Weekly Security Roundup #53: There’s a Scam for That
Cyber criminals have more resources and creativity than you’d imagine
It’s been a tumultuous week for cyber security professionals. Between a large array of scams and the TalkTalk breach, the same key subjects are touched on again and again:
- password security
- software patching
- cyber security education, even in its most basic form.
We’ve shown how trusted brands, such as IKEA, are being used in spam campaigns to trick victims into opening malware-laden attachments. The same type of attack impersonated Booking.com, and it’s likely that these type of threats will continue to multiply.
This waves of spoofing attacks have determined Google to take Gmail and move it to the strictest DMARC implementation available, in order to keep its users protected from spoofing and spam attacks.
Dridex is active again and it seems like everyone’s had enough of it, but that doesn’t mean that it’s not pilfering unsuspecting users as you’re reading this.
In this context, corporate cyber security may sound like a nightmare to deal with (and we’re not saying it’s not). This is why our CEO, Morten Kjaersgaard, shared some thoughts on a matrix that can help prioritize tasks and investments in cyber security tools. It could really help CIOs and CISOs in need.
Let’s review the weekly security roundup to see the must-read news that could help us all be a bit more savvy about our online protection.
Security articles of the week
1. Updates on the TalkTalk breach
The case of one of the biggest data breaches recorded this year has escalated rather quickly. There have been extortion attempts, a teenager was arrested for alleged involvement in the attack, and cyber security specialists discussed the worrying fact that this was the third attack on the British company in the past 12 months.
But are companies like this one just hiding behind implausible excuses? John E. Dunn seems to believe so.
2. Spam and malware go hand in hand
Spam used to be rather harmless back in the day, but now it comes with attachments that trigger serious malware infections or malicious links that can compromise your system in a matter of seconds. Take this example of a campaign that impersonated UK policemen or this one that targeted website owners with fake suspension notices.
3. Cyber crime and politics often mix
We’d certainly not want this to be so, but cyber criminals and politics never could stay apart when it comes to malicious activity. Such is the case of the Russian cyber spies who targeted the MH17 crash investigation and attempted to compromise the data used in it.
4. Serious lack of basic cyber security awareness
Pluging a USB stick you found on the street in your work laptop could have potential disastrous consequences. This may sound obvious to you, but it turns out that it’s not as evident for everyone. A recent social experiment unveiled some unnerving facts.
5. New online habits, new scams
“There’s a scam for that” is the new “there’s an app for that”. Lured in by free wine offerings? Get some malware instead. If it’s too good to be true, it most certainly is a trap.
It does not look good. But do see for yourself.
It may sound safer than carrying it around with you, but this real life example will prove you wrong.
We know it needs to be done, but how? This article offers a perspective on where we could start. And we have to start. As soon as possible.
Ransomware is such a scary threat that even impersonating is has started to become effective. Attackers have been threatening porn websites’ users recently, tricking them to pay hefty sums through scareware in their browser. More than 50 countries have already been affected.
It’s not too early to start pondering on what next year may look like in terms of cyber security. We already singled out trends like ransomware, mobile malware and hacktivism, but we have to be prepared for anything and continue to work to reduce vulnerabilities that attackers can exploit.
We might reach a point where there are so many types of malware that there’s a different variant to target a user according to his deepest vulnerabilities. It’s already happening, but we’re not helpless against the bad guys.
A little can go a long way in terms of educating ourselves and those around us to adopt some basic online security habits. You can even learn all about them for free!