Warning! Windows 10 Fake Update is Actually Ransomware
Microsoft never sends updates via email. Many folks don’t know that, which is why a new ransomware campaign masquerading as a Windows 10 update is so pernicious. You may have already gotten a fake notice saying “Install Latest Microsoft Update Now!” Or “Critical Microsoft Windows Update!”, with the body of the message asking you to…
Attacks on Healthcare Jump 60% in 2019 – So Far
Cybercriminals are increasingly targeting hospitals, doctors’ offices, and other healthcare organizations, with attacks using Trojan malware climbing by 82% between the second and third quarters of this year. Cyberattacks against healthcare organizations jumped 60% in the first nine months of the year, compared to all of 2018, according to a report published this week by…
New DDoS Attacks Leverage TCP Amplification
Cybercriminals appear to have finally figured out a way to launch highly effective distributed denial-of-service (DDoS) attacks using TCP amplification — something most attackers have typically avoided under the assumption it cannot be done efficiently. Security vendor Radware this week said its researchers over the past 30 days have observed multiple criminal campaigns involving the…
Attackers continue to leverage greater levels of social engineering and sophistication
Despite a nearly four-month absence, the return of Emotet within the last two weeks of September accounted for nearly 12 percent of all malicious email samples in Q3, delivering millions of messages with malicious URLs or attachments, Proofpoint found. Emotet returns, organizations need to react “Emotet’s return to the threat landscape and the latest sextortion…
Phishing attacks at highest level in three years
The number of phishing attacks continued to rise into the autumn of 2019, according to APWG. The total number of phishing sites detected in July through September 2019 was 266,387. This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. “This…
Mobile Users Targeted With Malware, Tracked by Advertisers
The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for top mobile applications, and nation-state actors increasingly target mobile devices, according to a trio of reports released this week. In one measure of the…
Cryptojacking worm infects exposed Docker deployments
Attackers are exploiting Docker Engine deployments that are exposed to the internet without authentication to deploy and run cryptojacking malware on servers. A new cryptojacking botnet with self-spreading capabilities has infected over 2,000 such Docker deployments so far. “There have been incidents of cryptojacking malware spreading as a worm, but this is the first time…
Phishing attacks up, especially against SaaS and webmail services
Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in…
IoT attacks increasing in the cyber underground
Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes, according to Trend Micro. Trend Micro Research analyzed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetizing connected devices. The results reveal…
US Power Grid Cyberattack Due to Unpatched Firewall: NERC
The North American Electric Reliability Corporation (NERC) reports that a cyberattack on the US power grid earlier this year was caused by a target entity’s network perimeter firewall flaw. On March 5, 2019, an incident targeted a “low-impact” grid control center and small power generation sites in the western US, according to an E&E News…