Security News

According to Gartner, cloud adoption will only accelerate as we move into 2021, with cloud services revenue climbing more than 19%. However, all of this change creates a totally different set of work streams and security challenges. Organizations must assess what controls cloud services providers offer in order to understand the security risks and challenges.

Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. "When Quickbooks is on a file server, you are required to use a Quickbooks Database Server Manager, the report said."When carrying out a repair, file permissions are reset and the 'everyone' group is added to the permission.

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using "Malformed URL prefixes" to evade protections and deliver phishing emails that look legit. Typosquatting is a common phishing email tactic where everyday business names are mispelled, like "Amozon.com" - to try and trick unobservant users into clicking.

When it comes to paying the ransom in a ransomware attack, demands are on the rise. Pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote global workforce all colluded to make the last 12 months particularly brutal for information-security professionals, according to the report.

In a series of posts on Twitter, Microsoft on Tuesday warned of an uptick in gift card-themed business email compromise attacks targeting K-12 school teachers by impersonating their colleagues. "We detected a recent spike in business email compromise attacks soliciting gift cards primarily targeting K-12 school teachers. Attackers impersonate colleagues or school officials to ask recipients to purchase various gift cards," Microsoft Security Intelligence warned.

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission, which received about 1.4 million reports of identity theft last year, according to a blog post published Monday, when the commission kicked off its annual "Identity Theft Awareness Week.".

According to new findings from Check Point Software, healthcare organizations have seen a 45-percent increase in cyberattacks since November, which is more than double other industry sectors, with an average 22-percent increase. Researchers said these attacks include botnets, remote code execution and DDoS, but it's ransomware that's really become the weapon-of-choice against healthcare organizations.

The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups.

Report finds that over half the malware attacks in Q3 could bypass signature-based malware protection. WatchGuard's latest Internet Security Report finds that cybercriminals shifted their focus to network attacks and sending malware over encrypted channels during the third quarter.

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.