Security News

Radware noted that cybercriminals use bots in many ways: Sophisticated bots built to circumvent security measures and take over user accounts by mimicking human behavior; denial-of-service bots that prevent online checkouts or take down specific pages; bots built for mobile environments; those that exploit vulnerabilities in applications and APIs; and custom, targeted bots that are built to attack specific companies or competitors. "Bot developers now use JavaScript and HTML5 web technologies to enable bots to leverage full-fledged browsers. The bots are programmed to mimic human behavior when interacting with a website or app to move the mouse, tap and swipe on mobile devices and generally try to simulate real visitors in order to evade security systems."

Fears over data leaks from remote workers are not only founded, they're much worse than anticipated, said the International Association of IT Asset Managers. The International Association of IT Asset Managers is warning that at-home work due to the COVID-19 pandemic is leading to a spike in data breaches that's greater than anticipated.

At the end of March 2020, researchers detected a spike in the number of firms potentially compromised each week. "Analysts looking for an increase in the number of compromised IPs or an increase in the number of observed compromises per IP will not see a marked increase," commented Lari Huttunen, senior analyst with Arctic Security.

Victims of ransomware attacks now face a double whammy of headaches. The ransomware tactic, call "Double extortion," first emerged in late 2019 by Maze operators - but has been rapidly adopted over the past few months by various cybercriminals behind the Clop, DoppelPaymer and Sodinokibi ransomware families.

Researchers are warning of an upward surge in social-engineering lures in malicious emails that promise victims financial relief during the coronavirus pandemic. This latest trend shows cybercriminals continuing to look to the newest developments in the coronavirus saga as leverage for phishing campaigns, targeted emails spreading malware and more.

There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims," the company said.

The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: "The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals," Costin Raiu, researcher at Kaspersky, told Threatpost. As for the "Why" of the attack, which was thwarted, Raiu said that information about remediation for coronavirus - such as cures, tests or vaccines - would be invaluable to any nation-state's intelligence officials.

Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users.

38 million consumer health records have been exposed so far in 2019.

The healthcare industry has been overwhelmingly targeted by Trojan malware during the last year, which increased by 82 percent in Q3 2019 over the previous quarter, according to Malwarebytes. The...