COVID-19 Latest: 'We Are Really Struggling'

Tom Field • November 27, 2020

It took 100 days for the world to record its first 1 million COVID-19 infections. A week ago, 1 million cases were added in just over one day. In advance of the Thanksgiving break, pandemic expert Regina Phelps shares insights on the virus, testing and how soon we might see vaccines.

Application Security

How to Implement a 'Security by Design' Approach

Latest

Cybercrime

Rise of the Bots: Criminal Attacks Grow More Automated

Mathew J. Schwartz • November 27, 2020

Criminals continue to rely on automated bots for phishing attacks, web scraping, credential stuffing and more. But while gangs previously needed to amass large, powerful botnets to be effective, now they need relatively few devices, says Group-IB CTO Dmitry Volkov.

3rd Party Risk Management

Government Watchdog Calls for 5G Cybersecurity Standards

Prajeet Nair • November 27, 2020

The U.S. Government Accountability Office is urging policymakers to adopt coordinated cybersecurity monitoring of 5G networks, to ensure a safe rollout of the new technology.

Business Continuity Management / Disaster Recovery

Hot Cybercrime Trend: Enterprise-Scale Ransomware Hits

Anna Delaney • November 27, 2020

The latest edition of the ISMG Security Report features an analysis of how cybercriminals are ditching banking Trojans in favour of ransomware attacks. Also featured: Defending against deepfakes; supporting a dispersed workforce.

Cybercrime as-a-service

Ransomware Attack Targets Baltimore County Public Schools

Akshaya Asokan • November 26, 2020

Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students this week. Now, the district has been forced to call-off its virtual classes until next Monday.

Anti-Phishing, DMARC

Interpol Busts Massive Nigerian BEC Gang

Akshaya Asokan • November 26, 2020

Interpol, Nigerian law enforcement agencies and security firm Group-IB have collectively uncovered a massive Nigerian business email compromise gang that was active across more than 150 countries. Three suspected members have been arrested in Nigeria.

Cybercrime as-a-service

Ransomware: IT Services Firm Faces $60 Million Recovery

Prajeet Nair • November 26, 2020

French IT services firm Sopra Steria, which was hit with Ryuk ransomware in October, now estimates that the attack could cost the company up to $60 million in recovery costs. Experts say that after going quiet in March, Ryuk reappeared in September, and has targeted numerous hospitals.

3rd Party Risk Management

Automated Monitoring in the Cloud

Anna Delaney • November 26, 2020

Glen Hymers, CISO and head of data protection at the U.K.-based charity Save the Children International, says adapting to a cloud-first environment requires extensive security measures, including automated monitoring.

Application Security

Keeping the Software Supply Chain Secure

Jeremy Kirk • November 26, 2020

IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.

Business Continuity Management / Disaster Recovery

FBI Warns of Uptick in Ragnar Locker Ransomware Activity

Prajeet Nair • November 25, 2020

The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.

Governance & Risk Management

Linux Botnet Disguises Itself as Apache Server

Prajeet Nair • November 25, 2020

The latest Linux version of the Stantinko botnet is designed to disguise the malware as an Apache server to help better avoid security tools and remain hidden, according to Intezer Labs.

Application Security

Google Removes 2 Android Apps That Collected User Data

Akshaya Asokan • November 25, 2020

Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.

Cybercrime

Home Depot Settles 2014 Breach Lawsuit for $17.5 Million

Doug Olenick • November 24, 2020

The Home Depot reached a $17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers. The company will also implement new security procedures as part of the agreement.