Cyber Security Update April 2021 | SoftwareONE Blog

April 2021

Cyber Security Update

Cyber Security Update April 2021

  • 05 juli 2021
  • 4 Minuters läsning

SoftwareONE believes there is a need for additional information when it comes to cybersecurity, as organizations have made it clear that investment in a proper security strategy is paramount. SoftwareONE’s monthly Cyber Security Update provides information on the most recent threats, the latest breaches and how to react to them in order to stay on top of malware and ransomware threats.

Latest Security Breaches

Facebook´s data breach lifted personal data of 533 million users.

Stolen account information of 21 million customers from ParkMobile, a mobile parking app that’s popular in North America, found in cybercrime forum.

Computer giant Acer hit by $50 million ransomware attack.

Swinburne University in Australia confirms over 5,000 individuals affected in data breach.

1 million credit card details, names, and phone numbers of customers and employees leaked at Domino's India data breach.

Kia Motors America suffers a $20 million suspected DoppelPaymer ransomware attack.

Cybersecurity Awareness

Bank scams targeting mobile users are on the rise as customers turn to banking on their smartphones.

The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity and to battle ransomware attacks.

Data extortion attempts now occur in 77 percent of all ransomware attacks. Coveware data also showed the average ransom payment rose 43 percent, from $154,108 to $220,298.

Mount Locker ransomware changes tactics. The ransomware is increasing its aggressiveness with new features while rebranding to "AstroLocker”

Foreign spies are using LinkedIn to steal secrets. As many as 10,000 Brits have been targeted, including security and military officials, civil servants, defense contractors and pharmaceutical industry experts.

Cybersecurity Intelligence

New UK survey revealed an almost 20% increase in corporate security breaches since business owners and employees have been forced to leave the office environment and switch to working from home (WFH) full time.

Advanced Persistent Threat (APT) actors exploit vulnerabilities to gain initial access for future attacks at multiple government, commercial, and technology services networks.

Mamba ransomware weaponizes DiskCryptor – an open-source full disk encryption software – to restrict victim access by encrypting an entire drive, including the operating system.

The FBI conducted a court-authorized operation to remove hundreds of malicious web shells from vulnerable servers in the United States in response to the widespread exploitation of critical Microsoft Exchange Server (MES) vulnerabilities by malicious cyber actors.

After fraudsters repeatedly stole drivers’ license numbers from a database maintained by Geico, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data.

Hot Topic of the Month

Watch out for these 7 new Social Engineering Tactics

It’s been a prime time for social engineering to go on the rise. Pandemic panic, desperation as income concerns grew, and worry over health and wellness made it easier for criminals to tap into fear. Social engineering, of course, means attacking the user rather than the computing system itself, trying to extract information or incite an action that will lead to compromise.

The latest Facebook data breach is a good example to explain the risks for social engineering. The leaked data contains exactly the sort of personally identifiable information that bad actors like to use in social engineering attacks, or to perpetrate identity theft. In addition, the combination of Facebook IDs and associated email addresses could result in bad actors attempting to hack into user’s Facebook accounts directly. If successful, this could lead to further compromise, or be used to send out scam messages to contacts.

Security pros know that the packaging matters, and a familiar attack may slip through defenses in an unfamiliar guise. That´s why we'd like to make you aware of some tactics social engineering experts say are on the rise in 2021:

  1. Malicious QR codes
  2. Browser notification hijacks
  3. Collaboration scams
  4. Supply chain partner impersonations
  5. Deepfake recordings
  6. Text fraud
  7. Typosquatting or lookalike domains

The idea behind the effectiveness of social engineering techniques is that people are the weakest link in any security system. Studies have shown that a third of all IT infrastructure incidents in companies are caused by phishing and other social engineering attacks. Up to 90% of businesses that have experienced data breaches on public cloud infrastructures say that some form of social engineering was involved in the breach. The best way to stay ahead of business risks and threats is to train your entire staff in cybersecurity awareness. SoftwareONE´s Cybersecurity User Awareness trainings close the knowledge gap of your workforce and increase the resilience and security of your organization.

Protect Your Business Against Social Engineering Threats

Let us help you train your employees to gain an awareness of cyber threats and the potential impact a cyberattack will have on your business as well as the steps required to reduce risk and prevent cybercrime.

Contact us today
  • Cybersäkerhet

Kommentera denna artikel.

Vad tycker du? Dela gärna med dig av tankar kring ämnet eller den specifika artikeln.

Skriv här

Relaterade artiklar