Security News

Bad actors matched their cyber attack strategy with the increasing uncertainty of the coronavirus epidemic, according to a new analysis from Mimecast. Over the 14 weeks that Mimecast analyzed, detections increased during seven weeks, decreased during five weeks, and showed no change during two weeks.

Cybercriminals have taken notice as well, increasingly lacing popular movie torrents with dangerous malware that can damage your device. In a recent thread on Twitter, Microsoft Security Intelligence wrote at length that the team saw malware attached to torrents for popular "John Wick 3" and "Contagion" in Spain, Mexico, and a number of South American countries.

These restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe - derisively referred to as "Reshipping mules" - to receive and relay high-dollar stolen goods to crooks living in the embargoed areas. Still, every dark cloud has a silver lining: Intel 471 noted many cybercriminals appear optimistic that the impending global economic recession "Will make it easier to recruit low-level accomplices such as money mules."

A new report from BleepingComputer found that cybercriminals are selling and trading the credentials for more than 500,000 Zoom accounts associated with companies like Chase and Citibank as well as schools like Dartmouth College, the University of Florida, and the University of Vermont. Earlier this month, a report from cybersecurity firm IntSights by cyber threat analyst Charity Wright and chief security officer Etay Maor found that there has been increased chatter across the dark web about ways to take advantage of the increased usage of Zoom globally.

NormShield researchers looked for websites using the names of 10 commonly discussed drugs over the last several months. While the number of phishing domains catapulted for chloroquine and azithromycin in particular, domain names containing the eight other drugs increased as well.

As these industries evolve and become more digitized, attackers have the opportunity to access more data than ever before. Wipers continue to trend upward as adversaries begin to realize the futility of purely destructive attacks.

As more people have been forced to work or stay at home due to the coronavirus , there's been a much greater reliance on virtual meeting software to communicate with co-workers, colleagues, friends, and family. As cybercriminals have been exploiting all aspects of COVID-19 for their own nefarious purposes, so too have they been taking advantage of virtual meeting apps to spread malware.

Since January, the two longtime cybersecurity experts have looked at how cybercriminals, ransomware groups, and several nation state actors quickly became involved in coronavirus-themed attacks, leveraging fears about the virus to steal money and information from thousands of people. Cybercriminals have also expanded attacks to take advantage of the fact that most countries are under quarantine, forcing millions to now work from home.

Recent studies have shown that cybercriminals building phishing sites now use SSL as well, complicating efforts by enterprises to keep their employees safe. The Menlo Security research revealed that while 96.7% of all user-initiated web visits are being served over https, only 57.7% of the URL links in emails turn out to be https, which means that web proxies or firewall will be oblivious to the threats unless enterprises turn on SSL inspection.

Linux malware is real and Advanced Persistent Threat groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry. The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans the cybercriminals are using to get and maintain access to Linux servers.