3 Updates Criminals Have Made to Ransomware
In the past year, ransomware has gotten faster, stealthier, and strikes harder. In a new paper from F5, they detail what the criminals are doing differently, how business are responding, and several strategies you can use. They also got some expertise from CI Security’s D-CISO.
https://www.linkedin.com/feed/update/urn:li:activity:6724328857169731584
This new malware uses remote overlay attacks to hijack your bank account
The new malware variant, dubbed Vizom by IBM, is being utilized in an active campaign across Brazil designed to compromise bank accounts via online financial services. [...] Vizom spreads through spam-based phishing campaigns and disguises itself as popular videoconferencing software, tools that have become crucial to businesses and social events due to the coronavirus pandemic.
https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/
Healthcare: Elite Data
We can’t change our blood type, our prescription lens, or a fondness for jumping from high things, once to the detriment of an important foot bone. Worse still, we can’t always change our mental health status or invisible injuries, such as anxiety. This permanence is what makes healthcare data elite data. We, as the victims, can’t always offset the consequences by reporting and disputing.
https://securityboulevard.com/2020/10/healthcare-elite-data/
Who Can We Trust to Safeguard Healthcare Data?
The number of reported healthcare data breaches and of breached records fell between January and June, but cyberattacks are expected to surge through to the end of the year, according to cybersecurity firm CI Security. That's because patient medical records "are worth as much as 10 times more than credit card numbers on the Dark Web," CI Security maintains. "Healthcare organizations will require more cybersecurity vigilance than ever before."
https://www.technewsworld.com/story/86887.html
Cyber-Attack on Mississippi Schools Costs $300,000
Following the attack, the school took its IT systems offline and engaged a cybersecurity firm to help recover data encrypted by threat actors. Classes at the school are operating as normally as possible under existing COVID-19 restrictions. The school board voted to pay a company $300,000 to recover the data that was encrypted by malware.
https://www.infosecurity-magazine.com/news/cyberattack-on-mississippi-schools/
Working from home leads 'sharp rise in cyber attacks' in Germany
The pandemic shifted targets for cyber attackers from individuals to major corporations, governments and critical infrastructure, according to an Interpol report published in August. The relative lack of security infrastructure of home working will mean "cyber criminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi," the worldwide anti-crime organisation said.
https://www.thelocal.de/20201020/home-office-leads-sharp-rise-in-cyber-attacks-in-germany
Personal Cyber Insurance For The Growing Risk Of Cyberattacks
In some cases, your insurance company might approve ransom payment for cyber extortion cases. But don’t pay it without getting your insurance company’s approval. The FBI recommends not paying ransom as it does not guarantee release of a decryption key and, in some cases, the cyber criminals demand more ransom after the first payment.
https://www.forbes.com/advisor/homeowners-insurance/personal-cyber-insurance/
Zurich North America shares top cyber concerns for risk managers
“Unprecedented change in the world requires us to think differently and act with agility. This survey reveals that customer expectations are changing as their level of sophistication about cyber risks have grown,” said Zurich North America head of professional liability and cyber Michelle Chia.
https://www.insurancebusinessmag.com/us/news/cyber/zurich-north-america-shares-top-cyber-concerns-for-risk-managers-236703.aspx
States Have Improved Election Cybersecurity, but Still Can Do More
Meanwhile, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is continuing to coordinate with state and local agencies on election security threats, especially from nation-state actors and cybercriminals. CISA is confident in election security protections that have been put in place but remains on high alert.
https://statetechmagazine.com/article/2020/10/states-have-improved-election-cybersecurity-still-can-do-more
Industry alert pins state, local government hacking on suspected Russian group
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Oct. 9 publicized a hacking campaign in which attackers breached some “elections support systems,” or IT infrastructure that state and local officials use for a range of functions. Those systems are not involved in tallying votes, and the advisory from U.S. officials noted that there was no evidence that the “integrity of elections data has been compromised.”
https://www.cyberscoop.com/russia-temp-isotope-election-security-mandiant/
Already facing grueling year, National Guard revs up for election and aftermath
The National Guard, already facing one of its busiest years, is prepping for election-related missions that include cybersecurity for local electoral authorities, ballot counting in at least one state and backup for police or if unrest erupts after the vote. The preparations come as the United States heads into one of its most contentious presidential elections, which is taking place in the middle of a global pandemic and amid persistent suggestions by President Trump that he may dispute the results if he loses.
https://www.washingtonpost.com/national-security/election-national-guard/2020/10/19/a7c118ae-0fd3-11eb-bfcf-b1893e2c51b4_story.html
Microsoft says it took down 94% of TrickBot's command and control servers
In an update posted today on its takedown efforts, Microsoft confirmed a second wave of takedown actions against TrickBot. The OS maker said it has slowly chipped away at TrickBot infrastructure over the past week and has taken down 94% of the botnet's C&C servers, including the original servers and new ones brought online after the first takedown.
https://www.zdnet.com/article/microsoft-says-it-took-down-94-of-trickbots-command-and-control-servers/
Phishing for secrets: Russian cyber experts believe defense industry is being attacked by North Korea
This may come as a surprise to some, as Russia is one of very few countries with no hostility towards Pyongyang, which has very few allies on the world stage. Speaking to Moscow daily Kommersant, experts explained that hacker group Kimsuky had attempted to collect confidential information from aerospace and defense companies through phishing attacks.
https://www.rt[.]com/russia/503896-north-korea-attack-russian-military/
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers
All 25 security bugs are well known and have patches available from their vendors, ready to be installed. Exploits for many vulnerabilities are also publicly available. Some have been exploited by more than just Chinese hackers, being also incorporated into the arsenal of ransomware gangs, low-level malware groups, and nation-state actors from other countries (i.e., Russia and Iran).
https://www.zdnet.com/article/nsa-publishes-list-of-top-25-vulnerabilities-currently-targeted-by-chinese-hackers/
Self-driving cars can be fooled by displaying virtual objects
Examples of how this was done include a virtual road sign along with an image of a pedestrian displayed using a projector or a digital billboard. This led Tesla to stop in 0.42 seconds whereas Mobileye 360 stopped in 0.125 seconds at a much quicker rate. This can be used maliciously by attackers in order to cause traffic jams and abrupt stops which could result in accidents.
https://www.hackread.com/self-driving-fooled-displaying-virtual-objects/
Adblockers installed 300,000 times are malicious and should be removed now
Many Nano extension users in this forum reported that their infected browsers were also accessing user accounts that weren’t already open in their browsers. This has led to speculation that the updated extensions are accessing authentication cookies and using them to gain access to the user accounts. Hill said he reviewed some of the added code and found that it was uploading data.
https://arstechnica.com/information-technology/2020/10/popular-chromium-ad-blockers-caught-stealing-user-data-and-accessing-accounts/
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After Effects, Adobe Photoshop, Adobe Premiere Pro, Adobe Media Encoder, Adobe InDesign and the Adobe Creative Cloud Desktop Application.
https://threatpost.com/adobe-critical-code-execution-bugs/160369/
Cybersecurity is the New Market for Lemons, Research Supports
Based on over 100 comprehensive interviews with business and cybersecurity leaders from large enterprises, together with vendors, assessment organizations, government agencies, industry associations and regulators, Debate Security’s research shines a light on why technology vendors are not incentivized to deliver products that are more effective at reducing cyber risk.
https://www.valdostadailytimes.com/news/business/cybersecurity-is-the-new-market-for-lemons-research-supports/article_18cca8e4-3553-5646-bd5f-b0cb71bbac7a.html
|