This Week in Security News - Dec. 11, 2020
Trend Micro Releases 2021 Security Predictions and FBI Warns of New Coronavirus Email Auto-Forwarding Scam
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s predictions that security professionals and decision-makers should keep an eye out for in the coming year. Also, read about how scammers are exploiting auto-forwarding rules to boost the success rate of Business Email Compromise (BEC) attacks.
Read on:
Top 20 Predictions of How AI Is Going to Improve Cybersecurity in 2021
Cybercriminals capitalized on the chaotic year by attempting to breach a record number of enterprise systems in many industries. AI and machine learning-based cybersecurity platforms combined with human expertise make it more challenging for attackers to succeed in their efforts. In 2021, cybersecurity vendors will accelerate AI and machine learning app development to combine human and machine insights to out-innovate attackers’ intent on escalating an AI-based arms race.
Takeaways from Trend Micro's 2021 Security Predictions
In response to the COVID-19 pandemic, organizations have had to rethink their operational and security processes, from everyday business functions and cloud migrations to teleworking support. These, along with constant security risks, have not only challenged organizations in 2020 but also raised concerns regarding readiness for disruption. In this blog, learn key predictions that security professionals and decision-makers should keep an eye out for in the coming year.
Scammers Step Up Efforts to Target Older Americans During Pandemic
Older adults have faced a barrage of online scams during the COVID-19 pandemic, with the upcoming holiday season and increased consumer spending likely to intensify the problem. Older people have long been viewed as easy targets by malicious actors looking to make money and have increasingly become victims of scams aimed at everything from COVID-19 stimulus checks to other financial information.
More holiday shopping is happening online this year due to the pandemic. This sparked some curiosity as to whether the rate of phishing would increase proportionally with the growth rate of e-commerce. In this blog, Greg Young, vice president of cybersecurity at Trend Micro, takes a data deep dive to come up with some answers.
Investigating the Gootkit Loader
Trend Micro recently noticed an increase in the number of Gootkit cases targeting users in Germany. Upon investigation, Trend Micro found that the Gootkit loader was now capable of sophisticated behavior that enabled it to surreptitiously load itself onto an affected system and make analysis and detection more difficult. This capability was used to deploy a DLL file.
FBI Warns of New Coronavirus Email Auto-Forwarding Scam
Scammers are exploiting auto-forwarding rules to boost the success rate of Business Email Compromise (BEC) attacks, the FBI said in a statement. This allows cybercriminals to better conceal their scamming activities, and scammers are doing this as the COVID-19 pandemic necessitates more telework, another factor increasing the likelihood of success.
SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks
While tracking the activities of the SideWinder group, Trend Micro identified a server used to deliver a malicious LNK file and host multiple credential phishing pages. These pages were copied from their victims’ webmail login pages and subsequently modified for phishing. Trend Micro also believes further activities are propagated via spear-phishing attacks.
Cybersecurity Regulation and Litigation: the 800 Pound Gorilla in the Boardroom
Bob Zukis, CEO of Digital Directors Network, recently talked with Chris Hetner, former SEC Senior Cybersecurity Advisor to the Chairman of The United States Securities and Exchange Commission, on the changing regulatory landscape when it comes to cybersecurity.
December Patch Tuesday Fixes Exchange, SMB
The last set of updates for 2020 includes 58 patches for the Microsoft Office suite. Of the total number, nine have been rated Critical and 46 as Important. A significant number of updates fixes gaps in MS Exchange vulnerable to remote code execution (RCE) and information disclosure, as well as a server message block (SMB) gap also noted for the latter vulnerability.
Ransomware Gangs are Now Cold-Calling Victims if They Restore from Backups Without Paying
In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands. Ransomware groups caught calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, according to a spokesperson for cybersecurity firm Emsisoft.
A Security Guide to IoT-Cloud Convergence
The integration of the Internet of Things (IoT) and cloud computing—as prominently manifested in the profusion of cloud services that power the IoT, collectively known as the IoT cloud—poses a new frontier for how industries are run. However, it is important not to overlook their respective security risks and the implications of these risks when the two technologies converge.
Russian Sentenced to French Prison for Bitcoin Laundering
Alexander Vinnik, a Russian bitcoin expert at the center of a multi-country legal tussle, was sentenced in Paris on Monday to five years in prison for money laundering and ordered to pay 100,000 euros (more than $120,000) in fines in a case of suspected cryptocurrency fraud. A court acquitted Vinnik of charges of extortion and association with a criminal enterprise, according to his lawyers.
Advocates for Highway and Auto Safety Issue Tenets to Guide Federal Legislation
The Advocates for Highway and Auto Safety recently released the Autonomous Vehicle (AV) Tenets. The Tenets have four categories: prioritizing the safety of all road users, guaranteeing accessibility for all, preserving consumer and worker rights, and ensuring local control and sustainable transportation. These serve as a guide for federal legislation and policy on the development and deployment of AVs.
7 In-Demand Tech Skills to Master in 2021
Now that companies are moving beyond the basics of artificial intelligence, IT leaders are looking for people with experience in integrating artificial intelligence (AI) with other technologies such as automation. In this article, Jon Clay, director of global threat communications at Trend Micro, shares his thoughts on security skills needed for the cloud in 2021.
Which technology skills do you think will be in high demand in 2021? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.