COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 27, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

Application Security

UK Forms National Cyber Force

Latest

Critical Infrastructure Security

CISA Warns of Password Leak on Vulnerable Fortinet VPNs

Akshaya Asokan • November 28, 2020

CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days after hackers began publishing what they claim are leaked passwords on underground forums, according to researchers.

Cybercrime

EU Law Enforcement Prevents $47.5 Million in Payment Fraud

Akshaya Asokan • November 27, 2020

Europol, along with the other law enforcement agencies in Europe, prevented payment fraud losses of $47.5 million by targeting fraudsters that were selling stolen card data on darknet websites known as card shops.

Cyberwarfare / Nation-State Attacks

UK Ramps Up Capabilities to Deter Nation-State Hackers

Tony Morbin • November 27, 2020

The U.K. is moving to improve its ability to combat online attacks via the establishment of an information warfare network named @HutEighteen. The move, announced by the Defence Academy of the U.K., follows fresh EU sanctions against nation-state hackers, and the U.K. standing up a National Cyber Force.

Cybercrime

Rise of the Bots: Criminal Attacks Grow More Automated

Mathew J. Schwartz • November 27, 2020

Criminals continue to rely on automated bots for phishing attacks, web scraping, credential stuffing and more. But while gangs previously needed to amass large, powerful botnets to be effective, now they need relatively few devices, says Group-IB CTO Dmitry Volkov.

Breach Notification

Sophos Warns Customers of Possible Data Leak

Akshaya Asokan • November 27, 2020

Sophos is warning some of its customers may have had their data exposed to a misconfigured internal system, according to a published report. The security firm confirmed that a "small set" of customers were affected.

3rd Party Risk Management

Government Watchdog Calls for 5G Cybersecurity Standards

Prajeet Nair • November 27, 2020

The U.S. Government Accountability Office is urging policymakers to adopt coordinated cybersecurity monitoring of 5G networks, to ensure a safe rollout of the new technology.

Business Continuity Management / Disaster Recovery

Hot Cybercrime Trend: Enterprise-Scale Ransomware Hits

Anna Delaney • November 27, 2020

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favour of ransomware attacks. Also featured: Defending against deepfakes; supporting a dispersed workforce.

Cybercrime as-a-service

Ransomware Attack Targets Baltimore County Public Schools

Akshaya Asokan • November 26, 2020

Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students this week. Now, the district has been forced to call-off its virtual classes until next Monday.

Anti-Phishing, DMARC

Interpol Busts Massive Nigerian BEC Gang

Akshaya Asokan • November 26, 2020

Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.

Cybercrime as-a-service

Ransomware: IT Services Firm Faces $60 Million Recovery

Prajeet Nair • November 26, 2020

French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, now estimates that the attack could cost the company up to $60 million in recovery costs. Experts say that after going quiet in March, Ryuk reappeared in September, and has targeted numerous hospitals.

3rd Party Risk Management

Automated Monitoring in the Cloud

Anna Delaney • November 26, 2020

Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.

Application Security

Keeping the Software Supply Chain Secure

Jeremy Kirk • November 26, 2020

IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.