News &
Information

Spotify Breach: It's Time To Go To A Password Manager

Changing passwords, associated passwords, and logging out everywhere are important steps for cybersecurity. We examine.

Identifying Employee Personality Typing May Help Blunt Cybercrime

New research finds that personality type may determine an employee's strengths and weaknesses as it relates to cyber threats. We examine.

Bad State Actors And Criminals Are Focusing On Updates After SolarWinds Hack

Cybercriminals often hack organizations or spoof software updates to spread malware. We examine.

Knowing Internal Online Habits Helps Limit The Risk Of Cloud-Based Malware Attacks

McAfee's second quarter report reveals a significant rise in malware attacks, particularly in cloud-based user accounts. We examine.

Pandemic-Related Cyberattacks Start To Emerge

December 17, 2020

In response to the pandemic, many organizations moved their operations online. IT and security teams have struggled to keep pace in securing the ever-changing attack surface because cybercriminals have developed new skills and methodologies to exploit the vulnerabilities of this digital environment.

Remote workers are increasingly accessing organizational data with their mobile devices, which creates more exposure for organizations.

Check Point Research found over 400 vulnerabilities in a Qualcomm Technologies DSP chip that is embedded into over 40 percent of mobile phones, including those made by Google, Samsung, and LG. In addition, cybercriminals are improving techniques to hide their malware in official app stores. 

Similarly, employees are connecting to their organization's network in ways not completely secure. For example, Check Point Research found that Open Source Apache Guacamole remote desktop gateway, which has been downloaded more than 10 million times worldwide, is susceptible to several critical Reverse RDP vulnerabilities.

These vulnerabilities could allow a cybercriminal to launch an attack using the gateway from a compromised computer. Then, the hacker could spy on all incoming sessions, steal user credentials, and start new sessions to control network-connected computers.

Finally, a new ransomware tactic—double extortion—first appeared in early 2020. Before they encrypt a compromised database, cybercriminals steal large amounts of sensitive data and threated to publish it unless the victim pays a ransom. Evan Dumas "Attacks are constantly evolving. Is your organization keeping pace?" hcamag.com (Oct. 22, 2020).

Commentary

Two cyberthreats that have emerged and proliferated during the pandemic are COVID-19-themed attacks and Zoom-related phishing campaigns.

Organizations should train all employees to watch out for these two common attacks to help prevent hackers from infiltrating your network.

Coronavirus-themed malware attacks use social engineering techniques to take advantage of our concern over the virus. Thousands of coronavirus-related domain names have been registered to launch these attacks.

Fraudulent emails may claim to sell fake COVID-19 vaccines or medication. Others claim to offer “special coronavirus discounts” on merchandise.

Cybercriminals have also created phishing campaigns that capitalized on Zoom’s exponential growth from 10 million daily users in December 2019 to over 300 million a mere four months later. Check Point Research states that Zoom-related domains and fraudulent installation programs are related to a large increase in cyberattacks. Check Point has worked with Zoom to address vulnerabilities that could have allowed hackers to log into meetings or sent fake invites.

Train employees not to trust an unexpected email or notification related to COVID-19 or Zoom, as these are two popular areas being exploited by hackers. Do not click on links or attachments claiming to contain a COVID-19 cure. Only join Zoom meetings from sent by a known person that have been discussed in advance, and always password-protect Zoom meetings. If you receive a Zoom invitation you think may be legitimate, call the meeting organizer before clicking on the link.

Finally, your opinion is important to us. Please complete the opinion survey: