EXPLOSION IN RANSOMWARE ATTACKS

Term of the month: Social Engineering Social engineering is the manipulation of people to divulge confidential information or get access to places they haven’t got a legitimate reason to be in. These scams tend to lure unsuspecting by playing with the target's emotions (Fear, trust, greed etc.) Attacks can happen online, in-person, and via other interactions.

BRIEF UPDATE IBM reports that ransomware attacks ‘exploded’ in June, with twice as many as the previous month. It is clear that this trend is still accelerating, both in number of attacks and of ransom demanded, often as much as $40M. MS warns of continuously evolving Android ransomware ‘MalLocker B’. Ryuk ransomware (linked to Russian cyber crime) victims include Universal Health Service, affecting 400 hospitals in US, French IT giant Sopra Stenia and a London District council. A ransomware attempt to disrupt US election by Trickbot has been avoided, although it remains a major threat to healthcare, particularly following the COVID-19 crisis. A hacker failed in attempt to ransomware Vastaam Clinics (Finland), but a ransom of €200 is now demanded from its 40,000 individual patients. US Treasury reports that paying cash to hackers overseas can be illegal under economic sanctions, and offenders may face prosecution. Botnet attacks continue and have hacked Tenda IoT routers (Miral) and CMS platforms (KashmirBlack). Microsoft 365 global outages have occurred 3 times in Oct, affecting many applications including Teams – particularly serious as it affects so many home workers. Increases in cyber attacks have resulted in a sharp increase in patches and warnings from ISPs and Apps. Google fixed 35 flaws in Chrome and 50 in Android, Adobe fixed 9 Magneto vulnerabilities (2 critical). SonicWall VPN patched a critical vulnerability which could allow DDoS. EU Court declares that UK ‘mass surveillance’ regime is illegal; and UK also faces legal action over ‘Test and Trace’ data retention. H&M (Germany) fined €35M for GDPR violations, and Irish data regulator launches GDPR probe into Instagram.

CYBER SECURITY IN THE NEWS

• US Sanctions Russian Government Center for Creating ‘Triton’ Malware

• Patients in Finland blackmailed after therapy records were stolen by hackers

• Almost "invisible" malware used for cyber espionage

• New Android malware marks the latest evolution of mobile ransomware

• Google improves malware protection for users most likely to be attacked

• One of Google's Go-To Law Firms Hit With Data Breach

• Russian Turla hackers breach European government organization

• Hackers Leak Swedish Security Firm's Data

• French IT Services Firm Confirms Ryuk Ransomware Attack

• The Russian Hackers Playing 'Chekhov's Gun' With US Infrastructure

• Waterbear malware used in attack against government agencies