Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

60ish second video roundup

Cyber-Criminals Impersonating Google to Target Remote Workers

Remote workers have been targeted by up to 65,000 Google-branded cyber-attacks during the first four months of 2020, according to a new report. The study found that Google file sharing and storage websites were used in 65% of nearly 100,000 form-based attacks the security firm detected in this period.

According to the analysis, a number of Google-branded sites, such as storage.googleapis.com, docs.google.com, storage.cloud.google.com and drive.google.com, were used to try and trick victims into sharing login credentials. Google-branded attacks were far in excess of those impersonating Microsoft, with the sites onedrive.live.com, sway.office.com and forms.office.com making up 13% of attacks.

Other form-based sites used by attackers included sendgrid.net (10%), mailchimp.com (4%) and formcrafts.com (2%).

Read the full article here: https://www.infosecurity-magazine.com/news/cyber-criminals-impersonating/

Ransomware Demands Soared 950% in 2019

Ransomware operators had another standout year in 2019, with attacks and ransom demands soaring according to new data.

A new report claimed that, after a relatively quiet 2018, ransomware was back with a vengeance last year, as attack volumes climbed by 40%.

As large enterprises became an increasing focus for attacks, ransom demands also soared: from $8,000 in 2018 to $84,000 last year. That’s a 950% increase.

The “greediest ransomware families with highest pay-off” were apparently Ryuk, DoppelPaymer and REvil, the latter on occasion demanding $800,000.

Read more: https://www.infosecurity-magazine.com/news/ransomware-demands-soared-950-in/

Use of cloud collaboration tools surges and so do attacks

The COVID-19 pandemic has pushed companies to adapt to new government-mandated restrictions on workforce movement around the world. The immediate response has been rapid adoption and integration of cloud services, particularly cloud-based collaboration tools such Microsoft Office 365, Slack and videoconferencing platforms. A new report shows that hackers are responding to this with increased focus on abusing cloud account credentials.

Analysis of cloud usage data that was collected between January and April from over 30 million enterprise indicated a 50% growth in the adoption of cloud services across all industries. Some industries, however, saw a much bigger spike--for example manufacturing with 144% and education with 114%.

The use rate of certain collaboration and videoconferencing tools has been particularly high. Cisco Webex usage has increased by 600%, Zoom by 350%, Microsoft Teams by 300% and Slack by 200%. Again, manufacturing and education ranked at the top.

More here: https://www.csoonline.com/article/3545775/use-of-cloud-collaboration-tools-surges-and-so-do-the-attacks-report-shows.html

Huge rise in hacking attacks on home workers during lockdown

Hackers have launched a wave of cyber-attacks trying to exploit British people working from home, as the coronavirus lockdown forces people to use often unfamiliar computer systems.

The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later, according to new data.

Attacks specifically aimed at exploiting the chaos wrought by Sars-CoV-2 have been evident since January, when the outbreak started to garner international news headlines.

The attacks have increased in sophistication, specifically targeting coronavirus-related anxieties rather than the more usual attempts at financial fraud or extortion.

In early May “a large malicious email campaign” was detected against UK businesses that told employees they could choose to be furloughed if they signed up to a specific website.

Read more here: https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown?CMP=share_btn_tw

EasyJet faces £18 billion class-action lawsuit over data breach

UK budget airline easyJet is facing an £18 billion class-action lawsuit filed on behalf of customers impacted by a recently-disclosed data breach.

Made public on May 19, easyJet said that information belonging to nine million customers may have been exposed in a cyber attack, including over 2,200 credit card records.

The "highly sophisticated" attacker to blame for the security incident managed to access this financial information, as well as email addresses and travel details. EasyJet is still contacting impacted travelers.

The carrier did not explain how or exactly when the data breach took place, beyond that "unauthorized access" has been "closed off."

The National Cyber Security Centre (NCSC) and the UK's Information Commissioner's Office (ICO) have been notified, of which the latter has the power to impose heavy fines under GDPR if an investigation finds the carrier has been lax in data protection and security.

Last year, British Airways faced a "notice of intent" filed by the ICO to fine the airline £183.4 million for failing to protect the data of 500,000 customers in a data breach during 2018.

Read the full article here: https://www.zdnet.com/article/easyjet-faces-18-billion-class-action-lawsuit-over-data-breach/

Data Breach at Bank of America

Bank of America Corporation has disclosed a data breach affecting clients who have applied for the Paycheck Protection Program (PPP).

Client information was exposed on April 22 when the bank uploaded PPP applicants' details onto the US Small Business Administration's test platform. The platform was designed to give lenders the opportunity to test the PPP submissions before the second round of applications kicked off.

The breach was revealed in a filing made by Bank of America with the California Attorney General's Office. As a result of the incident, other SBA-authorized lenders and their vendors were able to view clients' information.

Data exposed in the breach consisted of details relating not only to individual businesses, but also to their owners. Compromised data may have included the business address and tax identification number along with the owner's name, address, Social Security number, phone number, email address, and citizenship status.

More Here: https://www.infosecurity-magazine.com/news/data-breach-at-bank-of-america/

Apple sends out 11 security alerts – get your fixes now!

Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes.

There were 63 distinct CVE-tagged vulnerabilities in the 11 advisory emails.

11 of these vulnerabilities affected software right across Apple’s mobile, Mac and Windows products.

Read more: https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-alerts-get-your-fixes-now/

NSA warns of new Sandworm attacks on email servers

The US National Security Agency (NSA) has published a security alert warning of a new wave of cyber attacks against email servers conducted by one of Russia's most advanced cyber-espionage units.

The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA).

Also known as "Sandworm," this group has been hacking Exim servers since August 2019 by exploiting a critical vulnerability.

Read more: https://www.zdnet.com/article/nsa-warns-of-new-sandworm-attacks-on-email-servers/

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba.

Researchers in a recent post said that they noticed DNS activity in its telemetry that traced back to a suspicious domain controlling mass amounts of infected Windows devices. Analysis of the command-and-control (C2) infrastructure of the operation and the malware used to build the botnet showed that the effort could be attributed to a known threat group – DoubleGun, a.k.a. ShuangQiang.

Read more: https://threatpost.com/doublegun-massive-botnet-cloud-services/156075/

Malicious actor holds at least 31 stolen SQL databases for ransom

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up.

The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale on an unnamed website. These databases constitute roughly 1.620 million rows of information, including e-commerce customers’ names, usernames, email addresses, MD5-hashed passwords, birth dates, addresses, genders, account statuses, histories and more

Read more: https://www.scmagazine.com/home/security-news/data-breach/malicious-actor-holds-at-least-31-stolen-sql-databases-for-ransom/

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

The top ten password-cracking techniques used by hackers

Think your passwords are secure? Think again

Understanding the password-cracking techniques hackers use to blow your online accounts wide open is a great way to ensure it never happens to you.

You will certainly always need to change your password, and sometimes more urgently than you think, but mitigating against theft is a great way to stay on top of your account security. You can always head to www.haveibeenpwned.com to check if you're at risk but simply thinking your password is secure enough to not be hacked into, is a bad mindset to have.

So, to help you understand just how hackers get your passwords – secure or otherwise – we've put together a list of the top ten password-cracking techniques used by hackers. Some of the below methods are certainly outdated, but that doesn't mean they aren't still being used. Read carefully and learn what to mitigate against.

More here: https://www.itpro.co.uk/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers

Lack of IT security training leaving businesses open to data breaches

Even security departments could use extra classes, new report suggests.

When it comes to the workforce – everyone needs a little extra IT education, even those working in IT departments. This is according to a new report, which concludes that there’s still a lot to do to eliminate the ever-present skills shortage. It also says that there is a sea of difference between the faith businesses have in their cybersecurity solutions, and the general awareness of how secure they really are.

The report says that 61 per cent of organisations would love to see their workforce trained more in cybersecurity awareness, but also – two fifths would love to get some of that training for their software development teams, as well. Just less than a third (29 per cent) believe the same is required – for their IT operations team.

Full article here https://www.itproportal.com/news/lack-of-it-security-training-leaving-businesses-open-to-data-breaches/

Ransomware predicted to continue to dominate cybercrime in 2020

Security teams acting as ‘first responders’ for cyberattacks, get an interesting perspective on cybersecurity – in terms of exactly what attacks are really hitting organisations and how they affect them, and in terms of understanding the motivations of those launching the attacks. Overwhelmingly, the attacks these teams see are intended to extort or steal money. These teams believe that the threats we will see in 2020 will not be very different to those threats already know all too well. While these teams occasionally deals with some advanced new threats, these are always massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.

Full article: https://www.techradar.com/uk/news/ransomware-to-dominate-cybercrime-in-2020

The Top 10 Ransomware Types Hitting Businesses in 2019

The ransomware landscape in 2019 has remained alarmingly lively, with hackers continuing to see value in targeting enterprises, public bodies and governments – sometimes with targeted, sometimes spray-and-pray approaches. Now, analysis by Zealand-based anti-malware firm Emisoft has revealed of 230,000 incidents between April 1 and September 30, 2019 reveals the top 10 ransomware strains to look out for.

1 STOP (DJVU)

The STOP ransomware strain, also known as DJVU, has been submitted to the ID Ransomware tool over 75,000 times, which only represent a sliver of the systems it may have affected worldwide.

STOP affects the systems of home users and can be easily picked up by downloading unsecure files from torrent sites. Once the infection begins the STOP malware will use the AES-256 encryption to lock the system files, followed by a payment demand issued to the user. It is by far the most common submission to ID Ransomware as it accounts for 56 percent of all submissions.

2 Dharma

The Dharma variant not only will lock a system, but it will instruct the victim to contact a specific email where they are expected to negotiate the release of their files. Dharma is a cryptovirus which is pushed onto system via malicious download links and email hyperlinks.

Operating in the threat landscape since 2016, Dharma is part of the .cezar family. It mainly targets enterprise targets. Dharma accounted for 12 percent of submissions.

3 Phobos

Credit: Luca Ruegg via Unsplash

Phobos, either named after the Martian moon or its namesake the Greek god of fear, is a ransomware variant that makes up 8.9 percent of all submissions.

It is mainly spread via exploits of insufficiently secured Remote Desktop Protocol ports. Phobos has been seen in the wild attacking corporations and public bodies indiscriminately. In a similar manner to Dharma this ransomware locks your files and then request you contact the attacker directly to negotiate their release.

4 GlobeImposter

GlobeImposter makes up 6.5 percent of all submissions to the ID Ransomware tool. GlobeImposter is the next evolution on pervious strains of the variant. What makes it different is it uses AES-256 cryptography to encrypt a victim’s files before it issues a bitcoin payment demand.

5 REvil

REvil also known as Sodinokibi was first discovered in 2019 and security research believe that it was developed by the same threat actors who created GandCrab.

Emsisoft notes that Sodinokibi is seen as a “Ransomware-as-a-service that relies on affiliates to distribute and market the ransomware. It is extremely evasive and uses advanced techniques to avoid being detected by security software.”

The attack vectors for this variant include exploiting a vulnerability in Oracle WebLogic and more traditional methods such as phishing campaigns. It makes up 4.5 percent of submissions.

Countries most affected by ransomware Credit: Emsisoft

6 GandCrab

According to Europol the GandCrab ransomware variant has infected nearly half a million victim systems since it was first detected at the start of 2018. It accounts for 3.6 percent of submissions.

The GandCrab virus infects and encrypts all the files within a user’s systems. Originally the ransomware was distributed via exploit kits such as RIG EK and GrandSoft EK. Cybersecurity company Bitdefender has created a useful decrypting tool to help mitigate GandCarb lock-outs.

7 Magniber

Magniber has been around in one form or another since 2013, but it still accounts for 3.3 percent of submissions.

Cybersecurity firm Malwarebytes have been tracking this variant for some time and noticed that it is continually evolving. In one of the latest version they state that: “Each file is encrypted with a unique key—the same plaintext gives a different ciphertext. The encrypted content has no patterns visible. That suggests that a stream cipher or a cipher with chained blocks was used (probably AES in CBC mode).”

8 Scarab

Credit: Timothy Dykes via Unsplash

The Scarab ransomware was first discovered in June 2017. The malicious software uses the encryption algorithms AES-256 and RSA-2048 to lock the files on a targeted system. It makes up 2.0 percent of submissions.

Cyber security firm Symantec notes that: “Many of Scarab’s campaigns focus on distributing the group’s custom malware (Trojan.Scieron and Trojan.Scieron.B) through emails with malicious attachments. These files contain exploits that take advantage of older vulnerabilities that are already patched by vendors. If the attackers successfully compromise the victims’ computers, then they use a basic back door threat called Trojan.Scieron to drop Trojan.Scieron.B onto the computer.”

9 Rapid

Rapid accounts for 1.8 percent of submissions. It is a ransomware that acts as a trojan horse to encrypted files and then demand a ransom.

Rapid busted onto the scene in 2018. When it infects a systems it will remove all of the Windows shadow volume copies stop all database processes and take automatic repair offline. Once files are encrypted like the others it will issues a ransom demand.

10 Troldesh

Troldesh also known as Shade accounts for 1.4 percent of submissions. Troldesh is a Trojan horse that locks files in a system via an encryption method. The malware has been around since 2014, but is still used in many active ransomware campaigns.

Malwarebytes followed one such campaign and noted that: “Spread by malspam—specifically malicious email attachments. The attachments are usually zip files presented to the receiver as something he “has to” open quickly. The extracted zip is a Javascript that downloads the malicious payload (aka the ransomware itself). The payload is often hosted on sites with a compromised Content Management System (CMS).”

Original article here: https://www.cbronline.com/news/ransomware-2019

Interpol new campaign to raise awareness of Business Email Compromise (BEC) urges public #BECareful of BEC Fraud

THE HAGUE, The Netherlands – What would you do if you received an email from your company’s CEO asking you to make an urgent payment?

What if a long-time supplier asked you to send all future payments to a new account at a different bank?

Would you immediately make the payment or change the banking details? Or would you first double-check through a different channel that the requests were genuine?

If you would make the payment, you just might become the next victim of a growing type of fraud – business email compromise, or BEC fraud.

Through a new public awareness campaign launched today, INTERPOL is encouraging the public to #BECareful about BEC fraud and know the warning signs to avoid falling into the criminals’ trap.

Full article here: https://www.interpol.int/News-and-Events/News/2019/INTERPOL-urges-public-to-BECareful-of-BEC-fraud

'Sextortion botnet spreads 30,000 emails an hour’

A large-scale “sextortion” campaign is making use of a network of more than 450,000 hijacked computers to send aggressive emails, researchers have warned.

The emails threaten to release compromising photographs of the recipient unless $800 (£628) is paid in Bitcoin.

And they contain personal information - such as the recipient’s password - probably gathered from existing data breaches, to specifically target more than 27 million potential victims at a rate of 30,000 per hour.

While analysis suggests a small fraction of targets have fallen for the ploy, one expert said such botnets still offered a great “return on investment” for cyber-criminals.

Read more here: https://www.bbc.co.uk/news/technology-50065713

Fraud attacks see huge rise in 2019

In just half a year, fraud attacks against business-to-consumer (B2C) organisations have increased 63 per cent, according to a new global report by RSA.

The digital risk management experts claim that in the first half of 2019, we’ve had 140,344 fraud attempts made against B2C organisations of all sizes. Just half a year ago, in the second half of 2018, that number stood at 86,344.

The newest trend among fraudsters are mobile apps, it seems, as the report claims that fraud attacks originating from mobile apps rose by 191 per cent, hitting a total of 57,000.

Most of the malicious actors try to evade getting detected by using “new” devices. The number of these devices (known to RSA for less than 90 days) increased from 20 per cent, to 80 per cent.

Financial malware also rose significantly in the same time period, growing 80 per cent in the first half of the year. Most of the time, fraudsters are using a modified version of the old Ramnit Banking Trojan, RSA says. It is used mostly to circumvent defences, as they distribute it via executable files downloaded and opened by unsuspecting victims.

Read the original article on ITProPortal here: https://www.itproportal.com/news/fraud-attacks-see-huge-rise-in-2019/

Smart home devices are being hit with millions of attacks

Hackers aim to build a botnet of smart devices, and poor security practices are allowing this.

Hackers want to hijack smart home devices to create large botnets and use them, for example, to launch powerful DDoS attacks. I

According to a new report by Kaspersky, the number of attacks against smart home devices increased sevenfold compared to the same period last year.

In the first half of 2018, Kaspersky tracked 12 million attacks, originating from 69,000 unique IP addresses. A year later, the same company tracked 105 million attacks, coming from 276,000 IP addresses.

Kaspersky claims the attacks aren’t sophisticated, and they’re rarely done to destroy the device. Instead, hackers are trying extra hard not to be noticed, so the users may not even realise their devices are being exploited. Most of the times, hackers employ Mirai to build the botnet. Other notable mentions are Nyadrop and Gafgyt.

Sources of infection mostly originate from China, but Brazil, Egypt and Japan are also on the list.

https://www.itproportal.com/news/smart-home-devices-are-being-hit-with-millions-of-attacks/

The Security Risks of Cloud Computing Start With You

Do you know where your data is….

Cloud computing has quickly become a key part of the business model for many organisations, but it would be wise not to ignore the security risks of cloud computing, as doing so can incur major penalties.

The cloud comes with many key advantages like lowering the cost for smaller firms to run compute-intensive business analytics, or as the case with UK challenger bank Monzo, it can allow you to build a completely new business model that is powered by cloud computing.

Yet for all the myriad useful security tools that the leading cloud providers offer, which are typically — configured right — more than the match for on-premises systems, typically the security and maintenance of the data being stored or processed in the cloud is still the sole responsibility of the firms it belongs to, and errors start with misconfigurations.

Many simple mistakes from poor account management, which is why 29 percent of organizations experienced potential account compromises, 32 percent had simple configuration issues and 23 percent found critical patches missing.

https://www.cbronline.com/feature/security-risks-of-cloud-computin

Three quarters of IT execs surveyed do not use full vulnerability management solution

ManageEngine announced the findings of its “State of IT in the UK—2019” survey. Conducted by an independent research consultancy, the study of 400 IT decision-makers working in organisations of all sizes explores their experiences dealing with IT security, GDPR compliance and cloud migration, and investigates what technologies they see having a real impact in the future.

In 2017, ManageEngine launched a survey to evaluate the IT landscape in small and medium-sized enterprises (SMEs). The latest survey has been extended to include large organisations and enterprises. It has found that businesses of all sizes lack the ability to detect anomalous activity in their IT networks. While only 12% of respondents working in enterprises believe that their organisation has that capability, the corresponding figure in SMEs and large organisations fared slightly better (21%).

Other key findings include:

IT security concerns

• 72% of all respondents don’t use a comprehensive vulnerability management solution to detect, assess, prioritise, patch and mitigate zero-day vulnerabilities in their network.

• Only 21% of all respondents say they are capable of detecting complex attack patterns by correlating event information across devices and through user behaviour analytics (UBA).

• In terms of using preventive practices to mitigate zero-day vulnerabilities, IT professionals in SMEs and large organisations state they do this more (24%) than their counterparts in enterprises (14%).

• 31% of all respondents cite cost as the main barrier to securing additional resources for better IT security, while a lack of understanding of how poor their security is (22%) turns out to be the second biggest barrier.

Cloud adoption

• 96% of SMEs use some form of cloud technology, a significant increase from 87% recorded in ManageEngine’s 2017 UK survey. The breakdown for SMEs is 39% private (vs. 21% in 2017), 37% hybrid (vs. 40% in 2017) and 20% public (vs. 26% in 2017).

• The main reasons why SMEs are investing in cloud technology are security (55%), CRM tools (39%), business productivity (38%) and analytics and reporting (38%).

• 79% of all respondents plan to increase their spending on cloud computing within the next 12 months.

GDPR compliance

• Just over half (54%) of SMEs believe they are fully GDPR-compliant. In 2017, 81% of SMEs said they were prepared to meet GDPR requirements.

• The reasons given by SMEs, large organisations and enterprises for not being compliant include working with legacy systems (48%), lack of awareness (43%) and lack of financial investment (42%).

• The majority of enterprise respondents (70%) believe they are fully GDPR-compliant.

The way forward

• The technologies deemed to have the most impact in the coming years for all respondents are artificial intelligence (43%), the Internet of Everything (37%) and machine learning (29%).

• AI is more likely to play a big part in the business operations of enterprises (52%) than in the business operations of SMEs and large organisations (35%).

• Companies of all sizes agree that all three technologies above will help reduce time spent on manual processes (59%), provide additional time to work more strategically with other business units (53%), help detect user and network anomalies (48%) and provide greater visibility into network issues (46%).

Original article here: https://www.vanillaplus.com/2019/10/03/48755-three-quarters-execs-surveyed-not-use-full-vulnerability-management-solution-mitigate-zero-day-weaknesses/

What Is a DDoS Attack? (Hint: It Involves Zombies & Traffic Jams)

A distributed denial of service (DDoS) attack is kind of like a traffic jam on a website

What is a DDoS attack and what does it mean for your website? Instead of jumping deep into technical details, let’s start with a real-world analogy that makes it really easy to visualize what a DDoS attack is…

Imagine, for a moment, that it’s a Sunday afternoon and you’re driving down the highway with your family, headed to your favorite picnic spot. You’re cruising down the highway at 70 miles an hour – it won’t be long before you’re at the park enjoying a lovely autumn day!

…That is, until you go around a curve and see this in front of you: It’s a traffic jam — going as far as the eye can see!

You check your GPS traffic report, only to see that the jam extends for miles and there’s no way around it. There’s no way you’ll make it to the park in time for your picnic.

That’s basically what a distributed denial of service (DDoS) attack is – lots of users (in this case, cars) that are jamming up a system (the highway) to deny you from accessing a service (the park).

Usually when we talk about DDoS attacks, the resource being denied is a website and the “traffic jam” was maliciously caused by a hacker. But the concept is the same as a traffic jam on the highway. Let’s dive into what DDoS means, the types of DDoS attacks, and methods of DDoS prevention.

Let’s hash it out.

What is a DDoS Attack? A Simple Definition

Since we’re all about making technical topics simple, let’s start with a basic answer to the question: What does DDoS mean (a.k.a. “What is a distributed denial of service attack”)?

As mentioned above, a DDoS attack is a bit like a traffic jam on a website (but it’s intentionally caused by a hacker).

Here’s a simple definition for the meaning of DDoS:

A DDoS (distributed-denial-of-service) attack is when a hacker makes a website or other service inaccessible by flooding it with requests from many different devices.

If you’ve also heard the term “DoS attack,” don’t let that confuse you. A DDoS attack is just a specific type of DoS (denial-of-service) attack — one that uses multiple computers/devices to attack with.

How Does a DDoS Attack Work? (Hint: It Involves Zombies!)

Just like a traffic jam floods a highway with more cars than it can handle, a DDoS attack floods a website with more requests (i.e. visitors) than the web server or other related systems can handle.

Many hackers use botnets (a.k.a. zombie computers) to execute DDoS attacks. A botnet is a way for a single person (hacker) to control thousands of devices at once.

Here’s how a botnet works to execute a DDoS attack:

Step 1: Building the Botnet

To create a botnet, a hacker needs a way to take control of thousands of devices — these could be computers, mobile phones, or IoT devices such as webcams or smart refrigerators.

There are quite a few ways the hacker could find and take control of these devices. For example, they might write a virus that propagates and gradually takes over more and more computers. Or, they might find a specific IoT device with a known vulnerability (for example, poor default login security) and build a bot to scan the internet and hack as many of those devices as possible.

If you want to read more about how hackers do this, check out our post on Hacking IoT Devices: How to Create a Botnet of Refrigerators.

Step 2: Controlling the Botnet

As the hacker takes control of each device, they’ll do something so it will obey any instructions the hacker sends to the device. (For example, installing a small program on it.)

There are a few different approaches the hacker can use (client-server model, P2P model based on digital certificates, etc.), but the end result is the same — the hacker can issue a command and all the devices in the botnet will do whatever the hacker instructed them to do.

Step 3: Executing the Attack

Once the hacker has thousands of devices at his beck and call, he can execute the DDoS attack. There are a few different types of DDoS attacks (more on that later), but the basic idea is the same: flood a web server with more requests than it can handle.

The attacker will typically research the target website carefully to identify a weakness to exploit, then craft a request that will target that vulnerability. Finally, the attacker will instruct their zombie computers to execute that request (repeatedly).

Here’s an example: Let’s say Bob’s botnet has 100,000 devices in it. He issues a command to the botnet to send an HTTP request to example.com once per second. That’s 60 visits per minute times 100,000 devices. That adds up to 360 million visits per hour, or 8.6 billion visits per day. That’s far more than most web servers are designed to handle. If the attack was planned well, the web server will be overloaded and any real people who try to visit the site will get an error message. DDoS attack success!

DDoS the Lazy Way: Rent a Botnet!

If it sounds like a lot of work to build a botnet and execute a DDoS attack, you’d be right. But (unfortunately) there’s an easier way — lazy attackers can just go on the dark web and rent a botnet for as little as $10 per hour! Cybercrime is a booming industry, and services such as DDoS botnet rentals and phishing as a service solutions are just a few of the options available for purchase.

Types of DDoS Attacks

Our simplified definition of what DDoS is left out one detail: there are many different types of DDoS attacks that attackers can use depending on what specific server resource they’re trying to overload. Since we’re trying to keep things simple, we’ll just briefly highlight the broad types of DDoS attacks commonly used.

As mentioned previously, DDoS attacks are designed to jam up a website, usually by overloading a specific aspect of the site. For example, an attack could target the following to overload them:

• Web server resources such as CPU or RAM

• Database servers

• Network bandwidth

• DNS servers

• Etc.

Original article here: https://securityboulevard.com/2019/10/what-is-a-ddos-attack-hint-it-involves-zombies-traffic-jams/

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Ransomware still dominates the cyber threat landscape in 2019 – Europol report

Despite ransomware attack rates waning, Europol says a shift in tailored campaigns against business targets has ensured the malware holds the top spot in this year’s Internet Organised Crime Threat Assessment (IOCTA) report.

According to the European law enforcement body's annual report, published today (Wednesday), attacks utilising ransomware are now “more targeted, more profitable and cause greater economic damage”.

The 63-page IOCTA report says that since ransomware entered the spotlight in 2016 with global attacks like WannaCry and NotPetya, the malware has remained a “relatively easy income” for cybercriminals – offering a more stable return than banking trojans.

Ransomware notably locks and encrypts infected systems and files with the promise of returning functionality once a fee is paid.

https://portswigger.net/daily-swig/ransomware-still-dominates-the-cyber-threat-landscape-in-2019-europol-report

11 Ways Employees Can Be Your Weak Link for Cybersecurity

Each year, incidences of cyberattacks on companies are increasing with the intent to steal sensitive information. There are cybersecurity tools made to protect organisations, but many of these tools focus on external attacks, not internal weaknesses. Many security systems do not focus on the possibility of employees unknowingly becoming a security threat and do nothing to mitigate accidental internal threats. Employee cybersecurity is an important issue.

The 2018 Insider Threat Report asserted that 90% of organisations are likely to be attacked or exposed to attacks through an insider, and more than 50% experienced an attack through an insider. Furthermore, about 44% of top companies are exposed to potential threats as a result of exposure of passwords on the internet by their employees or theft of login details.

Read the full article for the full list here:

https://www.enzoic.com/employee-cybersecurity-weak-link/

11 steps organisations should take to improve their incident response strategy

As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, FIRST has produced 11 vital steps that organisations should take to improve their incident response strategy.

It is highly likely that an organisation will face a cybersecurity incident of some sort at some point in its lifetime, regardless of the level of cybersecurity defence in place.

According to a global survey undertaken by Marsh in partnership with Microsoft, two-thirds of respondents ranked cybersecurity as a top five risk management priority, but only 19% expressed high confidence in their organisation’s ability to manage and respond to a cyber event, and only 30% have developed a plan to do so.

More info and the full list of steps organisations can take here:

https://www.helpnetsecurity.com/2019/10/11/organizations-incident-response-strategy/

APT Actors Hitting UK Organisations via Trio of VPN Vulnerabilities: NCSC

Hundreds of British organisations are vulnerable to VPN attacks being launched by sophisticated Advanced Persistent Threat (APT) actors, who are actively exploiting vulnerabilities in a trio of commercial VPN products, the NCSC has warned.

The organisation, overseen by GCHQ, warned: “This activity is ongoing, targeting both UK and international organisations. Affected sectors include government, military, academic, business and healthcare. These vulnerabilities are well documented in open source, and industry data indicates that hundreds of UK hosts may be vulnerable.”

https://www.cbronline.com/news/vpn-attacks-ncsc

Phishing attempts increase 400%

1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January.

A new report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover.

Hackers are using trusted domains and HTTPS to trick victims, with nearly a quarter (24%) of malicious URLs found to be hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block. Nearly a third (29%) of detected phishing web pages use HTTPS as a method to trick users into believing they’re on a trusted site via the padlock symbol.

Phishing grew rapidly, with a 400% increase in URLs discovered from January to July 2019.

The top industries impersonated by phishing include:

·         25% are SaaS/Webmail providers

·         19% are financial institutions

·         16% social media

·         14% retail

·         11% file hosting

·         8% payment services companies

Phishing lures are also becoming more personalised and users still using Windows 7 face more risks with infections increasing by 71%

https://www.helpnetsecurity.com/2019/10/09/phishing-increase-2019/

Email Threat Report Summary

FireEye at Cyber Defense Summit announced the release of its latest email threat update. The analysis of more than two billion emails is visually depicted within their new infographic (these findings are the result of FireEye analysis against a sample set of more than two billion emails from April through June 2019).  

To summarise, FireEye has identified several significant themes:

• Attackers Are Getting Ahead in the Cloud: As companies continue migrating to the cloud, bad actors are abusing cloud services to deploy phishing attacks. Some of the most common tactics include hosting Microsoft-themed phishing pages with Microsoft Azure, nesting embedded phish URLs in documents hosted on popular file sharing services, and establishing phishing URL redirects on popular email delivery platforms.

• Microsoft Continues to Be the Most Popular Brand Used in Phishing Lures: A typical phishing email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting. During the evaluated period, FireEye saw Microsoft- and Office 365-themed phishing attacks increase by 12 percent quarter over quarter, as Microsoft continues to be the most popular brand utilised in phishing attacks, with 68 percent of all phishing detections.

• Entertainment/Media/Hospitality Most Targeted Vertical: Q2 saw a shakeup in the most targeted vertical industries. Entertainment/Media/Hospitality has stolen the number one spot from Financial Services, which dropped to number two. Other highly targeted verticals for email-based attacks include Manufacturing, Service Providers, Telecom, State & Local Government, Services/Consulting, and Insurance.

Insider threats are security’s new reality - the biggest danger to data security yet prevention solutions aren’t working

Insider threats expose companies to breaches and put corporate data at risk. New research questions whether the right data security solutions are being funded and deployed to stop insider threats and asserts that legacy data loss prevention solutions fall short in getting the job done.

79% of information security leaders believe that employees are an effective frontline of defence against data breaches. However, this year’s report disputes that notion.

Recognising that employees are the power behind any organisation, companies are increasingly implementing strategies for collaboration to make information sharing easier than ever.

69% of organisations that were breached due to insider threats already had a prevention solution in place at the time of the breach that did little to prevent it.

Unfortunately, some organizations have not put in appropriate detection and response data security controls, and instead simply trust employees to keep data safe. However, this trust is frequently abused.

The study showed that employees take more risks with data than employers think, which leaves organizations open to insider threat.

https://www.helpnetsecurity.com/2019/10/07/insider-threat-risk/

Many companies are failing to secure their data in the cloud

A large proportion of businesses are failing to secure the data they have stored in the cloud, a new report has claimed.

The report argues that almost half (48 per cent) of all corporate data is stored in the cloud nowadays, however just a third of organisations (32 per cent) go for a security-first approach with this data. Further on, the report uncovers that less than a third of organisations (31 per cent) believe it’s their responsibility to keep data safe, at all.

To make matters worse, companies are planning on using the cloud even more. Almost half (48 per cent) have a multi-cloud strategy, opting for the likes of Amazon Web Services (AWS), Microsoft Azure and IBM. On average, organisations use three different cloud service providers, with a quarter (28 per cent) using four or more.

Despite having its sights locked onto the cloud, almost half of organisations still see it as a security risk, particularly when saving consumer data. In most cases, they also see it as a compliance risk. However, not everyone believes that it’s entirely their obligation to keep the data safe – a third believes they should share this responsibility with the cloud providers, and another third believes this is entirely the cloud provider’s job.

https://www.itproportal.com/news/many-companies-are-failing-to-secure-their-data-in-the-cloud/

 Cyber Attacks Are North Korea's New Weapon of Choice

According to The Associated Press, North Korea has reportedly generated nearly two billion dollars to fund its nuclear weapons programs with unprecedented cyber activities against financial institutions and cryptocurrency exchanges all around the world. As a result, United Nations experts are currently investigating at least thirty-five instances in seventeen victim countries, including Costa Rica, Gambia, Guatemala, Kuwait, and Liberia. Of the many targets for cyberattacks, South Korea is often the hardest-hit.

https://nationalinterest.org/blog/korea-watch/cyber-attacks-are-north-koreas-new-weapon-choice-87526

Round up of the most significant open source stories of the last week

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Airbus hit by series of cyber attacks on suppliers

European aerospace giant Airbus has been hit by a series of attacks by hackers who targeted its suppliers in their search for commercial secrets, security sources told AFP, adding they suspected a China link.

There have been four major attacks on Airbus in the last 12 months, according to two security sources involved in investigating the hacking.

The group has long been considered a tempting target because of the cutting-edge technologies that have made it one of the world's biggest commercial plane manufacturers, as well as a strategic military supplier.

In January, it admitted to a security incident that "resulted in unauthorised access to data", but people with knowledge of the attacks outlined a concerted and far bigger operation over the last year.

Hackers targeted British engine-maker Rolls-Royce and the French technology consultancy and supplier Expleo, as well as two other French contractors working for Airbus that AFP was unable to identify.

Airbus and Rolls-Royce did not immediately reply to AFP's request for comment. Expleo said it would neither "confirm nor deny" that it had been targeted.

https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers

Attacks have also targeted other defence contractors in Europe and North America this month:

https://www.bleepingcomputer.com/news/security/cyber-attacks-hit-defense-contractors-in-europe-and-north-america/

Most malspam contains a malicious URL these days, not file attachments

Most malicious email spam (malspam) sent in the first half of the year has contained links to malicious files, rather than file attachments, according to telemetry gathered by cyber-security firm Proofpoint.

More precisely, 85% of all malspam sent in Q2 2019 (April, May, and June) contained a link to a malicious file download, rather than the actual malicious file attached to the email.

The Q2 number continues a Q1 trend, where malicious URLs also dominated as the favourite way of distributing malware via email spam.

https://www.zdnet.com/article/most-malspam-contains-a-malicious-url-these-days-not-file-attachments/

Microsoft bans 38 file extensions from Outlook to stop you downloading viruses

Microsoft has banned 38 new file extensions from Outlook online, bringing the total number of forbidden file types to 104.

The company hasn't said exactly when the change will roll out, but it's expected to come into force very soon. When it does, you will no longer be able to download files with the blacklisted extensions unless your system admin has made a specific exception.

https://www.techradar.com/uk/news/microsoft-bans-38-file-extensions-from-outlook-to-stop-you-downloading-viruses

Employees are mistakenly confident that they can spot phishing emails

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey.

Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step of changing their passwords following a breach.

Not only is this false confidence potentially harmful to an employee’s personal and financial data, but it also creates risks for companies and their data.

The report surveyed 4,000 office professionals from the U.S., U.K., Japan and Australia (1,000 per region) to determine what people know about phishing attacks, what makes them click on a potentially malicious link and other security habits.

There is no foolproof way to prevent being phished but taking a layered approach to cybersecurity including ongoing user training will significantly reduce risk exposure.

https://www.helpnetsecurity.com/2019/09/26/spot-phishing-emails/

Copycat Chrome extensions are filled with malware.

Earlier this month, Google removed a pair of plugins from Chrome with over 1.5 million installs between them. Their names – AdBlock and ublock – might sound familiar, but they definitely weren't the real thing.

First spotted by the AdGuard adblocker team, the plugins were cunningly replicating the well-known and entirely reputable AdBlock by getadblock and uBlock Origin by Raymond Hill.

The fraudulent ad blockers even behaved realistically, simply blocking as normal for a couple of days, after which their behaviour changed to carry out 'cookie stuffing' fraud. At this point, the extension loads tracking cookies onto its users' systems, so its creators can pretend they've referred the user to various sites they might visit, and be rewarded for doing so.

More info and approaches on staying safe here:

https://www.wired.co.uk/article/fake-chrome-extensions-malware

 Windows malware turns PCs into zombies

A new malware campaign responsible for infecting thousands of Windows PCs worldwide has been discovered by Microsoft.

The Microsoft Defender Research Team found the malware, dubbed Nodersok, and explained in a blog post that it is distributed through malicious adverts which force a Windows system to download files that are used in HTML apps.

After a system has been fully infected, Nodersok can then turn it into a zombie-like proxy machine used to launch other cyberattacks and even create a relay server that can give hackers access to command and control servers as well as other compromised devices. This helps hackers hide their activity from security researchers looking for suspicious behaviour.

https://www.techradar.com/uk/news/windows-malware-turns-pcs-into-zombies

GDPR: Only one in three businesses are compliant – here's what is holding them back

DPR came into force over a year ago but many organisations are still struggling to comply with data privacy legislation.

Consultancy firm Capgemini surveyed over 1,000 compliance, privacy and data protection personnel and found that despite three quarters of them having previously been confident about being compliant by the time GDPR came into force in May 2018, that isn't the case in reality and many are still struggling to adhere to the legislation.

Now just 28% of those surveyed believe they're fully GDPR compliant – despite regulators being willing to issue heavy fines.

https://www.zdnet.com/article/gdpr-only-one-in-three-businesses-are-compliant-heres-what-is-holding-them-back/

 99 percent of all misconfigurations in the public cloud go unreported

Today's data breaches often seem to be caused not just by malware infections or external threat actors, but human error, insiders with an ax to grind, and simple security failures.

The surge in adoption of cloud-based technologies and Infrastructure-as-a-Service (IaaS) has added a new facet to cyberthreats -- the loss of information caused by misconfigurations and weak credentials in the public cloud space.

According to new research released Tuesday and conducted by cybersecurity firm McAfee, titled, "Cloud-Native: The Infrastructure-as-a-Service Adoption and Risk," the majority of IaaS misconfigurations are going unnoticed.

Indeed, only one percent of IaaS issues are reported, which may suggest there are countless companies across the globe that are unwittingly leaking data.

1,000 IT professionals were surveyed across 11 countries, and cloud usage data from over 30 million McAfee Mvision cloud users was aggregated to compile the report, which also says companies believe they average 37 IaaS misconfiguration issues per month when in reality this number can reach 3,500.

In total, 90 percent of respondents said they had come across security issues with IaaS, but only 26 percent said they were equipped to deal with misconfiguration audits -- and this lack of visibility into their cloud usage may be contributing to an increased data breach risk.

According to McAfee, IaaS-based data loss incidents triggered by data loss prevention (DLP) rules have increased by 248 percent year-over-year. As an example, the report says 42 percent of storage objects measured with recorded DLP incidents were misconfigured.

Round up of the most significant open source stories of the last week

This week includes tools, tips and resources from around the web.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Traditional user awareness model is doomed to fail

CISOmag have some hard truths around the ways traditional user awareness is training is failing. If current user awareness is still relevant today, why is every security event full of CISOs complaining about users or passwords? After 20 years of user awareness, discussing passwords, and not clicking on links in emails the security industry is still talking about these as if they are new requirements. Where are the results which prove that the current model has worked, and will continue to work?

The full article can be read here: https://www.cisomag.com/traditional-user-awareness-model-is-doomed-to-fail/

 World’s most destructive botnet returns with stolen passwords and email in tow

If you've noticed an uptick of spam that addresses you by name or quotes real emails you've sent or received in the past, you can probably blame Emotet. It's one of the world's most costly and destructive botnets—and it just returned from a four-month hiatus.

Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco's Talos security team helps explain how Emotet continues to threaten so many of its targets.

https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/

Microsoft Patches Severe Windows Defender Bug

Microsoft patched a serious flaw in the Windows Defender security utility today that resulted in certain malware scans failing after just a few minutes.

https://www.tomshardware.co.uk/microsoft-patches-windows-defender-bug,news-61709.html

The Top 'Human Hacks' to Watch For Now

Social engineering is as old as mankind. But its techniques have evolved with time. DarkReading.com has info on the latest tricks criminals are using to dupe end users, including Social Media ‘Pretexting’, Vishing and SMiShing.

https://www.darkreading.com/edge/theedge/the-top-human-hacks-to-watch-for-now/b/d-id/1335845

 Akamai speaks out on uptick of Distributed Denial of Service (DDoS) attacks

Akamai released some findings on Wednesday following checks they had conducted on new Distributed Denial of Service vector leverages a UDP Amplification technique known as WS-Discovery (WSD). Without getting too technical UDP (User Datagram Protocol) is an alternative communications protocol to TCP (Transmission Control Protocol), used for establishing low-latency and loss-tolerating connections between applications on the internet). Since UDP is a stateless protocol, requests to the WSD service can be spoofed.

According to the report from Akamai the situation now is such that "multiple threat actors" are leveraging this DDoS method to ramp up attacks.

More: https://techxplore.com/news/2019-09-akamai-uptick-ddos.html

Global cryptomining attacks use NSA exploits to earn Monero

Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more, using exploits from the National Security Agency to spread its malware.

The new threat group, dubbed 'Panda,' was revealed this week in a new report from Cisco Talos. The report’s authors wrote that although the group is "far from the most sophisticated" it has been very active and willing to "update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts."

The NSA exploits include EternalBlue, which attacks a vulnerability in Microsoft's Server Message Block (SMB) protocol. The researchers first became aware of Panda's cryptomining attacks in the summer of 2018 and have reported that over the past year they've seen daily activity in the organisation's honeypots.

https://searchsecurity.techtarget.com/news/252470925/Global-cryptomining-attacks-use-NSA-exploits-to-earn-Monero

If You Have a Smart TV or IoT Devices, Your Home is Leaking Data.

Researchers at Northeastern University and the Imperial College London have recently conducted a thorough analysis of 81 different IoT products to characterize what services they attempt to connect with, what communications can be inferred from these connections, and the degree of encryption used to protect customers. 72/81 devices have at least one destination that is not a first party (i.e., belonging to the device manufacturer), 56% of the US devices and 83.8% of the UK devices contact destinations outside their region, all devices expose information to eavesdroppers via at least one plaintext flow, and a passive eavesdropper can reliably infer user and device behavior from the traffic (encrypted or otherwise) of 30/81 devices.

More here: https://www.extremetech.com/electronics/298621-if-you-have-a-smart-tv-or-iot-devices-your-home-is-leaking-data?source=opera

Vulnerabilities in IoT Devices Have Doubled Since 2013

Sticking with IoT devices for a minute, a follow-up study into the security of IoT devices has revealed more than twice the number of vulnerabilities as were detected six years ago.

In the 2013 study, researchers at Independent Security Evaluators (ISE) highlighted 52 vulnerabilities across 13 SOHO wireless routers and network-attached storage (NAS) devices made by vendors including Asus and Belkin.

An examination of routers and NAS products by ISE published yesterday has flagged 125 common vulnerabilities or exposures (CVEs). The vulnerabilities captured by the new research could affect millions of IoT devices.

For their latest study, the researchers tested 13 contemporary IoT devices created by a range of manufacturers. Modern versions of several devices tested in the original 2013 study were also studied to determine whether manufacturers had upped their security game.

The reported results were fairly disappointing, with researchers able to obtain remote root-level access to 12 of the 13 devices tested. Among the weaknesses identified were buffer overflow issues, command injection security flaws, and cross-site scripting (XSS) errors.

Read the original article here: https://www.infosecurity-magazine.com/news/vulnerabilities-in-iot-devices/

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix.

Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach.

Other findings revealed by the research include:

·         56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine who was at fault.

·         31% of organizations would consider moving data back on premises due to concerns about security, reliability and performance, and high costs.

·         Interest in broader cloud adoption has faded in the financial sector since last year. The number of organizations ready to adopt a cloud-first approach dropped by 16% and the number eager to move their entire infrastructure to the cloud fell by 12%.

https://www.helpnetsecurity.com/2019/09/20/financial-industry-cloud/

Most Small to Medium Sized Business Cyber Attacks Focus on Just Three TCP Ports

Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.

A report from threat intelligence and defence company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.

According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).

Alert Logic says that these appear in 65% of the incidents, and it makes sense since they need to be open for communication, be it secured or plain text.

As basic guidance, security across all network ports should include defence-in-depth. Ports that are not in use should be closed and organisations should install a firewall on every host as well as monitor and filter port traffic. Regular port scans and penetration testing are also best practices to help ensure there are no unchecked vulnerabilities.

Standard recommendations to reduce potential risk from these ports is to maintain up-to-date and hardened devices, software or services that rely on these ports in order to close attack avenues.

https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/

Facebook announced on Friday that it suspended tens of thousands of apps amid privacy investigation in the wake of the Cambridge Analytica scandal.

The tens of thousands of apps Facebook has removed come from just 400 developers, Facebook said in its blogpost, and millions more have been investigated. The review is ongoing and comes from hundreds of contributors, including attorneys, external investigators, data scientists, engineers, policy specialists, and teams within Facebook, the company said.

https://www.theguardian.com/technology/2019/sep/20/facebook-app-suspension-privacy-cambridge-analytica

Why charities can’t afford to ignore the risk from malware

The world of cyber crime can seem murky and mysterious – cyber criminals are, after all, a faceless threat and charities are focused on the here and now, running their day to day operations and making a difference. But weapons such as malware are indiscriminate, and anyone can be stung. A new article from charitydigitalnews.co.uk aims to shed some light on the world of malware, with help from cyber security experts Avast in the form of a useful Q&A. The site has some other useful resources for charities and non-profits.

https://www.charitydigitalnews.co.uk/2019/09/16/cyber-security-faq-why-charities-cant-afford-to-ignore-the-risk-from-malware/

Black Arrow Cyber Consulting have a number of hours of free consulting time that charities and non-profits can apply to use.

Tools, tips and resources from around the web

How to encrypt and secure a website using HTTPS

The web is moving to HTTPS. SearchSecurity have released a guide to help firms find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data.

More info can be found here: https://searchsecurity.techtarget.com/tip/How-to-encrypt-and-secure-a-website-using-HTTPS

Ransomware: 11 steps you should take to protect against disaster

Falling victim to ransomware could put your vital business or personal data at risk of being lost forever. ZDNet have put together a list of steps that can help bolster your defences.

Read the article for the full list but the usual rules apply; user education and awareness, good patch management and ensuring you have good online and offline backups such that you can recover your data if the worst was to happen.

https://www.zdnet.com/article/ransomware-11-steps-you-should-take-to-protect-against-disaster/