Cyber Security Update May 2022

May 2022

Cyber Security Update

Cyber Security Update May 2022

  • 01 julio 2022
  • 3.9 minutos para leer

SoftwareONE believes there is a need for additional information when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest Security Breaches

Telecommunications giant Verizon has confirmed that its internal systems were compromised by a hacker who stole employee information. The hacker claims to have accessed the Verizon database by posing as IT support and persuading an employee to provide remote access to their computer.

More than 23 million files, totaling 6.5 GB of data, were left unprotected when Turkish airline Pegasus failed to properly configure its cloud storage infrastructure. A misconfigured bucket on AWS exposed information that was stored in its aircraft navigation software.

The personal details of around 3.6 million customers of South African pharmacy retailer Dis-Chem were exposed after hackers gained access to its database.

The personal details of over 200,000 injured workers in Australia were also exposed after Australian state insurance company icare mistakenly sent spreadsheet attachments to the wrong email addresses.

Cybersecurity Awareness

The India-based GoodWill ransomware group is encrypting data and demanding its victims perform charitable deeds before allowing them to download a decryption tool. Demands include donating blankets to the homeless and feeding hungry children.

The growth of China’s digital economy is totally dependent on implementing competent cybersecurity and combating cyber-attacks, says the country’s top regulator, the Cybersecurity Administration at the Ministry of Industry and Information Technology.

In 2021, there were 3.5 million vacancies for qualified cybersecurity professionals globally – an increase of 350% compared to eight years earlier.

Cybersecurity Intelligence

Credit card details of online shoppers in the US were stolen by cyber criminals who injected malicious PHP: Hypertext Preprocessor (PHP) code into an online checkout page. The FBI warns that the attackers spoofed a credit card processing server.

The FBI has warned that security credentials such as privileged network access and user accounts from US universities and colleges have been advertised for sale on criminal marketplaces and publicly accessible forums.

Multiple US government agencies have issued warnings about an organization known as the Karakurt data extortion group, which targets businesses and individuals with ransomware attacks and demands payment in cryptocurrency.

Hot Topic of the Month

Phishing Techniques Become More Ruthless and Sophisticated

Phishing emails have been a nuisance for more than 20 years – scammers send emails that seem like they are from a reputable organization in the hope that the victim will click on an embedded link that will either compromise their system with malware, or take them to a fake website where they will be asked to enter confidential information such as passwords or credit card details.

Here are four examples of recent phishing attacks where cybercriminals have developed ever more ruthless and sophisticated techniques in an attempt to avoid detection by both humans and security software:

  1. Targeting COVID Loan Applicants: Taking advantage of applications for federal aid during the COVID-19 pandemic, scammers have been sending emails that impersonate the Small Business Administration (SBA) to trick loan applicants into revealing their personal details. The phishing emails accurately mimic the SBA’s email domain.
  2. The Invisible Ink Technique: Phishing emails have been discovered that use invisible characters to try to confuse secure email gateways. The exploit takes advantage of how security software parses text to give the email a better chance of making it into user inboxes.
  3. ‘You’re Fired’ Zoom Invitations: Preying on an emotional response, scammers have been sending fake Zoom invitations to purportedly urgent meetings to discuss the termination or suspension of employment. The fake meeting is scheduled within a few minutes, so the recipient doesn’t have much time to think. The link inevitably takes them to a fake Zoom page and steals the victim’s credentials.
  4. Fake Excel Attachment to Avoid Detection: This attack involves attaching an HTML file to an email that claims to contain invoices or other financial transactions. The scam email attempts to avoid detection by using encryption. If an unsuspecting user opens the attachment, they are taken to a fake Microsoft 365 website that prompts them for their login credentials.

Beware of Common Phishing Attacks

Learn more about the most common types of phishing attacks and how to identify them.

Read more
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Seguridad de datos, Seguridad, Secuestro de datos

Comenta este artículo

¡Deja un comentario para hacernos saber lo que piensas sobre este tema!

Deja un comentario

Artículos relacionados

Getting Started with a Cyber Security
  • 12 julio 2022
  • Managed Security, Cybersecurity User Awareness, cloud-security, Cybersecurity, Digital Transformation
  • Ciberamenazas, Cyber Attack

Introducción a la ciberseguridad: Ciclo y tipos de ataques

Las organizaciones de beneficencia y sin fines de lucro escuchan hablar mucho acerca de la seguridad. Volvamos a lo básico. Este primer artículo describe el ciclo de los ataques y cómo se producen.

Automation: Cybersecurity’s Friend and Enemy

La automatización: Aliada y enemiga de la ciberseguridad

¿Ha integrado la automatización en su estrategia de seguridad? Continúe leyendo para ver nuestro análisis de los pros y los contras de una defensa de ciberseguridad automatizada.

DDoS Threats Are Back
  • 02 junio 2022
  • Cybersecurity, Cybersecurity User Awareness
  • Ciberamenazas

Vuelven las amenazas DDoS

Al comprender cómo funcionan los ataques DDoS y cómo pueden afectar las operaciones empresariales, las organizaciones pueden mitigar los riesgos de forma más eficaz. Más información.