities. Globally, 7 out of 10 leaders see the recruitment of women and new graduates as a top hiring hurdle and 61% said hiring minorities has been challenging

More information on Fortinet's report, as well as more of their findings, can be viewed by checking out the sources below.

Source - Cybersecurity Skills Gap Report 2022 - Fortinet

Source - Cybersecurity Skills Gap Report - Intelligent CIO

80% organisations surveyed have suffered at least one breach they could attribute to a lack of cyber security skills or awareness
Fortinet report

United States Cybercrime Tracking Bill

Moving over to the United States, President Biden has signed into law a new bill which is hoping to improve how the US Government tracks and prosecutes cybercrime.

It is called the Better Cybercrime Metrics Act. It will require the US Department of Justice (DOJ) to work with the National Academy of Sciences to develop a taxonomy which law enforcement can use to categorise different types of cybercrime.

It also gives the DOJ two years to establish a category in the National Incident-Based Reporting System for the collection of cybercrime reports from federal, as well as state and local officials.

Importantly, the bill requires the Government Accountability Office to report on the effectiveness of existing cybercrime mechanisms and highlight disparities in reporting cybercrime data against other types of crime data. It also requires the National Crime Victimisation Survey to add questions related to cybercrime in its surveys.

For context, last year the FBI’s Internet Crime Complaint Center (IC3) received 847,376 complaints – a new record. As well as losses exceeding $6.9 billion, a large jump from the $4.6 billion reported a year earlier in 2020. It’s important to note however that these figures only include the cybercrimes that were reported and tracked. One estimate believes that IC3 only collects information of one in 90 of all cybercrimes committed.

It is hoped that this new law will help to reduce this number and provide greater clarity on the extent of cybercrime in the US.

Source - Better Cybercrime Metrics Act - US Congress

Source - Better Cybercrime Metrics Act - Forbes

Source - Better Cybercrime Metrics Act - The Register

Source - Better Cybercrime Metrics Act - Duo Security

Source - Better Cybercrime Metrics Act - Security Magazine

If you want to get in touch then give us a shout