Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”
The white paper linked to in this article may be the best thing written on the human side of cyber security that I’ve ever read. Do yourself a favor and read it.
“In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it or not, people are the problem,” said Pogue, Nuix’s Senior Vice President, Cyber Threat Analysis.
Empty DDoS Threats: Meet the Armada Collective
Cybercrooks have started bluffing about their capabilities. What affect this will have on the overall marketplace remains to be seen. It seems like this will take money out of the pocket of “legitimate” cybercriminals. 😉
… we’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.
‘Crypto Wars’ timeline: A history of the new encryption debate
The Patriot Act had a massive influence on encryption. Here’s a good (and mostly politics free) version of the biggest encryption related events since the Patriot Act was passed in 2003.
Law Firms Present Tempting Targets For Attackers
No industry is safe from attackers, scammers and hackers. Just add law firms to the long list of industries targeted by cybercriminals.
The recent data breach at Panamanian law firm Mossack Fonseca that resulted in the theft of a staggering 11.5 million sensitive records highlights what analysts say is a disturbing lack of security preparedness at many law firms.
Healthcare Was Most Attacked Industry in 2015
Healthcare has been under attack in 2015. The stats are disconcerning.
Despite not even making it to top five most targeted industries in 2014, healthcare managed to grab the top spot last year, as five of the top eight largest healthcare security breaches since the beginning of 2010 took place in the first half of 2015. Overall, more than 100 million healthcare records were compromised last year.
Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX
Another week, another new wave of attacks. This one changes shapes. An interesting development,l especially since Kaspersky just announced a decryptor for CryptXXX.
In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS atafraid.org. We are calling this the Afraidgate campaign. Although we continue to see Locky distributed through malicious spam, we have not noticed Locky from EK traffic since mid-April.
Malware Leverages Windows “God Mode” for Persistency
A common Windows “feature” gets exploited by attackers.
The so called God Mode allows users to create a folder and give it a special name, which turns it into a shortcut to Windows settings and folders such as control panels, My Computer, or printers. The feature was introduced by Microsoft in Windows Vista and can prove a handy tool for administrators and savvy users alike.