Lookout, Inc., the leader in mobile security, today released its 2020 Mobile Phishing Spotlight Report that reveals there was a 37 percent increase worldwide in enterprise mobile phishing encounter rate between the fourth quarter of 2019 and the first quarter of 2020. The report also shows that unmitigated mobile phishing threats could cost organisations with 10,000 mobile devices as much as $35 million per incident, and up to $150 million for organisations with 50,000 mobile devices. The report highlights the different methods cybercriminals use to make their mobile phishing campaigns more lucrative, and provides data on global encounter rates and the potential financial risk per incident. The phishing…
ISBuzz Team
Researchers have discovered that threat actors are targeting users by leveraging Google’s cloud infrastructure to infect them with malware, according to Cyware. In these campaigns, threat actors utilize the Google Cloud infrastructure service to conduct phishing by attaching Google firebase storage URLs in phishing emails. Most of the themes for the lures include payment invoices, account verifications, upgrading email accounts, change-password emails, and much more. Once the targets click on the Firebase link, they land on a supposed login page and are required to enter their credentials, which are shared with the cybercriminals.
As reported by the BBC, a gang demanded an £800,000 Bitcoin ransom in a cyber attack on a firm owned by Kent County Council, and leaked its data on the dark web. Kent Commercial Services (KCS) delivers services and supplies to public authorities, including protective equipment during the Covid-19 crisis. No ransom was paid and no personal data relating to taxpayers was stolen, Stolen data that went on the dark web contained business and corporate information relating to business activities of KCS, based in Aylesford. It took the company over four weeks to get the majority of systems back online with…
Following the news that Octopus Malware, a new form of attack, has compromised 26 OSS projects on GitHub, please find commentary from an industry expert.
According to ZDNet, Joomla, an open source content management system for publishing web content, has recently suffered a data breach. The breach occurred due to an unencrypted backup of the JRD portal on a private AWS S3 bucket. The leaked backup file contained details for about 2,700 registered users and includes PII such as full names, addresses, email addresses, phone numbers, IP addresses and hashed passwords. While most of the information was already public, the loss of passwords, regardless of encryption level is still incredibly risky and can lead to a rise in credential stuffing.
Software-defined networking (SDN) has moved up the enterprise IT agenda in recent years. And it’s easy to see why – in theory, SDNs are far quicker and easier to control and alter than traditional networks. By using open protocols to apply controls from the network edge, SDNs enable network engineers to shape traffic from a single centralized console, rather than working with individual switches across the network. In turn, this makes software-defined networks far more agile than traditional networks, with opportunities for automatic load balancing, streamlined processes, on-demand provisioning of new applications and traffic flows – in short, a network…
A new study from Tessian, The State of DLP (data loss prevention) 2020 (links are below) finds that “over half of WFH employees they can get away with riskier behavior when working outside the office” and that “security training doesn’t seem to be curbing the problem of data loss.” Cybersecurity experts offer perspective.
The NHS Test & Trace scheme is already being exploited by cybercriminals, with a new smishing (SMS-phishing) attack telling citizens that they have been in contact with someone who has COVID-19. An example of the text message is below. These kinds of fake text messages typically include a link to a malicious site, or will ask the receiver to share personal information that could then be used to commit identity fraud. https://twitter.com/theballisround/status/1265916723464634368 NHS has written specific guidelines on how they will contact people in the Test & Trace scheme, which can be found here.
According to Teiss, the rise of online shopping due to the COVID-19 pandemic has led to cybercriminals establishing dozens of fake websites that impersonate the domains of popular UK supermarket chains. This is serious cybersecurity hazard for those that are most at risk.
As reported by Neowin, the UK government has announced the launch of a £400,000 fund to help boost the security of internet-connected products. Innovators will be able to apply to develop assurance schemes which demonstrate that a device has gone through independent testing or an accredited self-assessment process. The schemes will help consumers decide which products are the most secure. According to research that the government cited in its announcement, there will be more than 75 billion internet-connected devices around the world by the end of 2025.