Login
This week, we welcome Matt Allen, Senior Solutions Engineer at VIAVI Solutions, to discuss Collaboration between NetOps and SecOps in today's world! In our second segment, we welcome Lorrie Cranor, Director of CyLab Security and Privacy Institute at Carnegie Mellon University, to discuss Research on Security and Privacy labels for IoT devices! In the Security News, Two Zoom Zero-Day Flaws Uncovered, Millions of routers running OpenWRT vulnerable to attack, Marriott says 5.2 million guest records were stolen in another data breach, PoC Exploits for CVE-2020-0796 (SMBGhost) Privilege Escalation flaw published, and we welcome our very special guest for tonight, Dave Kennedy, who joins us to talk about Video Chat Client Vulnerability History and the recent Zoom Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/PSWEpisode645
For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about 8,000 Redis instances running unsecured in different parts of the world, even deployed in public clouds. Also, read about a new Windows malware, called “Coronavirus,” that makes disks unusable by overwriting the master boot record (MBR).
Read on:
COVID-19: How Do I Work from Home Securely?
In light of the current COVID-19 crisis, shelter-in-place orders have forced many companies to support remote work. However, hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. In this blog, learn about some of the major threats to home workers and their organizations, and what can be done to keep hackers at bay.
Vulnerability Researchers Focus on Zoom App’s Security
Researchers have turned up security and privacy flaws in Zoom, which has had success during the pandemic. In late March, one red-team member found that Zoom would display universal naming convention (UNC) paths as links, which, if clicked, would send a username and password hash to an attacker-controlled system. In this article, Brian Gorenc of Trend Micro’s ZDI program shares insight into Zoom vulnerabilities.
More Than 8,000 Unsecured Redis Instances Found in the Cloud
Trend Micro discovered 8,000 Redis instances running unsecured across the globe, even deployed in public clouds. The instances have been found without Transport Layer Security (TLS) encryption and are not password protected. When left unsecured and allowed to be internet-facing or integrated into IoT devices, cybercriminals can find and abuse Redis servers to launch attacks such as SQL injections, cross-site scripting, malicious file uploads, and even remote code execution, among others.
Vulnerable VPN Appliances at Healthcare Organizations Open Doors for Ransomware Gangs
The increased enterprise VPN use due to the COVID-19 pandemic and the work-from-home shift has not gone unnoticed by ransomware gangs, Microsoft warns. Microsoft has pinpointed several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure and decided to notify them directly about it and offer advice on how to keep safe.
Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity
The global public cloud services market is on track to grow 17% this year, topping $266 billion. However, while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” Hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters. While driving agility, differentiation and growth, this new reality also creates cyber risk.
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
Cybersecurity researchers have uncovered an ongoing new Magecart skimmer campaign that has successfully compromised at least 19 different e-commerce websites to steal payment card details. According to a recent report, RiskIQ researchers spotted a new digital skimmer, dubbed “MakeFrame,” that injects HTML iframes into webpages to phish payment data.
The AWS Service to Focus On – Amazon EC2
Trend Micro recently analyzed the most affected AWS Services, finding that EC2-related issues topped the list with 32% of all issues and S3 contributed to 12% of all issues. While cloud providers offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. In this blog, learn how to secure data and configure environments with AWS best practices.
Wiper Malware Called “Coronavirus” Spreads Among Windows Victims
A new Windows malware has emerged that makes disks unusable by overwriting the master boot record (MBR). It takes its cue from the COVID-19 pandemic, calling itself simply “Coronavirus.” Overwriting the MBR is the same trick that the infamous NotPetya wiper malware used in 2017 in a campaign that caused widespread, global financial damage.
Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
Raccoon Malware as a Service (MaaS) can steal login credentials, credit card information, cryptocurrency wallets and browser information. It can arrive on a system through delivery techniques such as exploit kits, phishing and bundled with other malware. In this blog, Trend Micro investigates campaigns that used exploit kits Fallout and Rig, and observes its use of Google Drive as part of its evasion tactics.
Developing Story: COVID-19 Used in Malicious Campaigns
The COVID-19 pandemic is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware and malicious domains. As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure also increase. Trend Micro researchers are periodically sourcing for samples on COVID-19-related malicious campaigns.
Threat Actors Abuse Evernote, Other Shared Platforms for Credential Phishing
Trend Micro researchers found campaigns that abuse the note-taking platform Evernote to host credential-phishing pages. The campaigns also exploit other shared platforms for editing images, making infographics and charts, and creating brand templates. Evernote’s notebook sharing functionality that uses public links is what threat actors exploited to spread malicious PDF files via phishing emails.
Malicious Domains and Files Related to Zoom Increase, ‘Zoom Bombing’ on the Rise
As the use of video conferencing platforms has increased with many people working from home due to the COVID-19 outbreak, cases of “Zoom Bombing” and malicious domains and files related to Zoom have also been on the rise. Registrations of domains that reference the name of Zoom has significantly increased, and other communication apps such as Google Classroom have been targeted as well.
Russian Investigators Bust Credit Card Fraud Ring
Russian federal investigators have arrested at least 25 people accused of operating a credit card fraud ring, according to a statement released by the Russian Federal Security Service (FSB). Those charged allegedly included a card fraud kingpin and two dozen associates linked to more than 90 websites that sold stolen credit card data and operated internationally.
A recent Microsoft blog reported the tech giant had seen a “775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders.” That line was wrong: the almost 8x increase only pertained to monthly users of the Microsoft’s Teams collaboration platform, and only in a one-month period in Italy, a region of the world particularly impacted by the virus.
Using Zoom? Here’s How to Keep Your Business and Employees Safe
The COVID-19 crisis has sparked a new wave of phishing, BEC, extortion, ransomware and data breach attempts, and although it’s not the only platform being targeted, Zoom has been the subject of some of the highest-profile incidents so far. Fortunately, there are things organizations can do to protect their business and their employees. In this blog, learn about best practices you can use to help secure your Zoom conferences.
Have you or your organization been a victim of “Zoom Bombing”? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: More Than 8,000 Unsecured Redis Instances Found in the Cloud and Wiper Malware Called “Coronavirus” Spreads Among Windows Victims appeared first on .
Cyber-criminals are always looking for new opportunities to make money and steal data. Globally trending events are a tried-and-tested way of doing just this, and they don’t come much bigger than the current Covid-19 pandemic. It’s sparking a wave of phishing, BEC, extortion, ransomware and data breach attempts. And as increasing numbers of global workers are sent home, new opportunities are opening up to compromise video conferencing apps.
Although not alone in being targeted, Zoom has been the subject of some of the highest-profile incidents so far this year. Fortunately, there are things you can do to keep your business safe.
Under the microscope
The video conferencing app is in many ways a victim of its own success. Security concerns have been raised about it in the past, after researchers revealed zero-day flaw in the Mac Zoom client which could have allowed hackers to spy on users via their webcams. Later the same year, separate research revealed an API-targeted enumeration attack affecting the platform. Neither of these are thought to have been exploited in the wild.
However, things have changed today: with much of the world using the platform to hold business meetings and personal video calls, scrutiny of its security posture has never been greater.
From bugs to bombing
There are several risks to be aware of. The first is of several new vulnerabilities discovered in the platform: one of which could allow hackers to steal Windows passwords, and another two which could enable attackers to remotely install malware on affected Macs and eavesdrop on meetings.
Most news coverage, however, is focused on “Zoombombing” — when uninvited users crash meetings. This often happens when large-scale semi-public events are held, and meeting IDs are shared on social media. If there’s no password for the meeting and attendees aren’t screened, then Zoombombers may turn up. Once in the ‘meeting’, crashers often post offensive comments, stream adult content or do other things to disrupt the event.
The same underlying techniques could be used by hackers to eavesdrop on or disrupt business meetings. It’s all about taking advantage of unsecure settings in the app, (and possibly using brute-force tools to crack meeting IDs).
With access to a meeting, hackers could harvest highly sensitive and/or market-critical corporate information, or even spread malware via a file transfer feature.
The final threat is from phishing attacks. Hackers know users are looking en masse for ways to communicate during government lockdowns. By creating legitimate-looking Zoom links and websites, they could steal financial details, spread malware or harvest Zoom ID numbers, allowing them to infiltrate virtual meetings. One vendor discovered 2,000 new domains had been registered in March alone, over two-thirds of the total for the year so far.
What you can do
The good news is that there are several things you can do to mitigate the security risks associated with Zoom.
The most basic are:
|
|
Next, it’s important to revisit those administrative settings in the app, to reduce the opportunities for hackers and Zoombombers.
The most important revolve around the Zoom Personal Meeting ID (a 9-11 digit number every user has). If a hacker gets hold of this, and the meeting is not password protected, they could access it. A leaked email or simple brute-force/guessing techniques could enable a hacker to compromise the ID and associated URL. For reoccurring meetings, the threat persists.
Fortunately, automatically generated passwords are now switched on by default, and the use of personal meeting IDs are switched off, meaning Zoom will create a random, one-off ID for each meeting.
These setting should be kept as is. But organisations can do more, including:
|
|
The post Using Zoom? Here’s how to keep your business and employees safe appeared first on .
The global public cloud services market is on track to grow 17% this year, topping $266 billion. These are impressive figures, and whatever Covid-19 may do short-term to the macro-economy, they’re a sign of where the world is heading. But while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” That is, hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters.
Whilst helping to drive agility, differentiation and growth, this new reality also creates cyber risk. As IT leaders try to chart a course for success, they’re crying out for a more holistic, simpler way to manage hybrid cloud security.
Cloud for everyone
Organizations are understandably keen to embrace cloud platforms. Who wouldn’t want to empower employees to be more productive and DevOps to deliver agile, customer-centric services? But digital transformation comes with its own set of challenges. Migration often happens at different rates throughout an organization. That makes it hard to gain unified visibility across the enterprise and manage security policies in a consistent manner — especially when different business units and departments are making siloed decisions. An estimated 85% of organizations are now using multiple clouds, and 76% are using between two and 15 hybrid clouds.
To help manage this complexity, organisations are embracing containers and serverless architectures to develop new applications more efficiently. However, the DevOps teams using these technologies are focused primarily on time-to-market, sometimes at the expense of security. Their use of third-party code is a classic example: potentially exposing the organization to buggy or even malware-laden code.
A shared responsibility
The question is, how to mitigate these risks in a way that respects the Shared Responsibility model of cloud security, but in a consistent manner across the organization? It’s a problem exacerbated by two further concerns.
First, security needs to be embedded in the DevOps process to ensure that the applications delivered are secure, but not in a way that threatens the productivity of teams. They need to be able to use the tools and platforms they want to, but in a way that doesn’t expose the organization to unnecessary extra risk. Second, cloud complexity can often lead to human error: misconfigurations of cloud services that threaten to expose highly regulated customer and corporate data to possible attacks. The Capital One data breach, which affected an estimated 100 million consumers, was caused partly by a misconfigured Web Application Firewall.
Simplifying security
Fortunately, organizations are becoming more mature in their cloud security efforts. We see customers that started off tackling cyber risk with multiple security tools across the enterprise, but in time developed an operational excellence model. By launching what amount to cloud centers of excellence, they’re showing that security policies and processes can be standardized and rolled out in a repeatable way across the organization to good effect.
But what of the tools security teams are using to achieve this? Unfortunately, in too many cases they’re relying on fragmented, point products which add cost, further complexity and dangerous security gaps to the mix. It doesn’t have to be like this.
Cloud One from Trend Micro brings together workload security, container security, application security, network security, file storage security and cloud security posture management (CSPM). The latter, Cloud One – Conformity offers a simple, automated way to spot and fix misconfigurations and enhance security compliance and governance in the cloud.
Whatever stage of maturity you are at with your cloud journey, Cloud One offers simple, automated protection from a single console. It’s simply the way cloud security needs to be.
The post Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity appeared first on .
If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.
We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!
Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.
While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?
Introducing Rules
If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.
It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?
We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.
What is the Rule?
A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.
Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.
Amazon EC2 Best Practices and Rules
Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:
|
|
See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.
Stay Safe!
The post The AWS Service to Focus On – Amazon EC2 appeared first on .
The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.
This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.
This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.
With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.
Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.
If you click through on a malicious link, the next stage of the attack could:
|
|
Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.
Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.
Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.
Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.
Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.
By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.
With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.
Consider the following:
|
|
We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.
The post COVID-19: How Do I Work from Home Securely? appeared first on .
Google is on track to resume the roll-out of stable Chrome releases next week, but says it will skip one version of the browser.
Last week, the Internet search giant said it was pausing upcoming releases of the browser, following an adjusted work schedule due to the COVID-19 (coronavirus) pandemic, and that both Chrome and Chrome OS releases would be affected.
At the time, the company revealed it would focus on the stability and security of releases, and that it would prioritize security updates for Chrome 80.
Now, Google says it is ready to resume pushing releases to the Stable channel as soon as the next week, with security and critical fixes meant for version 80 of the browser.
Moving forth, the company is planning the release of Chrome 81 in early April, but says it would then jump directly to Chrome 83, which is set to arrive in mid-May, thus skipping Chrome 82.
“M83 will be released three weeks earlier than previously planned and will include all M82 work as we cancelled the M82 release (all channels),” Google said.
This week, the company will resume the Canary, Dev and Beta channels, with Chrome 83 moving to Dev.
“We continue to closely monitor that Chrome and Chrome OS are stable, secure, and work reliably. We’ll keep everyone informed of any changes on our schedule,” the Internet giant said.
The company hasn’t shared any details on when Chrome 84 releases would start arriving, but said it would provide the information in a future update.
Following Google’s announcement last week, Microsoft said it would pause stable Edge releases, to align with the Chromium Project. Today, the Redmond-based tech company announced that Edge build 83.0.461.1 was released to the Dev channel.
“As you can see, this is the first update from major version 83. This is a slight deviation from our normal schedule due to current events,” Microsoft says, adding that version 81 is heading for the Stable channel soon.
Related: Google Patches High-Risk Chrome Flaws, Halts Upcoming Releases
Related: Chrome 80 Released With 56 Security Fixes
Related: Chrome Will Block Insecure Downloads on HTTPS Pages
Copyright 2010 Respective Author at Infosec IslandThis week, we talk Enterprise News, to discuss OWASP Security Knowledge Framework, How to Write an Automated Test Framework in a Million Little Steps, Sumo Logic Selects StackRox to Protect Its Cloud-Native Applications and Services, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, and Windows users under attack via two new RCE zero-days! In our second segment, we welcome Sumedh Thakar, Chief Product Officer at Qualys, to talk about Cybersecurity Challenges Created by a Remote Workforce! In our final segment, we welcome Tod Beardsley, Director of Research at Rapid7, to discuss SMB exposures and User Behavior Analytics failures, using findings from Rapid7 Research Labs!
To learn more about Qualys, visit: https://securityweekly.com/qualys
To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7
Show Notes: https://wiki.securityweekly.com/ESWEpisode177
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest and greatest news across all of our shows on the network, as well as all of the hot topics this week! Doug discusses Zoombombing, Russian Hackers, Zuck turns over the controls to the AIs, free cybersecurity products to help out, Chubb hacked, and more!
Show Notes: https://wiki.securityweekly.com/SWNEpisode22
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Driving digital transformation initiatives while safeguarding the enterprise is a mammoth task. In some aspects, it might even sound counter-intuitive when it comes to opening up IT infrastructure, or converging IT and OT networks to allow external parties such as partners and customers to closely interact with the organization to embrace new business models and collaboration (think cloud applications, APIs, sensors, mobile devices, etc.).
Although new technology is being adopted quickly, especially web frontends, applications and APIs, much of the underlying IT infrastructure as well as the supporting processes and governance models are somewhat legacy, and struggle to keep up.
For its 2020 CISO Benchmark Report, Cisco surveyed some 2,800 CISOs and other IT decision-makers from 13 countries, how they cope with that, and they came up with a number of interesting findings.
Cyber-threats are a global business risk
The World Economic Forum says business leaders view cyber-attacks as the #2 global risk to business in advanced economies, taking a back seat only to financial crises. Not surprisingly,89 percent of the respondents in the Cisco study say their executives still view security as a high priority, but this number is down by 7 percent from previous years.
Nine out of ten respondents felt their company executives had solid measures for gauging the effectiveness of their security programs. This is encouraging, as clear metrics are key to a security framework, and it’s often difficult to get diverse executives and security players to agree on how to measure operational improvement and security results.
Leadership matters
The share of companies that have clarified the security roles and responsibilities on the executive team has risen and fallen in recent years, but it settled at 89 percent in 2020. Given that cyber-security is being taken more seriously and there is a major need for security leaders at top levels, the need to continue clarifying roles and responsibilities will remain critical.
The frequency with which companies are building cyber-risk assessments into their overall risk assessment strategies has shrunk by five percent from last year. Still, 91 percent of the survey respondents reported that they’re doing it. Similarly, 90 percent of executive teams are setting clear metrics to assess the effectiveness of their security programs, although this figure too is down by six percent from last year.
Cloud protection is not solid
It’s almost impossible for a company to go digital without turning to the cloud. The Cisco report found that in 2020, over 83 percent of organizations will be managing (internally or externally) more than 20 percent of their IT infrastructure in the cloud. But protecting off-premises assets remains a challenge.
A hefty 41percent of the surveyed organizations say their data centers are very or extremely difficult to defend from attacks. Thirty-nine percent report that they struggle to keep applications secure. Similarly, private cloud infrastructure is a major security issue for organizations; half of the respondents said it was very or extremely difficult to defend.
The most problematic data of all is data stored in the public cloud. Just over half (52 percent) of the respondents find it very or extremely challenging to secure.Another 41 percent of organizations find network infrastructure very or extremely challenging to defend.
Time-to-remediate scores most important
The Cisco study enquired about the after-effects of breaches using measures such as downtime, records, and finances. How much and how often are companies suffering from downtime? It turns out that organizations across the board issued similar answers. Large enterprises (10,000 or more employees) are more likely to have less downtime (between zero and four hours) because they typically have more technology, money, and people available to help respond and recover from the threats. Small to mid-sized organizations made up most of the five- to 16-hour recovery timespans. Potentially business-killing downtimes of 17-48 hours were infrequent among companies of all sizes.
After a security incident, rapid recovery is critical to keeping disruption and damages to a minimum. As a result, of all the metrics, time-to-remediate (also known as “time-to-mitigate”) scores are the ones most important when reporting to the C-suite or the company’s board of directors, the study concludes.
Automating security is not optional – it’s mandatory
The total number of daily security alerts that organizations are faced with is constantly growing. Three years ago, half of organizations had 5,000 or fewer alerts per day. Today, that number is only 36 percent. The number of companies that receive 100,000 or more alerts per day has risen to 17 percent this year, from 11 percent in 2017. Due to the greater alert volumes and the considerable resources needed to process them, investigation of alerts is at a four-year low: just under 48 percent of companies say they can keep up. That number was 56 percent in 2017, and it’s been shrinking every year since. The rate of legitimate incidents (26 percent) has remained more or less constant, which suggests that a lot of investigations are coming up with false positives.
Perhaps the biggest side-effect of this never-ending alert activity is cyber-security fatigue. Of the companies that report that it exists among their ranks, 93 percent of them receive more than 5,000 security warnings every day.
A sizeable majority (77 percent) of Cisco’s survey respondents expect to implement more automated security solutions to simplify and accelerate their threat response times. No surprise here. These days, they basically have no choice but to automate.
Vigilance pays dividends
Organizations that had 100,000 or more records affected by their worst security incident increased to 19 percent this year, up four percent from 2019. The study also found that a major breach can impact nine critical areas of a company, including operations and brand reputation, finances, intellectual property, and customer retention.
Three years ago, 26 percent of the respondents said their brand reputation had taken a hit from a security incident; this year, 33 percent said the same. This is why, to help minimize damages and recover fast, it’s key to incorporate crisis communications planning into the company’s broader incidence response strategy.
Finally, the share of survey respondents that reported that they voluntarily disclosed a breach last year (61 percent) is the highest in four years.The upshot is that overall, companies are actively reporting breaches. This may be due to new privacy legislation (GDPR and others), or because they want to maintain the trust and confidence of their customers. In all likelihood, it’s both.
In conclusion, the CISO Benchmark report shows a balance of positives and negatives. Organizations are looking to automate security processes to accelerate response times, security leadership is strengthening and setting metrics to improve overall protection, and more breaches are being identified and reported. But there’s still work to be done to embed security into everything organizations do as they evolve their business.
About the author: Marc Wilczek is Chief Operating Officer at Link11, an IT security provider specializing in DDoS protection, and has more than 20 years of experience within the information and communication technology (ICT) space.
Copyright 2010 Respective Author at Infosec IslandWelcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also, read about how hackers are hijacking routers and changing Domain Name System (DNS) settings in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps.
Read on:
Apple iOS Users Served Mobile Malware in Poisoned News Campaign
Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News, uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories.
The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring
Data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest data breach from convenience store and gas station chain Wawa could be one of the largest ever, affecting 30 million card records from customers.
Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic
As the coronavirus pandemic continues, large numbers of organizations have been forced to implement work from home measures for staff. While working from home, employees are more susceptible to cybersecurity threats, especially with a rise in tailored COVID-19 cyber-scams. In this article, read about how Trend Micro and other information security companies have taken steps to offer free resources and support to organizations and employees at this difficult time.
Nefilim Ransomware Threatens to Expose Stolen Data
A new ransomware named Nefilim has been discovered threatening to release its victims’ data to the public if they fail to pay the ransom. It is most likely distributed through exposed Remote Desktop Protocol (RDP), as shared by SentinelLabs’ Vitali Krimez and ID Ransomware’s Michael Gillespie.
Cryptojacking, the theft of computing power to mine digital currency, has been around at least since 2013 – and has shrunk in use dramatically with the death of Monero-mining service Coinhive. Since Coinhive’s closure last year, cryptojacking has been almost eliminated, according to a group of researchers from the University of Cincinnati in America, and Lakehead University in Canada.
Microsoft Alerts Users About Critical Font-Related Remote Code Execution Vulnerability in Windows
Microsoft released a security advisory on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library and comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows.
Credit Card Skimmer Found on Tupperware Website
Cybercriminals hacked Tupperware.com and planted malicious code designed to steal payment card information, Malwarebytes warned this week. The credit card skimmer was planted on the main website and some of its localized versions. The website has nearly one million visitors every month, indicating that hackers may have obtained a significant number of payment card records.
Researchers observed a number of new developments related to the internet of things (IoT) malware Mirai, which actively searches for vulnerabilities in IoT devices. A new Mirai variant named Mukashi was found attacking network-attached storage (NAS) devices, a new vulnerability in GPON routers was exploited by Mirai, and a UPX-packed Fbot variant was detected by a Trend Micro honeypot.
Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
Cybercriminals are hijacking routers and changing Domain Name System (DNS) settings, in order to redirect victims to attacker-controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information stealing Oski malware. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.
Working from Home? Here’s What You Need for a Secure Setup
In response to the ongoing coronavirus outbreak, many companies have rolled out work-from-home arrangements. As a result, there has been an influx of employees signing in remotely to corporate networks and using cloud-based applications, potentially opening doors to security risks. In this blog, Trend Micro shares how security teams and home office users can mitigate the risks that come with remote-working setups.
Russian Hackers Using Stolen Corporate Email Accounts to Mask their Phishing Attempts
In the last year, Russian military intelligence hackers have used previously hacked email accounts to send a wide array of phishing attempts. Feike Hacquebord, senior threat researcher at Trend Micro, explains new research regarding the group known as Fancy Bear, APT28, or Pawn Storm, and how they used hacked emails of high-profile personnel at defense firms in the Middle East to carry out an attack.
Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape
Trend Micro analyzed 2019’s most notable mobile threats to assess the landscape and help users and enterprises reevaluate their measures and practices to defend against future threats. While there was a decrease in certain threats compared to 2018, in 2019 cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline.
Have you seen any COVID-19 related cyber-scams? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps appeared first on .
The corporate endpoint is a constant battle between cybersecurity white hats and criminal attackers. According to one study from the Ponemon Institute, 68% of organizations were victims of an attack on the endpoint in 2019. The risks and costs associated with undetected threats are immeasurable. Organizations need to detect and respond immediately before any significant damage is done.
In order to do this, CISOs must look beyond the endpoint to also include email, servers, cloud workloads and networks. This is the value of Trend Micro’s XDR platform. We heard feedback on this strategy recently, as Trend Micro was named a Leader in The Forrester Wave: Enterprise Detection and Response, Q1 2020.
Under fire and over-stretched
Enterprise IT security teams are under unparalleled pressure. On one hand, they’re bombarded with cyber-attacks on a massive scale. Trend Micro detected and blocked over 52 billion such threats in 2019 alone. On the other hand, they’re facing a range of continuously evolving black hat tools and techniques including fileless malware, phishing, and supply chain attacks, that could lead to data theft and service outages. The stakes couldn’t be higher, thanks to an ever-tightening regulatory regime. All of this must be done with workforce challenges: the current cyber skills shortage for North American firms stands at nearly 500,000 workers.
These are the kinds of challenges facing Trend Micro customer MedImpact Healthcare Systems, the largest privately held pharmacy benefit manager (PBM) in the US. Processing more than one million healthcare claims daily, MedImpact must protect two primary data centers, three call centers staffed 24/7, and multiple private network routing centers — all to the strict compliance requirements of HIPAA, PCI DSS and other regulations.
As Frank Bunton, VP, CISO for MedImpact knows, effective endpoint detection and response (EDR) is vital to modern organizations. “EDR accelerates the threat analysis process so we can get to the solution faster,” says Bunton. “Speed to resolution is critical because we see attacks every day on just about every network.”
But MedImpact is similar to a lot of other organizations today in that it also appreciates the need to go beyond the endpoint for critical cross-layer detection and response. “XDR gives us the added confidence that our organization is protected on all fronts. If an endpoint detects a problem, it automatically uploads the suspect object to a tool that analyzes that problem and fixes it. By the time we are aware of an issue, the issue is resolved. There is no way we could manage this much information without extended security automation,” says Bunton.
The future is XDR
This is where XDR comes in. It has been designed to look not just at endpoint detection and response, but also to collect and correlate data from across the organization, including: email, endpoint, servers, cloud workloads, and networks. With this enhanced context, and the power of our AI and expert security analytics, the platform is able to identify threats more easily and contain them more effectively.
This matters to organizations like MedImpact, whose key challenge was “finding security solutions that could communicate with each other and share valuable data in real time.” XDR has visibility across the entire IT environment to detect earlier and with more confidence. It provides a single source of the truth and delivers fewer higher-fidelity alerts to enhance protection and maximize limited IT resources.
But don’t just take our word for it. Forrester gave us a perfect score for product vision, security analytics, performance, market presence and much more. “Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively threat hunting,” the report concluded.
To find out more… check out the Forrester report on leaders in this space.
Learn more from MedImpact’s success story.
The post Riding another wave of success for our multi-layered detection and response approach appeared first on .
This week, we welcome David Walter, Vice President, RSA Archer and RSA Cloud at RSA Security, to discuss Compliance Risk Challenges! In our second segment, we welcome Kevin Haynes, Chief Privacy Officer at Nemours Children's Health System, to talk about Nemours' use of RSA Archer to manage Compliance Risk!
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
Show Notes: https://wiki.securityweekly.com/SCWEpisode22
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss Protect Your Assets According to Their Value! In the Leadership and Communications segment, Matt, Jason, and Paul discuss Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!
To learn more about ExtraHop, visit: https://securityweekly.com/extrahop
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings you the latest news for this week, including Zoombombing, Zero Days at Microsoft, AI Takes charge at Facebook, and COVID-19! In the Expert Commentary, we welcome Daniel Hampton, Sr. Technical Account Manager at Signal Sciences, to talk Working Smarter and Not Harder!
To learn more about Signal Sciences or to request a demo, visit: https://securityweekly.com/signalsciences
Show Notes: https://wiki.securityweekly.com/SWNEpisode21
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.
But what about the firms that we entrust to handle our data securely?
Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.
What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.
Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.
What happened this time?
Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.
The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.
They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).
How does it affect me?
Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.
However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.
Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.
What should I do next?
This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.
Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?
Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.
Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:
Step 1: Dark web monitoring works
To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.
This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.
Step 2: Password protection
Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.
This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.
Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:
|
|
How Trend Micro can help
Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:
Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.
Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.
Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.
Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.
In the end, only you can guard your identity credentials with vigilance.
The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .
This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster!
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Show Notes: https://wiki.securityweekly.com/ASWEpisode101
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Corey Thuen, Founder and CEO of Gravwell, to discuss Zen and The Art of Logs In the Cloud! In our second segment, we welcome back Peter Smith, Founder and CEO of Edgewise, to discuss How remote users and administrators can work securely from home! In the Security News, Authorities Helpless as Crypto-Currency Scams Rock Nigeria, C.S. Lewis on the Coronavirus, Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, DDoS attack on US Health agency part of coordinated campaign, A cyberattack hits the US Department of Health and Human Services, and more!
Show Notes: https://wiki.securityweekly.com/PSWEpisode644
To learn more about Gravwell, visit: https://securityweekly.com/gravwell
To learn more about Edgewise, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug White brings to you the Security Weekly News Wrap Up, with the hot topics across all of our shows, including, Pornhub has Italians singing from balconies, The Senate renews surveillance rules, Drobo hacks, Google Cloud bug bounties, all the show wrapups, and COVID-19
Show Notes: https://wiki.securityweekly.com/SWNEpisode20
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about tips you can use to secure your home office. Also, read about how Magecart Group 8 targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers.
Read on:
As COVID-19 continues to impact individuals, families, communities and businesses around the world, Trend Micro has taken action to ensure that the COVID-19 crisis does not impact the customer experience of its products or services. In this blog from Trend Micro’s chief operating officer, Kevin Simzer, learn about the steps that Trend Micro is taking to not only ensure employee safety, but to continue to deliver exceptional customer service.
RDP-Capable TrickBot Targets Telecoms Sectors in U.S. and Hong Kong
A recently discovered TrickBot variant targeting organizations in telecoms, education and financial services in the United States and Hong Kong includes a module for remote desktop protocol (RDP) brute-forcing, Bitdefender reports. The malware has mostly been distributed through spam emails but was also linked to infections with other malware.
How to Stay Safe as Online Coronavirus Scams Spread
Unfortunately, it’s extraordinary global events like COVID-19 that cyber-criminals look for in order to make their schemes more successful. As organizations enforce remote working to reduce the impact of the virus, many will be logging-on from home or mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
DDoS Attack Targets German Food Delivery Service
Cybercriminals have launched a distributed denial-of-service (DDoS) attack against German food delivery service Takeaway.com (Liefrando.de), demanding two bitcoins (about $11,000) to stop the flood of traffic. Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service. The attack has now stopped, according to a report from BleepingComputer.
Suddenly Teleworking, Securely
Telework is not a new idea and a good percentage of the workforce already does so. But the companies who have a distributed workforce had time to plan for it, and to plan for it securely. This event can’t be treated like a quick rollout of an application: there are business, infrastructure, and customer security impacts. In this blog from Trend Micro’s vice president of cybersecurity, Greg Young, learn how to set yourself up for secure remote work success.
COVID-19: With Everyone Working from Home, VPN Security Has Now Become Paramount
With most employees working from home amid today’s COVID-19 (coronavirus) outbreak, enterprise VPN servers have now become paramount to a company’s backbone, and their security and availability must be the focus going forward for IT teams.
New Ursnif Campaign Targets Users in Japan
Trend Micro researchers recently detected a new Ursnif campaign targeting users in Japan. The malware is distributed through infected Microsoft Word documents coming from spam emails. Ursnif, also known as Gozi, is an information stealer that collects login credentials from browsers and email applications. It has capabilities for monitoring network traffic, screen capturing, and keylogging.
Trend Micro’s David Sancho on Criminals’ Favorite IoT Targets
In this video, Trend Micro Senior Researcher David Sancho speaks with CyberScoop Editor-in-Chief Greg Otto about his 2020 RSA Conference presentation, which looked at where criminals are infecting Internet of Things targets.
New Variant of Paradise Ransomware Spreads Through IQY Files
Internet Query Files (IQY) were used to deliver a new variant of Paradise ransomware, as reported by Last Line. The said file type has not been associated with this ransomware family before. In the past, IQY files were typically used in other malware campaigns, such as the Necurs botnet that distributes IQY files to deliver FlawedAmmy RAT.
Magecart Cyberattack Targets NutriBullet Website
Magecart Group 8 targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a post that a JavaScript web skimmer code was first inserted on the website of the blender retailer on Feb. 20, specifically targeting the website’s checkout page.
The IIoT Threat Landscape: Securing Connected Industries
The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows for smart factories, smart cities, connected cars, and other smart environments.
What are you doing to secure your home office devices? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: How to Stay Safe as Online Coronavirus Scams Spread and Magecart Cyberattack Targets NutriBullet Website appeared first on .
This week, we talk Enterprise News, to talk about Fortinet Introducing Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! In our second segment, we air two pre recorded interviews with Mehul Revanker of SaltStack and Utsav Sanghani of Synopsys from RSAC 2020! In our final segment, we air two more pre recorded interviews from the RSAC2020, with Kevin Gallagher of Netsparker and Mark Ralls of Acunetix!
To request a demo with SaltStack, visit: https://securityweekly.com/saltstack
To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys
To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix
To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Stephen Black, InfoSecWorld 2020 Speaker and Visiting Professor of Cyberlaw at the University of Houston, to discuss Where the Law Thinks Your Data Lives! In the Leadership and Communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode166
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Matt Allen from VIAVI Solutions! The SCW crew discusses compliance requirements and SecOps frameworks like NIST - checking boxes rather than a holistic view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA s theme this year: the human factor . Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources.
Show Notes: https://wiki.securityweekly.com/SCWEpisode21
To learn more about VIAVI Solutions, visit: https://securityweekly.com/viavi
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.
This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.
As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
Here’s a quick guide to the key online threats and security tips:
Phishing for trouble
Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.
Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.
The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.
Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.
Watch out for these scams
The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:
‘Official’ updates
Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.
Coronavirus map
Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.
Corporate updates
Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.
Donations
Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.
Click here for a cure
One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.
Tax refunds
In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.
How to stay safe
The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:
|
|
How Trend Micro can help
Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:
Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.
Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.
To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.
The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .
This week, Doug White talks Plague surveillance coming soon, the US government is worried about cryptocurrency, dbags attack the HHS, and new attacks on Android phones! Jason Wood delivers the Expert Commentary on Coronavirus Phishing Scams!
Show Notes: https://wiki.securityweekly.com/SWNEpisode19
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!
Show Notes: https://wiki.securityweekly.com/ASWEpisode100
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
FreshRSS 