Security News

According to new findings from Check Point Software, healthcare organizations have seen a 45-percent increase in cyberattacks since November, which is more than double other industry sectors, with an average 22-percent increase. Researchers said these attacks include botnets, remote code execution and DDoS, but it's ransomware that's really become the weapon-of-choice against healthcare organizations.

The average number of weekly attacks in the healthcare sector reached 626 per organization in November as opposed to 430 the previous month, with attack vectors ranging from ransomware, botnets, remote code execution, and distributed denial-of-service attacks. Ransomware attacks against hospitals also marked their biggest jump, with Ryuk and Sodinokibi emerging as the primary ransomware variants employed by various criminal groups.

Report finds that over half the malware attacks in Q3 could bypass signature-based malware protection. WatchGuard's latest Internet Security Report finds that cybercriminals shifted their focus to network attacks and sending malware over encrypted channels during the third quarter.

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

The vulnerability - which enables attackers to inject client-side scripts into web pages viewed by other users - earned hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws, according to the report. In total, organizations paid ethical hackers $23.5 million in bug bounties for all of these flaws this year, according to HackerOne, which maintains a database of 200,000 vulnerabilities found by hackers.

India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware. Though malware hit fewer numbers, it remains a more critical issue in India - reports almost 2x times Malware issues than the global average.

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims' computer resources to mine the Monero virtual currency. Researchers warn that Lemon Duck is "One of the more complex" mining botnets, with several interesting tricks up its sleeve.

Cybercriminals are tapping into Amazon's annual discount shopping campaign for subscribers, Prime Day, with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March, according to a Thursday report from Bolster Research.

As the UK heads into a troubling second wave of coronavirus cases, those in contact with thousands of people who just tested positive for COVID-19 in England went about their lives for up to a week unaware they had rubbed shoulders with a carrier. The under-reporting was widely reported to be down to the use of Microsoft's Excel spreadsheet program in transferring test results from labs to the health service to total up.

GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year gets under way. NCSC sent advice to places of learning "Containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.