Security News
BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.
People may envision different things - a beach, a hike through the woods, a family meal - but most cybersecurity teams are dreaming of what I like to call Cyberlandia: the optimum state of cyber readiness, with happy employees who feel empowered to face whatever threats they encounter. During this pandemic, cybersecurity teams may be feeling like Cyberlandia is an impossible destination.
Several weeks ago, Google, which was seeing around 18 million pandemic-themed malware or phishing messages per day, revealed that nation-backed hackers were targeting healthcare organizations and those engaged in the fight against the coronavirus pandemic. Today, the US Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the United Kingdom's National Cyber Security Centre warned that APT groups are "Actively targeting organizations involved in both national and international COVID-19 responses."
Apple and Google will ban location-tracking by apps using their new coronavirus contract-tracing API, newly renamed ExposureNotification. In a set of guidelines [PDF] for the API released today, the companies said that developers will not be able to access or even seek permission to access location data using the app.
TechRepublic's Karen Roby talks with Dr. Nancy Schreiber, provost and vice president for academic affairs, and Irving Bruckstein, CIO, of Salve Regina University in Rhode Island, about the process of switching to online learning during the COVID-19 pandemic and the security concerns that come with students learning from home. For synchronous learning, we transitioned our video conferencing tool, which is a very secure and highly scalable tool from Cisco, Webex, to use for synchronous learning.
A new report from researchers with Palo Alto Networks' Unit 42 found that more than 86,600 domains of the 1.2 million newly registered domain names containing keywords related to the COVID-19 pandemic from March 9, 2020 to April 26, 2020 are classified as "Risky" or "Malicious." Unit 42's Jay Chen wrote a study analyzing all new domain names containing keywords related to the COVID-19 pandemic and found that the United States, Germany, Russia and Italy had the highest number of malicious coronavirus domains. On average, Chen found that 1,767 malicious COVID-19-themed domains were created every day between March 9, 2020 to April 26, 2020, and of the 86,600-plus domains, 2,829 domains hosted in public clouds were found to be "Risky" or "Malicious." Nearly 80% were hosted on Amazon Web Services, about 15% on Google Cloud Platform, 6% on Azure and less than 1% on Alibaba.
Gould also told Parliament's Human Rights Committee that data harvested from Britons through NHSX's COVID-19 contact tracing app would be "Pseudonymised" - and appeared to leave the door open for that data to be sold on for "Research". Key to those is a big green button that the user presses to send 28 days' worth of contact data to the NHS. Written by tech arm NHSX, Britain's contact-tracing app breaks with international convention by opting for a centralised model of data collection: all the contact-tracing data is kept under one roof in one central government database.
The success of contact tracing apps will then depend on the overall active uptake by users, and whether the big data analysts have got their figures right. "Numerous vulnerabilities have been discovered like BlueFrag, which affected IOS and Android." He also warns, "Contact tracing apps need to be regularly tested for vulnerabilities and critical updates must be deployed immediately. These apps must also be prohibited from activating smart assistants. People must limit the location settings to run only when approved and when in use."
A new report from Kaspersky found that cybercriminals are using the increase in delivery demand to push convincing phishing emails into thousands of inboxes. "The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping statuses. Recently, we have observed a number of fake sites and emails supposedly from delivery services exploiting the coronavirus topic," Kaspersky Lab anti-spam analyst Tatyana Shcherbakova wrote in a blog post.
Threat actors are using people's interest in the Department of Labor's Family and Medical Leave Act to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently. "Users infected with the TrickBot Trojan will see their device become part of a botnet that can allow attackers to gain complete control of the device," Via, along with IBM X-Force co-authors David Bryant and Limor Kessem, wrote in the post.