Cybersecurity News Round-Up

Well, miraculously news we’ve made it through one whole week without a large-scale ransomware attack. How refreshing! Naturally, there are a few smaller-scale events being reported, but nothing the magnitude of what we experienced in 2020. Let’s hope things stay that way! But what is happening? Here’s a rundown.

Some of the laptops distributed by the UK Department for Education to vulnerable students have been found to be infected with malware. The BBC reported that some teachers shared details on an online forum about suspicious files found on devices sent to a school. The malware, detected on laptops at a handful of schools, was supposedly contacting Russian servers. The Department for Education said it was aware and urgently investigating.

The World Economic Forum’s released its annual Global Risks Landscape which said that “cybersecurity failures present a major risk.” The esteemed organization listed cybersecurity failure was listed fourth in a poll among its members. While digitalization marches on worldwide, the report does express concerns about it, arguing that the “rapid digitalization” is significantly increasing companies’ cybersecurity exposures and created more complex and potentially less secure networks.

News

Once again, the FBI has announced a cybersecurity-related warning, this time regarding an increase in voice phishing attacks aimed at capturing the login credentials of employees. In the specific attacks referenced by the FBI, the criminals speak with company employees on a VoIP call and persuade them to sign into a phishing page to steal their usernames and passwords. After capturing these credentials, the attackers manage to gain access to the corporate network where they can easily cause further damage.

Meanwhile, the U.S. Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than nine million people between late 2013 and May 2015.

Also this week, the Scottish Environment Protection Agency (SEPA) confirmed that it was hit by a ransomware attack last month and is continuing to feel the impact. The organization also confirmed that 1.2GB of data was stolen – including personal information relating to SEPA staff.

Finally, a new California-based coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020. The group aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks.

That’s a wrap! Grab a cup of joe to check out this week’s stories. Have a great weekend!

Top Global Security News

Bleeping Computer (January 21, 2021) UK govt gives malware infected laptops to vulnerable students

“Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC.

The devices are given out for free by the government to support disadvantaged students unable to access remote education during the COVID-19 pandemic, including children and young people who have no digital devices, have only a smartphone, or share a single device with other family members.”

Related:- Big Data Privacy Risks and How

Silicon Angle (January 20, 2021) World Economic Forum pegs cybersecurity failure as a major global risk

“Cybersecurity failure presents a major risk facing the world this year and well beyond, according to the Global Risks Landscape 2021 report published by the World Economic Forum.

Although infectious diseases, in particular the ongoing COVID-19 pandemic topped the ‘clear and present dangers’ short-term risk (up to two years) chart, cybersecurity failure ranked fourth in a poll among WEF members. ‘Knock-on effects,’ medium-term risks (three to five years) saw cybersecurity rank in eighth place.

‘Business, government and household cybersecurity infrastructure and/or measures are outstripped or rendered obsolete by increasingly sophisticated and frequent cybercrimes, resulting in economic disruption, financial loss, geopolitical tensions and/or social instability’ the report notes.”

Tech Republic (January 19, 2021) FBI warns of voice phishing attacks targeting employees at large companies

“The FBI is cautioning companies to beware of a slew of voice phishing attacks aimed at capturing the login credentials of employees.

In an advisory released last Thursday, the FBI revealed that as of December 2019, cybercriminals have been working together on social engineering campaigns targeting employees at large firms both in the US and abroad. The criminals are taking advantage of VoIP platforms to launch voice phishing, or vishing, attacks.

In the specific attacks referenced by the FBI, the criminals speak with company employees on a VoIP call and persuade them to sign into a phishing page to steal their usernames and passwords. After capturing these credentials, the attackers manage to gain access to the corporate network where they can easily cause further damage.”

CyberScoop (January 19, 2021) Health insurer Excellus penalized $5.1M by HHS for data breach

“The Department of Health and Human Services says New York health insurer Excellus has agreed to pay a multimillion-dollar penalty after a data breach exposed sensitive information about more than 9 million people between late 2013 and May 2015.

The $5.1 million fine is for violations of privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA), according to the department’s Office for Civil Rights (OCR).

The incident stemmed from a hack against Excellus’ systems during an era that featured well-publicized attacks on corporations such as Target, Sony and Home Depot. Years later, health data remains a ripe target for cybercriminals, particularly ransomware gangs. U.S. federal agencies warned about an “imminent” ransomware threat in October 2020.”

Related:- The Power of AI in Customer Support

ZDNet (January 18, 2021) Ongoing ransomware attack leaves systems badly affected, says Scottish environment agency

“The Scottish Environment Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and is continuing to feel the impact.

SEPA’s contact centre, internal systems, processes and internal communication have all been affected by the attack, which hit on Christmas Eve. The organisation, which is Scotland’s government regulator for protecting the environment, has also confirmed that 1.2GB of data has been stolen as part of the attack – including personal information relating to SEPA staff.

Despite the ransomware attack, SEPA’s ability to provide flood forecasting and warning services, as well as regulation and monitoring services, has continued.”

The Hill (January 17, 2021) New coalition aims to combat growing wave of ransomware attacks

“A new coalition of cybersecurity and tech groups is looking to create a roadmap for countering the surge of ransomware attacks that plagued city governments, schools and hospitals in 2020.

‘You see ransomware as not just an increasing security threat, it is to the level of now where it’s putting hospitals, children, the elderly, financial institutions, everyone at risk,’ Philip Reiner, executive chairman of the Institute for Security and Technology’s Ransomware Task Force, told The Hill. ‘As a result, we were seized with the idea that creating a collaborative cross-sectoral grouping that is looking at it from a comprehensive, top-down policy approach could potentially have more effect,’ Reiner added.

The California-based nonprofit aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks.”

Is that website you are on safe?

Would it surprise you to learn that there are over 4 billion internet users in 2018? With over half of the population around the world now surfing the net, safe there may be an increased opportunity for malware attacks by those with malicious intent. As internet scams continue to evolve, it’s important to make sure the websites you visit don’t pose a threat.

safe

Arm yourself with knowledge to help you avoid potentially dangerous sites by familiarizing yourself with these three red flags.

1. Odd-looking domain names

Let’s say you get an email from your bank. At least, it looks just like the emails your bank sends, addressing you by your full name. The email presents an offer you’d like to explore. Naturally, there are a couple of links and a big button making it easy for you to reach the right page in one click.

However, once you arrive on the page, you notice something odd about the domain name showing in your browser’s address bar. Rather than looking like this: https://www.MyBank.com, it looks something like this: https://www.MyBank.SpecialOffer.com.

Examples like this are often a telltale sign that you’ve reached a malicious website. That odd-looking domain name indicates that you’re going to a website called SpecialOffer.com. The scammers have created the name MyBank as part of their real domain. Many people can be caught in this type of scam if they don’t look at the domain name of the page they landed on. It’s also possible that they scan it quickly, see MyBank, and assume that they’re in the right place.

Help yourself to avoid scams like this by always looking carefully at the domain name link, usually by hovering over the linked text to see the destination URL. If it doesn’t look right to you, the best approach is to go to your web browser and manually type the domain name you want to reach. For additional protection, opt for a solution like Norton Safe Web, which has the ability to warn you before you even reach a suspicious website.

Related:- How To Monetize A Free Application?

2. Domain names that don’t start with this

If you land on a site and the domain name starts with “HTTP,” you may be on an unsecure connection if you choose to shop there. As an additional security measure, most websites today use “HTTPS” to denote a secure connection. Here’s how it works.

HTTP (Hyper Text Transfer Protocol) is the traditional technology the internet uses to communicate between your computer and locations on the internet. HTTPS (Secure Hyper Text Transfer Protocol) is the secure version of that technology.

A site that uses HTTPS is keeping any information you type into the website secure, including your credit card numbers and other personal information. HTTPS encrypts the information that passes between you and the website so that even if a scammer could access that data, they couldn’t read it without the encryption key.

Related:- What You Need to Know About Wi-Fi 6

3. Websites that display a security alert

These days, scammers continue to come up with new ways of accessing your computers and other devices. When you visit a website infected with malware, a pop-up might appear, telling you that your device is infected, and then offer to remove it for you.

When you click on a link in the pop-up, the infected website could then send malware to your computer to disrupt its operations. At the same time, the pop-up might assure you that it has removed all malware and your computer is now safe.

Help avoid malware attacks like these when you install internet security software, like Norton Security. Some solutions have the ability to alert you before you even land on a website that could potentially infect your device.

The more informed you become about threats online, the more tools you’ll have to help protect your personal information and devices. When you combine actionable tips like these with the added layer of security of Norton Security, you can rest assured your journey on the web will lead you to safe and secure sites.