ZERO DAYS ARE USED EXTENSIVELY TO CREATE CHAOS

Term of the month: Zero-Day vulnerability Is a flaw in any software of hardware that isn’t known to the vendor and can be exploited. It’s dangerous since it can be remedied and becomes know only after the first attack has happened and the damage is already done. The name refers that it has been 0 days to fix the issue.

BRIEF UPDATE The biggest story of the past month is the MS Exchange hack that has affected hundreds of thousands of organizations around the world and used a zero day exploit. Patch was released 02.03.2021 but already breached organisations may still be vulnerable through planted backdoors. Acer was the target of a ransomware attack with the larges know ransom to date of $50,000,000, the threat included leaking of financial data and might be connected to the Exchange hack earlier this month. NFIB reports that cyber criminals have made £34.5 million through COVID related scams in the UK, but succeeded in arresting 156 people associated with the frauds. The FBI received 69% more complaints then last year relating to cybercrime with the reported losses exceeding $4.1 billion with half of them being related to business e-mail compromise. Vodafone got fined €8.1 million for repeated data protection failures and aggressive telemarketing tactics by the Spanish data protection authority this comes after the €12.25 million fine from Italian authorities. Department for Digital, Culture, Media and Sport released a report that shows a worrying trend of companies and charities using less protective cyber security measures with only 52% of businesses having at least one cyber security measure in place. Googles Threat Analysis Group and bug-hunting team found 11 zero-day vulnerabilities used by a Western government conducting counterterrorism operations over the span of 9 months. The exposure raises the question of vulnerability disclosure by “friendly” governments covert activates.

CYBER SECURITY IN THE NEWS

• Exchange email hack: Hundreds of UK firms compromised

• "Hack everybody you can": Massive Microsoft Exchange breach

• Computer giant Acer hit by $50 million ransomware attack

• Hackers have raked in £34.5 million from COVID-related scams

• FBI: Over $4 billion lost to cyber crime in 2020

• Vodafone Spain fined £7 million for repeated GDPR breaches

• Half of UK businesses had no security policies in place in 2020

• Prolific hackers hosed by Google were a counterterrorism operation

• Corporate doxing is on the rise

• Ransomware: Why we're now facing a perfect storm

• Android spyware disguised as 'system update' app discovered