Security News

GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year gets under way. NCSC sent advice to places of learning "Containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.

The COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things devices seeing sharp increases in the U.S. for the first half of the year. According to SonicWall's 2020 Cyber Threat Report ransomware attacks are up, particularly in the U.S., where they have more than doubled year-over-year.

Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years - a 2.5 times greater total than in 2018. According to Tessian, out of the 60 percent of universities that do have DMARC in place, the DMARC policies have not been set up to quarantine or outright reject any emails from unauthorized senders using its domains.

Bad actors matched their cyber attack strategy with the increasing uncertainty of the coronavirus epidemic, according to a new analysis from Mimecast. Over the 14 weeks that Mimecast analyzed, detections increased during seven weeks, decreased during five weeks, and showed no change during two weeks.

Riddle: What do you get when you cross the COVID-19 quarantine with bored kids, heart-melting online ads for floppy-eared spaniel puppies, and online ordering? The Better Business Bureau last week raised the alarm on what it says is a spike in online puppy scams it's seeing now that the pandemic has so many people stuck at home, wistfully imagining that it's the perfect time to train and bond with a little fluff ball.

Radware noted that cybercriminals use bots in many ways: Sophisticated bots built to circumvent security measures and take over user accounts by mimicking human behavior; denial-of-service bots that prevent online checkouts or take down specific pages; bots built for mobile environments; those that exploit vulnerabilities in applications and APIs; and custom, targeted bots that are built to attack specific companies or competitors. "Bot developers now use JavaScript and HTML5 web technologies to enable bots to leverage full-fledged browsers. The bots are programmed to mimic human behavior when interacting with a website or app to move the mouse, tap and swipe on mobile devices and generally try to simulate real visitors in order to evade security systems."

Fears over data leaks from remote workers are not only founded, they're much worse than anticipated, said the International Association of IT Asset Managers. The International Association of IT Asset Managers is warning that at-home work due to the COVID-19 pandemic is leading to a spike in data breaches that's greater than anticipated.

At the end of March 2020, researchers detected a spike in the number of firms potentially compromised each week. "Analysts looking for an increase in the number of compromised IPs or an increase in the number of observed compromises per IP will not see a marked increase," commented Lari Huttunen, senior analyst with Arctic Security.

Victims of ransomware attacks now face a double whammy of headaches. The ransomware tactic, call "Double extortion," first emerged in late 2019 by Maze operators - but has been rapidly adopted over the past few months by various cybercriminals behind the Clop, DoppelPaymer and Sodinokibi ransomware families.

Researchers are warning of an upward surge in social-engineering lures in malicious emails that promise victims financial relief during the coronavirus pandemic. This latest trend shows cybercriminals continuing to look to the newest developments in the coronavirus saga as leverage for phishing campaigns, targeted emails spreading malware and more.