The FBI expects a surge of mobile banking threats
The increased use of mobile banking apps due to the COVID-19 pandemic is sure to be followed by an increased prevalence of mobile banking threats: fake banking apps and banking Trojans disguised as those apps, the FBI has warned. The problem The pandemic and the resulting social distancing brought about many changes. Among them is…
41% of organizations have not taken any steps to expand secure access for the remote workforce
Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access…
New software enables existing sensors to detect ransomware
Engineers from SMU’s Darwin Deason Institute for Cybersecurity have developed software to detect ransomware attacks before attackers can inflict catastrophic damage. Ransomware is crippling cities and businesses all over the world, and the number of ransomware attacks have increased since the start of the coronavirus pandemic. Attackers are also threatening to publicly release sensitive data…
4 tips for protecting users from COVID-19-targeted attacks
Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to COVID-19. Attackers are also setting up COVID-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct COVID-19-related campaigns associated with 11 threat…
The battle against ransomware: Lessons from the front lines
Ransomware is arguably the most significant cybercrime innovation in recent history. The ransomware business model is so effective that it is now the most common and devastating threat to organizations of all sizes. As a provider of cyber insurance, we have the misfortune of responding to ransomware attacks across tens of thousands of organizations, and…
SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT
Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disaster relief loans or provide…
5 steps to create a security incident response plan
The only thing worse than getting hit with a cyberattack is getting hit with a cyberattack and not having a strong security incident response plan in place. Sophisticated Advanced Persistent Threat (APT) attacks are typically aimed at high-value targets like credit card companies, banks, retailers, healthcare facilities and hotel chains that store large volumes of…
Beware of fake COVID-19-themed emails from President Trump
As US citizens wait for President Trump’s final decision about whether quarantine will be over by Easter, malware peddlers have already “decided”: quarantine will be prolonged until August 2020. Phishing emails point to malware Researchers with anti-phishing startup Inky have spotted two phishing emails purportedly coming from the White House, “signed” by President Trump. Both…
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
Cybercriminals are increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019,…
Cyber crooks continue to exploit COVID-19 for their malicious schemes
A time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks. We’ve already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily. The latest schemes and scams that exploit…