INCREASE IN COVID-19 ASSOCIATED SCAMS
Term of the month: Advanced Persistent Threat Groups (APT) Like most threat actors APT-s try to steal data, disrupt or destroy organisations through gaining access to a system or a network. The main difference is that APT-s are backed and work for Nation States. That gives them access to resources, tools and expertise making them harder to detect.
BRIEF UPDATE Following availability of vaccines, world-wide warnings emerging about scams, in addition to those previously reported. These include offers of fake ‘free from COVID-19’ certificates, ‘I have been vaccinated’ and false travel requirements documents. Security of social media sites and emails is in the news: due to backlash, WhatsApp forced to delay implementation of terms allowing it to share data with Facebook without express permission. Facebook’s dispute with Apple over its intention to implement its Tracking Transparency Tool (ATT) in the spring is heading for a legal battle. It would require express user consent before their apps track their activity. Apple has released fixes against 3 vulnerabilities potentially allowing remote code execution. Wormable Android malware spreading through WhatsApp, posing as Huawei app with fake Play Store link. Google has patched vulnerability of StrandHogg2.0 flaw to hijacking of any Android app. New Android malware ‘Rogue’ emerging, which performs device takeover, data exfiltration and sale. Check Point reports that Emotet trojan was most dangerous malware in 2020, targeting over 100k users per day in Dec. Europol reports it has ‘taken down’ Emotet, but it may re-emerge. Microsoft remains the most-spoofed brand for second quarter in a row, with 43% of all brand phishing attempts in Q4. In good news, iOS 14 has protective layer sandboxes to protect users from malicious iMessage vulnerability. Ransomware attacks are increasing, with the fastest-spreading, Ryuk, earning more than $150m and currently attacking health-care organisations. British insurers hit back at criticism of firms that pay ransomware demands.
CYBER SECURITY IN THE NEWS
Accounting firm MNP hit with cyberattack
Juspay has reported a data leak of over 100 million debit and credit cardholders
Hacker Locks Internet-Connected Chastity Cage, Demands Ransom
Hacker posts 1.9 million Pixlr user records for free on forum
Ransomware operators are using DDoS attacks as leverage
WhatsApp worm spreading Android malware
Britain Helps Children Learn From Home By Procuring Them Laptops Preloaded With Russian Malware
macOS malware used to mine cryptocurrency avoids detection for five years
Fake collaboration apps are stealing data as staff struggle with home-working security
Human factor dominates Australia’s latest data breach numbers